-
Notifications
You must be signed in to change notification settings - Fork 1
/
policy_test.rego
85 lines (80 loc) · 1.49 KB
/
policy_test.rego
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package k8suniqueingresshost
review_ingress_unique = {
"review": {
"kind": {
"group": "networking.k8s.io",
"version": "v1",
"kind": "Ingress"
},
"object": {
"metadata": {
"namespace": "default",
"name": "test",
},
"spec": {
"rules": [
{
"host": "esempio.it"
}
]
}
}
}
}
review_ingress_duplicate = {
"review": {
"kind": {
"group": "networking.k8s.io",
"kind": "Ingress",
"version": "v1"
},
"object": {
"metadata": {
"namespace": "default",
"name": "test",
},
"spec": {
"rules": [
{
"host": "example.com"
}
]
}
}
}
}
inventory = {
"namespace": {
"tenant-a": {
"networking.k8s.io/v1": {
"Ingress": {
"tenant-a-ingress": {
"metadata": {
"name": "tenant-a-ingress",
"namespace": "tenant-a"
},
"spec": {
"rules": [
{
"host": "example.com"
}
]
}
}
}
}
}
}
}
test_accept {
r = review_ingress_unique
res = violation with input as r
with data.inventory as inventory
count(res) = 0
}
test_reject {
r = review_ingress_duplicate
res = violation with input as r
with data.inventory as inventory
count(res) = 1
}