kind: ConfigMap apiVersion: v1 metadata: name: library-k8s-helpers namespace: opa labels: app: opa owner: jimmy openpolicyagent.org/policy: rego data: main: | package lib.k8s.helpers allowed_operations = allowed_ops { allowed_ops := {"CREATE", "UPDATE"} } request_operation = op { op := input.request.operation } request_metadata_labels = labels { labels := input.request.object.metadata.labels } request_spec_template_metadata_labels = labels { labels := input.request.object.spec.template.metadata.labels } deployment_error = e { e := "DEPLOYMENT_INVALID" } deployment_containers = c { c := input.request.object.spec.template.spec.containers } required_deployment_labels = l { l := {"app", "owner"} } deployment_role = dr { dr := input.request.object.spec.template.metadata.annotations["iam.amazonaws.com/role"] } request_id = value { value := sprintf("%v/%v/%v", [ request_namespace, request_name, request_kind ]) } request_name = value { value := input.request.object.metadata.name } else = value { value := "NOT_FOUND" } request_namespace = value { value := input.request.object.metadata.namespace } else = value { value := "NOT_FOUND" } request_kind = value { value := input.request.kind.kind } else = value { value := "NOT_FOUND" }