gitops-tbrnt/_test/policies/deployment.rego

package main

warn[msg] {
  input.kind = "Deployment"
  not input.spec.template.spec.securityContext.runAsNonRoot = true
  msg = "Containers must not run as root"
}

warn[msg] {
  input.kind = "Deployment"
  not input.spec.selector.matchLabels.app
  msg = "Containers must provide app label for pod selectors"
}
enhance conftest - mirror rego 2020-05-04 19:03:53 +00:00			`package main`

only warn for some policies 2020-05-04 19:15:38 +00:00			`warn[msg] {`
enhance conftest - mirror rego 2020-05-04 19:03:53 +00:00			`input.kind = "Deployment"`
			`not input.spec.template.spec.securityContext.runAsNonRoot = true`
			`msg = "Containers must not run as root"`
			`}`

only warn for some policies 2020-05-04 19:15:38 +00:00			`warn[msg] {`
enhance conftest - mirror rego 2020-05-04 19:03:53 +00:00			`input.kind = "Deployment"`
			`not input.spec.selector.matchLabels.app`
			`msg = "Containers must provide app label for pod selectors"`
			`}`