Merge pull request #23 from utilitywarehouse/gatekeeper-allow-delete

ribbybibby · web-flow · commit ec4c44832eaf · 2021-05-07T16:06:49.000+01:00
gatekeeper: allow DELETE no matter what
diff --git a/gatekeeper/semaphore-mirror-name-length/src.rego b/gatekeeper/semaphore-mirror-name-length/src.rego
@@ -4,6 +4,8 @@ package semaphoremirrornamelength
 name_fmt := "%s-%s-73736d-%s"
 
 violation[{"msg": msg}] {
+  input.review.operation != "DELETE"
+
   prefix := input.parameters.prefixes[_]
   name := input.review.object.metadata.name
   namespace := input.review.object.metadata.namespace
diff --git a/gatekeeper/semaphore-mirror-name-length/src_test.rego b/gatekeeper/semaphore-mirror-name-length/src_test.rego
@@ -3,7 +3,7 @@ package semaphoremirrornamelength
 test_ok {
   results := violation with input as {
     "parameters": {"prefixes": ["merit", "aws", "gcp"]},
-    "review": {"object": {"metadata": {
+    "review": {"operation": "CREATE", "object": {"metadata": {
       "name": "example",
       "namespace": "example-ns",
     }}},
@@ -12,10 +12,22 @@ test_ok {
   count(results) == 0
 }
 
+test_ok_delete {
+  results := violation with input as {
+    "parameters": {"prefixes": ["merit"]},
+    "review": {"operation": "DELETE", "object": {"metadata": {
+      "name": "this-name-is-far-too-long",
+      "namespace": "this-namespace-is-also-too-long",
+    }}},
+  }
+
+  count(results) == 0
+}
+
 test_violation {
   results := violation with input as {
     "parameters": {"prefixes": ["merit"]},
-    "review": {"object": {"metadata": {
+    "review": {"operation": "CREATE", "object": {"metadata": {
       "name": "this-name-is-far-too-long",
       "namespace": "this-namespace-is-also-too-long",
     }}},
@@ -29,7 +41,7 @@ test_violation {
 test_violation_with_longest_prefix {
   results := violation with input as {
     "parameters": {"prefixes": ["merit", "aws", "gcp"]},
-    "review": {"object": {"metadata": {
+    "review": {"operation": "CREATE", "object": {"metadata": {
       "name": "too-long-with-merit-but-not-other-prefix",
       "namespace": "example-ns",
     }}},
diff --git a/gatekeeper/semaphore-mirror-name-length/template.yaml b/gatekeeper/semaphore-mirror-name-length/template.yaml
@@ -24,6 +24,8 @@ spec:
         name_fmt := "%s-%s-73736d-%s"
 
         violation[{"msg": msg}] {
+          input.review.operation != "DELETE"
+
           prefix := input.parameters.prefixes[_]
           name := input.review.object.metadata.name
           namespace := input.review.object.metadata.namespace
