feat: init commit

2023-01-17 22:45:23 +08:00
commit 94130c107c
72 changed files with 7568 additions and 0 deletions
--- a/crates/burrego/examples/gatekeeper/Makefile
+++ b/crates/burrego/examples/gatekeeper/Makefile
@@ -0,0 +1,12 @@
+SOURCES=$(shell find . -name "*.rego")
+OBJECTS=$(SOURCES:%.rego=%.wasm)
+
+all: $(OBJECTS)
+
+%.wasm: %.rego
+	opa build -t wasm -e policy/violation -o $*.tar.gz $<
+	tar -xf $*.tar.gz --transform "s|policy.wasm|$*.wasm|" /policy.wasm
+	rm $*.tar.gz
+
+clean:
+	rm -f *.wasm *.tar.gz
--- a/crates/burrego/examples/gatekeeper/accept-in-namespaces.rego
+++ b/crates/burrego/examples/gatekeeper/accept-in-namespaces.rego
@@ -0,0 +1,8 @@
+package policy
+
+violation[{"msg": msg}] {
+	object_namespace := input.review.object.metadata.namespace
+	satisfied := [allowed_namespace | namespace = input.parameters.allowed_namespaces[_]; allowed_namespace = object_namespace == namespace]
+	not any(satisfied)
+	msg := sprintf("object created under an invalid namespace %s; allowed namespaces are %v", [object_namespace, input.parameters.allowed_namespaces])
+}
--- a/crates/burrego/examples/gatekeeper/always-accept.rego
+++ b/crates/burrego/examples/gatekeeper/always-accept.rego
@@ -0,0 +1,6 @@
+package policy
+
+violation[{"msg": msg}] {
+	false
+	msg := ""
+}
--- a/crates/burrego/examples/gatekeeper/always-reject.rego
+++ b/crates/burrego/examples/gatekeeper/always-reject.rego
@@ -0,0 +1,5 @@
+package policy
+
+violation[{"msg": msg}] {
+	msg := "this is not allowed"
+}