feat: init commit

crates/burrego/examples/opa/utility/README.md

@@ -0,0 +1,12 @@
+# Open Policy Agent utility
+
+This folder contains the entry point for Open Policy Agent policies.
+
+Since Open Policy Agent policies have to produce an `AdmissionReview`
+object, this utility library contains the Rego entry point that
+generates such `AdmissionReview`, based on whether the `deny` query
+inside the package `kubernetes.admission` (defined by the policy
+itself) is evaluated to `true`.
+
+If `deny` evaluates to true, the produced `AdmissionReview` will
+reject the request. Otherwise, it will be accepted.

crates/burrego/examples/opa/utility/policy.rego

@@ -0,0 +1,23 @@
+package policy
+
+import data.kubernetes.admission
+
+main = {
+	"apiVersion": "admission.k8s.io/v1",
+	"kind": "AdmissionReview",
+	"response": response,
+}
+
+response = {
+	"uid": input.request.uid,
+	"allowed": false,
+	"status": {"message": reason},
+} {
+	reason = concat(", ", admission.deny)
+	reason != ""
+} else = {
+	"uid": input.request.uid,
+	"allowed": true,
+} {
+	true
+}