ResourceQuota object definition involves limits keys with dots and there is issue to get the value of the limits:
policy.rego
package main
deny_incorrect_memory_unit[msg] {
input.kind == "ResourceQuota"
memoryLimit := input.spec.hard.limits.memory
not regex.match("^[0-9]+M$", memoryLimit)
msg := sprintf("%s: Incorrect value %s. Memory Limit in ResourceQuota must be defined in Megabytes (M) unit", [input.metadata.namespace, memoryLimit])
}
In above example test finishes with success, despite of wrong unit in limits.memory
After replacing yaml file to the below structure (which are not supported by k8s) test finish with expected result - failure:
ResourceQuota object definition involves limits keys with dots and there is issue to get the value of the limits:
policy.rego
resource-quota.yaml
In above example test finishes with success, despite of wrong unit in
limits.memory
After replacing yaml file to the below structure (which are not supported by k8s) test finish with expected result - failure:Tested on version
0.32.0
and0.50.0