PR review fix

awslabs · Jun 28, 2024 · c8a4c51 · c8a4c51
1 parent d23742a
commit c8a4c51
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 5 deletions.
diff --git a/examples/gatekeeper/required-tags/samples/constraint.yaml b/examples/gatekeeper/required-tags/samples/constraint.yaml
@@ -8,4 +8,4 @@ spec:
       - apiGroups: ["dynamodb.aws.upbound.io"]
         kinds: ["Table"]
   parameters:
-    tag: "owner"
+    tags: ["owner"]
diff --git a/examples/gatekeeper/required-tags/template.yaml b/examples/gatekeeper/required-tags/template.yaml
@@ -11,15 +11,19 @@ spec:
         openAPIV3Schema:
           type: object
           properties:
-            tag:
-              type: string
+            tags:
+              type: array
+              items:
+                type: string
   targets:
     - target: admission.k8s.gatekeeper.sh
       rego: |
         package awsrequiredtags
         
         violation[{"msg": msg}] {
           input.review.kind.group == "dynamodb.aws.upbound.io"
-          not input.review.object.spec.forProvider.tags[input.parameters.tag]
-          msg := sprintf("Attempting to provision a resource without the required tag '%v'", [input.parameters.tag])
+          some i
+          required_tag := input.parameters.tags[i]
+          not input.review.object.spec.forProvider.tags[required_tag]
+          msg := sprintf("Attempting to provision a resource without the required tag '%v'", [required_tag])
         }