-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy pathvalidate-xqueue-fields.yaml
More file actions
57 lines (55 loc) · 1.71 KB
/
validate-xqueue-fields.yaml
File metadata and controls
57 lines (55 loc) · 1.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: validate-xqueue-fields
spec:
validationFailureAction: Enforce
background: true
rules:
- name: deny-invalid-location
match:
resources:
kinds:
- platform.hooli.tech/v1alpha1/XQueueClaim
validate:
message: "Invalid location: only 'EU' or 'US' are allowed in spec.location"
deny:
conditions:
all:
- key: "{{ request.object.spec.location }}"
operator: AllNotIn
value:
- "EU"
- "US"
- name: deny-invalid-max-message-size
match:
resources:
kinds:
- platform.hooli.tech/v1alpha1/XQueueClaim
validate:
message: "Invalid maxMessageSize: must be between 1024 and 262144 (bytes)"
deny:
conditions:
any:
- key: "{{ request.object.spec.maxMessageSize }}"
operator: GreaterThan
value: 262144
- key: "{{ request.object.spec.maxMessageSize }}"
operator: LessThan
value: 1024
- name: deny-invalid-visibility-timeout
match:
resources:
kinds:
- platform.hooli.tech/v1alpha1/XQueueClaim
validate:
message: "Invalid visibilityTimeoutSeconds: must be between 0 and 43200 (seconds)"
deny:
conditions:
any:
- key: "{{ request.object.spec.visibilityTimeoutSeconds }}"
operator: GreaterThan
value: 43200
- key: "{{ request.object.spec.visibilityTimeoutSeconds }}"
operator: LessThan
value: 0