feat(K8S-04): mark ComputeClass as cluster-scoped resource

Dieter Bocklandt · Dieter Bocklandt · commit f72e8095a637 · 2025-06-10T11:05:26.000+02:00
diff --git a/policy/kubernetes/deny_default_namespace.rego b/policy/kubernetes/deny_default_namespace.rego
@@ -43,6 +43,7 @@ deny_default_namespace contains msg if {
 		is_mutatingwebhookconfig,
 		is_podsecuritypolicy,
 		is_validatingwebhookconfig,
+		is_computeclass,
 	]
 
 	not valid_namespace
diff --git a/policy/kubernetes/deny_default_namespace_test.rego b/policy/kubernetes/deny_default_namespace_test.rego
@@ -49,4 +49,7 @@ test_allow_non_namespaced_kinds if {
 
 	validatingwebhookconfig := {"kind": "ValidatingWebhookConfiguration", "metadata": {"name": "test"}}
 	t.no_errors(deny_default_namespace) with input as validatingwebhookconfig
+
+	computeclass := {"kind": "ComputeClass", "metadata": {"name": "test"}}
+	t.no_errors(deny_default_namespace) with input as computeclass
 }
diff --git a/policy/kubernetes/kubernetes.rego b/policy/kubernetes/kubernetes.rego
@@ -49,6 +49,8 @@ is_mutatingwebhookconfig := kind == "MutatingWebhookConfiguration"
 
 is_validatingwebhookconfig := kind == "ValidatingWebhookConfiguration"
 
+is_computeclass := kind == "ComputeClass"
+
 is_job if {
 	true in [kind == "CronJob", kind == "Job"]
 }

Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,7 @@ deny_default_namespace contains msg if {`
`43`	`43`	`is_mutatingwebhookconfig,`
`44`	`44`	`is_podsecuritypolicy,`
`45`	`45`	`is_validatingwebhookconfig,`
	`46`	`+ is_computeclass,`
`46`	`47`	`]`
`47`	`48`
`48`	`49`	`not valid_namespace`
Original file line number	Diff line number	Diff line change
`@@ -49,4 +49,7 @@ test_allow_non_namespaced_kinds if {`
`49`	`49`
`50`	`50`	`validatingwebhookconfig := {"kind": "ValidatingWebhookConfiguration", "metadata": {"name": "test"}}`
`51`	`51`	`t.no_errors(deny_default_namespace) with input as validatingwebhookconfig`
	`52`	`+`
	`53`	`+ computeclass := {"kind": "ComputeClass", "metadata": {"name": "test"}}`
	`54`	`+ t.no_errors(deny_default_namespace) with input as computeclass`
`52`	`55`	`}`
Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,8 @@ is_mutatingwebhookconfig := kind == "MutatingWebhookConfiguration"`
`49`	`49`
`50`	`50`	`is_validatingwebhookconfig := kind == "ValidatingWebhookConfiguration"`
`51`	`51`
	`52`	`+is_computeclass := kind == "ComputeClass"`
	`53`	`+`
`52`	`54`	`is_job if {`
`53`	`55`	`true in [kind == "CronJob", kind == "Job"]`
`54`	`56`	`}`