package bluejayinfra.statefulset_volumeclaim_defaults

deny[msg] {
  input.kind == "StatefulSet"
  count(object.get(input.spec, "volumeClaimTemplates", [])) > 0
  object.get(input.spec, "podManagementPolicy", "") == ""
  msg := sprintf("StatefulSet %s/%s is missing spec.podManagementPolicy", [input.metadata.namespace, input.metadata.name])
}

deny[msg] {
  input.kind == "StatefulSet"
  count(object.get(input.spec, "volumeClaimTemplates", [])) > 0
  object.get(input.spec, "revisionHistoryLimit", 0) == 0
  msg := sprintf("StatefulSet %s/%s is missing spec.revisionHistoryLimit", [input.metadata.namespace, input.metadata.name])
}

deny[msg] {
  input.kind == "StatefulSet"
  claim := input.spec.volumeClaimTemplates[_]
  object.get(claim.spec, "volumeMode", "") != "Filesystem"
  claim_name := object.get(claim.metadata, "name", "<unnamed>")
  msg := sprintf("StatefulSet %s/%s volumeClaimTemplate %s is missing volumeMode: Filesystem", [input.metadata.namespace, input.metadata.name, claim_name])
}