bluejay-infra/tests/bluejay-infra-lint/conftest.dev/01_cross_namespace_ingressroute.rego

package bluejayinfra.cross_namespace_ingressroute

deny[msg] {
  input.kind == "IngressRoute"
  ns := object.get(input.metadata, "namespace", "")
  route := input.spec.routes[_]
  service := route.services[_]
  svc_ns := object.get(service, "namespace", "")
  svc_ns != ""
  svc_ns != ns
  msg := sprintf("IngressRoute %s/%s references Service %s in namespace %s", [ns, input.metadata.name, service.name, svc_ns])
}