jmassardo/rego_testing4.rego

## rego_testing4.rego
enforce[decision] {
  not excludedNamespaces[input.request.namespace]
  data.library.v1.kubernetes.admission.workload.v1.block_privileged_mode[message]

  decision := {
    "allowed": false,
    "message": message
  }
}

enforce[decision] {
  data.library.v1.kubernetes.admission.audit.v1.require_auditsink[message]

  decision := {
    "allowed": false,
    "message": message
  }
}
	enforce[decision] {
	not excludedNamespaces[input.request.namespace]
	data.library.v1.kubernetes.admission.workload.v1.block_privileged_mode[message]

	decision := {
	"allowed": false,
	"message": message
	}
	}

	enforce[decision] {
	data.library.v1.kubernetes.admission.audit.v1.require_auditsink[message]

	decision := {
	"allowed": false,
	"message": message
	}
	}