fixup: convert tabs to spaces

viktor-f · viktor-f · commit e0b87d94804c · 2025-03-18T15:55:32.000+01:00
diff --git a/helmfile.d/charts/gatekeeper/templates/policies/restrict-pod-disruption-budgets.rego b/helmfile.d/charts/gatekeeper/templates/policies/restrict-pod-disruption-budgets.rego
@@ -5,11 +5,11 @@ violation[{"msg": msg}] {
     input.review.kind.kind == "PodDisruptionBudget"
     pdb := input.review.object
 
-	pdb.spec.maxUnavailable
+    pdb.spec.maxUnavailable
 
     not_valid_pdb_max_unavailable(pdb)
     # TODO update messages with link to public docs
-	msg := sprintf(
+    msg := sprintf(
     "PodDisruptionBudget rejected: PodDisruptionBudget <%v> has maxUnavailable of %v, only positive integers or percentages are allowed for maxUnavailable",
     [pdb.metadata.name, pdb.spec.maxUnavailable],
     )
@@ -20,17 +20,17 @@ violation[{"msg": msg}] {
     input.review.kind.kind == "PodDisruptionBudget"
     pdb := input.review.object
 
-	pdb.spec.minAvailable
+    pdb.spec.minAvailable
 
-	objs := [controllers | controllers := data.inventory.namespace[pdb.metadata.namespace]["apps/v1"][_]]
-	obj := objs[_][_]
+    objs := [controllers | controllers := data.inventory.namespace[pdb.metadata.namespace]["apps/v1"][_]]
+    obj := objs[_][_]
 
-	not mismatched_selector(pdb, obj)
+    not mismatched_selector(pdb, obj)
 
     not_valid_pdb_min_available(obj, pdb)
-	not replica_set_under_deployment(obj)
+    not replica_set_under_deployment(obj)
 
-	keys := [key | data.inventory.namespace[pdb.metadata.namespace]["apps/v1"][key]]
+    keys := [key | data.inventory.namespace[pdb.metadata.namespace]["apps/v1"][key]]
     msg := sprintf(
     "PodDisruptionBudget rejected: %v <%v> has %v replica(s) but PodDisruptionBudget <%v> has minAvailable of %v, minAvailable should always be lower than replica(s), and not used when replica(s) is set to 1.",
     [obj.kind, obj.metadata.name, obj.spec.replicas, pdb.metadata.name, pdb.spec.minAvailable],
@@ -39,15 +39,15 @@ violation[{"msg": msg}] {
 
 # Reject pod controller if connected PDBs maxUnavailable does not allow at least 1 pod disruption
 violation[{"msg": msg}] {
-	input.review.kind.kind == podControllerKinds[_]
+    input.review.kind.kind == podControllerKinds[_]
     obj := input.review.object
-	not replica_set_under_deployment(obj)
+    not replica_set_under_deployment(obj)
 
     pdb := data.inventory.namespace[obj.metadata.namespace]["policy/v1"].PodDisruptionBudget[_]
 
-	pdb.spec.maxUnavailable
+    pdb.spec.maxUnavailable
 
-	not mismatched_selector(pdb, obj)
+    not mismatched_selector(pdb, obj)
 
     not_valid_pdb_max_unavailable(pdb)
     msg := sprintf(
@@ -60,13 +60,13 @@ violation[{"msg": msg}] {
 violation[{"msg": msg}] {
     input.review.kind.kind == podControllerKinds[_]
     obj := input.review.object
-	not replica_set_under_deployment(obj)
+    not replica_set_under_deployment(obj)
 
     pdb := data.inventory.namespace[obj.metadata.namespace]["policy/v1"].PodDisruptionBudget[_]
 
-	pdb.spec.minAvailable
+    pdb.spec.minAvailable
 
-	not mismatched_selector(pdb, obj)
+    not mismatched_selector(pdb, obj)
 
     not_valid_pdb_min_available(obj, pdb)
     msg := sprintf(
@@ -77,32 +77,32 @@ violation[{"msg": msg}] {
 
 # The type of pod controller to validate
 podControllerKinds := [
-	"Deployment",
-	"StatefulSet",
-	"ReplicaSet",
-	"ReplicationController"
+    "Deployment",
+    "StatefulSet",
+    "ReplicaSet",
+    "ReplicationController"
 ]
 
 # Do not reject replicasets that are controlled by deployment, instead reject the deploymentd
 replica_set_under_deployment(obj) {
-	obj.kind == "ReplicaSet"
+    obj.kind == "ReplicaSet"
     count([i | obj.metadata.ownerReferences[i].kind == "Deployment"]) > 0
 }
 
 # Check minAvailable if it is integer
 not_valid_pdb_min_available(obj, pdb) {
-	not regex.match("^[0-9]+%$", pdb.spec.minAvailable)
+    not regex.match("^[0-9]+%$", pdb.spec.minAvailable)
     obj.spec.replicas <= pdb.spec.minAvailable
 }
 
 # Check minAvailable if it is percentage
 not_valid_pdb_min_available(obj, pdb) {
-	replicas := obj.spec.replicas
-	regex.match("^[0-9]+%$", pdb.spec.minAvailable)
+    replicas := obj.spec.replicas
+    regex.match("^[0-9]+%$", pdb.spec.minAvailable)
     percentage_num := to_number(replace(pdb.spec.minAvailable, "%", ""))
-	min_available := ceil((percentage_num/100)*replicas)
+    min_available := ceil((percentage_num/100)*replicas)
 
-	replicas <= min_available
+    replicas <= min_available
 }
 
 not_valid_pdb_max_unavailable(pdb) {
@@ -115,7 +115,7 @@ not_valid_pdb_max_unavailable(pdb) {
 
 # Check one podDisruptionBudget and pod(controller), returns true if it does not match
 mismatched_selector(pdb, obj) = res {
-	r1 := match_labels(pdb, obj)
+    r1 := match_labels(pdb, obj)
     r2 := match_expressions_exists(pdb, obj)
     r3 := match_expressions_does_not_exist(pdb, obj)
     r4 := any(match_expressions_in(pdb, obj))
@@ -125,7 +125,7 @@ mismatched_selector(pdb, obj) = res {
 }
 
 match_labels(pdb, obj) = res {
-	pdb_match_labels := { [label, value] | some label; value := pdb.spec.selector.matchLabels[label] }
+    pdb_match_labels := { [label, value] | some label; value := pdb.spec.selector.matchLabels[label] }
     obj_match_labels := { [label, value] | some label; value := obj.spec.selector.matchLabels[label] }
     res := count(pdb_match_labels - obj_match_labels) != 0
 }
