# This is a test-policy with patch, configMapGenerator with and without "copyFrom" option,
# secretGenerator with and without "copyFrom" option.
# To apply this policy you need to create secret and configMap in "default" namespace 
# and then create a namespace

apiVersion : policy.nirmata.io/v1alpha1
kind : Policy
metadata :
  name : "policy-ns-patch-cmg-sg"
spec :
  failurePolicy: stopOnError
  rules:
  - resource :
      kind : Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"
    patch:
    - path: "/metadata/labels/isMutatedByPolicy"
      op: add
      value: "true"

  - resource :
      kind : Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"
    configMapGenerator :
      name : copied-cm
      copyFrom :
        namespace : default
        name : game-config
      data :
        secretData: "data from cmg"
        
  - resource :
      kind : Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"
    configMapGenerator :
      name : generated-cm
      data :
        secretData: "very sensitive data from cmg"
        database: mongodb
        database_uri: mongodb://localhost:27017
  
        keys: | 
          image.public.key=771 
          rsa.public.key=42
  
  - resource :
      kind : Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"

    secretGenerator :
      name : generated-secrets
      data :
        foo : bar
        app.properties : /
          foo1=bar1
          foo2=bar2
        ui.properties : /
          foo1=bar1
          foo2=bar2

  - resource :
      kind : Namespace
      selector:
        matchLabels:
          LabelForSelector : "namespace2"

    secretGenerator :
      name : copied-secrets
      copyFrom :
        namespace : default
        name : mysecret
      data :
        foo : bar
        secretData: "data from sg"