apiVersion: templates.gatekeeper.sh/v1beta1
kind: ConstraintTemplate
metadata:
  name: k8sazureblockdefault
spec:
  crd:
    spec:
      names:
        kind: K8sAzureBlockDefault
  targets:
    - target: admission.k8s.gatekeeper.sh
      rego: |
        package k8sazureblockdefault

        violation[{"msg": msg}] {
          obj := input.review.object
          is_default_namespace(obj.metadata)
          msg := sprintf("Usage of the default namespace is not allowed, name: %v, kind: %v", [obj.metadata.name, obj.kind])
        }

        is_default_namespace(metadata) {
          not metadata.namespace
        }

        is_default_namespace(metadata) {
          metadata.namespace == "default"
        }