infrastructure/policies/cost_control.rego

package main

import rego.v1

# VMs must not exceed 16 cores
deny contains msg if {
	some resource in input.resource_changes
	resource.type == "proxmox_virtual_environment_vm"
	resource.change.actions[_] in {"create", "update"}
	to_number(resource.change.after.cpu[0].cores) > 16

	msg := sprintf(
		"COST: VM '%s' requests %v cores. Maximum 16. File ADR for exception.",
		[resource.address, resource.change.after.cpu[0].cores],
	)
}

# VMs must not exceed 32 GB RAM
deny contains msg if {
	some resource in input.resource_changes
	resource.type == "proxmox_virtual_environment_vm"
	resource.change.actions[_] in {"create", "update"}
	to_number(resource.change.after.memory[0].dedicated) > 32768

	msg := sprintf(
		"COST: VM '%s' requests %v MB RAM. Maximum 32768 (32 GB). File ADR for exception.",
		[resource.address, resource.change.after.memory[0].dedicated],
	)
}