apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: sync-sorcerer-secrets
spec:
  background: true
  generateExisting: true
  rules:
  - name: sync-atlantis-secret
    generate:
      apiVersion: v1
      kind: Secret
      name: '{{`{{ request.object.metadata.name }}`}}'
      namespace: '{{`{{ request.object.metadata.namespace }}`}}'
      synchronize: true
      clone:
        name: staging-sorcerer-env
        namespace: staging-sorcerer
    match:
     any:
     - resources:
         kinds:
         - Secret
         names:
         - "*-sorcerer-env"
         annotations:
           kyverno/clone: "true"
    exclude:
      any:
      - resources:
          annotations:
            vcluster.loft.sh/controlled-by: secret/v1/GenericImport
  - name: sync-dapr-api-token
    generate:
      apiVersion: v1
      kind: Secret
      name: '{{`{{ request.object.metadata.name }}`}}'
      namespace: '{{`{{ request.object.metadata.namespace }}`}}'
      synchronize: true
      clone:
        name: dapr-api-token
        namespace: staging-sorcerer
    match:
     any:
     - resources:
         kinds:
         - Secret
         names:
         - dapr-api-token
         annotations:
           kyverno/clone: "true"
    exclude:
      any:
      - resources:
          annotations:
            vcluster.loft.sh/controlled-by: secret/v1/GenericImport