Skip to content
This repository has been archived by the owner on Apr 1, 2021. It is now read-only.

chimera-kube/chimera-policy-testdrive

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

chimera-policy-testdrive is a CLI tool for quickly testing chimera policies.

The tool takes the following data as input:

  • --policy <POLICY.wasm>: path to the WASM module that provides the policy to be evaluated. Currently only local files can be loaded.
  • --request-file <REQUEST.json>: path to the json file with the Kubernetes admission requet object to be evaluated.
  • --settings <JSON DICTIONARY>: json dictionary with the settings used by the policy at evaluation time.

policy-testdrive evaluates the request and prints the validation response to the standard output.

Install

You can install the chimera-policy-testdrive with the cargo package manager:

$ cargo install --git https://github.com/chimera-kube/chimera-policy-testdrive.git --branch main

Example

We want to test this pod toleration policy against a pre-recorded Kubernetes admission request. The admission request is saved inside of a file called test_request.json.

We want to run the policy with the following settings. Note well, this would be the syntax used inside of policy-server's policies.yml file:

settings:
  - taint_key: dedicated
  - taint_value: tenantA
  - allowed_groups: tenantA-users

This command will evaluate the policy against a pre-recorded Kubernetes admission request object:

$ chimera-policy-testdrive \
    --policy pod-toleration-policy.wasm \
    --request-file test_request.json \
    --settings '{"taint_key": "dedicated", "taint_value": "tenantA", "allowed_groups": "tenantA-users"}'

About

CLI utility for testing chimera policies

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages