chimera-policy-testdrive is a CLI tool for quickly testing chimera policies.
The tool takes the following data as input:
--policy <POLICY.wasm>
: path to the WASM module that provides the policy to be evaluated. Currently only local files can be loaded.--request-file <REQUEST.json>
: path to the json file with the Kubernetes admission requet object to be evaluated.--settings <JSON DICTIONARY>
: json dictionary with the settings used by the policy at evaluation time.
policy-testdrive
evaluates the request and prints the validation response to
the standard output.
You can install the chimera-policy-testdrive
with the cargo
package manager:
$ cargo install --git https://github.com/chimera-kube/chimera-policy-testdrive.git --branch main
We want to test this pod toleration policy
against a pre-recorded Kubernetes admission request. The admission request is
saved inside of a file called test_request.json
.
We want to run the policy with the following settings. Note well, this would
be the syntax used inside of policy-server's
policies.yml
file:
settings:
- taint_key: dedicated
- taint_value: tenantA
- allowed_groups: tenantA-users
This command will evaluate the policy against a pre-recorded Kubernetes admission request object:
$ chimera-policy-testdrive \
--policy pod-toleration-policy.wasm \
--request-file test_request.json \
--settings '{"taint_key": "dedicated", "taint_value": "tenantA", "allowed_groups": "tenantA-users"}'