DEVELOPMENT.md

GKE Policy Automation development

Requirements

• Go 1.21 or newer (to build the application)
• GNU Make (to build and test easier)
• Open Policy Agent (to test REGO policies)

Building the application

Note: This project uses Go Modules making it safe to work with it outside of your existing GOPATH. The instructions that follow assume a directory in your home directory outside of the standard GOPATH (i.e $HOME/development/).

1. Clone GKE Policy Automation repository

   mkdir -p $HOME/development; cd $HOME/development 
   git clone https://github.com/google/gke-policy-automation.git

2. Enter the application directory and compile it

   cd gke-policy-automation
   make build

Testing the application

• To run unit tests, use make test target

  make test

• To check code and report suspicious constructs, use make vet target

  make vet

• To check code formatting, use make fmtcheck target

  make fmtcheck

Testing the REGO rules

The application repository comes with a set of recommended REGO rules that cover GKE cluster best practices. Rego rules can be tested with OPA Policy Testing framework.

NOTE: -v flag sets verbose reporting mode.

opa test <POLICY_DIR> -v

To test set of project policies:

opa test gke-policies-v2 -v

Developing REGO rules

Please check GKE Policy authoring guide for guides on authoring REGO rules for GKE Policy Automation.