Document how to test policies and validate policy execution results

[JimBugwadia]

Its not clear how policy execution can be verified, and what the intent of status and events in a policy resource should do.

Reported on the Kyverno slack channel:

I have had some hard time debugging issues from my policies, it seems the policies have a status section and an event section but did not find many information about their meaning on the documentations. Apparently other resources may have policies related event (see pod above). This is not all clear to me where to look for information when testing policies.

We also need to improve documentation on the CLI and how it can be used for testing policies.

[JimBugwadia]

@NoSkillGirl - can you please review the CLI documentation and suggest how we can improve?

[chipzoller]

Sounds like this may be better as a website repo issue? @NoSkillGirl I'll be glad to collaborate with you in getting more of this worked into the docs.

[chipzoller]

@NoSkillGirl Can you please help me identify gaps here with respect to this issue? I can transfer it to kyverno/website and self assign it, but I'd like some assistance from you.

[NoSkillGirl]

Sure @chipzoller
These are the gaps according to me.

• For apply command, we didn't mention what would be the response of the command and how to interpret it
• User can give a log level when applying any CLI command. documentation for choosing different log levels is missing
• Different type of policies produces different type of results, but it's not there in documentation
  • validate policy will give only pass or fail
  • mutate policy will print the mutated policy
  • generate policy will gives only pass or fail, but the generated resource (what we get in case of the policy applied in webhook) won't get printed.

[chipzoller]

Thanks, @NoSkillGirl. Transferring to kyverno/website and will pick it up there.

[chipzoller]

Looks like all of these either have been addressed or are self-documented by the CLI. Closing.