-
Notifications
You must be signed in to change notification settings - Fork 316
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integration testing via example yaml files in each policy directory #30
Comments
Hey Kevin, thanks for stepping in to help! If you haven't already seen it, I have a doc here that summarizes what we are trying to achieve here. https://docs.google.com/document/d/1uQlkIBQcgNNyth8o9ufYaVSfUq_JLJGy9fcuW3VB7vU/edit For this issue, what I have in mind is something similar to what we have in the Gatekeeper repo with make e2e-bootstrap and make test-e2e. The goal will be to able to spin up a kind cluster (with
This will depend on #31 which establishes the directory structure for this work. You could branch off of that and get started now, at risk that there may be some changes as it is reviewed, or you may want to wait until that is merged into master. I don't foresee any major changes though since we already discussed the broad strokes of this during our community meetings. Feel free to message me on the OPA slack if you want to discuss! |
Hey Craig, thanks for the prompt response and detailed explanation. I'm clear about what we want to achieve for this issue and will start working on it shortly! |
We can add integration testing based on each of the policy directories' templates, constraints, and example resource yaml files. Using the standard from #25, we can require that all resources containing "_allowed*.yaml" pass and "_disallowed*.yaml" are rejected. (We'll need to ensure those files exist first -- #26)
We have a couple options here. The kpt tool has a Gatekeeper resource validator to evaluate a resource, template, and constraint against the OPA client. We can also spin up a kind cluster (similar to in the Gatekeeper repo) and apply the resources there. I imagine the kpt approach is faster but kind more representative of real-world usage.
The text was updated successfully, but these errors were encountered: