Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: fix go install gator #3325

Merged
merged 2 commits into from
Mar 22, 2024
Merged

docs: fix go install gator #3325

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8bba235
docs: fix go install gator
sozercan Mar 20, 2024
e00d4da
Merge branch 'master' into docs-gator
sozercan Mar 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
44 changes: 24 additions & 20 deletions website/docs/gator.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
id: gator
id: gator
title: The gator CLI
---

Expand All @@ -17,13 +17,17 @@ you can also install `gator` using [Homebrew](https://brew.sh).

To build from source:

```shell
go install github.com/open-policy-agent/gatekeeper/v3/cmd/gator@master
```
go get github.com/open-policy-agent/gatekeeper/cmd/gator
```

:::note
`go install` of `gator` requires Gatekeeper `master` branch or `v3.16.0` and later.
:::

Install with Homebrew:

```
```shell
brew install gator
```

Expand Down Expand Up @@ -53,13 +57,13 @@ than the aforementioned three will be skipped.

For example, to test a manifest (piped via stdin) against a folder of policies:

```
```shell
cat my-manifest.yaml | gator test --filename=template-and-constraints/
```

Or you can specify both as flags:

```
```shell
gator test -f=my-manifest.yaml -f=templates-and-constraints/
```

Expand All @@ -77,9 +81,9 @@ section.
For example, to test a manifest (piped via stdin) against an OCI Artifact
containing policies:

```
```shell
cat my-manifest.yaml | gator test --image=localhost:5000/gator/template-library:v1 \
--image=localhost:5000/gator/constraints:v1
--image=localhost:5000/gator/constraints:v1
```

#### Exit Codes
Expand Down Expand Up @@ -113,7 +117,7 @@ stdout.

The allowed values are `yaml` and `json`, specified like:

```
```shell
gator test --filename=manifests-and-policies/ --output=json
```

Expand Down Expand Up @@ -249,22 +253,22 @@ gator verify suite.yaml

To run all suites in the current directory and all child directories recursively

```
```shell
gator verify ./...
```

To only run tests whose full names contain a match for a regular expression, use
the `run` flag:

```
```shell
gator verify path/to/suites/... --run "disallowed"
```

### Validating Metadata-Based Constraint Templates

`gator verify` may be used with an [`AdmissionReview`](https://pkg.go.dev/k8s.io/kubernetes/pkg/apis/admission#AdmissionReview)
object to test your constraints. This can be helpful to simulate a certain operation (`CREATE`, `UPDATE`, `DELETE`, etc.)
or [`UserInfo`](https://pkg.go.dev/k8s.io/kubernetes@v1.25.3/pkg/apis/authentication#UserInfo) metadata.
`gator verify` may be used with an [`AdmissionReview`](https://pkg.go.dev/k8s.io/kubernetes/pkg/apis/admission#AdmissionReview)
object to test your constraints. This can be helpful to simulate a certain operation (`CREATE`, `UPDATE`, `DELETE`, etc.)
or [`UserInfo`](https://pkg.go.dev/k8s.io/kubernetes@v1.25.3/pkg/apis/authentication#UserInfo) metadata.
Recall that the `input.review.user` can be accessed in the Rego code (see [Input Review](howto.md#input-review) for more guidance). The `AdmissionReview` object can be specified where you would specify the object under test above:

```yaml
Expand Down Expand Up @@ -366,26 +370,26 @@ supplied, the command will exit 1. See the [non default namespace example](#non-
Similar to `gator test`, `gator expand` expects a `--filename` or `--image`
flag. The flags can be used individually, in combination, and/or repeated.

```
gator expand --filename="manifest.yaml" 鈥揻ilename="expansion-policy/"
```shell
gator expand --filename="manifest.yaml" 鈥揻ilename="expansion-policy/"
```

Or, using an OCI Artifact for the expansion configuration:

```
```shell
gator expand --filename="my-deployment.yaml" --image=localhost:5000/gator/expansion-policy:v1
```

By default, `gator expand` will output to stdout, but a `鈥搊utputfile` flag can be
specified to write the results to a file.

```
```shell
gator expand --filename="manifest.yaml" 鈥搊utputfile="results.yaml"
```

`gator expand` can output in `yaml` or `json` (default is `yaml`).

```
```shell
gator expand --filename="manifest.yaml" 鈥揻ormat="json"
```

Expand Down Expand Up @@ -511,7 +515,7 @@ We recommend using the [Oras CLI](https://oras.land/cli/) to create OCI
artifacts. For example, to push a bundle containing the 2 local directories
`constraints` and `template_library`:

```
```shell
oras push localhost:5000/gator/policy-bundle:v1 ./constraints/:application/vnd.oci.image.layer.v1.tar+gzip \
./template_library/:application/vnd.oci.image.layer.v1.tar+gzip
```
Expand Down