-
Story
-
Resolution: Done
-
Undefined
-
None
-
5
-
False
-
None
-
False
-
-
ACM-4697 - RFE Create tools to assist in Policy development
-
-
-
GRC Sprint 2024-18
-
None
Value Statement
As a policy user, I want a tool that I can use to test my policies locally. This could be used as CI on PRs to Git repos with Policy manifests, or just for local development.
Definition of Done for Engineering Story Owner (Checklist)
- Create a "dryrun" CLI tool for ConfigurationPolicy
- The subcommand will have the arguments (e.g. `dryrun -p policy.yaml configmap1.yaml configmap2.yaml`):
- The "--policy" or "-p" argument to reference the manifest with the Policy or ConfigurationPolicy. If other YAML manifests are present, they can be ignored. If the Policy contains policy-templates other than ConfigurationPolicy, a warning will be sent to stderr indicating it was ignored.
- An unlimited amount of positional arguments indicating files of Kubernetes manifests that indicate the "cluster state". These can also be passed in via stdin (e.g. `cat configmaps.yaml | policycli test -p polic.yaml`). This should also support a directory of manifests and manifest files with multiple YAML documents (see the Policy Generator code for this).
- The CLI tool returns the compliance messages and the diff.
- Exit code should be 2 if it's noncompliant.
Development Complete
- The code is complete.
- Functionality is working.
- Any required downstream Docker file changes are made.
Tests Automated
- [ ] Unit/function tests have been automated and incorporated into the
build. - [ ] 100% automated unit/function test coverage for new or changed APIs.
Secure Design
- [ ] Security has been assessed and incorporated into your threat model.
Multidisciplinary Teams Readiness
- [ ] Create an informative documentation issue using the Customer
Portal Doc template that you can access from [The Playbook](
and ensure doc acceptance criteria is met.
- Call out this sentence as it's own action:
- [ ] Link the development issue to the doc issue.
Support Readiness
- [ ] The must-gather script has been updated.
- relates to
-
ACM-14937 (TP) Enabling test automation of OCM.io policies
- Backlog