Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-14161

[Stretch goal] Create a dry run tool for ConfigurationPolicy

XMLWordPrintable

    • 5
    • False
    • None
    • False
    • Hide

      Provide the required acceptance criteria using this template.
      * ...
      Show
      Provide the required acceptance criteria using this template. * ...
    • ACM-4697 - RFE Create tools to assist in Policy development
    • GRC Sprint 2024-18
    • None

      Value Statement

      As a policy user, I want a tool that I can use to test my policies locally. This could be used as CI on PRs to Git repos with Policy manifests, or just for local development.

      Definition of Done for Engineering Story Owner (Checklist)

      • Create a "dryrun" CLI tool for ConfigurationPolicy
      • The subcommand will have the arguments (e.g. `dryrun -p policy.yaml configmap1.yaml configmap2.yaml`):
        • The "--policy" or "-p" argument to reference the manifest with the Policy or ConfigurationPolicy. If other YAML manifests are present, they can be ignored. If the Policy contains policy-templates other than ConfigurationPolicy, a warning will be sent to stderr indicating it was ignored.
        • An unlimited amount of positional arguments indicating files of Kubernetes manifests that indicate the "cluster state". These can also be passed in via stdin (e.g. `cat configmaps.yaml | policycli test -p polic.yaml`). This should also support a directory of manifests and manifest files with multiple YAML documents (see the Policy Generator code for this).
      • The CLI tool returns the compliance messages and the diff.
      • Exit code should be 2 if it's noncompliant.

      Development Complete

      • The code is complete.
      • Functionality is working.
      • Any required downstream Docker file changes are made.

      Tests Automated

      • [ ] Unit/function tests have been automated and incorporated into the
        build.
      • [ ] 100% automated unit/function test coverage for new or changed APIs.

      Secure Design

      • [ ] Security has been assessed and incorporated into your threat model.

      Multidisciplinary Teams Readiness

      • [ ] Create an informative documentation issue using the Customer

      Portal Doc template that you can access from [The Playbook](

      https://docs.google.com/document/d/1YTqpZRH54Bnn4WJ2nZmjaCoiRtqmrc2w6DdQxe_yLZ8/edit#heading=h.9fvyr2rdriby),

      and ensure doc acceptance criteria is met.

      • Call out this sentence as it's own action:
      • [ ] Link the development issue to the doc issue.

      Support Readiness

      • [ ] The must-gather script has been updated.

              jkulikau@redhat.com Justin Kulikauskas
              mprahl Matthew Prahl
              Derek Ho Derek Ho
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: