search

open-policy-agent / conftest

Write tests against structured configuration data using the Open Policy Agent Rego query language
https://conftest.dev
Other
2.88k stars 307 forks source link

Add comment support when parsing YAML files #602

Open fredgate opened 3 years ago

fredgate commented 3 years ago

I have a Helm chart that I test for Kubernetes API deprecations using deprek8ion policies.

Here is the command and output I have :

helm template my-chart-1.0.0.tgz | conftest test -o json -
[
        {
                "filename": "",
                "namespace": "main",
                "successes": 71,
                "warnings": [
                        {
                                "msg": "Ingress/my-ingress: API networking.k8s.io/v1beta1 for Ingress is deprecated from Kubernetes 1.19, use networking.k8s.io/v1 instead."
                        }
                ]
        }
]

In the result, the filename is missing.

My chart I have one file by resource (one file for deployment, another file for service, yet another file for ingress...), but the helm template command render one output with a multi document YAML like that

...

---
# Source: my-chart/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
...

---
# Source: my-chart/templates/ingress.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: my-ingress
spec:
...

Each resource is prefixed with a comment indicating the file containing the resource definition. But this information is not reported in conftest output.
How to proceed ?

jalseth commented 3 years ago

Hi @fredgate. This comment in the Helm output is a Helm-specific thing, and is not a part of the YAML specification so it is not parsed by conftest. I will take a look into what can be done here to make this clearer in the output when testing helm files.

jalseth commented 3 years ago

@fredgate The YAML package we use [1] does not return us any comments, so adding this would be a significant refactor. Time allowing we may still add this, but I wanted to let you know it probably won't be soon. That said, I'd welcome a PR if you have the time!

[1] https://pkg.go.dev/github.com/ghodss/yaml

eliasscosta commented 1 year ago

I have an identical issue. I want to test yamls where they have fields and these fields have values as a template standards:

name: #@ data.values.metadata.name

This kind of value is a standard from ytt templates.

When I generated the test I got a null value.