conftest
This provider allows you to validate your configuration files against policies that you specify, using the conftest tool and Open Policy Agent rego query files. The provider creates a module type of the same name, which allows you to specify files to validate. Each module then creates a Garden test that becomes part of your Stack Graph.
Note that, in many cases, you'll actually want to use more specific providers that can automatically configure your
conftest modules, e.g. the conftest-container and/or conftest-kubernetes providers. See the conftest example project for a simple usage example of the latter.If those don't match your needs, you can use this provider directly and manually configure your
conftest modules. Simply add this provider to your project configuration, and see the conftest module documentation for a detailed reference. Also, check out the below reference for how to configure default policies, default namespaces, and test failure thresholds for all conftest modules.Below is the full schema reference for the provider configuration. For an introduction to configuring a Garden project with providers, please look at our configuration guide.
The reference is divided into two sections. The first section contains the complete YAML schema, and the second section describes each schema key.
The values in the schema below are the default values.
providers:
- # The name of the provider plugin to use.
name:
# List other providers that should be resolved before this one.
dependencies: []
# If specified, this provider will only be used in the listed environments. Note that an empty array effectively
# disables the provider. To use a provider in all environments, omit this field.
environments:
# Path to the default policy directory or rego file to use for `conftest` modules.
policyPath: ./policy
# Default policy namespace to use for `conftest` modules.
namespace:
# Set this to `"warn"` if you'd like tests to be marked as failed if one or more _warn_ rules are matched.
# Set to `"none"` to always mark the tests as successful.
testFailureThreshold: error
Type | Default | Required |
|---|---|---|
array[object] | [] | No |
The name of the provider plugin to use.
Type | Required |
|---|---|
string | Yes |
Example:
providers:
- name: "local-kubernetes"
List other providers that should be resolved before this one.
Type | Default | Required |
|---|---|---|
array[string] | [] | No |
Example:
providers:
- dependencies:
- exec
If specified, this provider will only be used in the listed environments. Note that an empty array effectively disables the provider. To use a provider in all environments, omit this field.
Type | Required |
|---|---|
array[string] | No |
Example:
providers:
- environments:
- dev
- stage
Path to the default policy directory or rego file to use for
conftest modules.Type | Default | Required |
|---|---|---|
posixPath | "./policy" | No |
Default policy namespace to use for
conftest modules.Type | Required |
|---|---|
string | No |
Set this to
"warn" if you'd like tests to be marked as failed if one or more warn rules are matched. Set to "none" to always mark the tests as successful.Type | Default | Required |
|---|---|---|
string | "error" | No |
Last modified 9d ago