Added acceptance tests demonstraing configuration file usage

Author: garethr

acceptance.bats

@@ -14,3 +14,25 @@
   run conftest test --fail-on-warn -p examples/kubernetes/policy examples/kubernetes/service.yaml
   [ "$status" -eq 1 ]
 }
+
+@test "Pass when testing a blank namespace" {
+  run conftest test --namespace notpresent -p examples/kubernetes/policy examples/kubernetes/deployment.yaml
+  [ "$status" -eq 0 ]
+}
+
+@test "Fail due to picking up settings from configuration file" {
+  cd examples/configfile
+  run conftest test deployment.yaml
+  [ "$status" -eq 1 ]
+  [[ "$output" =~ "Containers must not run as root" ]]
+}
+
+@test "Has version flag" {
+  run conftest --version
+  [ "$status" -eq 0 ]
+}
+
+@test "Has help flag" {
+  run conftest --help
+  [ "$status" -eq 0 ]
+}

examples/configfile/conftest.toml

@@ -0,0 +1,2 @@
+policy = "test"
+namespace = "conftest"

examples/configfile/deployment.yaml

@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hello-kubernetes
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: hello-kubernetes
+  template:
+    metadata:
+      labels:
+        app: hello-kubernetes
+    spec:
+      containers:
+      - name: hello-kubernetes
+        image: paulbouwer/hello-kubernetes:1.5
+        ports:
+        - containerPort: 8080

examples/configfile/test/deny.rego

@@ -0,0 +1,17 @@
+package conftest
+
+import data.kubernetes
+
+
+deny[msg] {
+  kubernetes.is_deployment
+  not input.spec.template.spec.securityContext.runAsNonRoot = true
+  msg = "Containers must not run as root"
+}
+
+deny[msg] {
+  kubernetes.is_deployment
+  not input.spec.selector.matchLabels.app
+  not input.spec.selector.matchLabels.release
+  msg = "Containers must provide app/release labls for pod selectors"
+}

examples/configfile/test/kubernetes.rego

@@ -0,0 +1,9 @@
+package kubernetes
+
+is_service {
+  input.kind = "Service"
+}
+
+is_deployment {
+  input.kind = "Deployment"
+}