added initial test for a kubectl plugin

garethr · garethr · commit f776548eec16 · 2019-05-13T18:31:51.000+03:00
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -19,6 +19,10 @@ archive:
   format_overrides:
   - goos: windows
     format: zip
+  files:
+      - LICENSE
+      - README.md
+      - plugin/*.sh
 checksum:
   name_template: 'checksums.txt'
 snapshot:
diff --git a/plugin/kubectl-test.sh b/plugin/kubectl-test.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+# kubectl test allows for testing resources in your cluster using Open Policy Agent
+# It uses the conftest utility and expects to find associated policy files in
+# a directory called policy
+
+
+# Check if a specified command exists on the path and is executable
+function check_command () {
+    if ! [[ -x $(command -v $1) ]] ; then
+        echo "$1 not installed"
+        exit 1
+    fi
+}
+
+function usage () {
+    echo "A Kubectl plugin for using Conftest to test objects in Kubernetes using Open Policy Agent"
+    echo
+    echo "See https://github.com/instrumenta/conftest for more information"
+    echo
+    echo "Usage:"
+    echo "   kubectl test (TYPE[.VERSION][.GROUP] [NAME] | TYPE[.VERSION][.GROUP]/NAME)"
+}
+
+# Check the required commands are available on the PATH
+check_command "conftest"
+check_command "kubectl"
+
+
+if [[ ($# -eq 0) || ($1 == "--help") ]]; then
+    # No commands or the --help flag passed and we'll show the usage instructions
+    usage
+elif [[ ($# -eq 1) && $1 =~ ^[a-z\.]+$ ]]; then
+    # If we have one argument we get the list of objects from kubectl
+    # parse our the individual items and then pass those one by one into conftest
+    check_command "jq"
+    if output=$(kubectl get $1 $2 -o json); then
+        echo $output | jq -cj '.items[] | tostring+"\u0000"' | xargs -n1 -0 -I@ bash -c "echo '@' | conftest test -"
+    fi
+elif [[ ($# -eq 1 ) ]]; then
+    # Support the / variant for getting an individual resource
+    if output=$(kubectl get $1 -o json); then
+        echo $output | conftest test -
+    fi
+elif [[ ($# -eq 2 ) && $1 =~ ^[a-z]+$ ]]; then
+    # if we have two arguments then we assume the first is the type and the second the resource name
+    if output=$(kubectl get $1 $2 -o json); then
+        echo $output | conftest test -
+    fi
+else
+    echo "Please check the arguments to kubectl test"
+    echo
+    usage
+    exit 1
+fi
diff --git a/plugin/test.yaml b/plugin/test.yaml
@@ -0,0 +1,23 @@
+apiVersion: krew.googlecontainertools.github.com/v1alpha2
+kind: Plugin
+metadata:
+  name: test
+spec:
+  version: "0.5.0"
+  platforms:
+  - selector:
+      matchExpressions:
+      - {key: os, operator: In, values: [darwin, linux]}
+    uri: https://github.com/instrumenta/conftest/releases/download/v0.5.0/conftest_0.5.0_Linux_x86_64.tar.gz
+    head: https://github.com/instrumenta/conftest/archive/master.zip
+    sha256: "7866ec28fc62d5cb6952a2d66712875776b8d3da8a8da8d3793fdbde73dffbb9"
+    files:
+    - from: "/plugin/*.sh"
+      to: "."
+    bin: "./kubectl-test.sh"
+  shortDescription: Test your Kubernetes objects using Open Policy Agent
+  homepage: https://github.com/instrumenta/conftest
+  caveats: |
+    This plugin needs the following programs:
+    * conftest
+    * jq
