Conftest is a tool to help you write tests against structured configuration data. It relies on Rego which is a nice query language that comes with a bunch of built-in functions that are ready to use. By using it, you can write tests against the config types below:
When it comes to talking about conftest's pros/cons, there're some unique features that some other testing tools don't have.
- write more declarative tests(policies) which are not simply assertions.
- write tests against many kinds of config types.
- use --combine flag to combine some different files in one context for using their variables globally.
- use parse command to see how the inputs are parsed.
- combine different input types in one test run and apply combined policy against them.
- Pull/push policies from different kinds of sources like S3, docker registry, github file, etc...
- Find real-world examples in examples/ folder
- Learning Rego could be a little bit time consuming
Finally, I encourage folks either to look at conftest's source code and rego language.
It's a simple, single-threaded command-line tool. I recommend folks to integrate it to their organizations also PR's are welcome.
Here's the repo: https://github.com/instrumenta/conftest