Dafuq did I just see?

About Conftest

Jan 152020

Conftest is a tool to help you write tests against structured configuration data. It relies on Rego which is a nice query language that comes with a bunch of built-in functions that are ready to use. By using it, you can write tests against the config types below:

  • INI
  • TOML
  • HCL/HCL2
  • CUE
  • Dockerfile
  • EDN
  • XML

When it comes to talking about conftest's pros/cons, there're some unique features that some other testing tools don't have.

You can:

  • write more declarative tests(policies) which are not simply assertions.  
  • write tests against many kinds of config types. 
  • use --combine flag to combine some different files in one context for using their variables globally.
  • use parse command to see how the inputs are parsed.
  • combine different input types in one test run and apply combined policy against them.
  • Pull/push policies from different kinds of sources like S3, docker registry, github file, etc... 
  • Find real-world examples in examples/ folder


  • Learning Rego could be a little bit time consuming

Finally, I encourage folks either to look at conftest's source code and rego language.
It's a simple, single-threaded command-line tool. I recommend folks to integrate it to their organizations also PR's are welcome.

Here's the repo: https://github.com/instrumenta/conftest