Skip to content
/ celify Public

CLI to run CEL based validations agaisnt yaml or json

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rdalbuquerque/celify

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
.attachments
.attachments
 
 
.github/workflows
.github/workflows
 
 
.vscode
.vscode
 
 
cmd
cmd
 
 
pkg
pkg
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

celify

CLI to run CEL based validations agaisnt yaml or json.

The intention of this CLI is to provide a simple way to run validations against yaml or json files using CEL. Inspired by k8s validating admission policy, the idea is to provide ease of integration with CI tools to validate not only Kubernetes manifests, but other yamls or jsons, e.g. Terraform plans, pipeline yamls and templates etc.

Get started

Install on Linux

# Downloads the CLI based on your OS/arch and puts it in /usr/local/bin
curl -fsSL https://raw.githubusercontent.com/rdalbuquerque/celify/master/scripts/install.sh | sh

Install on Windows

Invoke-RestMethod "https://raw.githubusercontent.com/rdalbuquerque/celify/master/scripts/install.ps1" | Invoke-Expression

Example usage

Successfull validations

validations=$(cat <<EOF
validations:
- expression: "object.spec.template.spec.containers.all(c, c.resources.limits.memory != null && c.resources.requests.memory != null)"
  messageExpression: "'all containers must specify memory resource'"
- expression: "object.metadata.name != 'my-deployment'"
  messageExpression: "'expected deployment name to be different than my-deployment, got ' + object.metadata.name"
EOF
)
target=$(cat <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  template:
    spec:
      containers:
      - name: my-container
        image: nginx
        resources:
          limits:
            memory: 1Gi
          requests:
            memory: 1Gi
EOF
)
celify validate --validations "$validations" --target "$target"

Output: success validations

Failed validations

In case of a failed validation, the output will show the message expression result and the evaluated object, if any.

# setting target to a deployment with no resource definition
target=$(cat <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  template:
    spec:
      containers:
      - name: my-container
        image: nginx
EOF
)

# running agaisnt the same validations
celify validate --validations "$validations" --target "$target"

Output: 1 failed validation

Failed expression with multiple objects

In the case where multiple objects are being evaluated with && or || operators, the output will show all evaluated objects.

# running a validation with multiple objects
target=$(cat <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
  annotations:
    vcs: git
    env: dev
spec:
  template:
    spec:
      containers:
      - name: my-container
        image: team-a/nginx
EOF
)

celify validate --expression "object.spec.template.spec.containers.exists_one(c, c.image.startsWith('team-a')) && object.metadata.annotations.exists_one(a, a.team == 'team-a')" --target "$target"

Output: multiple objects

OBS: In the case where a single expression is used instead of validations, there is no messageExpression available, so the error message will simply say validation failed.

About

CLI to run CEL based validations agaisnt yaml or json

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 8

Release v0.0.0-alpha.25 Latest
Nov 23, 2023
+ 7 releases

Packages

No packages published

Languages