guardian icon indicating copy to clipboard operation
guardian copied to clipboard
verified publisher icon raystack

Command to validate/lint guardian policy

Open bsushmith opened this issue 3 years ago • 1 comments

Summary

At the moment, guardian policy validation is done on creation. And any testing for the intricate steps require creating a policy and doing the whole appeal flow just to check policy steps.

We should have a command/api similar to guardian policy validate or guardian policy lint so that one can run it and check if the policy file that they have created is valid. And if invalid, detailed error output to describe what is incorrect.

Additional context We might not be able to validate everything in policy without going through the appeal flow itself, but having something to validate at least a few things is better and we can always extend it later.

bsushmith avatar Aug 01 '22 19:08 bsushmith

this relates to https://github.com/odpf/guardian/issues/128, having dry-run capability on creating policy can help to validate the policy config

rahmatrhd avatar Aug 02 '22 05:08 rahmatrhd