Testing k8s ConfigMap with nested dbless config for Kong

12/20/2021

I've found really problematic to test Kong's config which is nested in such ConfigMap (it is a short version of this ConfigMap):

apiVersion: v1
kind: ConfigMap
metadata:
  name: "some_name"
data:
  kong_config.yml: |
    _format_version: "2.1"
    _transform: true

    services:
      - name: health-check
        url: http://localhost/non-existent
        plugins:
          - name: request-termination
            config:
              status_code: 200
              message: ok
        routes:
          - name: admin-status
            paths:
              - /healthz$

What I'm trying to do is to test this ConfigMap using conftest so I'm "taking out" Kong's config YML file from ConfigMap like this:

deny[msg] {
    kong_config := input.data["kong.yml"]
    service_1_name := kong_config.services[0].name

    ....some other code....

    msg := sprintf("Service '%v' failed name validation.", [service_1_name])
}

kong_config variable is type string and I can't find a proper way to cast it to type object or any other type which would allow me to reference to YML keys. Rego's built-in function cast_object seems no to work.

Is there anyone who already had this problem and have some tips?

-- billythekidpl
conftest
kubernetes
rego

1 Answer

12/20/2021

Ok, so I found an answer ;)

The solution is to use a built-in function: yaml.unmarshal.

At first I misunderstood rego references

-- billythekidpl
Source: StackOverflow