Apply stein rules#
After writing up your rules, let's run stein command.
The Stein CLI is a well-behaved command line application.
In erroneous cases, a non-zero exit status will be returned.
It also responds to
--help as you'd expect.
To view a list of the available commands at any time, just run stein with no arguments.
To apply the rule to that YAML file and run the test you can do with the
$ stein apply -policy rules.hcl service.yaml service.yaml [ERROR] rule.namespace_specification Namespace is not specified ===================== 1 error(s), 0 warn(s)
You can show the error message with exit code
The location (a file path directly or a directory path which is located policies) of policy files can be specified with
Otherwise, you can tell stein the location of policies with
STEIN_POLICY environment variable.
Moreover, stein automatically checks
.policy directory whether policies written in HCL are located or not when running.
So you can put it on
.policy directory like the following:
$ tree . service.yaml .policy/ `-- rules.hcl
For more details about this behavior, see also How policies are loaded by Stein.