How policies are loaded by Stein
To understand how
stein loads policy files and recognizes them is very important for writing and applying policies to the files effectively.
stein apply requires always one or more arguments only.
It assumes the config file paths such as YAML, JSON and so on.
The path may have a hierarchical structure.
In Stein, when a path with a hierarchical structure is given as arguments,
stein recognizes the HCL file in
.policy directory placed in the path included in that path as a policy to be applied.
Let’s see a concrete example.
_examples |-- .policy/ | |-- config.hcl | |-- functions.hcl | |-- rules.hcl | `-- variables.hcl |-- manifests/ | |-- .policy/ | | |-- functions.hcl | | `-- rules.hcl | `-- microservices/ | |-- x-echo-jp/ | | `-- development/ | | |-- Deployment/ | | | |-- redis-master.yaml | | | |-- test.yaml | | | `-- test.yml | | |-- PodDisruptionBudget/ | | | `-- pdb.yaml | | `-- Service/ | | `-- service.yaml | `-- x-gateway-jp/ | `-- development/ | `-- Deployment/ | `-- test.yaml `-- spinnaker/ |-- .policy/ | `-- functions.hcl `-- x-echo-jp/ `-- development/ `-- deploy-to-dev-v2.yaml
There are some Kubernetes YAML with hierarchical structure and some policies here.
In this case,
stein recognizes these HCL files as the policy to be applied to the arguments if
_examples/manifests/microservices/x-echo-jp/development/Deployment/test.yaml is given as arguments of
This is because given argument file contains
That is, all YAML files located in
_examples/manifests/ is applied with
On the other hand, all YAML files located in
_examples/spinnaker/ is applied with
So, you can control the policy to apply by appropriately creating the directory and placing the YAML files and
.policy directory there.
In addition, if you want to apply policies placed in places that have no relation to given arguments, you can control by environment variable or
export STEIN_POLICY=/path/to/policy stein apply deployment.yaml # or stein apply -policy /path/to/policy deployment.yaml
-policy) can take multiple values separated by a comma, also can take directories and files:
STEIN_POLICY=root-policy/,another-policy/special.hcl # -> these files are applied, besides ".policy/*.hcl" included in given arguments # root-policy/*.hcl # another-policy/special.hcl