ec inspect policy
Read policies from source urls and show information about the rules inside them
Read policies from a source url and show information about the rules inside them.
This fetches policy sources similar to the 'ec fetch policy' command, but once the policy is fetched the equivalent of 'opa inspect' is run against the downloaded policies.
This can be used to extract information about each rule in the policy source, including the rule annotations which include the rule’s title and description and custom fields used by ec to filter the results produced by conftest.
Note that this command is not typically required to verify the Enterprise Contract. It has been made available for troubleshooting and debugging purposes.
ec inspect policy --source <source-url> [flags]
Print a list of rules and their descriptions from the latest Enterprise Contract release policy:
ec inspect policy --source quay.io/enterprise-contract/ec-release-policy
Display details about the latest Enterprise Contract release policy in json format:
ec inspect policy --source quay.io/enterprise-contract/ec-release-policy -o json | jq
display rules included in given collection
- --d, --dest
use the specified destination directory to download the policy. if not set, a temporary directory will be used
- --h, --help
help for policy (Default: false)
- --o, --output
output format. one of: json, text, names, short-names (Default: text)
display results matching package name
- --p, --policy
reference to the policy configuration, either EnterpriseContractPolicy Kubernetes custom resource reference [<namespace>/]<name>, or inline JSON or YAML of the `spec` part
display results matching rule name
- --s, --source
policy source url. multiple values are allowed (Default: )
same as verbose but also show function names and line numbers (Default: false)
path to the Kubernetes config file to use
less verbose output (Default: false)
max overall execution duration (Default: 5m0s)
enable trace logging (Default: false)
more verbose output (Default: false)
ec inspect - Inspect policy rules