Skip to content

Resource templating

Experimental status

This is an experimental feature, and implementation could change slightly in the next versions.

Info

Templating was disabled by default in v0.1.* but is now enabled by default since v0.2.1.

Chainsaw can apply transformations to the resources before they are processed by the operation.

This is useful when a resource needs some runtime configuration.

Templating must be enabled at the configuration, test, step, or operation level for the templating process to kick in. Alternatively, templating can be enabled using the --template flag when invoking chainsaw from the command line.

Note

Unlike assertion trees, templating can only be specified in leave nodes of the YAML tree.

Supported operations

Resource templating is supported in the following operations:

Assert and Error

When templating assert or error operations, the content is already an assertion tree.

For this reason, only the elements used for looking up the resources to be processed by the operation will be considered for templating. That is, only apiVersion, kind, name, namespace and labels are considered for templating. Other fields are not, they are part of the assertion tree only.

assert and error example

apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
  name: template
spec:
  template: true
  steps:
  - assert:
      resource:
        # apiVersion, kind, name, namespace and labels are considered for templating
        apiVersion: v1
        kind: ConfigMap
        metadata:
          name: ($namespace)
        # other fields are not (they are part of the assertion tree)
        data:
          foo: ($namespace)
  - error:
      resource:
        # apiVersion, kind, name, namespace and labels are considered for templating
        apiVersion: v1
        kind: ConfigMap
        metadata:
          name: ($namespace)
        # other fields are not (they are part of the assertion tree)
        data:
          bar: ($namespace)

Apply, Create and Patch

When templating apply, create or patch operations, the whole content is considered for templating.

apply and create example

apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
  name: template
spec:
  template: true
  steps:
  - apply:
      resource:
        # the whole content is considered for templating
        apiVersion: v1
        kind: ConfigMap
        metadata:
          name: ($namespace)
        data:
          foo: ($namespace)
  - create:
      resource:
        # the whole content is considered for templating
        apiVersion: v1
        kind: ConfigMap
        metadata:
          name: ($namespace)
        data:
          foo: ($namespace)
  - patch:
      resource:
        # the whole content is considered for templating
        apiVersion: v1
        kind: ConfigMap
        metadata:
          name: ($namespace)
        data:
          foo: ($namespace)

Delete

When templating delete operations, the whole content is considered for templating.

apply and create example

apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
  name: template
spec:
  template: true
  steps:
  - delete:
      ref:
        # the whole content is considered for templating
        apiVersion: v1
        kind: ConfigMap
        name: ($namespace)