Skip to content

Command

The command operation provides a mean to execute a specific command during the test step.

Warning

Command arguments are not going through shell expansion.

It's crucial to consider potential differences in behavior, as Chainsaw may interpret them differently compared to regular shell environments.

Configuration

The full structure of Command is documented here.

Features

Supported features
Bindings support ✅
Outputs support ✅
Templating support ❌
Operation checks support ✅

KUBECONFIG

  • Unless --no-cluster is specified, Chainsaw always executes commands in the context of a temporary KUBECONFIG, built from the configured target cluster.
  • This specific KUBECONFIG has a single cluster, auth info and context configured (all named chainsaw).

Environment variables expansion

Chainsaw will expand environment variables in the form of $VARIABLE_NAME. If you need to provide the $ sign you can do it by escaping it with $$.

This matches Kubernetes' behavior for container command and args fields.

Working directory

Use workDir to set the working directory in which the command will be executed. When omitted, the command runs in the directory containing the test file.

workDir accepts either an absolute path or a relative path. A relative path is resolved against the directory containing the test file.

- command:
    entrypoint: make
    args:
    - build
    workDir: /path/to/project

Log suppression

Two fields control whether command output appears in the test logs:

  • skipLogOutput: suppresses the command's stdout/stderr output from the logs. Useful for reducing noise or hiding sensitive values.
  • skipCommandOutput: suppresses the command invocation itself (entrypoint + args) from the logs.
- command:
    entrypoint: echo
    args:
    - secret-value
    skipLogOutput: true
    skipCommandOutput: true

Examples

apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
  name: example
spec:
  steps:
  - try:
    - command:
        entrypoint: echo
        args:
        - hello chainsaw

Operation check

apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
  name: example
spec:
  steps:
  - try:
    - command:
        entrypoint: echo
        args:
        - hello chainsaw
        check:
          # an error is expected, this will:
          # - succeed if the operation failed
          # - fail if the operation succeeded
          ($error != null): true