CLI "test" command for validations #2552
Description
Is your feature request related to a problem? Please describe.
In my CI pipeline I would like an easy way to test my validation code without a cluster for a few reasons:
- Quick feedback on whether an application change has caused it to fail my validations.
- Small safety net for any namespaces that might be ignored during admission, but could check them in CI.
- Tooling/commands to provide end users so they know what to fix before trying to deploy on top of my Pepr validation.
Essentially there is a missing functionality for "dry-runnning" a policy, without needing a cluster.
Describe the solution you'd like
When I run npx pepr test (or similar command), then Pepr will provide me with a "dry-run" of the validation code. The output would be an exit code based on approve/deny plus any messages or warnings as applicable.
The inputs to this command could be a TS file/function reference + a manifest or set of manifests.
Describe alternatives you've considered
With the proper structure for validates I could craft this on my own with npx ts-node potentially. Or potentially this could be done with some mocking and vitest as well.
Additional context
Kyverno has something similar here: https://kyverno.io/docs/kyverno-cli/usage/apply/
OPA, via helm conftest also has something similar: https://github.com/instrumenta/helm-conftest
If this is of value to implement, it would also be interesting to do the same for mutations and provide the mutated resource back as output.