-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path20-cli-variable-overrides.yaml
More file actions
109 lines (98 loc) · 3.6 KB
/
20-cli-variable-overrides.yaml
File metadata and controls
109 lines (98 loc) · 3.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# CLI Variable Overrides Example
# This profile demonstrates the use of CLI variable overrides with reglet check.
#
# Usage Examples:
# # Override environment variable
# reglet check 20-cli-variable-overrides.yaml --set environment=prod
#
# # Override multiple variables
# reglet check 20-cli-variable-overrides.yaml --set environment=staging --set max_response_time_ms=2000
#
# # Use --set-file for sensitive values (not logged to shell history)
# reglet check 20-cli-variable-overrides.yaml --set-file api_key=/path/to/key.txt
#
# # Use --set-env for CI/CD pipelines
# reglet check 20-cli-variable-overrides.yaml --set-env build_id=CI_COMMIT_SHA
#
# # Override nested paths
# reglet check 20-cli-variable-overrides.yaml --set server.host=prod.example.com --set server.port=443
profile:
name: cli-variable-overrides-example
version: "1.0.0"
description: |
Demonstrates CLI variable override capabilities.
Variables defined in this profile can be overridden at runtime
using --set, --set-file, or --set-env flags.
# Default variable values (can be overridden via CLI)
vars:
# Simple variables
environment: dev
max_response_time_ms: 500
# Nested variables (use dot notation to override: --set server.host=prod.example.com)
server:
host: localhost
port: 8080
protocol: https
# Boolean and numeric variables (auto-detected from CLI input)
debug_enabled: false
retry_count: 3
# Paths (useful with --set-file for dynamic configuration)
config_path: /etc/app/config.yaml
plugins:
- http
- file
- command
controls:
items:
# Example 1: HTTP health check with configurable timeout
- id: api-health-check
name: API Health Check
description: Verify API responds within {{ .vars.max_response_time_ms }}ms in {{ .vars.environment }} environment
severity: critical
tags: [api, health, "{{ .vars.environment }}"]
observe:
- plugin: http
config:
url: "{{ .vars.server.protocol }}://{{ .vars.server.host }}:{{ .vars.server.port }}/health"
method: GET
timeout: "{{ .vars.max_response_time_ms }}ms"
expect:
- data.status_code == 200
- data.response_time_ms < {{ .vars.max_response_time_ms }}
# Example 2: Configuration file check
- id: config-exists
name: Configuration File Exists
description: Verify configuration file is present at {{ .vars.config_path }}
severity: high
tags: [configuration]
observe:
- plugin: file
config:
path: "{{ .vars.config_path }}"
expect:
- data.exists == true
# Example 3: Debug mode check (boolean variable)
- id: debug-mode-check
name: Debug Mode Status
description: Check if debug mode is enabled (current: {{ .vars.debug_enabled }})
severity: medium
tags: [security, debug]
observe:
- plugin: command
config:
command: echo "{{ .vars.debug_enabled }}"
expect:
# In production, debug should be false
- "!{{ .vars.debug_enabled }} || '{{ .vars.environment }}' != 'prod'"
# Example 4: Environment-specific configuration
- id: environment-check
name: Environment Configuration
description: Verify environment is properly configured
severity: high
tags: ["{{ .vars.environment }}", configuration]
observe:
- plugin: command
config:
command: echo "Environment: {{ .vars.environment }}, Debug: {{ .vars.debug_enabled }}, Retries: {{ .vars.retry_count }}"
expect:
- data.exit_code == 0