1Open Policy Agent(1) Open Policy Agent(1)
2
3
4
6 opa-test - Execute Rego test cases
7
8
9
11 opa test [path [...]] [flags]
12
13
14
16 Execute Rego test cases.
17
18
19 The 'test' command takes a file or directory path as input and executes
20 all test cases discovered in matching files. Test cases are rules whose
21 names have the prefix "test_".
22
23
24 If the '--bundle' option is specified the paths will be treated as pol‐
25 icy bundles and loaded following standard bundle conventions. The path
26 can be a compressed archive file or a directory which will be treated
27 as a bundle. Without the '--bundle' flag OPA will recursively load ALL
28 *.rego, *.json, and *.yaml files for evaluating the test cases.
29
30
31 Test cases under development may be prefixed "todo_" in order to skip
32 their execution, while still getting marked as skipped in the test re‐
33 sults.
34
35
36 Example policy (example/authz.rego):
37
38
39 package authz
40
41 allow {
42 input.path = ["users"]
43 input.method = "POST"
44 }
45
46 allow {
47 input.path = ["users", profile_id]
48 input.method = "GET"
49 profile_id = input.user_id
50 }
51
52
53
54 Example test (example/authz_test.rego):
55
56
57 package authz
58
59 test_post_allowed {
60 allow with input as {"path": ["users"], "method": "POST"}
61 }
62
63 test_get_denied {
64 not allow with input as {"path": ["users"], "method": "GET"}
65 }
66
67 test_get_user_allowed {
68 allow with input as {"path": ["users", "bob"], "method": "GET", "user_id": "bob"}
69 }
70
71 test_get_another_user_denied {
72 not allow with input as {"path": ["users", "bob"], "method": "GET", "user_id": "alice"}
73 }
74
75 todo_test_user_allowed_http_client_data {
76 false # Remember to test this later!
77 }
78
79
80
81 Example test run:
82
83
84 $ opa test ./example/
85
86
87
88 If used with the '--bench' option then tests will be benchmarked.
89
90
91 Example benchmark run:
92
93
94 $ opa test --bench ./example/
95
96
97
98 The optional "gobench" output format conforms to the Go Benchmark Data
99 Format.
100
101
102
104 --bench[=false] benchmark the unit tests
105
106
107 --benchmem[=true] report memory allocations with benchmark results
108
109
110 -b, --bundle[=false] load paths as bundle files or root directo‐
111 ries
112
113
114 --count=1 number of times to repeat each test
115
116
117 -c, --coverage[=false] report coverage (overrides debug tracing)
118
119
120 --explain=fails enable query explanations
121
122
123 -f, --format=pretty set output format
124
125
126 -h, --help[=false] help for test
127
128
129 --ignore=[] set file and directory names to ignore during loading
130 (e.g., '.*' excludes hidden files)
131
132
133 -m, --max-errors=10 set the number of errors to allow before com‐
134 pilation fails early
135
136
137 -r, --run="" run only test cases matching the regular expression.
138
139
140 -t, --target=rego set the runtime to exercise
141
142
143 --threshold=0 set coverage threshold and exit with non-zero status
144 if coverage is less than threshold %
145
146
147 --timeout=0s set test timeout (default 5s, 30s when benchmarking)
148
149
150 -v, --verbose[=false] set verbose reporting mode
151
152
153
155 opa(1)
156
157
158
159 Jun 2022 Open Policy Agent(1)