Skip to main content
Version: 1.13

Defining policy settings

The policy settings structure

Firstly, define the structure that holds the policy settings.

Open the demo/src/ file and change the definition of the Settings struct to look like:

pub(crate) struct Settings {
pub invalid_names: HashSet<String>,

This automatically puts the list of invalid names in a Set collection.

The settings validation function

Next, write a settings validation function to make sure the policy is always run with at least one invalid name.

You do this by changing the implementation of the Validatable trait.

Change the scaffolding implementation defined in src/ to look like:

impl kubewarden::settings::Validatable for Settings {
fn validate(&self) -> Result<(), String> {
if self.invalid_names.is_empty() {
Err(String::from("No invalid name specified. Specify at least one invalid name to match"))
} else {

Add unit tests

Now you can write a unit test to make sure the settings validation is working. You can do this in the usual Rust way.

There are already a few default tests at the bottom of the src/ file. Replace the automatically generated code to look like this:

mod tests {
use super::*;

use kubewarden_policy_sdk::settings::Validatable;

fn accept_settings_with_a_list_of_invalid_names() -> Result<(), ()> {
let mut invalid_names = HashSet::new();

let settings = Settings { invalid_names };


fn reject_settings_without_a_list_of_invalid_names() -> Result<(), ()> {
let invalid_names = HashSet::<String>::new();
let settings = Settings { invalid_names };


You can now run the unit tests by doing:

cargo test

This produces an output similar to the following:

   Compiling demo v0.1.0 (/home/jhk/projects/suse/tmp/demo)
Finished test [unoptimized + debuginfo] target(s) in 0.59s
Running unittests src/ (target/debug/deps/demo-bea8e11b21717093)

running 5 tests
test settings::tests::accept_settings_with_a_list_of_invalid_names ... ok
test settings::tests::reject_settings_without_a_list_of_invalid_names ... ok
test tests::reject_pod_with_invalid_name ... ok
test tests::accept_request_with_non_pod_resource ... ok
test tests::accept_pod_with_valid_name ... ok

test result: ok. 5 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s