validate Command¶
The validate command validates Cedar policy syntax and loads policies from a directory or file.
Synopsis¶
Description¶
The validate command checks that Cedar policy files are syntactically correct without running a full scan. This is useful for:
- Testing policies during development
- CI/CD pipeline validation
- Verifying policy syntax before deployment
Arguments¶
| Argument | Description |
|---|---|
path |
Path to a policy file or directory (optional if --builtin is used) |
Flags¶
| Flag | Description | Default |
|---|---|---|
--builtin |
Validate built-in policies | false |
--verbose |
Show policy details | false |
Examples¶
Validate Built-in Policies¶
Output:
Validate a Directory¶
Output:
Validate with Verbose Output¶
Output:
Validating policies in directory: ./policies/
✓ ./policies/go/merge.cedar
✓ ./policies/go/versions.cedar
✓ ./policies/go/matrix.cedar
✓ ./policies/go/dependencies.cedar
✓ ./policies/go/reusable-workflow.cedar
✓ 5 policy file(s) validated successfully
Validate a Single File¶
Output:
Handling Errors¶
When a policy has syntax errors:
Output:
Validating policies in directory: ./policies/
Errors found:
✗ ./policies/broken.cedar: parsing error at line 5
1 policy file(s) have errors
Exit Codes¶
| Code | Meaning |
|---|---|
| 0 | All policies are valid |
| 1 | One or more policies have errors |
Use in CI/CD¶
Add policy validation to your CI pipeline:
# .github/workflows/validate-policies.yml
name: Validate Policies
on:
push:
paths:
- 'policies/**'
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install PipelineConductor
run: go install github.com/grokify/pipelineconductor/cmd/pipelineconductor@latest
- name: Validate policies
run: pipelineconductor validate ./policies/ --verbose
See Also¶
- scan - Run compliance scans
- Cedar Syntax - Cedar policy language reference
- Writing Policies - Policy authoring guide