Implements a rough interface for validating configuration against
arbitrary policy rules. Policies are provided as YAML and passed via the
command line as file paths or remote URIs.
The format of policies is:
enforcements: - path: <path> rule: <rule>
Where <path> is a YAML-ish path to a config field and <rule> is any
expression our config validator understands (expressions built in by the
validator library and custom tags defined in config.validation.go).
enforcements: - path: variants.production.base rule: oneof=debian:jessie debian:stretch - path: variants.production.runs.as rule: ne=foo - path: variants.production.node.dependencies rule: isfalse
Command flag parsing was implemented in main.go to support the new
--policy=uri flag and improve existing handling of --version and the