Apply the registered lint rules to a gateway config file.
The lint engine never reaches out to GCP, Azure, or Kubernetes — it is
safe to run in pre-merge CI on a config repo. Live-state checks (does
this static IP exist? Is AGIC enabled?) belong to the install Plan view,
not lint.
Pass --type to select the provider's rule set. GCP-only rules
(TAREL010 etc.) self-gate so an Azure config does not produce phantom
warnings about empty GCP fields.
Exit codes:
0 No findings, or only info/warn findings (use --fail-on-warn to
promote warnings to non-zero exits in CI).
1 At least one error finding.
2 Misuse (bad flags, missing config file, etc.).
Examples:
tare gateway config lint --config gcp-gateway.json
tare gateway config lint --config azure-gateway.json --type azure
tare gateway config lint --config gcp-gateway.json --format json
tare gateway config lint --list-rules
Usage:
tare gateway config lint [flags]
Flags:
--config string Path to the gateway config file (gcp-gateway.json or azure-gateway.json) (default "gcp-gateway.json")
--fail-on-warn Exit non-zero when any warning is emitted
--format string Output format: text or json (default "text")
--identity string Path to identity (service-account) file; enables identity-aware rules (e.g. TAREL021)
--list-rules Print the registered rules and exit
--severity string Minimum severity to display: info, warn, or error (default "info")
--type string Gateway provider type (gcp|azure) (default "gcp")
Global Flags:
-q, --quiet Suppress progress output; only errors and the final summary go to stderr
-v, --verbose Verbose output: plain-mode progress lines plus full per-blob chunk logs to stderr