Profile Resolution always gives full paths for resolution source in the link with `rel="source-profile"`
aj-stein-nist opened this issue · 0 comments
User Story:
As a developer or engineer using the OSCAL CLI for profile resolution, in order to more effectively use a local environment without context that changes every run in managed environments where filesytems and paths can have random paths parts I cannot control, I would like to have the relative path of the source-profile
links.
Goals:
I would like profile resolution of a resolved catalog to be friendly for local development where I do not want to leak information about my local developer machine for operational security, but also remote CI/CD where it is harder to control path names that are often random, UUID-generated (with mktemp
or other procedures) to avoid path collisions. Leaking this information is a problem as it is not consistent (remote CI/CD) or yields information I do not want public (local).
Currently from using oscal-cli profile resolve
today with 0.3.1, I get the following. For context, I ran this command from with the current directory (in Linux): /home/username/path/to/oscal/files
when running oscal-cli profile resolve profile.yaml resolved-catalog.yaml
.
---
catalog:
uuid: f7b6594d-361c-4ba8-bfe6-4266861b3a87
metadata:
title: Example for usnistgov/oscal-cli#78
last-modified: 2022-11-18T15:46:16.777677Z
version: 0.0.1-alpha
oscal-version: 1.0.4
props:
- name: resolution-tool
value: libOSCAL-Java
links:
- href: file:///home/username/path/to/oscal/files/profile.yaml
rel: source-profile
I would rather prefer, at all times or an optional runtime argument:
---
catalog:
uuid: f7b6594d-361c-4ba8-bfe6-4266861b3a87
metadata:
title: Example for usnistgov/oscal-cli#78
last-modified: 2022-11-18T15:46:16.777677Z
version: 0.0.1-alpha
oscal-version: 1.0.4
props:
- name: resolution-tool
value: libOSCAL-Java
links:
- href: ./profile.yaml
rel: source-profile
Dependencies:
N/A
Acceptance Criteria
- All website and readme documentation affected by the changes in this issue have been updated.
- A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
- The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.