Profile Resolution always gives full paths for resolution source in the link with `rel="source-profile"`

Question

Profile Resolution always gives full paths for resolution source in the link with `rel="source-profile"`

aj-stein-nist opened this issue 2 years ago · 0 comments

User Story:

As a developer or engineer using the OSCAL CLI for profile resolution, in order to more effectively use a local environment without context that changes every run in managed environments where filesytems and paths can have random paths parts I cannot control, I would like to have the relative path of the source-profile links.

Goals:

I would like profile resolution of a resolved catalog to be friendly for local development where I do not want to leak information about my local developer machine for operational security, but also remote CI/CD where it is harder to control path names that are often random, UUID-generated (with mktemp or other procedures) to avoid path collisions. Leaking this information is a problem as it is not consistent (remote CI/CD) or yields information I do not want public (local).

Currently from using oscal-cli profile resolve today with 0.3.1, I get the following. For context, I ran this command from with the current directory (in Linux): /home/username/path/to/oscal/files when running oscal-cli profile resolve profile.yaml resolved-catalog.yaml.

---
catalog:
  uuid: f7b6594d-361c-4ba8-bfe6-4266861b3a87
  metadata:
    title: Example for usnistgov/oscal-cli#78
    last-modified: 2022-11-18T15:46:16.777677Z
    version: 0.0.1-alpha
    oscal-version: 1.0.4
    props:
    - name: resolution-tool
      value: libOSCAL-Java
    links:
    - href: file:///home/username/path/to/oscal/files/profile.yaml
      rel: source-profile

I would rather prefer, at all times or an optional runtime argument:

---
catalog:
  uuid: f7b6594d-361c-4ba8-bfe6-4266861b3a87
  metadata:
    title: Example for usnistgov/oscal-cli#78
    last-modified: 2022-11-18T15:46:16.777677Z
    version: 0.0.1-alpha
    oscal-version: 1.0.4
    props:
    - name: resolution-tool
      value: libOSCAL-Java
    links:
    - href: ./profile.yaml
      rel: source-profile

Dependencies:

N/A

Acceptance Criteria

All website and readme documentation affected by the changes in this issue have been updated.
A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.