-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integration of Witness Policy Tool into Witness with New Command witness policy
#344
Comments
We need a way to map flags to steps, there are two approaches I am considering: Approach 1: Mapping Flags to Steps In this approach, users explicitly map each flag to a step using a key-value pair. It requires users to be explicit about which step each flag applies to. Command Example:
Here, the user specifies each flag with a corresponding step name ( Approach 2: Ordering-Based Flag Association In this approach, flags are assumed to apply to the most recently defined step, based on their order in the command. Users list flags immediately after the step to which they apply. Command Example:
In this example, the User Experience Consideration:
|
One vote for the mapping approach. Generally prefer the UX of unordered cli flags and it'll retain flexibility of potential future cli flag placement for new features. Maybe can also be paired with an assumption that if only one step is given, then step-specifiers for associated flags not needed. |
This is what im thinking right now. Agree that mapping, though more verbose, is a more explicit approach. I think we could also define multiple or all steps for a parameter. ex: multiple steps--sticky deploy=sticky.yml single step--sticky sticky.yml |
Upvote on the mapping. If that support unordered flags its much less prone to making mistakes. Ordered flags are much more prone for me to make mistakes. And less easy to adapt scripts while working on it. So from a UX perspective, although more explicit, it more flexible in use in my opinion. |
+1 for Approach Mapping Flags to Steps |
I am going to start by adding a witness policy check command, there is a draft PR up |
Introduction:
Proposing the integration of the Witness Policy Tool into Witness, including the addition of a new command:
witness policy
. This integration aims to streamline processes and improve usability.Proposal for Integration and New Command:
Integrating the Witness Policy Tool's features directly into Witness with a new command
witness policy
for a cohesive experience.Features for Integration with
witness policy
Command:witness policy
to create and validate policy files.witness policy
command.witness policy
.Command Integration and Usage:
witness policy
, ensuring seamless command syntax and functionality.Advanced Features:
witness policy
umbrella.Benefits:
Conclusion:
The integration of the Witness Policy Tool into Witness, crowned by the
witness policy
command, will create a comprehensive and user-friendly solution for managing SDLC security and integrity.ref github.com/testifysec/
The text was updated successfully, but these errors were encountered: