feat: implement security configuration in deployment manifest and API #62
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sichan-vonage
had a problem deploying
to
vcr-cli
GitHub Actions
Failure
There was a problem hiding this comment.
Pull request overview
This PR migrates the path access control configuration from a simple map-based structure to a more structured security configuration with default access levels and path-specific overrides.
Key changes:
- Replaces
path-accessmap with a structuredsecurityobject containing default access level and override array - Updates the data model from
map[string]stringtoSecuritystruct withPathAccessslice - Renames test functions and variables to reflect the security terminology
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| vcr/deploy/testdata/vcr-with-security.yaml | Updates test fixture to use new security configuration structure |
| vcr/deploy/deploy_test.go | Updates test to expect Security struct instead of PathAccess map |
| vcr/deploy/deploy.go | Updates deployment call to pass Security field and includes new security example in documentation |
| pkg/config/manifest.go | Adds Security and PathAccess structs, replaces PathAccess map field with Security pointer |
| pkg/api/deployment_test.go | Renames test function and updates assertions to validate Security structure |
| pkg/api/deployment.go | Changes DeployInstanceArgs field from PathAccess map to Security pointer |
| docs/vcr_deploy.md | Updates documentation to describe new security configuration structure with examples |
| .github/copilot-instructions.md | Adds new Copilot instructions file with Go coding standards and patterns |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
sichan-vonage
had a problem deploying
to
vcr-cli
GitHub Actions
Error
sichan-vonage
force-pushed
the
fix/security-schema
branch
from
28a5a68 to
8490b82
Compare
sichan-vonage
had a problem deploying
to
vcr-cli
GitHub Actions
Error
- Introduced a new Usage: security [-h] [-i] [-l] [-p prompt] [-q] [-v] [command] [opt ...]
-i Run in interactive mode.
-l Run /usr/bin/leaks -nocontext before exiting.
-p Set the prompt to "prompt" (implies -i).
-q Be less verbose.
-v Be more verbose about what's going on.
security commands are:
help Show all commands, or show usage for a command.
list-keychains Display or manipulate the keychain search list.
list-smartcards Display available smartcards.
default-keychain Display or set the default keychain.
login-keychain Display or set the login keychain.
create-keychain Create keychains and add them to the search list.
delete-keychain Delete keychains and remove them from the search list.
lock-keychain Lock the specified keychain.
unlock-keychain Unlock the specified keychain.
set-keychain-settings Set settings for a keychain.
set-keychain-password Set password for a keychain.
show-keychain-info Show the settings for keychain.
dump-keychain Dump the contents of one or more keychains.
create-keypair Create an asymmetric key pair.
add-generic-password Add a generic password item.
add-internet-password Add an internet password item.
add-certificates Add certificates to a keychain.
find-generic-password Find a generic password item.
delete-generic-password Delete a generic password item.
set-generic-password-partition-list Set the partition list of a generic password item.
find-internet-password Find an internet password item.
delete-internet-password Delete an internet password item.
set-internet-password-partition-list Set the partition list of a internet password item.
find-key Find keys in the keychain
set-key-partition-list Set the partition list of a key.
find-certificate Find a certificate item.
find-identity Find an identity (certificate + private key).
delete-certificate Delete a certificate from a keychain.
delete-identity Delete an identity (certificate + private key) from a keychain.
set-identity-preference Set the preferred identity to use for a service.
get-identity-preference Get the preferred identity to use for a service.
create-db Create a db using the DL.
export Export items from a keychain.
import Import items into a keychain.
export-smartcard Export items from a smartcard.
cms Encode or decode CMS messages.
install-mds Install (or re-install) the MDS database.
add-trusted-cert Add trusted certificate(s).
remove-trusted-cert Remove trusted certificate(s).
dump-trust-settings Display contents of trust settings.
user-trust-settings-enable Display or manipulate user-level trust settings.
trust-settings-export Export trust settings.
trust-settings-import Import trust settings.
verify-cert Verify certificate(s).
authorize Perform authorization operations.
authorizationdb Make changes to the authorization policy database.
execute-with-privileges Execute tool with privileges.
leaks Run /usr/bin/leaks on this process.
error Display a descriptive message for the given error code(s).
create-filevaultmaster-keychain Create a keychain containing a key pair for FileVault recovery use.
smartcards Enable, disable or list disabled smartcard tokens.
translocate-policy-check Check whether a path would be translocated.
translocate-status-check Check whether a path is translocated.
translocate-original-path Find the original path for a translocated path.
requirement-evaluate Evaluate a requirement against a cert chain.
filevault Handles FileVault specific settings and overrides.
platformsso Handles Platform SSO specific settings and overrides. field in the deployment manifest to manage access levels for application paths.
- Updated related API structures and tests to reflect the new security model.
- Replaced the previous configuration with the new Usage: security [-h] [-i] [-l] [-p prompt] [-q] [-v] [command] [opt ...]
-i Run in interactive mode.
-l Run /usr/bin/leaks -nocontext before exiting.
-p Set the prompt to "prompt" (implies -i).
-q Be less verbose.
-v Be more verbose about what's going on.
security commands are:
help Show all commands, or show usage for a command.
list-keychains Display or manipulate the keychain search list.
list-smartcards Display available smartcards.
default-keychain Display or set the default keychain.
login-keychain Display or set the login keychain.
create-keychain Create keychains and add them to the search list.
delete-keychain Delete keychains and remove them from the search list.
lock-keychain Lock the specified keychain.
unlock-keychain Unlock the specified keychain.
set-keychain-settings Set settings for a keychain.
set-keychain-password Set password for a keychain.
show-keychain-info Show the settings for keychain.
dump-keychain Dump the contents of one or more keychains.
create-keypair Create an asymmetric key pair.
add-generic-password Add a generic password item.
add-internet-password Add an internet password item.
add-certificates Add certificates to a keychain.
find-generic-password Find a generic password item.
delete-generic-password Delete a generic password item.
set-generic-password-partition-list Set the partition list of a generic password item.
find-internet-password Find an internet password item.
delete-internet-password Delete an internet password item.
set-internet-password-partition-list Set the partition list of a internet password item.
find-key Find keys in the keychain
set-key-partition-list Set the partition list of a key.
find-certificate Find a certificate item.
find-identity Find an identity (certificate + private key).
delete-certificate Delete a certificate from a keychain.
delete-identity Delete an identity (certificate + private key) from a keychain.
set-identity-preference Set the preferred identity to use for a service.
get-identity-preference Get the preferred identity to use for a service.
create-db Create a db using the DL.
export Export items from a keychain.
import Import items into a keychain.
export-smartcard Export items from a smartcard.
cms Encode or decode CMS messages.
install-mds Install (or re-install) the MDS database.
add-trusted-cert Add trusted certificate(s).
remove-trusted-cert Remove trusted certificate(s).
dump-trust-settings Display contents of trust settings.
user-trust-settings-enable Display or manipulate user-level trust settings.
trust-settings-export Export trust settings.
trust-settings-import Import trust settings.
verify-cert Verify certificate(s).
authorize Perform authorization operations.
authorizationdb Make changes to the authorization policy database.
execute-with-privileges Execute tool with privileges.
leaks Run /usr/bin/leaks on this process.
error Display a descriptive message for the given error code(s).
create-filevaultmaster-keychain Create a keychain containing a key pair for FileVault recovery use.
smartcards Enable, disable or list disabled smartcard tokens.
translocate-policy-check Check whether a path would be translocated.
translocate-status-check Check whether a path is translocated.
translocate-original-path Find the original path for a translocated path.
requirement-evaluate Evaluate a requirement against a cert chain.
filevault Handles FileVault specific settings and overrides.
platformsso Handles Platform SSO specific settings and overrides. structure, allowing for more granular control over access permissions.
- Added examples and documentation updates to guide users on the new configuration format.
sichan-vonage
force-pushed
the
fix/security-schema
branch
from
8490b82 to
5358859
Compare
sichan-vonage
temporarily deployed
to
vcr-cli
GitHub Actions
Inactive
…dling - Renamed to in the Security struct for consistency. - Updated related API structures and tests to reflect the new field name. - Removed unused error code variable from the PrintAPIError function to streamline error reporting.
sichan-vonage
had a problem deploying
to
vcr-cli
GitHub Actions
Failure
- Updated command descriptions and examples for clarity across various VCR CLI commands including , , , and . - Improved error messages and help text to provide better guidance for users. - Removed deprecated MongoDB commands and related tests to streamline the codebase. - Enhanced the command to clarify the setup process for new users. - Added detailed usage instructions for managing secrets, including creation, updating, and removal. - Improved the overall structure and readability of command documentation.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.