feat: sanitize-command #403
Conversation
Are these required? These seem unnecessary for this iteration if so, and make the command more complicated. |
| Usage: "Output directory for sanitized versions", | ||
| Value: "sanitized", | ||
| Required: false, | ||
| }, |
There was a problem hiding this comment.
I think compiled-path and out will remain the same most of the time. How about we add a DEFAULT for each and only pass the flags when we want the path and out to be different.
This could also apply to the other flags as well.
There was a problem hiding this comment.
While the out could be inferred from the compiled-path, i wanted to keep the utility away from the actual projects .vervet file such that it can be used by anyone on a simple directory of compiled specs by using the go run utility or similar
It allows the user to define which extensions/headers/paths etc he wants to strip out without us being explicit which ones. We could change this to be loaded from a separate config but the user will still have to define which ones as we cannot assume internal structure |
| Value: "sanitized", | ||
| Required: false, | ||
| }, | ||
| &cli.StringSliceFlag{ |
There was a problem hiding this comment.
should add this config to the config file? in the sanitise block?
There was a problem hiding this comment.
So you propose adding a new sanitize block in .vervet? This could be weird as we already have the merge config with the exclude pattern doing the same thing, i wanted this utility to be separate from the project configuration so it can be run anywhere on any folder of compiled specs
This PR introduces a new sanitize command to remove sensitive information from versioned OpenAPI specs before distribution.
Given a directory of compiled specs (one subfolder per version), the command loads each spec.yaml, filters out configurable extensions, headers, or entire paths, and saves the sanitized spec to a specified output directory.
This will read all spec.yaml files under each version subfolder, remove fields matching the exclusion criteria, and write sanitized openapi.yaml files to the ./sanitized directory.