Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add local developer server command #98

Open
11 tasks
aj-stein-gsa opened this issue Aug 29, 2024 · 1 comment
Open
11 tasks

Add local developer server command #98

aj-stein-gsa opened this issue Aug 29, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@aj-stein-gsa
Copy link
Contributor

aj-stein-gsa commented Aug 29, 2024
edited
Loading

User Story

As a developer of Metaschema models and developer tooling, I would like a to be able to run metaschema-cli serve --unsafe-local-only and be able to load a local development server with a minimal REST API to allow the following.

  • POST a model to validate it is a valid Metaschema model, or return errors.
  • POST a model and document instance to valid the document instance is valid against the model POSTed alongside it, and return validations errors accordingly.
  • POST a document instance and model to respond with a converted instance from the target data format (XML) to source (JSON)
  • Optionally load up models in a stateful way for 1 and 2 and reference by shortcut the model name so I do not have to find a way to POST the model and document instance every time. The state should not persist once the serve process is terminated.

Goals

  • Allow flexible integration without shell based execution
  • Allow starting one instance of the metaschema-java system and integration tooling in development to not have to wait for the process to load up cold or warm (via the JVM)
  • Prototype future developer integrations and independent tooling with a very common and accessibly HTTP-based interface (reducing burden for newer developers to integrate into their tooling and CI/CD)
  • Require a command-line argument, --unsafe-local-only, to ensure that developers that deploy beyond local-only developer workstation use have to understand they are going outside the implied threat model of this tool, given code generation capabilities, and do not expose themselves to a series of very real attack scenarios. This in the spirt of modern developer tools and frameworks, like React that require people code in settings that call out a risk to even novice users.

Dependencies

No response

Acceptance Criteria

  • All website and readme documentation affected by the changes in this issue have been updated.
  • A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
  • The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.

Revisions

No response
@aj-stein-gsa aj-stein-gsa added the enhancement New feature or request label Aug 29, 2024
@david-waltermire david-waltermire moved this from To Triage to Backlog in Tooling Work Board Sep 7, 2024
@aj-stein-gsa
Copy link
Contributor Author

Per conversation about doing this at a higher-level in oscal-cli tooling, consider Vert.X and Jersey (JAX-RS overlay), but others in the group seem to be converging on Vert.x at initial design considerations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
Tooling Work Board
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aj-stein-gsa