Bundle Azure template as default for "tm7 new" and "tm7 import dot"#4
Open
gholliday wants to merge 1 commit into
Open
Bundle Azure template as default for "tm7 new" and "tm7 import dot"#4gholliday wants to merge 1 commit into
gholliday wants to merge 1 commit into
Conversation
The DotToTm7Mapper stamps Azure-specific stencil TypeIds (SE.TB.TMCore.AzureTrustBoundary, SE.DS.TMCore.AzureStorage, SE.P.TMCore.AzureAD, SE.P.TMCore.AzureAppServiceWebApp, SE.DS.TMCore.AzureKeyVault, SE.DF.TMCore.Request/Response) onto diagram elements. The previous required --template accepted any .tm7 - when users passed a non-Azure template (e.g. TMT's default SDL threatmodelsample.tm7), the output .tm7 referenced TypeIds that weren't defined in its embedded KnowledgeBase, and TMT would show "model has validation issues" on open and downgrade every Azure-typed shape to its generic base. Changes: - Embed samples/template.tm7 as Tm7.Cli.Resources.DefaultTemplate.tm7. - New Tm7File.LoadDefaultTemplate() reads the embedded resource. - Make --template optional on "tm7 new" and "tm7 import dot"; fall back to the bundled Azure KB when omitted, and surface the KB name in the success message. - Promote flow TypeId literals in ImportCommand to internal const so tests reference the same strings production uses. - Update README and "tm7 examples" to show the no---template form. Tests (25/25 pass, 5 new): - LoadDefaultTemplate_Succeeds_AndExposesAzureKb - EmbeddedDefaultTemplate_MatchesSampleOnDisk (SHA-256 drift guard) - DefaultTemplate_DefinesEveryTypeIdEmittedByDotMapper (mapper-KB invariant covering every recognized predicate/alias + flow TypeIds via the constants) - AotExe_NewWithoutTemplate_UsesBundledAzureKb - AotExe_ImportDotWithoutTemplate_EmbedsAzureKbAndResolvesAllTypeIds Co-authored-by: Copilot <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
DotToTm7Mapperstamps Azure-specific stencil TypeIds (SE.TB.TMCore.AzureTrustBoundary,SE.DS.TMCore.AzureStorage,SE.P.TMCore.AzureAD,SE.P.TMCore.AzureAppServiceWebApp,SE.DS.TMCore.AzureKeyVault,SE.DF.TMCore.Request/Response) onto diagram elements. The previous required--templateaccepted any.tm7. When users passed a non-Azure template (e.g. TMT's default SDLthreatmodelsample.tm7), the output.tm7referenced TypeIds that weren't defined in its embeddedKnowledgeBase, and TMT would show "model has validation issues" on open and downgrade every Azure-typed shape to its generic base (GE.TB.B/GE.DS/GE.P/GE.DF).Solution
Embed
samples/template.tm7(the Azure Threat Model Template KB) as a resource and use it by default when--templateis omitted.Changes
src/Tm7.Cli/Tm7.Cli.csproj— embedsamples/template.tm7asTm7.Cli.Resources.DefaultTemplate.tm7.src/Tm7.Cli/Tm7File.cs— newTm7File.LoadDefaultTemplate()that reads the embedded resource viaAssembly.GetManifestResourceStream.src/Tm7.Cli/Commands/NewCommand.csandImportCommand.cs—--templateis now optional. When omitted, the bundled Azure KB is used and the success message surfaces the KB name ((from bundled default template: Azure Threat Model Template)).src/Tm7.Cli/Commands/ImportCommand.cs— flow TypeIds promoted tointernal const ForwardFlowTypeId/ReverseFlowTypeId/GenericFlowTypeIdso tests can reference the same strings production uses.README.mdandExamplesCommand.cs— show the no---templateform.Tests
25/25 pass (5 new):
LoadDefaultTemplate_Succeeds_AndExposesAzureKb"Azure Threat Model Template"; StandardElements non-emptyEmbeddedDefaultTemplate_MatchesSampleOnDisksamples/template.tm7and the baked-in resourceDefaultTemplate_DefinesEveryTypeIdEmittedByDotMapperDotToTm7Mapper.MapEntityType/MapBoundaryTypeplus theImportCommandflow constants must resolve to a stencil in the bundled KBAotExe_NewWithoutTemplate_UsesBundledAzureKbtm7 newwith no--templateproduces a file whose embedded KB is the Azure templateAotExe_ImportDotWithoutTemplate_EmbedsAzureKbAndResolvesAllTypeIdstm7 import dotwith no--template; every TypeId actually written into Borders/Lines resolves against the embedded KB (proxy for "TMT won't downgrade")Verification
dotnet build -c Debug— green.dotnet test— 25/25 pass.dotnet publish src/Tm7.Cli -c Release -r win-arm64— succeeds.tm7 newandtm7 import dotsmoke-tested with no--template.