Conversation
Signed-off-by: Lee Briggs <lee@leebriggs.co.uk>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds support for creating federated credentials via the existing tscli create key command, along with spec-driven change documentation and regenerated command docs so the new --type federated workflow is discoverable.
Changes:
- Extend
tscli create key --typeto acceptfederated, including federated-specific flags and request payload handling. - Add unit tests covering federated creation and validation errors.
- Add spec-driven change docs (proposal/design/spec/tasks) and regenerate CLI command documentation to include federated usage.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
cmd/tscli/create/key/cli.go |
Implements --type federated support, validation, and POST payload construction for federated keys. |
cmd/tscli/create/key/cli_test.go |
Adds tests for federated key creation and validation error cases. |
docs/commands/tscli_create_key.md |
Regenerated command docs reflecting federated options/flags. |
docs/commands/tscli_create.md |
Updates the create-command index entry description for create key. |
docs/README.md |
Adds contributor-facing documentation on federated credentials and OpenAPI coverage mapping workflow. |
openspec/changes/federated-tailnet-keys/.openspec.yaml |
Declares a new spec-driven change set. |
openspec/changes/federated-tailnet-keys/design.md |
Design notes/goals for adding federated key support. |
openspec/changes/federated-tailnet-keys/proposal.md |
Motivation and scope for the federated key support change set. |
openspec/changes/federated-tailnet-keys/specs/federated-key-support/spec.md |
Requirements/spec scenarios for federated key creation and coverage expectations. |
openspec/changes/federated-tailnet-keys/tasks.md |
Task checklist for implementing/testing/documenting federated key support. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
21
to
+39
| Contributors: | ||
|
|
||
| - [Command Reference](command-reference.md) for generation/check workflow | ||
| - [Configuration](configuration.md) for precedence and profile behavior | ||
|
|
||
| ## Federated credentials | ||
|
|
||
| Use `tscli create key --type federated` to provision federated identities that mirror an OIDC issuer/subject pair. Provide `--scope` plus `--issuer` and `--subject`, and optionally `--audience`, `--tags`, and `--claim` to express custom claim rules. | ||
|
|
||
| After adding new key types or CLI verbs, keep the OpenAPI coverage mappings in sync by editing `pkg/contract/openapi/command-operation-map.yaml` and rerunning `make coverage-gaps-check`. The generated waterfall is saved in `coverage/coverage-gaps.*` so CI can detect regressions. | ||
|
|
||
| For references to the updated create-key documentation, see the generated [tscli create key](commands/tscli_create_key.md) command page. | ||
|
|
||
| Contributors, refer back to this file when you need to refresh the docs site or cover new CLI surface area. | ||
|
|
||
| Contributors: | ||
|
|
||
| - [Command Reference](command-reference.md) for generation/check workflow | ||
| - [Configuration](configuration.md) for precedence and profile behavior |
There was a problem hiding this comment.
Contributors: is now duplicated (lines 21–25 and again at 36–39), which makes the landing page harder to maintain and can confuse readers. Consolidate to a single Contributors section and remove the extra paragraph/list.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Lee Briggs lee@leebriggs.co.uk