-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/integration tests #2084
base: develop
Are you sure you want to change the base?
Conversation
@brian-ruf @Rene2mt See this pull request for how we can be sure that direction prop is allowed in components. Currently the tests fail because direction prop is not in alignment. ssp.xml has an added direction prop See test run: |
d15223c
to
3526c79
Compare
@iMichaela @wendellpiez kindly let me know if you have a chance to look at this PR, would love to hear your feedback |
@wandmagic - Hi Paul - thank you for the proposed harness. I am abroad on PTO until mid Dec and will only be able to provide a complete feedback upon my return and gain access to my dev environment. Sorry for the delay. |
@wandmagic -- All I can tell so far, from browsing the changed files is that the test harness is installing and using Also, this PR is barcoding "valid OSCAL content " which is obsolete and not aligned with the For interested reviewers, see: https://github.com/GSA/oscal-js . All baselines used are FeRAMP baselines. All examples used are GSA examples. This is not something NIST can accept as proposed, despite its great intent of enhancing OSCAL testing methodology. Changes are needed. Major ask: remove/rename the |
Notwithstanding the difficulties cited by @iMichaela, I am very much liking the general direction here. A PR along these lines would be a small but significant step forward. We manage the risks of posting bad data by not posting bad data, so of course any concerns by @iMichaela or others need to be addressed. But we also need a way that third parties can judge data quality for themselves without having to ask us - we do this (in part) by posting useful examples even if only mockups. |
Totally agree with @wendellpiez general direction. However, this PR proposes to 'augment' OSCAL schemas validation using the harness FedRAMP is using. NIST OSCAL Makefile already includes validation with |
this PR no longer uses oscal-server or oscal-js, please have a second look. @iMichaela the contents of valid-content are copy pasted from oscal-content repo. we can integrate this data as a submodule or query them directly, i added them directly under the impression that they would have the newest up to date for an upcoming version, and oscal-content would be updated upon release of a new version. I understand reservations about naming and confusion regarding oscal-js, and I feel that the library is not needed here as it is largely a convenience library. oscal-server is only for performance of running hundreds of oscal-cli commands in parallel and is not needed here either. |
It would be good to have an itemized list of things we need to have to get this type of check integrated into the repo, if it is possible. |
@iMichaela since there are a variety of concerns and claims that are separate of the PR and out of scope given @wandmagic's changes described in #2084 (comment), I moved the discussion to #2087 and not sidetrack from the PR at hand. I hope that helps. |
I tried switching to the NIST managed oscal CLI from here: https://repo1.maven.org/maven2/gov/nist/secauto/oscal/tools/oscal-cli/cli-core/1.0.3/
To me this indicates that the nist managed CLI is no longer maintained enough to be leveraged as part of CI/CD. |
We can work on it together when I return to US |
Committer Notes
This PR introduces a baseline for integration tests using cucumber and oscal cli.
this will allow a github action to verify that the upcoming version of oscal will still validate content as expected.
Additionally, this can be used as the groundwork for styleguides and other checks we may need to introduce into the build process to maintain the integrity of the OSCAL project.
All Submissions:
By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.
(For reviewers: The wiki has guidance on code review and overall issue review for completeness.)
Changes to Core Features: