introduce user sensitivity level constraint + refactor #634
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Rene2mt
requested changes
Aug 26, 2024
Rene2mt
previously approved these changes
Aug 28, 2024
aj-stein-gsa
requested changes
Aug 28, 2024
src/validations/constraints/fedramp-external-allowed-values.xml
Outdated
Show resolved
Hide resolved
aj-stein-gsa
previously approved these changes
Aug 29, 2024
wandmagic
force-pushed
the
feature/external-constraints-user-sensitivity
branch
from
a946629 to
1b75d42
Compare
aj-stein-gsa
requested changes
Sep 19, 2024
Comment on lines
+78
to
+92
| ### Workflow | ||
| - create a fork | ||
| - branch from feature/external-constraints => feature/external-constraint-{constraint-group} | ||
| - replace {constraint-group} with a short description of the constraints you will contribute | ||
| - template the constraint in an XML file under <repo-root>/src/validations/constraints/fedramp-external-constraints-<constraint-group>.xml or where it makes sense to place | ||
| - see fedramp-external-constraints.xml for example | ||
| - create all constraints with well named ids | ||
| - $`npm run constraint <constraint-id>` to scaffold unit tests | ||
| - create or update sample content for your negative and positive unit tests | ||
| - npm run test to see if your unit tests pass | ||
| - once unit tests are passing submit your PR |
There was a problem hiding this comment.
Hey this is good stuff, can you move this into the CONTRIBUTING.md document? There may be stuff there from me, but it could be better. I would appreciate integrating it in this PR, just move it there.
(Inside baseball for you and the FedRAMP Auto Team: long-term I want this particular README to go away after the minor deprecation release.)
aj-stein-gsa
requested changes
Sep 20, 2024
Comment on lines
+168
to
+206
| <allowed-values id="privilege-level" target="prop[@name='privilege-level']/@value" allow-other="no" level="ERROR"> | ||
| <formal-name>Privilege Level</formal-name> | ||
| <description>The privilege level of the user.</description> | ||
| <enum value="read">Read</enum> | ||
| <enum value="read-write">Read-Write</enum> | ||
| <enum value="write">Write</enum> | ||
| <enum value="no-access">No Access</enum> | ||
| </allowed-values> |
There was a problem hiding this comment.
Blocking: while working on docs, we diverge from upstream core OSCAL constraints. I am not sure this is a critical issue, I would like to discuss with the team and internal staff if we need to diverge or align with upstream or not.
Comment on lines
+176
to
+215
| <allowed-values id="user-sensitivity-level" target="prop[@name='sensitivity']/@value" allow-other="no" level="ERROR"> | ||
| <formal-name>User Sensitvity Level</formal-name> | ||
| <description>Sensitivity level of the user.</description> | ||
| <enum value="high-risk">High Risk</enum> | ||
| <enum value="severe">Severe</enum> | ||
| <enum value="moderate">Moderate</enum> | ||
| <enum value="limited">Limited</enum> | ||
| <enum value="not-applicable">Not Applicable</enum> | ||
| </allowed-values> |
There was a problem hiding this comment.
Blocking: while working on docs, I realized this is a FedRAMP-specific constraint, this does not exist in core upstream OSCAL.
Suggested change
| <allowed-values id="user-sensitivity-level" target="prop[@name='sensitivity']/@value" allow-other="no" level="ERROR"> | |
| <formal-name>User Sensitvity Level</formal-name> | |
| <description>Sensitivity level of the user.</description> | |
| <enum value="high-risk">High Risk</enum> | |
| <enum value="severe">Severe</enum> | |
| <enum value="moderate">Moderate</enum> | |
| <enum value="limited">Limited</enum> | |
| <enum value="not-applicable">Not Applicable</enum> | |
| </allowed-values> | |
| <allowed-values id="user-sensitivity-level" target="prop[@ns='https://fedramp.gov/ns/oscal' and @name='sensitivity']/@value" allow-other="no" level="ERROR"> | |
| <formal-name>User Sensitvity Level</formal-name> | |
| <description>Sensitivity level of the user.</description> | |
| <enum value="high-risk">High Risk</enum> | |
| <enum value="severe">Severe</enum> | |
| <enum value="moderate">Moderate</enum> | |
| <enum value="limited">Limited</enum> | |
| <enum value="not-applicable">Not Applicable</enum> | |
| </allowed-values> |
aj-stein-gsa
force-pushed
the
feature/external-constraints
branch
from
c59e72c to
f6d2009
Compare
aj-stein-gsa
changed the base branch from
feature/external-constraints
to
develop
Co-authored-by: Rene Tshiteya <[email protected]>
Co-authored-by: Rene Tshiteya <[email protected]>
Co-authored-by: Rene Tshiteya <[email protected]>
aj-stein-gsa
force-pushed
the
feature/external-constraints-user-sensitivity
branch
from
1b75d42 to
4fc75c8
Compare
aj-stein-gsa
requested changes
Sep 26, 2024
There was a problem hiding this comment.
Hi @wandmagic, I rebased this to take a look where are at.
Can you split out the INVALID tests to individual fixture data files for negative tests per ADR 8 and then request re-review? Thanks.
|
closing this, just going to make a new branch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Committer Notes
{Please provide a description of what this PR accomplishes. Be sure to reference any issues addressed. If the PR is a work-in-progress submitted for early review, please submit the PR as a draft PR using the "Draft pull request" dropdown.}
All Submissions:
By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.