[WIP] Start of map lookup approach for GSA#833

Thanks to @kyhu65867 for humoring me and and walking through concepts
that need better explanation for example here.

src/validations/constraints/content/ssp-all-VALID.xml

@@ -10,9 +10,8 @@
     <version>1.1</version>
     <oscal-version>1.1.2</oscal-version>
     <document-id scheme="https://example.com/identifiers">SSP-2024-002</document-id>
-    <prop name="fedramp-version" ns="https://fedramp.gov/ns/oscal" value="fedramp-3.0.0rc1-oscal-1.1.2"/>
-    <prop name="marking" value="cui"/>
-
+    <prop name="fedramp-version" ns="https://fedramp.gov/ns/oscal" value="3.0.0-rc1"/>    
+    <prop name="marking" value="cui"/>    
     <role id="prepared-by">
       <title>Prepared By</title>
       <description>

src/validations/constraints/content/ssp-oscal-version-matches-fedramp-version-INVALID.xml

@@ -1,6 +1,9 @@
-<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" uuid="12345678-1234-4321-8765-123456789012">
+<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0"
+                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                      xsi:schemaLocation="http://csrc.nist.gov/ns/oscal/1.0 https://github.com/usnistgov/OSCAL/releases/download/v1.1.2/oscal_ssp_schema.xsd"
+                      uuid="12345678-1234-4321-8765-123456789012">
   <metadata>
     <oscal-version>2.0.0</oscal-version>
-    <prop name="fedramp-version" ns="https://fedramp.gov/ns/oscal" value="fedramp-3.0.0rc1-oscal-2.0.0"/>
+    <prop name="fedramp-version" ns="https://fedramp.gov/ns/oscal" value="3.0.0-rc1"/>
   </metadata>
 </system-security-plan>

src/validations/constraints/fedramp-external-allowed-values.xml

@@ -130,7 +130,7 @@
             <allowed-values id="fedramp-version" target="metadata/prop[@name='fedramp-version'][@ns='https://fedramp.gov/ns/oscal']/@value" allow-other="no" level="ERROR">
                 <formal-name>FedRAMP Version</formal-name>
                 <description>Identifies the FedRAMP version of the document.</description>
-                <enum value="fedramp-3.0.0rc1-oscal-1.1.2">FedRAMP Version</enum>
+                <enum value="3.0.0-rc1">FedRAMP Version 3.0.0 Release Candidate 1</enum>
             </allowed-values>
 
             <allowed-values id="information-type-800-60-v2r1" target="system-characteristics/system-information/information-type/categorization[@system='https://doi.org/10.6028/NIST.SP.800-60v2r1']/information-type-id" allow-other="no" level="ERROR">

src/validations/constraints/fedramp-external-constraints.xml

@@ -7,6 +7,19 @@
     <context>
     	<metapath target="/(assessment-plan|assessment-results|plan-of-action-and-milestones|system-security-plan)/metadata"/>
         <constraints>
+            <let var="preferred-version" expression="'3.0.0-rc1'"/>
+            <let var="fedramp-minimal-oscal-versions" expression="map{'3.0.0-rc1': '1.1.2'}"/>
+            <let var="doc-fedramp-version" expression="prop[@name='fedramp-version'][@ns='https://fedramp.gov/ns/oscal']/@value"/>
+            <let var="fedramp-required-minimal-version" expression="if map:contains($fedramp-minimal-oscal-versions, $doc-fedramp-version) then map:get($fedramp-minimal-oscal-versions, $doc-fedramp-version) else map:get($fedramp-minimal-oscal-versions, $preferred-version)"/>
+            <let var="required-doc-oscal-version-parts" expression="tokenize($fedramp-required-minimal-version, '\.')"/>
+            <let var="doc-oscal-version-parts" expression="tokenize(oscal-version, '\.')"/>
+            <let var="major-version-valid" expression="$doc-oscal-version-parts[1]  = $required-doc-oscal-version-parts[1]">
+                <remarks>
+                    <p>FedRAMP considers every major version as a possible source of backwards-compatible changes. FedRAMP only accepts versions with the same major version, but not newer.</p>
+                </remarks>
+            </let>
+            <let var="minor-version-valid" expression="$doc-oscal-version-parts[2] >= $required-doc-oscal-version-parts[2]"/>
+            <let var="patch-version-valid" expression="$doc-oscal-version-parts[3] >= $required-doc-oscal-version-parts[3]"/>            
             <expect id="fedramp-version" target="." test="prop[@name='fedramp-version'][@ns='https://fedramp.gov/ns/oscal']">
                 <formal-name>Fedramp Version</formal-name>
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/general-concepts/4-expressing-common-fedramp-template-elements-in-oscal/#fedramp-version"/>
@@ -21,37 +34,14 @@
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://automate.fedramp.gov/documentation/general-concepts/4-expressing-common-fedramp-template-elements-in-oscal/"/>
             	<message>A FedRAMP document MUST have a marking that defines its data classification.</message>
             </expect>
-        </constraints>
-    </context>
-    <context>
-<<<<<<< HEAD
-        <metapath target="/system-security-plan/metadata"/>
-=======
-        <metapath target="/(assessment-plan|assessment-results|plan-of-action-and-milestones|system-security-plan)/metadata"/>
->>>>>>> 74f8093d (refactored context)
-        <constraints>
-            <let var="preferred-version" expression="'3.0.0-rc1'"/>
-            <let var="fedramp-minimal-oscal-versions" expression="map{'3.0.0-rc1': '1.1.2'}"/>
-            <let var="doc-fedramp-version" expression="prop[@name='fedramp-version'][@ns='https://fedramp.gov/ns/oscal']/@value"/>
-            <let var="fedramp-required-minimal-version" expression="if map:contains($fedramp-minimal-oscal-versions, $doc-fedramp-version) then map:get($fedramp-minimal-oscal-versions, $doc-fedramp-version) else map:get($fedramp-minimal-oscal-versions, $preferred-version)"/>
-            <let var="required-doc-oscal-version-parts" expression="tokenize($fedramp-required-minimal-version, '\.')"/>
-            <let var="doc-oscal-version-parts" expression="tokenize(oscal-version, '\.')"/>
-            <let var="major-version-valid" expression="$doc-oscal-version-parts[1]  = $required-doc-oscal-version-parts[1]">
-                <remarks>
-                    <p>FedRAMP considers every major version as a possible source of backwards-compatible changes. FedRAMP only accepts versions with the same major version, but not newer.</p>
-                </remarks>
-            </let>
-            <let var="minor-version-valid" expression="$doc-oscal-version-parts[2] >= $required-doc-oscal-version-parts[2]"/>
-            <let var="patch-version-valid" expression="$doc-oscal-version-parts[3] >= $required-doc-oscal-version-parts[3]"/>
             <expect id="oscal-version-matches-fedramp-version" target="prop[@name='fedramp-version'][@ns='https://fedramp.gov/ns/oscal']" test="$major-version-valid and $minor-version-valid and $patch-version-valid" level="WARNING">
                 <prop namespace="https://docs.oasis-open.org/sarif/sarif/v2.1.0" name="help-url" value="https://docs.oasis-open.org/sarif/sarif/v2.1.0"/>                
-                <message>A FedRAMP document SHOULD have an OSCAL version that matches the minimally required version for FedRAMP packages, {$fedramp-version-oscal-part}, not {../oscal-version}.</message>
+                <message>A FedRAMP document SHOULD have an OSCAL version that matches the minimally required version for FedRAMP packages, {if $fedramp-required-minimal-version then $fedramp-required-minimal-version else 'which is undefined due to an incorrect or missing FedRAMP Version'}, not {.}. DEBUG: {$doc-oscal-version-parts[1]}</message>
             </expect>           
         </constraints>
     </context>
     <context>
         <metapath target="//user"/>
-
         <constraints>
             <expect id="user-has-authorized-privilege" target="." test="count(authorized-privilege) gt 0">
                 <formal-name>User Has Authorized Privilege</formal-name>