-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question]: How to attach an import-profile as a back-matter resource #1009
Comments
Hi, @Telos-sa. 👋 That seems correct. I will evaluate in your repo to confirm I can reproduce and that there is not a new bug. So can I check your repo? |
@aj-stein-gsa Yes - the repo has the new import-profile structure and has the resources directory included as well. |
Sorry for the delay, it seems I added my fork of the repo as a remote with an incorrect name, and thought the cannonical one was behind. It turns out that was on me. I pulled down the local changes, and I do not get this error, it works for me. See below. me@computer % git branch --show-current
main
me@computer % git rev-parse HEAD
03ddce9a6d1d181f27f5ebf1b664c63e87197571
me@computer % oscal-cli --version
oscal-cli 2.4.0 built at 2024-11-26 17:07 from branch dba6d9c570f0aa42022d9754df42d1dc5fc295d4 (dba6d9c) at https://github.com/metaschema-framework/oscal-cli
liboscal-java built at 2024-11-26 16:40 from branch 2f3a394fa856e2bc90b74425c639c9bc107ea4e6 (2f3a394) at https://github.com/metaschema-framework/liboscal-java
oscal v1.1.3 built at 2024-11-26 16:40 from branch b123c11bd12c8b8f1bcc8bf85763e5775c0423e9 (b123c11) at https://github.com/usnistgov/OSCAL.git
metaschema-java 2.1.0 built at 2024-11-26T16:21:47+0000 from branch 462da0c64add5b369af740f4d2057643ac72b056 (462da0c) at https://github.com/metaschema-framework/metaschema-java
metaschema 2.1.0 built at 2024-11-26T16:21:47+0000 from branch b6601f7430f83f1a53a11bf32575b69e131bc912 (b6601f7) at https://github.com/metaschema-framework/metaschema.git
me@computer telos-fedramp-pilot % oscal-cli validate '/home/me/telos-fedramp-pilot/Hogwarts SSP - 1.0 (2024-12-13T174948Z)/Hogwarts SSP - 1.0 (2024-12-13T174948Z).json'
Validating 'file:///home/me/telos-fedramp-pilot/Hogwarts%20SSP%20-%201.0%20(2024-12-13T174948Z)/Hogwarts%20SSP%20-%201.0%20(2024-12-13T174948Z).json' as JSON.
Validation identified the following issues:
[WARNING] [/system-security-plan/metadata[1]/party[5]/telephone-number[1]] Value '001-46785-115547' did not match the pattern '^[0-9]{3}[0-9]{1,12}$' at path '/system-security-plan/metadata[1]/party[5]/telephone-number[1]'
[WARNING] [/system-security-plan/metadata[1]/party[7]/telephone-number[1]] Value '123456789-4452' did not match the pattern '^[0-9]{3}[0-9]{1,12}$' at path '/system-security-plan/metadata[1]/party[7]/telephone-number[1]'
[WARNING] [/system-security-plan/metadata[1]/party[8]/telephone-number[1]] Value '12345678522-2' did not match the pattern '^[0-9]{3}[0-9]{1,12}$' at path '/system-security-plan/metadata[1]/party[8]/telephone-number[1]'
[WARNING] [/system-security-plan/metadata[1]/party[11]/telephone-number[1]] Value '1800-123-4567' did not match the pattern '^[0-9]{3}[0-9]{1,12}$' at path '/system-security-plan/metadata[1]/party[11]/telephone-number[1]'
[WARNING] [/system-security-plan/system-implementation[1]/component[10]/protocol[1]] It is a best practice to provide a UUID.
[WARNING] [/system-security-plan/system-implementation[1]/component[11]/protocol[1]] It is a best practice to provide a UUID.
[WARNING] [/system-security-plan/system-implementation[1]/component[13]/protocol[1]] It is a best practice to provide a UUID.
[ERROR] [/system-security-plan/control-implementation[1]/implemented-requirement[82]] The cardinality '0' is below the required minimum '1' for items matching './/by-component'.
[ERROR] [/system-security-plan/back-matter[1]/resource[6]/prop[1]/@value] Value 'OSCAL Artifacts' doesn't match one of 'acronyms, administrators-guide, agreement, artifact, citation, evidence, external-guidance, image, interview-notes, law, logo, plan, policy, procedure, questionnaire, raw-data, regulation, report, rules-of-behavior, screen-shot, standard, system-guide, tool-output, or users-guide' at path '/system-security-plan/back-matter[1]/resource[6]/prop[1]/@value'
[ERROR] [/system-security-plan/back-matter[1]/resource[10]/prop[1]/@value] Value 'separation-of-duties-matrix' doesn't match one of 'acronyms, administrators-guide, agreement, artifact, citation, evidence, external-guidance, image, interview-notes, law, logo, plan, policy, procedure, questionnaire, raw-data, regulation, report, rules-of-behavior, screen-shot, standard, system-guide, tool-output, or users-guide' at path '/system-security-plan/back-matter[1]/resource[10]/prop[1]/@value'
The file 'file:///home/me/telos-fedramp-pilot/Hogwarts%20SSP%20-%201.0%20(2024-12-13T174948Z)/Hogwarts%20SSP%20-%201.0%20(2024-12-13T174948Z).json' is invalid. Observe how there is no error about profile resolution, so I am not sure what is happening there. |
@aj-stein-gsa After some further testing, this error only occurs when validating against the oscal-external-constraints.xml file (with -c oscal-external-constraints.xml): https://github.com/GSA/fedramp-automation/blob/develop/src/validations/constraints/oscal-external-constraints.xml |
Thank you, that is very helpful information. I will track down and triage this issue. I can reproduce the error now. |
This is a ...
request - need something additional provided
This relates to ...
What is your feedback?
We are interested in linking our import-profile as a URI fragment (#uuid of a back-matter resource). Is there a certain prop or some other aspect I am missing to achieve this?
oscal-cli command and output with stack trace:
The baseline is included in the resources directory, and matches the relative path as shown in the back-matter resource. I've also updated the OSCAL in the telos-fedramp-pilot directory to reflect this.
Where, exactly?
Other information
No response
The text was updated successfully, but these errors were encountered: