Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Prepared By Constraints #870

Merged
merged 8 commits into from
Nov 13, 2024
Merged

Add Prepared By Constraints #870

merged 8 commits into from
Nov 13, 2024

Conversation

Gabeblis
Copy link

@Gabeblis Gabeblis commented Nov 6, 2024

Committer Notes

Purpose

This PR introduces three constraints aimed at ensuring FedRAMP compliance for the digital authorization package by verifying the prepared-by roles/parties. These constraints ensure that all required elements are present and that necessary information is accurately documented.

Changes

Constraint: role-defined-prepared-by

  • Validates that there is a defined role with the ID "prepared-by".

Constraint: responsible-party-prepared-by

  • Ensures that a responsible party is assigned to the prepared-by role.

Constraint: responsible-party-prepared-by-location-valid

  • Validates that the party assigned to the prepared-by role includes a location-uuid with the required address details.

Tests

  • Added invalid test data files for all three constraints.
  • Added pass/fail YAML files for the three constraints to verify their functionality.
  • Updated ssp-all-VALID.xml to contain the required information so that the constraints fire and pass as expected.

All Submissions:

By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.

@Gabeblis Gabeblis self-assigned this Nov 6, 2024
@Gabeblis Gabeblis requested a review from a team as a code owner November 6, 2024 05:14
@Gabeblis Gabeblis linked an issue Nov 6, 2024 that may be closed by this pull request
Check "prepared by" metadata for a document #861
Closed
17 tasks
@Gabeblis Gabeblis force-pushed the constraints/prepared-by branch 2 times, most recently from 8ee9553 to 4b65ec4 Compare November 6, 2024 14:43
aj-stein-gsa
aj-stein-gsa requested changes Nov 6, 2024
View reviewed changes
Copy link
Contributor

@aj-stein-gsa aj-stein-gsa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you address the updated AC requirements in the issue? Sorry again.

@Gabeblis
Copy link
Author

Gabeblis commented Nov 6, 2024

Can you address the updated AC requirements in the issue? Sorry again.

Resolved here: 75317f8. I added the check for an embedded address assembly in the party and I added another -VALID.xml test file in order to validate both scenarios.

wandmagic
wandmagic previously approved these changes Nov 6, 2024
View reviewed changes
@Gabeblis Gabeblis force-pushed the constraints/prepared-by branch 2 times, most recently from 7854335 to ec5e39a Compare November 7, 2024 15:19
Rene2mt
Rene2mt reviewed Nov 8, 2024
View reviewed changes
Copy link
Member

@Rene2mt Rene2mt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall, I'm okay with this PR, but we need to determine if we're going to require a country code for locations / addresses. Perhaps that can be addressed separately from this PR?

...validations/constraints/content/ssp-responsible-party-prepared-by-location-valid-INVALID.xml Show resolved Hide resolved
@aj-stein-gsa
Copy link
Contributor

overall, I'm okay with this PR, but we need to determine if we're going to require a country code for locations / addresses. Perhaps that can be addressed separately from this PR?

For context, one of the other checks for country code is too aggressive and that should be rolled back anyway, I think. So that is why I have not brought it up in this PR yet.

@Gabeblis Gabeblis mentioned this pull request Nov 8, 2024
Merged
6 tasks
@Gabeblis
Copy link
Author

Gabeblis commented Nov 8, 2024

@aj-stein-gsa @Rene2mt I just opened #885 to address the issue with the country-code checks being too broad in the data-center constraints.

@aj-stein-gsa aj-stein-gsa merged commit 8a7f909 into GSA:develop Nov 13, 2024
5 checks passed
This was referenced Nov 13, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aj-stein-gsa aj-stein-gsa aj-stein-gsa approved these changes

@wandmagic wandmagic wandmagic approved these changes

@Rene2mt Rene2mt Rene2mt approved these changes

@kyhu65867 kyhu65867 Awaiting requested review from kyhu65867

Assignees

@Gabeblis Gabeblis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check "prepared by" metadata for a document
5 participants
@Gabeblis @aj-stein-gsa @Rene2mt @wandmagic @kyhu65867