Freedonia does not work

[git-ingham]

The Freedonia example does not work as the documentation says:

$ git clone https://github.com/opencontrol/freedonia-aws-compliance.git
Cloning into 'freedonia-aws-compliance'...
remote: Counting objects: 94, done.
remote: Total 94 (delta 0), reused 0 (delta 0), pack-reused 94
Unpacking objects: 100% (94/94), done.
$ cd freedonia-aws-compliance/
$ compliance-masonry get
Compliance Dependencies Installed
$ compliance-masonry docs gitbook FedRAMP-low
An error occurred: Error: `opencontrols/certifications` directory does exist
$ compliance-masonry docs gitbook LATO
An error occurred: Error: `opencontrols/certifications` directory does exist
$ rpm -qa '*masonry*'
compliance-masonry-1.1.5-1.x86_64

[redhatrises]

This is expected behaviour. If you look at the project opencontrol.yaml file, there are no certifications or standards defined as this github repo is for a component which in this case is aws.

The example to use is the freedonia-compliance github repo at https://github.com/opencontrol/freedonia-compliance

[git-ingham]

Thanks for the reply. Changing URLs and trying in an empty directory, I get the following:

$ git clone https://github.com/opencontrol/freedonia-compliance
Cloning into 'freedonia-compliance'...
remote: Enumerating objects: 247, done.
remote: Total 247 (delta 0), reused 0 (delta 0), pack-reused 247
Receiving objects: 100% (247/247), 1.25 MiB | 1.87 MiB/s, done.
Resolving deltas: 100% (121/121), done.
$ cd freedonia-compliance/
$ compliance-masonry get
ERROR: Duplicate key './certifications/FredRAMP-low.yaml' in opencontrol.yaml
$ find . -name opencontrol.yaml -print | xargs grep FredRAMP-low.yaml
$ find . -type f -print | xargs grep FredRAMP-low.yaml
$ find . -name FredRAMP-low.yaml
./opencontrols/certifications/FredRAMP-low.yaml
$

So, where is the duplicate key hiding?

[git-ingham]

One other note. At the end of the Freedonia README.md, it says:
Please open issues at the ATO1Day Project, instead of within this repository.
The link to the ATO1DayProject (https://github.com/opencontrol/ato1day-compliance/issues) is 404.

[redhatrises]

Thanks @git-ingham. This is a known issue. Check out opencontrol/freedonia-frist#3

[shawndwells]

Freedonia has been mostly abandoned for some time. If you need a working example now, feel free to borrow from here:

https://github.com/SecurityCentral/ssptool

That code repo as the backend for http://ssptool.redhatgov.io/

Meanwhile we'll work to get the freedonia example updated.

[pburkholder]

Hi --I'm the main contributor to Freedonia, and I may actually have time to work on it in the coming weeks. Question is: should we keep it or deprecate it?

I created it so I could better understand myself how the controls came together as someone who was totally unfamiliar with FISMA. Does it still have instructive value in that regard?

[shawndwells]

As evident by this ticket, people still use it! Seems worthwhile to update vs deprecate :)

[shawndwells]

There's been updates to various tooling (masonry, fedramp templater) and content (e.g. ComplianceAsCode) that should make the examples more clear.

@pburkholder if you've time to work on updating, that'd be really useful.

[git-ingham]

compliance-masonry seems like a perfect fit for one of my customers. However, I have yet to be able to get it to work for them. Different parts seem to be in different states, and it is unclear what is old (and abandoned?) and what is still current. There are still pointers to Freedonia, and having a simple example that works would be really helpful. If not Freedonai, then other good, clear examples that work with the current (? I have the RPM installed, is it current?) version would be really useful.

It also brings up the question, is complaince-masonry actively maintained and in a consistent state?

[shawndwells]

@git-ingham there's been a lot of movement in the past few months and documentation updates have lagged. If you're willing, could you share what challenges you're trying to solve? This would give useful input into what the docs should look like, and we'd be able to get you up & running along the way.

[METomasik]

@git-ingham

Read this comment:

#332 (comment)

This should help you solve your issue.

Mark

[METomasik]

@git-ingham

Just in case you are still looking for the link to the ATO-in-day project (though I seriously doubt it):

https://github.com/pburkholder/ato1day-compliance

[git-ingham]

@shawndwells My current status is that compliance masonry looks perfect for a project I have (800-171 instead of 800-53, but effectively the same), and I am trying to learn enough to get it to work on a toy system that I create first, then scale it up to a real system.

I thought I would start by exploring a working small system. What would be most helpful to me would be for the README.md at the various project pages be current so what it says actually works. Also, remove pointers to old examples if they are not maintained (it sounds like Freedonia might get updated, which would be great).

So, at the moment, I need to first be able to get something working. I am about to try the pointers earlier in this thread and see where I end up.

Where should I post questions or issues? I tried this one:
opencontrol/schemas#79
and heard nothing but crickets. Did I post it in the wrong place?

[shawndwells]

On 10/2/18 4:13 PM, Kenneth Ingham wrote: @shawndwells <https://github.com/shawndwells> My current status is that compliance masonry looks perfect for a project I have, and I am trying to learn enough to get it to work on a toy system that I create first, then scale it up to a real system. I thought I would start by exploring a working small system. What would be most helpful to me would be for the README.md at the various project pages be current so what it says actually works. Also, remove pointers to old examples if they are not maintained (it sounds like Freedonia might get updated, which would be great).

In terms of something working now, suggest checking out SSP Tool repo: https://github.com/SecurityCentral/ssptool SSP Tool is a quick app that was created to visualize content. Sample of it in production: http://ssptool.redhatgov.io/components Update the opencontrol.yaml file (https://github.com/SecurityCentral/ssptool/blob/master/opencontrol.yaml) to point to content providers that you want to use. In terms of OpenControl content, check out https://github.com/ComplianceAsCode/. https://github.com/ComplianceAsCode/redhat is used as the official source of Red Hat's US Government baseline content.

So, at the moment, I need to first be able to get something working. I am about to try the pointers earlier in this thread and see where I end up.

Hope the links above help!

Where should I post questions or issues? I tried this one: opencontrol/schemas#79 <opencontrol/schemas#79> and heard nothing but crickets. Did I post it in the wrong place?

https://github.com/opencontrol/discuss/issues is used as general catch-all for conversations. The OpenControl repos have become more of a staging ground for language specifications, with content providers branching off and developing content elsewhere.

[git-ingham]

@shawndwells Thanks!

[tankcdr]

I realize this thread is a little old. However I started with the Freedonia sample also. I do not have the same issues above, except that the freedonia-aws-compliance controls do not seem to be "honored" - ie

systems:
     - url: https://github.com/opencontrol/freedonia-aws-compliance/
       revision: master

I do not see any error messages....perhaps the YAML format changed? Or is this a result of schema version mismatch? Trying to understand if there is anything to be done or if I should just abandon using freedonia.

Using compliance-masonry v 1.1.5 on OSX.

[shawndwells]

@tankcdr can you share your opencontrol.yaml? will allow us to try and reproduce.

[tankcdr]

@shawndwells Please see the opencontrol.yaml below:

schema_version: "1.0.0"
name: freedonia.fd
metadata:
  description: hello_world
  maintainers:
    - pburkholder@pobox.com
components:
  - ./AU_policy
dependencies:
  standards:
    - url: https://github.com/opencontrol/freedonia-frist/
      revision: master
  certifications:
    - url: https://github.com/opencontrol/freedonia-frist/
      revision: master
  systems:
    - url: https://github.com/opencontrol/aws-compliance/
      revision: master

I have also used https://github.com/opencontrol/freedonia-aws-compliance the systems url.

[tankcdr]

I noticed today that the repo has been updated. Freedonia is working!

[redhatrises]

Yes. The issue is because of duplicate keys in the opencontrol.yaml files. Closing as this should be fixed now. Please reopen if not.