Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(generate): support for profile model and basic generation #694

Merged
merged 31 commits into from
Oct 18, 2024
Merged

feat(generate): support for profile model and basic generation #694

merged 31 commits into from
Oct 18, 2024

Conversation

brandtkeller
Copy link
Member

Description

Adds initial support for the profile model with some very basic generation functionality to build upon.

Looking to implement an OSCAL model interface for two reasons:

  1. validate the necessity of the interface across models
  2. experiment now vs future alignment with the underlying library possibly changing

There is a lot to unpack with support for a new model. Doing research and looking to document findings but ultimately believe the majority of complexity will be wrapped into processing of a profile for use with another model (either upstream in a catalog or downstream in a component/ssp).

Intent is to document and further decompose both profile issues as well as oscal model issues.

Related Issue

Fixes #67

Relates to #

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Other (security config, docs update, etc)

Checklist before merging

@brandtkeller brandtkeller self-assigned this Oct 1, 2024
brandtkeller and others added 14 commits October 1, 2024 03:00
@brandtkeller
feat(profile): further refine the profile model abstraction
31fd31c
@brandtkeller
feat(generate): profile model unit tests
54e5d88
@brandtkeller
Merge branch 'main' of github.com:defenseunicorns/lula into 67_profil…
03dc2d2 
…e_model_generation
@brandtkeller
Merge branch 'main' into 67_profile_model_generation
4db61f1
@brandtkeller
merge main into 67_profile_model_generation
25a5e95
@brandtkeller
fix(generation): fix complete model tests
f4d0eee
@brandtkeller
fix(profile): working in the mode interface
841e8c3
@brandtkeller
fix(profile): support for profile instantiation
d301564
@brandtkeller
feat(generate): add testing for generate profile
5e694ab
@brandtkeller
fix(generate): cleanup and generate cli docs
aadef48
@brandtkeller
fix(docs): fix typo in cli generated docs
98dc5bd
@brandtkeller
fix(generate): update comments
330884d
@brandtkeller
fix(generate): cleanup other logic and comments
6a08f4c
@brandtkeller
Merge branch 'main' of github.com:defenseunicorns/lula into 67_profil…
6588ce5 
…e_model_generation
@brandtkeller brandtkeller marked this pull request as ready for review October 10, 2024 00:55
@brandtkeller brandtkeller requested a review from a team as a code owner October 10, 2024 00:55
meganwolf0
meganwolf0 requested changes Oct 10, 2024
View reviewed changes
Copy link
Collaborator

@meganwolf0 meganwolf0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably going to play with it more/give more thought to the OSCALModel interface, but just to kick back some thoughts as a starter

docs/cli-commands/lula_generate_profile.md Show resolved Hide resolved
src/cmd/generate/generate.go Outdated Show resolved Hide resolved
src/pkg/common/oscal/profile.go Outdated Show resolved Hide resolved
src/cmd/generate/generate.go Outdated Show resolved Hide resolved
src/test/e2e/cmd/generate_profile_test.go Show resolved Hide resolved
@brandtkeller brandtkeller mentioned this pull request Oct 10, 2024
Open
@brandtkeller brandtkeller marked this pull request as draft October 10, 2024 17:06
@brandtkeller brandtkeller marked this pull request as ready for review October 10, 2024 17:41
@CloudBeard
Copy link
Collaborator

CloudBeard commented Oct 10, 2024
edited
Loading

I know this isn't OSCAL Schema compliant but Lula functionality wise what do you think about a situation where you want to create a profile for IL4 using FedRAMP Moderate that would introduce the need to add the control AU-5(1) which isn't in the baseline so that control should come from the FedRAMP High Baseline.

Im thinking command/functionality wise allowing multiple sources, have something like -ia (include-all, for Moderate baseline), and -i for the specific controls in High Baseline.

Reconcile what that would actually look like in OSCAL but a quick way to say give me all of FedRAMP Moderate and this control(s) from High.

(Also don't think this blocks this PR, its more of a future request/thought)

@brandtkeller
Copy link
Member Author

I know this isn't OSCAL Schema compliant but Lula functionality wise what do you think about a situation where you want to create a profile for IL4 using FedRAMP Moderate that would introduce the need to add the control AU-5(1) which isn't in the baseline so that control should come from the FedRAMP High Baseline.

Im thinking command/functionality wise allowing multiple sources, have something like -ia (include-all, for Moderate baseline), and -i for the specific controls in High Baseline.

Reconcile what that would actually look like in OSCAL but a quick way to say give me all of FedRAMP Moderate and this control(s) from High.

(Also don't think this blocks this PR, its more of a future request/thought)

I was going to move it off to another issue but you gave me to motivation to support an --all flag for importing all controls.

I believe we can accomplish the scenario above with a few commands. Processing that will be another story and scope for another issue I will write.

@meganwolf0
Copy link
Collaborator

I was going to move it off to another issue but you gave me to motivation to support an --all flag for importing all controls.

Trying to follow the train of thought in the thread, but would --all not be the default if include or exclude wasn't provided? I guess, what happens in no flag vs --all?

@brandtkeller
Copy link
Member Author

Trying to follow the train of thought in the thread, but would --all not be the default if include or exclude wasn't provided? I guess, what happens in no flag vs --all?

Great point - that was a gap. Added a OneRequired for the flags to lean into explicit vs default.

meganwolf0
meganwolf0 previously approved these changes Oct 17, 2024
View reviewed changes
Copy link
Collaborator

@meganwolf0 meganwolf0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved! Are we going to create follow-on issues to reconcile the OSCALModel interface across the other models we have?

This was referenced Oct 18, 2024
Closed
Closed
@brandtkeller
Copy link
Member Author

Approved! Are we going to create follow-on issues to reconcile the OSCALModel interface across the other models we have?

Added issues as referenced a few hours ago

@brandtkeller brandtkeller merged commit cb4fc6f into main Oct 18, 2024
7 checks passed
@brandtkeller brandtkeller deleted the 67_profile_model_generation branch October 18, 2024 16:34
@github-actions github-actions bot mentioned this pull request Oct 18, 2024
Merged
@github-actions github-actions bot mentioned this pull request Oct 25, 2024
Merged
@github-actions github-actions bot mentioned this pull request Nov 8, 2024
Merged
@github-actions github-actions bot mentioned this pull request Nov 23, 2024
Merged
@meganwolf0 meganwolf0 mentioned this pull request Jan 13, 2025
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@meganwolf0 meganwolf0 meganwolf0 approved these changes

@CloudBeard CloudBeard Awaiting requested review from CloudBeard

Assignees

@brandtkeller brandtkeller

Labels
None yet
Projects
Lula and Friends
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Profile Model Support
3 participants
@brandtkeller @CloudBeard @meganwolf0