[CPLYTM-535] feat: Assessment results md #14
Conversation
There was a problem hiding this comment.
Looks good @huiwangredhat. I added comments with some minor suggestions.
I have one question around the use of a single component. I understand of the goal was for this to be iterative so just let me know if this is out of scope for this PR.
There is a chance that the Assessment Plan will cover a range of components added all observations under a single component might not be accurate in some cases.
However, the origin subject in the observation is supposed to reference a UUID of an existing component. I think this could be used to search for relevant components in the Local Definitions. This is not currently populated though with the logic we have, so maybe for now this should error if the length of the local components is not one? What do you think?
#9) * feat: initial work to create assessment results generator Signed-off-by: George Vauter <gvauter@redhat.com> * fix: make c2p importable When trying import C2P Go, the operation fails because of the ":" character in the testdata is not valid against go module.CheckFilePath. Add an empty go.mod will exlude the testdata when importing the top-level module. Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com> * feat: adds findings to assessment results Signed-off-by: George Vauter <gvauter@redhat.com> * fix: updates code for changes in oscal-sdk-go Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com> * add unit tests for better coverage of the reporter helper funcs Signed-off-by: George Vauter <gvauter@redhat.com> * add basic logger with info messages Signed-off-by: George Vauter <gvauter@redhat.com> * add test logger Signed-off-by: George Vauter <gvauter@redhat.com> * implement c2p config in reporter Signed-off-by: George Vauter <gvauter@redhat.com> * feat: adds Settings to PluginManager operations To allow customization based on implementations for specific compliance frameworks, a Settings input has been added to GeneratePolicy and AggregateResults methods to alter the RuleSets passed to plugins based on settings from a given control implementation. Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com> * accept pvp results value instead of pointer Signed-off-by: George Vauter <gvauter@redhat.com> * fix: address pr feedback Signed-off-by: George Vauter <gvauter@redhat.com> * fix: don't add findings to result if none were generated Signed-off-by: George Vauter <gvauter@redhat.com> --------- Signed-off-by: George Vauter <gvauter@redhat.com> Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com> Co-authored-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: George Vauter <gvauter@redhat.com>
Signed-off-by: Sophia Wang <huiwang@redhat.com>
Signed-off-by: Sophia Wang <huiwang@redhat.com>
huiwangredhat
force-pushed
the
assessment-results-md
branch
from
f7fe028 to
37b1225
Compare
Yes, the assessmentPlan.LocalDefinitions.Components is not a single component. Why I just got the first component as the component of the arry because our current user case(one product/system/service as one component, example rhel9 is as one component, ocp4 is as one component). So I think that's go good idea to give error if the length of components is not one. When the observation could associated with an existing component via a reference UUID, the components iter could be improvement then. |
Signed-off-by: Sophia Wang <huiwang@redhat.com>
Signed-off-by: Qingmin Duanmu <qduanmu@redhat.com>
Signed-off-by: Qingmin Duanmu <qduanmu@redhat.com>
Thanks for the response @huiwangredhat. I agree! |
ci: adds fixes to support release and dependency updates for v2
Adds feature to generate assessment results md.
This PR based on the branch feat/assessment-results.
The main files of this feature are framework/markdown.go and framework/template/template.md
The assessment-plan.md file is generated via this template.
Example: https://github.com/complytime/compliance-to-policy-go/blob/main/docs/ocm/final-outputs/compliance-posture.md