Support processing of profiles for parameter insertions and add, merge, modify, alter and remove to generate catalogs with profile data.

Due to usnistgov/OSCAL#287, the profile types that we're generating from the metaschema don't match those of the actual profile examples. We should implement a temporary workaround in the metaschema generation process until this is addressed in the upstream.

Description

Getting this error in CircleCI: https://circleci.com/gh/docker/oscalkit/78

test/main.go:8:2: no Go files in /go/src/github.com/opencontrol/oscalkit
make: *** [test] Error 1
Makefile:32: recipe for target 'test' failed
Exited with code 2 

Reason

This is due to the fact that we have a test utility test/main.go which requires some files to be generated before it could even compile successfully.

Solution

One way to solve this issue is to rename test folder to test_util and then exclude it in test target by replacing line 32 in MakeFile from:

@go test -race -coverprofile=coverage.txt -covermode=atomic -v $(shell go list ./... | grep -v /vendor/)

to

@go test -race -coverprofile=coverage.txt -covermode=atomic -v $(shell go list ./... | grep -v '/vendor/\|/test_util')

The Go imports need to be fixed since this repo was moved to the Docker GitHub org.

Support Go code generation from catalogs and profiles

Tests are failing on Fedramp profile with a panic: runtime error: index out of range
The probable culprit for modifying the part incorrectly is:
https://github.com/docker/oscalkit/blob/4d3ebce31f13655d9ab0820a5be6b876d4a46e4e/generator/manipulation.go#L100

cc: @minhaj10p @anweiss

Update built-in types to match the latest data model.

The following note should be included at the top of all type code files which were generated from the metaschemas:

// Code generated by go generate; DO NOT EDIT.

Supports #1.

Evaluate GitHub Actions for release management activities. Would eventually replace CircleCI if deemed appropriate.

An initial website has been pushed per #14. All of the usage docs can be found in docs/content/docs. This content needs to be updated.

oscalkit failing to convert NIST80053 catalog rev4 json file
Link:
https://github.com/usnistgov/OSCAL/blob/master/content/nist.gov/SP800-53/rev4/NIST_SP-800-53_rev4_declarations.json
Error:
Its unable to marshal all the Href attributes

type Href struct {
	*url.URL
}

Here is a PR for the fix #9

Evaluate the use of The Update Framework (TUF) for signing of OSCAL artifacts.

Related to #4.

When creating OSCAL structs from various data sources, there can often be a number of unwieldy looping and struct accessor lines. Even creating a simple control with a single string narrative requires an unnecessary number of lines of code. Instead, we should provide helper methods that make it easy to go from simple strings to various OSCAL components (e.g. Parts, Prose, etc). So for example:

func NewPart(narrative string) catalog.Part {
	return catalog.Part{
		Prose: &catalog.Prose{
			P: []catalog.P{
				{Raw: narrative},
			},
		},
	}
}

Helpers should be created for reading nested information as well so as to avoid unwieldy iteration constructs.

Add support for XML signing via XMLDSIG

Let's go ahead and make type Label struct{} a map[string]string for now.

type Label map[string]string

Assigning @minhaj10p.

Tracking issue for missing unit tests and test data

The following tests are failing:

--- FAIL: TestXMLValidate (0.00s)
    --- FAIL: TestXMLValidate/successful-validation (0.00s)
        validator_test.go:159: xmlValidator.Validate() error = open ../testdata/fedramp-simple-profile.xml: no such file or directory, wantErr false
    --- PASS: TestXMLValidate/failed-validation (0.00s)

Looks like we need to include some test data for validation against the upstream XSDs

Supports #10

In parallel to #12, we should also include the ability to generate XML and JSON catalogs from profiles that have been processed. This will require a somewhat of a refactor of how we parse prose since we'll need to support substituting <insert> elements in catalogs with the contents of <set-param> elements in profiles as part of this issue.

@minhaj10p going to assign you to this one since you've already implemented most of the processing code via #52. I'm thinking we can create two subcommands off of generate to support this. oscalkit generate code would be used for generating catalog source code as we're already doing via #12. oscalkit generate catalogs would be used for addressing this issue. Thoughts?

The oscalkit generated implementation struct does not have componenetDefinition ID as of now, which is essential for patching implementation against a certain component.

The guidance present in fedramp baseline implementsProfile[].Parameters[] are an array of multiple p tag.
IMHO, guidance in Parameter struct should be of type []string rather than string.
https://github.com/docker/oscalkit/blob/42bb04d0ffeec2f1979f895ebfc8ea9819dc9223/types/oscal/implementation/implementation.go#L39

Tracking for the 0.2.0 release.

Add JSON signing support via JWS

With experimental support for Go modules introduced in Go 1.11 and expected support to be finalized in Go 1.12, we should evaluate the use of Go modules for dependency management.

Related to: #57

When executing oscalkit generate code and processing a profile that has been imported using an https:// link, if that profile internally imports a profile/catalog relatively, the path is resolved incorrectly by appending the current system relative path to the https:// path of the parent profile that has imported the catalog/profile. The problem lies in the parentPath handing in:
https://github.com/docker/oscalkit/blob/c5a92172971fa7ea1ccfdf7b08f67ed5bae53683/generator/profile.go#L44

cc: @minhaj10p @anweiss

Test fails for test/main.go:

test/main.go:13:14: undefined: oscalkit.ApplicableControls

@farhan-khan30 can you address this?

Supports #10.

Develop basic GitHub Pages site for oscalkit. Some static site generator and them options below:

Hugo:

• https://themes.gohugo.io/kube/
• https://themes.gohugo.io/github-project-landing-page/
• https://themes.gohugo.io/evie-hugo/
• https://cssninja.io/themes/fresh

Jekyll:

• https://github.com/18F/uswds-jekyll
• https://learn.cloudcannon.com/templates/edition/

GitBook:

• https://github.com/GitbookIO/theme-default

When executing oscalkit generate and processing profile import's, relative paths are not being taken into account properly. We're incorrectly taking the path relative to the directory from which the oscalkit CLI is being run. However, we instead should be taking the path relative to the directory in which the profile is stored. The implementation of the following function looks to be the culprit:

https://github.com/docker/oscalkit/blob/d66e30b99ca1454f7dfd40ba5982bd7ed8be8ef2/generator/reader.go#L49

So for example, if I execute oscalkit generate -p /someDir/profile.xml and profile.xml has a relative import like ../catalog.xml, then the directory that needs to be searched is /someDir and not the directory in which the oscalkit generate command is being run.

This supports #18 and #12

Currently package name is fixed i.e. oscalkit when we generate a catalog file. The command should also take package name as input to seamlessly integrate it in any project.

Given that the upstream OSCAL JSON models are out of sync with both the XML models and examples, the JSON unit tests are failing. These will need to be addressed.

Supports #10