Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not require a protocol/@name for #1772 #2069

Merged
merged 2 commits into from
Nov 15, 2024
Merged

Do not require a protocol/@name for #1772 #2069

merged 2 commits into from
Nov 15, 2024

Conversation

aj-stein-gsa
Copy link

@aj-stein-gsa aj-stein-gsa commented Nov 13, 2024
edited
Loading

Committer Notes

Per discussion with community members and the nature of port, protocol, and service declarations in a OSCAL SSP model instances for RMF use cases, like FedRAMP and others. It would appear the model, per the Metaschema declarations and documentation, require a port range has a name that is commonly the IANA service name, which should be optional. Otherwise, developers and security officials will need to create an arbitrary name that does not strictly conform to the documentation. More details can be found in the issue thread referenced below by URL.

#1772 (comment)

This PR may not completely bring #1772 to resolution, but it may be sufficient to close the issue with one possible approach.

All Submissions:

By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.

(For reviewers: The wiki has guidance on code review and overall issue review for completeness.)

Changes to Core Features:

  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • Have you written new tests for your core changes, as applicable? This repo does not contain model-based/instance-based testing; we will update the GSA FedRAMP Automation Team's test suite accordingly for public review and ongoing use.
  • Have you included examples of how to use your new feature(s)? Not in this repository, but will work with GSA FedRAMP Automation Team to update our constraints and examples accordingly.
  • ~ Have you updated all OSCAL website and readme documentation affected by the changes you made? Changes to the OSCAL website can be made in the docs/content directory of your branch.~

@aj-stein-gsa aj-stein-gsa requested a review from a team as a code owner November 13, 2024 01:01
@aj-stein-gsa aj-stein-gsa mentioned this pull request Nov 13, 2024
Open
@wendellpiez
Copy link
Contributor

As an improvement this almost speaks for itself -- while links are also helpful (thanks @aj-stein-gsa). My concern is only a process concern, namely whether PRs should be targeting main or some other branch. (But that's not up to me, while tangled with other questions -- @iMichaela ?)

@wendellpiez wendellpiez mentioned this pull request Nov 13, 2024
Merged
9 tasks
iMichaela
iMichaela requested changes Nov 13, 2024
View reviewed changes
Copy link
Contributor

@iMichaela iMichaela left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is reasonable and agree to move forward with removing the constraint for the protocol name, but I disagree with pushing it to main. The develop branch has a lot of important updates to dependencies and some other backwards compatible fixes that are staged for a patch release. I suggest submitting it against the develop branch unless anyone has a major complaint against any staged update.

@iMichaela iMichaela added the Waiting for Action Waiting for an external action to be taken label Nov 14, 2024
@aj-stein-gsa
Do not require a protocol/@name for usnistgov#1772
f033c60 
Per discussion with community members and the nature of port, protocol,
and service declarations in a OSCAL SSP model instances for RMF use
cases, like FedRAMP and others. It would appear the model, per the
Metaschema declarations and documentation, require a port range has a
name that is commonly the IANA service name, which should be optional.
Otherwise, developers and security officials will need to create an
arbitrary name that does not strictly conform to the documentation. More
details can be found in the issue thread referenced below by URL.

usnistgov#1772 (comment)
@aj-stein-gsa aj-stein-gsa changed the base branch from main to develop November 15, 2024 02:44
@aj-stein-gsa
Copy link
Author

@iMichaela, against the documented guidance and my recommendations, per your request I rebased and this PR now targets develop. I would welcome the following.

  1. Enable the GitHub Actions workflow to run the CI/CD actions and validate it is good for merge, post-approval.
  2. A review to approve.

@iMichaela iMichaela removed the Waiting for Action Waiting for an external action to be taken label Nov 15, 2024
iMichaela
iMichaela approved these changes Nov 15, 2024
View reviewed changes
Copy link
Contributor

@iMichaela iMichaela left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@iMichaela iMichaela merged commit 0dc5df9 into usnistgov:develop Nov 15, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iMichaela iMichaela iMichaela approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aj-stein-gsa @wendellpiez @iMichaela