Merge pull request #35 from GSA-TTS/integrate-gsa-plugin

Integrate gsa plugin

Dockerfile

@@ -34,17 +34,10 @@ RUN adduser \
 # Leverage a cache mount to /root/.cache/pip to speed up subsequent builds.
 # Leverage a bind mount to requirements.txt to avoid having to copy them into
 # into this layer.
-# RUN --mount=type=cache,target=/root/.cache/pip \
-#     --mount=type=bind,source=requirements.txt,target=requirements.txt \
-#     python -m pip install -r requirements.txt
-# ARG TRESTLE_VERSION=3.4.0
-# RUN --mount=type=cache,target=/root/.cache/pip \
-#     python -m pip install "compliance-trestle==${TRESTLE_VERSION}"
-# RUN apt-get update && apt-get install -y pandoc && apt-get clean
-# remove below and uncomment above once more-jinja-tags branch has been merged and released
 RUN apt-get update && apt-get install -y git pandoc && apt-get clean
 RUN --mount=type=cache,target=/root/.cache/pip \
-    python -m pip install git+https://github.com/gsa-tts/compliance-trestle.git@77a6d5d0
+    --mount=type=bind,source=requirements.txt,target=requirements.txt \
+    python -m pip install -r requirements.txt
 RUN apt-get remove -y git
 
 # Switch to the non-privileged user to run the application.

README.md

@@ -92,7 +92,7 @@ And then edit the created files to contain the component definition.
 
 This step is automatically handled by the `assemble-ssp-json` script as long as that script is run from the trestle root.
 
-`split-ssp system-security-plans/SYSTEM_NAME/system-security-plan.json`
+`split-ssp -n SYSTEM_NAME`
 
 ### Templates:
 

requirements.txt

@@ -0,0 +1,3 @@
+# switch back to a released version of compliance-trestle once the jinja tags work is merged and released
+compliance-trestle @ git+https://github.com/gsa-tts/compliance-trestle.git@77a6d5d0
+compliance-trestle-gsa @ git+https://github.com/GSA-TTS/compliance-trestle-gsa.git@71a4a55

scripts/add-gsa-defaults

@@ -0,0 +1,49 @@
+#! /usr/bin/env bash
+
+usage="
+$0: Add default values from gsa-defaults plugin into an OSCAL JSON SSP
+
+Usage:
+    $0 -h
+    $0 [-n SYSTEM_NAME]
+
+Options:
+-h: show help and exit
+-n: System Name. Defaults to 'system-name' value in trestle-config.yaml
+
+Notes:
+* Will load defaults from trestle-config.yaml file, if present
+"
+
+set -e
+
+source /app/bin/functions.sh
+system_name=$(yaml_parse_value 'trestle-config.yaml' 'system-name')
+
+while getopts "hn:" opt; do
+    case "$opt" in
+        n)
+            system_name=${OPTARG}
+            ;;
+        h)
+            echo "$usage"
+            exit 0
+            ;;
+    esac
+done
+
+if [ "$system_name" = "" ]; then
+    echo "$usage"
+    exit 1
+fi
+
+if [ -d "system-security-plans/$system_name" ]; then
+    merge-ssp -n "$system_name"
+else
+    echo "No existing SSP found"
+    exit 1
+fi
+
+trestle gsa-defaults -f "system-security-plans/$system_name/system-security-plan.json"
+
+split-ssp -n $system_name

scripts/assemble-ssp-json

@@ -15,7 +15,7 @@ Options:
 -r: Regenerate UUIDs
 
 Notes:
-* Will load defaults from  trestle-config.yaml file, if present
+* Will load defaults from trestle-config.yaml file, if present
 "
 
 set -e
@@ -56,17 +56,17 @@ if [ "$components" != "" ]; then
     optional_args+=("-cd" $components)
 fi
 
+run_defaults="false"
 if [ -d "system-security-plans/$system_name" ]; then
-    cwd=`pwd`
-    cd "system-security-plans/$system_name"
-    merge-ssp
-    cd $cwd
+    merge-ssp -n "$system_name"
 else
-    echo "No existing SSP found, skipping the merge step"
+    echo "No existing SSP found, we will run gsa-defaults after assembling the SSP"
+    run_defaults="true"
 fi
 
 trestle author ssp-assemble -o "$system_name" -m "$markdown" "${optional_args[@]}"
 
-if [ -d "system-security-plans/$system_name" ]; then
-    split-ssp "system-security-plans/$system_name/system-security-plan.json"
+if [ $run_defaults = "true" ]; then
+    trestle gsa-defaults -f "system-security-plans/$system_name/system-security-plan.json"
 fi
+split-ssp -n "$system_name"

scripts/merge-ssp

@@ -1,10 +1,49 @@
 #! /usr/bin/env bash
 
+usage="
+$0: Merge SSP OSCAL into a single file
+
+Usage:
+    $0 -h
+    $0 [-n SYSTEM_NAME]
+
+Options:
+-h: show help and exit
+-n: System Name. Defaults to 'system-name' value in trestle-config.yaml
+
+Notes:
+* Will load defaults from trestle-config.yaml file, if present
+"
+
 set -e
 
-if [ ! -f "system-security-plan.json" ]; then
-    echo "Usage: First, cd to the folder containing the base SSP json file. Then: $0"
+source /app/bin/functions.sh
+system_name=$(yaml_parse_value 'trestle-config.yaml' 'system-name')
+
+while getopts "hn:" opt; do
+    case "$opt" in
+        n)
+            system_name=${OPTARG}
+            ;;
+        h)
+            echo "$usage"
+            exit 0
+            ;;
+    esac
+done
+
+if [ "$system_name" = "" ]; then
+    echo "$usage"
+    exit 1
+fi
+
+ssp_path="system-security-plans/$system_name"
+
+if [ ! -d "$ssp_path" ]; then
+    echo "No existing SSP found."
+    echo "$usage"
     exit 1
 fi
 
+cd "$ssp_path"
 trestle merge -e "system-security-plan.*"

scripts/render-ssp

@@ -71,6 +71,9 @@ if [ ! -f "$template" ]; then
     exit 1
 fi
 
+echo "Validating ssp before attempting to render"
+validate-ssp-json -n "$system_name"
+
 trestle author jinja -i "$template" -ssp "$system_name" -p "$profile" -o "$output" -lut ssp-markdown/ssp_data.yaml -elp gsa -bf "[.]" -vap "$system_name Assigned:" -vnap "Assignment:"
 
 pandoc "$output" --from markdown -t html -s -o "$output.html" --metadata title="${system_name} SSP"

scripts/split-ssp

@@ -1,10 +1,41 @@
 #! /usr/bin/env bash
 
+usage="
+$0: Split SSP OSCAL into manageable files
+
+Usage:
+    $0 -h
+    $0 [-n SYSTEM_NAME]
+
+Options:
+-h: show help and exit
+-n: System Name. Defaults to 'system-name' value in trestle-config.yaml
+
+Notes:
+* Will load defaults from trestle-config.yaml file, if present
+"
+
 set -e
 
-if [ "$1" = "" ]; then
-    echo "Usage: $0 SSP_FILE_NAME"
+source /app/bin/functions.sh
+system_name=$(yaml_parse_value 'trestle-config.yaml' 'system-name')
+
+while getopts "hn:" opt; do
+    case "$opt" in
+        n)
+            system_name=${OPTARG}
+            ;;
+        h)
+            echo "$usage"
+            exit 0
+            ;;
+    esac
+done
+
+if [ "$system_name" = "" ]; then
+    echo "$usage"
     exit 1
 fi
 
-trestle split -f "$1" -e "system-security-plan.metadata,system-security-plan.system-characteristics,system-security-plan.system-implementation"
+ssp_file="system-security-plans/$system_name/system-security-plan.json"
+trestle split -f "$ssp_file" -e "system-security-plan.metadata,system-security-plan.system-characteristics,system-security-plan.system-implementation"

scripts/validate-ssp-json

@@ -0,0 +1,54 @@
+#! /usr/bin/env bash
+
+usage="
+$0: Validate OSCAL JSON SSP
+
+Usage:
+    $0 -h
+    $0 [-n SYSTEM_NAME]
+
+Options:
+-h: show help and exit
+-n: System Name. Defaults to 'system-name' value in trestle-config.yaml
+
+Notes:
+* Will load defaults from trestle-config.yaml file, if present
+"
+
+set -e
+
+source /app/bin/functions.sh
+system_name=$(yaml_parse_value 'trestle-config.yaml' 'system-name')
+
+while getopts "hn:" opt; do
+    case "$opt" in
+        n)
+            system_name=${OPTARG}
+            ;;
+        h)
+            echo "$usage"
+            exit 0
+            ;;
+    esac
+done
+
+if [ "$system_name" = "" ]; then
+    echo "$usage"
+    exit 1
+fi
+
+if [ ! -d "system-security-plans/$system_name" ]; then
+    echo "No existing SSP found, skipping validation"
+    exit 0
+fi
+
+
+ssp_path="system-security-plans/$system_name/system-security-plan.json"
+set +e
+trestle gsa-validate -f $ssp_path
+status=$?
+if [ $status -ne 0 ]; then
+    echo "Try running 'add-gsa-defaults -n $system_name' to add default values to your SSP"
+fi
+
+exit $status