-
Notifications
You must be signed in to change notification settings - Fork 7
/
oscal-component.yaml
100 lines (93 loc) · 3.81 KB
/
oscal-component.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
# add the descriptions inline
component-definition:
uuid: fae03d9e-4cfc-47ca-b0e9-05dae10c557b
metadata:
title: Podinfo
last-modified: "2024-06-14T12:00:00Z"
version: "20240614"
oscal-version: 1.1.2
parties:
# Should be consistent across all of the packages, but where is ground truth?
- uuid: c18f4a9f-a402-415b-8d13-b51739d689ff
type: organization
name: Defense Unicorns
links:
- href: https://github.com/defenseunicorns
rel: website
components:
- uuid: a9d5204c-7e5b-4c43-bd49-34df759b9f04
type: software
title: Podinfo
description: |
Defense Unicorns UDS Common Podinfo
purpose: Common tasks for UDS Packages
responsible-roles:
- role-id: provider
party-uuids:
- c18f4a9f-a402-415b-8d13-b51739d689ff # matches parties entry for Defense Unicorns
control-implementations:
- uuid: d2afb4c4-2cd8-5305-a6cc-d1bc7b388d0c
source: https://raw.githubusercontent.com/GSA/fedramp-automation/93ca0e20ff5e54fc04140613476fba80f08e3c7d/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.json
description: Validate generic security requirements
implemented-requirements:
# TODO: (@WSTARR) - make this more relevant once this podinfo package is integrated further with UDS Core (i.e. authservice)
- uuid: 7faf6742-a23d-41c1-9ba7-2072494aedc2
control-id: ac-2.3
description: >-
# Control Implementation
User accounts that have expired, no longer in use, in violation of policy, or have been inactive for 35 days are disabled within 24 hours.
remarks: >-
# Control Description
"Disable accounts within [Assignment: organization-defined time period] when the accounts:
(a) Have expired;
(b) Are no longer associated with a user or individual;
(c) Are in violation of organizational policy; or
(d) Have been inactive for [Assignment: organization-defined time period]."
links:
- href: "#35d926df-efbb-445a-b26b-2917199ec558"
rel: lula
text: Check that podinfo is healthy
back-matter:
resources:
- rlinks:
- href: https://github.com/defenseunicorns/uds-common/
title: Podinfo
uuid: 17270293-6feb-4131-bb05-9742ce47e468
- description: |
domain:
kubernetes-spec:
resources:
- name: deployments
resource-rule:
group: apps
name: ""
namespaces: [uds-podinfo]
resource: deployments
version: v1
type: kubernetes
lula-version: ""
metadata:
name: podinfo-health-check
uuid: 8855374d-7f9b-4718-b505-25ac596741c1
provider:
opa-spec:
output:
validation: validate.validate
rego: |
package validate
import future.keywords.every
default validate = false
# Validation
validate {
every deployment in input.deployments {
deployment.kind == "Deployment"
podsRequired := deployment.status.replicas
podsReady := deployment.status.readyReplicas
podsReady == podsRequired
}
}
type: opa
title: podinfo-health-check
uuid: 35d926df-efbb-445a-b26b-2917199ec558