fedramp-automation icon indicating copy to clipboard operation
fedramp-automation copied to clipboard
verified publisher icon GSA

Create FedRAMP/non-FedRAMP split (source: 18F/fedramp-automation: 477)

Open danielnaab opened this issue 3 years ago • 0 comments

Original issue: https://github.com/18F/fedramp-automation/issues/477

Extended Description

  • As a FedRAMP PMO manager, in order to extend the use of fedramp-automation to other US government entities, I want to segregate FedRAMP-specific validations from ones which are not FedRAMP-specific.

Preconditions None.

Acceptance Criteria

  • [ ] All Schematron assertion messages are declarative statements which affirm the positive test outcome.
  • [ ] All Schematron assertion diagnostic messages are declarative statements which explain the negative test outcome.
  • [ ] The Schematron code has no assertion failures when validated using src/validations/styleguides/sch.sch using the basic phase.
  • [ ] XSpec unit tests for positive and negative Schematron assertion outcomes accompany all Schematron assertions (where feasible).
  • [ ] Story tasks are completed.

Story Tasks

  • [x] Declare an XML Namespace xmlns:fedramp="https://fedramp.gov/ns/oscal" in ssp.sch.
  • [x] For each FedRAMP-specific Schematron assertion in ssp.sch - i.e., assertions which are peculiar to FedRAMP - add an attribute fedramp:specific="true".
  • [x] Create an XSLT transform which uses ssp.sch and fedramp_values.xml as inputs and produces two XML documents: one which includes only non-FedRAMP-specific value-set elements (ones used in assertions that are non-FedRAMP-specific), and one which includes only FedRAMP-specific value-set elements (ones used in assertions that are FedRAMP-specific). Use <xsl:output indent="true" method="xml" saxon:indent-spaces="3" saxon:line-length="200" /> in the transform in order to approximate previously-used formatting. Update the metadata in each appropriately.
  • [ ] Create an XSLT transform which uses ssp.sch as input and produces two Schematron documents: one which includes only non-FedRAMP-specific constructs and references the non-FedRAMP-specific value-set document, and one which includes only FedRAMP-specific constructs and references the FedRAMP-specific value-set document. Validate the result documents.
  • [ ] Create an XSLT transform which uses ssp.sch and ssp.xspec as inputs and produces two XSpec documents: one which includes only non-FedRAMP-specific constructs and references the non-FedRAMP-specific Schematron document, and one which includes only FedRAMP-specific constructs and references the FedRAMP-specific Schematron document. Validate the result documents. Apply the XSpec unit tests to the respective Schematron documents.
  • [ ] Create an XSLT transform which consumes two or more Schematron documents and combines them into a single document (for use within the UI).
  • [ ] Decide how FedRAMP-specific validations, related unit tests, and related value-set documents should be separately maintained within the fedramp-automation repository. Create a draft descriptive ADR. Solicit agreement for the ADR. Once agreement is reached, the proposed split will require multiple separate issues to be created in order to adopt the changes.
  • [ ] Update the repository with the new document segregation scheme while retaining the original (pre-split) documents while related issues are completed.
  • [ ] Update any related documentation files.

Definition of Done

  • [ ] Acceptance criteria met
  • [ ] Unit test coverage of our code > 95%
  • [ ] Automated code quality checks passed
  • [ ] Security reviewed and reported
  • [ ] Reviewed against plain language guidelines
  • [ ] Code must be self-documenting
  • [ ] No local tech debt
  • [ ] Load/performance tests passed – needs to be created/automated
  • [ ] Documentation updated
  • [ ] Architectural Decision Record completed as necessary for significant design choices
  • [ ] PR reviewed & approved
  • [ ] Source code merged

danielnaab avatar Oct 25 '22 21:10 danielnaab