compliance-trestle icon indicating copy to clipboard operation
compliance-trestle copied to clipboard

Published 20 hours ago verified publisher icon oscal-compass

Rules are not updated in Component Definition and SSP markdown when control mapping changes are made

Open jpower432 opened this issue 11 months ago • 1 comments

Describe the bug

In component definition and SSP markdown, the rule information is read-only. When markdown is initially generated from a component definition, the rule information is present. However, when changes are made the changes are not reflected (e.g. Adding Implementation part header if a rule is mapped to statement) unless force-overwrite is used.

In the context of component definitions, running an assemble first to preserve markdown changes overwrites the rule changes. In the context of ssp, there is no way to preserve changes before a force-overwrite

Note: Adding component definition and SSP together with the assumption that the root cause is the same. Will separate the issues if needed.

To Reproduce

Steps to reproduce the behavior:

For the reproduction steps, I am using the compliance-trestle-ssp-demo repo.

  1. Open ACME-comp-def.csv under assets.
  2. Add ac-2_smt.f to cell at row 10, column L. Should reflect ac-2_smt.d ac-2_smt.f
  3. Update the component definition trestle task csv-to-oscal-cd -c assets/csv-to-oscal-cd.config

Observe the change in the component definition under ac-2. There should be a new statement under the implemented requirement.

  1. Regenerate the component markdown trestle author component-generate --name ACME_comp_def --output md_ACME_comp_def

Observe no change in the markdown. I also ran into an unrelated issue here where the profile ACME_Official needed to be renamed to ACME_official and updated in the corresponding ACME_int_guidance profile.

  1. Regenerate the ssp markdown that imports this component definition: trestle author ssp-generate -cd ACME_comp_def --profile ACME_int_guidance --output md_ACME_platform_ssp

Observe no change to markdown

  1. Run component-assemble: trestle author component-assemble -m md_ACME_comp_def -o ACME_comp_def

Observe the change from step 3 are reversed and ac-2_smt.f is no longer in the component definition.

Expected behavior

Generated markdown is updated to reflect rule changes in the component definition JSON when component-generate and ssp-generate are run.

Screenshots / Logs.

If applicable, add screenshots to help explain your problem.

Environment

  • OS: [e.g. iOS] Fedora 38
  • Python version: 3.9
  • Installed packages: compliance-trestle 2.6.1

jpower432 avatar Mar 06 '24 16:03 jpower432