easydynamics / oscal-editor-deployment Goto Github PK
View Code? Open in Web Editor NEWVarious deployments of the OSCAL editor
License: MIT License
Various deployments of the OSCAL editor
License: MIT License
As a consumer of the EasyGRC all-in-one deployment, I want to be able to quickly understand how to simply pull and run the Docker container with the required OSCAL content folder structure so that I can use the tool locally.
easygrc-deployment
repoIn the web application, one of the many ways to navigate to different editors using their unique URLs. The current e2e tests for the OSCAL Drawer Component
do not have this implemented yet.
Create e2e test cases that would allow a user to successfully navigate to the different editors in the Profiles
, Catalog
, Component
, and SSP
sections in the drawer by their unique URLs.
The cypress e2e tests are functioning however there are a few tests that have unreasonably long run times. This could possibly be because:
-GitHub Actions can be a slow runner
-our app that slow?
Poorly structured tests
GitHub is slow?
There are also cy.wait
calls which make the tests longer than needed. Implementing a feature to make the tests run using a timeout feature will optimize the testing environment and make the tests run at better efficiency.
For the past couple of weeks, the cypress tests on the build, test, deploy workflow have been failing more frequently.
View the workflow failures such as
cypress
dependency recently updated from 12.6.0 to 12.7.0, but it doesn't seem like that would cause issues.The Drawer.cy.js
tests rarely fail and all other tests pass.
Ideally the tests should never fail if things are working correctly, but due to some issues with loading speed 100% passing is not always the case. It should pass with a second attempt.
The tests are failing pretty regular and sometimes even beyond a second rerun of the workflow. What is even more odd is that the failures are no longer constrained to just Drawer.cy.js
tests.
As a user running the OSCAL Editor all-in-one Docker deployment, I want to consume as small an image as possible so that I can more quickly deploy the app and save space on my machine / Docker registry.
As an IT administrator, I want the OSCAL Editor all-in-one Docker image to be as small as possible so that I can optimize costs.
For the deployment of the OSCAL Editor all-in-one Docker image, we are relying on the use of GitHub Packages, with multiple artifacts being pulled into the Docker image as well as publishing the image to GitHub Packages. We should look into how the size of the image can be reduced to maintain an efficient CI/CD pipeline and cost-optimized use of GitHub Packages.
As a developer looking for OSCAL editing tools, I want a descriptive Overview section for the OSCAL Editor All-In-One Docker image published on Docker Hub so that I can more easily find and understand how to use the tool.
When running the all-in-one deployment with an SSP or Profile that uses a relative link to import a Catalog/Profile from local files, the link will not be resolved correctly in the OSCAL Editor, so the fetch will fail - meaning no controls are displayed on the page.
This is necessary to fix as some users will need to view and edit custom controls that are not found online.
An SSP or Profile that imports a Catalog/Profile from other files in the local oscal-content directory will correctly display controls from that file when run from the all-in-one deployment image
As an example, a Profile can be loaded that contains an element in its imports list that points to a Catalog in back-matter with the rlink set to ../catalogs/my-catalog.json. At oscal-content/catalogs/my-catalog.json there is a valid OSCAL Catalog with some control.
When running both the REST Service and OSCAL Editor locally (outside of the Docker deployment) the OSCAL Editor makes the fetch as intended. The controls can be viewed, and developer tools shows that the OSCAL Editor makes a fetch request to:
http://localhost:8080/oscal/v1/catalogs/my-catalog.json
When running from the all-in-one image, however -
Developer tools shows that the OSCAL Editor makes an invalid fetch request to:
http://localhost:8080/oscal/v1/profiles//oscal/v1/catalogs/my-catalog.json
The discrepancy between the behavior in the Docker deployment and in the example build is due to the REST_APP_BASE_URL environment variable being set differently.
The all-in-one Dockerfile sets this variable to oscal/v1
as shown here.
The README for the OSCAL React Library instructs a user to set this variable to http://localhost:8080/oscal/v1
These are both correct, because the all-in-one Dockerfile needs to be agnostic of the port that it is running on, so that the user can choose any port they want as they run the container. However, in the case of the all-in-one deployment, it causes an issue with how the OSCAL React Library interprets links that are missing the http://
prefix.
In the React Library, the environment variable is passed into OSCALLoader and used to build the URL for REST requests as shown here
This all works as intended and the REST requests are built properly; when a Profile is resolving controls from a local catalog, the URL is passed down as parentUrl
in OSCALProfileResolver
which is meant to resolve the relative link.
The issue comes from how the link is interpreted as it passed into resolveLinkHref
here. On line 15, a relative link (ie. one that does not start with "http") is appended onto parentUrl
.
We end up with a final link for the fetch request that looks like:
oscal/v1/catalogs/my-catalog.json
This link is now still missing the http://
prefix, so the browser interprets it as a link relative to its current page, resulting in a final request to something screwy like http://localhost:8080/oscal/v1/profiles//oscal/v1/catalogs/my-catalog.json
When running the editor via the All-in-One Docker image from DockerHub, the component-uuid
is not set. This originally occurred in issues EasyDynamics/oscal-rest-service#100 and EasyDynamics/oscal-react-library#421.
When running in the rest-service
and oscal-react-library-example
, it seems that these two issues are fixed. removes
is displayed in the SSP
and added parameters are given a component-uuid
. These things do not work when I tried to build the Docker image myself nor when I pulled the Docker image.
docker pull ghcr.io/easydynamics/oscal-editor-all-in-one
or docker build --tag oscal-editor-all-in-one .
docker run -p 8080:8080 -v "$(pwd)"/oscal-content:/app/oscal-content oscal-editor-all-in-one
Enterprise Logging, Monitoring, and Alerting Policy
under AC-2 Account Management
AC-2.4 Automated Audit Actions
removes
is displayed underneath AC-2.2 Removal of Temporary / Emergency Accounts
component-uuid
tagremoves
is not displayedcomponent-uuid
tag.I will look into fixing this error as I feel pretty familiar with it. It would be helpful for someone to confirm this issue is not just a local problem for me.
uuid
in the address bar to navigate to an example SSP
, Catalog
, Profile
, & Component Definition
.Drawer Selector
url
should also update to reflect the loaded object's uuid
oscal object
are properly listed. For example, multiple catalogs
. This may require adding some more example data.LoaderForm
while in REST
mode, does not break functionality of tests.Need to verify that the local URLs for component definition and SSP do in fact render the expected pages.
As a developer contributing to the OSCAL Editor Deployment, I want to be able to test custom/feature branches of the REST service just as easily as I can for custom/feature branches of the Viewer application so that I can test corresponding changes to both applications easier.
docker build
command that uses a custom branch of the oscal-rest-service
repository without having to run any mvn
commands manually.packages_pull.sh
script would need to be run within one of the phases when the JAR isn't providedAs a developer in the OSCAL community, I want to be able to access and contribute to the OSCAL Editor so that I can view and edit OSCAL files without building and configuring separate components.
Note this is blocked by EasyDynamics/easygrc#25.
oscal-editor-deployment
GitHub repo is publicAs a developer contributing to or receiving contributions on the OSCAL Editor Deployment, I want to be able to test PRs through an automated workflow so that I can have confidence that the changes won't break functionality.
Now that the repository is public, we should have a workflow that builds the container and runs the end-to-end tests as part of the PR process.
oscal-rest-service
rather than relying on a token with packages:read
(but we may not need that anymore since oscal-rest-service
is public).When running the all-in-one deployment with an SSP or Profile that uses a relative link to import a Catalog/Profile from local files, the link will not be resolved correctly in the OSCAL Editor, so the fetch will fail - meaning no controls are displayed on the page.
This is necessary to fix as some users will need to view and edit custom controls that are not found online.
oscal-content
directory will correctly display controls from that file when run from the all-in-one deployment imageThis seems to be an issue with the configuration of the OSCAL Editor in Spring Boot within the all-in-one deployment.
As an example, a Profile can be loaded that contains an element in its imports
list that points to a Catalog in back-matter
with the rlink
set to ../catalogs/my-catalog.json
. At oscal-content/catalogs/my-catalog.json
there is a valid OSCAL Catalog with some control.
When running both the REST Service and OSCAL Editor locally (outside of the Docker deployment) the OSCAL Editor makes the fetch as intended. The controls can be viewed, and developer tools shows that the OSCAL Editor makes a fetch request to:
http://localhost:8080/oscal/v1/catalogs/my-catalog.json
When running from the all-in-one image, however -
Developer tools shows that the OSCAL Editor makes an invalid fetch request to:
http://localhost:8080/oscal/v1/profiles//oscal/v1/catalogs/my-catalog.json
Causing the UI to render:
See parent EasyDynamics/easygrc#4.
Package the oscal-rest-service and example app
As a user of the all-in-one OSCAL Editor, I want to run the image from Docker Hub or the GitHub Container Registry on my Raspberry Pi (or other arm64/aarch64 machine) and Graviton2 EC2 instance.
Subtask of EasyDynamics/easygrc#6.
As a developer wanting to use the all-in-one Docker image, I want to be able to specify the base URL of the OSCAL REST service for the OSCAL Viewer to send requests to as a build argument so that I can deploy the container to a shared environment.
OSCAL_REST_BASE_URL
build argument can be specified in the Docker run
command that configures the OSCAL viewer's base REST URLOSCAL_REST_BASE_URL
build argument is specified a default of http://localhost:8080/oscal/v1
should be assumedAs a user of the OSCAL Editor All-in-One Docker deployment, I want the UI to support a backend URL other than localhost
so that I can access the UI from a device other than the one running the container.
I have a two PC setup where the linux workstation runs the docker stuff and one windows PC where I access via browser the docker offered services.
At least the start page of this editor shows up, but then fails to load the oscal files from the folder.
In the browser networking I can see that the web stuff is loaded from my private IP range where the docker is running, but the API seems hardcoded to use localhost as a target.
As the other folders can already be optionally defined by docker environment variables, it should be handled the same way for the API mountpoint. And it should be mentioned in the READMEs, that it is currently not possible to use it outside of localhost browser access.
After moving elements of our React application, some of our Cypress tests report the uncaught exception: "ResizeObserver loop limit exceeded." Most of the OSCAL_Edit_Tests.cy.js
will display this error. Please note, when running our workflow tests will fail to this exception, although tests will not fail locally in Cypress but still display the exception.
"ResizeObserver loop limit exceeded" is no longer avoided and the uncaught exception does not show when running tests.
This error may be related to the communication between OSCALLoader
and App
in our React application.
Bug: Specifying "include-all" instead of "include-controls" in a profile import causes an error and doesn't render.
Yikes! Something went wrong loading the OSCAL data.
e is undefined
I've tested this with my own profiles as well as established working profiles from AJ Stein from NIST, e.g. https://github.com/ImportantFederalAgency/catalog/blob/main/dist/content/baselines/rev5/json/Step2_IFA_Baseline_High-Impact_profile.json
As a contributor to the oscal-editor, I want to be able to more strictly enforce consistent code standards. Adding a linting check to all pr's will ensure a minimum level of code elegance.
#122, #119 & #113 have served to make cypress tests pass at the cost of speed. This is primarily due to the Rev5 Catalog's
size making it take a while to load. Having the tests take such a long time to run slows down development and having them randomly fail is not sustainable.
Ideally we can completely remove the wait()
calls we added in these prs. It would be acceptable to decrease there time significantly. This will most likely involve changes with the oscal-react-library
loading these files.
wait
times if not outright deletionThis project looks great, thanks!
I am using the docker container, which I have started with the recommended directory structure and a single XML file defining a catalog. When I select my catalog, the UI shows:
Yikes! Something went wrong loading the OSCAL data.
Cannot read properties of undefined (reading 'uuid')
The docker log shows:
c.e.o.d.r.file.OscalCatalogRepoFileImpl : Unparsable content found at oscal-content/catalogs/cd2.xml
It appears that it is unhappy with my uuid. The relevant snippet of the XML file starts:
<?xml version="1.0" encoding="UTF-8"?>
<catalog xmlns="http://csrc.nist.gov/ns/oscal/1.0"
uuid="fdaa19ab-f9f2-46ef-8c91-ec6902850a44">
<metadata>
....
</catalog>
Any clues?
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.