From f038975e6e71327c5fc1312307a5eb40aee5cf7f Mon Sep 17 00:00:00 2001 From: David Waltermire Date: Wed, 17 Aug 2022 14:49:06 -0400 Subject: [PATCH] Profile alter model adjustments (#1418) * - Adjusted the profile metaschema to refactor the alter assemblies in a backwards-compatible way. - Enumerated the set of target item types for remove. - Fixed references to use current `by-` syntax. - Adjusted unit tests to support better add/remove testing. * Updated to latest metaschema development version * added default value `ending` for `add/@position`. --- build/metaschema | 2 +- src/metaschema/oscal_profile_metaschema.xml | 202 +++++++++--------- .../catalogs/abc-simple_catalog.xml | 4 +- .../modify-adds_profile.xml | 23 +- .../base-test_profile_RESOLVED.xml | 5 +- .../base2-test_profile_RESOLVED.xml | 5 +- .../exclude-call-test_profile_RESOLVED.xml | 5 +- .../import-twice_profile_RESOLVED.xml | 5 +- ...ll-with-children-test_profile_RESOLVED.xml | 5 +- .../merge-implicit-keep_profile_RESOLVED.xml | 10 +- .../modify-adds_profile_RESOLVED.xml | 19 +- .../profile-resolution-specml.xml | 4 +- 12 files changed, 170 insertions(+), 119 deletions(-) diff --git a/build/metaschema b/build/metaschema index 8478d8b72b..f28a588f0e 160000 --- a/build/metaschema +++ b/build/metaschema @@ -1 +1 @@ -Subproject commit 8478d8b72b432d1e87093d3389a0ffef971153bc +Subproject commit f28a588f0e9ac013125ed0f118f0fcaef4d1a6e2 diff --git a/src/metaschema/oscal_profile_metaschema.xml b/src/metaschema/oscal_profile_metaschema.xml index 24622f4de4..b801621f4d 100644 --- a/src/metaschema/oscal_profile_metaschema.xml +++ b/src/metaschema/oscal_profile_metaschema.xml @@ -258,9 +258,108 @@ - + + Alteration + An Alter element specifies changes to be made to an included control when a profile is resolved. - + + + + Removal + Specifies objects to be removed from a control based on specific aspects of the object that must all match. + + + Reference by (assigned) name + Identify items to remove by matching their assigned name + + + Reference by class + Identify items to remove by matching their class. + + + Reference by ID + Identify items to remove indicated by their id. + + + Item Name Reference + Identify items to remove by the name of the item's information element name, e.g. title or prop + + + A descendant parameter and all of its descendants. + A descendant property and all of its descendants. + A descendant link and all of its descendants. + A descendant parameter and all of its descendants. + A descendant mapping and all of its descendants. + A descendant mapping entry (map) and all of its descendants. + + + + + Item Namespace Reference + Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. + + +

Use by-name, by-class, by-id or by-item-name to indicate class tokens or ID reference, or the formal name, of the component to be removed or erased from a control, when a catalog is resolved. The control affected is indicated by the pointer on the removal's parent (containing) alter element.

+

To change an element, use remove to remove the element, then add to add it back again with changes.

+ + + + Addition + Specifies contents to be added into controls, in resolution + + + Position + Where to add the new content with respect to the targeted element (beside it or inside it) + + + Preceding the by-id target + Following the by-id target + Inside the control or by-id target, at the start + Inside the control or by-id target, at the end + + + + + Reference by ID + Target location of the addition. + + + + Title Change + A name given to the control, which may be used by a tool for display and navigation. + + + + + + + + + + + + + + + + + + + &allowed-values-control-group-property-name; + + + +

When no by-id is given, the addition is inserted into the control targeted by the alteration at the start or end as indicated by position. Only position values of "starting" or "ending" are permitted when there is no by-id.

+

by-id, when given, should indicate, by its ID, an element inside the control to serve as the anchor point for the addition. In this case, position value may be any of the permitted values.

+ + + + +

Use @control-id to indicate the scope of alteration.

+

It is an error for two alter elements to apply to the same control. In practice, multiple alterations can be applied (together), but it creates confusion.

+

At present, no provision is made for altering many controls at once (for example, to systematically remove properties or add global properties); extending this element to match multiple control IDs could provide for this.

+ + @@ -328,105 +427,6 @@

If with-child-controls is yes on the call to a control, no sibling callelements need to be used to call any controls appearing within it. Since generally, this is how control enhancements are represented (as controls within controls), this provides a way to include controls with all their dependent controls (enhancements) without having to call them individually.

- - Alteration - An Alter element specifies changes to be made to an included control when a profile is resolved. - - - - - - - - - - -

Use @control-id to indicate the scope of alteration.

-

It is an error for two alter elements to apply to the same control. In practice, multiple alterations can be applied (together), but it creates confusion.

-

At present, no provision is made for altering many controls at once (for example, to systematically remove properties or add global properties); extending this element to match multiple control IDs could provide for this.

- - - - Removal - Specifies objects to be removed from a control based on specific aspects of the object that must all match. - - Reference by (assigned) name - Identify items to remove by matching their assigned name - - - Reference by class - Identify items to remove by matching their class. - - - Reference by ID - Identify items to remove indicated by their id. - - - Item Name Reference - Identify items to remove by the name of the item's information element name, e.g. title or prop - - - Item Namespace Reference - Identify items to remove by the item's ns, which is the namespace associated with a part, or prop. - - - - - -

Use name-ref, class-ref, id-ref or generic-identifier to indicate class tokens or ID reference, or the formal name, of the component to be removed or erased from a control, when a catalog is resolved. The control affected is indicated by the pointer on the removal's parent (containing) alter element.

-

To change an element, use remove to remove the element, then add to add it back again with changes.

- - - - Addition - Specifies contents to be added into controls, in resolution - - Position - Where to add the new content with respect to the targeted element (beside it or inside it) - - - Preceding the id-ref target - Following the id-ref target - Inside the control or id-ref target, at the start - Inside the control or id-ref target, at the end - - - - - Reference by ID - Target location of the addition. - - - - Title Change - A name given to the control, which may be used by a tool for display and navigation. - - - - - - - - - - - - - - - - - - - - &allowed-values-control-group-property-name; - - - -

When no id-ref is given, the addition is inserted into the control targeted by the alteration at the start or end as indicated by position. Only position values of "starting" or "ending" are permitted when there is no id-ref.

-

id-ref, when given, should indicate, by its ID, an element inside the control to serve as the anchor point for the addition. In this case, position value may be any of the permitted values.

- - Include contained controls with control When a control is included, whether its child (dependent) controls are also included. diff --git a/src/specifications/profile-resolution/profile-resolution-examples/catalogs/abc-simple_catalog.xml b/src/specifications/profile-resolution/profile-resolution-examples/catalogs/abc-simple_catalog.xml index b838be9ad0..f27dc2cd95 100644 --- a/src/specifications/profile-resolution/profile-resolution-examples/catalogs/abc-simple_catalog.xml +++ b/src/specifications/profile-resolution/profile-resolution-examples/catalogs/abc-simple_catalog.xml @@ -20,7 +20,7 @@ -

A1 aaaaa aaaaaaaaaa

+

A1 aaaaa aaaaaaaaaa

 @@ -37,7 +37,7 @@ -

A3 aaaaa aaaaaaaaaa

+

A3 aaaaa aaaaaaaaaa

 diff --git a/src/specifications/profile-resolution/profile-resolution-examples/modify-adds_profile.xml b/src/specifications/profile-resolution/profile-resolution-examples/modify-adds_profile.xml index c286a320c2..be71b6ce5f 100644 --- a/src/specifications/profile-resolution/profile-resolution-examples/modify-adds_profile.xml +++ b/src/specifications/profile-resolution/profile-resolution-examples/modify-adds_profile.xml @@ -34,16 +34,35 @@ - + - + + + + + + + + + + + + +

A1 bbbbb bbbbb

+ + + + +

A1 ccc ccc

+ + diff --git a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/base-test_profile_RESOLVED.xml b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/base-test_profile_RESOLVED.xml index ba4c5907ae..3f2f9c65de 100644 --- a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/base-test_profile_RESOLVED.xml +++ b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/base-test_profile_RESOLVED.xml @@ -11,9 +11,12 @@ Control A1 + + + -

A1 aaaaa aaaaaaaaaa

+

A1 aaaaa aaaaaaaaaa

 diff --git a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/base2-test_profile_RESOLVED.xml b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/base2-test_profile_RESOLVED.xml index 282ff94354..45889b7112 100644 --- a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/base2-test_profile_RESOLVED.xml +++ b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/base2-test_profile_RESOLVED.xml @@ -11,9 +11,12 @@ Control A1 + + + -

A1 aaaaa aaaaaaaaaa

+

A1 aaaaa aaaaaaaaaa

 diff --git a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/exclude-call-test_profile_RESOLVED.xml b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/exclude-call-test_profile_RESOLVED.xml index 14b60e834b..5187371f20 100644 --- a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/exclude-call-test_profile_RESOLVED.xml +++ b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/exclude-call-test_profile_RESOLVED.xml @@ -18,9 +18,12 @@ Control A3 + + + -

A3 aaaaa aaaaaaaaaa

+

A3 aaaaa aaaaaaaaaa

 diff --git a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/import-twice_profile_RESOLVED.xml b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/import-twice_profile_RESOLVED.xml index ba2af7bf12..bf17578251 100644 --- a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/import-twice_profile_RESOLVED.xml +++ b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/import-twice_profile_RESOLVED.xml @@ -11,9 +11,12 @@ Control A1 + + + -

A1 aaaaa aaaaaaaaaa

+

A1 aaaaa aaaaaaaaaa

 diff --git a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/include-call-with-children-test_profile_RESOLVED.xml b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/include-call-with-children-test_profile_RESOLVED.xml index f07802e74a..a423fc51b1 100644 --- a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/include-call-with-children-test_profile_RESOLVED.xml +++ b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/include-call-with-children-test_profile_RESOLVED.xml @@ -11,9 +11,12 @@ Control A1 + + + -

A1 aaaaa aaaaaaaaaa

+

A1 aaaaa aaaaaaaaaa

 diff --git a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/merge-implicit-keep_profile_RESOLVED.xml b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/merge-implicit-keep_profile_RESOLVED.xml index d4816f91ed..3b08c70d4b 100644 --- a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/merge-implicit-keep_profile_RESOLVED.xml +++ b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/merge-implicit-keep_profile_RESOLVED.xml @@ -11,9 +11,12 @@ Control A1 + + + -

A1 aaaaa aaaaaaaaaa

+

A1 aaaaa aaaaaaaaaa

 @@ -25,9 +28,12 @@ Control A1 + + + -

A1 aaaaa aaaaaaaaaa

+

A1 aaaaa aaaaaaaaaa

 diff --git a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/modify-adds_profile_RESOLVED.xml b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/modify-adds_profile_RESOLVED.xml index c331b3d7c4..5c50e01bf5 100644 --- a/src/specifications/profile-resolution/profile-resolution-examples/output-expected/modify-adds_profile_RESOLVED.xml +++ b/src/specifications/profile-resolution/profile-resolution-examples/output-expected/modify-adds_profile_RESOLVED.xml @@ -13,7 +13,12 @@ Group A of C Control A1 + + + + + @@ -22,13 +27,19 @@ - + -

A1 aaaaa aaaaaaaaaa

+

A1 aaaaa aaaaaaaaaa

+ +

A1 ccc ccc

+ + + +

A1 bbbbb bbbbb

 @@ -41,9 +52,9 @@ - + -

A3 aaaaa aaaaaaaaaa

+

A3 aaaaa aaaaaaaaaa

 diff --git a/src/specifications/profile-resolution/profile-resolution-specml.xml b/src/specifications/profile-resolution/profile-resolution-specml.xml index 3b0636bdce..763445a43b 100644 --- a/src/specifications/profile-resolution/profile-resolution-specml.xml +++ b/src/specifications/profile-resolution/profile-resolution-specml.xml @@ -1055,9 +1055,9 @@ intermediate:

For the following objects inside the source: class, depends-on, label, usage, values, select; the object MUST be copied into the target from the source, first removing any existing objects with the same name.

  • -

    For the following objects inside the source: props, links, constraints, guidelines; the contents of the object MUST be added to the contents of the target object of the same name. If no such object exists in the target, it is created.

    +

    For the following objects inside the source: prop, link, constraint, guideline; the contents of the object MUST be added to the contents of the target object of the same name. If no such object exists in the target, it is created.

    • -

  • For the following objects inside the source: prop, link; the object MUST be copied into the target from the source, first removing any existing objects with the same distinctive ID. ().

    • +

  • For the following objects inside the source: prop, link; the object MUST be copied into the target from the source, first removing any existing objects with the same distinctive ID. ().

  • If more than one set-parameter directive is given for the same parameter, all MUST BE applied, in the sequence given in the profile.