Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dockerfile Entrypoint Inhibits One-Off Operations with docker run #983

Closed
ohsh6o opened this issue Jul 1, 2021 · 0 comments · Fixed by #984
Closed

Dockerfile Entrypoint Inhibits One-Off Operations with docker run #983

ohsh6o opened this issue Jul 1, 2021 · 0 comments · Fixed by #984
Labels
bug
Milestone
OSCAL 1.0.1

Comments

@ohsh6o
Copy link
Contributor

ohsh6o commented Jul 1, 2021

Describe the bug

As reported this morning in the developer call, on macOS Big Sur (version: macOS 11.4 (20F71)) and Docker.app (version: 3.3.3 (641333)) where how the entrypoint is defined appears to not meet best practices. I am not sure why setting up ENTRYPOINT ["/bin/bash"] for the entrypoint is a big deal, but it makes a difference. It appears that running commands with how it is currently set in the OSCAL Dockerfile probably sets an array and not a configurable string, so commands are ignored.

OSCAL is a submodule of fedramp-automation, currently at commit 5b2d93e.

Bad (current state):

[email protected]:GSA/fedramp-automation.git
pushd fedramp-automation
git submodule update --init --recursive
docker run  -v $(pwd):/oscal oscal -c "./oscal/build/ci-cd/validate-content.sh -o ./oscal/ -a . -c ./src/config"
# This comment is here to indicate this docker invocation returns siltently, nothing was run, even when bash -c "whoami"

Good (future state):

[email protected]:GSA/fedramp-automation.git
git submodule update --init --recursive
pushd fedramp-automation
docker run  -v $(pwd):/oscal oscal -c "./oscal/build/ci-cd/validate-content.sh -o ./oscal/ -a . -c ./src/config"
Validating Content
==================
XML Schema validation passed for 'src/templates/ssp/xml/FedRAMP-SSP-OSCAL-Template.xml' using schema 'xml/schema/oscal_ssp_schema.xsd'.
XML Schema validation passed for 'src/templates/sap/xml/FedRAMP-SAP-OSCAL-Template.xml' using schema 'xml/schema/oscal_assessment-plan_schema.xsd'.
XML Schema validation passed for 'src/templates/sar/xml/FedRAMP-SAR-OSCAL-Template.xml' using schema 'xml/schema/oscal_assessment-results_schema.xsd'.
XML Schema validation passed for 'src/templates/poam/xml/FedRAMP-POAM-OSCAL-Template.xml' using schema 'xml/schema/oscal_poam_schema.xsd'.
XML Schema validation passed for 'src/baselines/rev4/xml/FedRAMP_rev4_HIGH-baseline_profile.xml' using schema 'xml/schema/oscal_profile_schema.xsd'.
XML Schema validation passed for 'src/baselines/rev4/xml/FedRAMP_rev4_LI-SaaS-baseline_profile.xml' using schema 'xml/schema/oscal_profile_schema.xsd'.
XML Schema validation passed for 'src/baselines/rev4/xml/FedRAMP_rev4_LOW-baseline_profile.xml' using schema 'xml/schema/oscal_profile_schema.xsd'.
XML Schema validation passed for 'src/baselines/rev4/xml/FedRAMP_rev4_MODERATE-baseline_profile.xml' using schema 'xml/schema/oscal_profile_schema.xsd'.

Who is the bug affecting?

Developers using the reference container Dockerfile from NIST OSCAL devs.

What is affected by this bug?

Common development operations run in a one-off operation from outside the container, and not run inside a -it shell session inside the container ongoing.

When does this occur?

Always when building and using this container.

How do we replicate the issue?

{What are the steps to reproduce the behavior?

  1. Build the container: [email protected]:GSA/fedramp-automation.git && pushd && fedramp-automation && git submodule update --init --recursive && pushd oscal/build && docker build --build-arg saxonversion=9.9.0-1 --build-arg hugoversion=0.69.2 -t oscal:latest .
  2. Run the container: docker run -v $(pwd):/oscal oscal -c "./oscal/build/ci-cd/validate-content.sh -o ./oscal/ -a . -c ./src/config"
  3. Observe no commands execute or complete properly.

If applicable, add screenshots to help explain your problem.}

Expected behavior (i.e. solution)

[email protected]:GSA/fedramp-automation.git
git submodule update --init --recursive
pushd fedramp-automation
docker run  -v $(pwd):/oscal oscal -c "./oscal/build/ci-cd/validate-content.sh -o ./oscal/ -a . -c ./src/config"
Validating Content
==================
XML Schema validation passed for 'src/templates/ssp/xml/FedRAMP-SSP-OSCAL-Template.xml' using schema 'xml/schema/oscal_ssp_schema.xsd'.
XML Schema validation passed for 'src/templates/sap/xml/FedRAMP-SAP-OSCAL-Template.xml' using schema 'xml/schema/oscal_assessment-plan_schema.xsd'.
XML Schema validation passed for 'src/templates/sar/xml/FedRAMP-SAR-OSCAL-Template.xml' using schema 'xml/schema/oscal_assessment-results_schema.xsd'.
XML Schema validation passed for 'src/templates/poam/xml/FedRAMP-POAM-OSCAL-Template.xml' using schema 'xml/schema/oscal_poam_schema.xsd'.
XML Schema validation passed for 'src/baselines/rev4/xml/FedRAMP_rev4_HIGH-baseline_profile.xml' using schema 'xml/schema/oscal_profile_schema.xsd'.
XML Schema validation passed for 'src/baselines/rev4/xml/FedRAMP_rev4_LI-SaaS-baseline_profile.xml' using schema 'xml/schema/oscal_profile_schema.xsd'.
XML Schema validation passed for 'src/baselines/rev4/xml/FedRAMP_rev4_LOW-baseline_profile.xml' using schema 'xml/schema/oscal_profile_schema.xsd'.
XML Schema validation passed for 'src/baselines/rev4/xml/FedRAMP_rev4_MODERATE-baseline_profile.xml' using schema 'xml/schema/oscal_profile_schema.xsd'.

Other Comments

N/A
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
OSCAL 1.0.1
Development

Successfully merging a pull request may close this issue.

Fix Dockerfile entrypoint for best practice. ohsh6o/OSCAL
2 participants
@david-waltermire @ohsh6o