Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove with-parent-controls developmental feature #1819

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 5 additions & 26 deletions src/metaschema/oscal_profile_metaschema.xml
Original file line number Diff line number Diff line change
Expand Up @@ -81,24 +81,13 @@
<p>Identifies that all controls are to be included from the imported catalog or profile.</p>
</remarks>
</assembly>
<define-assembly name="include-controls" min-occurs="1" max-occurs="unbounded">
<formal-name>Select Control</formal-name>
<description>Select a control or controls from an imported control set.</description>
<flag ref="with-child-controls"/>
<flag ref="with-parent-controls"/>
<model>
<field ref="with-id" max-occurs="unbounded">
<group-as name="with-ids" in-json="ARRAY"/>
</field>
<assembly ref="matching" max-occurs="unbounded">
<group-as name="matching" in-json="ARRAY"/>
</assembly>
</model>
<assembly ref="select-control-by-id" min-occurs="1" max-occurs="unbounded">
<use-name>include-controls</use-name>
<group-as name="include-controls" in-json="ARRAY"/>
<remarks>
<p>If <code>with-child-controls</code> is <q>yes</q> on the call to a control, any controls appearing within it (child controls) will be selected, with no additional <code>call</code> directives required. This flag provides a way to include controls with all their dependent controls (enhancements) without having to call them individually.</p>
<p>If with-parent-controls is "yes" on the call to a control, it will not be selected and removed from (shown without) a parent control, but instead will be copied with its parent in the source. This flag provides a way to include controls with all their ancestor controls (enhancements) without having to call them individually.</p>
</remarks>
</define-assembly>
</assembly>
</choice>
<assembly ref="select-control-by-id" max-occurs="unbounded">
<use-name>exclude-controls</use-name>
Expand Down Expand Up @@ -416,7 +405,7 @@

</define-assembly>
<define-assembly name="insert-controls">
<formal-name>Select Controls</formal-name>
<formal-name>Insert Controls</formal-name>
<description>Specifies which controls to use in the containing context.</description>
<define-flag as-type="token" name="order">
<formal-name>Order</formal-name>
Expand Down Expand Up @@ -476,16 +465,6 @@
</allowed-values>
</constraint>
</define-flag>
<define-flag as-type="token" name="with-parent-controls">
<formal-name>Include Parent Controls with Control</formal-name>
<description>When a control is included, whether its parent (ancestor) controls are also included.</description>
<constraint>
<allowed-values>
<enum value="yes">Include parent controls with an included control.</enum>
<enum value="no">When importing a control, only include parent controls that are also explicitly called.</enum>
</allowed-values>
</constraint>
</define-flag>
<define-flag as-type="string" name="pattern">
<formal-name>Pattern</formal-name>
<description>A <a href="https://en.wikipedia.org/wiki/Glob_(programming)">glob expression</a> matching the IDs of one or more controls to be selected.</description>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -562,7 +562,7 @@ include-controls:
<section id="import-nested">
<head>Dealing with Nested Controls and Groups</head>
<p>In OSCAL, controls may contain child controls. For instance, in SP 800-53 many controls are supplemented with control enhancements; in OSCAL these are represented as child controls within parent controls. So parent AC-2 (in a given catalog) has children AC-2(1) through AC-2(13), for example.</p>
<p>By default, inclusion of a control also causes any of that control&apos;s ancestors (or parents) to also be included. By default, inclusion of a control DOES NOT cause the inclusion of any descendants (or children) of that control to be included. This applies to both controls and groups.</p>
<p>By default, inclusion of a control also causes any of that control&apos;s ancestors to also be included. By default, inclusion of a control DOES NOT cause the inclusion of any descendants of that control to be included. This applies to both controls and groups.</p>
<p>This default behavior can be modified by the following two optional children of the
<src>include-controls</src> object.
</p>
Expand All @@ -580,23 +580,6 @@ include-controls:
directive as being equivalent to one having <src>with-child-controls:no</src>.
</req></p>
</section>
<section id="include-parent-controls">
<head>with-parent-controls</head>
<p>Although similar to the above
<src>with-child-controls</src>, the optional
<src>with-parent-controls</src> applies to parents of the included control, and has the opposite default behavior. In order to maintain the structure of the source catalog, profile resolution includes all parents of an included control by default. If a profile author wants to change this structure, they should use an exclude directive that lists all of the undesired parents. As a shortcut for this,
<src>with-parent-controls</src> provides the following functionality:
</p>
<p><req level="must" id="req-with-parent-controls-yes">A <src>with-parent-controls:
yes</src> directive on an <src>include-controls</src> indicates that <em>all parent
controls</em> of the included control MUST also be included.</req></p>
<p><req level="must" id="req-with-parent-controls-no">A <src>with-parent-controls:
no</src> directive on an <src>include-controls</src> indicates that ONLY the
matching control is included, any parent MUST NOT be included. </req></p>
<p><req level="must" id="req-with-parent-controls-none">If no <src>with-parent-controls</src> is provided, the processor MUST
consider the directive as being equivalent to one having
<src>with-parent-controls:yes</src>. </req></p>
</section>
</section>
<section id="exclude-directive">
<head>exclude-controls</head>
Expand Down