Comments (10)
I created a new issue to research it: opencontrol/fedramp-templater#19
We need to create a how-to-use or FAQ for the component.yaml.
In that, we could say for now, "If you want to use images, just use the link to them. We are currently researching on improving this via research on this issue.."
I can create this.
from compliance-masonry.
@jcscottiii Do you have a branch for this? No pressure...just curious.
from compliance-masonry.
Example: Search for "diagram" in https://compliance.cloud.gov/system_documentation/system-description.html
from compliance-masonry.
Let's investigate if there's a workaround for this that requires little to no code/example changes, e.g. "put all required assets in the markdowns/
folder" or just giving instructions of "we don't support embedding assets...use links instead". Leaning towards the latter since embedding in a Word doc could get complicated.
from compliance-masonry.
There's two parts missing:
- Inclusion of the files into the
opencontrols
workspace- The code for including the files from moving to
artifacts
- The code for including the files from moving to
- Rendering of the included files
- The code about rendering images from the python days
from compliance-masonry.
There are 2 cases for inclusion that happen. 1) Inclusion of files that are next to the component.yaml and 2) Inclusion of completely different folders (e.g. BDD
in https://github.com/opencontrol/cf-compliance)
1) Inclusion of files local to component.yaml
Currently, given a component (e.g. UAA
) has the following files in the directory:
UAA
|
|- component.yaml
|- auth-diagram.png
Both files will be included into the components
folder in the opencontrols
workspace already.
It makes it easier for renderers will take the component.yaml
and create the appropriate media because the pictures are right next to it.
That's the easy case.
2) Inclusion of completely different folders
This doesn't currently happen.
Looking at https://github.com/opencontrol/cf-compliance, there's a BDD
folder and it's not included.
This following line uses BDD but the link would be broken.
https://github.com/opencontrol/cf-compliance/blob/8b76705b9e7d62d77f3d09831822121f69addc45/CloudController/component.yaml#L134
The proposed solution is to add an includes
section to the opencontrols.yaml
Then when it comes to rendering, it will do like the old python code and prepend an includes
folder to the path when making the image/URL path because it knows all local files should be there.
Conclusion
Well, since I'm putting files in includes
in step 2 but not step 1, that will complicate search logic for resources for the renderers so I propose that we add ALL extra local files to the proposed includes
folder.
In the end, part of your opencontrol.yaml will look like:
includes:
- BDD # path will be "includes/BDD"
- UAA/auth-diagram.png # path will be "includes/auth-diagram.png"
Why be so explicit about what you're including and not letting things next to component.yamls be automatically copied into the includes
folder? Because that's magic and rather be explicit....
from compliance-masonry.
@jcscottiii Thoughts about my comment above? I want to be very careful about us over-promising anything with this feature. With Word docs as a common format for system security plans, we can't (easily) do anything with included files. Even embedding images could be tricky. Therefore, it feels safer to me to punt on it (for now) and tell people to use external URLs. Thoughts?
from compliance-masonry.
@afeld I agree that the latter of the two would work and be the cleanest. (The former would require code changes because inherited markdowns are not included right now)
It brings about another problem about hosting those assets but you know ¯_(ツ)_/¯ not on us now lol. But a great alternative would just have people host it in their repos and point to the raw links.
from compliance-masonry.
a great alternative would just have people host it in their repos and point to the raw links
Yeah, that seems like the easiest thing for now, though I could be convinced that we should try and figure this out for images, at least. How do you want to proceed?
from compliance-masonry.
Another relevant issue: cloud-gov/cg-compliance#166. @brittag mentions there that architecture diagrams aren't readable shoved into a table cell in a Word doc, so these would need to be provided as an attachment or a link anyway.
from compliance-masonry.
Related Issues (20)
- masonry release of latest (v1.2.0?) HOT 1
- General: leveraging github actions for building, testing, releasing HOT 1
- General: leverage dependabot HOT 1
- Consider packaging with e.g. (docker) Drydock pattern
- References specific to a component's "satisfies" are not rendered
- Could 'covered_by' in a control response 'cover' more than 'verifications'?
- Replace circleci with github actions
- Replace travis with github actions
- Include provenance information in generated content (may be gitbook / markdown issue?)
- "verification" for Image type are not included as part of masonry docs gitbook generation
- Consider replacing/enhancing "dependencies" retrieval mechanisms with vendoring/library, vendir
- Consider enhancing "dependencies" to support local filesystem references HOT 2
- Splitting "component" contexts across multiple yaml files
- Enhance error reporting/message HOT 2
- Readdress race condition on integration tests
- Dependabot performing go mod vendor now-- nifty HOT 2
- "Covered By" appears to lack newline, is directly appended to previous section
- Publish 1.1.6 to docker hub
- runtime: bsdthread_register error HOT 2
- Documentation Creating
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from compliance-masonry.