Skip to content

Policy source data format proposal #5817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Policy source data format proposal #5817

wants to merge 2 commits into from

Conversation

jan-cerny
Copy link
Collaborator

This is the policy source data format that we will use to improve
development of our profiles. It will allow us to store security controls
and requirements in the repository and then define profiles by using
their IDs instead of separate rules.

This is done in order to solve the problem that there is no easy way to
demonstrate to profile stakeholder the status of their profile.

Intended workflow:

  • SME identifies security controls the policy consists of. Those
    controls serve as direct input for our profiles.
  • SME goes through controls, and makes sure that they are sufficiently
    covered by rules.
  • SME fine-tunes the profile by overriding a couple of individual rules
    in the profile file.

Once the format is accepted we can start developing tools that support
this new workflow.

In future, we can also use it for further refactoring, for example
streamlining the generation of HTML tables.

Add comments as if you review the code.

@jan-cerny
Policy source data format proposal
6103414 
This is the policy source data format that we will use to improve
development of our profiles. It will allow us to store security controls
and requirements in the repository and then define profiles by using
their IDs instead of separate rules.

This is done in order to solve the problem that there is no easy way to
demonstrate to profile stakeholder the status of their profile.

Intended workflow:

* SME identifies security controls the policy consists of. Those
  controls serve as direct input for our profiles.
* SME goes through controls, and makes sure that they are sufficiently
  covered by rules.
* SME fine-tunes the profile by overriding a couple of individual rules
  in the profile file.

Once the format is accepted we can start developing tools that support
this new workflow.

In future, we can also use it for further refactoring, for example
streamlining the generation of HTML tables.

Add comments as if you review the code.
@openshift-ci-robot openshift-ci-robot added the do-not-merge/work-in-progress Used by openshift-ci bot. label Jun 5, 2020
@openshift-ci-robot
Copy link
Collaborator

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@redhatrises
Copy link
Contributor

NACK.

@redhatrises redhatrises closed this Jun 5, 2020
@shawndwells
Copy link
Member

Other standards exist for this, nor is this a problem for content authors or consumers. NACK.

@matejak
Copy link
Member

matejak commented Jun 10, 2020

Gentlemen, are you serious? This proposal is

  • a backwards-compatible improvement for content maintainers and content creators,
  • completely unrelated to consumers, and
  • indifferent to other standards.

In order to close this PR, please specify some material reasons and not just NACK. This is an open-source project, and if we support Python 2.7 or SLES 11, we can as well support a wider range of possibilities how to write and maintain profiles if they don't break anything.

@matejak matejak reopened this Jun 10, 2020
@redhatrises
Copy link
Contributor

redhatrises commented Jun 10, 2020
edited
Loading

This PR received multiple nacks including publicly AND privately from customers, so yes.
SMEs and SME content creators don't have this problem and aren't in need of this.

@jan-cerny
Copy link
Collaborator Author

@redhatrises I will try to invent a different proposal instead. But please let me know what are the specific problems in this one or which things need to be done differently.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
do-not-merge/work-in-progress Used by openshift-ci bot.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jan-cerny @openshift-ci-robot @redhatrises @shawndwells @matejak