Merged
Conversation
* Complete assessment plan files and finalize database structure * Fix relationships and remove duplicate assessment plans * Integrate migrator into main database migrator
* Implement marshaling and unmarshaling for new OSCAL components: ImportSsp, SystemId, LocalDefinitions, Observations, and Findings. * Add comprehensive test cases for each new component to ensure correct serialization and deserialization. * Refactor existing code to accommodate the new structure and improve clarity.
* Complete assessment plan files and finalize database structure * Fix relationships and remove duplicate assessment plans * Integrate migrator into main database migrator
* Implement marshaling and unmarshaling for new OSCAL components: ImportSsp, SystemId, LocalDefinitions, Observations, and Findings. * Add comprehensive test cases for each new component to ensure correct serialization and deserialization. * Refactor existing code to accommodate the new structure and improve clarity.
* Introduce new endpoints for retrieving Plan of Action and Milestones (POA&Ms) and their associated data, including findings, observations, risks, and items. * Update existing API methods to support the new structure and improve data handling. * Modify Docker configuration to include PostgreSQL as a dependency for the application. (to fix my local env, will sort later) * Update Swagger documentation to reflect the new endpoints and their functionalities.
* Introduced new entities related to Plan of Action and Milestones (POAM) in the database migrator, including PlanOfActionAndMilestones, PoamItem, Risk, Observation, and Finding. * Updated relationships in the PlanOfActionAndMilestones model to establish foreign key references for associated entities. * Enhanced unmarshaling methods for Risk, Observation, and Finding to include PlanOfActionAndMilestonesID for better data integrity and relationships. * Refactored the PoamItem model to include relationships with related findings, observations, and risks, ensuring proper data handling and retrieval. * Improved marshaling and unmarshaling logic to accommodate the new structure and maintain consistency across the API.
* Updated the handling of observations, risks, and findings in the Plan of Action and Milestones (POAM) API to eliminate unnecessary dereferencing of pointers, enhancing performance and readability. * Adjusted the data types for local definitions and risk logs to utilize the JSONType wrapper, ensuring better compatibility with the database and improving data integrity. * Refactored unmarshaling and marshaling methods for risks and findings to streamline data processing and maintain consistency across the API.
* Updated the Plan of Action and Milestones (POAM) model to utilize polymorphic associations for observations, risks, and findings, enhancing data integrity and flexibility. * Adjusted the migrator to reflect changes in local definitions naming and relationships. * Improved unmarshaling and marshaling methods to accommodate the new structure, ensuring consistent handling of parent references across related entities.
* Updated the ImportOscal function to support importing Plan of Action and Milestones (POAM) with a focus on polymorphic structures. * Added handling for PlanOfActionAndMilestones in the import process, including logging for imported risks, observations, and findings. * Simplified API responses for POAM endpoints to avoid marshaling issues, introducing new structures for listing and retrieving POAM data. * Improved database queries for observations, risks, and findings to utilize polymorphic relationships, enhancing data retrieval efficiency.
* Updated the ImportOscal function to streamline the import process, removing unnecessary metadata handling for POAM. * Refactored the ResponsibleParty structure to utilize a many-to-many relationship with Party, enhancing data integrity. * Improved unmarshaling logic for ResponsibleParty to accommodate the new structure, ensuring consistent handling of related entities.
* Introduced ParentID and ParentType fields to the ResponsibleParty structure to support polymorphic relationships, allowing it to associate with different parent types.
* Introduced ResponsiblePartyParties struct to manage many-to-many relationships between ResponsibleParty and Party. * Updated unmarshaling and marshaling methods to accommodate the new structure, ensuring consistent handling of party associations.
* Simplified the marshaling process for Plan of Action and Milestones (POAM) by directly accessing data structures, eliminating unnecessary error checks and type assertions.
* Eliminated the Title field from the SimplePOAM struct to simplify the API response. * Removed duplicate references to POAM-related entities in the migratorr
Contributor
There was a problem hiding this comment.
Pull Request Overview
Adds foundational support for Plan of Action and Milestones (POA&M) in the service layer, API, migrations, and import CLI.
- Extend relational models with polymorphic associations and include POA&M entities
- Enhance assessment result marshalling/unmarshalling to handle observations, findings, and risks
- Introduce new handler for POA&M endpoints and register routes
- Update migrations and import command to cover POA&M
Reviewed Changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/service/relational/common.go | Add ParentID/ParentType fields to ResponsibleParty |
| internal/service/relational/assessment.go | Unmarshal/Marshal Observations, Findings, and Risks in Result |
| internal/service/migrator.go | Include POA&M models in DB migrations |
| internal/api/handler/oscal/plan_of_action_and_milestones.go | Implement POA&M REST handlers (list, get, full, child endpoints) |
| internal/api/handler/oscal/api.go | Register POA&M handler route |
| docker-compose.yml | Remove quotes from DB env vars for consistency |
| cmd/oscal/import.go | Add CLI import logic for PlanOfActionAndMilestones |
Comments suppressed due to low confidence (1)
internal/api/handler/oscal/plan_of_action_and_milestones.go:70
- [nitpick] Variable name
simplePoamsmixes lowercase and acronym; Go convention preferssimplePOAMsor a more descriptive name likepoamSummaries.
simplePoams := make([]SimplePOAM, len(poams))
* Replaced fmt.Printf with sugar.Infof for improved logging of imported POAM details, enhancing clarity and consistency in log output.
ssherar
requested changes
Jun 10, 2025
| &relational.SelectObjectiveById{}, | ||
|
|
||
| // POAM entities | ||
| &relational.PlanOfActionAndMilestones{}, |
* Reintroduced multiple test data files in the ImportOscal function to improve testing coverage for various OSCAL structures. * Updated related fields in the Finding and Observation models to support efficient querying and maintain OSCAL compatibility.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.