Closed Rene2mt closed 4 weeks ago
Team did a preliminary review of various testing frameworks including:
After weighing the pros and cons of each, team decided to do a proof of concept with Jest.
Need to:
tests:
- test-content: oscal-ssp-file.json
tag:
- metadata
- system-characteristics
- system-implementation
- control-implementation
- back-matter
expectation:
- id: some-validation-id
description: "some test description"
command: "validate" # optional or not necessary at all if only testing oscal-cli validation
level: ERROR
location: /some/metapath/node
result: pass
- id: some-validation-id
description: "some test description"
command: "validate" # optional or not necessary at all if only testing oscal-cli validation
level: ERROR
location: /some/metapath/node2
result: fail
- id: some-other-validation-id
description: "some test description"
command: "validate" # optional or not necessary at all if only testing oscal-cli validation
level: WARNING
location: /some/metapath/node
result: pass
Once a format is established, will need to update the test runner accordingly.
OSCAL-CLI will be generating SARIF output - https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html
YAML unit tests will follow this structure. Need naming convention and location for these declarative unit tests.
tests:
- test-content: oscal-file.json
tag:
- metadata
- system-implementation
expectation:
- id: some-validation-id
level: ERROR
location: /some/metapath/node
result: pass
- id: some-validation-id
level: ERROR
location: /some/metapath/node2
result: fail
- id: some-other-validation-id
level: ERROR
location: /some/metapath/node
result: pass
For full implementation details, see PR #622. In summary:
test-case:
name: {name / title for the constraint test scenario}
description: {a description of the constraint being tested}
content: {path to the OSCAL content the constraint will be tested on}
pipeline: {OPTIONAL element if some pipeline action such as profile resolution needs to happen on the specified content before executing the test}
- action: {OPTION action such as resolve-profile}
expectations:
- constraint-id: {the ID of the constraint being tested}
result: {pass | fail}
You can run make test
at the root of your local fedramp-automation repository to setup the testing harness locally. More detailed instructions are forthcoming (see PR #638).
This is a ...
research - something needs to be investigated
This relates to ...
User Story
As a developer, I need an automated testing approach to QA the OSCAL CLI whenever changes are made or new versions are released.
Goals
Problem Statement
The FedRAMP OSCAL automation team needs a good, light-weight, simple test harness and framework for automated unit testing. The solution will be used for QA of developed FedRAMP OSCAL validation rules integrated into the OSCAL CLI tool. The solution may also be used to integrate with testing of other FedRAMP OSCAL tools in the future.
Requirements
In order to identify a solution, the dev team will:
Dependencies
No response
Acceptance Criteria
Other information
No response