search

oscal-compass / compliance-trestle

An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.
https://oscal-compass.github.io/compliance-trestle
Apache License 2.0
158 stars 60 forks source link

Validation broken when loading split models via `-t` #1694

Open rahearn opened 1 week ago

rahearn commented 1 week ago

Describe the bug

Validation returns incorrect failures when called with the -t flag, at least for -t system-security-plan when the model has been split using trestle split

To Reproduce

Steps to reproduce the behavior:

  1. Create a new system-security-plan trestle create -t system-security-plan -o validate-test
  2. Edit ssp to put a valid profile href in
  3. Verify that trestle validate -f system-security-plans/validate-test/system-security-plan.json and trestle validate -t system-security-plan -n validate-test correctly report that the model is valid
  4. Split the model: trestle split -f system-security-plans/validate-test/system-security-plan.json -e "system-security-plan.metadata"
  5. Verify that trestle validate -f system-security-plans/validate-test/system-security-plan.json still reports that the model is valid
  6. Try to validate with trestle validate -t system-security-plan -n validate-test

Expected behavior

The model is still valid

Actual behavior

Step 6 reports that the model has extra fields.

Screenshots / Logs.

Screenshot 2024-09-09 at 3 40 45 PM

Environment

rahearn commented 1 week ago

It's popping that issue when assigning things to the pydantic.v1.main.SystemSecurityPlan stripped model, but I don't know why it's an issue for -t/-n and not for either -f or -a versions of the command.