Consolidate UUID logic into a utility library

[wendellpiez]

User Story

Currently, XSLT to produce random UUIDs without processor extensions exists in two places in the OSCAL repository:

• https://github.com/usnistgov/OSCAL/blob/main/src/release/content-upgrade/uuid/random-util.xsl
• https://github.com/usnistgov/OSCAL/blob/develop/src/utils/util/resolver-pipeline/random-util.xsl (latest in develop)
• additionally: https://github.com/usnistgov/oscal-tools/blob/main/xslt/uuid/random-util.xsl (in the oscal-tools repo)

Taking care to use the best available version (profile resolution version last touched by @galtm), these should be consolidated.

Issue usnistgov/oscal-tools#47 is focused on creating an XSLT UUID library providing sharable code which can replace the existing implementations above.

The first step is to consolidate within this repository, which this Issue addresses.

The consolidation should include XSpec testing.

Goals

• reduce dependencies and maintenance overhead for shared (commodity) logic
• better package and distribute these functions for further reuse

Dependencies

Creating a function library in a separate repository, specifically for XSLT 3.0 utilities is addressed by usnistgov/oscal-tools#47.

Acceptance Criteria

• [ ] Disparate UUID-generating code in the OSCAL repository (described above) has been consolidated into one place in the repository
• [ ] This uses the latest UUID production code at https://github.com/usnistgov/OSCAL/blob/develop/src/utils/util/resolver-pipeline/random-util.xsl
• [x] XSpec tests have been added, and demonstrate functionality
• [x] The function library is self-contained such that it can easily be replaced by a submodule (usnistgov/oscal-tools#47
• [ ] Dependent utilities have been adjusted to use the new library, OR Issues have been produced for any utilities requiring adjustment:
  • [ ] OSCAL version upgrade XSLTs, with readmes / docs
  • [ ] XSLT profile resolver, with readmes / docs
• [ ] Any follow-on Issues have been created, potentially
  • [ ] ~removing/replacing the version in https://github.com/usnistgov/oscal-tools~ (this is now a key item in current sprint work for usnistgov/oscal-tools#77)
• [ ] All OSCAL website and readme documentation affected by the changes in this issue have been updated. Changes to the OSCAL website can be made in the docs/content directory of your branch.
• [ ] A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
• [ ] The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.

[galtm]

@wendellpiez @aj-stein-nist , I am working on a utility to compute precedence of semantic versions. It could be a candidate for your library, too. I will keep you posted on when it is available.

[aj-stein-nist]

Hi @wendellpiez, can we get a status update on this?

[galtm]

@wendellpiez @aj-stein-nist , I am working on a utility to compute precedence of semantic versions. It could be a candidate for your library, too. I will keep you posted on when it is available.

Semantic versioning functions https://github.com/usnistgov/xslt3-functions/pull/2

UUID functions https://github.com/usnistgov/xslt3-functions/pull/3

[aj-stein-nist]

@wendellpiez @aj-stein-nist , I am working on a utility to compute precedence of semantic versions. It could be a candidate for your library, too. I will keep you posted on when it is available.

Semantic versioning functions usnistgov/xslt3-functions#2

UUID functions usnistgov/xslt3-functions#3

So we are ready for final review and move the work forward as it pertains to reorganizing OSCAL code? Not urgent, but we should discuss because it came up while reviewing another PR in a similar vein so it might be time to do a sitrep.

[wendellpiez]

Indeed. Reorg may take more than one step but let's plot it out and execute. 👍

[aj-stein-nist]

I am going to move this to the next sprint. @wendellpiez, others interested (feel free to comment), and I have to meet about the refactoring of these repos, how to plan, track it, and move forward on a steady timetable.

[aj-stein-nist]

Wendell and I will talk about this as part of a planned meeting this week to scope out work and pair, once scheduled, as requested in https://github.com/usnistgov/oscal-tools/issues/47#issuecomment-1419296964.

[aj-stein-nist]

@wendellpiez will schedule time for us to pair on this issue and https://github.com/usnistgov/oscal-tools/issues/47.

[aj-stein-nist]

Wendell and I paired today and I will update the AC on this with him over today and Monday. We have made some progress and, at a high-level, some or a lot of progress has been made, but the lag between issue edit and work means the AC items in the checklist are not accurate to the repo and structure information (information here appears to predate the decision to not just have oscal-xslt, but xslt3-functions).

[aj-stein-nist]

It is not immediately blocked, but we will want to merge a series of PRs around improving profile resolution from community member galtm and those community PRs are likely to merge this sprint. To prepare for that, we will put this on hold and slate it for Sprint 65. ACs have been provisionally adjusted and we can review criteria at the beginning of sprint.