Conversation
jpower432
force-pushed
the
001-gemara-native-workflow
branch
2 times, most recently
from
1a8c16d to
0dc86bc
Compare
|
@marcusburghardt I think we may need to exclude vendor directories from the linting checks |
jpower432
force-pushed
the
001-gemara-native-workflow
branch
2 times, most recently
from
d1a107a to
47b0488
Compare
marcusburghardt
left a comment
marcusburghardt
left a comment
There was a problem hiding this comment.
Some initial comments Jenn.
| - `targets`: Repeated `Target` entries (one per target to scan) | ||
| - `target_id`: Target identifier from workspace configuration | ||
| - `variables`: Plugin-defined variables map (plugin-specific configuration such as authentication tokens, connection strings, API endpoints, credentials). Each plugin defines what variables it expects. | ||
| - `requirement_ids`: Requirement IDs to evaluate (repeated string field). Plugins evaluate only the specified requirements. |
There was a problem hiding this comment.
Do we need to inform the requirement_ids during the SCAN considering the plugin policy is already "generated" including all requirements ids?
There was a problem hiding this comment.
I think you are right the only thing I think we need at scan time is target information.
| - `plugin_info`: Plugin metadata | ||
| - `duration_seconds`: Execution time | ||
|
|
||
| **Note**: All targets configured in workspace config for the specified policy ID are scanned in a single Scan call. |
There was a problem hiding this comment.
I included a plugin configuration file for targets in ampel-plugin (#380). I wonder if we can create a targets configuration file generic enough for all plugins or should we keep this on the plugin responsibility since we are now considering more than only a local system.
There was a problem hiding this comment.
There might be multiple plugins evaluating a single target. The plugin might have more granular knowledge of the specific target, but the host conveys the user selection.
| 2. **Health Check**: Must respond to `HealthCheck` within 1 second | ||
| 3. **API Version**: Must report correct API version in `HealthCheckResponse` | ||
| 4. **Error Handling**: Must return appropriate gRPC status codes | ||
| 5. **Timeout**: Must complete `Scan` within configured timeout (default: 5 minutes) |
There was a problem hiding this comment.
Should we define what to do when the timeout is reached? Maybe checking the plugin health before stopping?
There was a problem hiding this comment.
Hmm. Maybe. I would wonder if the plugin would respond because it's up, but just has a blocking process.
There was a problem hiding this comment.
The idea to check the status after the timeout is to finish the process only if it not responding for this timeout. In case a plugin is working in a time-consuming task for a particular target, it should be better to wait it to finish. Essentially it would differentiate time-consuming tasks than unresponsive plugins.
I understand this PR is already bringing many changes so all fine to discuss this further in a next opportunity.
| 2. Configure `buf.yaml` and `buf.gen.yaml` in `api/proto/` | ||
| 3. Run `buf generate` to generate Go code | ||
|
|
||
| **References**: |
There was a problem hiding this comment.
Maybe it would be good to include references for Gemara project, where the schemes are available.
|
|
||
| ### AssessmentConfiguration | ||
|
|
||
| Configuration extracted from the policy graph and passed to plugins via Generate RPC. |
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
Refactor constitution from human-oriented style guide into agent-enforceable directives. Normalize all rules to RFC 2119 (MUST/SHOULD/MAY), remove repository-specific references, add lint configuration awareness rule, and define the incremental constitution model for downstream repositories. Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
jpower432
force-pushed
the
001-gemara-native-workflow
branch
from
5c8ec26 to
0b59700
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
jpower432
force-pushed
the
001-gemara-native-workflow
branch
from
0b59700 to
78189bf
Compare
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
It was also causing shellcheck to fail. Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
Signed-off-by: Marcus Burghardt <maburgha@redhat.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com> # Conflicts: # vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go # vendor/github.com/cloudflare/circl/sign/sign.go # vendor/modules.txt
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
jpower432
force-pushed
the
001-gemara-native-workflow
branch
from
78189bf to
b34d5d8
Compare
…a-native-workflow
…001-gemara-native-workflow
cmd/complyctl/cli/list.go
Outdated
| for _, p := range cfg.Policies { | ||
| ref := complytime.ParsePolicyRef(p.URL) | ||
| if _, ok := cached[ref.Repository]; !ok { | ||
| cached[ref.Repository] = []string{"(not cached — " + p.EffectiveID() + ")"} |
cmd/complyctl/cli/list.go
Outdated
| if plain { | ||
| terminal.ShowPlainTable(w, columns, rows) | ||
| return nil | ||
| } |
There was a problem hiding this comment.
@jpower432 Just a thought for UX part, I liked the generate output which actually more boxed than the list command terminal.ShowPlainTable. We can use the same border styles. WDYT?
There was a problem hiding this comment.
Thanks @sonupreetam. I ended up removing these options and just went to with plain, tabular output. Seems like a much simpler solution and still look good (IMO).
internal/output/execution_plan.go
Outdated
|
|
||
| routeRows := make([]table.Row, 0, len(routes)) | ||
| for _, r := range routes { | ||
| pluginPath := r.PluginPath |
There was a problem hiding this comment.
@jpower432 For UX, I think the plugin path could be shortened.
sonupreetam
left a comment
sonupreetam
left a comment
There was a problem hiding this comment.
@jpower432 Added minor suggestions on UX front. Everything else with UX part LGTM.
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
|
Testing farm is failing here because all of the plans are removed, we might put them back, but the only plan was for OSCAL content. It may be simpler to squash-merge this. |
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
Signed-off-by: Jennifer Power <barnabei.jennifer@gmail.com>
4 participants
Summary
The PR implements a
complyctlto include plugin API and UX breaking changes.Related Issues
Inform any issues relevant to this PR. For example:
Review Hints
For
specslook at the first commitFor code changes look at the third commit