Transform OSCO json produced by Arboretum fetcher into NIST OSCAL-like Assessment Results Observations list json file(s) as a trestle task

[degenaro]

Issue description / feature objectives

Assumptions:

input directory contains one or more OSCO Arboretum fetcher produced cluster resource json files
input directory contains, optionally, a metadata file comprising additional reference data named oscal-metadata.yaml
output directory exists or is creatable

Approach:

create the output directory, if necessary
for each input OSCO cluster resource json file:
    for each ConfigMap:
        discover the rule and result pair entries contained within
        construct an observation for each entry, including any additional related information from the metadata file if present
        create the corresponding output file, only if the file does not already exist or overwrite=true (the default)

Example CLI:
trestle task osco-to-oscal -c /home/degenaro/git/degenaro.evidence-locker/osco/demo-osco-to-oscal-arboretum.config

Example config:

[task.osco-to-oscal]

input-dir = /home/degenaro/git/degenaro.evidence-locker/osco-arboretum/input
output-dir = /home/degenaro/git/degenaro.evidence-locker/osco-arboretum/output
output-overwrite = true

References

See Arboretum ComplianceAsCode/auditree-arboretum#9 cluster resource fetcher.