regscale-cli 6.19.2.0__py3-none-any.whl → 6.20.1.0__py3-none-any.whl

regscale/integrations/public/fedramp/fedramp_cis_crm.py

@@ -360,13 +360,15 @@ def update_imp_objective(
     )
     existing_pairs = {(obj.objectiveId, obj.implementationId) for obj in existing_imp_obj}
     responsibility = responsibility_map.get(responsibility, responsibility)
+    logger.debug(f"CRM Record: {crm_record}")
+    can_be_inherited_from_csp: str = crm_record.get("can_be_inherited_from_csp") or ""
     for objective in objectives:
         current_pair = (objective.id, imp.id)
         if current_pair not in existing_pairs:
             imp_obj = ImplementationObjective(
                 id=0,
                 uuid="",
-                inherited=crm_record.get("can_be_inherited_from_csp") in ["Yes", "Partial"],
+                inherited=can_be_inherited_from_csp in ["Yes", "Partial"],
                 implementationId=imp.id,
                 status=status_map.get(cis_record.get("implementation_status", NOT_IMPLEMENTED), NOT_IMPLEMENTED),
                 objectiveId=objective.id,
@@ -374,8 +376,8 @@ def update_imp_objective(
                 securityControlId=objective.securityControlId,
                 securityPlanId=REGSCALE_SSP_ID,
                 responsibility=responsibility,
-                cloudResponsibility=customer_responsibility,
-                customerResponsibility=customer_responsibility,
+                cloudResponsibility=customer_responsibility if can_be_inherited_from_csp.lower() == "yes" else "",
+                customerResponsibility=(customer_responsibility if can_be_inherited_from_csp.lower() != "yes" else ""),
                 authorizationId=leverage_auth_id,
                 parentObjectiveId=objective.parentObjectiveId,
             )

regscale/integrations/public/fedramp/fedramp_five.py

@@ -11,7 +11,6 @@ from tempfile import gettempdir
 from typing import Any, Dict, List, Optional, Tuple, Union
 
 from dateutil.relativedelta import relativedelta
-from packaging.version import Version
 
 from regscale.core.app.api import Api
 from regscale.core.app.application import Application
@@ -28,7 +27,6 @@ from regscale.models import (
     ControlParameter,
     File,
     ImplementationObjective,
-    ImplementationObjectiveResponsibility,
     ImplementationOption,
     LeveragedAuthorization,
     Parameter,
@@ -40,6 +38,7 @@ from regscale.models import (
     StakeHolder,
     SystemRole,
     User,
+    ImplementationControlOrigin,
 )
 from regscale.utils.version import RegscaleVersion
 
@@ -1400,8 +1399,7 @@ def handle_parts(
             else control_objectives
         )
         logger.debug(f"Matching Objectives: {matching_objectives}")
-        regscale_version = RegscaleVersion.get_platform_version()
-        if len(regscale_version) >= 10 or Version(regscale_version) >= Version("6.13.0.0"):
+        if RegscaleVersion.meets_minimum_version("6.13.0.0"):
             status = status_map.get(status, status)
 
         # Status should never be None
@@ -1510,44 +1508,33 @@ def map_responsibility(responsibility: str) -> str:
     :return: The mapped responsibility.
     :rtype: str
     """
-    # This should be server code, sorry
+    if not responsibility:
+        return ""  # Return empty string instead of None
+
+    # Handle comma-separated values
+    if "," in responsibility:
+        responsibility_values = [r.strip() for r in responsibility.split(",")]
+        return ",".join([map_responsibility(r) for r in responsibility_values])
+
+    # This should be server code with proper enums, but this is the best we can do for now
     responsibility_map = {
-        "Provider": "Service Provider Corporate",
-        "Provider (System Specific)": "Service Provider System Specific",
-        "Customer": "Provided by Customer (Customer System Specific)",
-        "Hybrid": "Service Provider Hybrid (Corporate and System Specific)",
-        "Customer Configured": "Configured by Customer (Customer System Specific)",
-        "Shared": "Shared (Service Provider and Customer Responsibility)",
-        "Inherited": "Inherited from pre-existing FedRAMP Authorization",
+        "Service Provider Corporate": ImplementationControlOrigin.SERVICE_PROVIDER_CORPORATE.value,
+        "Service Provider System Specific": ImplementationControlOrigin.SERVICE_PROVIDER_SYSTEM.value,
+        "Service Provider Hybrid (Corporate and System Specific)": ImplementationControlOrigin.SERVICE_PROVIDER_HYBRID.value,  # Map to closest value
+        "Configured by Customer (Customer System Specific)": ImplementationControlOrigin.CONFIGURED_BY_CUSTOMER.value,
+        "Provided by Customer (Customer System Specific)": ImplementationControlOrigin.PROVIDED_BY_CUSTOMER.value,
+        "Shared (Service Provider and Customer Responsibility)": ImplementationControlOrigin.SHARED.value,
+        "Inherited from pre-existing FedRAMP Authorization": ImplementationControlOrigin.INHERITED_FROM_PRE_EXISTING_FEDRAMP_AUTHORIZATION.value,
     }
-    res = ""
-    if responsibility == "Service Provider System Specific":
-        res = ImplementationObjectiveResponsibility.PROVIDER_SYSTEM_SPECIFIC.value
-    if responsibility == SERVICE_PROVIDER_CORPORATE:
-        res = ImplementationObjectiveResponsibility.PROVIDER.value
-    if responsibility == "Provided by Customer (Customer System Specific)":
-        res = ImplementationObjectiveResponsibility.CUSTOMER.value
-    if responsibility == "Configured by Customer (Customer System Specific)":
-        res = ImplementationObjectiveResponsibility.CUSTOMER_CONFIGURED.value
-    if responsibility == "Service Provider Hybrid (Corporate and System Specific)":
-        res = ImplementationObjectiveResponsibility.HYBRID.value
-    if responsibility == "Inherited from pre-existing FedRAMP Authorization":
-        res = ImplementationObjectiveResponsibility.INHERITED.value
-    if responsibility == ImplementationObjectiveResponsibility.NOT_APPLICABLE.value:
-        res = ImplementationObjectiveResponsibility.NOT_APPLICABLE.value
-    if responsibility == "Shared (Service Provider and Customer Responsibility)":
-        res = ImplementationObjectiveResponsibility.SHARED.value
-    regscale_version = RegscaleVersion.get_platform_version()
-    if len(regscale_version) >= 10 or Version(regscale_version) >= Version("6.13.0.0"):
-        return responsibility_map.get(res, res)
-    return res
+
+    return responsibility_map.get(responsibility, responsibility or "")
 
 
 def handle_implementation_objectives(
     objective: ControlObjective,
     part_statement: str,
     status: Optional[str],
-    control_implementation: ControlImplementation,
+    control_implementation: Union[ControlImplementation, int, None],
     imp_objectives: List[ImplementationObjective],
     control: SecurityControl,
     duplicate: bool,
@@ -1555,26 +1542,30 @@ def handle_implementation_objectives(
 ):
     """
     Handle the implementation objectives for the given objective, option, and control implementation.
-    :param ControlObjective objective:
-    :param str part_statement:
-    :param Optional[str] status:
-    :param ControlImplementation control_implementation:
-    :param List[ImplementationObjective] imp_objectives:
-    :param SecurityControl control:
+    :param ControlObjective objective: The control objective.
+    :param str part_statement: The statement text for this part.
+    :param Optional[str] status: The implementation status.
+    :param Union[ControlImplementation, int, None] control_implementation: The control implementation object or ID.
+    :param List[ImplementationObjective] imp_objectives: List to collect implementation objectives.
+    :param SecurityControl control: The security control.
     :param bool duplicate: Whether the option is a duplicate will add note if True.
     :param Optional[str] origination: The origination of the implementation.
     """
     if isinstance(status, ControlImplementationStatus):
         status = status.value
+
+    # Ensure part_statement is valid
+    statement = part_statement if part_statement else ""
+
     imp_obj = ImplementationObjective(
         securityControlId=control.id,
-        implementationId=control_implementation.id,
+        implementationId=control_implementation.id if hasattr(control_implementation, "id") else control_implementation,
         objectiveId=objective.id,
         optionId=None,
         status=status,
-        statement=part_statement,
+        statement=statement,
         notes="#replicated-data-part" if duplicate else "",
-        responsibility=origination if origination else None,
+        responsibility=origination,
     )
     if imp_obj not in imp_objectives:
         imp_objectives.append(imp_obj)
@@ -2341,3 +2332,58 @@ def get_max_version(entries: List[Dict]) -> Optional[str]:
             max_version = max(max_version, version_str, key=parse_version)
     logger.debug(f"Version: {max_version}")
     return max_version
+
+
+def process_objective(
+    objective: ControlObjective,
+    processed_objective_ids: set,
+    existing_objectives_by_objective_id: Dict,
+    control: SecurityControl,
+    part_statement: Optional[str],
+    status: Optional[str],
+    origination: Optional[str] = None,
+    imp_objectives: List[ImplementationObjective] = None,
+):
+    """
+    Process a single control objective.
+
+    :param ControlObjective objective: The objective to process.
+    :param set processed_objective_ids: Set of already processed objective IDs.
+    :param Dict existing_objectives_by_objective_id: Dictionary of existing objectives by ID.
+    :param SecurityControl control: The security control.
+    :param Optional[str] part_statement: The statement for this part, may be None.
+    :param Optional[str] status: The implementation status for this objective.
+    :param Optional[str] origination: The implementation origination for this objective.
+    :param List[ImplementationObjective] imp_objectives: List to collect implementation objectives.
+    :return: None
+    """
+    logger.debug(f"Processing objective: {objective.id} - {objective.name}")
+
+    # Skip if already processed
+    if objective.id in processed_objective_ids:
+        logger.debug(f"Objective {objective.id} already processed")
+        return
+
+    processed_objective_ids.add(objective.id)
+    existing_objective = existing_objectives_by_objective_id.get(objective.id)
+
+    statement = part_statement if part_statement is not None else ""
+
+    # Update existing objective if found
+    if existing_objective is not None:
+        logger.debug(f"Updating existing objective: {existing_objective.id}")
+        existing_objective.status = status
+        existing_objective.statement = statement
+        if origination is not None:
+            existing_objective.responsibility = origination
+        existing_objective.save()
+    # Create new objective if implementation objectives list provided
+    elif imp_objectives is not None:
+        logger.debug(f"Creating new objective for {objective.id}")
+        imp_obj = ImplementationObjective(
+            objectiveId=objective.id,
+            status=status,
+            statement=statement,
+            responsibility=origination,
+        )
+        imp_objectives.append(imp_obj)