regscale-cli 6.21.2.0__py3-none-any.whl → 6.28.2.1__py3-none-any.whl

regscale/models/regscale_models/control_implementation.py

@@ -4,12 +4,13 @@
 # standard python imports
 import logging
 from enum import Enum
-from typing import Any, Callable, Dict, List, Optional, Union, TypeVar
+from functools import lru_cache
+from typing import Any, Callable, Dict, List, Optional, Union
 from urllib.parse import urljoin
 
 import requests
 from lxml.etree import Element
-from pydantic import ConfigDict, Field
+from pydantic import ConfigDict, Field, field_validator
 
 from regscale.core.app.api import Api
 from regscale.core.app.application import Application
@@ -19,7 +20,6 @@ from regscale.models.regscale_models.implementation_role import ImplementationRo
 from regscale.models.regscale_models.regscale_model import RegScaleModel
 from regscale.models.regscale_models.security_control import SecurityControl
 
-
 logger = logging.getLogger("regscale")
 PATCH_CONTENT_TYPE = "application/json-patch+json"
 
@@ -41,6 +41,8 @@ class ControlImplementationStatus(str, Enum):
 
 
 class ImplementationControlOrigin(str, Enum):
+    """Control Implementation Origination"""
+
     SERVICE_PROVIDER_CORPORATE = "Service Provider Corporate"
     SERVICE_PROVIDER_SYSTEM = "Service Provider System Specific"
     SERVICE_PROVIDER_HYBRID = "Service Provider Hybrid (Corporate and System Specific)"
@@ -63,6 +65,7 @@ class ControlImplementationOrigin(str, Enum):
     CustomerConfigured = "Customer Configured"
     CustomerProvided = "Customer"
     Inherited = "Inherited"
+    NotApplicable = "Not Applicable"
 
 
 class ControlImplementation(RegScaleModel):
@@ -74,9 +77,10 @@ class ControlImplementation(RegScaleModel):
     _get_objects_for_list = True
 
     controlOwnerId: str = Field(default_factory=RegScaleModel.get_user_id)
+    controlOwnersIds: Optional[List[str]] = Field(default=None)
     status: str  # Required
     controlID: int  # Required foreign key to Security Control
-    status_lst: List[ControlImplementationStatus] = []
+    status_lst: List[ControlImplementationStatus] = Field(default=[], exclude=True)
     id: int = 0
     parentId: Optional[int] = None
     parentModule: Optional[str] = None
@@ -84,7 +88,7 @@ class ControlImplementation(RegScaleModel):
     createdById: Optional[str] = Field(default_factory=RegScaleModel.get_user_id)
     uuid: Optional[str] = None
     policy: Optional[str] = None
-    implementation: Optional[str] = None
+    implementation: Optional[str] = Field(default="N/A")
     dateLastAssessed: Optional[str] = None
     lastAssessmentResult: Optional[str] = None
     practiceLevel: Optional[str] = None
@@ -104,7 +108,9 @@ class ControlImplementation(RegScaleModel):
     qiVendorCompliance: Optional[str] = None
     qiIssues: Optional[str] = None
     qiOverall: Optional[str] = None
-    responsibility: Optional[str] = None
+    responsibility: str = Field(
+        default_factory=lambda: ControlImplementation.get_default_responsibility()
+    )  # Required field - Control Origination
     inheritedControlId: Optional[int] = None
     inheritedRequirementId: Optional[int] = None
     inheritedSecurityPlanId: Optional[int] = None
@@ -112,7 +118,7 @@ class ControlImplementation(RegScaleModel):
     dateCreated: Optional[str] = Field(default_factory=get_current_datetime)
     lastUpdatedById: Optional[str] = Field(default_factory=RegScaleModel.get_user_id)
     dateLastUpdated: Optional[str] = Field(default_factory=get_current_datetime)
-    weight: Optional[int] = None
+    weight: Optional[float] = None
     isPublic: Optional[bool] = True
     inheritable: Optional[bool] = False
     systemRoleId: Optional[int] = None
@@ -141,6 +147,20 @@ class ControlImplementation(RegScaleModel):
     maturityLevel: Optional[str] = None
     assessmentFrequency: int = 0
 
+    @field_validator("implementation", mode="before")
+    @classmethod
+    def validate_implementation(cls, v: Optional[str]) -> str:
+        """
+        Validate implementation field - convert empty strings to 'N/A'.
+
+        :param Optional[str] v: The implementation value
+        :return: The validated implementation value
+        :rtype: str
+        """
+        if v is None or (isinstance(v, str) and v.strip() == ""):
+            return "N/A"
+        return v
+
     def __str__(self):
         return f"Control Implementation {self.id}: {self.controlID}"
 
@@ -153,9 +173,29 @@ class ControlImplementation(RegScaleModel):
         """
         self.status_lst = self._get_status_enum()
 
+        # Backwards compatibility: Auto-populate controlOwnersIds if not set but controlOwnerId exists
+        if self.controlOwnersIds is None and self.controlOwnerId:
+            self.controlOwnersIds = [self.controlOwnerId]
+
+        # Check if responsibility needs to be set (empty string, None, or default value)
+        should_update_responsibility = (
+            not self.responsibility  # Handles empty string or None
+            or self.responsibility == self.get_default_responsibility()
+        )
+
+        if should_update_responsibility:
+            if self.parentId and self.parentModule == "securityplans":
+                # Try to get a more specific default based on the actual security plan's compliance settings
+                better_default = self.get_default_responsibility(parent_id=self.parentId)
+                if better_default and better_default != self.responsibility:
+                    self.responsibility = better_default
+            elif not self.responsibility:
+                # If still empty/None and no parent info, set to generic default
+                self.responsibility = self.get_default_responsibility()
+
     def __setattr__(self, name: str, value: Any) -> None:
         """
-        Override __setattr__ to update status_lst when status changes.
+        Override __setattr__ to update status_lst when status changes and handle backwards compatibility.
 
         :param str name: The attribute name
         :param Any value: The attribute value
@@ -164,6 +204,130 @@ class ControlImplementation(RegScaleModel):
         super().__setattr__(name, value)
         if name == "status":
             self.status_lst = self._get_status_enum()
+        elif name == "controlOwnerId" and value:
+            # Backwards compatibility: Auto-populate controlOwnersIds when controlOwnerId is set
+            if hasattr(self, "controlOwnersIds") and (
+                not hasattr(self, "_controlOwnersIds") or self._controlOwnersIds is None
+            ):
+                super().__setattr__("controlOwnersIds", [value])
+
+    @classmethod
+    @lru_cache(maxsize=256)
+    def get_default_responsibility(
+        cls, parent_id: Optional[int] = None, compliance_setting_id: Optional[int] = None
+    ) -> str:
+        """
+        Get default responsibility (control origination) based on compliance settings.
+
+        Cached for high-performance bulk operations.
+
+        :param Optional[int] parent_id: The parent security plan ID to get compliance settings from
+        :param Optional[int] compliance_setting_id: Specific compliance setting ID override
+        :return: Default responsibility string
+        :rtype: str
+        """
+        actual_compliance_setting_id = compliance_setting_id or cls._get_compliance_setting_id_from_parent(parent_id)
+
+        if actual_compliance_setting_id:
+            if responsibility := cls._get_responsibility_from_compliance_settings(actual_compliance_setting_id):
+                return responsibility
+
+        return cls._get_fallback_responsibility(actual_compliance_setting_id)
+
+    @classmethod
+    @lru_cache(maxsize=128)
+    def _get_compliance_setting_id_from_parent(cls, parent_id: Optional[int]) -> Optional[int]:
+        """
+        Get compliance setting ID from parent security plan.
+
+        Cached to avoid repeated API calls for the same security plan.
+        """
+        if parent_id is None:
+            return None
+
+        try:
+            from regscale.models.regscale_models.security_plan import SecurityPlan
+
+            security_plan: SecurityPlan = SecurityPlan.get_object(parent_id)
+            return security_plan.complianceSettingsId if security_plan else None
+        except Exception:
+            return None
+
+    @classmethod
+    @lru_cache(maxsize=32)
+    def _get_responsibility_from_compliance_settings(cls, compliance_setting_id: int) -> Optional[str]:
+        """
+        Get default responsibility from compliance settings API using settingsList endpoint.
+
+        Cached to avoid repeated API calls for the same compliance setting.
+        """
+        responsibility = ControlImplementationOrigin.NotApplicable.value
+        try:
+            from regscale.models.regscale_models.compliance_settings import ComplianceSettings
+
+            if cs_responsibility := ComplianceSettings.get_default_responsibility_for_compliance_setting(
+                compliance_setting_id
+            ):
+                responsibility = cs_responsibility
+        except Exception:
+            return responsibility
+
+        return responsibility
+
+    @classmethod
+    def _get_fallback_responsibility(cls, compliance_setting_id: Optional[int] = None) -> str:
+        """
+        Get intelligent fallback responsibility using framework-specific defaults.
+
+        :param Optional[int] compliance_setting_id: Compliance setting ID to determine framework type
+        :return: Fallback responsibility string
+        :rtype: str
+        """
+        if compliance_setting_id:
+            return cls._get_framework_default_responsibility(compliance_setting_id)
+
+        # Ultimate fallback for unknown compliance settings
+        return ControlImplementationOrigin.NotApplicable.value
+
+    @classmethod
+    def _get_framework_default_responsibility(cls, compliance_setting_id: int) -> str:
+        """
+        Get default responsibility for a specific compliance framework.
+
+        :param int compliance_setting_id: The compliance setting ID (1=RegScale, 2=FedRAMP, 3=PCI, 4=DoD, 5=CMMC)
+        :return: Default responsibility string
+        :rtype: str
+        """
+        try:
+            from regscale.models.regscale_models.compliance_settings import ComplianceSettings
+
+            default_value = ComplianceSettings.get_default_responsibility_for_compliance_setting(compliance_setting_id)
+            if default_value:
+                return default_value
+        except Exception:
+            pass
+
+        # Framework-specific fallbacks if API fails
+        fallback_map = {
+            1: "Provider",  # RegScale Default
+            2: ImplementationControlOrigin.SERVICE_PROVIDER_CORPORATE.value,  # FedRAMP
+            3: ImplementationControlOrigin.SERVICE_PROVIDER_CORPORATE.value,  # PCI
+            4: "System-Specific",  # DoD
+            5: "Provider",  # CMMC
+        }
+        return fallback_map.get(compliance_setting_id, "Service Provider Corporate")
+
+    @classmethod
+    def clear_responsibility_cache(cls) -> None:
+        """
+        Clear the responsibility lookup cache.
+
+        Call this method when compliance settings have been updated to ensure
+        fresh data is retrieved from the API.
+        """
+        cls.get_default_responsibility.cache_clear()
+        cls._get_compliance_setting_id_from_parent.cache_clear()
+        cls._get_responsibility_from_compliance_settings.cache_clear()
 
     @classmethod
     def _get_additional_endpoints(cls) -> ConfigDict:
@@ -325,15 +489,15 @@ class ControlImplementation(RegScaleModel):
         :return: A dictionary mapping control IDs to implementation IDs
         :rtype: Dict[str, int]
         """
-        logger.info("Getting control label map by parent...")
+        logger.debug("Getting control label map by parent...")
         response = cls._get_api_handler().get(
             endpoint=cls.get_endpoint("get_all_by_parent").format(intParentID=parent_id, strModule=parent_module)
         )
 
         if response and response.ok:
-            logger.info("Fetched control label map by parent successfully.")
+            logger.debug("Fetched control label map by parent successfully.")
             return {parentheses_to_dot(ci["controlName"]): ci["id"] for ci in response.json()}
-        logger.info("Unable to get control label map by parent.")
+        logger.debug("Unable to get control label map by parent.")
         return {}
 
     @classmethod
@@ -345,14 +509,14 @@ class ControlImplementation(RegScaleModel):
         :return: A dictionary mapping control IDs to implementation IDs
         :rtype: Dict[int, int]
         """
-        logger.info("Getting control id map by parent...")
+        logger.debug("Getting control id map by parent...")
         response = cls._get_api_handler().get(
             endpoint=cls.get_endpoint("get_all_by_parent").format(intParentID=parent_id, strModule=parent_module)
         )
         if response and response.ok:
-            logger.info("Fetched control id map by parent successfully.")
+            logger.debug("Fetched control id map by parent successfully.")
             return {ci["controlID"]: ci["id"] for ci in response.json()}
-        logger.info("Unable to get control id map by parent.")
+        logger.debug("Unable to get control id map by parent.")
         return {}
 
     @classmethod
@@ -364,14 +528,14 @@ class ControlImplementation(RegScaleModel):
         :return: A dictionary mapping control IDs to implementation IDs
         :rtype: Dict[str, int]
         """
-        logger.info("Getting control label map by plan...")
+        logger.debug("Getting control label map by plan...")
         response = cls._get_api_handler().get(
             endpoint=cls.get_endpoint("get_all_by_plan_with_controls").format(int_security_plan=plan_id)
         )
         if response and response.ok:
-            logger.info("Fetched control label map by plan successfully.")
+            logger.debug("Fetched control label map by plan successfully.")
             return {parentheses_to_dot(ci["control"]["controlId"]): ci["id"] for ci in response.json()}
-        logger.info("Unable to get control label map by plan.")
+        logger.warning("Unable to get control label map by plan.")
         return {}
 
     @classmethod
@@ -428,14 +592,14 @@ class ControlImplementation(RegScaleModel):
         :return: A dictionary mapping control IDs to implementation IDs
         :rtype: Dict[int, int]
         """
-        logger.info("Getting control id map by plan...")
+        logger.debug("Getting control id map by plan...")
         response = cls._get_api_handler().get(
             endpoint=cls.get_endpoint("get_all_by_plan_with_controls").format(int_security_plan=plan_id)
         )
         if response and response.ok:
-            logger.info("Fetched control id map by plan successfully.")
+            logger.debug("Fetched control id map by plan successfully.")
             return {ci["control"]["id"]: ci["id"] for ci in response.json()}
-        logger.info("Unable to get control id map by plan.")
+        logger.warning("Unable to get control id map by plan.")
         return {}
 
     @staticmethod
@@ -723,9 +887,9 @@ class ControlImplementation(RegScaleModel):
             existing_control_implementations_json = response.json()
             for cim in existing_control_implementations_json:
                 existing_implementation_dict[cim.get("controlName")] = cim
-            logger.info(f"Found {len(existing_implementation_dict)} existing control implementations")
+            logger.debug(f"Found {len(existing_implementation_dict)} existing control implementations")
         elif response.status_code == 404:
-            logger.info(f"No existing control implementations found for {parent_id}")
+            logger.debug(f"No existing control implementations found for {parent_id}")
         else:
             logger.warning(f"Unable to get existing control implementations. {response.content}")
         return existing_implementation_dict
@@ -1007,7 +1171,7 @@ class ControlImplementation(RegScaleModel):
         if field_name == "status":
             return [imp_status.value for imp_status in ControlImplementationStatus]
         if field_name == "responsibility":
-            return ["Provider", "Customer", "Shared", "Not Applicable"]
+            return [origin.value for origin in ControlImplementationOrigin]
         return cls.get_bool_enums(field_name)
 
     @classmethod
@@ -1054,6 +1218,8 @@ class ControlImplementation(RegScaleModel):
         :return: list GraphQL response from RegScale
         :rtype: list
         """
+        from regscale.core.app.internal.control_editor import _extract_control_owner_display
+
         body = """
                     query{
                         controlImplementations (skip: 0, take: 50, where: {parentId: {eq: parent_id} parentModule: {eq: "parent_module"}}) {
@@ -1099,22 +1265,25 @@ class ControlImplementation(RegScaleModel):
                 moded_item = {}
                 moded_item["id"] = item["id"]
                 moded_item["controlID"] = item["controlID"]
-                moded_item["controlOwnerId"] = (
-                    str(item["controlOwner"]["lastName"]).strip()
-                    + ", "
-                    + str(item["controlOwner"]["firstName"]).strip()
-                    + " ("
-                    + str(item["controlOwner"]["userName"]).strip()
-                    + ")"
-                )
-                moded_item["controlName"] = item["control"]["controlId"]
-                moded_item["controlTitle"] = item["control"]["title"]
-                moded_item["description"] = item["control"]["description"]
-                moded_item["status"] = item["status"]
-                moded_item["policy"] = item["policy"]
-                moded_item["implementation"] = item["implementation"]
-                moded_item["responsibility"] = item["responsibility"]
-                moded_item["inheritable"] = item["inheritable"]
+
+                # Extract control owner display using centralized method
+                moded_item["controlOwnerId"] = _extract_control_owner_display(item)
+
+                # Handle case where control or its fields might be None
+                if item.get("control") and item["control"] is not None:
+                    moded_item["controlName"] = item["control"].get("controlId", "")
+                    moded_item["controlTitle"] = item["control"].get("title", "")
+                    moded_item["description"] = item["control"].get("description", "")
+                else:
+                    moded_item["controlName"] = ""
+                    moded_item["controlTitle"] = ""
+                    moded_item["description"] = ""
+
+                moded_item["status"] = item.get("status", "")
+                moded_item["policy"] = item.get("policy", "")
+                moded_item["implementation"] = item.get("implementation", "")
+                moded_item["responsibility"] = item.get("responsibility", "")
+                moded_item["inheritable"] = item.get("inheritable", False)
                 moded_data.append(moded_item)
             return moded_data
         return []
@@ -1187,8 +1356,34 @@ class ControlImplementation(RegScaleModel):
         :return: list of control implementations, or None if not found
         :rtype: Optional[list[dict]]
         """
-        endpoint = cls.get_endpoint("get_list_by_parent").format(int_id=regscale_id, str_module=regscale_module)
-        response = cls._get_api_handler().get(endpoint=endpoint)
+        query = {
+            "parentID": 0,
+            "module": "",
+            "friendlyName": "",
+            "workbench": "",
+            "base": "",
+            "sort": "sortId",
+            "direction": "Ascending",
+            "simpleSearch": "",
+            "page": 1,
+            "pageSize": 1000,
+            "query": {
+                "id": 0,
+                "viewName": "",
+                "module": "",
+                "scope": "",
+                "createdById": "",
+                "dateCreated": None,
+                "parameters": [],
+            },
+            "groupBy": "",
+            "intDays": 0,
+            "subTab": True,
+        }
+        query["parentId"] = regscale_id
+        query["module"] = regscale_module
+        endpoint = cls.get_endpoint("filter_control_implementations")
+        response = cls._get_api_handler().post(endpoint=endpoint, data=query)
         if response and response.ok:
             return response.json()
         return None

regscale/models/regscale_models/control_objective.py

@@ -250,13 +250,82 @@ class ControlObjective(RegScaleModel):
         return control_objectives
 
 
+def _process_objective_ccis(objective: ControlObjective, ccis_to_control_ids: dict[str, set[int]]) -> None:
+    """
+    Process CCI IDs from a control objective.
+
+    :param ControlObjective objective: The control objective to process
+    :param dict ccis_to_control_ids: Dictionary to update with CCI mappings
+    :return: None
+    """
+    if not objective.otherId:
+        return
+
+    cci_ids = objective.otherId.split(",")
+    for cci_id in cci_ids:
+        cci_id = cci_id.strip()
+        if cci_id and cci_id.startswith("CCI-"):
+            ccis_to_control_ids[cci_id].add(objective.securityControlId)
+
+
+def _fetch_cci_objectives_batch(parent_id: int, skip: int, take: int) -> list[ControlObjective]:
+    """
+    Fetch a batch of CCI objectives.
+
+    :param int parent_id: The parent ID
+    :param int skip: Number of items to skip
+    :param int take: Number of items to take
+    :return: List of control objectives
+    :rtype: list[ControlObjective]
+    """
+    return ControlObjective.fetch_control_objectives_by_other_id(
+        parent_id=parent_id, other_id_contains="CCI-", skip=skip, take=take
+    )
+
+
 def map_ccis_to_control_ids(parent_id: int) -> dict:
+    """
+    Map CCI IDs to control IDs with pagination support.
+
+    :param int parent_id: The parent ID to fetch objectives for
+    :return: Dictionary mapping CCI IDs to sets of control IDs
+    :rtype: dict
+    """
+    import logging
+
+    logger = logging.getLogger("regscale")
     ccis_to_control_ids: dict[str, set[int]] = defaultdict(set)
-    objectives = ControlObjective.fetch_control_objectives_by_other_id(parent_id=parent_id, other_id_contains="CCI-")
 
-    for objective in objectives:
-        cci_ids = objective.otherId.split(",")
-        for cci_id in cci_ids:
-            ccis_to_control_ids[cci_id.strip()].add(objective.securityControlId)
+    try:
+        skip = 0
+        take = 50  # Use 50 as RegScale API limit
+        total_fetched = 0
+        max_iterations = 100  # Increase safety limit since batch size is smaller
+
+        for _ in range(max_iterations):
+            objectives = _fetch_cci_objectives_batch(parent_id, skip, take)
+            if not objectives:
+                break
+
+            # Process each objective
+            for objective in objectives:
+                _process_objective_ccis(objective, ccis_to_control_ids)
+
+            total_fetched += len(objectives)
+
+            # Check if we've reached the end
+            if len(objectives) < take:
+                break
+
+            skip += take
+        else:
+            logger.warning(f"Reached max iterations ({max_iterations}). Total fetched: {total_fetched}")
+
+    except Exception as e:
+        logger.debug(f"Error fetching CCI to control map: {e}")
+        return {}
+
+    if ccis_to_control_ids:
+        logger.debug(f"Mapped {len(ccis_to_control_ids)} unique CCIs to controls")
 
     return ccis_to_control_ids

regscale/models/regscale_models/file.py

@@ -385,6 +385,8 @@ class File(BaseModel):
                 file_type_header = "application/gzip"
             elif file_type == ".msg":
                 file_type_header = "application/vnd.ms-outlook"
+            elif file_type == ".jsonl":
+                file_type_header = "application/jsonl+json"
             else:
                 logger = logging.getLogger("regscale")
                 logger.warning(f"Unacceptable file type for upload: {file_type}")

regscale/models/regscale_models/form_field_value.py

@@ -122,7 +122,6 @@ class FormFieldValue(RegScaleModel):
                 f"The following custom fields are missing:\n \
                     {missing_custom_fields}\n \
                         Load these custom fields in RegScale \
-                        using the file: security_plan_custom_fields.json\
                         and run this command again"
             )
 
@@ -132,7 +131,8 @@ class FormFieldValue(RegScaleModel):
     def save_custom_fields(form_field_values: list):
         """
         Populate Custom Fields form a list of dict of
-        record_id, form_field_id, and field_value
+        record_id: int, record_module: str, form_field_id: int,
+        and field_value: Any
 
         :param list form_field_values: list of custom form
         fields, values, and the record to which to post
@@ -148,5 +148,7 @@ class FormFieldValue(RegScaleModel):
             ]
             if data:
                 FormFieldValue.save_custom_data(
-                    record_id=form_field_value["record_id"], module_name="securityplans", data=data
+                    record_id=form_field_value.get("record_id"),
+                    module_name=form_field_value.get("record_module", "securityplans"),
+                    data=data,
                 )

regscale/models/regscale_models/inheritance.py

@@ -0,0 +1,44 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""Model for Inheritance in the application"""
+
+from typing import Optional, Union
+
+from pydantic import ConfigDict, Field, field_validator
+
+from regscale.core.app.api import Api
+from regscale.core.app.logz import create_logger
+from regscale.core.app.utils.app_utils import get_current_datetime
+from regscale.models.regscale_models.regscale_model import RegScaleModel
+
+
+class Inheritance(RegScaleModel):
+    """
+    Inherited Control model
+    """
+
+    _module_slug = "inheritance"
+
+    id: int = 0
+    recordId: int = 0
+    recordModule: str
+    policyId: Optional[int] = None
+    planId: Optional[int] = None
+    dateInherited: Optional[str] = Field(default_factory=get_current_datetime)
+
+    @staticmethod
+    def _get_additional_endpoints() -> ConfigDict:
+        """
+        Get additional endpoints for the Inherited Controls model.
+
+        :return: A dictionary of additional endpoints
+        :rtype: ConfigDict
+        """
+        return ConfigDict(  # type: ignore
+            get_all_by_parent="/api/{model_slug}/getAllByParent/{intParentID}/{strModule}",
+            get_all_by_control="/api/{model_slug}/getAllByBaseControl/{control_id}",
+        )
+
+    ## Note: There are no endpoints in this module for
+    # get (get_object)
+    # post (save/update)