Enhancement to handle arboretum fetcher-built OSCO evidence as input

[degenaro]

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing tests passed.
• All commits are signed-off.

Description

• Provide trestle task osco-to-oscal to read input Arboretum-Auditree fetcher-built files from input directory and write OSCAL-like transformed data to corresponding files in output directory.
• Provide test-cases covering transformation function and task.

Comments

The Compliance-As-Code auditree-arboretum cluster resource fetcher (see ComplianceAsCode/auditree-arboretum#9) produces evidence which comprises the equivalent of one or more OpenShift Compliance Operator (OSCO) .yaml files.

In the end, the XML results of the OSCO .yaml file and of the auditree-arboretum fetcher are formatted the same. Thus, ingesting either OSCO .yaml files or fetcher .json files boils down to being able to find the XML results then transform them into OSCAL. The code contributed here provides the ability to do the OSCAL transformation on the fetcher-built .json files.

closes #310

[codecov]

Codecov Report

Merging #311 (f3d7c03) into develop (81124fb) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff            @@
##           develop     #311   +/-   ##
========================================
  Coverage    99.08%   99.08%           
========================================
  Files           52       52           
  Lines         6098     6133   +35     
========================================
+ Hits          6042     6077   +35     
  Misses          56       56           

Impacted Files	Coverage Δ
trestle/tasks/osco_to_oscal.py	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 81124fb...a0a170b. Read the comment docs.

[butler54]

LGTM
If you can have a quick look at the comment w.r.t. logging before merging it would be appreciated.

[butler54]

So one item I forgot to mention. The logger should automatically observe a -v flag passed into the CLI which will turn on debug logging. If that behaves as expected that would be my preference (as it removes the need for an additional flag.

It is not a blocker more of a FYI

[degenaro]

For the most part the code does expect and follow the standard of the -v flag. Note that the task produces logging output about the file written and some analysis of the results encountered at the info level of execute. The quiet flag is meant to suppress all logging output, meaning the aforementioned info. At this point it is a frill, you might say, and can be removed entirely...or not. Nevertheless and with respect to symmetry, for the case of simulate these outputs are at the debug level while at the execute level they are at the info level. I think it's OK the way it is, but am not wedded to the need for the quiet flag. If preference is to remove, just say the word. Is there a way to suppress .info level output already?