Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update MS.AAD.3.3v1 to decouple the policy from MS.AAD.3.1v1 and match the updated rego checks #1588

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Update MS.AAD.3.3v1 to decouple the policy from MS.AAD.3.1v1 and match the updated rego checks #1588

wants to merge 2 commits into from

Conversation

ahuynhMITRE
Copy link
Collaborator

@ahuynhMITRE ahuynhMITRE commented Feb 20, 2025
edited
Loading

🗣 Description

This PR is to update the policy name and description for MS.AAD.3.3v1 to decouple the policy from MS.AAD.3.1v1 and align with the updated rego checks found in issue #1484.

💭 Motivation and context

Change required to better align with the implementation of the policy and to decouple it from MS.AAD.3.1v1.
Closes #1584

🧪 Testing

Policy name and description match proposed rename found in PR #1549
date modified updated to February 2025
new policy name appears on scubagear reports

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • PR targets the correct parent branch (e.g., main or release-name) for merge.
  • Changes are limited to a single goal - eschew scope creep!
  • Changes are sized such that they do not touch excessive number of files.
    (https://github.com/cisagov/ScubaGear/blob/main/CONTENTSTYLEGUIDE.md).
  • Related issues these changes resolve are linked preferably via closing keywords.
  • All relevant type-of-change labels added.
  • All relevant project fields are set.
  • All relevant repo and/or project documentation updated to reflect these changes.
  • All relevant functional tests passed.
  • All automated checks (e.g., linting, static analysis, unit/smoke tests) passed.

✅ Pre-merge checklist

  • PR passed smoke test check.

  • Feature branch has been rebased against changes from parent branch, as needed

    Use Rebase branch button below or use this reference to rebase from the command line.

  • Resolved all merge conflicts on branch

  • Notified merge coordinator that PR is ready for merge via comment mention

  • Demonstrate changes to the team for questions and comments.
    (Note: Only required for issues of size Medium or larger)

✅ Post-merge checklist

  • Feature branch deleted after merge to clean up repository.
  • Verified that all checks pass on parent branch (e.g., main or release-name) after merge.

@ahuynhMITRE ahuynhMITRE added the baseline-document Issues relating to the text in the baseline documents themselves label Feb 20, 2025
@ahuynhMITRE ahuynhMITRE added this to the Marlin milestone Feb 20, 2025
@ahuynhMITRE ahuynhMITRE self-assigned this Feb 20, 2025
@ahuynhMITRE
reverting AAD.3.3v2 -> v1
7ea4f47 
policy is materially the same
@ahuynhMITRE ahuynhMITRE marked this pull request as draft February 20, 2025 20:04
@ahuynhMITRE
Copy link
Collaborator Author

moving to draft atm due to the question on v1 vs v2 question in slack. If updating to v2, references in test plans and the rego will also be updated.

@tkol2022
Copy link
Collaborator

As part of the changes for this PR please also remove policy 3.3 from the CapExclusionsNamespace in Support.psm1. This policy does not support exclusions and I just tested New-ScubaConfig and it generates a sample config file with 3.3 in it which is incorrect. Thanks.

image

Here is an incorrect sample config file that was generated from my test.
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehaines1 ehaines1 Awaiting requested review from ehaines1

@tkol2022 tkol2022 Awaiting requested review from tkol2022

@mitchelbaker-cisa mitchelbaker-cisa Awaiting requested review from mitchelbaker-cisa

At least 2 approving reviews are required to merge this pull request.

Assignees

@ahuynhMITRE ahuynhMITRE

Labels
baseline-document Issues relating to the text in the baseline documents themselves
Projects
None yet
Milestone
Marlin
Development

Successfully merging this pull request may close these issues.

Update MS.AAD.3.3v1 Policy name and description now that the policy has been decoupled with MS.AAD.3.1v1
2 participants
@ahuynhMITRE @tkol2022