[CloudSecurity][Fleet] Add CloudFormation install method to CSPM#159994
[CloudSecurity][Fleet] Add CloudFormation install method to CSPM#159994opauloh merged 27 commits intoelastic:mainfrom
Conversation
opauloh
added
release_note:feature
|
Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security) |
botelastic
Bot
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
juliaElastic
left a comment
juliaElastic
left a comment
There was a problem hiding this comment.
LGTM, added a few suggestions.
JordanSh
left a comment
JordanSh
left a comment
There was a problem hiding this comment.
left some suggestions mainly around simplifying readability
| const checkCurrentTemplate = newPolicy?.inputs?.find((i: any) => i.type === CLOUDBEAT_AWS) | ||
| ?.config?.cloud_formation_template_url?.value; | ||
|
|
||
| if (setupFormat !== 'cloudFormation') { | ||
| if (checkCurrentTemplate !== null) { | ||
| updateCloudFormationPolicyTemplate(newPolicy, updatePolicy, null); | ||
| } | ||
| return; | ||
| } |
There was a problem hiding this comment.
This can return undefined
const checkCurrentTemplate = newPolicy?.inputs?.find((i: any) => i.type === CLOUDBEAT_AWS)
?.config?.cloud_formation_template_url?.value;so this:
if (checkCurrentTemplate !== null) {
updateCloudFormationPolicyTemplate(newPolicy, updatePolicy, null);
}essentially checks for undefined !== null which will result in true, and updateCloudFormationPolicyTemplate will get called.
| ], | ||
| }, | ||
| ], | ||
| } as PackageInfo; |
There was a problem hiding this comment.
might be better to type the return, with as we might make mistakes that won't get noticed.
This one is important, happened to me and it's very confusing |
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Page load bundle
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
JordanSh
left a comment
JordanSh
left a comment
There was a problem hiding this comment.
left some comments, i pulled the or and the overall flow seemed ok, i think its safe to merge so we can start testing it.
also, I don't think it's considered a blocker but I didn't have a fleet on my local env so I installed one locally. the installation was successful and I could follow it up by adding an agent to my integration (directly from fleet installation flyout). but when i clicked on add agent, I got the wrong form:
After that, closing and reopening the flyout did open the correct form with the cloudformation option. so it seems it's only a problem when coming from the fleet flyout, and we can push a separate fix for it.
cc: @kfirpeled @nick-alayil
| import { SetupFormat, useAwsCredentialsForm } from './hooks'; | ||
|
|
||
| interface AWSSetupInfoContentProps { | ||
| integrationLink: string; |
There was a problem hiding this comment.
can we rename this? the current name suggest its a link to an integration
| input: Extract<NewPackagePolicyPostureInput, { type: 'cloudbeat/cis_aws' }>; | ||
| updatePolicy(updatedPolicy: NewPackagePolicy): void; | ||
| packageInfo: PackageInfo; | ||
| onChange: any; |
| ] as const) { | ||
| it(`updates package policy with hidden vars for ${name}`, () => { | ||
| const inputVars = getPostureInputHiddenVars(name); | ||
| const inputVars = getPostureInputHiddenVars(name, {} as any); |
There was a problem hiding this comment.
as PackageInfo is preferable
| const template: string | undefined = newPolicy?.inputs?.find((i) => i.type === CLOUDBEAT_AWS) | ||
| ?.config?.cloud_formation_template_url?.value; | ||
|
|
||
| return template || undefined; |
There was a problem hiding this comment.
if template can either be string or undefined, || undefined is redundant
| newPolicy: NewPackagePolicy; | ||
| input: Extract<NewPackagePolicyPostureInput, { type: 'cloudbeat/cis_aws' }>; | ||
| packageInfo: PackageInfo; | ||
| onChange: (opts: any) => void; |
…stic#159994) (cherry picked from commit 5728bfa)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
#159994) (#160559) # Backport This will backport the following commits from `main` to `8.9`: - [[CloudSecurity][Fleet] Add CloudFormation install method to CSPM (#159994)](#159994) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Paulo Henrique","email":"paulo.henrique@elastic.co"},"sourceCommit":{"committedDate":"2023-06-26T18:19:05Z","message":"[CloudSecurity][Fleet] Add CloudFormation install method to CSPM (#159994)","sha":"5728bfa1a7514eeb425e0894dab85ba63f48e8fa","branchLabelMapping":{"^v8.10.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Fleet","release_note:feature","Team:Cloud Security","backport:prev-minor","ci:cloud-deploy","v8.9.0","v8.10.0"],"number":159994,"url":"https://github.com/elastic/kibana/pull/159994","mergeCommit":{"message":"[CloudSecurity][Fleet] Add CloudFormation install method to CSPM (#159994)","sha":"5728bfa1a7514eeb425e0894dab85ba63f48e8fa"}},"sourceBranch":"main","suggestedTargetBranches":["8.9"],"targetPullRequestStates":[{"branch":"8.9","label":"v8.9.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.10.0","labelRegex":"^v8.10.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/159994","number":159994,"mergeCommit":{"message":"[CloudSecurity][Fleet] Add CloudFormation install method to CSPM (#159994)","sha":"5728bfa1a7514eeb425e0894dab85ba63f48e8fa"}}]}] BACKPORT--> Co-authored-by: Paulo Henrique <paulo.henrique@elastic.co>
8 participants
Summary
it closes #157761
This PR adds the CloudFormation install method to the CSPM Cloud Security integration. The following changes were made:
Cloud Security changes
CloudFormationorManualsetup format.Updates
aws.credentials.type : cloud_formationfor better backwards compatibilityFleet changes
SUBMITTED_CLOUD_FORMATIONto the integration install form to show the CloudFormation post-install modal for CloudFormation integrations.useCreateCloudFormationUrlhook.Screenshots