feat(ui): rename scan configuration endpoint (#11710)

This commit is contained in:
Pedro Martín
2026-06-29 13:36:38 +02:00
committed by GitHub
parent 36a609f2ee
commit d850349a1c
15 changed files with 331 additions and 305 deletions
+2 -2
View File
@@ -6,8 +6,8 @@ All notable changes to the **Prowler UI** are documented in this file.
### 🚀 Added
- Add `Scan Config` menu item under the Configuration menu (only available in Prowler Cloud) [(#11695)](https://github.com/prowler-cloud/prowler/pull/11695)
- Scan configuration management page (`/scan-config`) to create, edit, and manage scan configs with live YAML validation against the server JSON Schema (only available in Prowler Cloud) [(#11695)](https://github.com/prowler-cloud/prowler/pull/11695)
- Add `Scan Configuration` menu item under the Configuration menu (only available in Prowler Cloud) [(#11695)](https://github.com/prowler-cloud/prowler/pull/11695)
- Scan configuration management page (`/scan-configurations`) to create, edit, and manage scan configurations with live YAML validation against the server JSON Schema (only available in Prowler Cloud) [(#11695)](https://github.com/prowler-cloud/prowler/pull/11695)
- Surface an "invalid scan configuration" note on compliance requirements that fail solely because the applied scan config does not meet them [(#11695)](https://github.com/prowler-cloud/prowler/pull/11695)
- Filter the Overview, Findings, Resources, Scans, and Providers views by provider group [(#11659)](https://github.com/prowler-cloud/prowler/pull/11659)
- CIS Controls v8.1 compliance support, including its detail view and report mapping [(#11700)](https://github.com/prowler-cloud/prowler/pull/11700)
-1
View File
@@ -1 +0,0 @@
export * from "./scan-configs";
+1
View File
@@ -0,0 +1 @@
export * from "./scan-configurations";
@@ -5,20 +5,21 @@ import { revalidatePath } from "next/cache";
import { z } from "zod";
import { apiBaseUrl, getAuthHeaders } from "@/lib/helper";
import { scanConfigFormSchema } from "@/types/formSchemas";
import { scanConfigurationFormSchema } from "@/types/formSchemas";
import {
DeleteScanConfigActionState,
ScanConfigActionState,
ScanConfigData,
ScanConfigErrors,
ScanConfigRequestBody,
} from "@/types/scan-configs";
DeleteScanConfigurationActionState,
ScanConfigurationActionState,
ScanConfigurationData,
ScanConfigurationErrors,
ScanConfigurationRequestBody,
} from "@/types/scan-configurations";
const SCAN_CONFIG_PATH = "/scan-config";
const SCAN_CONFIGURATION_PATH = "/scan-configurations";
// Scan Config IDs are UUIDs. Validate before interpolating into request URLs so
// a malformed/crafted value can't inject path segments (SSRF / path injection).
const scanConfigIdSchema = z.uuid();
// Scan Configuration IDs are UUIDs. Validate before interpolating into request
// URLs so a malformed/crafted value can't inject path segments (SSRF / path
// injection).
const scanConfigurationIdSchema = z.uuid();
const parseConfiguration = (value: string): Record<string, unknown> => {
// Backend (YamlOrJsonField) accepts either a YAML string or a JSON object.
@@ -37,10 +38,10 @@ const collectProviderIds = (formData: FormData): string[] => {
.filter(Boolean);
};
export const createScanConfig = async (
_prevState: ScanConfigActionState,
export const createScanConfiguration = async (
_prevState: ScanConfigurationActionState,
formData: FormData,
): Promise<ScanConfigActionState> => {
): Promise<ScanConfigurationActionState> => {
const headers = await getAuthHeaders({ contentType: true });
const formDataObject = {
name: formData.get("name"),
@@ -48,7 +49,7 @@ export const createScanConfig = async (
provider_ids: collectProviderIds(formData),
};
const validated = scanConfigFormSchema.safeParse(formDataObject);
const validated = scanConfigurationFormSchema.safeParse(formDataObject);
if (!validated.success) {
const fieldErrors = validated.error.flatten().fieldErrors;
return {
@@ -75,10 +76,10 @@ export const createScanConfig = async (
}
try {
const url = new URL(`${apiBaseUrl}/scan-configs`);
const bodyData: ScanConfigRequestBody = {
const url = new URL(`${apiBaseUrl}/scan-configurations`);
const bodyData: ScanConfigurationRequestBody = {
data: {
type: "scan-configs",
type: "scan-configurations",
attributes: {
name,
configuration: parsedConfig,
@@ -97,11 +98,11 @@ export const createScanConfig = async (
const detail =
errorData?.errors?.[0]?.detail ||
errorData?.message ||
`Failed to create Scan Config: ${response.statusText}`;
`Failed to create Scan Configuration: ${response.statusText}`;
const pointer = errorData?.errors?.[0]?.source?.pointer as
| string
| undefined;
const errors: ScanConfigErrors = {};
const errors: ScanConfigurationErrors = {};
if (pointer?.includes("name")) errors.name = detail;
else if (pointer?.includes("configuration"))
errors.configuration = detail;
@@ -111,35 +112,37 @@ export const createScanConfig = async (
}
const data = await response.json();
revalidatePath(SCAN_CONFIG_PATH);
revalidatePath(SCAN_CONFIGURATION_PATH);
return {
success: "Scan Config created successfully!",
data: data.data as ScanConfigData,
success: "Scan Configuration created successfully!",
data: data.data as ScanConfigurationData,
};
} catch (error) {
console.error("Error creating Scan Config:", error);
console.error("Error creating Scan Configuration:", error);
return {
errors: {
general:
error instanceof Error
? error.message
: "Error creating Scan Config. Please try again.",
: "Error creating Scan Configuration. Please try again.",
},
};
}
};
export const updateScanConfig = async (
_prevState: ScanConfigActionState,
export const updateScanConfiguration = async (
_prevState: ScanConfigurationActionState,
formData: FormData,
): Promise<ScanConfigActionState> => {
): Promise<ScanConfigurationActionState> => {
const id = formData.get("id");
if (!id) {
return { errors: { general: "Scan Config ID is required for update" } };
return {
errors: { general: "Scan Configuration ID is required for update" },
};
}
const idResult = scanConfigIdSchema.safeParse(String(id));
const idResult = scanConfigurationIdSchema.safeParse(String(id));
if (!idResult.success) {
return { errors: { general: "Invalid Scan Config ID" } };
return { errors: { general: "Invalid Scan Configuration ID" } };
}
const validId = idResult.data;
const headers = await getAuthHeaders({ contentType: true });
@@ -149,7 +152,7 @@ export const updateScanConfig = async (
provider_ids: collectProviderIds(formData),
};
const validated = scanConfigFormSchema.safeParse(formDataObject);
const validated = scanConfigurationFormSchema.safeParse(formDataObject);
if (!validated.success) {
const fieldErrors = validated.error.flatten().fieldErrors;
return {
@@ -176,10 +179,10 @@ export const updateScanConfig = async (
}
try {
const url = new URL(`${apiBaseUrl}/scan-configs/${validId}`);
const bodyData: ScanConfigRequestBody = {
const url = new URL(`${apiBaseUrl}/scan-configurations/${validId}`);
const bodyData: ScanConfigurationRequestBody = {
data: {
type: "scan-configs",
type: "scan-configurations",
id: validId,
attributes: {
name,
@@ -199,35 +202,35 @@ export const updateScanConfig = async (
const detail =
errorData?.errors?.[0]?.detail ||
errorData?.message ||
`Failed to update Scan Config: ${response.statusText}`;
`Failed to update Scan Configuration: ${response.statusText}`;
return { errors: { general: detail } };
}
const data = await response.json();
revalidatePath(SCAN_CONFIG_PATH);
revalidatePath(SCAN_CONFIGURATION_PATH);
return {
success: "Scan Config updated successfully!",
data: data.data as ScanConfigData,
success: "Scan Configuration updated successfully!",
data: data.data as ScanConfigurationData,
};
} catch (error) {
console.error("Error updating Scan Config:", error);
console.error("Error updating Scan Configuration:", error);
return {
errors: {
general:
error instanceof Error
? error.message
: "Error updating Scan Config. Please try again.",
: "Error updating Scan Configuration. Please try again.",
},
};
}
};
export const getScanConfigSchema = async (): Promise<Record<
export const getScanConfigurationSchema = async (): Promise<Record<
string,
unknown
> | null> => {
const headers = await getAuthHeaders({ contentType: false });
const url = new URL(`${apiBaseUrl}/scan-configs/schema`);
const url = new URL(`${apiBaseUrl}/scan-configurations/schema`);
try {
const response = await fetch(url.toString(), {
method: "GET",
@@ -235,7 +238,7 @@ export const getScanConfigSchema = async (): Promise<Record<
});
if (!response.ok) {
throw new Error(
`Failed to fetch Scan Config schema: ${response.statusText}`,
`Failed to fetch Scan Configuration schema: ${response.statusText}`,
);
}
const json = await response.json();
@@ -244,14 +247,16 @@ export const getScanConfigSchema = async (): Promise<Record<
| undefined;
return schema ?? null;
} catch (error) {
console.error("Error fetching Scan Config schema:", error);
console.error("Error fetching Scan Configuration schema:", error);
return null;
}
};
export const listScanConfigs = async (): Promise<ScanConfigData[]> => {
export const listScanConfigurations = async (): Promise<
ScanConfigurationData[]
> => {
const headers = await getAuthHeaders({ contentType: false });
const url = new URL(`${apiBaseUrl}/scan-configs`);
const url = new URL(`${apiBaseUrl}/scan-configurations`);
try {
const response = await fetch(url.toString(), {
@@ -259,23 +264,28 @@ export const listScanConfigs = async (): Promise<ScanConfigData[]> => {
headers,
});
if (!response.ok) {
throw new Error(`Failed to list Scan Configs: ${response.statusText}`);
throw new Error(
`Failed to list Scan Configurations: ${response.statusText}`,
);
}
const json = await response.json();
return (json.data || []) as ScanConfigData[];
return (json.data || []) as ScanConfigurationData[];
} catch (error) {
console.error("Error listing Scan Configs:", error);
return [];
// Re-throw so callers can distinguish a fetch/auth failure from an empty
// result. Collapsing errors into `[]` would render a false "no scan
// configurations" state and overwrite the table on a failed refresh.
console.error("Error listing Scan Configurations:", error);
throw error;
}
};
export const getScanConfig = async (
export const getScanConfiguration = async (
id: string,
): Promise<ScanConfigData | undefined> => {
const idResult = scanConfigIdSchema.safeParse(id);
): Promise<ScanConfigurationData | undefined> => {
const idResult = scanConfigurationIdSchema.safeParse(id);
if (!idResult.success) return undefined;
const headers = await getAuthHeaders({ contentType: false });
const url = new URL(`${apiBaseUrl}/scan-configs/${idResult.data}`);
const url = new URL(`${apiBaseUrl}/scan-configurations/${idResult.data}`);
try {
const response = await fetch(url.toString(), {
@@ -284,28 +294,30 @@ export const getScanConfig = async (
});
if (!response.ok) return undefined;
const json = await response.json();
return json.data as ScanConfigData;
return json.data as ScanConfigurationData;
} catch (error) {
console.error("Error fetching Scan Config:", error);
console.error("Error fetching Scan Configuration:", error);
return undefined;
}
};
export const deleteScanConfig = async (
_prevState: DeleteScanConfigActionState,
export const deleteScanConfiguration = async (
_prevState: DeleteScanConfigurationActionState,
formData: FormData,
): Promise<DeleteScanConfigActionState> => {
): Promise<DeleteScanConfigurationActionState> => {
const headers = await getAuthHeaders({ contentType: true });
const id = formData.get("id");
if (!id) {
return { errors: { general: "Scan Config ID is required for deletion" } };
return {
errors: { general: "Scan Configuration ID is required for deletion" },
};
}
const idResult = scanConfigIdSchema.safeParse(String(id));
const idResult = scanConfigurationIdSchema.safeParse(String(id));
if (!idResult.success) {
return { errors: { general: "Invalid Scan Config ID" } };
return { errors: { general: "Invalid Scan Configuration ID" } };
}
try {
const url = new URL(`${apiBaseUrl}/scan-configs/${idResult.data}`);
const url = new URL(`${apiBaseUrl}/scan-configurations/${idResult.data}`);
const response = await fetch(url.toString(), {
method: "DELETE",
headers,
@@ -314,19 +326,19 @@ export const deleteScanConfig = async (
const errorData = await response.json().catch(() => ({}));
throw new Error(
errorData.errors?.[0]?.detail ||
`Failed to delete Scan Config: ${response.statusText}`,
`Failed to delete Scan Configuration: ${response.statusText}`,
);
}
revalidatePath(SCAN_CONFIG_PATH);
return { success: "Scan Config deleted successfully!" };
revalidatePath(SCAN_CONFIGURATION_PATH);
return { success: "Scan Configuration deleted successfully!" };
} catch (error) {
console.error("Error deleting Scan Config:", error);
console.error("Error deleting Scan Configuration:", error);
return {
errors: {
general:
error instanceof Error
? error.message
: "Error deleting Scan Config. Please try again.",
: "Error deleting Scan Configuration. Please try again.",
},
};
}
-34
View File
@@ -1,34 +0,0 @@
import { redirect } from "next/navigation";
import { getAllProviders } from "@/actions/providers";
import { getScanConfigSchema, listScanConfigs } from "@/actions/scan-configs";
import { ContentLayout } from "@/components/ui";
import { isCloud } from "@/lib/shared/env";
import { ScanConfigsManager } from "./_components/scan-configs-manager";
export default async function ScanConfigPage() {
// Scan Config is a Prowler Cloud-only feature; the OSS API has no
// /scan-configs endpoints, so guard the route before hitting them.
if (!isCloud()) {
redirect("/");
}
const [configs, providersResponse, schema] = await Promise.all([
listScanConfigs(),
getAllProviders({}),
getScanConfigSchema(),
]);
const richProviders = providersResponse?.data ?? [];
return (
<ContentLayout title="Scan Config" icon="lucide:sliders">
<ScanConfigsManager
initialConfigs={configs}
richProviders={richProviders}
schema={schema}
/>
</ContentLayout>
);
}
@@ -5,7 +5,10 @@ import { useRef } from "react";
import { useForm } from "react-hook-form";
import { z } from "zod";
import { createScanConfig, updateScanConfig } from "@/actions/scan-configs";
import {
createScanConfiguration,
updateScanConfiguration,
} from "@/actions/scan-configurations";
import { AccountsSelector } from "@/app/(prowler)/_overview/_components/accounts-selector";
import {
Button,
@@ -21,44 +24,44 @@ import { CustomLink } from "@/components/ui/custom/custom-link";
import { fontMono } from "@/config/fonts";
import {
convertToYaml,
defaultScanConfigYaml,
validateScanConfigPayload,
defaultScanConfigurationYaml,
validateScanConfigurationPayload,
} from "@/lib/yaml";
import { scanConfigFormSchema } from "@/types/formSchemas";
import { scanConfigurationFormSchema } from "@/types/formSchemas";
import { ProviderProps } from "@/types/providers";
import { ScanConfigData } from "@/types/scan-configs";
import { ScanConfigurationData } from "@/types/scan-configurations";
interface ScanConfigEditorProps {
interface ScanConfigurationEditorProps {
open: boolean;
onClose: (saved: boolean) => void;
richProviders: ProviderProps[];
existingConfigs: ScanConfigData[];
config: ScanConfigData | null;
existingConfigs: ScanConfigurationData[];
config: ScanConfigurationData | null;
schema: Record<string, unknown> | null;
}
interface ScanConfigFormProps {
interface ScanConfigurationFormProps {
onClose: (saved: boolean) => void;
richProviders: ProviderProps[];
existingConfigs: ScanConfigData[];
config: ScanConfigData | null;
existingConfigs: ScanConfigurationData[];
config: ScanConfigurationData | null;
schema: Record<string, unknown> | null;
}
// `provider_ids` has a zod `.default([])`, so the resolver's input and output
// types differ — type the form with both so RHF and zodResolver line up.
type ScanConfigFormInput = z.input<typeof scanConfigFormSchema>;
type ScanConfigFormValues = z.output<typeof scanConfigFormSchema>;
type ScanConfigurationFormInput = z.input<typeof scanConfigurationFormSchema>;
type ScanConfigurationFormValues = z.output<typeof scanConfigurationFormSchema>;
const MAX_ERRORS_SHOWN = 10;
function ScanConfigForm({
function ScanConfigurationForm({
onClose,
richProviders,
existingConfigs,
config,
schema,
}: ScanConfigFormProps) {
}: ScanConfigurationFormProps) {
const isEdit = !!config;
const { toast } = useToast();
const errorPanelRef = useRef<HTMLDivElement | null>(null);
@@ -66,8 +69,12 @@ function ScanConfigForm({
// The form is remounted every time the modal opens (Radix unmounts the
// dialog content on close), so deriving the defaults from `config` here is
// enough to reset the form — no `useEffect` needed.
const form = useForm<ScanConfigFormInput, unknown, ScanConfigFormValues>({
resolver: zodResolver(scanConfigFormSchema),
const form = useForm<
ScanConfigurationFormInput,
unknown,
ScanConfigurationFormValues
>({
resolver: zodResolver(scanConfigurationFormSchema),
defaultValues: config
? {
name: config.attributes.name,
@@ -84,7 +91,7 @@ function ScanConfigForm({
// form state because it's derived purely from the current YAML text — skip it
// while the field is empty so we don't flag an error before the user types.
const yamlValidation = configText.trim()
? validateScanConfigPayload(configText, schema)
? validateScanConfigurationPayload(configText, schema)
: { isValid: true, errors: [] };
// A provider can only be attached to one config at a time. We exclude
@@ -104,16 +111,9 @@ function ScanConfigForm({
const lockedCount = richProviders.length - selectableProviders.length;
const onSubmit = form.handleSubmit(async (values) => {
// zod validates name length and YAML *syntax*; richer schema violations
// (ranges/enums) surface through `yamlValidation` and must block here too.
// The inline panel already lists every schema/syntax error in real time, so
// we don't duplicate them in a toast — just bring the panel into view.
if (yamlValidation.errors.length > 0) {
toast({
variant: "destructive",
title: "Cannot save",
description: `${yamlValidation.errors.length} validation ${
yamlValidation.errors.length === 1 ? "error" : "errors"
} in the configuration. Fix them before saving.`,
});
errorPanelRef.current?.scrollIntoView({
behavior: "smooth",
block: "center",
@@ -133,18 +133,22 @@ function ScanConfigForm({
try {
const result = config
? await updateScanConfig(null, formData)
: await createScanConfig(null, formData);
? await updateScanConfiguration(null, formData)
: await createScanConfiguration(null, formData);
if (result?.success) {
toast({
title: isEdit ? "Scan Config updated" : "Scan Config created",
title: isEdit
? "Scan Configuration updated"
: "Scan Configuration created",
description: result.success,
});
onClose(true);
return;
}
// Field-level errors render inline next to each input; only a general
// error (no field to anchor it to) falls back to a toast.
const errors = result?.errors || {};
if (errors.name) form.setError("name", { message: errors.name });
if (errors.configuration)
@@ -157,16 +161,6 @@ function ScanConfigForm({
title: "Oops! Something went wrong",
description: errors.general,
});
} else if (errors.configuration || errors.name || errors.provider_ids) {
toast({
variant: "destructive",
title: "Validation failed",
description:
errors.configuration ||
errors.name ||
errors.provider_ids ||
"Please review the form.",
});
}
} catch (e) {
toast({
@@ -186,9 +180,9 @@ function ScanConfigForm({
return (
<form onSubmit={onSubmit} className="flex flex-col gap-5">
<Field>
<FieldLabel htmlFor="scan-config-name">Name</FieldLabel>
<FieldLabel htmlFor="scan-configuration-name">Name</FieldLabel>
<Input
id="scan-config-name"
id="scan-configuration-name"
placeholder="e.g. stricter-iam-aws"
aria-invalid={!!nameError}
{...form.register("name")}
@@ -197,7 +191,9 @@ function ScanConfigForm({
</Field>
<Field>
<FieldLabel htmlFor="scan-config-yaml">Configuration (YAML)</FieldLabel>
<FieldLabel htmlFor="scan-configuration-yaml">
Configuration (YAML)
</FieldLabel>
<p className="text-default-500 text-tiny">
Follows the structure of{" "}
<CustomLink
@@ -210,8 +206,8 @@ function ScanConfigForm({
are listed below in real time.
</p>
<Textarea
id="scan-config-yaml"
placeholder={defaultScanConfigYaml}
id="scan-configuration-yaml"
placeholder={defaultScanConfigurationYaml}
rows={14}
aria-invalid={!!configError || !yamlValidation.isValid}
className={fontMono.className + " text-sm"}
@@ -219,10 +215,12 @@ function ScanConfigForm({
/>
<div aria-live="polite" className="mt-1" ref={errorPanelRef}>
{yamlValidation.errors.length === 0 && configText.trim() ? (
<p className="text-tiny text-success">Configuration valid</p>
<p className="text-tiny text-text-success-primary">
Configuration valid
</p>
) : yamlValidation.errors.length > 0 ? (
<div className="border-danger-200 bg-danger-50 rounded-md border p-3">
<p className="text-tiny text-danger mb-1 font-medium">
<div className="border-border-error rounded-md border bg-red-50 p-3 dark:bg-red-950/50">
<p className="text-tiny text-text-error-primary mb-1 font-medium">
{yamlValidation.errors.length} validation{" "}
{yamlValidation.errors.length === 1 ? "error" : "errors"}:
</p>
@@ -250,15 +248,16 @@ function ScanConfigForm({
</Field>
<Field>
<FieldLabel>Attach to accounts</FieldLabel>
<FieldLabel>Attach to providers</FieldLabel>
<p className="text-default-500 text-tiny">
Pick the cloud accounts that should use this configuration on their
Pick the cloud providers that should use this configuration on their
next scan.
{lockedCount > 0 && (
<>
{" "}
{lockedCount} {lockedCount === 1 ? "account is" : "accounts are"}{" "}
hidden because they are already attached to another Scan Config.
{lockedCount}{" "}
{lockedCount === 1 ? "provider is" : "providers are"} hidden
because they are already attached to another Scan Configuration.
</>
)}
</p>
@@ -266,7 +265,7 @@ function ScanConfigForm({
<p className="text-default-500 text-tiny italic">
{richProviders.length === 0
? "No providers available in this tenant."
: "All providers are already attached to other Scan Configs."}
: "All providers are already attached to other Scan Configurations."}
</p>
) : (
<AccountsSelector
@@ -276,8 +275,8 @@ function ScanConfigForm({
}
selectedValues={selectedProviders}
search={{
placeholder: "Search accounts...",
emptyMessage: "No accounts found.",
placeholder: "Search providers...",
emptyMessage: "No providers found.",
}}
/>
)}
@@ -302,14 +301,14 @@ function ScanConfigForm({
);
}
export function ScanConfigEditor({
export function ScanConfigurationEditor({
open,
onClose,
richProviders,
existingConfigs,
config,
schema,
}: ScanConfigEditorProps) {
}: ScanConfigurationEditorProps) {
const isEdit = !!config;
return (
@@ -318,10 +317,10 @@ export function ScanConfigEditor({
onOpenChange={(o) => {
if (!o) onClose(false);
}}
title={isEdit ? "Edit Scan Config" : "New Scan Config"}
title={isEdit ? "Edit Scan Configuration" : "New Scan Configuration"}
size="2xl"
>
<ScanConfigForm
<ScanConfigurationForm
key={config?.id ?? "new"}
onClose={onClose}
richProviders={richProviders}
@@ -6,12 +6,12 @@ import { Pencil, Trash2 } from "lucide-react";
import { Button } from "@/components/shadcn";
import { DateWithTime } from "@/components/ui/entities";
import { DataTableColumnHeader } from "@/components/ui/table";
import { ScanConfigData } from "@/types/scan-configs";
import { ScanConfigurationData } from "@/types/scan-configurations";
export const createScanConfigsColumns = (
onEdit: (config: ScanConfigData) => void,
onDelete: (config: ScanConfigData) => void,
): ColumnDef<ScanConfigData>[] => [
export const createScanConfigurationsColumns = (
onEdit: (config: ScanConfigurationData) => void,
onDelete: (config: ScanConfigurationData) => void,
): ColumnDef<ScanConfigurationData>[] => [
{
accessorKey: "attributes.name",
header: ({ column }) => (
@@ -28,7 +28,7 @@ export const createScanConfigsColumns = (
{
id: "providers_count",
header: ({ column }) => (
<DataTableColumnHeader column={column} title="Accounts" />
<DataTableColumnHeader column={column} title="Providers" />
),
cell: ({ row }) => {
const count = row.original.attributes.providers?.length ?? 0;
@@ -36,10 +36,10 @@ export const createScanConfigsColumns = (
<span className="text-text-neutral-primary text-sm">
{count === 0 ? (
<span className="text-text-neutral-tertiary italic">
No accounts
No providers
</span>
) : (
`${count} ${count === 1 ? "account" : "accounts"}`
`${count} ${count === 1 ? "provider" : "providers"}`
)}
</span>
);
@@ -3,7 +3,10 @@
import { Plus, Trash2 } from "lucide-react";
import { useState } from "react";
import { deleteScanConfig, listScanConfigs } from "@/actions/scan-configs";
import {
deleteScanConfiguration,
listScanConfigurations,
} from "@/actions/scan-configurations";
import { AccountsSelector } from "@/app/(prowler)/_overview/_components/accounts-selector";
import { BatchFiltersLayout } from "@/components/filters/batch-filters-layout";
import { ClearFiltersButton } from "@/components/filters/clear-filters-button";
@@ -12,43 +15,51 @@ import { Modal } from "@/components/shadcn/modal";
import { useToast } from "@/components/ui";
import { DataTable } from "@/components/ui/table";
import { ProviderProps } from "@/types/providers";
import { ScanConfigData } from "@/types/scan-configs";
import { ScanConfigurationData } from "@/types/scan-configurations";
import { ScanConfigEditor } from "./scan-config-editor";
import { createScanConfigsColumns } from "./scan-configs-columns";
import { ScanConfigurationEditor } from "./scan-configuration-editor";
import { createScanConfigurationsColumns } from "./scan-configurations-columns";
// Same column basis classes as `FindingsFilters` so the controls align across
// breakpoints with the rest of the product.
const FILTER_CONTROL_COLUMN_CLASS =
"min-w-0 flex-none basis-full sm:basis-[calc((100%_-_0.75rem)/2)] lg:basis-[calc((100%_-_1.5rem)/3)] xl:basis-[calc((100%_-_2.25rem)/4)] 2xl:basis-[calc((100%_-_3rem)/5)]";
interface ScanConfigsManagerProps {
initialConfigs: ScanConfigData[];
interface ScanConfigurationsManagerProps {
initialConfigs: ScanConfigurationData[];
richProviders: ProviderProps[];
schema: Record<string, unknown> | null;
}
export function ScanConfigsManager({
export function ScanConfigurationsManager({
initialConfigs,
richProviders,
schema,
}: ScanConfigsManagerProps) {
const [configs, setConfigs] = useState<ScanConfigData[]>(initialConfigs);
}: ScanConfigurationsManagerProps) {
const [configs, setConfigs] =
useState<ScanConfigurationData[]>(initialConfigs);
const [editorOpen, setEditorOpen] = useState(false);
const [editingConfig, setEditingConfig] = useState<ScanConfigData | null>(
null,
);
const [pendingDelete, setPendingDelete] = useState<ScanConfigData | null>(
null,
);
const [editingConfig, setEditingConfig] =
useState<ScanConfigurationData | null>(null);
const [pendingDelete, setPendingDelete] =
useState<ScanConfigurationData | null>(null);
const [isDeleting, setIsDeleting] = useState(false);
const [accountFilter, setAccountFilter] = useState<string[]>([]);
const [providerFilter, setProviderFilter] = useState<string[]>([]);
const [nameSearch, setNameSearch] = useState<string>("");
const { toast } = useToast();
const refresh = async () => {
const fresh = await listScanConfigs();
try {
const fresh = await listScanConfigurations();
setConfigs(fresh);
} catch {
// Keep the current table on a failed reload instead of clearing it.
toast({
variant: "destructive",
title: "Oops! Something went wrong",
description: "Failed to reload Scan Configurations. Please try again.",
});
}
};
const openCreate = () => {
@@ -56,7 +67,7 @@ export function ScanConfigsManager({
setEditorOpen(true);
};
const openEdit = (config: ScanConfigData) => {
const openEdit = (config: ScanConfigurationData) => {
setEditingConfig(config);
setEditorOpen(true);
};
@@ -76,10 +87,10 @@ export function ScanConfigsManager({
formData.append("id", pendingDelete.id);
try {
const result = await deleteScanConfig(null, formData);
const result = await deleteScanConfiguration(null, formData);
if (result?.success) {
toast({
title: "Scan Config deleted",
title: "Scan Configuration deleted",
description: result.success,
});
await refresh();
@@ -94,7 +105,7 @@ export function ScanConfigsManager({
toast({
variant: "destructive",
title: "Oops! Something went wrong",
description: "Error deleting Scan Config. Please try again.",
description: "Error deleting Scan Configuration. Please try again.",
});
} finally {
setIsDeleting(false);
@@ -102,15 +113,15 @@ export function ScanConfigsManager({
}
};
const columns = createScanConfigsColumns(
const columns = createScanConfigurationsColumns(
(cfg) => openEdit(cfg),
(cfg) => setPendingDelete(cfg),
);
const filteredConfigs = configs.filter((c) => {
if (accountFilter.length > 0) {
if (providerFilter.length > 0) {
const attached = c.attributes.providers || [];
const overlaps = accountFilter.some((pid) => attached.includes(pid));
const overlaps = providerFilter.some((pid) => attached.includes(pid));
if (!overlaps) return false;
}
if (nameSearch) {
@@ -120,17 +131,20 @@ export function ScanConfigsManager({
return true;
});
const noMatchForAccount =
accountFilter.length > 0 && filteredConfigs.length === 0 && !nameSearch;
const noMatchForProvider =
providerFilter.length > 0 &&
filteredConfigs.length === 0 &&
!nameSearch.trim();
const hasAnyFilter = accountFilter.length > 0 || nameSearch.length > 0;
const hasAnyFilter =
providerFilter.length > 0 || nameSearch.trim().length > 0;
const handleAccountsChange = (_filterKey: string, values: string[]) => {
setAccountFilter(values);
const handleProvidersChange = (_filterKey: string, values: string[]) => {
setProviderFilter(values);
};
const clearFilters = () => {
setAccountFilter([]);
setProviderFilter([]);
setNameSearch("");
};
@@ -138,46 +152,46 @@ export function ScanConfigsManager({
<>
<div className="mb-6">
<BatchFiltersLayout
testIdPrefix="scan-config"
testIdPrefix="scan-configuration"
controlsClassName="gap-3"
controls={
<>
<div className={FILTER_CONTROL_COLUMN_CLASS}>
<AccountsSelector
providers={richProviders}
onBatchChange={handleAccountsChange}
selectedValues={accountFilter}
onBatchChange={handleProvidersChange}
selectedValues={providerFilter}
/>
</div>
{hasAnyFilter && (
<ClearFiltersButton
showCount
pendingCount={
accountFilter.length + (nameSearch.trim() ? 1 : 0)
providerFilter.length + (nameSearch.trim() ? 1 : 0)
}
onClear={clearFilters}
/>
)}
<Button size="lg" onClick={openCreate} className="md:ml-auto">
<Plus className="size-4" />
New Scan Config
New Scan Configuration
</Button>
</>
}
/>
</div>
{noMatchForAccount ? (
{noMatchForProvider ? (
<Card variant="base" className="p-8 text-center">
<p className="text-default-700 text-sm font-medium">
{accountFilter.length === 1
? "No Scan Config is attached to this account."
: "No Scan Config is attached to any of the selected accounts."}
{providerFilter.length === 1
? "No Scan Configuration is attached to this provider."
: "No Scan Configuration is attached to any of the selected providers."}
</p>
<p className="text-default-500 mt-1 text-sm">
The next scan{accountFilter.length === 1 ? "" : "s"} will use the
built-in defaults shipped with Prowler. Attach a Scan Config from
the editor to override them.
The next scan{providerFilter.length === 1 ? "" : "s"} will use the
built-in defaults shipped with Prowler. Attach a Scan Configuration
from the editor to override them.
</p>
</Card>
) : (
@@ -195,7 +209,7 @@ export function ScanConfigsManager({
/>
)}
<ScanConfigEditor
<ScanConfigurationEditor
open={editorOpen}
onClose={handleEditorClose}
richProviders={richProviders}
@@ -207,14 +221,15 @@ export function ScanConfigsManager({
<Modal
open={!!pendingDelete}
onOpenChange={(open) => !open && setPendingDelete(null)}
title="Delete Scan Config"
title="Delete Scan Configuration"
size="md"
>
<div className="flex flex-col gap-4">
<p className="text-default-600 text-sm">
Are you sure you want to delete{" "}
<strong>{pendingDelete?.attributes.name}</strong>? Attached accounts
will fall back to the built-in scan defaults on their next scan.
<strong>{pendingDelete?.attributes.name}</strong>? Attached
providers will fall back to the built-in scan defaults on their next
scan.
</p>
<div className="flex w-full justify-end gap-4">
<Button
@@ -0,0 +1,39 @@
import { redirect } from "next/navigation";
import { getAllProviders } from "@/actions/providers";
import {
getScanConfigurationSchema,
listScanConfigurations,
} from "@/actions/scan-configurations";
import { ContentLayout } from "@/components/ui";
import { isCloud } from "@/lib/shared/env";
import { ScanConfigurationsManager } from "./_components/scan-configurations-manager";
export default async function ScanConfigPage() {
// Scan Configuration is a Prowler Cloud-only feature; the OSS API has no
// /scan-configurations endpoints, so guard the route before hitting them.
if (!isCloud()) {
redirect("/");
}
// A failure here propagates to the `(prowler)/error.tsx` boundary instead of
// rendering a false "no scan configurations" empty table during SSR.
const [configs, providersResponse, schema] = await Promise.all([
listScanConfigurations(),
getAllProviders({}),
getScanConfigurationSchema(),
]);
const richProviders = providersResponse?.data ?? [];
return (
<ContentLayout title="Scan Configuration" icon="lucide:sliders">
<ScanConfigurationsManager
initialConfigs={configs}
richProviders={richProviders}
schema={schema}
/>
</ContentLayout>
);
}
+7 -7
View File
@@ -92,14 +92,14 @@ describe("getMenuList", () => {
);
});
it("should show Scan Config as disabled Cloud-only in OSS when Cloud is disabled", () => {
it("should show Scan Configuration as disabled Cloud-only in OSS when Cloud is disabled", () => {
// Given / When
const scanConfig = findSubmenu("Scan Config");
const scanConfig = findSubmenu("Scan Configuration");
// Then
expect(scanConfig).toEqual(
expect.objectContaining({
href: "/scan-config",
href: "/scan-configurations",
disabled: true,
cloudOnly: true,
highlight: true,
@@ -108,20 +108,20 @@ describe("getMenuList", () => {
);
});
it("should show Scan Config as new under Configuration when Cloud is enabled", () => {
it("should show Scan Configuration as new under Configuration when Cloud is enabled", () => {
// Given
process.env.NEXT_PUBLIC_IS_CLOUD_ENV = "true";
// When
const scanConfig = getMenuList({ pathname: "/scan-config" })
const scanConfig = getMenuList({ pathname: "/scan-configurations" })
.flatMap((group) => group.menus)
.flatMap((menu) => menu.submenus ?? [])
.find((submenu) => submenu.label === "Scan Config");
.find((submenu) => submenu.label === "Scan Configuration");
// Then
expect(scanConfig).toEqual(
expect.objectContaining({
href: "/scan-config",
href: "/scan-configurations",
active: true,
highlight: true,
}),
+3 -3
View File
@@ -133,10 +133,10 @@ export const getMenuList = ({
active: pathname === "/mutelist",
},
{
href: "/scan-config",
label: "Scan Config",
href: "/scan-configurations",
label: "Scan Configuration",
icon: SlidersHorizontal,
active: isCloudEnv && pathname.startsWith("/scan-config"),
active: isCloudEnv && pathname.startsWith("/scan-configurations"),
highlight: true,
disabled: !isCloudEnv,
cloudOnly: !isCloudEnv,
+8 -8
View File
@@ -275,14 +275,14 @@ Mutelist:
Tags:
- "Name=aws-controltower-VPC"`;
export interface ScanConfigValidationError {
export interface ScanConfigurationValidationError {
path: string;
message: string;
}
export interface ScanConfigValidationResult {
export interface ScanConfigurationValidationResult {
isValid: boolean;
errors: ScanConfigValidationError[];
errors: ScanConfigurationValidationError[];
}
// Compile the JSON Schema with ajv at most once per schema reference.
@@ -316,16 +316,16 @@ const formatAjvPath = (err: ErrorObject): string => {
};
/**
* Validate a YAML string against the aggregated Scan Config JSON Schema.
* Validate a YAML string against the aggregated Scan Configuration JSON Schema.
*
* If `schema` is null (e.g. backend unreachable), it falls back to only
* checking that the YAML parses to a mapping — so the user is never blocked
* from saving when the schema endpoint is down.
*/
export const validateScanConfigPayload = (
export const validateScanConfigurationPayload = (
val: string,
schema: Record<string, unknown> | null,
): ScanConfigValidationResult => {
): ScanConfigurationValidationResult => {
const yamlCheck = validateYaml(val);
if (!yamlCheck.isValid) {
return {
@@ -377,10 +377,10 @@ export const validateScanConfigPayload = (
return { isValid: false, errors };
};
export const defaultScanConfigYaml = `# Scan Config overrides the per-tenant defaults documented in
export const defaultScanConfigurationYaml = `# Scan Configuration overrides the per-tenant defaults documented in
# prowler/config/config.yaml. Add only the keys you want to override.
# Allowed ranges and enums are described by the server-side JSON Schema
# served at /api/v1/scan-configs/schema; invalid values are flagged below.
# served at /api/v1/scan-configurations/schema; invalid values are flagged below.
aws:
max_unused_access_keys_days: 45
+7 -14
View File
@@ -723,10 +723,12 @@ export const mutedFindingsConfigFormSchema = z.object({
id: z.string().optional(),
});
// The schema-driven (ranges/enums/types) validation lives in the editor via
// `validateScanConfigPayload(yamlString, schema)` in `lib/yaml.ts`. Here we
// only enforce the form-level shape: a name and a YAML string that parses.
export const scanConfigFormSchema = z.object({
// The editor owns content validation: live YAML syntax + schema (ranges/enums)
// checks run through `validateScanConfigurationPayload(yamlString, schema)` in
// `lib/yaml.ts` and surface in a single inline panel. Here we only enforce the
// form-level shape (a name and a non-empty configuration) so we don't render the
// same YAML error twice.
export const scanConfigurationFormSchema = z.object({
name: z
.string()
.trim()
@@ -735,16 +737,7 @@ export const scanConfigFormSchema = z.object({
configuration: z
.string()
.trim()
.min(1, { message: "Configuration is required" })
.superRefine((val, ctx) => {
const yamlValidation = validateYaml(val);
if (!yamlValidation.isValid) {
ctx.addIssue({
code: "custom",
message: `Invalid YAML format: ${yamlValidation.error}`,
});
}
}),
.min(1, { error: "Configuration is required" }),
provider_ids: z.array(z.uuid()).optional().default([]),
id: z.string().optional(),
});
-53
View File
@@ -1,53 +0,0 @@
export interface ScanConfigAttributes {
inserted_at: string;
updated_at: string;
name: string;
configuration: string | Record<string, unknown>;
providers: string[];
}
export interface ScanConfigData {
type: "scan-configs";
id: string;
attributes: ScanConfigAttributes;
}
export interface ScanConfigListResponse {
data: ScanConfigData[];
}
export interface ScanConfigErrors {
name?: string;
configuration?: string;
provider_ids?: string;
general?: string;
}
export interface ScanConfigRequestAttributes {
name: string;
configuration: Record<string, unknown>;
provider_ids: string[];
}
export interface ScanConfigRequestData {
type: "scan-configs";
id?: string;
attributes: ScanConfigRequestAttributes;
}
export interface ScanConfigRequestBody {
data: ScanConfigRequestData;
}
export type ScanConfigActionState = {
errors?: ScanConfigErrors;
success?: string;
data?: ScanConfigData;
} | null;
export type DeleteScanConfigActionState = {
errors?: {
general?: string;
};
success?: string;
} | null;
+55
View File
@@ -0,0 +1,55 @@
export interface ScanConfigurationAttributes {
inserted_at: string;
updated_at: string;
name: string;
configuration: string | Record<string, unknown>;
providers: string[];
}
export interface ScanConfigurationData {
type: "scan-configurations";
id: string;
attributes: ScanConfigurationAttributes;
}
export interface ScanConfigurationListResponse {
data: ScanConfigurationData[];
}
export interface ScanConfigurationErrors {
name?: string;
configuration?: string;
provider_ids?: string;
general?: string;
}
export interface ScanConfigurationRequestAttributes {
name: string;
configuration: Record<string, unknown>;
provider_ids: string[];
}
export interface ScanConfigurationRequestData {
type: "scan-configurations";
id?: string;
attributes: ScanConfigurationRequestAttributes;
}
export interface ScanConfigurationRequestBody {
data: ScanConfigurationRequestData;
}
export type ScanConfigurationActionState = {
errors?: ScanConfigurationErrors;
success?: string;
data?: ScanConfigurationData;
} | null;
export interface DeleteScanConfigurationErrors {
general?: string;
}
export type DeleteScanConfigurationActionState = {
errors?: DeleteScanConfigurationErrors;
success?: string;
} | null;