mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
feat(ui): rename scan configuration endpoint (#11710)
This commit is contained in:
+2
-2
@@ -6,8 +6,8 @@ All notable changes to the **Prowler UI** are documented in this file.
|
||||
|
||||
### 🚀 Added
|
||||
|
||||
- Add `Scan Config` menu item under the Configuration menu (only available in Prowler Cloud) [(#11695)](https://github.com/prowler-cloud/prowler/pull/11695)
|
||||
- Scan configuration management page (`/scan-config`) to create, edit, and manage scan configs with live YAML validation against the server JSON Schema (only available in Prowler Cloud) [(#11695)](https://github.com/prowler-cloud/prowler/pull/11695)
|
||||
- Add `Scan Configuration` menu item under the Configuration menu (only available in Prowler Cloud) [(#11695)](https://github.com/prowler-cloud/prowler/pull/11695)
|
||||
- Scan configuration management page (`/scan-configurations`) to create, edit, and manage scan configurations with live YAML validation against the server JSON Schema (only available in Prowler Cloud) [(#11695)](https://github.com/prowler-cloud/prowler/pull/11695)
|
||||
- Surface an "invalid scan configuration" note on compliance requirements that fail solely because the applied scan config does not meet them [(#11695)](https://github.com/prowler-cloud/prowler/pull/11695)
|
||||
- Filter the Overview, Findings, Resources, Scans, and Providers views by provider group [(#11659)](https://github.com/prowler-cloud/prowler/pull/11659)
|
||||
- CIS Controls v8.1 compliance support, including its detail view and report mapping [(#11700)](https://github.com/prowler-cloud/prowler/pull/11700)
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
export * from "./scan-configs";
|
||||
@@ -0,0 +1 @@
|
||||
export * from "./scan-configurations";
|
||||
+81
-69
@@ -5,20 +5,21 @@ import { revalidatePath } from "next/cache";
|
||||
import { z } from "zod";
|
||||
|
||||
import { apiBaseUrl, getAuthHeaders } from "@/lib/helper";
|
||||
import { scanConfigFormSchema } from "@/types/formSchemas";
|
||||
import { scanConfigurationFormSchema } from "@/types/formSchemas";
|
||||
import {
|
||||
DeleteScanConfigActionState,
|
||||
ScanConfigActionState,
|
||||
ScanConfigData,
|
||||
ScanConfigErrors,
|
||||
ScanConfigRequestBody,
|
||||
} from "@/types/scan-configs";
|
||||
DeleteScanConfigurationActionState,
|
||||
ScanConfigurationActionState,
|
||||
ScanConfigurationData,
|
||||
ScanConfigurationErrors,
|
||||
ScanConfigurationRequestBody,
|
||||
} from "@/types/scan-configurations";
|
||||
|
||||
const SCAN_CONFIG_PATH = "/scan-config";
|
||||
const SCAN_CONFIGURATION_PATH = "/scan-configurations";
|
||||
|
||||
// Scan Config IDs are UUIDs. Validate before interpolating into request URLs so
|
||||
// a malformed/crafted value can't inject path segments (SSRF / path injection).
|
||||
const scanConfigIdSchema = z.uuid();
|
||||
// Scan Configuration IDs are UUIDs. Validate before interpolating into request
|
||||
// URLs so a malformed/crafted value can't inject path segments (SSRF / path
|
||||
// injection).
|
||||
const scanConfigurationIdSchema = z.uuid();
|
||||
|
||||
const parseConfiguration = (value: string): Record<string, unknown> => {
|
||||
// Backend (YamlOrJsonField) accepts either a YAML string or a JSON object.
|
||||
@@ -37,10 +38,10 @@ const collectProviderIds = (formData: FormData): string[] => {
|
||||
.filter(Boolean);
|
||||
};
|
||||
|
||||
export const createScanConfig = async (
|
||||
_prevState: ScanConfigActionState,
|
||||
export const createScanConfiguration = async (
|
||||
_prevState: ScanConfigurationActionState,
|
||||
formData: FormData,
|
||||
): Promise<ScanConfigActionState> => {
|
||||
): Promise<ScanConfigurationActionState> => {
|
||||
const headers = await getAuthHeaders({ contentType: true });
|
||||
const formDataObject = {
|
||||
name: formData.get("name"),
|
||||
@@ -48,7 +49,7 @@ export const createScanConfig = async (
|
||||
provider_ids: collectProviderIds(formData),
|
||||
};
|
||||
|
||||
const validated = scanConfigFormSchema.safeParse(formDataObject);
|
||||
const validated = scanConfigurationFormSchema.safeParse(formDataObject);
|
||||
if (!validated.success) {
|
||||
const fieldErrors = validated.error.flatten().fieldErrors;
|
||||
return {
|
||||
@@ -75,10 +76,10 @@ export const createScanConfig = async (
|
||||
}
|
||||
|
||||
try {
|
||||
const url = new URL(`${apiBaseUrl}/scan-configs`);
|
||||
const bodyData: ScanConfigRequestBody = {
|
||||
const url = new URL(`${apiBaseUrl}/scan-configurations`);
|
||||
const bodyData: ScanConfigurationRequestBody = {
|
||||
data: {
|
||||
type: "scan-configs",
|
||||
type: "scan-configurations",
|
||||
attributes: {
|
||||
name,
|
||||
configuration: parsedConfig,
|
||||
@@ -97,11 +98,11 @@ export const createScanConfig = async (
|
||||
const detail =
|
||||
errorData?.errors?.[0]?.detail ||
|
||||
errorData?.message ||
|
||||
`Failed to create Scan Config: ${response.statusText}`;
|
||||
`Failed to create Scan Configuration: ${response.statusText}`;
|
||||
const pointer = errorData?.errors?.[0]?.source?.pointer as
|
||||
| string
|
||||
| undefined;
|
||||
const errors: ScanConfigErrors = {};
|
||||
const errors: ScanConfigurationErrors = {};
|
||||
if (pointer?.includes("name")) errors.name = detail;
|
||||
else if (pointer?.includes("configuration"))
|
||||
errors.configuration = detail;
|
||||
@@ -111,35 +112,37 @@ export const createScanConfig = async (
|
||||
}
|
||||
|
||||
const data = await response.json();
|
||||
revalidatePath(SCAN_CONFIG_PATH);
|
||||
revalidatePath(SCAN_CONFIGURATION_PATH);
|
||||
return {
|
||||
success: "Scan Config created successfully!",
|
||||
data: data.data as ScanConfigData,
|
||||
success: "Scan Configuration created successfully!",
|
||||
data: data.data as ScanConfigurationData,
|
||||
};
|
||||
} catch (error) {
|
||||
console.error("Error creating Scan Config:", error);
|
||||
console.error("Error creating Scan Configuration:", error);
|
||||
return {
|
||||
errors: {
|
||||
general:
|
||||
error instanceof Error
|
||||
? error.message
|
||||
: "Error creating Scan Config. Please try again.",
|
||||
: "Error creating Scan Configuration. Please try again.",
|
||||
},
|
||||
};
|
||||
}
|
||||
};
|
||||
|
||||
export const updateScanConfig = async (
|
||||
_prevState: ScanConfigActionState,
|
||||
export const updateScanConfiguration = async (
|
||||
_prevState: ScanConfigurationActionState,
|
||||
formData: FormData,
|
||||
): Promise<ScanConfigActionState> => {
|
||||
): Promise<ScanConfigurationActionState> => {
|
||||
const id = formData.get("id");
|
||||
if (!id) {
|
||||
return { errors: { general: "Scan Config ID is required for update" } };
|
||||
return {
|
||||
errors: { general: "Scan Configuration ID is required for update" },
|
||||
};
|
||||
}
|
||||
const idResult = scanConfigIdSchema.safeParse(String(id));
|
||||
const idResult = scanConfigurationIdSchema.safeParse(String(id));
|
||||
if (!idResult.success) {
|
||||
return { errors: { general: "Invalid Scan Config ID" } };
|
||||
return { errors: { general: "Invalid Scan Configuration ID" } };
|
||||
}
|
||||
const validId = idResult.data;
|
||||
const headers = await getAuthHeaders({ contentType: true });
|
||||
@@ -149,7 +152,7 @@ export const updateScanConfig = async (
|
||||
provider_ids: collectProviderIds(formData),
|
||||
};
|
||||
|
||||
const validated = scanConfigFormSchema.safeParse(formDataObject);
|
||||
const validated = scanConfigurationFormSchema.safeParse(formDataObject);
|
||||
if (!validated.success) {
|
||||
const fieldErrors = validated.error.flatten().fieldErrors;
|
||||
return {
|
||||
@@ -176,10 +179,10 @@ export const updateScanConfig = async (
|
||||
}
|
||||
|
||||
try {
|
||||
const url = new URL(`${apiBaseUrl}/scan-configs/${validId}`);
|
||||
const bodyData: ScanConfigRequestBody = {
|
||||
const url = new URL(`${apiBaseUrl}/scan-configurations/${validId}`);
|
||||
const bodyData: ScanConfigurationRequestBody = {
|
||||
data: {
|
||||
type: "scan-configs",
|
||||
type: "scan-configurations",
|
||||
id: validId,
|
||||
attributes: {
|
||||
name,
|
||||
@@ -199,35 +202,35 @@ export const updateScanConfig = async (
|
||||
const detail =
|
||||
errorData?.errors?.[0]?.detail ||
|
||||
errorData?.message ||
|
||||
`Failed to update Scan Config: ${response.statusText}`;
|
||||
`Failed to update Scan Configuration: ${response.statusText}`;
|
||||
return { errors: { general: detail } };
|
||||
}
|
||||
|
||||
const data = await response.json();
|
||||
revalidatePath(SCAN_CONFIG_PATH);
|
||||
revalidatePath(SCAN_CONFIGURATION_PATH);
|
||||
return {
|
||||
success: "Scan Config updated successfully!",
|
||||
data: data.data as ScanConfigData,
|
||||
success: "Scan Configuration updated successfully!",
|
||||
data: data.data as ScanConfigurationData,
|
||||
};
|
||||
} catch (error) {
|
||||
console.error("Error updating Scan Config:", error);
|
||||
console.error("Error updating Scan Configuration:", error);
|
||||
return {
|
||||
errors: {
|
||||
general:
|
||||
error instanceof Error
|
||||
? error.message
|
||||
: "Error updating Scan Config. Please try again.",
|
||||
: "Error updating Scan Configuration. Please try again.",
|
||||
},
|
||||
};
|
||||
}
|
||||
};
|
||||
|
||||
export const getScanConfigSchema = async (): Promise<Record<
|
||||
export const getScanConfigurationSchema = async (): Promise<Record<
|
||||
string,
|
||||
unknown
|
||||
> | null> => {
|
||||
const headers = await getAuthHeaders({ contentType: false });
|
||||
const url = new URL(`${apiBaseUrl}/scan-configs/schema`);
|
||||
const url = new URL(`${apiBaseUrl}/scan-configurations/schema`);
|
||||
try {
|
||||
const response = await fetch(url.toString(), {
|
||||
method: "GET",
|
||||
@@ -235,7 +238,7 @@ export const getScanConfigSchema = async (): Promise<Record<
|
||||
});
|
||||
if (!response.ok) {
|
||||
throw new Error(
|
||||
`Failed to fetch Scan Config schema: ${response.statusText}`,
|
||||
`Failed to fetch Scan Configuration schema: ${response.statusText}`,
|
||||
);
|
||||
}
|
||||
const json = await response.json();
|
||||
@@ -244,14 +247,16 @@ export const getScanConfigSchema = async (): Promise<Record<
|
||||
| undefined;
|
||||
return schema ?? null;
|
||||
} catch (error) {
|
||||
console.error("Error fetching Scan Config schema:", error);
|
||||
console.error("Error fetching Scan Configuration schema:", error);
|
||||
return null;
|
||||
}
|
||||
};
|
||||
|
||||
export const listScanConfigs = async (): Promise<ScanConfigData[]> => {
|
||||
export const listScanConfigurations = async (): Promise<
|
||||
ScanConfigurationData[]
|
||||
> => {
|
||||
const headers = await getAuthHeaders({ contentType: false });
|
||||
const url = new URL(`${apiBaseUrl}/scan-configs`);
|
||||
const url = new URL(`${apiBaseUrl}/scan-configurations`);
|
||||
|
||||
try {
|
||||
const response = await fetch(url.toString(), {
|
||||
@@ -259,23 +264,28 @@ export const listScanConfigs = async (): Promise<ScanConfigData[]> => {
|
||||
headers,
|
||||
});
|
||||
if (!response.ok) {
|
||||
throw new Error(`Failed to list Scan Configs: ${response.statusText}`);
|
||||
throw new Error(
|
||||
`Failed to list Scan Configurations: ${response.statusText}`,
|
||||
);
|
||||
}
|
||||
const json = await response.json();
|
||||
return (json.data || []) as ScanConfigData[];
|
||||
return (json.data || []) as ScanConfigurationData[];
|
||||
} catch (error) {
|
||||
console.error("Error listing Scan Configs:", error);
|
||||
return [];
|
||||
// Re-throw so callers can distinguish a fetch/auth failure from an empty
|
||||
// result. Collapsing errors into `[]` would render a false "no scan
|
||||
// configurations" state and overwrite the table on a failed refresh.
|
||||
console.error("Error listing Scan Configurations:", error);
|
||||
throw error;
|
||||
}
|
||||
};
|
||||
|
||||
export const getScanConfig = async (
|
||||
export const getScanConfiguration = async (
|
||||
id: string,
|
||||
): Promise<ScanConfigData | undefined> => {
|
||||
const idResult = scanConfigIdSchema.safeParse(id);
|
||||
): Promise<ScanConfigurationData | undefined> => {
|
||||
const idResult = scanConfigurationIdSchema.safeParse(id);
|
||||
if (!idResult.success) return undefined;
|
||||
const headers = await getAuthHeaders({ contentType: false });
|
||||
const url = new URL(`${apiBaseUrl}/scan-configs/${idResult.data}`);
|
||||
const url = new URL(`${apiBaseUrl}/scan-configurations/${idResult.data}`);
|
||||
|
||||
try {
|
||||
const response = await fetch(url.toString(), {
|
||||
@@ -284,28 +294,30 @@ export const getScanConfig = async (
|
||||
});
|
||||
if (!response.ok) return undefined;
|
||||
const json = await response.json();
|
||||
return json.data as ScanConfigData;
|
||||
return json.data as ScanConfigurationData;
|
||||
} catch (error) {
|
||||
console.error("Error fetching Scan Config:", error);
|
||||
console.error("Error fetching Scan Configuration:", error);
|
||||
return undefined;
|
||||
}
|
||||
};
|
||||
|
||||
export const deleteScanConfig = async (
|
||||
_prevState: DeleteScanConfigActionState,
|
||||
export const deleteScanConfiguration = async (
|
||||
_prevState: DeleteScanConfigurationActionState,
|
||||
formData: FormData,
|
||||
): Promise<DeleteScanConfigActionState> => {
|
||||
): Promise<DeleteScanConfigurationActionState> => {
|
||||
const headers = await getAuthHeaders({ contentType: true });
|
||||
const id = formData.get("id");
|
||||
if (!id) {
|
||||
return { errors: { general: "Scan Config ID is required for deletion" } };
|
||||
return {
|
||||
errors: { general: "Scan Configuration ID is required for deletion" },
|
||||
};
|
||||
}
|
||||
const idResult = scanConfigIdSchema.safeParse(String(id));
|
||||
const idResult = scanConfigurationIdSchema.safeParse(String(id));
|
||||
if (!idResult.success) {
|
||||
return { errors: { general: "Invalid Scan Config ID" } };
|
||||
return { errors: { general: "Invalid Scan Configuration ID" } };
|
||||
}
|
||||
try {
|
||||
const url = new URL(`${apiBaseUrl}/scan-configs/${idResult.data}`);
|
||||
const url = new URL(`${apiBaseUrl}/scan-configurations/${idResult.data}`);
|
||||
const response = await fetch(url.toString(), {
|
||||
method: "DELETE",
|
||||
headers,
|
||||
@@ -314,19 +326,19 @@ export const deleteScanConfig = async (
|
||||
const errorData = await response.json().catch(() => ({}));
|
||||
throw new Error(
|
||||
errorData.errors?.[0]?.detail ||
|
||||
`Failed to delete Scan Config: ${response.statusText}`,
|
||||
`Failed to delete Scan Configuration: ${response.statusText}`,
|
||||
);
|
||||
}
|
||||
revalidatePath(SCAN_CONFIG_PATH);
|
||||
return { success: "Scan Config deleted successfully!" };
|
||||
revalidatePath(SCAN_CONFIGURATION_PATH);
|
||||
return { success: "Scan Configuration deleted successfully!" };
|
||||
} catch (error) {
|
||||
console.error("Error deleting Scan Config:", error);
|
||||
console.error("Error deleting Scan Configuration:", error);
|
||||
return {
|
||||
errors: {
|
||||
general:
|
||||
error instanceof Error
|
||||
? error.message
|
||||
: "Error deleting Scan Config. Please try again.",
|
||||
: "Error deleting Scan Configuration. Please try again.",
|
||||
},
|
||||
};
|
||||
}
|
||||
@@ -1,34 +0,0 @@
|
||||
import { redirect } from "next/navigation";
|
||||
|
||||
import { getAllProviders } from "@/actions/providers";
|
||||
import { getScanConfigSchema, listScanConfigs } from "@/actions/scan-configs";
|
||||
import { ContentLayout } from "@/components/ui";
|
||||
import { isCloud } from "@/lib/shared/env";
|
||||
|
||||
import { ScanConfigsManager } from "./_components/scan-configs-manager";
|
||||
|
||||
export default async function ScanConfigPage() {
|
||||
// Scan Config is a Prowler Cloud-only feature; the OSS API has no
|
||||
// /scan-configs endpoints, so guard the route before hitting them.
|
||||
if (!isCloud()) {
|
||||
redirect("/");
|
||||
}
|
||||
|
||||
const [configs, providersResponse, schema] = await Promise.all([
|
||||
listScanConfigs(),
|
||||
getAllProviders({}),
|
||||
getScanConfigSchema(),
|
||||
]);
|
||||
|
||||
const richProviders = providersResponse?.data ?? [];
|
||||
|
||||
return (
|
||||
<ContentLayout title="Scan Config" icon="lucide:sliders">
|
||||
<ScanConfigsManager
|
||||
initialConfigs={configs}
|
||||
richProviders={richProviders}
|
||||
schema={schema}
|
||||
/>
|
||||
</ContentLayout>
|
||||
);
|
||||
}
|
||||
+58
-59
@@ -5,7 +5,10 @@ import { useRef } from "react";
|
||||
import { useForm } from "react-hook-form";
|
||||
import { z } from "zod";
|
||||
|
||||
import { createScanConfig, updateScanConfig } from "@/actions/scan-configs";
|
||||
import {
|
||||
createScanConfiguration,
|
||||
updateScanConfiguration,
|
||||
} from "@/actions/scan-configurations";
|
||||
import { AccountsSelector } from "@/app/(prowler)/_overview/_components/accounts-selector";
|
||||
import {
|
||||
Button,
|
||||
@@ -21,44 +24,44 @@ import { CustomLink } from "@/components/ui/custom/custom-link";
|
||||
import { fontMono } from "@/config/fonts";
|
||||
import {
|
||||
convertToYaml,
|
||||
defaultScanConfigYaml,
|
||||
validateScanConfigPayload,
|
||||
defaultScanConfigurationYaml,
|
||||
validateScanConfigurationPayload,
|
||||
} from "@/lib/yaml";
|
||||
import { scanConfigFormSchema } from "@/types/formSchemas";
|
||||
import { scanConfigurationFormSchema } from "@/types/formSchemas";
|
||||
import { ProviderProps } from "@/types/providers";
|
||||
import { ScanConfigData } from "@/types/scan-configs";
|
||||
import { ScanConfigurationData } from "@/types/scan-configurations";
|
||||
|
||||
interface ScanConfigEditorProps {
|
||||
interface ScanConfigurationEditorProps {
|
||||
open: boolean;
|
||||
onClose: (saved: boolean) => void;
|
||||
richProviders: ProviderProps[];
|
||||
existingConfigs: ScanConfigData[];
|
||||
config: ScanConfigData | null;
|
||||
existingConfigs: ScanConfigurationData[];
|
||||
config: ScanConfigurationData | null;
|
||||
schema: Record<string, unknown> | null;
|
||||
}
|
||||
|
||||
interface ScanConfigFormProps {
|
||||
interface ScanConfigurationFormProps {
|
||||
onClose: (saved: boolean) => void;
|
||||
richProviders: ProviderProps[];
|
||||
existingConfigs: ScanConfigData[];
|
||||
config: ScanConfigData | null;
|
||||
existingConfigs: ScanConfigurationData[];
|
||||
config: ScanConfigurationData | null;
|
||||
schema: Record<string, unknown> | null;
|
||||
}
|
||||
|
||||
// `provider_ids` has a zod `.default([])`, so the resolver's input and output
|
||||
// types differ — type the form with both so RHF and zodResolver line up.
|
||||
type ScanConfigFormInput = z.input<typeof scanConfigFormSchema>;
|
||||
type ScanConfigFormValues = z.output<typeof scanConfigFormSchema>;
|
||||
type ScanConfigurationFormInput = z.input<typeof scanConfigurationFormSchema>;
|
||||
type ScanConfigurationFormValues = z.output<typeof scanConfigurationFormSchema>;
|
||||
|
||||
const MAX_ERRORS_SHOWN = 10;
|
||||
|
||||
function ScanConfigForm({
|
||||
function ScanConfigurationForm({
|
||||
onClose,
|
||||
richProviders,
|
||||
existingConfigs,
|
||||
config,
|
||||
schema,
|
||||
}: ScanConfigFormProps) {
|
||||
}: ScanConfigurationFormProps) {
|
||||
const isEdit = !!config;
|
||||
const { toast } = useToast();
|
||||
const errorPanelRef = useRef<HTMLDivElement | null>(null);
|
||||
@@ -66,8 +69,12 @@ function ScanConfigForm({
|
||||
// The form is remounted every time the modal opens (Radix unmounts the
|
||||
// dialog content on close), so deriving the defaults from `config` here is
|
||||
// enough to reset the form — no `useEffect` needed.
|
||||
const form = useForm<ScanConfigFormInput, unknown, ScanConfigFormValues>({
|
||||
resolver: zodResolver(scanConfigFormSchema),
|
||||
const form = useForm<
|
||||
ScanConfigurationFormInput,
|
||||
unknown,
|
||||
ScanConfigurationFormValues
|
||||
>({
|
||||
resolver: zodResolver(scanConfigurationFormSchema),
|
||||
defaultValues: config
|
||||
? {
|
||||
name: config.attributes.name,
|
||||
@@ -84,7 +91,7 @@ function ScanConfigForm({
|
||||
// form state because it's derived purely from the current YAML text — skip it
|
||||
// while the field is empty so we don't flag an error before the user types.
|
||||
const yamlValidation = configText.trim()
|
||||
? validateScanConfigPayload(configText, schema)
|
||||
? validateScanConfigurationPayload(configText, schema)
|
||||
: { isValid: true, errors: [] };
|
||||
|
||||
// A provider can only be attached to one config at a time. We exclude
|
||||
@@ -104,16 +111,9 @@ function ScanConfigForm({
|
||||
const lockedCount = richProviders.length - selectableProviders.length;
|
||||
|
||||
const onSubmit = form.handleSubmit(async (values) => {
|
||||
// zod validates name length and YAML *syntax*; richer schema violations
|
||||
// (ranges/enums) surface through `yamlValidation` and must block here too.
|
||||
// The inline panel already lists every schema/syntax error in real time, so
|
||||
// we don't duplicate them in a toast — just bring the panel into view.
|
||||
if (yamlValidation.errors.length > 0) {
|
||||
toast({
|
||||
variant: "destructive",
|
||||
title: "Cannot save",
|
||||
description: `${yamlValidation.errors.length} validation ${
|
||||
yamlValidation.errors.length === 1 ? "error" : "errors"
|
||||
} in the configuration. Fix them before saving.`,
|
||||
});
|
||||
errorPanelRef.current?.scrollIntoView({
|
||||
behavior: "smooth",
|
||||
block: "center",
|
||||
@@ -133,18 +133,22 @@ function ScanConfigForm({
|
||||
|
||||
try {
|
||||
const result = config
|
||||
? await updateScanConfig(null, formData)
|
||||
: await createScanConfig(null, formData);
|
||||
? await updateScanConfiguration(null, formData)
|
||||
: await createScanConfiguration(null, formData);
|
||||
|
||||
if (result?.success) {
|
||||
toast({
|
||||
title: isEdit ? "Scan Config updated" : "Scan Config created",
|
||||
title: isEdit
|
||||
? "Scan Configuration updated"
|
||||
: "Scan Configuration created",
|
||||
description: result.success,
|
||||
});
|
||||
onClose(true);
|
||||
return;
|
||||
}
|
||||
|
||||
// Field-level errors render inline next to each input; only a general
|
||||
// error (no field to anchor it to) falls back to a toast.
|
||||
const errors = result?.errors || {};
|
||||
if (errors.name) form.setError("name", { message: errors.name });
|
||||
if (errors.configuration)
|
||||
@@ -157,16 +161,6 @@ function ScanConfigForm({
|
||||
title: "Oops! Something went wrong",
|
||||
description: errors.general,
|
||||
});
|
||||
} else if (errors.configuration || errors.name || errors.provider_ids) {
|
||||
toast({
|
||||
variant: "destructive",
|
||||
title: "Validation failed",
|
||||
description:
|
||||
errors.configuration ||
|
||||
errors.name ||
|
||||
errors.provider_ids ||
|
||||
"Please review the form.",
|
||||
});
|
||||
}
|
||||
} catch (e) {
|
||||
toast({
|
||||
@@ -186,9 +180,9 @@ function ScanConfigForm({
|
||||
return (
|
||||
<form onSubmit={onSubmit} className="flex flex-col gap-5">
|
||||
<Field>
|
||||
<FieldLabel htmlFor="scan-config-name">Name</FieldLabel>
|
||||
<FieldLabel htmlFor="scan-configuration-name">Name</FieldLabel>
|
||||
<Input
|
||||
id="scan-config-name"
|
||||
id="scan-configuration-name"
|
||||
placeholder="e.g. stricter-iam-aws"
|
||||
aria-invalid={!!nameError}
|
||||
{...form.register("name")}
|
||||
@@ -197,7 +191,9 @@ function ScanConfigForm({
|
||||
</Field>
|
||||
|
||||
<Field>
|
||||
<FieldLabel htmlFor="scan-config-yaml">Configuration (YAML)</FieldLabel>
|
||||
<FieldLabel htmlFor="scan-configuration-yaml">
|
||||
Configuration (YAML)
|
||||
</FieldLabel>
|
||||
<p className="text-default-500 text-tiny">
|
||||
Follows the structure of{" "}
|
||||
<CustomLink
|
||||
@@ -210,8 +206,8 @@ function ScanConfigForm({
|
||||
are listed below in real time.
|
||||
</p>
|
||||
<Textarea
|
||||
id="scan-config-yaml"
|
||||
placeholder={defaultScanConfigYaml}
|
||||
id="scan-configuration-yaml"
|
||||
placeholder={defaultScanConfigurationYaml}
|
||||
rows={14}
|
||||
aria-invalid={!!configError || !yamlValidation.isValid}
|
||||
className={fontMono.className + " text-sm"}
|
||||
@@ -219,10 +215,12 @@ function ScanConfigForm({
|
||||
/>
|
||||
<div aria-live="polite" className="mt-1" ref={errorPanelRef}>
|
||||
{yamlValidation.errors.length === 0 && configText.trim() ? (
|
||||
<p className="text-tiny text-success">Configuration valid</p>
|
||||
<p className="text-tiny text-text-success-primary">
|
||||
Configuration valid
|
||||
</p>
|
||||
) : yamlValidation.errors.length > 0 ? (
|
||||
<div className="border-danger-200 bg-danger-50 rounded-md border p-3">
|
||||
<p className="text-tiny text-danger mb-1 font-medium">
|
||||
<div className="border-border-error rounded-md border bg-red-50 p-3 dark:bg-red-950/50">
|
||||
<p className="text-tiny text-text-error-primary mb-1 font-medium">
|
||||
{yamlValidation.errors.length} validation{" "}
|
||||
{yamlValidation.errors.length === 1 ? "error" : "errors"}:
|
||||
</p>
|
||||
@@ -250,15 +248,16 @@ function ScanConfigForm({
|
||||
</Field>
|
||||
|
||||
<Field>
|
||||
<FieldLabel>Attach to accounts</FieldLabel>
|
||||
<FieldLabel>Attach to providers</FieldLabel>
|
||||
<p className="text-default-500 text-tiny">
|
||||
Pick the cloud accounts that should use this configuration on their
|
||||
Pick the cloud providers that should use this configuration on their
|
||||
next scan.
|
||||
{lockedCount > 0 && (
|
||||
<>
|
||||
{" "}
|
||||
{lockedCount} {lockedCount === 1 ? "account is" : "accounts are"}{" "}
|
||||
hidden because they are already attached to another Scan Config.
|
||||
{lockedCount}{" "}
|
||||
{lockedCount === 1 ? "provider is" : "providers are"} hidden
|
||||
because they are already attached to another Scan Configuration.
|
||||
</>
|
||||
)}
|
||||
</p>
|
||||
@@ -266,7 +265,7 @@ function ScanConfigForm({
|
||||
<p className="text-default-500 text-tiny italic">
|
||||
{richProviders.length === 0
|
||||
? "No providers available in this tenant."
|
||||
: "All providers are already attached to other Scan Configs."}
|
||||
: "All providers are already attached to other Scan Configurations."}
|
||||
</p>
|
||||
) : (
|
||||
<AccountsSelector
|
||||
@@ -276,8 +275,8 @@ function ScanConfigForm({
|
||||
}
|
||||
selectedValues={selectedProviders}
|
||||
search={{
|
||||
placeholder: "Search accounts...",
|
||||
emptyMessage: "No accounts found.",
|
||||
placeholder: "Search providers...",
|
||||
emptyMessage: "No providers found.",
|
||||
}}
|
||||
/>
|
||||
)}
|
||||
@@ -302,14 +301,14 @@ function ScanConfigForm({
|
||||
);
|
||||
}
|
||||
|
||||
export function ScanConfigEditor({
|
||||
export function ScanConfigurationEditor({
|
||||
open,
|
||||
onClose,
|
||||
richProviders,
|
||||
existingConfigs,
|
||||
config,
|
||||
schema,
|
||||
}: ScanConfigEditorProps) {
|
||||
}: ScanConfigurationEditorProps) {
|
||||
const isEdit = !!config;
|
||||
|
||||
return (
|
||||
@@ -318,10 +317,10 @@ export function ScanConfigEditor({
|
||||
onOpenChange={(o) => {
|
||||
if (!o) onClose(false);
|
||||
}}
|
||||
title={isEdit ? "Edit Scan Config" : "New Scan Config"}
|
||||
title={isEdit ? "Edit Scan Configuration" : "New Scan Configuration"}
|
||||
size="2xl"
|
||||
>
|
||||
<ScanConfigForm
|
||||
<ScanConfigurationForm
|
||||
key={config?.id ?? "new"}
|
||||
onClose={onClose}
|
||||
richProviders={richProviders}
|
||||
+8
-8
@@ -6,12 +6,12 @@ import { Pencil, Trash2 } from "lucide-react";
|
||||
import { Button } from "@/components/shadcn";
|
||||
import { DateWithTime } from "@/components/ui/entities";
|
||||
import { DataTableColumnHeader } from "@/components/ui/table";
|
||||
import { ScanConfigData } from "@/types/scan-configs";
|
||||
import { ScanConfigurationData } from "@/types/scan-configurations";
|
||||
|
||||
export const createScanConfigsColumns = (
|
||||
onEdit: (config: ScanConfigData) => void,
|
||||
onDelete: (config: ScanConfigData) => void,
|
||||
): ColumnDef<ScanConfigData>[] => [
|
||||
export const createScanConfigurationsColumns = (
|
||||
onEdit: (config: ScanConfigurationData) => void,
|
||||
onDelete: (config: ScanConfigurationData) => void,
|
||||
): ColumnDef<ScanConfigurationData>[] => [
|
||||
{
|
||||
accessorKey: "attributes.name",
|
||||
header: ({ column }) => (
|
||||
@@ -28,7 +28,7 @@ export const createScanConfigsColumns = (
|
||||
{
|
||||
id: "providers_count",
|
||||
header: ({ column }) => (
|
||||
<DataTableColumnHeader column={column} title="Accounts" />
|
||||
<DataTableColumnHeader column={column} title="Providers" />
|
||||
),
|
||||
cell: ({ row }) => {
|
||||
const count = row.original.attributes.providers?.length ?? 0;
|
||||
@@ -36,10 +36,10 @@ export const createScanConfigsColumns = (
|
||||
<span className="text-text-neutral-primary text-sm">
|
||||
{count === 0 ? (
|
||||
<span className="text-text-neutral-tertiary italic">
|
||||
No accounts
|
||||
No providers
|
||||
</span>
|
||||
) : (
|
||||
`${count} ${count === 1 ? "account" : "accounts"}`
|
||||
`${count} ${count === 1 ? "provider" : "providers"}`
|
||||
)}
|
||||
</span>
|
||||
);
|
||||
+62
-47
@@ -3,7 +3,10 @@
|
||||
import { Plus, Trash2 } from "lucide-react";
|
||||
import { useState } from "react";
|
||||
|
||||
import { deleteScanConfig, listScanConfigs } from "@/actions/scan-configs";
|
||||
import {
|
||||
deleteScanConfiguration,
|
||||
listScanConfigurations,
|
||||
} from "@/actions/scan-configurations";
|
||||
import { AccountsSelector } from "@/app/(prowler)/_overview/_components/accounts-selector";
|
||||
import { BatchFiltersLayout } from "@/components/filters/batch-filters-layout";
|
||||
import { ClearFiltersButton } from "@/components/filters/clear-filters-button";
|
||||
@@ -12,43 +15,51 @@ import { Modal } from "@/components/shadcn/modal";
|
||||
import { useToast } from "@/components/ui";
|
||||
import { DataTable } from "@/components/ui/table";
|
||||
import { ProviderProps } from "@/types/providers";
|
||||
import { ScanConfigData } from "@/types/scan-configs";
|
||||
import { ScanConfigurationData } from "@/types/scan-configurations";
|
||||
|
||||
import { ScanConfigEditor } from "./scan-config-editor";
|
||||
import { createScanConfigsColumns } from "./scan-configs-columns";
|
||||
import { ScanConfigurationEditor } from "./scan-configuration-editor";
|
||||
import { createScanConfigurationsColumns } from "./scan-configurations-columns";
|
||||
|
||||
// Same column basis classes as `FindingsFilters` so the controls align across
|
||||
// breakpoints with the rest of the product.
|
||||
const FILTER_CONTROL_COLUMN_CLASS =
|
||||
"min-w-0 flex-none basis-full sm:basis-[calc((100%_-_0.75rem)/2)] lg:basis-[calc((100%_-_1.5rem)/3)] xl:basis-[calc((100%_-_2.25rem)/4)] 2xl:basis-[calc((100%_-_3rem)/5)]";
|
||||
|
||||
interface ScanConfigsManagerProps {
|
||||
initialConfigs: ScanConfigData[];
|
||||
interface ScanConfigurationsManagerProps {
|
||||
initialConfigs: ScanConfigurationData[];
|
||||
richProviders: ProviderProps[];
|
||||
schema: Record<string, unknown> | null;
|
||||
}
|
||||
|
||||
export function ScanConfigsManager({
|
||||
export function ScanConfigurationsManager({
|
||||
initialConfigs,
|
||||
richProviders,
|
||||
schema,
|
||||
}: ScanConfigsManagerProps) {
|
||||
const [configs, setConfigs] = useState<ScanConfigData[]>(initialConfigs);
|
||||
}: ScanConfigurationsManagerProps) {
|
||||
const [configs, setConfigs] =
|
||||
useState<ScanConfigurationData[]>(initialConfigs);
|
||||
const [editorOpen, setEditorOpen] = useState(false);
|
||||
const [editingConfig, setEditingConfig] = useState<ScanConfigData | null>(
|
||||
null,
|
||||
);
|
||||
const [pendingDelete, setPendingDelete] = useState<ScanConfigData | null>(
|
||||
null,
|
||||
);
|
||||
const [editingConfig, setEditingConfig] =
|
||||
useState<ScanConfigurationData | null>(null);
|
||||
const [pendingDelete, setPendingDelete] =
|
||||
useState<ScanConfigurationData | null>(null);
|
||||
const [isDeleting, setIsDeleting] = useState(false);
|
||||
const [accountFilter, setAccountFilter] = useState<string[]>([]);
|
||||
const [providerFilter, setProviderFilter] = useState<string[]>([]);
|
||||
const [nameSearch, setNameSearch] = useState<string>("");
|
||||
const { toast } = useToast();
|
||||
|
||||
const refresh = async () => {
|
||||
const fresh = await listScanConfigs();
|
||||
setConfigs(fresh);
|
||||
try {
|
||||
const fresh = await listScanConfigurations();
|
||||
setConfigs(fresh);
|
||||
} catch {
|
||||
// Keep the current table on a failed reload instead of clearing it.
|
||||
toast({
|
||||
variant: "destructive",
|
||||
title: "Oops! Something went wrong",
|
||||
description: "Failed to reload Scan Configurations. Please try again.",
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
const openCreate = () => {
|
||||
@@ -56,7 +67,7 @@ export function ScanConfigsManager({
|
||||
setEditorOpen(true);
|
||||
};
|
||||
|
||||
const openEdit = (config: ScanConfigData) => {
|
||||
const openEdit = (config: ScanConfigurationData) => {
|
||||
setEditingConfig(config);
|
||||
setEditorOpen(true);
|
||||
};
|
||||
@@ -76,10 +87,10 @@ export function ScanConfigsManager({
|
||||
formData.append("id", pendingDelete.id);
|
||||
|
||||
try {
|
||||
const result = await deleteScanConfig(null, formData);
|
||||
const result = await deleteScanConfiguration(null, formData);
|
||||
if (result?.success) {
|
||||
toast({
|
||||
title: "Scan Config deleted",
|
||||
title: "Scan Configuration deleted",
|
||||
description: result.success,
|
||||
});
|
||||
await refresh();
|
||||
@@ -94,7 +105,7 @@ export function ScanConfigsManager({
|
||||
toast({
|
||||
variant: "destructive",
|
||||
title: "Oops! Something went wrong",
|
||||
description: "Error deleting Scan Config. Please try again.",
|
||||
description: "Error deleting Scan Configuration. Please try again.",
|
||||
});
|
||||
} finally {
|
||||
setIsDeleting(false);
|
||||
@@ -102,15 +113,15 @@ export function ScanConfigsManager({
|
||||
}
|
||||
};
|
||||
|
||||
const columns = createScanConfigsColumns(
|
||||
const columns = createScanConfigurationsColumns(
|
||||
(cfg) => openEdit(cfg),
|
||||
(cfg) => setPendingDelete(cfg),
|
||||
);
|
||||
|
||||
const filteredConfigs = configs.filter((c) => {
|
||||
if (accountFilter.length > 0) {
|
||||
if (providerFilter.length > 0) {
|
||||
const attached = c.attributes.providers || [];
|
||||
const overlaps = accountFilter.some((pid) => attached.includes(pid));
|
||||
const overlaps = providerFilter.some((pid) => attached.includes(pid));
|
||||
if (!overlaps) return false;
|
||||
}
|
||||
if (nameSearch) {
|
||||
@@ -120,17 +131,20 @@ export function ScanConfigsManager({
|
||||
return true;
|
||||
});
|
||||
|
||||
const noMatchForAccount =
|
||||
accountFilter.length > 0 && filteredConfigs.length === 0 && !nameSearch;
|
||||
const noMatchForProvider =
|
||||
providerFilter.length > 0 &&
|
||||
filteredConfigs.length === 0 &&
|
||||
!nameSearch.trim();
|
||||
|
||||
const hasAnyFilter = accountFilter.length > 0 || nameSearch.length > 0;
|
||||
const hasAnyFilter =
|
||||
providerFilter.length > 0 || nameSearch.trim().length > 0;
|
||||
|
||||
const handleAccountsChange = (_filterKey: string, values: string[]) => {
|
||||
setAccountFilter(values);
|
||||
const handleProvidersChange = (_filterKey: string, values: string[]) => {
|
||||
setProviderFilter(values);
|
||||
};
|
||||
|
||||
const clearFilters = () => {
|
||||
setAccountFilter([]);
|
||||
setProviderFilter([]);
|
||||
setNameSearch("");
|
||||
};
|
||||
|
||||
@@ -138,46 +152,46 @@ export function ScanConfigsManager({
|
||||
<>
|
||||
<div className="mb-6">
|
||||
<BatchFiltersLayout
|
||||
testIdPrefix="scan-config"
|
||||
testIdPrefix="scan-configuration"
|
||||
controlsClassName="gap-3"
|
||||
controls={
|
||||
<>
|
||||
<div className={FILTER_CONTROL_COLUMN_CLASS}>
|
||||
<AccountsSelector
|
||||
providers={richProviders}
|
||||
onBatchChange={handleAccountsChange}
|
||||
selectedValues={accountFilter}
|
||||
onBatchChange={handleProvidersChange}
|
||||
selectedValues={providerFilter}
|
||||
/>
|
||||
</div>
|
||||
{hasAnyFilter && (
|
||||
<ClearFiltersButton
|
||||
showCount
|
||||
pendingCount={
|
||||
accountFilter.length + (nameSearch.trim() ? 1 : 0)
|
||||
providerFilter.length + (nameSearch.trim() ? 1 : 0)
|
||||
}
|
||||
onClear={clearFilters}
|
||||
/>
|
||||
)}
|
||||
<Button size="lg" onClick={openCreate} className="md:ml-auto">
|
||||
<Plus className="size-4" />
|
||||
New Scan Config
|
||||
New Scan Configuration
|
||||
</Button>
|
||||
</>
|
||||
}
|
||||
/>
|
||||
</div>
|
||||
|
||||
{noMatchForAccount ? (
|
||||
{noMatchForProvider ? (
|
||||
<Card variant="base" className="p-8 text-center">
|
||||
<p className="text-default-700 text-sm font-medium">
|
||||
{accountFilter.length === 1
|
||||
? "No Scan Config is attached to this account."
|
||||
: "No Scan Config is attached to any of the selected accounts."}
|
||||
{providerFilter.length === 1
|
||||
? "No Scan Configuration is attached to this provider."
|
||||
: "No Scan Configuration is attached to any of the selected providers."}
|
||||
</p>
|
||||
<p className="text-default-500 mt-1 text-sm">
|
||||
The next scan{accountFilter.length === 1 ? "" : "s"} will use the
|
||||
built-in defaults shipped with Prowler. Attach a Scan Config from
|
||||
the editor to override them.
|
||||
The next scan{providerFilter.length === 1 ? "" : "s"} will use the
|
||||
built-in defaults shipped with Prowler. Attach a Scan Configuration
|
||||
from the editor to override them.
|
||||
</p>
|
||||
</Card>
|
||||
) : (
|
||||
@@ -195,7 +209,7 @@ export function ScanConfigsManager({
|
||||
/>
|
||||
)}
|
||||
|
||||
<ScanConfigEditor
|
||||
<ScanConfigurationEditor
|
||||
open={editorOpen}
|
||||
onClose={handleEditorClose}
|
||||
richProviders={richProviders}
|
||||
@@ -207,14 +221,15 @@ export function ScanConfigsManager({
|
||||
<Modal
|
||||
open={!!pendingDelete}
|
||||
onOpenChange={(open) => !open && setPendingDelete(null)}
|
||||
title="Delete Scan Config"
|
||||
title="Delete Scan Configuration"
|
||||
size="md"
|
||||
>
|
||||
<div className="flex flex-col gap-4">
|
||||
<p className="text-default-600 text-sm">
|
||||
Are you sure you want to delete{" "}
|
||||
<strong>{pendingDelete?.attributes.name}</strong>? Attached accounts
|
||||
will fall back to the built-in scan defaults on their next scan.
|
||||
<strong>{pendingDelete?.attributes.name}</strong>? Attached
|
||||
providers will fall back to the built-in scan defaults on their next
|
||||
scan.
|
||||
</p>
|
||||
<div className="flex w-full justify-end gap-4">
|
||||
<Button
|
||||
@@ -0,0 +1,39 @@
|
||||
import { redirect } from "next/navigation";
|
||||
|
||||
import { getAllProviders } from "@/actions/providers";
|
||||
import {
|
||||
getScanConfigurationSchema,
|
||||
listScanConfigurations,
|
||||
} from "@/actions/scan-configurations";
|
||||
import { ContentLayout } from "@/components/ui";
|
||||
import { isCloud } from "@/lib/shared/env";
|
||||
|
||||
import { ScanConfigurationsManager } from "./_components/scan-configurations-manager";
|
||||
|
||||
export default async function ScanConfigPage() {
|
||||
// Scan Configuration is a Prowler Cloud-only feature; the OSS API has no
|
||||
// /scan-configurations endpoints, so guard the route before hitting them.
|
||||
if (!isCloud()) {
|
||||
redirect("/");
|
||||
}
|
||||
|
||||
// A failure here propagates to the `(prowler)/error.tsx` boundary instead of
|
||||
// rendering a false "no scan configurations" empty table during SSR.
|
||||
const [configs, providersResponse, schema] = await Promise.all([
|
||||
listScanConfigurations(),
|
||||
getAllProviders({}),
|
||||
getScanConfigurationSchema(),
|
||||
]);
|
||||
|
||||
const richProviders = providersResponse?.data ?? [];
|
||||
|
||||
return (
|
||||
<ContentLayout title="Scan Configuration" icon="lucide:sliders">
|
||||
<ScanConfigurationsManager
|
||||
initialConfigs={configs}
|
||||
richProviders={richProviders}
|
||||
schema={schema}
|
||||
/>
|
||||
</ContentLayout>
|
||||
);
|
||||
}
|
||||
@@ -92,14 +92,14 @@ describe("getMenuList", () => {
|
||||
);
|
||||
});
|
||||
|
||||
it("should show Scan Config as disabled Cloud-only in OSS when Cloud is disabled", () => {
|
||||
it("should show Scan Configuration as disabled Cloud-only in OSS when Cloud is disabled", () => {
|
||||
// Given / When
|
||||
const scanConfig = findSubmenu("Scan Config");
|
||||
const scanConfig = findSubmenu("Scan Configuration");
|
||||
|
||||
// Then
|
||||
expect(scanConfig).toEqual(
|
||||
expect.objectContaining({
|
||||
href: "/scan-config",
|
||||
href: "/scan-configurations",
|
||||
disabled: true,
|
||||
cloudOnly: true,
|
||||
highlight: true,
|
||||
@@ -108,20 +108,20 @@ describe("getMenuList", () => {
|
||||
);
|
||||
});
|
||||
|
||||
it("should show Scan Config as new under Configuration when Cloud is enabled", () => {
|
||||
it("should show Scan Configuration as new under Configuration when Cloud is enabled", () => {
|
||||
// Given
|
||||
process.env.NEXT_PUBLIC_IS_CLOUD_ENV = "true";
|
||||
|
||||
// When
|
||||
const scanConfig = getMenuList({ pathname: "/scan-config" })
|
||||
const scanConfig = getMenuList({ pathname: "/scan-configurations" })
|
||||
.flatMap((group) => group.menus)
|
||||
.flatMap((menu) => menu.submenus ?? [])
|
||||
.find((submenu) => submenu.label === "Scan Config");
|
||||
.find((submenu) => submenu.label === "Scan Configuration");
|
||||
|
||||
// Then
|
||||
expect(scanConfig).toEqual(
|
||||
expect.objectContaining({
|
||||
href: "/scan-config",
|
||||
href: "/scan-configurations",
|
||||
active: true,
|
||||
highlight: true,
|
||||
}),
|
||||
|
||||
+3
-3
@@ -133,10 +133,10 @@ export const getMenuList = ({
|
||||
active: pathname === "/mutelist",
|
||||
},
|
||||
{
|
||||
href: "/scan-config",
|
||||
label: "Scan Config",
|
||||
href: "/scan-configurations",
|
||||
label: "Scan Configuration",
|
||||
icon: SlidersHorizontal,
|
||||
active: isCloudEnv && pathname.startsWith("/scan-config"),
|
||||
active: isCloudEnv && pathname.startsWith("/scan-configurations"),
|
||||
highlight: true,
|
||||
disabled: !isCloudEnv,
|
||||
cloudOnly: !isCloudEnv,
|
||||
|
||||
+8
-8
@@ -275,14 +275,14 @@ Mutelist:
|
||||
Tags:
|
||||
- "Name=aws-controltower-VPC"`;
|
||||
|
||||
export interface ScanConfigValidationError {
|
||||
export interface ScanConfigurationValidationError {
|
||||
path: string;
|
||||
message: string;
|
||||
}
|
||||
|
||||
export interface ScanConfigValidationResult {
|
||||
export interface ScanConfigurationValidationResult {
|
||||
isValid: boolean;
|
||||
errors: ScanConfigValidationError[];
|
||||
errors: ScanConfigurationValidationError[];
|
||||
}
|
||||
|
||||
// Compile the JSON Schema with ajv at most once per schema reference.
|
||||
@@ -316,16 +316,16 @@ const formatAjvPath = (err: ErrorObject): string => {
|
||||
};
|
||||
|
||||
/**
|
||||
* Validate a YAML string against the aggregated Scan Config JSON Schema.
|
||||
* Validate a YAML string against the aggregated Scan Configuration JSON Schema.
|
||||
*
|
||||
* If `schema` is null (e.g. backend unreachable), it falls back to only
|
||||
* checking that the YAML parses to a mapping — so the user is never blocked
|
||||
* from saving when the schema endpoint is down.
|
||||
*/
|
||||
export const validateScanConfigPayload = (
|
||||
export const validateScanConfigurationPayload = (
|
||||
val: string,
|
||||
schema: Record<string, unknown> | null,
|
||||
): ScanConfigValidationResult => {
|
||||
): ScanConfigurationValidationResult => {
|
||||
const yamlCheck = validateYaml(val);
|
||||
if (!yamlCheck.isValid) {
|
||||
return {
|
||||
@@ -377,10 +377,10 @@ export const validateScanConfigPayload = (
|
||||
return { isValid: false, errors };
|
||||
};
|
||||
|
||||
export const defaultScanConfigYaml = `# Scan Config overrides the per-tenant defaults documented in
|
||||
export const defaultScanConfigurationYaml = `# Scan Configuration overrides the per-tenant defaults documented in
|
||||
# prowler/config/config.yaml. Add only the keys you want to override.
|
||||
# Allowed ranges and enums are described by the server-side JSON Schema
|
||||
# served at /api/v1/scan-configs/schema; invalid values are flagged below.
|
||||
# served at /api/v1/scan-configurations/schema; invalid values are flagged below.
|
||||
|
||||
aws:
|
||||
max_unused_access_keys_days: 45
|
||||
|
||||
+7
-14
@@ -723,10 +723,12 @@ export const mutedFindingsConfigFormSchema = z.object({
|
||||
id: z.string().optional(),
|
||||
});
|
||||
|
||||
// The schema-driven (ranges/enums/types) validation lives in the editor via
|
||||
// `validateScanConfigPayload(yamlString, schema)` in `lib/yaml.ts`. Here we
|
||||
// only enforce the form-level shape: a name and a YAML string that parses.
|
||||
export const scanConfigFormSchema = z.object({
|
||||
// The editor owns content validation: live YAML syntax + schema (ranges/enums)
|
||||
// checks run through `validateScanConfigurationPayload(yamlString, schema)` in
|
||||
// `lib/yaml.ts` and surface in a single inline panel. Here we only enforce the
|
||||
// form-level shape (a name and a non-empty configuration) so we don't render the
|
||||
// same YAML error twice.
|
||||
export const scanConfigurationFormSchema = z.object({
|
||||
name: z
|
||||
.string()
|
||||
.trim()
|
||||
@@ -735,16 +737,7 @@ export const scanConfigFormSchema = z.object({
|
||||
configuration: z
|
||||
.string()
|
||||
.trim()
|
||||
.min(1, { message: "Configuration is required" })
|
||||
.superRefine((val, ctx) => {
|
||||
const yamlValidation = validateYaml(val);
|
||||
if (!yamlValidation.isValid) {
|
||||
ctx.addIssue({
|
||||
code: "custom",
|
||||
message: `Invalid YAML format: ${yamlValidation.error}`,
|
||||
});
|
||||
}
|
||||
}),
|
||||
.min(1, { error: "Configuration is required" }),
|
||||
provider_ids: z.array(z.uuid()).optional().default([]),
|
||||
id: z.string().optional(),
|
||||
});
|
||||
|
||||
@@ -1,53 +0,0 @@
|
||||
export interface ScanConfigAttributes {
|
||||
inserted_at: string;
|
||||
updated_at: string;
|
||||
name: string;
|
||||
configuration: string | Record<string, unknown>;
|
||||
providers: string[];
|
||||
}
|
||||
|
||||
export interface ScanConfigData {
|
||||
type: "scan-configs";
|
||||
id: string;
|
||||
attributes: ScanConfigAttributes;
|
||||
}
|
||||
|
||||
export interface ScanConfigListResponse {
|
||||
data: ScanConfigData[];
|
||||
}
|
||||
|
||||
export interface ScanConfigErrors {
|
||||
name?: string;
|
||||
configuration?: string;
|
||||
provider_ids?: string;
|
||||
general?: string;
|
||||
}
|
||||
|
||||
export interface ScanConfigRequestAttributes {
|
||||
name: string;
|
||||
configuration: Record<string, unknown>;
|
||||
provider_ids: string[];
|
||||
}
|
||||
|
||||
export interface ScanConfigRequestData {
|
||||
type: "scan-configs";
|
||||
id?: string;
|
||||
attributes: ScanConfigRequestAttributes;
|
||||
}
|
||||
|
||||
export interface ScanConfigRequestBody {
|
||||
data: ScanConfigRequestData;
|
||||
}
|
||||
|
||||
export type ScanConfigActionState = {
|
||||
errors?: ScanConfigErrors;
|
||||
success?: string;
|
||||
data?: ScanConfigData;
|
||||
} | null;
|
||||
|
||||
export type DeleteScanConfigActionState = {
|
||||
errors?: {
|
||||
general?: string;
|
||||
};
|
||||
success?: string;
|
||||
} | null;
|
||||
@@ -0,0 +1,55 @@
|
||||
export interface ScanConfigurationAttributes {
|
||||
inserted_at: string;
|
||||
updated_at: string;
|
||||
name: string;
|
||||
configuration: string | Record<string, unknown>;
|
||||
providers: string[];
|
||||
}
|
||||
|
||||
export interface ScanConfigurationData {
|
||||
type: "scan-configurations";
|
||||
id: string;
|
||||
attributes: ScanConfigurationAttributes;
|
||||
}
|
||||
|
||||
export interface ScanConfigurationListResponse {
|
||||
data: ScanConfigurationData[];
|
||||
}
|
||||
|
||||
export interface ScanConfigurationErrors {
|
||||
name?: string;
|
||||
configuration?: string;
|
||||
provider_ids?: string;
|
||||
general?: string;
|
||||
}
|
||||
|
||||
export interface ScanConfigurationRequestAttributes {
|
||||
name: string;
|
||||
configuration: Record<string, unknown>;
|
||||
provider_ids: string[];
|
||||
}
|
||||
|
||||
export interface ScanConfigurationRequestData {
|
||||
type: "scan-configurations";
|
||||
id?: string;
|
||||
attributes: ScanConfigurationRequestAttributes;
|
||||
}
|
||||
|
||||
export interface ScanConfigurationRequestBody {
|
||||
data: ScanConfigurationRequestData;
|
||||
}
|
||||
|
||||
export type ScanConfigurationActionState = {
|
||||
errors?: ScanConfigurationErrors;
|
||||
success?: string;
|
||||
data?: ScanConfigurationData;
|
||||
} | null;
|
||||
|
||||
export interface DeleteScanConfigurationErrors {
|
||||
general?: string;
|
||||
}
|
||||
|
||||
export type DeleteScanConfigurationActionState = {
|
||||
errors?: DeleteScanConfigurationErrors;
|
||||
success?: string;
|
||||
} | null;
|
||||
Reference in New Issue
Block a user