Merge branch 'main' into ui-feat-azure-tenants

deepfence_frontend/apps/dashboard/api-spec.json

@@ -13375,7 +13375,16 @@
         }
       },
       "ModelBenchmarkType": {
-        "enum": ["hipaa", "gdpr", "pci", "nist", "cis", "soc_2", "nsa-cisa"],
+        "enum": [
+          "hipaa",
+          "gdpr",
+          "pci",
+          "nist",
+          "cis",
+          "soc_2",
+          "nsa-cisa",
+          "aws_foundational_security"
+        ],
         "type": "string"
       },
       "ModelBulkDeleteReportReq": {
@@ -13537,6 +13546,7 @@
       "ModelCloudNodeAccountInfo": {
         "type": "object",
         "properties": {
+          "account_name": { "type": "string" },
           "active": { "type": "boolean" },
           "cloud_provider": { "type": "string" },
           "compliance_percentage": { "type": "number" },
@@ -13556,6 +13566,7 @@
       "ModelCloudNodeAccountRegisterReq": {
         "required": [
           "node_id",
+          "account_name",
           "host_node_id",
           "account_id",
           "cloud_provider",
@@ -13564,12 +13575,13 @@
         "type": "object",
         "properties": {
           "account_id": { "type": "string" },
+          "account_name": { "type": "string" },
           "cloud_provider": { "enum": ["aws", "gcp", "azure"], "type": "string" },
           "host_node_id": { "type": "string" },
           "is_organization_deployment": { "type": "boolean" },
-          "monitored_account_ids": {
-            "type": "object",
-            "additionalProperties": { "type": "string" },
+          "monitored_accounts": {
+            "type": "array",
+            "items": { "$ref": "#/components/schemas/ModelCloudNodeMonitoredAccount" },
             "nullable": true
           },
           "node_id": { "type": "string" },
@@ -13672,6 +13684,15 @@
           "node_id": { "type": "string" }
         }
       },
+      "ModelCloudNodeMonitoredAccount": {
+        "required": ["node_id", "account_name", "account_id"],
+        "type": "object",
+        "properties": {
+          "account_id": { "type": "string" },
+          "account_name": { "type": "string" },
+          "node_id": { "type": "string" }
+        }
+      },
       "ModelCloudNodeProvidersListResp": {
         "required": ["providers"],
         "type": "object",

deepfence_frontend/apps/dashboard/src/api/generated/.openapi-generator/FILES

@@ -94,6 +94,7 @@ models/ModelCloudNodeComplianceControl.ts
 models/ModelCloudNodeControlReq.ts
 models/ModelCloudNodeControlResp.ts
 models/ModelCloudNodeEnableDisableReq.ts
+models/ModelCloudNodeMonitoredAccount.ts
 models/ModelCloudNodeProvidersListResp.ts
 models/ModelCloudResource.ts
 models/ModelCompliance.ts

deepfence_frontend/apps/dashboard/src/api/generated/models/ModelBenchmarkType.ts

@@ -24,7 +24,8 @@ export const ModelBenchmarkType = {
     Nist: 'nist',
     Cis: 'cis',
     Soc2: 'soc_2',
-    NsaCisa: 'nsa-cisa'
+    NsaCisa: 'nsa-cisa',
+    AwsFoundationalSecurity: 'aws_foundational_security'
 } as const;
 export type ModelBenchmarkType = typeof ModelBenchmarkType[keyof typeof ModelBenchmarkType];
 

deepfence_frontend/apps/dashboard/src/api/generated/models/ModelCloudNodeAccountInfo.ts

@@ -19,6 +19,12 @@ import { exists, mapValues } from '../runtime';
  * @interface ModelCloudNodeAccountInfo
  */
 export interface ModelCloudNodeAccountInfo {
+    /**
+     * 
+     * @type {string}
+     * @memberof ModelCloudNodeAccountInfo
+     */
+    account_name?: string;
     /**
      * 
      * @type {boolean}
@@ -100,6 +106,7 @@ export function ModelCloudNodeAccountInfoFromJSONTyped(json: any, ignoreDiscrimi
     }
     return {
 
+        'account_name': !exists(json, 'account_name') ? undefined : json['account_name'],
         'active': !exists(json, 'active') ? undefined : json['active'],
         'cloud_provider': !exists(json, 'cloud_provider') ? undefined : json['cloud_provider'],
         'compliance_percentage': !exists(json, 'compliance_percentage') ? undefined : json['compliance_percentage'],
@@ -122,6 +129,7 @@ export function ModelCloudNodeAccountInfoToJSON(value?: ModelCloudNodeAccountInf
     }
     return {
 
+        'account_name': value.account_name,
         'active': value.active,
         'cloud_provider': value.cloud_provider,
         'compliance_percentage': value.compliance_percentage,

deepfence_frontend/apps/dashboard/src/api/generated/models/ModelCloudNodeAccountRegisterReq.ts

@@ -13,6 +13,13 @@
  */
 
 import { exists, mapValues } from '../runtime';
+import type { ModelCloudNodeMonitoredAccount } from './ModelCloudNodeMonitoredAccount';
+import {
+    ModelCloudNodeMonitoredAccountFromJSON,
+    ModelCloudNodeMonitoredAccountFromJSONTyped,
+    ModelCloudNodeMonitoredAccountToJSON,
+} from './ModelCloudNodeMonitoredAccount';
+
 /**
  * 
  * @export
@@ -25,6 +32,12 @@ export interface ModelCloudNodeAccountRegisterReq {
      * @memberof ModelCloudNodeAccountRegisterReq
      */
     account_id: string;
+    /**
+     * 
+     * @type {string}
+     * @memberof ModelCloudNodeAccountRegisterReq
+     */
+    account_name: string;
     /**
      * 
      * @type {string}
@@ -45,10 +58,10 @@ export interface ModelCloudNodeAccountRegisterReq {
     is_organization_deployment?: boolean;
     /**
      * 
-     * @type {{ [key: string]: string; }}
+     * @type {Array<ModelCloudNodeMonitoredAccount>}
      * @memberof ModelCloudNodeAccountRegisterReq
      */
-    monitored_account_ids?: { [key: string]: string; } | null;
+    monitored_accounts?: Array<ModelCloudNodeMonitoredAccount> | null;
     /**
      * 
      * @type {string}
@@ -87,6 +100,7 @@ export type ModelCloudNodeAccountRegisterReqCloudProviderEnum = typeof ModelClou
 export function instanceOfModelCloudNodeAccountRegisterReq(value: object): boolean {
     let isInstance = true;
     isInstance = isInstance && "account_id" in value;
+    isInstance = isInstance && "account_name" in value;
     isInstance = isInstance && "cloud_provider" in value;
     isInstance = isInstance && "host_node_id" in value;
     isInstance = isInstance && "node_id" in value;
@@ -106,10 +120,11 @@ export function ModelCloudNodeAccountRegisterReqFromJSONTyped(json: any, ignoreD
     return {
 
         'account_id': json['account_id'],
+        'account_name': json['account_name'],
         'cloud_provider': json['cloud_provider'],
         'host_node_id': json['host_node_id'],
         'is_organization_deployment': !exists(json, 'is_organization_deployment') ? undefined : json['is_organization_deployment'],
-        'monitored_account_ids': !exists(json, 'monitored_account_ids') ? undefined : json['monitored_account_ids'],
+        'monitored_accounts': !exists(json, 'monitored_accounts') ? undefined : (json['monitored_accounts'] === null ? null : (json['monitored_accounts'] as Array<any>).map(ModelCloudNodeMonitoredAccountFromJSON)),
         'node_id': json['node_id'],
         'organization_account_id': !exists(json, 'organization_account_id') ? undefined : json['organization_account_id'],
         'version': json['version'],
@@ -126,10 +141,11 @@ export function ModelCloudNodeAccountRegisterReqToJSON(value?: ModelCloudNodeAcc
     return {
 
         'account_id': value.account_id,
+        'account_name': value.account_name,
         'cloud_provider': value.cloud_provider,
         'host_node_id': value.host_node_id,
         'is_organization_deployment': value.is_organization_deployment,
-        'monitored_account_ids': value.monitored_account_ids,
+        'monitored_accounts': value.monitored_accounts === undefined ? undefined : (value.monitored_accounts === null ? null : (value.monitored_accounts as Array<any>).map(ModelCloudNodeMonitoredAccountToJSON)),
         'node_id': value.node_id,
         'organization_account_id': value.organization_account_id,
         'version': value.version,

deepfence_frontend/apps/dashboard/src/api/generated/models/ModelCloudNodeMonitoredAccount.ts

@@ -0,0 +1,84 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Deepfence ThreatMapper
+ * Deepfence Runtime API provides programmatic control over Deepfence microservice securing your container, kubernetes and cloud deployments. The API abstracts away underlying infrastructure details like cloud provider,  container distros, container orchestrator and type of deployment. This is one uniform API to manage and control security alerts, policies and response to alerts for microservices running anywhere i.e. managed pure greenfield container deployments or a mix of containers, VMs and serverless paradigms like AWS Fargate.
+ *
+ * The version of the OpenAPI document: v2.2.1
+ * Contact: community@deepfence.io
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { exists, mapValues } from '../runtime';
+/**
+ * 
+ * @export
+ * @interface ModelCloudNodeMonitoredAccount
+ */
+export interface ModelCloudNodeMonitoredAccount {
+    /**
+     * 
+     * @type {string}
+     * @memberof ModelCloudNodeMonitoredAccount
+     */
+    account_id: string;
+    /**
+     * 
+     * @type {string}
+     * @memberof ModelCloudNodeMonitoredAccount
+     */
+    account_name: string;
+    /**
+     * 
+     * @type {string}
+     * @memberof ModelCloudNodeMonitoredAccount
+     */
+    node_id: string;
+}
+
+/**
+ * Check if a given object implements the ModelCloudNodeMonitoredAccount interface.
+ */
+export function instanceOfModelCloudNodeMonitoredAccount(value: object): boolean {
+    let isInstance = true;
+    isInstance = isInstance && "account_id" in value;
+    isInstance = isInstance && "account_name" in value;
+    isInstance = isInstance && "node_id" in value;
+
+    return isInstance;
+}
+
+export function ModelCloudNodeMonitoredAccountFromJSON(json: any): ModelCloudNodeMonitoredAccount {
+    return ModelCloudNodeMonitoredAccountFromJSONTyped(json, false);
+}
+
+export function ModelCloudNodeMonitoredAccountFromJSONTyped(json: any, ignoreDiscriminator: boolean): ModelCloudNodeMonitoredAccount {
+    if ((json === undefined) || (json === null)) {
+        return json;
+    }
+    return {
+
+        'account_id': json['account_id'],
+        'account_name': json['account_name'],
+        'node_id': json['node_id'],
+    };
+}
+
+export function ModelCloudNodeMonitoredAccountToJSON(value?: ModelCloudNodeMonitoredAccount | null): any {
+    if (value === undefined) {
+        return undefined;
+    }
+    if (value === null) {
+        return null;
+    }
+    return {
+
+        'account_id': value.account_id,
+        'account_name': value.account_name,
+        'node_id': value.node_id,
+    };
+}
+

deepfence_frontend/apps/dashboard/src/api/generated/models/index.ts

@@ -68,6 +68,7 @@ export * from './ModelCloudNodeComplianceControl';
 export * from './ModelCloudNodeControlReq';
 export * from './ModelCloudNodeControlResp';
 export * from './ModelCloudNodeEnableDisableReq';
+export * from './ModelCloudNodeMonitoredAccount';
 export * from './ModelCloudNodeProvidersListResp';
 export * from './ModelCloudResource';
 export * from './ModelCompliance';

deepfence_frontend/apps/dashboard/src/components/scan-configure-forms/ComplianceScanConfigureForm.tsx

@@ -45,6 +45,7 @@ export const complianceType: {
     ModelBenchmarkType.Hipaa,
     ModelBenchmarkType.Soc2,
     ModelBenchmarkType.Gdpr,
+    ModelBenchmarkType.AwsFoundationalSecurity,
   ],
   aws_org: [
     ModelBenchmarkType.Cis,
@@ -365,19 +366,23 @@ const ControlTable = ({
               nodeType={_nodeType}
               checkType={selectedTab.toLowerCase()}
               checked={!!info.row.original.enabled}
-              controlId={
-                info.row.original?.control_id ? [info.row.original.control_id] : ['']
-              }
+              controlId={info.row.original?.node_id ? [info.row.original.node_id] : ['']}
             />
           );
         },
         maxSize: 40,
         size: 50,
         minSize: 60,
       }),
-      columnHelper.accessor('category_hierarchy', {
+      columnHelper.accessor('category_hierarchy_short', {
         id: 'category',
-        cell: (info) => <TruncatedText text={info.getValue()?.join(', ') ?? ''} />,
+        cell: (info) => {
+          let text = info.getValue() ?? '';
+          if (!text.length) {
+            text = info.row.original?.category_hierarchy?.join(', ') ?? '';
+          }
+          return <TruncatedText text={text} />;
+        },
         header: () => <span>Category</span>,
         maxSize: 100,
         size: 120,

deepfence_frontend/apps/dashboard/src/utils/enum.ts

@@ -40,6 +40,8 @@ export function getBenchmarkPrettyName(backendBenchmark: ModelBenchmarkType) {
       return 'GDPR';
     case ModelBenchmarkType.NsaCisa:
       return 'NSA-CISA';
+    case ModelBenchmarkType.AwsFoundationalSecurity:
+      return 'AWS Foundational Security';
 
     default:
       // eslint-disable-next-line no-case-declarations

deepfence_server/handler/cloud_node.go

@@ -32,6 +32,7 @@ func (h *Handler) RegisterCloudNodeAccountHandler(w http.ResponseWriter, r *http
 	}
 	err = h.Validator.Struct(req)
 	if err != nil {
+		log.Error().Msg(err.Error())
 		h.respondError(&ValidatorError{err: err}, w)
 		return
 	}
@@ -63,6 +64,12 @@ func (h *Handler) RegisterCloudNodeAccountHandler(w http.ResponseWriter, r *http
 			return
 		}
 		for _, monitoredAccount := range monitoredAccounts {
+			err = h.Validator.Struct(monitoredAccount)
+			if err != nil {
+				log.Error().Msg(err.Error())
+				h.respondError(&ValidatorError{err: err}, w)
+				return
+			}
 			monitoredNode := map[string]interface{}{
 				"node_id":         monitoredAccount.NodeID,
 				"cloud_provider":  req.CloudProvider,

deepfence_server/model/cloud_node.go

@@ -42,13 +42,13 @@ var SupportedPostureProviders = []string{PostureProviderAWS, PostureProviderGCP,
 
 type CloudNodeMonitoredAccount struct {
 	NodeID      string `json:"node_id" validate:"required" required:"true"`
-	AccountName string `json:"account_name" validate:"required" required:"true"`
+	AccountName string `json:"account_name"`
 	AccountID   string `json:"account_id" validate:"required" required:"true"`
 }
 
 type CloudNodeAccountRegisterReq struct {
 	NodeID                   string                      `json:"node_id" validate:"required" required:"true"`
-	AccountName              string                      `json:"account_name" validate:"required" required:"true"`
+	AccountName              string                      `json:"account_name"`
 	HostNodeID               string                      `json:"host_node_id" validate:"required" required:"true"`
 	AccountID                string                      `json:"account_id" validate:"required" required:"true"`
 	CloudProvider            string                      `json:"cloud_provider" validate:"required,oneof=aws gcp azure" enum:"aws,gcp,azure" required:"true"`

deepfence_server/model/scans.go

@@ -72,7 +72,16 @@ type BenchmarkType string
 
 // TODO: add new compliance type here
 func (bt BenchmarkType) Enum() []interface{} {
-	return []interface{}{"hipaa", "gdpr", "pci", "nist", "cis", "soc_2", "nsa-cisa"}
+	return []interface{}{
+		"hipaa",
+		"gdpr",
+		"pci",
+		"nist",
+		"cis",
+		"soc_2",
+		"nsa-cisa",
+		"aws_foundational_security",
+	}
 }
 
 func BenchmarkTypeToArray(bt []BenchmarkType) []string {