Merge branch 'main' into ui-gcp-account-rename

deepfence · Jun 27, 2024 · 0b9bcc6 · 0b9bcc6
2 parents fabfacf + ec05de3
commit 0b9bcc6
Show file tree

Hide file tree

Showing 86 changed files with 1,240 additions and 881 deletions.
diff --git a/Makefile b/Makefile
@@ -18,7 +18,7 @@ export IMAGE_REPOSITORY?=quay.io/deepfenceio
 export DF_IMG_TAG?=latest
 export STEAMPIPE_IMG_TAG?=0.20.x
 export IS_DEV_BUILD?=false
-export VERSION?=v2.2.1
+export VERSION?=v2.3.0
 export AGENT_BINARY_BUILD=$(DEEPFENCE_FARGATE_DIR)/build
 export AGENT_BINARY_BUILD_RELATIVE=deepfence_agent/agent-binary/build
 export AGENT_BINARY_DIST=$(DEEPFENCE_FARGATE_DIR)/dist

diff --git a/README.md b/README.md
@@ -94,10 +94,10 @@ docker run -dit \
     -e MGMT_CONSOLE_URL="---CONSOLE-IP---" \
     -e MGMT_CONSOLE_PORT="443" \
     -e DEEPFENCE_KEY="---DEEPFENCE-API-KEY---" \
-    quay.io/deepfenceio/deepfence_agent_ce:2.2.1
+    quay.io/deepfenceio/deepfence_agent_ce:2.3.0
 ```
 
-Note: Image tag `quay.io/deepfenceio/deepfence_agent_ce:2.2.1-multiarch` is supported in amd64 and arm64/v8 architectures.
+Note: Image tag `quay.io/deepfenceio/deepfence_agent_ce:2.3.0-multiarch` is supported in amd64 and arm64/v8 architectures.
 
 On a Kubernetes platform, the sensors are installed using [helm chart](https://community.deepfence.io/threatmapper/docs/v2.2/sensors/kubernetes/)
 

diff --git a/deepfence_agent/plugins/YaraHunter b/deepfence_agent/plugins/YaraHunter
diff --git a/deepfence_agent/plugins/cloud-scanner b/deepfence_agent/plugins/cloud-scanner
diff --git a/deepfence_agent/plugins/yara-rules b/deepfence_agent/plugins/yara-rules
diff --git a/deepfence_bootstrapper/assets/config-cloud.ini b/deepfence_bootstrapper/assets/config-cloud.ini
@@ -5,7 +5,7 @@ autostart=true
 autorestart=true
 
 [process:cloud_scanner]
-command=sudo -E -u deepfence /bin/bash -c "rm -f /tmp/cloud-scanner.sock && $DF_INSTALL_DIR/bin/cloud_scanner -socket-path /tmp/cloud-scanner.sock"
+command=sudo -E -u deepfence /bin/bash -c "rm -f /tmp/cloud-scanner.sock && HOME=/home/deepfence HOME_DIR=/home/deepfence USER=deepfence $DF_INSTALL_DIR/bin/cloud_scanner -socket-path /tmp/cloud-scanner.sock"
 path=$DF_INSTALL_DIR/bin/cloud_scanner
 autostart=true
 autorestart=true
diff --git a/deepfence_bootstrapper/controls/controls.go b/deepfence_bootstrapper/controls/controls.go
@@ -281,6 +281,8 @@ func SetCloudScannerControls() {
 			return SendAgentDiagnosticLogs(req,
 				[]string{dfUtils.GetDfInstallDir() + "/var/log/supervisor",
 					dfUtils.GetDfInstallDir() + "/var/log/fenced/cloud-scanner-log",
+					dfUtils.GetDfInstallDir() + "/var/log/fenced/cloud-resource-refresh-log",
+					dfUtils.GetDfInstallDir() + "/var/log/fenced/status",
 					dfUtils.GetDfInstallDir() + "/var/log/deepfenced",
 					dfUtils.GetDfInstallDir() + "/.steampipe/logs"},
 				[]string{})

diff --git a/deepfence_frontend/apps/dashboard/src/components/forms/CompareScanInputModal.tsx b/deepfence_frontend/apps/dashboard/src/components/forms/CompareScanInputModal.tsx
@@ -25,8 +25,8 @@ const Tags = ({
   setSelectedTag,
   scanType,
 }: {
-  selectedTag: ImageTagType;
-  setSelectedTag: React.Dispatch<React.SetStateAction<ImageTagType>>;
+  selectedTag: ImageTagType | null;
+  setSelectedTag: React.Dispatch<React.SetStateAction<ImageTagType | null>>;
   scanType: ScanTypeEnum;
 }) => {
   const dockerImageName = useScanResults({
@@ -73,7 +73,7 @@ const InputForm = ({
   toScanData: ToScanDataType;
   setToScanData: React.Dispatch<React.SetStateAction<ToScanDataType>>;
 }) => {
-  const [selectedTag, setSelectedTag] = useState<ImageTagType>({
+  const [selectedTag, setSelectedTag] = useState<ImageTagType | null>({
     nodeId,
     nodeName: '',
     tagList: [],

diff --git a/deepfence_frontend/apps/dashboard/src/components/forms/SearchableTagList.tsx b/deepfence_frontend/apps/dashboard/src/components/forms/SearchableTagList.tsx
@@ -8,9 +8,9 @@ import { ScanTypeEnum } from '@/types/common';
 
 export type Props = {
   scanType: ScanTypeEnum | 'none';
-  onChange?: (value: ImageTagType) => void;
+  onChange?: (value: ImageTagType | null) => void;
   onClearAll?: () => void;
-  defaultSelectedTag?: ImageTagType;
+  defaultSelectedTag?: ImageTagType | null;
   valueKey?: 'nodeId' | 'nodeName';
   active?: boolean;
   triggerVariant?: 'select' | 'button';
@@ -35,16 +35,16 @@ const SearchableTag = ({
   filter,
 }: Props) => {
   const [searchText, setSearchText] = useState('');
-  const [selectedTag, setSelectedTag] = useState<ImageTagType | undefined>(() => {
-    return defaultSelectedTag;
+  const [selectedTag, setSelectedTag] = useState<ImageTagType | null>(() => {
+    return defaultSelectedTag ?? null;
   });
 
   const isSelectVariantType = useMemo(() => {
     return triggerVariant === 'select';
   }, [triggerVariant]);
 
   useEffect(() => {
-    setSelectedTag(defaultSelectedTag ?? undefined);
+    setSelectedTag(defaultSelectedTag ?? null);
   }, [defaultSelectedTag]);
 
   const { data, isFetchingNextPage, hasNextPage, fetchNextPage } =

diff --git a/...ontend/apps/dashboard/src/components/scan-configure-forms/ComplianceScanConfigureForm.tsx b/...ontend/apps/dashboard/src/components/scan-configure-forms/ComplianceScanConfigureForm.tsx
@@ -109,7 +109,7 @@ export const scanPostureApiAction = async ({
   let nodeType = body._nodeType.toString();
   const checkTypes = body._checkTypes.toString()?.split(',') as Array<ModelBenchmarkType>;
 
-  const isCloudScan = !isNonCloudNode(nodeType);
+  const isCloudScan = isCloudOrgNode(nodeType) || isCloudNonOrgNode(nodeType);
 
   if (isKubernetesNode(nodeType as ComplianceScanNodeTypeEnum)) {
     nodeType = 'cluster';

diff --git a/...d/apps/dashboard/src/features/integrations/components/report-form/CloudComplianceForm.tsx b/...d/apps/dashboard/src/features/integrations/components/report-form/CloudComplianceForm.tsx
@@ -7,6 +7,7 @@ import {
   getReportBenchmarkList,
   getReportNodeType,
 } from '@/features/integrations/pages/DownloadReport';
+import { getBenchmarkPrettyName } from '@/utils/enum';
 
 export const CloudComplianceForm = ({
   setProvider,
@@ -77,7 +78,7 @@ export const CloudComplianceForm = ({
             {getReportBenchmarkList(provider)?.map((provider) => {
               return (
                 <ListboxOption value={provider} key={provider}>
-                  {provider}
+                  {getBenchmarkPrettyName(provider)}
                 </ListboxOption>
               );
             })}

diff --git a/...ontend/apps/dashboard/src/features/integrations/components/report-form/ComplianceForm.tsx b/...ontend/apps/dashboard/src/features/integrations/components/report-form/ComplianceForm.tsx
@@ -7,6 +7,7 @@ import {
   getReportBenchmarkList,
   getReportNodeType,
 } from '@/features/integrations/pages/DownloadReport';
+import { getBenchmarkPrettyName } from '@/utils/enum';
 
 const getDisplayNodeTypeValue = (resource: string, nodeType: string) => {
   if (resource === UtilsReportFiltersScanTypeEnum.CloudCompliance) {
@@ -76,7 +77,7 @@ export const ComplianceForm = ({
             {getReportBenchmarkList(provider)?.map((provider) => {
               return (
                 <ListboxOption value={provider} key={provider}>
-                  {provider}
+                  {getBenchmarkPrettyName(provider)}
                 </ListboxOption>
               );
             })}

diff --git a/deepfence_frontend/apps/dashboard/src/features/malwares/pages/MalwareScans.tsx b/deepfence_frontend/apps/dashboard/src/features/malwares/pages/MalwareScans.tsx
@@ -455,7 +455,6 @@ const Filters = () => {
         </Combobox>
         <Combobox
           value={searchParams.get('malwareScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setMalwareScanStatusSearchText(query);
           }}

diff --git a/deepfence_frontend/apps/dashboard/src/features/postures/pages/Accounts.tsx b/deepfence_frontend/apps/dashboard/src/features/postures/pages/Accounts.tsx
@@ -397,7 +397,6 @@ const Filters = () => {
         </Combobox>
         <Combobox
           value={searchParams.get('complianceScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setComplianceScanStatusSearchText(query);
           }}

diff --git a/deepfence_frontend/apps/dashboard/src/features/registries/pages/RegistryImageTags.tsx b/deepfence_frontend/apps/dashboard/src/features/registries/pages/RegistryImageTags.tsx
@@ -245,7 +245,6 @@ const Filters = () => {
       <div className="flex gap-2">
         <Combobox
           value={searchParams.get('vulnerabilityScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setVulnerabilityScanStatusSearchText(query);
           }}
@@ -279,7 +278,6 @@ const Filters = () => {
         </Combobox>
         <Combobox
           value={searchParams.get('secretScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setSecretScanStatusSearchText(query);
           }}
@@ -313,7 +311,6 @@ const Filters = () => {
         </Combobox>
         <Combobox
           value={searchParams.get('malwareScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setMalwareScanStatusSearchText(query);
           }}

diff --git a/deepfence_frontend/apps/dashboard/src/features/secrets/pages/SecretScans.tsx b/deepfence_frontend/apps/dashboard/src/features/secrets/pages/SecretScans.tsx
@@ -454,7 +454,6 @@ const Filters = () => {
         </Combobox>
         <Combobox
           value={searchParams.get('secretScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setSecretScanStatusSearchText(query);
           }}

diff --git a/deepfence_frontend/apps/dashboard/src/features/threat-graph/pages/ThreatGraph.tsx b/deepfence_frontend/apps/dashboard/src/features/threat-graph/pages/ThreatGraph.tsx
@@ -159,7 +159,6 @@ const Filters = () => {
           value={THREAT_TYPES.find((threatType) => {
             return threatType.value === searchParams.get('type');
           })}
-          nullable
           onQueryChange={(query) => {
             setThreatTypeSearchText(query);
           }}
@@ -190,7 +189,6 @@ const Filters = () => {
           value={THREAT_GRAPH_SCOPE.find((scope) => {
             return scope.value === searchParams.get('cloud_resource_only');
           })}
-          nullable
           onQueryChange={(query) => {
             setScopeSearchText(query);
           }}

diff --git a/...ntend/apps/dashboard/src/features/topology/data-components/tables/CloudResourcesTable.tsx b/...ntend/apps/dashboard/src/features/topology/data-components/tables/CloudResourcesTable.tsx
@@ -154,7 +154,6 @@ function SearchableServiceType() {
   return (
     <Combobox
       value={selected}
-      nullable
       multiple
       onEndReached={onEndReached}
       startIcon={

diff --git a/..._frontend/apps/dashboard/src/features/topology/data-components/tables/ContainersTable.tsx b/..._frontend/apps/dashboard/src/features/topology/data-components/tables/ContainersTable.tsx
@@ -278,7 +278,6 @@ function Filters() {
         />
         <Combobox
           value={searchParams.get('vulnerabilityScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setVulnerabilityScanStatusSearchText(query);
           }}
@@ -315,7 +314,6 @@ function Filters() {
         </Combobox>
         <Combobox
           value={searchParams.get('secretScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setSecretScanStatusSearchText(query);
           }}
@@ -352,7 +350,6 @@ function Filters() {
         </Combobox>
         <Combobox
           value={searchParams.get('malwareScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setMalwareScanStatusSearchText(query);
           }}

diff --git a/...fence_frontend/apps/dashboard/src/features/topology/data-components/tables/HostsTable.tsx b/...fence_frontend/apps/dashboard/src/features/topology/data-components/tables/HostsTable.tsx
@@ -315,7 +315,6 @@ function Filters() {
         />
         <Combobox
           value={searchParams.get('vulnerabilityScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setVulnerabilityScanStatusSearchText(query);
           }}
@@ -352,7 +351,6 @@ function Filters() {
         </Combobox>
         <Combobox
           value={searchParams.get('secretScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setSecretScanStatusSearchText(query);
           }}
@@ -389,7 +387,6 @@ function Filters() {
         </Combobox>
         <Combobox
           value={searchParams.get('malwareScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setMalwareScanStatusSearchText(query);
           }}
@@ -426,7 +423,6 @@ function Filters() {
         </Combobox>
         <Combobox
           value={searchParams.get('complianceScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setComplianceScanStatusSearchText(query);
           }}

diff --git a/deepfence_frontend/apps/dashboard/src/features/topology/data-components/tables/PodsTable.tsx b/deepfence_frontend/apps/dashboard/src/features/topology/data-components/tables/PodsTable.tsx
@@ -185,7 +185,6 @@ function Filters() {
           value={KUBERNETES_STATUSES.find((status) => {
             return status.value === searchParams.get('kubernetesStatus');
           })}
-          nullable
           onQueryChange={(query) => {
             setKubernetesStatusSearchText(query);
           }}

diff --git a/deepfence_frontend/apps/dashboard/src/features/vulnerabilities/pages/VulnerabilityScans.tsx b/deepfence_frontend/apps/dashboard/src/features/vulnerabilities/pages/VulnerabilityScans.tsx
@@ -860,7 +860,6 @@ const Filters = () => {
         </Combobox>
         <Combobox
           value={searchParams.get('vulnerabilityScanStatus')}
-          nullable
           onQueryChange={(query) => {
             setVulnerabilityScanStatusSearchText(query);
           }}

diff --git a/deepfence_frontend/packages/ui-components/package.json b/deepfence_frontend/packages/ui-components/package.json
@@ -25,7 +25,7 @@
     "coverage": "vitest run --coverage"
   },
   "dependencies": {
-    "@headlessui/react": "^1.7.18",
+    "@headlessui/react": "^2.1.0",
     "@radix-ui/react-accordion": "^1.1.2",
     "@radix-ui/react-checkbox": "^1.0.4",
     "@radix-ui/react-dialog": "^1.0.5",
+0 −0		cloudformation/self-hosted/organization-deployment/deepfence-cloud-scanner-member-roles.template
+0 −85		cloudformation/self-hosted/organization-deployment/deepfence-cloud-scanner-members.template
+2 −2		cloudformation/self-hosted/organization-deployment/deepfence-cloud-scanner-org-common.template
+0 −0		cloudformation/self-hosted/organization-deployment/deepfence-cloud-scanner-org-ecs.template
+1 −1		golang_deepfence_sdk
+2 −2		main.go
+144 −27		service/service.go