Merge branch 'main' into ui-fix-notification

deepfence · Jul 5, 2024 · ecdc0af · ecdc0af
2 parents 5d7ba37 + aa1da23
commit ecdc0af
Show file tree

Hide file tree

Showing 67 changed files with 1,088 additions and 484 deletions.
diff --git a/deepfence_agent/Dockerfile.cloud-agent b/deepfence_agent/Dockerfile.cloud-agent
@@ -29,15 +29,19 @@ WORKDIR /opt/steampipe
 
 USER deepfence
 
-ENV DF_INSTALL_DIR=/home/deepfence
+ENV DF_INSTALL_DIR=/home/deepfence \
+    STEAMPIPE_AWS_PLUGIN_VERSION=0.118.1 \
+    STEAMPIPE_GCP_PLUGIN_VERSION=0.43.0 \
+    STEAMPIPE_AZURE_PLUGIN_VERSION=0.49.0 \
+    STEAMPIPE_AZURE_AD_PLUGIN_VERSION=0.12.0
 
 COPY supervisord-cloud.conf /home/deepfence/supervisord.conf
 COPY --from=steampipe /usr/local/bin/steampipe /usr/local/bin/steampipe
 
 RUN steampipe service start \
     && steampipe plugin install steampipe \
     # plugin version should be in sync with Deepfence fork https://github.com/deepfence/steampipe-plugin-aws
-    && steampipe plugin install aws@0.118.1 gcp@0.43.0 azure@0.49.0 azuread@0.12.0 \
+    && steampipe plugin install aws@${STEAMPIPE_AWS_PLUGIN_VERSION} gcp@${STEAMPIPE_GCP_PLUGIN_VERSION} azure@${STEAMPIPE_AZURE_PLUGIN_VERSION} azuread@${STEAMPIPE_AZURE_AD_PLUGIN_VERSION} \
     && git clone https://github.com/turbot/steampipe-mod-aws-compliance.git --branch v0.79 --depth 1 \
     && git clone https://github.com/turbot/steampipe-mod-gcp-compliance.git --branch v0.21 --depth 1 \
     && git clone https://github.com/turbot/steampipe-mod-azure-compliance.git --branch v0.35 --depth 1 \
@@ -56,10 +60,10 @@ ENV PUBLISH_CLOUD_RESOURCES_INTERVAL_MINUTES=5 \
 
 EXPOSE 8080
 
-COPY --from=steampipe /usr/local/bin/steampipe-plugin-aws.plugin /home/deepfence/.steampipe/plugins/hub.steampipe.io/plugins/turbot/aws@latest/steampipe-plugin-aws.plugin
-COPY --from=steampipe /usr/local/bin/steampipe-plugin-gcp.plugin /home/deepfence/.steampipe/plugins/hub.steampipe.io/plugins/turbot/gcp@latest/steampipe-plugin-gcp.plugin
-COPY --from=steampipe /usr/local/bin/steampipe-plugin-azure.plugin /home/deepfence/.steampipe/plugins/hub.steampipe.io/plugins/turbot/azure@latest/steampipe-plugin-azure.plugin
-COPY --from=steampipe /usr/local/bin/steampipe-plugin-azuread.plugin /home/deepfence/.steampipe/plugins/hub.steampipe.io/plugins/turbot/azuread@latest/steampipe-plugin-azuread.plugin
+COPY --from=steampipe /usr/local/bin/steampipe-plugin-aws.plugin /home/deepfence/.steampipe/plugins/hub.steampipe.io/plugins/turbot/aws@${STEAMPIPE_AWS_PLUGIN_VERSION}/steampipe-plugin-aws.plugin
+COPY --from=steampipe /usr/local/bin/steampipe-plugin-gcp.plugin /home/deepfence/.steampipe/plugins/hub.steampipe.io/plugins/turbot/gcp@${STEAMPIPE_GCP_PLUGIN_VERSION}/steampipe-plugin-gcp.plugin
+COPY --from=steampipe /usr/local/bin/steampipe-plugin-azure.plugin /home/deepfence/.steampipe/plugins/hub.steampipe.io/plugins/turbot/azure@${STEAMPIPE_AZURE_PLUGIN_VERSION}/steampipe-plugin-azure.plugin
+COPY --from=steampipe /usr/local/bin/steampipe-plugin-azuread.plugin /home/deepfence/.steampipe/plugins/hub.steampipe.io/plugins/turbot/azuread@${STEAMPIPE_AZURE_AD_PLUGIN_VERSION}/steampipe-plugin-azuread.plugin
 
 COPY plugins/cloud-scanner/cloud_scanner /home/deepfence/bin/cloud_scanner
 

diff --git a/deepfence_agent/plugins/YaraHunter b/deepfence_agent/plugins/YaraHunter
diff --git a/deepfence_agent/plugins/cloud-scanner b/deepfence_agent/plugins/cloud-scanner
diff --git a/deepfence_agent/plugins/yara-rules b/deepfence_agent/plugins/yara-rules
diff --git a/deepfence_bootstrapper/router/cloud_scanner.go b/deepfence_bootstrapper/router/cloud_scanner.go
@@ -89,7 +89,7 @@ func RefreshResources(req ctl.RefreshResourcesRequest) error {
 	return nil
 }
 
-func GetCloudScannerJobCount() int32 {
+func GetCloudScannerJobCount(action ctl.ActionID) int32 {
 	conn, err := net.Dial("unix", CloudScannerSocketPath)
 	if err != nil {
 		log.Error().Err(err).Msgf("GetCloudScannerJobCount: error in creating cloud compliance scanner client with socket %s", CloudScannerSocketPath)
@@ -98,7 +98,7 @@ func GetCloudScannerJobCount() int32 {
 	defer conn.Close()
 
 	jobCountReq := map[string]interface{}{
-		"action": ctl.CloudScannerJobCount,
+		"action": action,
 	}
 	jobCountReqBytes, err := json.Marshal(jobCountReq)
 	if err != nil {
@@ -128,49 +128,3 @@ func GetCloudScannerJobCount() int32 {
 		return jobCount
 	}
 }
-
-func GetCloudNodeID() (string, error) {
-	cloudNodeID := ""
-	conn, err := net.Dial("unix", CloudScannerSocketPath)
-	if err != nil {
-		log.Error().Err(err).Msgf("Error creating cloud scanner client with socket %s", CloudScannerSocketPath)
-		return cloudNodeID, err
-	}
-	defer conn.Close()
-	reqMap := make(map[string]interface{})
-	reqMap["GetCloudNodeID"] = true
-	cloudNodeIDReq := map[string]interface{}{
-		"args": reqMap,
-	}
-
-	cloudNodeIDReqBytes, err := json.Marshal(cloudNodeIDReq)
-	if err != nil {
-		log.Error().Err(err).Msg("Error in converting request into valid json")
-		return cloudNodeID, err
-	}
-
-	_, err = conn.Write(cloudNodeIDReqBytes)
-	if err != nil {
-		log.Error().Err(err).Msgf("Error in writing data to unix socket %s", CloudScannerSocketPath)
-		return cloudNodeID, err
-	}
-
-	responseTimeout := 10 * time.Second
-	deadline := time.Now().Add(responseTimeout)
-	buf := make([]byte, 1024)
-	for {
-		conn.SetReadDeadline(deadline)
-		n, err := conn.Read(buf[:])
-		if err != nil {
-			log.Error().Err(err).Msg("Error in read")
-			return cloudNodeID, err
-		}
-
-		count, err := fmt.Sscan(string(buf[0:n]), &cloudNodeID)
-		if err != nil || count != 1 {
-			return cloudNodeID, err
-		}
-		break
-	}
-	return cloudNodeID, err
-}
diff --git a/deepfence_bootstrapper/router/openapi_client_controls.go b/deepfence_bootstrapper/router/openapi_client_controls.go
@@ -119,25 +119,29 @@ func (ct *OpenapiClient) StartControlsWatching(nodeID string,
 
 const (
 	MaxAgentWorkload      = 2
-	MaxCloudAgentWorkload = 1
+	MaxCloudAgentWorkload = 2
 )
 
 func GetScannersWorkloads(nodeType string) int32 {
-	res := int32(0)
-	var secret, malware, vuln, cloud int32
 	if nodeType == ctl.CLOUD_AGENT {
-		cloud = GetCloudScannerJobCount()
+		var cloudPostureScan, cloudResourceRefreshCount int32
+
+		cloudPostureScan = GetCloudScannerJobCount(ctl.CloudScannerJobCount)
+		cloudResourceRefreshCount = GetCloudScannerJobCount(ctl.CloudScannerResourceRefreshCount)
+
+		log.Info().Msgf("workloads = cloud posture: %d, cloud resource refresh: %d", cloudPostureScan, cloudResourceRefreshCount)
+		return cloudPostureScan + cloudResourceRefreshCount
 	} else {
+		var secret, malware, vuln int32
+
 		secret = GetSecretScannerJobCount()
 		malware = GetMalwareScannerJobCount()
 		vuln = GetPackageScannerJobCount()
-	}
 
-	//TODO: Add more scanners workload
-	log.Info().Msgf("workloads = vuln: %d, secret: %d, malware: %d, cloud: %d",
-		vuln, secret, malware, cloud)
-	res = secret + malware + vuln + cloud
-	return res
+		//TODO: Add more scanners workload
+		log.Info().Msgf("workloads = vuln: %d, secret: %d, malware: %d", vuln, secret, malware)
+		return secret + malware + vuln
+	}
 }
 
 var upgrade atomic.Bool

diff --git a/deepfence_frontend/apps/dashboard/api-spec.json b/deepfence_frontend/apps/dashboard/api-spec.json
@@ -13616,9 +13616,11 @@
           "node_id": { "type": "string" },
           "node_name": { "type": "string" },
           "refresh_message": { "type": "string" },
-          "refresh_status": {
-            "enum": ["STARTING", "IN_PROGRESS", "ERROR", "COMPLETE"],
-            "type": "string"
+          "refresh_status": { "type": "string" },
+          "refresh_status_map": {
+            "type": "object",
+            "additionalProperties": { "type": "integer" },
+            "nullable": true
           },
           "scan_status_map": {
             "type": "object",
@@ -14587,7 +14589,8 @@
           "config": { "type": "object", "additionalProperties": {}, "nullable": true },
           "filters": { "$ref": "#/components/schemas/ModelIntegrationFilters" },
           "integration_type": { "type": "string" },
-          "notification_type": { "type": "string" }
+          "notification_type": { "type": "string" },
+          "send_summary": { "type": "boolean" }
         }
       },
       "ModelIntegrationFilters": {
@@ -14625,7 +14628,8 @@
           "filters": { "$ref": "#/components/schemas/ModelIntegrationFilters" },
           "id": { "type": "integer" },
           "integration_type": { "type": "string" },
-          "notification_type": { "type": "string" }
+          "notification_type": { "type": "string" },
+          "send_summary": { "type": "boolean" }
         }
       },
       "ModelInviteUserRequest": {

diff --git a/deepfence_frontend/apps/dashboard/src/api/generated/models/ModelCloudNodeAccountInfo.ts b/deepfence_frontend/apps/dashboard/src/api/generated/models/ModelCloudNodeAccountInfo.ts
@@ -84,7 +84,13 @@ export interface ModelCloudNodeAccountInfo {
      * @type {string}
      * @memberof ModelCloudNodeAccountInfo
      */
-    refresh_status?: ModelCloudNodeAccountInfoRefreshStatusEnum;
+    refresh_status?: string;
+    /**
+     * 
+     * @type {{ [key: string]: number; }}
+     * @memberof ModelCloudNodeAccountInfo
+     */
+    refresh_status_map?: { [key: string]: number; } | null;
     /**
      * 
      * @type {{ [key: string]: number; }}
@@ -113,17 +119,6 @@ export const ModelCloudNodeAccountInfoCloudProviderEnum = {
 } as const;
 export type ModelCloudNodeAccountInfoCloudProviderEnum = typeof ModelCloudNodeAccountInfoCloudProviderEnum[keyof typeof ModelCloudNodeAccountInfoCloudProviderEnum];
 
-/**
- * @export
- */
-export const ModelCloudNodeAccountInfoRefreshStatusEnum = {
-    Starting: 'STARTING',
-    InProgress: 'IN_PROGRESS',
-    Error: 'ERROR',
-    Complete: 'COMPLETE'
-} as const;
-export type ModelCloudNodeAccountInfoRefreshStatusEnum = typeof ModelCloudNodeAccountInfoRefreshStatusEnum[keyof typeof ModelCloudNodeAccountInfoRefreshStatusEnum];
-
 
 /**
  * Check if a given object implements the ModelCloudNodeAccountInfo interface.
@@ -155,6 +150,7 @@ export function ModelCloudNodeAccountInfoFromJSONTyped(json: any, ignoreDiscrimi
         'node_name': !exists(json, 'node_name') ? undefined : json['node_name'],
         'refresh_message': !exists(json, 'refresh_message') ? undefined : json['refresh_message'],
         'refresh_status': !exists(json, 'refresh_status') ? undefined : json['refresh_status'],
+        'refresh_status_map': !exists(json, 'refresh_status_map') ? undefined : json['refresh_status_map'],
         'scan_status_map': !exists(json, 'scan_status_map') ? undefined : json['scan_status_map'],
         'version': !exists(json, 'version') ? undefined : json['version'],
     };
@@ -180,6 +176,7 @@ export function ModelCloudNodeAccountInfoToJSON(value?: ModelCloudNodeAccountInf
         'node_name': value.node_name,
         'refresh_message': value.refresh_message,
         'refresh_status': value.refresh_status,
+        'refresh_status_map': value.refresh_status_map,
         'scan_status_map': value.scan_status_map,
         'version': value.version,
     };

diff --git a/deepfence_frontend/apps/dashboard/src/api/generated/models/ModelIntegrationAddReq.ts b/deepfence_frontend/apps/dashboard/src/api/generated/models/ModelIntegrationAddReq.ts
@@ -50,6 +50,12 @@ export interface ModelIntegrationAddReq {
      * @memberof ModelIntegrationAddReq
      */
     notification_type: string;
+    /**
+     * 
+     * @type {boolean}
+     * @memberof ModelIntegrationAddReq
+     */
+    send_summary?: boolean;
 }
 
 /**
@@ -77,6 +83,7 @@ export function ModelIntegrationAddReqFromJSONTyped(json: any, ignoreDiscriminat
         'filters': !exists(json, 'filters') ? undefined : ModelIntegrationFiltersFromJSON(json['filters']),
         'integration_type': json['integration_type'],
         'notification_type': json['notification_type'],
+        'send_summary': !exists(json, 'send_summary') ? undefined : json['send_summary'],
     };
 }
 
@@ -93,6 +100,7 @@ export function ModelIntegrationAddReqToJSON(value?: ModelIntegrationAddReq | nu
         'filters': ModelIntegrationFiltersToJSON(value.filters),
         'integration_type': value.integration_type,
         'notification_type': value.notification_type,
+        'send_summary': value.send_summary,
     };
 }
 
diff --git a/deepfence_frontend/apps/dashboard/src/api/generated/models/ModelIntegrationUpdateReq.ts b/deepfence_frontend/apps/dashboard/src/api/generated/models/ModelIntegrationUpdateReq.ts
@@ -56,6 +56,12 @@ export interface ModelIntegrationUpdateReq {
      * @memberof ModelIntegrationUpdateReq
      */
     notification_type?: string;
+    /**
+     * 
+     * @type {boolean}
+     * @memberof ModelIntegrationUpdateReq
+     */
+    send_summary?: boolean;
 }
 
 /**
@@ -82,6 +88,7 @@ export function ModelIntegrationUpdateReqFromJSONTyped(json: any, ignoreDiscrimi
         'id': !exists(json, 'id') ? undefined : json['id'],
         'integration_type': !exists(json, 'integration_type') ? undefined : json['integration_type'],
         'notification_type': !exists(json, 'notification_type') ? undefined : json['notification_type'],
+        'send_summary': !exists(json, 'send_summary') ? undefined : json['send_summary'],
     };
 }
 
@@ -99,6 +106,7 @@ export function ModelIntegrationUpdateReqToJSON(value?: ModelIntegrationUpdateRe
         'id': value.id,
         'integration_type': value.integration_type,
         'notification_type': value.notification_type,
+        'send_summary': value.send_summary,
     };
 }
 
diff --git a/deepfence_frontend/apps/dashboard/src/components/ScanStatusBadge.tsx b/deepfence_frontend/apps/dashboard/src/components/ScanStatusBadge.tsx
@@ -1,6 +1,6 @@
 import { capitalize } from 'lodash-es';
 import { cn } from 'tailwind-preset';
-import { CircleSpinner } from 'ui-components';
+import { CircleSpinner, Tooltip } from 'ui-components';
 
 import {
   ErrorIcon,
@@ -22,10 +22,12 @@ export const ScanStatusBadge = ({
   status,
   className,
   justIcon = false,
+  errorMessage,
 }: {
   status: string;
   className?: string;
   justIcon?: boolean;
+  errorMessage?: string;
 }) => {
   const wrapperClassName = cn(
     'flex items-center gap-1.5 text-text-text-and-icon text-p4a',
@@ -49,10 +51,23 @@ export const ScanStatusBadge = ({
   } else if (isScanFailed(status)) {
     return (
       <div className={wrapperClassName}>
-        <span className={cn(iconWrapper, 'text-status-error')}>
-          <ErrorIcon />
-        </span>
-        {!justIcon ? <TruncatedText text={scanStatus} /> : null}
+        {errorMessage ? (
+          <Tooltip content={errorMessage}>
+            <div className="flex items-center gap-x-1.5">
+              <span className={cn(iconWrapper, 'text-status-error')}>
+                <ErrorIcon />
+              </span>
+              {!justIcon ? <TruncatedText text={scanStatus} /> : null}
+            </div>
+          </Tooltip>
+        ) : (
+          <>
+            <span className={cn(iconWrapper, 'text-status-error')}>
+              <ErrorIcon />
+            </span>
+            {!justIcon ? <TruncatedText text={scanStatus} /> : null}
+          </>
+        )}
       </div>
     );
   } else if (isNeverScanned(status)) {

diff --git a/...dashboard/src/features/integrations/components/integration-form/NotificationTypeField.tsx b/...dashboard/src/features/integrations/components/integration-form/NotificationTypeField.tsx
@@ -1,14 +1,16 @@
 import { useState } from 'react';
 import { useParams } from 'react-router-dom';
-import { Listbox, ListboxOption } from 'ui-components';
+import { Checkbox, Listbox, ListboxOption, Tooltip } from 'ui-components';
 
 import { ModelIntegrationListResp } from '@/api/generated';
+import { InfoStandardIcon } from '@/components/icons/common/InfoStandard';
 import { ScanTypeEnum } from '@/types/common';
 
 import { AdvancedFilters } from './AdvancedFilter';
 import { FieldSelection } from './FieldSelection';
 import { TextInputType } from './TextInputType';
 import {
+  canSendScanSummary,
   getNotificationPrettyName,
   IntegrationType,
   isCloudComplianceNotification,
@@ -18,6 +20,24 @@ import {
   isVulnerabilityNotification,
 } from './utils';
 
+const SendScanSummaryCheckbox = ({ sendSummaryOnly }: { sendSummaryOnly: boolean }) => {
+  const [checked, setChecked] = useState(sendSummaryOnly);
+  return (
+    <div className="flex gap-x-1.5 items-center col-span-2">
+      <Checkbox
+        name="sendSummary"
+        label="Send scan summary only?"
+        checked={checked}
+        onCheckedChange={(check: boolean) => setChecked(check)}
+      />
+      <Tooltip content="By default complete scan results are sent. If you wish to send only scan summary, check this checkbox.">
+        <div className="w-4 h-4">
+          <InfoStandardIcon />
+        </div>
+      </Tooltip>
+    </div>
+  );
+};
 export const NotificationTypeField = ({
   fieldErrors,
   defaultNotificationType,
@@ -80,6 +100,10 @@ export const NotificationTypeField = ({
           ) : null} */}
       </Listbox>
 
+      {canSendScanSummary(notificationType, integrationType) ? (
+        <SendScanSummaryCheckbox sendSummaryOnly={data?.config?.send_summary ?? false} />
+      ) : null}
+
       {isCloudComplianceNotification(notificationType) &&
         integrationType !== IntegrationType.s3 && (
           <Listbox
+1 −0		config.yaml
+2 −2		docs/yara-rules/listing.json
+1 −1		go.mod
+2 −0		go.sum
+13 −5		pkg/runner/runner.go
+0 −4		pkg/scan/process_image.go
+17 −5		pkg/scan/scanner.go
+0 −73		Dockerfile
+3 −10		Makefile
+10 −0		README.md
+11 −28		cloud_resource_changes/cloud_resource_changes_aws/cloudtrail.go
+3 −11		cloud_resource_changes/cloud_resource_changes_aws/util.go
+0 −85		cloudformation/deepfence-cloud-scanner-members.template
+6 −4		...nization-deployment/automated-deployment/deepfence-cloud-scanner-automated-organization-deployment.template
+2 −2		...ed/organization-deployment/manual-deployment/deepfence-managed-cloud-scanner-organization-iam-role.template
+5 −5		...ed/organization-deployment/manual-deployment/deepfence-managed-cloud-scanner-organization-stackset.template
+35 −0		...rmation/deepfence-managed/single-account-deployment/deepfence-managed-cloud-scanner-single-account.template
+14 −3		cloudformation/self-hosted/organization-deployment/deepfence-cloud-scanner-member-roles.template
+58 −109		cloudformation/self-hosted/organization-deployment/deepfence-cloud-scanner-org-common.template
+45 −38		cloudformation/self-hosted/organization-deployment/deepfence-cloud-scanner-org-ecs.template
+92 −82		cloudformation/self-hosted/single-account-deployment/deepfence-cloud-scanner.template
+0 −11		entrypoint.sh
+52 −8		go.mod
+184 −17		go.sum
+1 −1		golang_deepfence_sdk
+2 −0		helm-chart/.gitignore
+23 −0		helm-chart/deepfence-cloud-scanner/.helmignore
+24 −0		helm-chart/deepfence-cloud-scanner/Chart.yaml
+3 −0		helm-chart/deepfence-cloud-scanner/templates/NOTES.txt
+62 −0		helm-chart/deepfence-cloud-scanner/templates/_helpers.tpl
+96 −0		helm-chart/deepfence-cloud-scanner/templates/deployment.yaml
+11 −0		helm-chart/deepfence-cloud-scanner/templates/secret.yaml
+13 −0		helm-chart/deepfence-cloud-scanner/templates/serviceaccount.yaml
+107 −0		helm-chart/deepfence-cloud-scanner/values.yaml
+14 −0		helm-chart/index.yaml
+34 −156		internal/deepfence/client.go
+0 −59		internal/deepfence/diagnosis.go
+0 −27		internal/deepfence/util.go
+55 −88		main.go
+1 −1		output/file_output.go
+27 −41		output/output.go
+68 −75		query_resource/query.go
+9 −9		scanner/parser.go
+28 −123		scanner/scanner.go
+67 −0		service/query_service.go
+585 −231		service/service.go
+72 −75		util/type.go
+8 −17		util/util.go