From a23f63db0e7a610b6124d187f04b1840b7250f46 Mon Sep 17 00:00:00 2001 From: Lola Date: Mon, 12 Aug 2024 17:26:46 -0400 Subject: [PATCH] [Cloud Security] add agentless ux creation flow (#189932) ## Summary This PR add UX updates to agentless creation flow which include the following: * Disabling Agent-based popups when newly created policy is Agentless * Adding Cloud Credentials Instructions * Minor UX adjustments such as adding Readme doc link on AWS credentials form and spacing between Azure Credentials form. image https://github.com/user-attachments/assets/48d3a49e-043d-48f6-ac0c-8e131d47e976 --------- Co-authored-by: Elastic Machine --- .../aws_credentials_form_agentless.tsx | 167 ++++++++++++++++-- .../azure_credentials_form.tsx | 31 ++-- .../gcp_credential_form.tsx | 22 ++- .../gcp_credentials_form_agentless.tsx | 135 +++++++++++++- .../single_page_layout/hooks/form.tsx | 24 +-- .../translations/translations/fr-FR.json | 1 - .../translations/translations/ja-JP.json | 1 - .../translations/translations/zh-CN.json | 1 - 8 files changed, 326 insertions(+), 56 deletions(-) diff --git a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/aws_credentials_form/aws_credentials_form_agentless.tsx b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/aws_credentials_form/aws_credentials_form_agentless.tsx index 8a5587cf16622..4e849197854ba 100644 --- a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/aws_credentials_form/aws_credentials_form_agentless.tsx +++ b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/aws_credentials_form/aws_credentials_form_agentless.tsx @@ -6,7 +6,7 @@ */ import React from 'react'; -import { EuiButton, EuiCallOut, EuiLink, EuiSpacer } from '@elastic/eui'; +import { EuiButton, EuiCallOut, EuiLink, EuiSpacer, EuiText } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; import semverCompare from 'semver/functions/compare'; import semverValid from 'semver/functions/valid'; @@ -19,6 +19,7 @@ import { import { cspIntegrationDocsNavigation } from '../../../common/navigation/constants'; import { CLOUD_CREDENTIALS_PACKAGE_VERSION, + ORGANIZATION_ACCOUNT, SINGLE_ACCOUNT, TEMPLATE_URL_ACCOUNT_TYPE_ENV_VAR, } from '../../../../common/constants'; @@ -34,8 +35,145 @@ import { AwsFormProps, AWSSetupInfoContent, AwsCredentialTypeSelector, + ReadDocumentation, } from './aws_credentials_form'; +const CLOUD_FORMATION_EXTERNAL_DOC_URL = + 'https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-whatis-howdoesitwork.html'; + +export const CloudFormationCloudCredentialsGuide = ({ + isOrganization, +}: { + isOrganization?: boolean; +}) => { + return ( + + + + + ), + }} + /> + + +
    + {isOrganization ? ( +
  1. + admin, + }} + /> +
  2. + ) : ( +
  3. + admin, + }} + /> +
  4. + )} + +
  5. + Launch CloudFormation, + }} + /> +
  6. + +
  7. + AWS region, + }} + /> +
  8. + +
  9. + + + + ), + capabilities: ( + + + + ), + }} + /> +
  10. + +
  11. + Create stack, + }} + /> +
  12. + +
  13. + CREATE_COMPLETE, + }} + /> +
  14. + +
  15. + Access Key Id, + secretAccessKey: Secret Access Key, + }} + /> +
  16. +
+
+
+ ); +}; + export const AwsCredentialsFormAgentless = ({ input, newPolicy, @@ -60,6 +198,8 @@ export const AwsCredentialsFormAgentless = ({ SUPPORTED_TEMPLATES_URL_FROM_PACKAGE_INFO_INPUT_VARS.CLOUD_FORMATION_CREDENTIALS )?.replace(TEMPLATE_URL_ACCOUNT_TYPE_ENV_VAR, accountType); + const isOrganization = accountType === ORGANIZATION_ACCOUNT; + return ( <> - {!showCloudCredentialsButton && ( - <> - - - - - - )} + {awsCredentialsType === DEFAULT_AGENTLESS_AWS_CREDENTIALS_TYPE && + !showCloudCredentialsButton && ( + <> + + + + + + )} {awsCredentialsType === DEFAULT_AGENTLESS_AWS_CREDENTIALS_TYPE && showCloudCredentialsButton && ( <> + + ); }; diff --git a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/azure_credentials_form/azure_credentials_form.tsx b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/azure_credentials_form/azure_credentials_form.tsx index 02aa0eb679a66..2b0aaec9bb8af 100644 --- a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/azure_credentials_form/azure_credentials_form.tsx +++ b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/azure_credentials_form/azure_credentials_form.tsx @@ -316,21 +316,24 @@ export const AzureInputVarFields = ({ )} {field.type === 'text' && ( - - + onChange(field.id, event.target.value)} - data-test-subj={field.testSubj} - /> - + hasChildLabel={true} + id={field.id} + > + onChange(field.id, event.target.value)} + data-test-subj={field.testSubj} + /> + + + )} ))} diff --git a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/gcp_credentials_form/gcp_credential_form.tsx b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/gcp_credentials_form/gcp_credential_form.tsx index 2b060778933d3..eb4ca204e64de 100644 --- a/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/gcp_credentials_form/gcp_credential_form.tsx +++ b/x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/gcp_credentials_form/gcp_credential_form.tsx @@ -57,7 +57,7 @@ export const GCP_CREDENTIALS_TYPE = { type SetupFormatGCP = typeof GCP_SETUP_ACCESS.CLOUD_SHELL | typeof GCP_SETUP_ACCESS.MANUAL; -export const GCPSetupInfoContent = () => ( +export const GCPSetupInfoContent = ({ isAgentless }: { isAgentless: boolean }) => ( <> @@ -70,12 +70,20 @@ export const GCPSetupInfoContent = () => ( - + /> + ) : ( + + )} ); @@ -467,7 +475,7 @@ export const GcpCredentialsForm = ({ } return ( <> - + { + const GOOGLE_CLOUD_SHELL_EXTERNAL_DOC_URL = 'https://cloud.google.com/shell/docs'; + const Link = ({ children, url }: { children: React.ReactNode; url: string }) => ( + + {children} + + ); + + return ( + <> + + + + + + ), + }} + /> + + +
    +
  1. + Google Cloud Console, + }} + /> +
  2. + +
  3. + <> + {props?.isOrganization ? ( + + ) : ( + + )} + + + {props.commandText} + + +
  4. + +
  5. + Launch Google Cloud Shell, + }} + ignoreTag + /> +
  6. + +
  7. + Confirm, + trustRepo: Trust Repo, + }} + ignoreTag + /> +
  8. + +
  9. + Google Cloud Shell, + }} + ignoreTag + /> +
  10. + +
  11. + cat KEY_FILE.json, + }} + ignoreTag + /> +
  12. +
+
+
+ + ); +}; + export const GcpCredentialsFormAgentless = ({ input, newPolicy, @@ -64,14 +185,19 @@ export const GcpCredentialsFormAgentless = ({ SUPPORTED_TEMPLATES_URL_FROM_PACKAGE_INFO_INPUT_VARS.CLOUD_SHELL_URL )?.replace(TEMPLATE_URL_ACCOUNT_TYPE_ENV_VAR, accountType); + const commandText = `gcloud config set project ${ + isOrganization ? ` && ORD_ID=` : `` + } && ./deploy_service_account.sh`; + return ( <> + {!showCloudCredentialsButton && ( <> @@ -80,6 +206,11 @@ export const GcpCredentialsFormAgentless = ({ )} {showCloudCredentialsButton && ( <> + + 0) { setFormState('SUBMITTED'); + return; } if (!error) { setSavedPackagePolicy(data!.item); const promptForAgentEnrollment = - !(agentCount && agentPolicies.length > 0) && hasFleetAddAgentsPrivileges; + !(agentCount && agentPolicies.length > 0) && + !isAgentlessPackagePolicy(data!.item) && + hasFleetAddAgentsPrivileges; + if (promptForAgentEnrollment && hasAzureArmTemplate) { setFormState('SUBMITTED_AZURE_ARM_TEMPLATE'); return; diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 314f14d6523fe..b048ed05a577a 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -14438,7 +14438,6 @@ "xpack.csp.fleetIntegration.gcpAccountType.gcpSingleAccountDescription": "Un déploiement vers un seul projet suffit pour une démonstration de faisabilité initiale. Pour garantir une couverture complète, il est fortement recommandé de déployer la gestion du niveau de sécurité du cloud au niveau de l'organisation, ce qui connecte automatiquement tous les projets (actuels et futurs).", "xpack.csp.fleetIntegration.gcpAccountType.gcpSingleAccountLabel": "Compte unique", "xpack.csp.fleetIntegration.gcpAccountTypeDescriptionLabel": "Sélectionnez un compte unique ou une organisation, puis saisissez un nom et une description pour permettre l'identification de cette intégration.", - "xpack.csp.fleetIntegration.gcpCloudCredentials.cloudFormationSupportedMessage": "La fonctionnalité Lancer Cloud Shell pour obtenir les informations d'identification de façon automatisée n’est pas pris en charge dans la version d'intégration actuelle. Veuillez effectuer une mise à niveau vers la dernière version pour activer Lancer Cloud Shell pour les informations d'identification automatisées.", "xpack.csp.fleetIntegration.integrationDescriptionLabel": "Description", "xpack.csp.fleetIntegration.integrationNameLabel": "Nom", "xpack.csp.fleetIntegration.integrationSettingsTitle": "Paramètres de l'intégration", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 50982dd91268d..a1ed084e1a6fb 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -14427,7 +14427,6 @@ "xpack.csp.fleetIntegration.gcpAccountType.gcpSingleAccountDescription": "1つのプロジェクトへのデプロイは、最初のPOCに適しています。完全に対応するためには、組織レベルでCSPMをデプロイし、すべてのプロジェクト(現在と将来の両方)を自動的に接続することを強くお勧めします。", "xpack.csp.fleetIntegration.gcpAccountType.gcpSingleAccountLabel": "1つのアカウント", "xpack.csp.fleetIntegration.gcpAccountTypeDescriptionLabel": "1つのアカウントまたは組織のいずれかを選択し、この統合を識別するための名前と説明を入力します。", - "xpack.csp.fleetIntegration.gcpCloudCredentials.cloudFormationSupportedMessage": "Launch Cloud ShellLaunch Cloud Formation for Automated Credentialsは、現在の統合バージョンではサポートされていません。Launch Cloud Shell for Automated Credentialsを有効化するには、最新バージョンにアップグレードしてください。", "xpack.csp.fleetIntegration.integrationDescriptionLabel": "説明", "xpack.csp.fleetIntegration.integrationNameLabel": "名前", "xpack.csp.fleetIntegration.integrationSettingsTitle": "統合設定", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 50c7587c6e589..6b824bc3a21c3 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -14449,7 +14449,6 @@ "xpack.csp.fleetIntegration.gcpAccountType.gcpSingleAccountDescription": "部署到单个项目适用于初始 POC。为确保全面覆盖,强烈建议在组织级别部署 CSPM,这会自动连接所有项目(当前和未来)。", "xpack.csp.fleetIntegration.gcpAccountType.gcpSingleAccountLabel": "单个帐户", "xpack.csp.fleetIntegration.gcpAccountTypeDescriptionLabel": "选择单个帐户或组织,然后填写名称和描述以帮助标识此集成。", - "xpack.csp.fleetIntegration.gcpCloudCredentials.cloudFormationSupportedMessage": "当前集成版本不支持为自动化凭据启动 Cloud Shell。请升级到最新版本以启用为自动化凭据启动 Cloud Shell。", "xpack.csp.fleetIntegration.integrationDescriptionLabel": "描述", "xpack.csp.fleetIntegration.integrationNameLabel": "名称", "xpack.csp.fleetIntegration.integrationSettingsTitle": "集成设置",