|
|
@@ -1,7 +1,7 @@
|
|
|
+import React, { useContext, useEffect, useMemo, useState } from "react";
|
|
|
import type { JsonValue } from "@bufbuild/protobuf";
|
|
|
import { Cluster, Contract, EKS, EKSLogging } from "@porter-dev/api-contracts";
|
|
|
import axios from "axios";
|
|
|
-import React, { useContext, useEffect, useMemo, useState } from "react";
|
|
|
import styled from "styled-components";
|
|
|
import { match } from "ts-pattern";
|
|
|
|
|
|
@@ -12,11 +12,11 @@ import Error from "components/porter/Error";
|
|
|
import Spacer from "components/porter/Spacer";
|
|
|
import Text from "components/porter/Text";
|
|
|
import ToggleRow from "components/porter/ToggleRow";
|
|
|
-
|
|
|
-import sparkle from "assets/sparkle.svg";
|
|
|
import SOC2Checks from "components/SOC2Checks";
|
|
|
-import { Context } from "shared/Context";
|
|
|
+
|
|
|
import api from "shared/api";
|
|
|
+import { Context } from "shared/Context";
|
|
|
+import sparkle from "assets/sparkle.svg";
|
|
|
|
|
|
type Props = {
|
|
|
credentialId: string;
|
|
|
@@ -24,8 +24,7 @@ type Props = {
|
|
|
selectedClusterVersion: JsonValue;
|
|
|
};
|
|
|
|
|
|
-
|
|
|
-// Example SOC2 Check NOTE PLEASE ADD FUNC TO createContract and useEffect(() to correctly READ AND WRITE
|
|
|
+// Example SOC2 Check NOTE PLEASE ADD FUNC TO createContract and useEffect(() to correctly READ AND WRITE
|
|
|
// "Display_Name_Of_SOC2_Check": {
|
|
|
// "message": "Main Example Message about the Check",
|
|
|
// "link": "example link for more docs ",
|
|
|
@@ -36,38 +35,43 @@ type Props = {
|
|
|
// "locked":(true if unmutable field like KMS),
|
|
|
// "disabledTooltip": "display if message is disabled",
|
|
|
// "hideToggle": true (if you want to hide the toggle
|
|
|
-//}
|
|
|
+// }
|
|
|
const soc2DataDefault = {
|
|
|
- "soc2_checks": {
|
|
|
+ soc2_checks: {
|
|
|
"Public SSH Access": {
|
|
|
- "message": "Porter-provisioned instances do not allow remote SSH access. Users are not allowed to invoke commands directly on the host, and all commands are invoked via the EKS Control Plane.",
|
|
|
- "enabled": true,
|
|
|
- "hideToggle": true,
|
|
|
- "status": "ENABLED"
|
|
|
+ message:
|
|
|
+ "Porter-provisioned instances do not allow remote SSH access. Users are not allowed to invoke commands directly on the host, and all commands are invoked via the EKS Control Plane.",
|
|
|
+ enabled: true,
|
|
|
+ hideToggle: true,
|
|
|
+ status: "ENABLED",
|
|
|
},
|
|
|
"Cluster Secret Encryption": {
|
|
|
- "message": "Cluster secrets can be encrypted using an AWS KMS Key. Secrets will be encrypted at rest, and encryption cannot be disabled for secrets.",
|
|
|
- "enabled": false,
|
|
|
- "disabledTooltip": "Enable KMS encryption for the cluster to enable SOC 2 compliance.",
|
|
|
- "link": "https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/",
|
|
|
- "locked": true,
|
|
|
- "status": "",
|
|
|
+ message:
|
|
|
+ "Cluster secrets can be encrypted using an AWS KMS Key. Secrets will be encrypted at rest, and encryption cannot be disabled for secrets.",
|
|
|
+ enabled: false,
|
|
|
+ disabledTooltip:
|
|
|
+ "Enable KMS encryption for the cluster to enable SOC 2 compliance.",
|
|
|
+ link: "https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/",
|
|
|
+ locked: true,
|
|
|
+ status: "",
|
|
|
},
|
|
|
"Control Plane Log Retention": {
|
|
|
- "message": "EKS Control Plane logs are by default available for a minimal amount of time, typically 1 hour or less. EKS CloudTrail Forwarding automatically sends control plane logs to CloudTrail for longer retention and later inspection.",
|
|
|
- "enabled": false,
|
|
|
- "enabledField": "Retain CloudTrail logs for 365 days",
|
|
|
- "status": "",
|
|
|
+ message:
|
|
|
+ "EKS Control Plane logs are by default available for a minimal amount of time, typically 1 hour or less. EKS CloudTrail Forwarding automatically sends control plane logs to CloudTrail for longer retention and later inspection.",
|
|
|
+ enabled: false,
|
|
|
+ enabledField: "Retain CloudTrail logs for 365 days",
|
|
|
+ status: "",
|
|
|
},
|
|
|
"Enhanced Image Vulnerability Scanning": {
|
|
|
- "message": "AWS ECR scans for CVEs from the open-source Clair database on push image push. Enhanced scanning provides continuous, automated scans against images as new vulnerabilities appear.",
|
|
|
- "link": "https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning-enhanced.html",
|
|
|
- "enabled": false,
|
|
|
- "info": "",
|
|
|
- "status": ""
|
|
|
- }
|
|
|
- }
|
|
|
-}
|
|
|
+ message:
|
|
|
+ "AWS ECR scans for CVEs from the open-source Clair database on push image push. Enhanced scanning provides continuous, automated scans against images as new vulnerabilities appear.",
|
|
|
+ link: "https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning-enhanced.html",
|
|
|
+ enabled: false,
|
|
|
+ info: "",
|
|
|
+ status: "",
|
|
|
+ },
|
|
|
+ },
|
|
|
+};
|
|
|
|
|
|
const DEFAULT_ERROR_MESSAGE =
|
|
|
"An error occurred while provisioning your infrastructure. Please try again.";
|
|
|
@@ -146,9 +150,12 @@ const Compliance: React.FC<Props> = (props) => {
|
|
|
|
|
|
const createContract = (base64Contract: string): Contract => {
|
|
|
//
|
|
|
- const cloudTrailEnabled = soc2Data.soc2_checks["Control Plane Log Retention"].enabled
|
|
|
- const kmsEnabled = soc2Data.soc2_checks["Cluster Secret Encryption"].enabled
|
|
|
- const ecrScanningEnabled = soc2Data.soc2_checks["Control Plane Log Retention"].enabled
|
|
|
+ const cloudTrailEnabled =
|
|
|
+ soc2Data.soc2_checks["Control Plane Log Retention"].enabled;
|
|
|
+ const kmsEnabled =
|
|
|
+ soc2Data.soc2_checks["Cluster Secret Encryption"].enabled;
|
|
|
+ const ecrScanningEnabled =
|
|
|
+ soc2Data.soc2_checks["Enhanced Image Vulnerability Scanning"].enabled;
|
|
|
|
|
|
const contractData = JSON.parse(atob(base64Contract));
|
|
|
const latestCluster: Cluster = Cluster.fromJson(contractData.cluster, {
|
|
|
@@ -250,7 +257,7 @@ const Compliance: React.FC<Props> = (props) => {
|
|
|
project_id: currentProject ? currentProject.id : 0,
|
|
|
}
|
|
|
);
|
|
|
- } catch (err) { }
|
|
|
+ } catch (err) {}
|
|
|
};
|
|
|
|
|
|
const isUserProvisioning = useMemo(() => {
|
|
|
@@ -260,13 +267,11 @@ const Compliance: React.FC<Props> = (props) => {
|
|
|
const determineStatus = (enabled: boolean): string => {
|
|
|
if (enabled) {
|
|
|
if (currentCluster?.status === "UPDATING") {
|
|
|
- return "PENDING"
|
|
|
- }
|
|
|
- else
|
|
|
- return "ENABLED"
|
|
|
+ return "PENDING";
|
|
|
+ } else return "ENABLED";
|
|
|
}
|
|
|
- return ""
|
|
|
- }
|
|
|
+ return "";
|
|
|
+ };
|
|
|
|
|
|
useEffect(() => {
|
|
|
const contract: Contract = Contract.fromJson(props.selectedClusterVersion, {
|
|
|
@@ -284,7 +289,7 @@ const Compliance: React.FC<Props> = (props) => {
|
|
|
|
|
|
setClusterRegion(eksValues.region);
|
|
|
|
|
|
- setSoc2Data(prevSoc2Data => {
|
|
|
+ setSoc2Data((prevSoc2Data) => {
|
|
|
return {
|
|
|
...prevSoc2Data,
|
|
|
soc2_checks: {
|
|
|
@@ -292,26 +297,28 @@ const Compliance: React.FC<Props> = (props) => {
|
|
|
"Control Plane Log Retention": {
|
|
|
...prevSoc2Data.soc2_checks["Control Plane Log Retention"],
|
|
|
enabled: cloudTrailEnabled,
|
|
|
- status: determineStatus(cloudTrailEnabled)
|
|
|
+ status: determineStatus(cloudTrailEnabled),
|
|
|
},
|
|
|
"Cluster Secret Encryption": {
|
|
|
...prevSoc2Data.soc2_checks["Cluster Secret Encryption"],
|
|
|
enabled: eksValues.enableKmsEncryption,
|
|
|
- status: determineStatus(eksValues.enableKmsEncryption)
|
|
|
+ status: determineStatus(eksValues.enableKmsEncryption),
|
|
|
},
|
|
|
"Enhanced Image Vulnerability Scanning": {
|
|
|
- ...prevSoc2Data.soc2_checks["Enhanced Image Vulnerability Scanning"],
|
|
|
+ ...prevSoc2Data.soc2_checks[
|
|
|
+ "Enhanced Image Vulnerability Scanning"
|
|
|
+ ],
|
|
|
enabled: eksValues.enableEcrScanning,
|
|
|
- status: determineStatus(eksValues.enableEcrScanning)
|
|
|
- }
|
|
|
- }
|
|
|
+ status: determineStatus(eksValues.enableEcrScanning),
|
|
|
+ },
|
|
|
+ },
|
|
|
};
|
|
|
});
|
|
|
|
|
|
setSoc2Enabled(
|
|
|
cloudTrailEnabled &&
|
|
|
- eksValues.enableKmsEncryption &&
|
|
|
- eksValues.enableEcrScanning
|
|
|
+ eksValues.enableKmsEncryption &&
|
|
|
+ eksValues.enableEcrScanning
|
|
|
);
|
|
|
}
|
|
|
}, [props.selectedClusterVersion]);
|
|
|
@@ -323,7 +330,7 @@ const Compliance: React.FC<Props> = (props) => {
|
|
|
|
|
|
setIsReadOnly(
|
|
|
currentCluster.status === "UPDATING" ||
|
|
|
- currentCluster.status === "UPDATING_UNAVAILABLE"
|
|
|
+ currentCluster.status === "UPDATING_UNAVAILABLE"
|
|
|
);
|
|
|
}, []);
|
|
|
|
|
|
@@ -346,7 +353,7 @@ const Compliance: React.FC<Props> = (props) => {
|
|
|
readOnly={isReadOnly}
|
|
|
/>
|
|
|
<Spacer y={1} />
|
|
|
- <Container row >
|
|
|
+ <Container row>
|
|
|
<Button
|
|
|
disabled={isDisabled() ?? isLoading}
|
|
|
onClick={applySettings}
|
|
|
@@ -390,4 +397,4 @@ const NewBadge = styled.div`
|
|
|
height: 14px;
|
|
|
margin-right: 5px;
|
|
|
}
|
|
|
-`;
|
|
|
+`;
|
jose-fully-ported