[Cloud Security] Added textarea secret fields for GCP JSON file #187022
Conversation
|
Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security) |
animehart
added
the
release_note:skip
botelastic
bot
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
…on separate ticket probably
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Public APIs missing comments
Async chunks
Unknown metric groupsAPI count
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
| // const credentialsJsonField = queryByTestId( | ||
| // CIS_GCP_INPUT_FIELDS_TEST_SUBJECTS.CREDENTIALS_JSON | ||
| // ); | ||
| // await waitFor(() => | ||
| // expect(getByTestId(CIS_GCP_INPUT_FIELDS_TEST_SUBJECTS.CREDENTIALS_JSON)).toBeInTheDocument() | ||
| // ); |
There was a problem hiding this comment.
remove this if its not needed
There was a problem hiding this comment.
woops
i missed this
| <LazyPackagePolicyInputVarField | ||
| data-test-subj={CIS_GCP_INPUT_FIELDS_TEST_SUBJECTS.CREDENTIALS_JSON} | ||
| varDef={{ | ||
| ...findVariableDef(packageInfo, credentialJSONFields.id)!, |
There was a problem hiding this comment.
using this assertion is a red flag, i suggest to handle the situation of when its missing so we can actually know its there instead if asserting that
There was a problem hiding this comment.
we did this same thing with Azure and AWS secret component, can't quite remember how we ended up with this assertion
| onChange={(value) => { | ||
| onChange(credentialJSONFields.id, value); | ||
| }} | ||
| errors={[]} |
There was a problem hiding this comment.
im not familiar with this component, is this on purpose? what does this effects?
There was a problem hiding this comment.
this error props is basically being used on EuiFormRow component inside this component
| }} | ||
| errors={[]} | ||
| forceShowErrors={false} | ||
| isEditPage={true} |
There was a problem hiding this comment.
should this always be set to true? shouldn't it be conditional, using our isEdit parameter?
| CIS_GCP_INPUT_FIELDS_TEST_SUBJECTS.CREDENTIALS_JSON | ||
| ); | ||
|
|
||
| screen.logTestingPlaygroundURL(); |
There was a problem hiding this comment.
better remove this log, even if the test is skipped
| @@ -185,7 +185,8 @@ function getInputComponent({ | |||
| fieldTestSelector, | |||
| setIsDirty, | |||
| }: InputComponentProps) { | |||
| const { multi, type, options } = varDef; | |||
| // eslint-disable-next-line @typescript-eslint/naming-convention | |||
| const { multi, type, options, full_width } = varDef; | |||
There was a problem hiding this comment.
would that work instead of disabling the rule?
const { multi, type, options, full_width : fullWidth } = varDef;| @@ -629,7 +637,7 @@ describe('<CspPolicyTemplateForm />', () => { | |||
| }); | |||
| }); | |||
|
|
|||
| it(`renders ${CLOUDBEAT_EKS} Direct Access Keys fields`, async () => { | |||
| it.skip(`renders ${CLOUDBEAT_EKS} Direct Access Keys fields`, async () => { | |||
There was a problem hiding this comment.
why all the tests are skipped?
| @@ -1577,7 +1541,7 @@ describe('<CspPolicyTemplateForm />', () => { | |||
| expect(setupTechnologySelector).toBeInTheDocument(); | |||
| expect(setupTechnologySelector).toHaveTextContent(/agentless/i); | |||
| expect(orgIdField).toBeInTheDocument(); | |||
| expect(credentialsJsonField).toBeInTheDocument(); | |||
| // expect(credentialsJsonField).toBeInTheDocument(); | |||
There was a problem hiding this comment.
the LazyPackagePolicyInputVarField mock at the beginning of the file suggests this assertion should not be commented
| await cisIntegration.navigateToIntegrationCspList(); | ||
| expect( | ||
| (await cisIntegration.getFieldValueInEditPage(CREDENTIALS_JSON_TEST_ID)) === | ||
| credentialJsonName | ||
| ).to.be(true); |
There was a problem hiding this comment.
I think instead of just removing the assertion, we should test that it's really a secret field, when going to the edit page, we shouldn't be able to see the credential anywhere. Instead, we should be able to see the following message: "The saved secret access key is hidden."
| await cisIntegration.navigateToIntegrationCspList(); | ||
| expect( | ||
| (await cisIntegration.getFieldValueInEditPage(CREDENTIALS_JSON_TEST_ID)) === | ||
| credentialJsonName | ||
| ).to.be(true); |
💚 Build Succeeded
Metrics [docs]Public APIs missing comments
Async chunks
History
|
Summary
Currently GCP Json Blob field might contain input variables that can be considered secrets, and we are not hiding it. As such user can see the value when previewing the integration after saving them.
This PR makes it so that the JSON Blob field acts like a Password field once user save them as in they won't be able to see it when editing it (they can only replace but not edit)
It also encrypt the content on Preview, preventing User from seeing it from the Preview.
Screen.Recording.2024-07-02.at.7.50.57.PM.mov
TODO: