[Cloud Security] Move credentials type strings to constants for all c…

…loud providers (#179031) ## Summary Part of: - elastic/security-team#8040 Small refactoring which shouldn't affect functionality, a follow-up after #178400 and #177965. I didn't go as far as moving all the var names to the contents, for now just moving all the string values of credentials types we use to constants
elastic · Apr 3, 2024 · f734170 · f734170
1 parent 9a13959
commit f734170
Show file tree

Hide file tree

Showing 11 changed files with 144 additions and 103 deletions.
diff --git a/x-pack/plugins/cloud_security_posture/common/constants.ts b/x-pack/plugins/cloud_security_posture/common/constants.ts
@@ -6,10 +6,10 @@
  */
 
 import {
-  PostureTypes,
-  VulnSeverity,
   AwsCredentialsTypeFieldMap,
   GcpCredentialsTypeFieldMap,
+  PostureTypes,
+  VulnSeverity,
 } from './types_old';
 
 export const STATUS_ROUTE_PATH = '/internal/cloud_security_posture/status';
@@ -162,9 +162,6 @@ export const AWS_CREDENTIALS_TYPE_TO_FIELDS_MAP: AwsCredentialsTypeFieldMap = {
   cloud_formation: [],
 };
 
-export const SETUP_ACCESS_CLOUD_SHELL = 'google_cloud_shell';
-export const SETUP_ACCESS_MANUAL = 'manual';
-
 export const DETECTION_ENGINE_ALERTS_INDEX_DEFAULT = '.alerts-security.alerts-default';
 
 export const GCP_CREDENTIALS_TYPE_TO_FIELDS_MAP: GcpCredentialsTypeFieldMap = {

diff --git a/..._posture/public/components/fleet_extensions/aws_credentials_form/aws_credentials_form.tsx b/..._posture/public/components/fleet_extensions/aws_credentials_form/aws_credentials_form.tsx
@@ -26,7 +26,7 @@ import {
 } from './get_aws_credentials_form_options';
 import { CspRadioOption, RadioGroup } from '../csp_boxed_radio_group';
 import { getPosturePolicy, NewPackagePolicyPostureInput } from '../utils';
-import { SetupFormat, useAwsCredentialsForm } from './hooks';
+import { useAwsCredentialsForm } from './hooks';
 import { AWS_ORGANIZATION_ACCOUNT } from '../policy_template_form';
 import { AwsCredentialsType } from '../../../../common/types_old';
 import { AwsInputVarFields } from './aws_input_var_fields';
@@ -38,6 +38,21 @@ import {
 interface AWSSetupInfoContentProps {
   info: ReactNode;
 }
+
+export type SetupFormat = typeof AWS_SETUP_FORMAT.CLOUD_FORMATION | typeof AWS_SETUP_FORMAT.MANUAL;
+
+export const AWS_SETUP_FORMAT = {
+  CLOUD_FORMATION: 'cloud_formation',
+  MANUAL: 'manual',
+};
+
+export const AWS_CREDENTIALS_TYPE = {
+  ASSUME_ROLE: 'assume_role',
+  DIRECT_ACCESS_KEYS: 'direct_access_keys',
+  TEMPORARY_KEYS: 'temporary_keys',
+  SHARED_CREDENTIALS: 'shared_credentials',
+  CLOUD_FORMATION: 'cloud_formation',
+} as const;
 export const AWSSetupInfoContent = ({ info }: AWSSetupInfoContentProps) => {
   return (
     <>
@@ -60,12 +75,12 @@ export const AWSSetupInfoContent = ({ info }: AWSSetupInfoContentProps) => {
 
 const getSetupFormatOptions = (): CspRadioOption[] => [
   {
-    id: 'cloud_formation',
+    id: AWS_SETUP_FORMAT.CLOUD_FORMATION,
     label: 'CloudFormation',
     testId: AWS_CREDENTIALS_TYPE_OPTIONS_TEST_SUBJ.CLOUDFORMATION,
   },
   {
-    id: 'manual',
+    id: AWS_SETUP_FORMAT.MANUAL,
     label: i18n.translate('xpack.csp.awsIntegration.setupFormatOptions.manual', {
       defaultMessage: 'Manual',
     }),
@@ -243,10 +258,10 @@ export const AwsCredentialsForm = ({
         }
       />
       <EuiSpacer size="l" />
-      {setupFormat === 'cloud_formation' && (
+      {setupFormat === AWS_SETUP_FORMAT.CLOUD_FORMATION && (
         <CloudFormationSetup hasCloudFormationTemplate={hasCloudFormationTemplate} input={input} />
       )}
-      {setupFormat === 'manual' && (
+      {setupFormat === AWS_SETUP_FORMAT.MANUAL && (
         <>
           <AwsCredentialTypeSelector
             label={i18n.translate('xpack.csp.awsIntegration.awsCredentialTypeSelectorLabel', {

diff --git a/...lic/components/fleet_extensions/aws_credentials_form/get_aws_credentials_form_options.tsx b/...lic/components/fleet_extensions/aws_credentials_form/get_aws_credentials_form_options.tsx
@@ -11,6 +11,7 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { i18n } from '@kbn/i18n';
 import { NewPackagePolicyInput } from '@kbn/fleet-plugin/common';
 import { AwsCredentialsType } from '../../../../common/types_old';
+import { AWS_CREDENTIALS_TYPE } from './aws_credentials_form';
 
 const AssumeRoleDescription = (
   <div>
@@ -109,19 +110,24 @@ const getAwsCredentialsTypeSelectorOptions = (
 };
 
 export const getAwsCredentialsFormManualOptions = (): AwsCredentialsTypeOptions =>
-  getAwsCredentialsTypeSelectorOptions(({ value }) => value !== 'cloud_formation');
+  getAwsCredentialsTypeSelectorOptions(
+    ({ value }) => value !== AWS_CREDENTIALS_TYPE.CLOUD_FORMATION
+  );
 
 export const getAwsCredentialsFormAgentlessOptions = (): AwsCredentialsTypeOptions =>
   getAwsCredentialsTypeSelectorOptions(
-    ({ value }) => value === 'direct_access_keys' || value === 'temporary_keys'
+    ({ value }) =>
+      value === AWS_CREDENTIALS_TYPE.DIRECT_ACCESS_KEYS ||
+      value === AWS_CREDENTIALS_TYPE.TEMPORARY_KEYS
   );
 
-export const DEFAULT_AWS_CREDENTIALS_TYPE = 'cloud_formation';
-export const DEFAULT_MANUAL_AWS_CREDENTIALS_TYPE = 'assume_role';
-export const DEFAULT_AGENTLESS_AWS_CREDENTIALS_TYPE = 'direct_access_keys';
+export const DEFAULT_AWS_CREDENTIALS_TYPE = AWS_CREDENTIALS_TYPE.CLOUD_FORMATION;
+export const DEFAULT_MANUAL_AWS_CREDENTIALS_TYPE: typeof AWS_CREDENTIALS_TYPE.ASSUME_ROLE =
+  AWS_CREDENTIALS_TYPE.ASSUME_ROLE;
+export const DEFAULT_AGENTLESS_AWS_CREDENTIALS_TYPE = AWS_CREDENTIALS_TYPE.DIRECT_ACCESS_KEYS;
 
 export const getAwsCredentialsFormOptions = (): AwsOptions => ({
-  assume_role: {
+  [AWS_CREDENTIALS_TYPE.ASSUME_ROLE]: {
     label: i18n.translate('xpack.csp.awsIntegration.assumeRoleLabel', {
       defaultMessage: 'Assume role',
     }),
@@ -134,7 +140,7 @@ export const getAwsCredentialsFormOptions = (): AwsOptions => ({
       },
     },
   },
-  direct_access_keys: {
+  [AWS_CREDENTIALS_TYPE.DIRECT_ACCESS_KEYS]: {
     label: i18n.translate('xpack.csp.awsIntegration.directAccessKeyLabel', {
       defaultMessage: 'Direct access keys',
     }),
@@ -144,7 +150,7 @@ export const getAwsCredentialsFormOptions = (): AwsOptions => ({
       secret_access_key: { label: AWS_FIELD_LABEL.secret_access_key, type: 'password' },
     },
   },
-  temporary_keys: {
+  [AWS_CREDENTIALS_TYPE.TEMPORARY_KEYS]: {
     info: TemporaryKeysDescription,
     label: i18n.translate('xpack.csp.awsIntegration.temporaryKeysLabel', {
       defaultMessage: 'Temporary keys',
@@ -159,7 +165,7 @@ export const getAwsCredentialsFormOptions = (): AwsOptions => ({
       },
     },
   },
-  shared_credentials: {
+  [AWS_CREDENTIALS_TYPE.SHARED_CREDENTIALS]: {
     label: i18n.translate('xpack.csp.awsIntegration.sharedCredentialLabel', {
       defaultMessage: 'Shared credentials',
     }),
@@ -177,7 +183,7 @@ export const getAwsCredentialsFormOptions = (): AwsOptions => ({
       },
     },
   },
-  cloud_formation: {
+  [AWS_CREDENTIALS_TYPE.CLOUD_FORMATION]: {
     label: 'CloudFormation',
     info: [],
     fields: {},

diff --git a/...s/cloud_security_posture/public/components/fleet_extensions/aws_credentials_form/hooks.ts b/...s/cloud_security_posture/public/components/fleet_extensions/aws_credentials_form/hooks.ts
@@ -9,10 +9,10 @@ import { useEffect, useRef } from 'react';
 import { NewPackagePolicy, PackageInfo } from '@kbn/fleet-plugin/common';
 import { cspIntegrationDocsNavigation } from '../../../common/navigation/constants';
 import {
+  getAwsCredentialsType,
   getCspmCloudFormationDefaultValue,
   getPosturePolicy,
   NewPackagePolicyPostureInput,
-  getAwsCredentialsType,
 } from '../utils';
 import {
   DEFAULT_MANUAL_AWS_CREDENTIALS_TYPE,
@@ -21,27 +21,26 @@ import {
 } from './get_aws_credentials_form_options';
 import { CLOUDBEAT_AWS } from '../../../../common/constants';
 import { AwsCredentialsType } from '../../../../common/types_old';
+import { AWS_CREDENTIALS_TYPE, AWS_SETUP_FORMAT, SetupFormat } from './aws_credentials_form';
 /**
  * Update CloudFormation template and stack name in the Agent Policy
  * based on the selected policy template
  */
 
-export type SetupFormat = 'cloud_formation' | 'manual';
-
 const getSetupFormatFromInput = (
   input: Extract<NewPackagePolicyPostureInput, { type: 'cloudbeat/cis_aws' }>,
   hasCloudFormationTemplate: boolean
 ): SetupFormat => {
   const credentialsType = getAwsCredentialsType(input);
   // CloudFormation is the default setup format if the integration has a CloudFormation template
   if (!credentialsType && hasCloudFormationTemplate) {
-    return 'cloud_formation';
+    return AWS_SETUP_FORMAT.CLOUD_FORMATION;
   }
-  if (credentialsType !== 'cloud_formation') {
-    return 'manual';
+  if (credentialsType !== AWS_CREDENTIALS_TYPE.CLOUD_FORMATION) {
+    return AWS_SETUP_FORMAT.MANUAL;
   }
 
-  return 'cloud_formation';
+  return AWS_SETUP_FORMAT.CLOUD_FORMATION;
 };
 
 export const useAwsCredentialsForm = ({
@@ -60,7 +59,7 @@ export const useAwsCredentialsForm = ({
   updatePolicy: (updatedPolicy: NewPackagePolicy) => void;
 }) => {
   // We only have a value for 'aws.credentials.type' once the form has mounted.
-  // On initial render we don't have that value so we fallback to the default option.
+  // On initial render we don't have that value, so we fall back to the default option.
   const awsCredentialsType: AwsCredentialsType =
     getAwsCredentialsType(input) || DEFAULT_MANUAL_AWS_CREDENTIALS_TYPE;
 
@@ -76,7 +75,8 @@ export const useAwsCredentialsForm = ({
   const lastManualCredentialsType = useRef<string | undefined>(undefined);
 
   useEffect(() => {
-    const isInvalid = setupFormat === 'cloud_formation' && !hasCloudFormationTemplate;
+    const isInvalid =
+      setupFormat === AWS_SETUP_FORMAT.CLOUD_FORMATION && !hasCloudFormationTemplate;
 
     setIsValid(!isInvalid);
 
@@ -97,7 +97,7 @@ export const useAwsCredentialsForm = ({
   });
 
   const onSetupFormatChange = (newSetupFormat: SetupFormat) => {
-    if (newSetupFormat === 'cloud_formation') {
+    if (newSetupFormat === AWS_SETUP_FORMAT.CLOUD_FORMATION) {
       // We need to store the current manual fields to restore them later
       fieldsSnapshot.current = Object.fromEntries(
         fields.map((field) => [field.id, { value: field.value }])
@@ -108,7 +108,7 @@ export const useAwsCredentialsForm = ({
       updatePolicy(
         getPosturePolicy(newPolicy, input.type, {
           'aws.credentials.type': {
-            value: 'cloud_formation',
+            value: AWS_CREDENTIALS_TYPE.CLOUD_FORMATION,
             type: 'text',
           },
           // Clearing fields from previous setup format to prevent exposing credentials
@@ -182,7 +182,7 @@ const useCloudFormationTemplate = ({
   useEffect(() => {
     const policyInputCloudFormationTemplate = getAwsCloudFormationTemplate(newPolicy);
 
-    if (setupFormat === 'manual') {
+    if (setupFormat === AWS_SETUP_FORMAT.MANUAL) {
       if (!!policyInputCloudFormationTemplate) {
         updateCloudFormationPolicyTemplate(newPolicy, updatePolicy, undefined);
       }

diff --git a/...ture/public/components/fleet_extensions/azure_credentials_form/azure_credentials_form.tsx b/...ture/public/components/fleet_extensions/azure_credentials_form/azure_credentials_form.tsx
@@ -6,16 +6,16 @@
  */
 import React, { useEffect } from 'react';
 import {
+  EuiCallOut,
+  EuiFieldPassword,
+  EuiFieldText,
+  EuiFormRow,
+  EuiHorizontalRule,
   EuiLink,
+  EuiSelect,
   EuiSpacer,
   EuiText,
   EuiTitle,
-  EuiCallOut,
-  EuiHorizontalRule,
-  EuiFormRow,
-  EuiSelect,
-  EuiFieldPassword,
-  EuiFieldText,
 } from '@elastic/eui';
 import type { NewPackagePolicy } from '@kbn/fleet-plugin/public';
 import { NewPackagePolicyInput, PackageInfo } from '@kbn/fleet-plugin/common';
@@ -30,7 +30,7 @@ import {
   getAzureCredentialsFormManualOptions,
 } from './get_azure_credentials_form_options';
 import { AzureCredentialsType } from '../../../../common/types_old';
-import { SetupFormat, useAzureCredentialsForm } from './hooks';
+import { useAzureCredentialsForm } from './hooks';
 import { getPosturePolicy, NewPackagePolicyPostureInput } from '../utils';
 import { CspRadioOption, RadioGroup } from '../csp_boxed_radio_group';
 import { CIS_AZURE_SETUP_FORMAT_TEST_SUBJECTS } from '../../test_subjects';
@@ -39,8 +39,22 @@ interface AzureSetupInfoContentProps {
   integrationLink: string;
 }
 
-export const AZURE_ARM_TEMPLATE_CREDENTIAL_TYPE = 'arm_template';
-export const AZURE_MANUAL_CREDENTIAL_TYPE = 'manual';
+export type SetupFormat = typeof AZURE_SETUP_FORMAT.ARM_TEMPLATE | typeof AZURE_SETUP_FORMAT.MANUAL;
+
+export const AZURE_SETUP_FORMAT = {
+  ARM_TEMPLATE: 'arm_template',
+  MANUAL: 'manual',
+};
+
+export const AZURE_CREDENTIALS_TYPE = {
+  ARM_TEMPLATE: 'arm_template',
+  MANUAL: 'manual',
+  SERVICE_PRINCIPAL_WITH_CLIENT_SECRET: 'service_principal_with_client_secret',
+  SERVICE_PRINCIPAL_WITH_CLIENT_CERTIFICATE: 'service_principal_with_client_certificate',
+  SERVICE_PRINCIPAL_WITH_CLIENT_USERNAME_AND_PASSWORD:
+    'service_principal_with_client_username_and_password',
+  MANAGED_IDENTITY: 'managed_identity',
+} as const;
 
 export const AzureSetupInfoContent = ({ integrationLink }: AzureSetupInfoContentProps) => {
   return (
@@ -77,12 +91,12 @@ export const AzureSetupInfoContent = ({ integrationLink }: AzureSetupInfoContent
 
 const getSetupFormatOptions = (): CspRadioOption[] => [
   {
-    id: AZURE_ARM_TEMPLATE_CREDENTIAL_TYPE,
+    id: AZURE_SETUP_FORMAT.ARM_TEMPLATE,
     label: 'ARM Template',
     testId: CIS_AZURE_SETUP_FORMAT_TEST_SUBJECTS.ARM_TEMPLATE,
   },
   {
-    id: AZURE_MANUAL_CREDENTIAL_TYPE,
+    id: AZURE_SETUP_FORMAT.MANUAL,
     label: i18n.translate('xpack.csp.azureIntegration.setupFormatOptions.manual', {
       defaultMessage: 'Manual',
     }),
@@ -315,7 +329,7 @@ export const AzureCredentialsForm = ({
 
   useEffect(() => {
     if (!setupFormat) {
-      onSetupFormatChange(AZURE_ARM_TEMPLATE_CREDENTIAL_TYPE);
+      onSetupFormatChange(AZURE_SETUP_FORMAT.ARM_TEMPLATE);
     }
   }, [setupFormat, onSetupFormatChange]);
 
@@ -368,13 +382,13 @@ export const AzureCredentialsForm = ({
         }
       />
       <EuiSpacer size="l" />
-      {setupFormat === AZURE_ARM_TEMPLATE_CREDENTIAL_TYPE && (
+      {setupFormat === AZURE_SETUP_FORMAT.ARM_TEMPLATE && (
         <ArmTemplateSetup hasArmTemplateUrl={hasArmTemplateUrl} input={input} />
       )}
-      {setupFormat === AZURE_MANUAL_CREDENTIAL_TYPE && !isPackageVersionValidForManualFields && (
+      {setupFormat === AZURE_SETUP_FORMAT.MANUAL && !isPackageVersionValidForManualFields && (
         <TemporaryManualSetup integrationLink={integrationLink} />
       )}
-      {setupFormat === AZURE_MANUAL_CREDENTIAL_TYPE && isPackageVersionValidForManualFields && (
+      {setupFormat === AZURE_SETUP_FORMAT.MANUAL && isPackageVersionValidForManualFields && (
         <>
           <AzureCredentialTypeSelector
             type={azureCredentialsType}

diff --git a/...c/components/fleet_extensions/azure_credentials_form/azure_credentials_form_agentless.tsx b/...c/components/fleet_extensions/azure_credentials_form/azure_credentials_form_agentless.tsx
@@ -17,6 +17,7 @@ import {
   AzureSetupInfoContent,
   AzureInputVarFields,
   ARM_TEMPLATE_EXTERNAL_DOC_URL,
+  AZURE_CREDENTIALS_TYPE,
 } from './azure_credentials_form';
 import { getPosturePolicy } from '../utils';
 import {
@@ -31,7 +32,7 @@ export const AzureCredentialsFormAgentless = ({
 }: AzureCredentialsFormProps) => {
   const integrationLink = cspIntegrationDocsNavigation.cspm.getStartedPath;
   const options = getAzureCredentialsFormOptions();
-  const group = options.service_principal_with_client_secret;
+  const group = options[AZURE_CREDENTIALS_TYPE.SERVICE_PRINCIPAL_WITH_CLIENT_SECRET];
   const fields = getInputVarsFields(input, group.fields);
 
   return (