feat(integrations): first-class AWS and Slack integrations with org-wide prowler scanning#286
Closed
feat(integrations): first-class AWS and Slack integrations with org-wide prowler scanning#286
Conversation
…edesigned UI Add comprehensive integrations module with AWS and Slack as first-class providers, including a redesigned frontend, new backend services, worker components, and sample CSPM workflows. Backend: - Expand integration_tokens schema with org-scoped fields, health tracking, credential types (api_key, iam_role, webhook, oauth), and display names - Add @InternalOnly() guard for internal-only endpoints (X-Internal-Token) - Add AwsService (STS AssumeRole, Organizations discovery) and SlackService (webhook messaging, OAuth token exchange) - Add integration catalog with static provider definitions and setup instructions - Add SetupTokenService and ExternalIdGenerator for secure onboarding flows - Expand controller with catalog, org-connections, AWS/Slack creation, validation, credential resolution, and org-discovery endpoints - Enforce @CurrentAuth() on all user-facing routes (D16) - Add assertConnectionOwnership for org-bound authorization (D18) Frontend: - Redesign IntegrationsManager as provider card grid with connection counts - Add IntegrationDetailPage with setup instructions, connection table, and provider-specific forms (AWS access key/IAM role, Slack webhook/OAuth) - Update integrationStore with org-scoped connections, merge-and-dedup (D17), catalog fetching, and provider-specific create/validate/test actions - Update API service with direct fetch calls for new endpoints - Update ParameterField to use merged connections for workflow selectors Worker: - Add integration-credential-resolver component (resolves creds via internal API) - Add aws-org-discovery component (lists AWS Organization accounts) - Add aws-assume-role component (STS AssumeRole for cross-account scanning) Sample workflows: - AWS CSPM Org Account Discovery (resolve creds → discover accounts) - AWS CSPM Prowler to Analytics (resolve creds → Prowler scan → Analytics Sink) Signed-off-by: Aseem Shrey <LuD1161@users.noreply.github.com>
…ion cards - Fix OAuth callback spinner stuck in React 18 strict mode by removing the cancelled cleanup pattern (exchangeStartedRef is sufficient) - Remove userId from completeOAuthSession input; derive from state record since the exchange endpoint is @public() - Add Slack auth.test validation for OAuth connections and fix valid->ok field mapping in testSlackConnection controller - Add team:read scope and team.info API to fetch workspace icons - Enrich connection metadata with workspace icon during OAuth and on test/validate (best-effort backfill for existing connections) - Redesign connection cards with workspace icon/initials, green health badge, scope count, and hover effects - Add dashed "Add Connection" card to the connections grid - Fix toast text: "connection is healthy" instead of "message sent" Signed-off-by: Aseem Shrey <LuD1161@users.noreply.github.com>
- Add team:read to default Slack OAuth scopes in .env.example and integrations.md - Include integration docs, core component docs, and README updates Signed-off-by: Aseem Shrey <LuD1161@users.noreply.github.com>
Add a new sample workflow JSON that chains AWS credential resolution, Prowler security scan, and Slack notification via webhook. The Slack message includes a formatted summary with finding counts by severity. Signed-off-by: Aseem Shrey <LuD1161@users.noreply.github.com>
Refactor prowler-scan with shared utilities, improve slack notification formatting, enhance AWS assume-role and org-discovery with integration credential resolver support, update opensearch indexer, and improve frontend workflow parameter handling and integration detail page. Signed-off-by: Aseem Shrey <LuD1161@users.noreply.github.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Changes
AwsService,SlackService,SetupTokenService,IntegrationCatalog, expanded integrations controller/service/repository, DB migration for token fieldsIntegrationDetailPage, redesignedIntegrationsManager, updatedParameterField(toggle support),IntegrationCallbackimprovements, expanded API client and Zustand storeaws-assume-role,aws-org-discovery,integration-credential-resolvercomponents; refactoredprowler-scanwithprowler-sharedutilities; enhancedslacknotifications; updatedopensearch-indexertoggletoComponentParameterType,process/cloud/coretoComponentCategoryTest plan