Merge pull request #51 from saitejaopsmx/2024-08

Config Changes of August

charts/ssd/config/dgraph/schema.graphql

@@ -628,11 +628,21 @@ type ArtifactScanData {
     vulnNoneCount: Int @search
     vulnTotalCount: Int @search
     scanFile: [ScanFileResult!]
-    riskStatus: RiskStatus @search(by: [exact, regexp])
+    artifactRisk: ArtifactRisk @hasInverse(field: artifactScanResult)
     artifactRunHistory: [RunHistory!] @hasInverse(field: artifactScan)
     artifactTags: [KeyValue!]
 }
 
+type ArtifactRisk {
+    id: ID!
+    sourceCodeAlertsScore: Int
+    buildAlertsScore: Int
+    artifactAlertsScore: Int
+    deploymentAlertsScore: Int
+    artifactRiskStatus: RiskStatus @search(by: [exact,regexp])
+    artifactScanResult: ArtifactScanData! @hasInverse(field: artifactRisk)
+}
+
 type ScanFileResult {
     id: ID!
     name: String! @search(by: [exact, regexp])

charts/ssd/config/ssd-gate/services-config.yaml

@@ -24,8 +24,6 @@
 - name: ssd-opa-unauth   # Unauthenticated end-point for web-hook posts, we could add JWT to make it authenticated
   path_prefixes:
   - "/webhook/api/v1/dataCollection"   # Need code-change from Shradha?
-  - "/webhook/api/v1/bundle.tar.gz"    # Can be made JWT Authenticated
-  - "/webhook/logs/api/v1/deploymentFirewallDecisionLogs" # Can be made JWT authenticated
   - "/webhook/api/v1/opaPermission"
   - "/webhook/api/v1/kubescape"
   strip_path: "/webhook"  # Remove /webhook before sending to ssd-opa
@@ -86,11 +84,20 @@
   health_endpoint: "/ui/index.html"
   auth_required: true
 - name: ssd-minio
-  baseUrl: ssd-minio:9000
+  path_prefixes:
+  - "/minio"
+  baseUrl: {{ .Release.Namespace }}-minio:9000
   health_endpoint: ""
-  auth_required: true
+- name: ssd-temporal-web
+  baseUrl: {{ .Release.Namespace }}-temporal-web:8080 #change as per the svc configured during installation (Take care in helm chart)
+  health_endpoint: ""
+  path_prefixes:
+  - "/namespaces/default/workflows"
+  - "/_app"
+  - "/api/v1"
+  - "/favicon.ico"
 {{- if .Values.ssdgate.installDex }}
 - name: ssd-dex
-  baseUrl: ssd-dex:5558
+  baseUrl: {{ .Release.Namespace }}-dex:5558
   health_endpoint: /healthz/ready
 {{- end }}

charts/ssd/config/ssd-ui/help-text.json

@@ -749,7 +749,7 @@
             }
         },
         "VALUE": {
-            "TOOLTIP": "",
+            "TOOLTIP": "Use [Organization], [Team], [ApplicationName] and [Service] variables to create 'Value' string. These variables will be replaced with actual values during Jira Ticket creation.",
             "VALIDATION_MESSAGE": {
                 "required": "Value cannot be empty",
                 "invalidValue": "Value is invalid"

charts/ssd/config/ssd-ui/integrators-config.json

@@ -934,14 +934,15 @@
                     "placeholderText": "Labels",
                     "required": true,
                     "encrypt": false,
-		    "default": "labels",
-		    "disabled": true
+                    "default": "labels",
+                    "disabled": true
                 },
                 "value": {
                     "dataType": "input",
                     "displayName": "Value",
-		    "regexpValue": "^\\S+$",
+                    "regexpValue": "^\\S+$",
                     "helpText": "",
+                    "default": "SSD-{Organization}-{Team}-{ApplicationName}-{Service}",
                     "placeholderText": "SSD-{Organization}-{Team}-{ApplicationName}-{Service}",
                     "required": true,
                     "encrypt": false

charts/ssd/rc-images-values.yaml

@@ -5,32 +5,32 @@ imageCredentials:
 
 ui:
   image:
-    tag: "6cf4c3abf-182"
+    tag: "2aa6356b5-261"
   serviceAnnotations:
     awsAnnotationsGo: HERE
 toolchain:
   image:
-    tag: "56f6c0f-127"
+    tag: "7e8a0e5-174"
   #securityContext:
   #  fsGroup: 1000
   #  runAsUser: 1000
   #  runAsGroup: 1000
 ssdgate:
   image:
     repository: ssd-gate
-    tag: "7688913-90"
+    tag: "0a27f0f-142"
 ssdopa:
   image:
-    tag: "762219b-116"
+    tag: "d91f730-176"
 supplychainpreprocessor:
   image:
-    tag: "09c0b90-105"
+    tag: "83871ce-168"
   #securityContext:
   #  readOnlyRootFilesystem: false
   #  runAsNonRoot: true
 supplychainapi:
   image:
-    tag: "02198c3-1804"
+    tag: "8860e58-1976"
 tokenmachine:
   image:
     tag: "eca0aed-2"

charts/ssd/templates/automation/automation-job.yaml

@@ -24,7 +24,7 @@ spec:
                SCHEMA_CHECK=`curl -X POST -H "Content-Type: application/json" --data-binary "$(cat /tmp/schema/schema.graphql)" $schema_endpoint`
                echo $SCHEMA_CHECK | grep -i Success
                if [ $? -eq 0 ]; then
-                   echo "##############***Sucesfully Updated the Dgraph Schema***########################"
+                   echo "##############***Successfully Updated the Dgraph Schema***########################"
                else
                    echo "##############***Failed to Updated the Dgraph Schema***#########################"
                    exit 1

charts/ssd/templates/rabbitmq/ssd-rabbitmq-deployment.yaml

@@ -3,15 +3,15 @@ kind: Deployment
 metadata:
   labels:
     app: ssd
-    component: rabbitmq
+    component: ssd-rabbitmq
 {{ include "ssd.standard-labels" . | indent 4 }}
   name: rabbitmq
 spec:
   replicas: 1
   selector:
     matchLabels:
       app: ssd
-      component: rabbitmq
+      component: ssd-rabbitmq
   template:
     metadata:
       annotations:
@@ -20,7 +20,7 @@ spec:
 {{- end }}
       labels:
         app: ssd
-        component: rabbitmq
+        component: ssd-rabbitmq
 {{ include "ssd.standard-labels" . | indent 8 }}
     spec:
       containers:

charts/ssd/templates/rabbitmq/ssd-rabbitmq-service.yaml

@@ -3,7 +3,7 @@ kind: Service
 metadata:
   labels:
     app: ssd
-    component: rabbitmq
+    component: ssd-rabbitmq
 {{ include "ssd.standard-labels" . | indent 4 }}
 {{- if .Values.rabbitmq.serviceAnnotations }}
   annotations:
@@ -23,4 +23,4 @@ spec:
     targetPort: 15672
   selector:
     app: ssd
-    component: rabbitmq
+    component: ssd-rabbitmq