Merge branch 'master' into release-4-5-b

spectrocloud · Dec 2, 2024 · 4e9927c · 4e9927c
2 parents b9db5eb + 8400642
commit 4e9927c
Show file tree

Hide file tree

Showing 173 changed files with 1,887 additions and 6,199 deletions.
diff --git a/.github/workflows/api_format.yaml b/.github/workflows/api_format.yaml
@@ -19,6 +19,8 @@ env:
   ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
   PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
   DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
+  DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
+  DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
 
 jobs:
   backport:

diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml
@@ -23,6 +23,8 @@ env:
   ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
   PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
   DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
+  DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
+  DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
 
 jobs:
   dependabot_build:

diff --git a/.github/workflows/nightly-docker-build.yaml b/.github/workflows/nightly-docker-build.yaml
@@ -15,6 +15,8 @@ env:
   ALGOLIA_INDEX_NAME: "madeup-index"
   PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
   DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
+  DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
+  DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
 
 jobs:
   build:

diff --git a/.github/workflows/post_release.yaml b/.github/workflows/post_release.yaml
@@ -18,6 +18,8 @@ env:
   ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
   PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
   DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
+  DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
+  DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
 
 jobs:
 

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
@@ -22,6 +22,8 @@ env:
   ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
   PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
   DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
+  DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
+  DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
 
 jobs:
   run-ci:

diff --git a/.github/workflows/release-branch-pr.yaml b/.github/workflows/release-branch-pr.yaml
@@ -19,6 +19,8 @@ env:
   GITHUB_BRANCH: ${{ github.ref_name }} 
   PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
   DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
+  DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
+  DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
 
 
 concurrency:

diff --git a/.github/workflows/release-preview.yaml b/.github/workflows/release-preview.yaml
@@ -18,6 +18,8 @@ env:
   ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
   PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
   DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
+  DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
+  DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
 
 
 concurrency:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -7,12 +7,14 @@ on:
   schedule:
     - cron: '0 20 * * 1-5'  # At 12:00 PM PST (8 PM UTC), Monday through Friday
     - cron: '0 5 * * 2-6'  # At 9:00 PM PST (5 AM UTC next day), Monday through Friday
+    - cron: '0 20 * * 6' # At 12:00 PM PST (8 PM UTC next day), Saturday - Due to Security Buletin Publication
+    - cron: '0 20 * * 0' # At 12:00 PM PST (8 PM UTC next day),  Sunday - Due to Security Buletin Publication
   workflow_dispatch:
     inputs:
       useGitHubHostedLargeRunner:
         description: 'Use the GitHub-hosted large runner. Allowed values are true or false. Caution - this results in additional charges to the organization.'
         required: false
-        default: false
+        default: 'false'
 
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -27,6 +29,8 @@ env:
   ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
   PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
   DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
+  DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
+  DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
 
 
 concurrency:

diff --git a/.github/workflows/screenshot_capture.yaml b/.github/workflows/screenshot_capture.yaml
@@ -21,6 +21,8 @@ env:
   ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
   PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
   DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
+  DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
+  DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
 
 
 jobs:

diff --git a/.github/workflows/versions_robot.yaml b/.github/workflows/versions_robot.yaml
@@ -22,7 +22,10 @@ env:
   ALGOLIA_SEARCH_KEY: ${{ secrets.ALGOLIA_SEARCH_KEY }}
   ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
   PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
-  GITHUB_BRANCH: ${{ github.ref_name }} 
+  GITHUB_BRANCH: ${{ github.ref_name }}
+  DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
+  DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }} 
+  DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
 
 jobs:
   run-ci:

diff --git a/.github/workflows/visual-comparison.yaml b/.github/workflows/visual-comparison.yaml
@@ -17,6 +17,8 @@ env:
   ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }}
   HTML_REPORT_URL_PATH: reports/${{ github.head_ref }}/${{ github.run_id }}/${{ github.run_attempt }}
   DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
+  DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }} 
+  DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
 
 
 concurrency:

diff --git a/.gitignore b/.gitignore
@@ -40,6 +40,10 @@ docs/api-content/api-docs/v1/sidebar.*
 docs/api-content/api-docs/edge-v1/*.mdx
 docs/api-content/api-docs/edge-v1/sidebar.*
 
+# Security Bulletins (Autogenerated)
+
+docs/docs-content/security-bulletins/reports/*.md
+
 # Versions Content
 versions.json
 versioned_docs/
@@ -72,6 +76,7 @@ _partials/index.ts
 
 # Ignore statoc/img/packs
 static/img/packs
+static/data/security-bulletins/*
 
 .vale-config/
 vale/styles/spectrocloud/

diff --git a/.prettierignore b/.prettierignore
@@ -13,6 +13,7 @@ docs/api-content/**/*.json
 tsconfig.json
 src/components/IconMapper/dynamicFontAwesomeImports.*
 docs/docs-content/security-bulletins/cve-reports.md
+docs/docs-content/security-bulletins/reports/*.md
 
 # Ignore partials
 _partials/
diff --git a/Makefile b/Makefile
@@ -32,7 +32,7 @@ initialize: ## Initialize the repository dependencies
 	npx husky-init
 	vale sync
 
-clean: ## Clean common artifacts
+clean: clean-security ## Clean common artifacts
 	npm run clear && npm run clean-api-docs
 	rm -rfv build
 
@@ -56,6 +56,10 @@ clean-packs: ## Clean supplemental packs and pack images
 	rm -rf .docusaurus/packs-integrations/api_pack_response.json
 	rm -rf .docusaurus/packs-integrations/api_repositories_response.json
 
+clean-security: ## Clean security bulletins
+	rm -rf .docusaurus/security-bulletins/default/*.json
+	rm -rfv docs/docs-content/security-bulletins/reports/*.md 
+
 clean-api: ## Clean API docs
 	@echo "cleaning api docs"
 	npm run clean-api-docs
@@ -80,6 +84,7 @@ init: ## Initialize npm dependencies
 
 start: ## Start a local development server
 	make generate-partials
+	npm run cves
 	npm run start
 
 start-cached-packs: ## Start a local development server with cached packs retry.

diff --git a/README.md b/README.md
@@ -775,6 +775,28 @@ Below is an example of how to use the component when the URLs are different:
   /> page to learn more about system administrator roles.
 ```
 
+## Security Bulletins
+
+The security bulletins are auto-generated upon server start or the build process. The bulletins are generated by
+querying an internal Spectro Cloud API. The bulletins are displayed in the security bulletins page
+`https://docs.spectrocloud.com/security-bulletins/reports/`.
+
+The logic for generated the security bulletins is located in the [cves folder](./utils/cves/index.js). The script is
+invoked before a build or a local development server start. The script will fetch the security bulletins and store the
+data in the `.docusaurus/security-bulletins/default/` folder. The data is stored in the `data.json` file.
+
+The script will also generate each markdown file for each security bulletin. The markdown files are stored in the
+`/security-bulletins/reports/` folder.
+
+### Disable Security Bulletins
+
+To disable the security bulletins, you can set the environment variable `DISABLE_SECURITY_INTEGRATIONS` to `true`. This
+will stop the pre-build script from fetching the security bulletins.
+
+```shell
+export DISABLE_SECURITY_INTEGRATIONS=true
+```
+
 ## Packs Component
 
 The packs component is a custom component that displays all packs available in Palette SaaS by querying the Palette API

diff --git a/_partials/_create-tenant-api-key.mdx b/_partials/_create-tenant-api-key.mdx
@@ -3,13 +3,13 @@ partial_category: palette-setup
 partial_name: create-tenant-api-key
 ---
 
-1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin.
+1. Log in to [Palette](https://console.spectrocloud.com).
 
-2. Switch to the **Tenant Admin** scope
+2. Click on the **drop-down Menu** at the top of the page and switch to the **Tenant Admin** scope.
 
 3. Navigate to the left **Main Menu** and select **Tenant Settings**.
 
-4. From the **Tenant Settings Menu**, select **API Keys**.
+4. From the **Tenant Settings Menu**, click on **Security** and select **API Keys**.
 
 5. Click on **Add New API key**.
 

diff --git a/babel.config.js b/babel.config.js
diff --git a/docs/docs-content/getting-started/aws/aws.md b/docs/docs-content/getting-started/aws/aws.md
@@ -22,6 +22,8 @@ introducing you with Palette workflows and capabilities.
 In this section, you learn how to create a cluster profile. Then, you deploy a cluster to AWS by using Palette. Once
 your cluster is deployed, you can update it using cluster profile updates.
 
+<!-- vale off -->
+
 <SimpleCardGrid
   cards={[
     {

diff --git a/docs/docs-content/getting-started/aws/create-cluster-profile.md b/docs/docs-content/getting-started/aws/create-cluster-profile.md
@@ -44,24 +44,25 @@ In the **Basic Information** section, assign the name **aws-profile**, a brief p
 defaults to **1.0.0**. Click on **Next**.
 
 **Cloud Type** allows you to choose the infrastructure provider with which this cluster profile is associated. Select
-**AWS** and click on **Next**.
+**AWS IaaS** and click on **Next**.
 
 The **Profile Layers** step is where you specify the packs that compose the profile. There are four required
 infrastructure packs and several optional add-on packs you can choose from. Every pack requires you to select the **Pack
 Type**, **Registry**, and **Pack Name**.
 
-For this tutorial, use the following packs:
+For this tutorial, use the following packs. If there are differences between the latest version of a pack and the
+version you select, a YAML editor will open. Click **Confirm Changes** to proceed.
 
-| Pack Name      | Version | Layer            |
-| -------------- | ------- | ---------------- |
-| ubuntu-aws LTS | 22.4.x  | Operating System |
-| Kubernetes     | 1.29.x  | Kubernetes       |
-| cni-calico     | 3.27.x  | Network          |
-| csi-aws-ebs    | 1.26.x  | Storage          |
+| Pack Name                   | Version | Registry    | Layer            |
+| --------------------------- | ------- | ----------- | ---------------- |
+| Ubuntu                      | 22.4.x  | Public Repo | Operating System |
+| Palette eXtended Kubernetes | 1.29.x  | Public Repo | Kubernetes       |
+| Calico                      | 3.27.x  | Public Repo | Network          |
+| Amazon EBS CSI              | 1.26.x  | Public Repo | Storage          |
 
-As you fill out the information for each layer, click on **Next** to proceed to the next layer.
+As you select each layer, click on **Next Layer** to proceed to the next one.
 
-Click on **Confirm** after you have completed filling out all the core layers.
+Click on **Confirm** and then **Next** after you have completed selecting all the core layers.
 
 ![A view of the cluster profile stack](/getting-started/aws/getting-started_create-cluster-profile_clusters_parameters.webp)
 
@@ -101,7 +102,7 @@ Select the **Enable Hello Universe API** preset. The pack manifest changes accor
 The pack requires two values to be replaced for the authorization token and for the database password when using this
 preset. Replace these values with your own base64 encoded values. The
 [_hello-universe_](https://github.com/spectrocloud/hello-universe?tab=readme-ov-file#single-load-balancer) repository
-provides a token that you can use.
+provides an unencoded token that you can use.
 
 Click on **Confirm Updates**. The manifest editor closes.
 

diff --git a/docs/docs-content/getting-started/aws/deploy-k8s-cluster.md b/docs/docs-content/getting-started/aws/deploy-k8s-cluster.md
@@ -145,6 +145,13 @@ application with a frontend, API server, and Postgres database.
 
 Use the following steps to remove all the resources you created for the tutorial.
 
+:::tip
+
+If you plan to explore the [Deploy Cluster Profile Updates](./update-k8s-cluster.md) tutorial, do not delete your
+cluster, as it is a prerequisite for the tutorial.
+
+:::
+
 To remove the cluster, navigate to the left **Main Menu** and click on **Clusters**. Select the cluster you want to
 delete to access its details page.
 

diff --git a/docs/docs-content/getting-started/aws/deploy-manage-k8s-cluster-tf.md b/docs/docs-content/getting-started/aws/deploy-manage-k8s-cluster-tf.md
@@ -373,7 +373,19 @@ resource "spectrocloud_cluster_aws" "aws-cluster" {
 ## Terraform Tests
 
 Before starting the cluster deployment, test the Terraform code to ensure the resources will be provisioned correctly.
-Issue the following command in your terminal.
+
+Issue the following command in your terminal to initialize Terraform. The `init` command initializes the working
+directory that contains the Terraform files.
+
+```shell
+terraform init
+```
+
+```text hideClipboard
+Terraform has been successfully initialized!
+```
+
+Next, issue the `terraform test` command to start the tests.
 
 ```bash
 terraform test
@@ -428,8 +440,10 @@ the control plane or worker node pools as needed.
 
 :::warning
 
-Ensure that the SSH key pair specified in `aws-key-pair-name` is available in the same region specified by `aws-region`.
-For example, if `aws-region` is set to `us-east-1`, use the name of a key pair that exists in the `us-east-1` region.
+Note that `aws-cloud-account-name` must be replaced with the name of the AWS cloud account registered in Palette.
+Additionally, ensure that the SSH key pair specified in `aws-key-pair-name` is available in the same region specified by
+`aws-region`. For example, if `aws-region` is set to `us-east-1`, use the name of a key pair that exists in the
+`us-east-1` region.
 
 :::
 
@@ -472,17 +486,6 @@ environment variable. This step allows the Terraform code to authenticate with t
 export SPECTROCLOUD_APIKEY=<Your-Spectro-Cloud-API-key>
 ```
 
-Next, issue the following command to initialize Terraform. The `init` command initializes the working directory that
-contains the Terraform files.
-
-```shell
-terraform init
-```
-
-```text hideClipboard
-Terraform has been successfully initialized!
-```
-
 :::warning
 
 Before deploying the resources, ensure that there are no active clusters named `aws-cluster` or cluster profiles named

diff --git a/docs/docs-content/getting-started/aws/scale-secure-cluster.md b/docs/docs-content/getting-started/aws/scale-secure-cluster.md
@@ -106,12 +106,11 @@ are only visible in the **Default** project. Therefore, you will need to create
 Navigate to the left **Main Menu** and click on **Profiles**. Click on **Import Cluster Profile**. The **Import Cluster
 Profile** pane opens.
 
-Paste the following in the text editor. Click on **Validate**. The **Select repositories** dialog appears.
+Paste the following in the text editor. Click on **Validate**.
 
 <PartialsComponent category="getting-started" name="import-hello-uni-aws" />
 
-Click on **Confirm**. Then, click on **Confirm** on the **Import Cluster Profile** pane. Palette creates a new cluster
-profile named **aws-profile**.
+Click on **Confirm**. Palette creates a new cluster profile named **aws-profile**.
 
 On the **Profiles** list, select **Project** from the **Contexts** drop-down. Your newly created cluster profile
 displays. The Palette UI confirms that the cluster profile was created in the scope of the

diff --git a/docs/docs-content/getting-started/aws/update-k8s-cluster.md b/docs/docs-content/getting-started/aws/update-k8s-cluster.md
@@ -149,6 +149,7 @@ This file enables you and other users to issue kubectl commands against the host
 ![Image that the kubeconfig file](/getting-started/aws/getting-started_update-k8s-cluster_download-kubeconfig.webp)
 
 Open a terminal window and set the environment variable `KUBECONFIG` to point to the kubeconfig file you downloaded.
+Issue the following command, replacing `~/Downloads/admin.aws-cluster.kubeconfig` with the path to your kubeconfig file.
 
 ```shell
 export KUBECONFIG=~/Downloads/admin.aws-cluster.kubeconfig

diff --git a/docs/docs-content/getting-started/azure/azure.md b/docs/docs-content/getting-started/azure/azure.md
@@ -22,6 +22,8 @@ approach, while introducing you with Palette workflows and capabilities.
 In this section, you learn how to create a cluster profile. Then, you deploy a cluster to Azure by using Palette. Once
 your cluster is deployed, you can update it using cluster profile updates.
 
+<!-- vale off -->
+
 <SimpleCardGrid
   cards={[
     {