@ampsec/platform-client 70.2.0 → 70.3.1

package/src/dto/findings.dto.ts

@@ -94,7 +94,7 @@ export type FindingBucketSummaryDto = z.infer<typeof _FindingBucketSummaryDto>;
 // export type PendingFindingFilter = z.infer<typeof _PendingFindingFilter>;
 
 const _FindingSpecDescription = z.unknown();
-const _FindingSpecInsights = z.object({
+export const _FindingSpecInsights = z.object({
   meta: z
     .object({
       kind: z.nativeEnum(FindingKind),
@@ -116,11 +116,14 @@ const _FindingSpecInsights = z.object({
           $has: z.boolean(),
         })
         .optional(),
+      severity: z.nativeEnum(FindingSeverity).optional(),
       findingCondition: z.record(z.string(), z.union([z.boolean(), z.string(), z.number(), z.undefined()])),
       remediatedCondition: z.record(z.string(), z.union([z.boolean(), z.string(), z.number(), z.undefined()])).optional(),
     })
     .optional(),
 });
+export type FindingSpecInsights = z.infer<typeof _FindingSpecInsights>;
+
 export const _FindingSpecDto = _BaseDto.extend({
   cid: z.string().nullable().optional(),
   name: z.string(),
@@ -135,7 +138,6 @@ export const _FindingSpecDto = _BaseDto.extend({
   score: z.number().optional(),
 });
 
-export type FindingSpecInsights = z.infer<typeof _FindingSpecInsights>;
 export type FindingSpecDto = z.infer<typeof _FindingSpecDto>;
 
 export const _FindingSpecUpsertDto = _FindingSpecDto.partial(UPSERT_DTO_MASK);

package/src/dto/platform/platform.ops.dto.ts

@@ -0,0 +1,22 @@
+import {z} from 'zod';
+
+export const _SuccessOpsRpcResult = z.object({
+  success: z.literal(true),
+  input: z.unknown(),
+  output: z.unknown(),
+});
+export type SuccessOpsRpcResult = z.infer<typeof _SuccessOpsRpcResult>;
+
+export const _FailureOpsRpcResult = z.object({
+  success: z.literal(false),
+  input: z.unknown(),
+  error: z.object({
+    message: z.string(),
+    stack: z.string().optional(),
+    ctx: z.unknown().optional(),
+  }),
+});
+export type FailureOpsRpcResult = z.infer<typeof _FailureOpsRpcResult>;
+
+export const _OpsRpcResult = _SuccessOpsRpcResult.or(_FailureOpsRpcResult);
+export type OpsRpcResult = z.infer<typeof _OpsRpcResult>;

package/src/dto/platform/platform.tenants.dto.ts

@@ -1,5 +1,115 @@
+import {z} from 'zod';
 import {TenantDto, TenantUpsertDto} from '../tenants.dto';
+import {FindingKind, FindingSeverity, FindingStatus, GlobalAssetType, GlobalUserType} from '../enums';
+import {FlowSpecStatusKind} from '../flows.dto';
 
 export type PlatformTenantUpsertDto = TenantUpsertDto;
 
 export type PlatformTenantDto = TenantDto;
+
+// TODO add "missing from" reports to better understand coverage gaps
+
+export const _AssetCountReport = z.object({
+  byType: z.object({assetType: z.nativeEnum(GlobalAssetType), total: z.number()}).array(),
+  // TODO byConnector: z.object({cid: z.string(), active: z.number(), inactive: z.number(), total: z.number()}).array(),
+  byConnector: z.object({cid: z.string(), assetType: z.nativeEnum(GlobalAssetType), total: z.number()}).array(),
+  totalAssets: z.number(),
+  totalSaasAssets: z.number(),
+  totalStagedAssets: z.number(),
+  links: z.object({
+    withUsers: z.number(),
+    withoutUsers: z.number(),
+    withVulns: z.number(),
+    withoutVulns: z.number(),
+    withUserAssignedVulns: z.number(),
+    withOrphanedVulns: z.number(),
+  }),
+});
+export type AssetCountReport = z.infer<typeof _AssetCountReport>;
+
+export const _UserCountReport = z.object({
+  byConnectorStatus: z.object({cid: z.string(), userType: z.nativeEnum(GlobalUserType), total: z.number()}).array(),
+  byType: z.object({userType: z.nativeEnum(GlobalUserType), total: z.number()}).array(),
+  totalUsers: z.number(),
+  totalSaasUsers: z.number(),
+  totalStagedUsers: z.number(),
+  links: z.object({
+    withDevices: z.number(),
+    withoutDevices: z.number(),
+  }),
+});
+export type UserCountReport = z.infer<typeof _UserCountReport>;
+
+export const _SaasCompCountReport = z.object({
+  byConnectorKind: z.object({cid: z.string(), kind: z.string(), total: z.number()}).array(),
+  totalSaasComps: z.number(),
+  totalStagedSaasComps: z.number(),
+  links: z.object({
+    withUsers: z.number(),
+    withoutUsers: z.number(),
+    withDevices: z.number(),
+    withoutDevices: z.number(),
+    orphaned: z.number(),
+  }),
+});
+export type SaasCompCountReport = z.infer<typeof _SaasCompCountReport>;
+
+const _RecentFindingSummaryReport = z.object({
+  openWithUser: z.number(),
+  openWithoutUser: z.number(),
+  closedWithUser: z.number(),
+  closedWithoutUser: z.number(),
+});
+export const _FindingsCountReport = z.object({
+  connectorKindSeverityStatus: z
+    .object({
+      cid: z.string().nullable(),
+      kind: z.union([z.nativeEnum(FindingKind), z.string()]),
+      severity: z.nativeEnum(FindingSeverity),
+      status: z.nativeEnum(FindingStatus),
+      total: z.number(),
+    })
+    .array(),
+  total: _RecentFindingSummaryReport,
+  total90d: _RecentFindingSummaryReport,
+  pending: z.number(),
+  links: z.object({
+    withUsers: z.number(),
+    withoutUsers: z.number(),
+    withDevices: z.number(),
+    withoutDevices: z.number(),
+  }),
+});
+export type FindingsCountReport = z.infer<typeof _FindingsCountReport>;
+
+export const _NotificationsCountReport = z.object({
+  total: z.number(),
+  total7d: z.number(),
+  total30d: z.number(),
+  total90d: z.number(),
+});
+export type NotificationsCountReport = z.infer<typeof _NotificationsCountReport>;
+
+const _FlowStatusSummaryReport = z.object({
+  active: z.number(),
+  closed: z.number(),
+});
+export const _FlowsCountReport = z.object({
+  specsByStatusTrigger: z.object({status: z.nativeEnum(FlowSpecStatusKind), trigger: z.string(), total: z.number()}).array(),
+  statesByBucketStatus: z.object({status: z.string(), bucket: z.union([z.nativeEnum(FindingKind), z.string()]), total: z.number()}).array(),
+  total: _FlowStatusSummaryReport,
+  total7d: _FlowStatusSummaryReport,
+  total30d: _FlowStatusSummaryReport,
+  total90d: _FlowStatusSummaryReport,
+});
+export type FlowsCountReport = z.infer<typeof _FlowsCountReport>;
+
+export const _TenantCountReportDto = z.object({
+  users: _UserCountReport,
+  assets: _AssetCountReport,
+  saasComp: _SaasCompCountReport,
+  findings: _FindingsCountReport,
+  notifications: _NotificationsCountReport,
+  flows: _FlowsCountReport,
+});
+export type TenantCountReportDto = z.infer<typeof _TenantCountReportDto>;

package/src/services/AmpSdk.ts

@@ -35,8 +35,6 @@ import {
   PlatformTokenDto,
   PlatformTokenUpsertDto,
   ProviderDto,
-  TenantDto,
-  TenantUpsertDto,
 } from '../dto';
 import {
   AmpEntityService,
@@ -56,6 +54,7 @@ import {ContentfulService} from './contentful.service';
 import {FindingsInsightsService} from './findingsInsights.service';
 import {PlatformConnectorService} from './connector.platform.service';
 import {PlatformAgentService} from './AgentsService';
+import {TenantsService} from './rest/TenantsService';
 import {FindingsService} from './findings.service';
 
 export type AmpSdkOptions = AmpRestClientOptions;
@@ -97,7 +96,7 @@ export class AmpSdkServices {
   readonly stagedSaaSComponents: TruncatableAmpEntityService<PlatformSaasComponentUpsertDto, PlatformSaasComponentDto>;
   readonly stagedSaaSUsers: TruncatableAmpEntityService<PlatformStagedSaasUserUpsertDto, PlatformStagedSaasUserDto>;
   readonly settings: AmpSdkSettingsService;
-  readonly tenants: AmpSdkTenantService<TenantUpsertDto, TenantDto>;
+  readonly tenants: TenantsService;
   readonly tokens: AmpSdkTenantService<PlatformTokenUpsertDto, PlatformTokenDto>;
   readonly users: AmpSdkUserService;
 
@@ -134,7 +133,7 @@ export class AmpSdkServices {
     this.stagedSaaSUsers = new TruncatableAmpEntityServiceImpl<PlatformStagedSaasUserUpsertDto, PlatformStagedSaasUserDto>(rest, KIND.STAGED_SAAS_USERS, TARGET_API_PLATFORM);
 
     this.settings = new AmpSdkSettingsService(rest);
-    this.tenants = new AmpEntityServiceImpl<TenantUpsertDto, TenantDto>(rest, KIND.TENANTS, TARGET_API_PLATFORM);
+    this.tenants = new TenantsService(rest, TARGET_API_PLATFORM);
     this.tokens = new AmpEntityServiceImpl<PlatformTokenUpsertDto, PlatformTokenDto>(rest, KIND.TOKENS, TARGET_API_PLATFORM);
     this.users = new AmpSdkUserService(rest, TARGET_API_PLATFORM);
   }

package/src/services/rest/TenantsService.ts

@@ -0,0 +1,69 @@
+import {TenantCountReportDto, TenantDto, TenantUpsertDto, _TenantCountReportDto} from '../../dto';
+import {KIND, TargetApi} from '../constants';
+import {AmpEntityServiceImpl} from '../entity.service';
+import {RestClient} from './RestClient';
+import {OpsRpcResult, _OpsRpcResult} from '../../dto/platform/platform.ops.dto';
+
+export class TenantsService extends AmpEntityServiceImpl<TenantUpsertDto, TenantDto> {
+  constructor(rest: RestClient, targetApi: TargetApi = 'api') {
+    super(rest, KIND.TENANTS, targetApi);
+  }
+
+  countReport(tid: string): Promise<TenantCountReportDto> {
+    const url = `/${this.targetApi}/v1/${this.kind}/${tid}/count_report`;
+    return this.rest
+      .call({
+        url,
+        method: 'GET',
+      })
+      .then(res => _TenantCountReportDto.parse(res.data));
+  }
+
+  /**
+   * !!! WARNING !!! 🚨 💀 🚨 💀 🚨 💀 🚨 💀
+   * This method will permanently HARD delete any soft deleted tenant data, including the tenant itsself. There is no UNDO!
+   *
+   * @param tid Tenant id to clean
+   * @returns void
+   * @deprecated do not use this function... unless you REALLY mean it! Note: this is more of a warning than true deprecation.
+   */
+  hardDelete(tid: string): Promise<OpsRpcResult> {
+    const url = `/${this.targetApi}/v1/ops/rpc`;
+    return this.rest
+      .call({
+        url,
+        method: 'POST',
+        data: {
+          op: 'hardDelete',
+          input: {
+            tid,
+          },
+        },
+      })
+      .then(res => _OpsRpcResult.parse(res.data));
+  }
+
+  /**
+   * !!! WARNING !!! 🚨 💀 🚨 💀 🚨 💀 🚨 💀
+   * This method will permanently HARD delete a tenant and associated data. There is no UNDO!
+   *
+   * @param tid Tenant id to delete
+   * @returns void
+   * @deprecated Use truncate instead... unless you REALLY mean it! Note: this is more of a warning than true deprecation.
+   */
+  removeTenant(tid: string): Promise<OpsRpcResult> {
+    const url = `/${this.targetApi}/v1/ops/rpc`;
+    return this.rest
+      .call({
+        url,
+        method: 'POST',
+        data: {
+          op: 'removeTenant',
+          input: {
+            tid,
+          },
+        },
+      })
+      .then(res => _OpsRpcResult.parse(res.data));
+  }
+}