Fixes and improvements for Tenant Security page (#2252)
- Tenant securityContext was only being applied to first pool - Fixed style issues on tenant security page to be more consistent - Added missing FsGroupChangePolicy in the SecurityContextSelector component Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
This commit is contained in:
Lenin Alevski
GitHub
@@ -1096,8 +1096,13 @@ func updateTenantSecurity(ctx context.Context, operatorClient OperatorClientI, c
|
||||
|
||||
// set Security Context
|
||||
var newTenantSecurityContext *corev1.PodSecurityContext
|
||||
newTenantSecurityContext, _ = convertModelSCToK8sSC(params.Body.SecurityContext)
|
||||
minInst.Spec.Pools[0].SecurityContext = newTenantSecurityContext
|
||||
newTenantSecurityContext, err = convertModelSCToK8sSC(params.Body.SecurityContext)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for index := range minInst.Spec.Pools {
|
||||
minInst.Spec.Pools[index].SecurityContext = newTenantSecurityContext
|
||||
}
|
||||
|
||||
// Update External Certificates
|
||||
minInst.Spec.ExternalCertSecret = newMinIOExternalCertSecret
|
||||
|
||||
@@ -58,8 +58,10 @@ func convertModelSCToK8sSC(sc *models.SecurityContext) (*corev1.PodSecurityConte
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
FSGroupChangePolicy := corev1.PodFSGroupChangePolicy(sc.FsGroupChangePolicy)
|
||||
|
||||
FSGroupChangePolicy := corev1.PodFSGroupChangePolicy("Always")
|
||||
if sc.FsGroupChangePolicy != "" {
|
||||
FSGroupChangePolicy = corev1.PodFSGroupChangePolicy(sc.FsGroupChangePolicy)
|
||||
}
|
||||
return &corev1.PodSecurityContext{
|
||||
RunAsUser: &runAsUser,
|
||||
RunAsGroup: &runAsGroup,
|
||||
@@ -74,10 +76,10 @@ func convertK8sSCToModelSC(sc *corev1.PodSecurityContext) *models.SecurityContex
|
||||
runAsUser := strconv.FormatInt(*sc.RunAsUser, 10)
|
||||
runAsGroup := strconv.FormatInt(*sc.RunAsGroup, 10)
|
||||
fsGroup := strconv.FormatInt(*sc.FSGroup, 10)
|
||||
fsGroupPolicy := ""
|
||||
fsGroupChangePolicy := "Always"
|
||||
|
||||
if sc.FSGroupChangePolicy != nil {
|
||||
fsGroupPolicy = string(*sc.FSGroupChangePolicy)
|
||||
fsGroupChangePolicy = string(*sc.FSGroupChangePolicy)
|
||||
}
|
||||
|
||||
return &models.SecurityContext{
|
||||
@@ -85,7 +87,7 @@ func convertK8sSCToModelSC(sc *corev1.PodSecurityContext) *models.SecurityContex
|
||||
RunAsGroup: &runAsGroup,
|
||||
RunAsNonRoot: sc.RunAsNonRoot,
|
||||
FsGroup: fsGroup,
|
||||
FsGroupChangePolicy: fsGroupPolicy,
|
||||
FsGroupChangePolicy: fsGroupChangePolicy,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user