mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added FSGroupChangePolicy support to create tenant screen (#2233)

Browse Source 
Signed-off-by: Benjamin Perez <benjamin@bexsoft.net>

Signed-off-by: Benjamin Perez <benjamin@bexsoft.net>
Co-authored-by: Benjamin Perez <benjamin@bexsoft.net>
This commit is contained in:
Alex
2022-08-10 13:28:15 -05:00
committed by GitHub
parent 25c1c854b1
commit 1e1c11b13c
11 changed files with 197 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
operatorapi/tenants_helper.go
View File

@@ -58,11 +58,14 @@ func convertModelSCToK8sSC(sc *models.SecurityContext) (*corev1.PodSecurityConte
if err != nil {
return nil, err
}
FSGroupChangePolicy := corev1.PodFSGroupChangePolicy(sc.FsGroupChangePolicy)
return &corev1.PodSecurityContext{
RunAsUser: &runAsUser,
RunAsGroup: &runAsGroup,
RunAsNonRoot: sc.RunAsNonRoot,
FSGroup: &fsGroup,
RunAsUser: &runAsUser,
RunAsGroup: &runAsGroup,
RunAsNonRoot: sc.RunAsNonRoot,
FSGroup: &fsGroup,
FSGroupChangePolicy: &FSGroupChangePolicy,
}, nil
}
@@ -71,11 +74,18 @@ func convertK8sSCToModelSC(sc *corev1.PodSecurityContext) *models.SecurityContex
runAsUser := strconv.FormatInt(*sc.RunAsUser, 10)
runAsGroup := strconv.FormatInt(*sc.RunAsGroup, 10)
fsGroup := strconv.FormatInt(*sc.FSGroup, 10)
fsGroupPolicy := ""
if sc.FSGroupChangePolicy != nil {
fsGroupPolicy = string(*sc.FSGroupChangePolicy)
}
return &models.SecurityContext{
RunAsUser: &runAsUser,
RunAsGroup: &runAsGroup,
RunAsNonRoot: sc.RunAsNonRoot,
FsGroup: fsGroup,
RunAsUser: &runAsUser,
RunAsGroup: &runAsGroup,
RunAsNonRoot: sc.RunAsNonRoot,
FsGroup: fsGroup,
FsGroupChangePolicy: fsGroupPolicy,
}
}

64
portal-ui/src/screens/Console/Tenants/AddTenant/Steps/ConfigLogSearch.tsx
View File

@@ -400,6 +400,13 @@ const ConfigLogSearch = ({ classes }: IConfigureProps) => {
min="0"
/>
</div>
</div>
</Grid>
<br />
<Grid item xs={12}>
<div
className={`${classes.multiContainer} ${classes.responsiveSectionItem}`}
>
<div className={classes.configSectionItem}>
<InputBoxWrapper
type="number"
@@ -422,6 +429,30 @@ const ConfigLogSearch = ({ classes }: IConfigureProps) => {
min="0"
/>
</div>
<div className={classes.configSectionItem}>
<SelectWrapper
label="FsGroupChangePolicy"
id="securityContext_fsGroupChangePolicy"
name="securityContext_fsGroupChangePolicy"
value={logSearchSecurityContext.fsGroupChangePolicy}
onChange={(e: SelectChangeEvent<string>) => {
updateField("logSearchSecurityContext", {
...logSearchSecurityContext,
fsGroupChangePolicy: e.target.value,
});
}}
options={[
{
label: "Always",
value: "Always",
},
{
label: "OnRootMismatch",
value: "OnRootMismatch",
},
]}
/>
</div>
</div>
</Grid>
<br />
@@ -500,6 +531,13 @@ const ConfigLogSearch = ({ classes }: IConfigureProps) => {
min="0"
/>
</div>
</div>
</Grid>
<br />
<Grid item xs={12}>
<div
className={`${classes.multiContainer} ${classes.responsiveSectionItem}`}
>
<div className={classes.configSectionItem}>
<InputBoxWrapper
type="number"
@@ -522,6 +560,32 @@ const ConfigLogSearch = ({ classes }: IConfigureProps) => {
min="0"
/>
</div>
<div className={classes.configSectionItem}>
<SelectWrapper
label="FsGroupChangePolicy"
id="securityContext_fsGroupChangePolicy"
name="securityContext_fsGroupChangePolicy"
value={
logSearchPostgresSecurityContext.fsGroupChangePolicy
}
onChange={(e: SelectChangeEvent<string>) => {
updateField("logSearchPostgresSecurityContext", {
...logSearchPostgresSecurityContext,
fsGroupChangePolicy: e.target.value,
});
}}
options={[
{
label: "Always",
value: "Always",
},
{
label: "OnRootMismatch",
value: "OnRootMismatch",
},
]}
/>
</div>
</div>
</Grid>
<br />

32
portal-ui/src/screens/Console/Tenants/AddTenant/Steps/ConfigPrometheus.tsx
View File

@@ -368,6 +368,13 @@ const ConfigPrometheus = ({ classes }: IConfigureProps) => {
min="0"
/>
</div>
</div>
</Grid>
<br />
<Grid item xs={12} className={classes.configSectionItem}>
<div
className={`${classes.multiContainer} ${classes.responsiveSectionItem}`}
>
<div className={classes.configSectionItem}>
<InputBoxWrapper
type="number"
@@ -391,8 +398,33 @@ const ConfigPrometheus = ({ classes }: IConfigureProps) => {
min="0"
/>
</div>
<div className={classes.configSectionItem}>
<SelectWrapper
label="FsGroupChangePolicy"
id="securityContext_fsGroupChangePolicy"
name="securityContext_fsGroupChangePolicy"
value={prometheusSecurityContext.fsGroupChangePolicy}
onChange={(e: SelectChangeEvent<string>) => {
updateField("prometheusSecurityContext", {
...prometheusSecurityContext,
fsGroupChangePolicy: e.target.value,
});
}}
options={[
{
label: "Always",
value: "Always",
},
{
label: "OnRootMismatch",
value: "OnRootMismatch",
},
]}
/>
</div>
</div>
</Grid>
<br />
<Grid item xs={12} className={classes.configSectionItem}>
<div
className={`${classes.multiContainer} ${classes.fieldSpaceTop}`}

36
portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Configure.tsx
View File

@@ -19,7 +19,7 @@ import { useSelector } from "react-redux";
import { Theme } from "@mui/material/styles";
import createStyles from "@mui/styles/createStyles";
import withStyles from "@mui/styles/withStyles";
import { Grid, IconButton, Paper } from "@mui/material";
import { Grid, IconButton, Paper, SelectChangeEvent } from "@mui/material";
import {
createTenantCommon,
modalBasic,
@@ -42,6 +42,7 @@ import {
removeMinIODomain,
updateAddField,
} from "../createTenantSlice";
import SelectWrapper from "../../../Common/FormComponents/SelectWrapper/SelectWrapper";
interface IConfigureProps {
classes: any;
@@ -438,6 +439,13 @@ const Configure = ({ classes }: IConfigureProps) => {
min="0"
/>
</div>
</div>
</Grid>
<br />
<Grid item xs={12} className={`${classes.configSectionItem}`}>
<div
className={`${classes.multiContainer} ${classes.responsiveSectionItem}`}
>
<div className={classes.containerItem}>
<InputBoxWrapper
type="number"
@@ -459,6 +467,32 @@ const Configure = ({ classes }: IConfigureProps) => {
min="0"
/>
</div>
<div className={classes.containerItem}>
<div className={classes.configSectionItem}>
<SelectWrapper
label="FsGroupChangePolicy"
id="securityContext_fsGroupChangePolicy"
name="securityContext_fsGroupChangePolicy"
value={tenantSecurityContext.fsGroupChangePolicy}
onChange={(e: SelectChangeEvent<string>) => {
updateField("tenantSecurityContext", {
...tenantSecurityContext,
fsGroupChangePolicy: e.target.value,
});
}}
options={[
{
label: "Always",
value: "Always",
},
{
label: "OnRootMismatch",
value: "OnRootMismatch",
},
]}
/>
</div>
</div>
</div>
</Grid>
<br />

36
portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption.tsx
View File

@@ -19,7 +19,7 @@ import { useSelector } from "react-redux";
import { Theme } from "@mui/material/styles";
import createStyles from "@mui/styles/createStyles";
import withStyles from "@mui/styles/withStyles";
import { Paper } from "@mui/material";
import { Paper, SelectChangeEvent } from "@mui/material";
import Grid from "@mui/material/Grid";
import {
@@ -50,6 +50,7 @@ import AzureKMSAdd from "./Encryption/AzureKMSAdd";
import GCPKMSAdd from "./Encryption/GCPKMSAdd";
import GemaltoKMSAdd from "./Encryption/GemaltoKMSAdd";
import AWSKMSAdd from "./Encryption/AWSKMSAdd";
import SelectWrapper from "../../../Common/FormComponents/SelectWrapper/SelectWrapper";
interface IEncryptionProps {
classes: any;
@@ -525,6 +526,13 @@ const Encryption = ({ classes }: IEncryptionProps) => {
min="0"
/>
</div>
</div>
</Grid>
<br />
<Grid item xs={12} className={classes.kesSecurityContext}>
<div
className={`${classes.multiContainer} ${classes.responsiveContainer}`}
>
<div
className={`${classes.formFieldRow} ${classes.rightSpacer}`}
>
@@ -548,6 +556,32 @@ const Encryption = ({ classes }: IEncryptionProps) => {
min="0"
/>
</div>
<div
className={`${classes.formFieldRow} ${classes.rightSpacer}`}
>
<SelectWrapper
label="FsGroupChangePolicy"
id="securityContext_fsGroupChangePolicy"
name="securityContext_fsGroupChangePolicy"
value={kesSecurityContext.fsGroupChangePolicy}
onChange={(e: SelectChangeEvent<string>) => {
updateField("kesSecurityContext", {
...kesSecurityContext,
fsGroupChangePolicy: e.target.value,
});
}}
options={[
{
label: "Always",
value: "Always",
},
{
label: "OnRootMismatch",
value: "OnRootMismatch",
},
]}
/>
</div>
</div>
</Grid>
<br />

5
portal-ui/src/screens/Console/Tenants/AddTenant/createTenantSlice.ts
View File

@@ -125,24 +125,28 @@ const initialState: ICreateTenant = {
runAsUser: "1000",
runAsGroup: "1000",
fsGroup: "1000",
fsGroupChangePolicy: "Always",
runAsNonRoot: true,
},
logSearchSecurityContext: {
runAsUser: "1000",
runAsGroup: "1000",
fsGroup: "1000",
fsGroupChangePolicy: "Always",
runAsNonRoot: true,
},
logSearchPostgresSecurityContext: {
runAsUser: "999",
runAsGroup: "999",
fsGroup: "999",
fsGroupChangePolicy: "Always",
runAsNonRoot: true,
},
prometheusSecurityContext: {
runAsUser: "1000",
runAsGroup: "1000",
fsGroup: "1000",
fsGroupChangePolicy: "Always",
runAsNonRoot: true,
},
},
@@ -212,6 +216,7 @@ const initialState: ICreateTenant = {
runAsUser: "1000",
runAsGroup: "1000",
fsGroup: "1000",
fsGroupChangePolicy: "Always",
runAsNonRoot: true,
},
},

1
portal-ui/src/screens/Console/Tenants/TenantDetails/Pools/AddPool/addPoolSlice.ts
View File

@@ -68,6 +68,7 @@ const initialState: IAddPool = {
runAsUser: "1000",
runAsGroup: "1000",
fsGroup: "1000",
fsGroupChangePolicy: "Always",
runAsNonRoot: true,
},
},

3
portal-ui/src/screens/Console/Tenants/TenantDetails/Pools/EditPool/editPoolSlice.ts
View File

@@ -50,6 +50,7 @@ const initialState: IEditPool = {
runAsUser: "1000",
runAsGroup: "1000",
fsGroup: "1000",
fsGroupChangePolicy: "Always",
runAsNonRoot: true,
},
},
@@ -151,6 +152,8 @@ export const editPoolSlice = createSlice({
runAsUser: action.payload.securityContext?.runAsUser || "",
runAsGroup: action.payload.securityContext?.runAsGroup || "",
fsGroup: action.payload.securityContext?.fsGroup || "",
fsGroupChangePolicy:
action.payload.securityContext?.fsGroupChangePolicy || "Always",
runAsNonRoot: !!action.payload.securityContext?.runAsNonRoot,
},
},

1
portal-ui/src/screens/Console/Tenants/TenantDetails/TenantEncryption.tsx
View File

@@ -97,6 +97,7 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
useState<boolean>(false);
const [securityContext, setSecurityContext] = useState<ISecurityContext>({
fsGroup: "1000",
fsGroupChangePolicy: "Always",
runAsGroup: "1000",
runAsNonRoot: true,
runAsUser: "1000",

2
portal-ui/src/screens/Console/Tenants/TenantDetails/tenantAuditLogSlice.ts
View File

@@ -62,12 +62,14 @@ const initialState: IEditTenantAuditLogging = {
runAsUser: "1000",
runAsGroup: "1000",
fsGroup: "1000",
fsGroupChangePolicy: "Always",
runAsNonRoot: false,
},
dbSecurityContext: {
runAsUser: "1000",
runAsGroup: "1000",
fsGroup: "1000",
fsGroupChangePolicy: "Always",
runAsNonRoot: false,
},
refreshLoggingInfo: true,

1
portal-ui/src/screens/Console/Tenants/types.ts
View File

@@ -137,6 +137,7 @@ export interface ISecurityContext {
runAsGroup: string;
runAsNonRoot: boolean;
fsGroup: string;
fsGroupChangePolicy: "Always" | "OnRootMismatch";
}
export interface IConfigureFields {