Add Audit Log and Log DB security context selector and split screen into tabs (#2156)
* Added security context selector for logging and log DB to Audit Log screen, split Audit Log screen into tabs * Cleaned up tab titles, disabled Save button while loading
This commit is contained in:
jinapurapu
GitHub
@@ -4206,6 +4206,10 @@ func init() {
|
||||
"$ref": "#/definitions/nodeSelector"
|
||||
}
|
||||
},
|
||||
"dbSecurityContext": {
|
||||
"type": "object",
|
||||
"$ref": "#/definitions/securityContext"
|
||||
},
|
||||
"dbServiceAccountName": {
|
||||
"type": "string"
|
||||
},
|
||||
@@ -4242,6 +4246,10 @@ func init() {
|
||||
"$ref": "#/definitions/nodeSelector"
|
||||
}
|
||||
},
|
||||
"securityContext": {
|
||||
"type": "object",
|
||||
"$ref": "#/definitions/securityContext"
|
||||
},
|
||||
"serviceAccountName": {
|
||||
"type": "string"
|
||||
}
|
||||
@@ -9568,6 +9576,10 @@ func init() {
|
||||
"$ref": "#/definitions/nodeSelector"
|
||||
}
|
||||
},
|
||||
"dbSecurityContext": {
|
||||
"type": "object",
|
||||
"$ref": "#/definitions/securityContext"
|
||||
},
|
||||
"dbServiceAccountName": {
|
||||
"type": "string"
|
||||
},
|
||||
@@ -9604,6 +9616,10 @@ func init() {
|
||||
"$ref": "#/definitions/nodeSelector"
|
||||
}
|
||||
},
|
||||
"securityContext": {
|
||||
"type": "object",
|
||||
"$ref": "#/definitions/securityContext"
|
||||
},
|
||||
"serviceAccountName": {
|
||||
"type": "string"
|
||||
}
|
||||
|
||||
@@ -1357,7 +1357,7 @@ func getTenantUsageResponse(session *models.Principal, params operator_api.GetTe
|
||||
return info, nil
|
||||
}
|
||||
|
||||
// getTenantLogsResponse returns the logs of a tenant
|
||||
// getTenantLogsResponse returns the Audit Log and Log DB configuration of a tenant
|
||||
func getTenantLogsResponse(session *models.Principal, params operator_api.GetTenantLogsParams) (*models.TenantLogs, *models.Error) {
|
||||
ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
|
||||
defer cancel()
|
||||
@@ -1392,11 +1392,9 @@ func getTenantLogsResponse(session *models.Principal, params operator_api.GetTen
|
||||
for k, v := range minTenant.Spec.Log.NodeSelector {
|
||||
nodeSelector = append(nodeSelector, &models.NodeSelector{Key: k, Value: v})
|
||||
}
|
||||
|
||||
if minTenant.Spec.Log.Db == nil {
|
||||
minTenant.Spec.Log.Db = &miniov2.LogDbConfig{}
|
||||
}
|
||||
|
||||
dbAnnotations := []*models.Annotation{}
|
||||
for k, v := range minTenant.Spec.Log.Db.Annotations {
|
||||
dbAnnotations = append(dbAnnotations, &models.Annotation{Key: k, Value: v})
|
||||
@@ -1409,6 +1407,15 @@ func getTenantLogsResponse(session *models.Principal, params operator_api.GetTen
|
||||
for k, v := range minTenant.Spec.Log.Db.NodeSelector {
|
||||
dbNodeSelector = append(dbNodeSelector, &models.NodeSelector{Key: k, Value: v})
|
||||
}
|
||||
var logSecurityContext *models.SecurityContext
|
||||
var logDBSecurityContext *models.SecurityContext
|
||||
|
||||
if minTenant.Spec.Log.SecurityContext != nil {
|
||||
logSecurityContext = convertK8sSCToModelSC(minTenant.Spec.Log.SecurityContext)
|
||||
}
|
||||
if minTenant.Spec.Log.Db.SecurityContext != nil {
|
||||
logDBSecurityContext = convertK8sSCToModelSC(minTenant.Spec.Log.Db.SecurityContext)
|
||||
}
|
||||
|
||||
if minTenant.Spec.Log.Audit == nil || minTenant.Spec.Log.Audit.DiskCapacityGB == nil {
|
||||
minTenant.Spec.Log.Audit = &miniov2.AuditConfig{DiskCapacityGB: swag.Int(0)}
|
||||
@@ -1421,12 +1428,14 @@ func getTenantLogsResponse(session *models.Principal, params operator_api.GetTen
|
||||
Labels: labels,
|
||||
NodeSelector: nodeSelector,
|
||||
ServiceAccountName: minTenant.Spec.Log.ServiceAccountName,
|
||||
SecurityContext: logSecurityContext,
|
||||
DbImage: minTenant.Spec.Log.Db.Image,
|
||||
DbInitImage: minTenant.Spec.Log.Db.InitImage,
|
||||
DbAnnotations: dbAnnotations,
|
||||
DbLabels: dbLabels,
|
||||
DbNodeSelector: dbNodeSelector,
|
||||
DbServiceAccountName: minTenant.Spec.Log.Db.ServiceAccountName,
|
||||
DbSecurityContext: logDBSecurityContext,
|
||||
Disabled: false,
|
||||
}
|
||||
|
||||
@@ -1454,7 +1463,7 @@ func getTenantLogsResponse(session *models.Principal, params operator_api.GetTen
|
||||
return tenantLoggingConfiguration, nil
|
||||
}
|
||||
|
||||
// setTenantLogsResponse returns the logs of a tenant
|
||||
// setTenantLogsResponse updates the Audit Log and Log DB configuration for the tenant
|
||||
func setTenantLogsResponse(session *models.Principal, params operator_api.SetTenantLogsParams) (bool, *models.Error) {
|
||||
ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
|
||||
defer cancel()
|
||||
@@ -1474,44 +1483,54 @@ func setTenantLogsResponse(session *models.Principal, params operator_api.SetTen
|
||||
}
|
||||
|
||||
labels := make(map[string]string)
|
||||
for i := 0; i < len(params.Data.Labels); i++ {
|
||||
if params.Data.Labels[i] != nil {
|
||||
labels[params.Data.Labels[i].Key] = params.Data.Labels[i].Value
|
||||
if params.Data.Labels != nil {
|
||||
for i := 0; i < len(params.Data.Labels); i++ {
|
||||
if params.Data.Labels[i] != nil {
|
||||
labels[params.Data.Labels[i].Key] = params.Data.Labels[i].Value
|
||||
}
|
||||
}
|
||||
minTenant.Spec.Log.Labels = labels
|
||||
}
|
||||
minTenant.Spec.Log.Labels = labels
|
||||
annotations := make(map[string]string)
|
||||
for i := 0; i < len(params.Data.Annotations); i++ {
|
||||
if params.Data.Annotations[i] != nil {
|
||||
annotations[params.Data.Annotations[i].Key] = params.Data.Annotations[i].Value
|
||||
|
||||
if params.Data.Annotations != nil {
|
||||
annotations := make(map[string]string)
|
||||
for i := 0; i < len(params.Data.Annotations); i++ {
|
||||
if params.Data.Annotations[i] != nil {
|
||||
annotations[params.Data.Annotations[i].Key] = params.Data.Annotations[i].Value
|
||||
}
|
||||
}
|
||||
minTenant.Spec.Log.Annotations = annotations
|
||||
}
|
||||
minTenant.Spec.Log.Annotations = annotations
|
||||
nodeSelector := make(map[string]string)
|
||||
for i := 0; i < len(params.Data.NodeSelector); i++ {
|
||||
if params.Data.NodeSelector[i] != nil {
|
||||
nodeSelector[params.Data.NodeSelector[i].Key] = params.Data.NodeSelector[i].Value
|
||||
if params.Data.NodeSelector != nil {
|
||||
nodeSelector := make(map[string]string)
|
||||
for i := 0; i < len(params.Data.NodeSelector); i++ {
|
||||
if params.Data.NodeSelector[i] != nil {
|
||||
nodeSelector[params.Data.NodeSelector[i].Key] = params.Data.NodeSelector[i].Value
|
||||
}
|
||||
}
|
||||
minTenant.Spec.Log.NodeSelector = nodeSelector
|
||||
}
|
||||
minTenant.Spec.Log.NodeSelector = nodeSelector
|
||||
logResourceRequest := make(corev1.ResourceList)
|
||||
|
||||
if reflect.TypeOf(params.Data.LogCPURequest).Kind() == reflect.String && params.Data.LogCPURequest != "0Gi" && params.Data.LogCPURequest != "" {
|
||||
cpuQuantity, err := resource.ParseQuantity(params.Data.LogCPURequest)
|
||||
if err != nil {
|
||||
return false, restapi.ErrorWithContext(ctx, err)
|
||||
if len(params.Data.LogCPURequest) > 0 {
|
||||
if reflect.TypeOf(params.Data.LogCPURequest).Kind() == reflect.String && params.Data.LogCPURequest != "0Gi" && params.Data.LogCPURequest != "" {
|
||||
cpuQuantity, err := resource.ParseQuantity(params.Data.LogCPURequest)
|
||||
if err != nil {
|
||||
return false, restapi.ErrorWithContext(ctx, err)
|
||||
}
|
||||
logResourceRequest["cpu"] = cpuQuantity
|
||||
minTenant.Spec.Log.Resources.Requests = logResourceRequest
|
||||
}
|
||||
logResourceRequest["cpu"] = cpuQuantity
|
||||
minTenant.Spec.Log.Resources.Requests = logResourceRequest
|
||||
}
|
||||
if reflect.TypeOf(params.Data.LogMemRequest).Kind() == reflect.String {
|
||||
memQuantity, err := resource.ParseQuantity(params.Data.LogMemRequest)
|
||||
if err != nil {
|
||||
return false, restapi.ErrorWithContext(ctx, err)
|
||||
}
|
||||
if len(params.Data.LogMemRequest) > 0 {
|
||||
if reflect.TypeOf(params.Data.LogMemRequest).Kind() == reflect.String && params.Data.LogMemRequest != "" {
|
||||
memQuantity, err := resource.ParseQuantity(params.Data.LogMemRequest)
|
||||
if err != nil {
|
||||
return false, restapi.ErrorWithContext(ctx, err)
|
||||
}
|
||||
|
||||
logResourceRequest["memory"] = memQuantity
|
||||
minTenant.Spec.Log.Resources.Requests = logResourceRequest
|
||||
logResourceRequest["memory"] = memQuantity
|
||||
minTenant.Spec.Log.Resources.Requests = logResourceRequest
|
||||
}
|
||||
}
|
||||
|
||||
modified := false
|
||||
@@ -1519,97 +1538,122 @@ func setTenantLogsResponse(session *models.Principal, params operator_api.SetTen
|
||||
modified = true
|
||||
}
|
||||
dbLabels := make(map[string]string)
|
||||
for i := 0; i < len(params.Data.DbLabels); i++ {
|
||||
if params.Data.DbLabels[i] != nil {
|
||||
dbLabels[params.Data.DbLabels[i].Key] = params.Data.DbLabels[i].Value
|
||||
if params.Data.DbLabels != nil {
|
||||
for i := 0; i < len(params.Data.DbLabels); i++ {
|
||||
if params.Data.DbLabels[i] != nil {
|
||||
dbLabels[params.Data.DbLabels[i].Key] = params.Data.DbLabels[i].Value
|
||||
}
|
||||
modified = true
|
||||
}
|
||||
modified = true
|
||||
}
|
||||
dbAnnotations := make(map[string]string)
|
||||
for i := 0; i < len(params.Data.DbAnnotations); i++ {
|
||||
if params.Data.DbAnnotations[i] != nil {
|
||||
dbAnnotations[params.Data.DbAnnotations[i].Key] = params.Data.DbAnnotations[i].Value
|
||||
if params.Data.DbAnnotations != nil {
|
||||
for i := 0; i < len(params.Data.DbAnnotations); i++ {
|
||||
if params.Data.DbAnnotations[i] != nil {
|
||||
dbAnnotations[params.Data.DbAnnotations[i].Key] = params.Data.DbAnnotations[i].Value
|
||||
}
|
||||
modified = true
|
||||
}
|
||||
modified = true
|
||||
}
|
||||
dbNodeSelector := make(map[string]string)
|
||||
for i := 0; i < len(params.Data.DbNodeSelector); i++ {
|
||||
if params.Data.DbNodeSelector[i] != nil {
|
||||
dbNodeSelector[params.Data.DbNodeSelector[i].Key] = params.Data.DbNodeSelector[i].Value
|
||||
}
|
||||
modified = true
|
||||
}
|
||||
|
||||
logDBResourceRequest := make(corev1.ResourceList)
|
||||
if reflect.TypeOf(params.Data.LogDBCPURequest).Kind() == reflect.String && params.Data.LogDBCPURequest != "0Gi" && params.Data.LogDBCPURequest != "" {
|
||||
dbCPUQuantity, err := resource.ParseQuantity(params.Data.LogDBCPURequest)
|
||||
if err != nil {
|
||||
return false, restapi.ErrorWithContext(ctx, err)
|
||||
}
|
||||
logDBResourceRequest["cpu"] = dbCPUQuantity
|
||||
minTenant.Spec.Log.Db.Resources.Requests = logDBResourceRequest
|
||||
}
|
||||
if reflect.TypeOf(params.Data.LogDBMemRequest).Kind() == reflect.String {
|
||||
dbMemQuantity, err := resource.ParseQuantity(params.Data.LogDBMemRequest)
|
||||
if err != nil {
|
||||
return false, restapi.ErrorWithContext(ctx, err)
|
||||
}
|
||||
logDBResourceRequest["memory"] = dbMemQuantity
|
||||
minTenant.Spec.Log.Db.Resources.Requests = logDBResourceRequest
|
||||
}
|
||||
minTenant.Spec.Log.Image = params.Data.Image
|
||||
diskCapacityGB, err := strconv.Atoi(params.Data.DiskCapacityGB)
|
||||
if err == nil {
|
||||
if minTenant.Spec.Log.Audit != nil && minTenant.Spec.Log.Audit.DiskCapacityGB != nil {
|
||||
*minTenant.Spec.Log.Audit.DiskCapacityGB = diskCapacityGB
|
||||
} else {
|
||||
minTenant.Spec.Log.Audit = &miniov2.AuditConfig{DiskCapacityGB: swag.Int(diskCapacityGB)}
|
||||
}
|
||||
}
|
||||
minTenant.Spec.Log.ServiceAccountName = params.Data.ServiceAccountName
|
||||
if params.Data.DbImage != "" || params.Data.DbServiceAccountName != "" {
|
||||
modified = true
|
||||
}
|
||||
if modified {
|
||||
if minTenant.Spec.Log.Db == nil {
|
||||
// Default class name for Log search
|
||||
diskSpaceFromAPI := int64(5) * humanize.GiByte // Default is 5Gi
|
||||
logSearchStorageClass := "standard"
|
||||
|
||||
logSearchDiskSpace := resource.NewQuantity(diskSpaceFromAPI, resource.DecimalExponent)
|
||||
|
||||
minTenant.Spec.Log.Db = &miniov2.LogDbConfig{
|
||||
VolumeClaimTemplate: &corev1.PersistentVolumeClaim{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: params.Tenant + "-log",
|
||||
},
|
||||
Spec: corev1.PersistentVolumeClaimSpec{
|
||||
AccessModes: []corev1.PersistentVolumeAccessMode{
|
||||
corev1.ReadWriteOnce,
|
||||
},
|
||||
Resources: corev1.ResourceRequirements{
|
||||
Requests: corev1.ResourceList{
|
||||
corev1.ResourceStorage: *logSearchDiskSpace,
|
||||
},
|
||||
},
|
||||
StorageClassName: &logSearchStorageClass,
|
||||
},
|
||||
},
|
||||
Labels: dbLabels,
|
||||
Annotations: dbAnnotations,
|
||||
NodeSelector: dbNodeSelector,
|
||||
Image: params.Data.DbImage,
|
||||
ServiceAccountName: params.Data.DbServiceAccountName,
|
||||
Resources: corev1.ResourceRequirements{
|
||||
Requests: minTenant.Spec.Log.Db.Resources.Requests,
|
||||
},
|
||||
if params.Data.DbNodeSelector != nil {
|
||||
for i := 0; i < len(params.Data.DbNodeSelector); i++ {
|
||||
if params.Data.DbNodeSelector[i] != nil {
|
||||
dbNodeSelector[params.Data.DbNodeSelector[i].Key] = params.Data.DbNodeSelector[i].Value
|
||||
}
|
||||
modified = true
|
||||
}
|
||||
}
|
||||
logDBResourceRequest := make(corev1.ResourceList)
|
||||
if len(params.Data.LogDBCPURequest) > 0 {
|
||||
if reflect.TypeOf(params.Data.LogDBCPURequest).Kind() == reflect.String && params.Data.LogDBCPURequest != "0Gi" && params.Data.LogDBCPURequest != "" {
|
||||
dbCPUQuantity, err := resource.ParseQuantity(params.Data.LogDBCPURequest)
|
||||
if err != nil {
|
||||
return false, restapi.ErrorWithContext(ctx, err)
|
||||
}
|
||||
logDBResourceRequest["cpu"] = dbCPUQuantity
|
||||
minTenant.Spec.Log.Db.Resources.Requests = logDBResourceRequest
|
||||
}
|
||||
}
|
||||
if len(params.Data.LogDBMemRequest) > 0 {
|
||||
if reflect.TypeOf(params.Data.LogDBMemRequest).Kind() == reflect.String && params.Data.LogDBMemRequest != "" {
|
||||
dbMemQuantity, err := resource.ParseQuantity(params.Data.LogDBMemRequest)
|
||||
if err != nil {
|
||||
return false, restapi.ErrorWithContext(ctx, err)
|
||||
}
|
||||
logDBResourceRequest["memory"] = dbMemQuantity
|
||||
minTenant.Spec.Log.Db.Resources.Requests = logDBResourceRequest
|
||||
}
|
||||
}
|
||||
if len(params.Data.Image) > 0 {
|
||||
minTenant.Spec.Log.Image = params.Data.Image
|
||||
}
|
||||
if params.Data.SecurityContext != nil {
|
||||
minTenant.Spec.Log.SecurityContext, err = convertModelSCToK8sSC(params.Data.SecurityContext)
|
||||
if err != nil {
|
||||
return false, restapi.ErrorWithContext(ctx, err)
|
||||
}
|
||||
}
|
||||
if len(params.Data.DiskCapacityGB) > 0 {
|
||||
diskCapacityGB, err := strconv.Atoi(params.Data.DiskCapacityGB)
|
||||
if err == nil {
|
||||
if minTenant.Spec.Log.Audit != nil && minTenant.Spec.Log.Audit.DiskCapacityGB != nil {
|
||||
*minTenant.Spec.Log.Audit.DiskCapacityGB = diskCapacityGB
|
||||
} else {
|
||||
minTenant.Spec.Log.Audit = &miniov2.AuditConfig{DiskCapacityGB: swag.Int(diskCapacityGB)}
|
||||
}
|
||||
}
|
||||
}
|
||||
if params.Data.DbLabels != nil {
|
||||
minTenant.Spec.Log.ServiceAccountName = params.Data.ServiceAccountName
|
||||
if params.Data.DbImage != "" || params.Data.DbServiceAccountName != "" {
|
||||
modified = true
|
||||
}
|
||||
if modified {
|
||||
if minTenant.Spec.Log.Db == nil {
|
||||
// Default class name for Log search
|
||||
diskSpaceFromAPI := int64(5) * humanize.GiByte // Default is 5Gi
|
||||
logSearchStorageClass := "standard"
|
||||
|
||||
logSearchDiskSpace := resource.NewQuantity(diskSpaceFromAPI, resource.DecimalExponent)
|
||||
|
||||
minTenant.Spec.Log.Db = &miniov2.LogDbConfig{
|
||||
VolumeClaimTemplate: &corev1.PersistentVolumeClaim{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: params.Tenant + "-log",
|
||||
},
|
||||
Spec: corev1.PersistentVolumeClaimSpec{
|
||||
AccessModes: []corev1.PersistentVolumeAccessMode{
|
||||
corev1.ReadWriteOnce,
|
||||
},
|
||||
Resources: corev1.ResourceRequirements{
|
||||
Requests: corev1.ResourceList{
|
||||
corev1.ResourceStorage: *logSearchDiskSpace,
|
||||
},
|
||||
},
|
||||
StorageClassName: &logSearchStorageClass,
|
||||
},
|
||||
},
|
||||
Labels: dbLabels,
|
||||
Annotations: dbAnnotations,
|
||||
NodeSelector: dbNodeSelector,
|
||||
Image: params.Data.DbImage,
|
||||
ServiceAccountName: params.Data.DbServiceAccountName,
|
||||
Resources: corev1.ResourceRequirements{
|
||||
Requests: minTenant.Spec.Log.Db.Resources.Requests,
|
||||
},
|
||||
}
|
||||
} else {
|
||||
minTenant.Spec.Log.Db.Labels = dbLabels
|
||||
minTenant.Spec.Log.Db.Annotations = dbAnnotations
|
||||
minTenant.Spec.Log.Db.NodeSelector = dbNodeSelector
|
||||
minTenant.Spec.Log.Db.Image = params.Data.DbImage
|
||||
minTenant.Spec.Log.Db.ServiceAccountName = params.Data.DbServiceAccountName
|
||||
minTenant.Spec.Log.Db.SecurityContext, err = convertModelSCToK8sSC(params.Data.DbSecurityContext)
|
||||
if err != nil {
|
||||
return false, restapi.ErrorWithContext(ctx, err)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
minTenant.Spec.Log.Db.Labels = dbLabels
|
||||
minTenant.Spec.Log.Db.Annotations = dbAnnotations
|
||||
minTenant.Spec.Log.Db.NodeSelector = dbNodeSelector
|
||||
minTenant.Spec.Log.Db.Image = params.Data.DbImage
|
||||
minTenant.Spec.Log.Db.ServiceAccountName = params.Data.DbServiceAccountName
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user