This adds the following functionality to the violations list on the OPA Gatekeeper constraint detail page:
* Add a namespace column to the violations
* Make the violations list searchable
* Allow to download the violations as a CSV, similar to CIS scanner violations
Signed-off-by: Bastian Hofmann <mail@bastianhofmann.de>
- Use `SteveDescriptionModel` as base of PodSecurityAdmissionTemplate model
- Provide a generic mechanism for model save to tweak the object that's saved
- In SteveDescriptionModel ensure the object that's saved has the correct description
- Save worked for other users of class ... as they saved via norman rather than steve
Tweaks
- Removed duplicate PSACT definition
- Fixed width of PSACT table name / description columns
* Prevent to display PSP related banners if no PSP active
* Add custom API request for PSP
* Prevent PSP check on cluster creation
* Add PSPS type
* Correc PSP deprecation message on upgrade, to mention automatic removal
* Correct banner loading and exclude generic message
* Prevent check of PSP if the cluster is reconciling
* Remove deprecated logic about PSP templates check
* Restrict invalid PSP check only on k8s upgrade
* Handle nodeGroups undefined for manually imported RKE cluster.
* Forward part changes from #8222
---------
Co-authored-by: Neil MacDougall <nmacdougall@suse.com>
* getting elemental changes on cluster provisioning back to rancher dashboard
* code cleanup
* apiversion created from machineCconfig schema attributes
* add machine-config loader to load it from an extension
* fix issue where elemental cluster details could not be displayed + minor changes and fixes
* fix bug where elemental infrastructureRef.name for elemental start with nc- and therefore was generating a fake machine when it shouldnt + cleanup prov cluster model
* prevent code change
* getting k8s file back up to master state to avoid complex merge conflicts
* getting k8s file back up to master state to avoid complex merge conflicts
* applying changes to cluster.x-k8s.io.machinedeployment
* Address PR feedback
---------
Co-authored-by: Alexandre Alves <aalves@Alexandres-MBP.lan>
Co-authored-by: Alexandre Alves <aalves@Alexandres-MacBook-Pro.local>
Co-authored-by: Neil MacDougall <nmacdougall@suse.com>
* Add missing and correct i18n PSA labels
* Correct description size by removing helper
* Add title to Namespace list tooltip if any PSA
* Allow to disable use of checkbox for PSA form
* Change timeout for growl to 5s on Pod warning due PSA
* Add type label for PSA
* Move PSA menu under Advanced
* Replace toggling system label with extending the value within the same
* Emit initial PSA form values con creation if no checkboxes due lack of interactions
* Change key for min password due inconsistency with the server value
* Allow to edit env var in settings model
* Allow to pass simple validators in the global settings editor
* Add validation for integer values on global settings password
* Add integer validation
* Add simple validators tests
* Allow integer validation to allow strings from inputs
* Simplify function and extend naming for settings rules
* Add further validations for the min password setting
* Replace logic with regular expression
* Add PSA resource model, edit, list, types, config, utils and navigation
* Remove controls sorting from config file in PSA form due unnecessary added logic
* Add missing type to exemptions
* Remove component specific grid alignment styling
* Add meaningful values on PSA form tests
* Add prefix for the namespace PSA form
* Correct PSA form test
* Revert RKE cluster erroneous changes
* Rename all the PSA form values to match specification and avoid issues
* Create function to convert array to dictionary
* Add types and replace function with utility in PSA form
* Trim exemptions values for PSA form
* Correct util test and function
* Enable YAML editor for PSA resource
* Moves sockets into the advanced worker
* worker can die peacefully now, making switching between cluster work.
* Make waitFor generic, wire in to waitForTestFn
* General Changes
- Fixes for switching cluster
- includes using common getPerformanceSetting
- avoid new code to unsub before socket disconnect
- handle `watch` `stop` requests
- lots of TODO's (questions, work, checks, test, etc)
- use common
* Switch socket fixes
- isAdvancedWorker should only be true for cluster store
- advancedWorker to be wired in
* Fix socket id for cluster workers
- sockets use an incremented local var for id
- when we nuke the socket file within the worker this resets, so they all ahve id of 1
- work around this by applying the unix time
* Fix handling of new partical counts response
- seen in dex cluster explorer dashboard
- count cards would be removed when partial counts response received
* Make resourceWatcher the sole location for watch state
- getters canWatch, watchStarted now are worked around (they look at state in the UI thread)
- we now don't call resource.stop or restart.start in subscription
- tidied up `forgetType`
- moved clearFromQueue from steve mutations into subscription mutations (better location)
- added and removed some TODOs
- fixed watch (stop handler should be higher up, include force watch handling)
* pushes the csrf value into worker and adds it to fetch request headers.
* refactors batchChanges to address ref concerns and be more performant
* Maintain schema reference whilst updating
- This change mutates input in a function, which is bad...
- but ensures the reference isn't broken, which is needed to maintain similar functionality as before
* Fix waitForTestFn
- Seen when creating or viewing clusters
* On unwatch ensure any pending watch requests are removed from the queue
- the probably would have been a problem if the worker wasn't nuked
- however as the codes there lets make it safe
Also added `trace` feature in advanced worker, will probably bring out to other places as well
* Fix navigation from cluster manager world to any cluster
- Ensure that we handle the case where the advanced worker was created but the resource watcher wasn't
- ... but fix case where this was happening (aka ensure that a blank cluster context is ignored)
* Tidy some TODOs
* Add perf settings page
- This will help test normal flow (when advanced worker is disabled)
- Note - setting is now in a bag. This may help us better support further settings (enable client side pagination, etc)
```
advancedWorker: { enabled: false },
```
* FIX - Nav from cluster dashboard --> specific event --> cluster dashboard and events not re-subbed
- Ensure we block default handling of resource.start (keep state in resource watcher)
* Tidying up some TODOs
* Adds in a cache and uses it to validate SCHEMA messages before batching.
* Forgot to actually save CSRF to the resourceWatcher when instantiated.
* an empty resource in a batchChange to signal remove
* Move addSchemaIndexFields to and created removeSchemaIndexFields in new file
- this avoids bringing class files into the worker
* Fix disconnect/reconnect
- Remove `syncWatch` (do the watch/unwatch straight away)
- Test/Fix re-sub on reconnect
- Test/Fix growls on disconnect
* Tidying up some TODO's
- including clean of workerQueue on resource.stop (this is SUPER defensive)
* batchChanges will now handle aliases
* Fix pods list - WIP
- ensure podsByNamespace is updated on batchChange
TODO
- the final update to the pod is ignored
- removing a namespace cleans the cache correctly
- disabling advanced worker still works
* Fix pods list - fixes
- ensure podsByNamespace is updated on batchChange
Tested / Fixed
- the final update to the pod is ignored
- removing a namespace cleans the cache correctly
- disabling advanced worker still works
* Tidying TODOs
* Remove default same-origin header
- https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials
* Fixed TODO description
* Refactor subscribe, make it clear which vuex feature relates to what
* Lots of Fixes
- batchChanges fixes
- fix index is 0 issues (!/!!index)
- only `set` if we have to
- ensure we set the correct index after pushing to list
- ensure map is updated after reducing list size with limit
- podsByNamespace fixes
- ensure when ew replace... we don't use the same referenced object
- general service resource fixes
- ensure service's pods list stays up to date with store
* Multiple improvements/fixes
- resourceCache - store the hash instead of the whole object. This means longer load time be reduces memory footprint
- resourceWatcher
- don't re-sub on socket reconnect if watcher is in error
- don't sub if watcher is in error
- don't unwatch for 'failed to find schema' and 'too old' errors
- this clears the error, we won't to keep it to ensure we don't watch
- Remove #5997 comments, follow on work #7917
* toggle debug, remap alias types, cleaned up comments and console
* Unit tests for batchChanges
Much more scope for some crazy content
* Logging tweaks
- disable logging by default
- initWorker comes in too late to affect initial trace, so just rely on the `debug` to toggle at runtime
Co-authored-by: Richard Cox <richard.cox@suse.com>
* Added prompt in machinedeployment
* Save users promptConfirmation in cookies
* Changed pormpt size
* Added comments to the code, replace mounted function with create
* Fixed review comments
* Removed cookies added scale pool promt variable in prefs file
* Corrected pref variable name format and update comments
* Added confirmation prompt option in pref page
* Create models, config and utils for PSA
* Create PSA tab form view
* Create custom labels for Namespace
* Add icon option for Namespace detail view
* Add icon for Namespace list
* Add PSA tab for Namespace edit view
* Add i18n for all the PSA parts
* Separate PSA labels between mode and versions
* Filter DetailTop Namespace labels from PSA versions
* Correct unit test
* Correct Namespace tooltips for details, to be created after fetching the resources
* Remove unnecessary model
* Add todo for PSA implementation
* Add TODO for tests with checkbox and select
* Correct namespace list link with model method
* Add TODO
* Move i18n key for PSA
* Align Namespace detail view chips icon to the top
* Restore labels and annotation to the Namespace view
* Merge LabelsPSA features to existing Labels component
* Move all the PSA logic from the view to the model
* Tweaks following review
DetailTop
- Remove PSA specific code from generic component
ResourceDetail
- Remove PSA specific code from generic component
- Remove plumbing for descriptions and icons from parent component to DetailTop
Labels&Annotations component
- Default `show system labels` to off
- Ensure size of `Labels` and `Annotations` titles are the same
- Improve padding
- Remove PSA specific code from generic component
- Removed un-needed margin-bottom
Project/Namespace List
- Improve padlock icon alignment
- Improve spacing around PSA list in tooltip (this will pop up often)
PodSecurtyAdmission settings component
- Improved alignment on PSA checkbox
General Improvements
- Always show Labels&Annotations on Namespace config (view) page
* Changes following testing
- Fix display of show/hide system labels when there are no system labels
- Ensure PSA order shown in project/namespaces list PSA tooltip matches PSA controls in Namespace edit/config page
- Remove two usages of lodash
- pickBy --> new common pickBy
- values --> Object.values
* Fix unit tests
Co-authored-by: Richard Cox <richard.cox@suse.com>
- fix sorting
- code refactoring
- Jobs view: fix duration field in case of Pod never starts
Signed-off-by: Francesco Torchia <francesco.torchia@suse.com>
* Minor improvements
* Various fixes
* Fix developer load of plugins with '-' character in name
* IImprove installation detecttion and extensions naming
* Fix one more string
* Update placeholder icon
* Change pref string to Extensions
* Change icon and error handlers
* Error handling
* Fix lint
* Limit description length
* Ensure info panel readme info scrolls vertically for content
* Fix lint
* Fix bug where plugins don't load on fresh login or a login after logout
* Add chart compatbility filtering
* PR feedback
* Add check for access to ui plugin schema
* Update string following PR feedback
* Fix GitHub auth
* Fix lint
* Write in default system registry when we are installing the operator
* Fix issue where stuck installing on upgrade/rollback
* Fix bugs and tidy up plugin install/uninstall feedback in UI
* Only use system registry for Rancher images
* One more tweak to fix status on upgrade operation
* Fix extensions page reloading plugins
* Add message to reload the browser
* Fix reload notice for uninstall
* Change way we set defautl system registry
* WIP: Working version
* Further refinement
* Working version
* Refactor to a product
* i18n
* Fix lint and tidy comments
* Empty-Commit
* Bump e2e
* Latest fixes, i18n
* Fix lint
* Fix lint issues
* Fix imports for standlone plugin build
* Only load plugins in dev
* Fix lint issue
* Fix template errors
* Fix operator setup
* Fix menu actions
* Address PR feedback
* Address PR feedback
* Add new preference for plugin developer
* Update icon support
* Add third-party and experimental banners to slide-in
* Add support for update/rollback of a plugin
* Address PR feedback - i18n
* i18n - one more string localised
* i18n - one more string localised
* Minor visual tidy ups
* Use banner for install warning
* Fix saefMode
* Fix lint
* Add some responsiveness to the cards page
* Fix lint
* Bump PR
* Add debug to list coverage reports
Fixes#6800 - Workload storage mount point for volumes should be on containers
Fixes#7021 - Allow user to change the volume name
Fixes#7027 - Pod details page broken
These all works on 2.6.9 because PRs were merged after the branch separation. So this is applying the same changes to 2.7.0
For Release 2.6.9
#6800 -> release 2.6.9 PR fix#6886#7021 -> release 2.6.9 PR fix#7022#7027 -> release 2.6.9 PR fix#6952
If a cluster contains two workloads (e.g. deployments) with the same spec.selector, the button to open a container shell from the workload page or list always picks the first pod that matches this selector without taking namespaces into account.
Fixes https://github.com/rancher/rancher/issues/36344 and https://github.com/rancher/rancher/issues/38506
Signed-off-by: Bastian Hofmann <bashofmann@gmail.com>
- this will never be used, as we'll always need a cluster in the route to fetch the plugin from
- additionally 2 people have hit errors where this caused /home to fail
- if a plugin doesn't override/have a model we fall back on model-loader-require
- by default this is blank (to avoid importing all shell models for all plugins)
- for harvester it's so closely tied by both standard resources and resources in
management/rancher stores that it's hard to manually supply all that we
should just load them anyway
* Make container tabs horizontal.
* Update cronjobs, DaemonSets, Jobs, StatefulSets to use same Workload component.
* Fix 6755 - Wrong sidecar config edit not shown in UI.
* Set Persistent Volume claim capacity as required.
* routing maybe
* remove nested edit views
* harvester custom routes
* fix loading imported dev cluster
* move harvester-manager hci.cluster type out of harvester pkg
* fixes for build-pkg
* fix harvester custom dialogs
* fix harvester pkg routing
* generateDynamicTypeImport hyphenated dirs
rename cloud_credential and machine_config back to cloud-credential and machine-config
* Appease linting
* Fix epinio pkg build
- Includes fixes for some dashboard component references
* Revert "Receiver credential secrets are deleted when secret is set to none"
This reverts commit 836460e2998959bcda0b14a9f6511f248980b7b5.
* Fix plugin modal cancel button in dark mode
* Ensure correct components loaded when a new version of a plugin is loaded
- The route matcher was never updated with new route-->component values
- This was due to `this.router.options.routes` not containing the result of `router.add`
- See https://github.com/vuejs/vue-router/issues/2280
* Revert "Revert "Receiver credential secrets are deleted when secret is set to none""
This reverts commit e524bb3d40ea7adfe35c38ec7870560625965d25.
* fix harvester manager->harvester routing
* rename dialogs
* move harvester-manager files out of harvester pkg
* Revert "remove nested edit views"
This reverts commit e835835943d63e74c50942884fec3706f8703047.
* plugin validators dynamic import - not working
* fix merge conflict
* fix harvester members
* fix conflict
* custom validators
* harvester table formatters
* members routing
* import path fixes
* harvester mutli load
* Port across tweaks made during dynamic plugin work
- harvester plugin can be bundled with the dashboard until dynamic work has been completed
- Nav directly to virt cluster dashboard instead of via /harvester-c-cluster
- Fix missing bottom border on virt cluster list, hide actions (as they're never populated)
* move config/settings and config/harvester-map
fix hci setting custom components
* fix harvester setting import path
* Move over SerialConsole and Novnc, remove harvester.notifications
- These components were so 1-1 with harvester in the end i moved them over
- Also removed the like-for-like generic.notification `harvester.notification` strings
* Remove isSingleVirtualCluster, most of isMultiVirtualCluster
* Fix two nav issues
- harv cluster members --> prefs --> click on-screen back
- dashboard --> prefs --> click on-screen back
Both of these would be better fixed by an incoming change to the default layout (don't show old content before switching page)
* Fix reload of project/namespace page
* Split out project namespace into it's own component (1 or 2)
* Split out project namespace into it's own component (2 or 2)
* use product hideSystemResources opt instead of isVirtual/product===virtual
* fix missing prop in header
* Move FilterLabel and CloudInitType to harv pkg + two other references
* Move Harvester Upgrade components to harv pkg
- Needs a review with Neil regarding generics
* rebase build+load not working
* fix harvester route in authenticated
* Experimental Changes
* Fix merge conflicts
* WIP Fix routing
- includes project/namespace and namespace pages
* Tidying up
* Move harvester core store to plugin, remove harvester code from authenticated flow
- harvester store is a steve store that now lives in the plugin
- harvester `loadVirtual` replaced with a shortened `loadCluster` in it's own store
- Also fix xterm css import
* Fix three routing related bugs
- Fix project/namespace create/edit/cancel/done flows
- Update harvester's loadCluster to better match loadCluster
- Make edit namespace page project resource agnostic
* Build fixes
* Fix create namespace button and other tweaks
* fix two issues with nav out of imported harvester cluster
* Fix alignment of action menu button
- Used in many places
- all generic table action menus
- global settings --> settings
- rke1 cluster detail page machine pool group actions
- project/namespace list project group actions
- resource detail page action menu
* Revert changes to app and pkg creators
- This should fix `check-plugins-build` gate
- It does hide the underlying issue, but that won't have been brought in by this PR?
Co-authored-by: Nancy Butler <42977925+mantis-toboggan-md@users.noreply.github.com>
- harvester plugin can be bundled with the dashboard until dynamic work has been completed
- Nav directly to virt cluster dashboard instead of via /harvester-c-cluster
- Fix missing bottom border on virt cluster list, hide actions (as they're never populated)
- We determine the cluster id via the node's `self` link
- Normally this is something like `k8s/clusters/c-m-274kcrc4/v1/nodes/nodeid`
However for the local cluster this is only v1/nodes/nodeid`
- This meant that for local cluster nodes it's norman and mgmt nodes were unavailable
- From what i can this only affected it's ability to
- determine it's role (though this had a working fallback)
- determine if some actions were shown (and also execute them)
* Ensure that we show empty machine pools
* Fix two bugs
- empty pool message would show twice in a single pool when there were two empty pools (missing id meant fake machines were all grouped together)
- ensure detail page for rke1 clusters show
Co-authored-by: Richard Cox <richard.cox@suse.com>
* custom promptremove component for project and namespace remove
* Fix lin t
* Two tweaks
- Align
- createnamespace button with ns age column
- project action button with ns action button column
- Require confirmation to delete a project to match deleting a namespace
* Address PR feedback
Co-authored-by: Neill Somerville <neill.somerville@gmail.com>
Co-authored-by: Richard Cox <richard.cox@suse.com>
* Add ingressClassName field to ingress form and ingress list
Addresses https://github.com/rancher/dashboard/issues/6339
* Move ingressClass to details section on ingress detail page
Signed-off-by: Bastian Hofmann <bashofmann@gmail.com>
Bastian Hofmann