Skip to content

Commit 139771f

Browse files
authored
Fixes and improvements for Tenant Security page (#2252)
- Tenant securityContext was only being applied to first pool - Fixed style issues on tenant security page to be more consistent - Added missing FsGroupChangePolicy in the SecurityContextSelector component Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
1 parent b7783aa commit 139771f

File tree

10 files changed

+442
-217
lines changed

10 files changed

+442
-217
lines changed

operatorapi/tenants.go

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1096,8 +1096,13 @@ func updateTenantSecurity(ctx context.Context, operatorClient OperatorClientI, c
10961096

10971097
// set Security Context
10981098
var newTenantSecurityContext *corev1.PodSecurityContext
1099-
newTenantSecurityContext, _ = convertModelSCToK8sSC(params.Body.SecurityContext)
1100-
minInst.Spec.Pools[0].SecurityContext = newTenantSecurityContext
1099+
newTenantSecurityContext, err = convertModelSCToK8sSC(params.Body.SecurityContext)
1100+
if err != nil {
1101+
return err
1102+
}
1103+
for index := range minInst.Spec.Pools {
1104+
minInst.Spec.Pools[index].SecurityContext = newTenantSecurityContext
1105+
}
11011106

11021107
// Update External Certificates
11031108
minInst.Spec.ExternalCertSecret = newMinIOExternalCertSecret

operatorapi/tenants_helper.go

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -58,8 +58,10 @@ func convertModelSCToK8sSC(sc *models.SecurityContext) (*corev1.PodSecurityConte
5858
if err != nil {
5959
return nil, err
6060
}
61-
FSGroupChangePolicy := corev1.PodFSGroupChangePolicy(sc.FsGroupChangePolicy)
62-
61+
FSGroupChangePolicy := corev1.PodFSGroupChangePolicy("Always")
62+
if sc.FsGroupChangePolicy != "" {
63+
FSGroupChangePolicy = corev1.PodFSGroupChangePolicy(sc.FsGroupChangePolicy)
64+
}
6365
return &corev1.PodSecurityContext{
6466
RunAsUser: &runAsUser,
6567
RunAsGroup: &runAsGroup,
@@ -74,18 +76,18 @@ func convertK8sSCToModelSC(sc *corev1.PodSecurityContext) *models.SecurityContex
7476
runAsUser := strconv.FormatInt(*sc.RunAsUser, 10)
7577
runAsGroup := strconv.FormatInt(*sc.RunAsGroup, 10)
7678
fsGroup := strconv.FormatInt(*sc.FSGroup, 10)
77-
fsGroupPolicy := ""
79+
fsGroupChangePolicy := "Always"
7880

7981
if sc.FSGroupChangePolicy != nil {
80-
fsGroupPolicy = string(*sc.FSGroupChangePolicy)
82+
fsGroupChangePolicy = string(*sc.FSGroupChangePolicy)
8183
}
8284

8385
return &models.SecurityContext{
8486
RunAsUser: &runAsUser,
8587
RunAsGroup: &runAsGroup,
8688
RunAsNonRoot: sc.RunAsNonRoot,
8789
FsGroup: fsGroup,
88-
FsGroupChangePolicy: fsGroupPolicy,
90+
FsGroupChangePolicy: fsGroupChangePolicy,
8991
}
9092
}
9193

portal-ui/src/screens/Console/Tenants/TenantDetails/EditTenantMonitoringScreen.tsx

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,8 @@ import {
6262
} from "../TenantDetails/tenantMonitoringSlice";
6363
import { clearValidationError, imagePattern, numericPattern } from "../utils";
6464
import SecurityContextSelector from "../securityContextSelector";
65+
import { setFSGroupChangePolicy } from "../tenantSecurityContextSlice";
66+
import { fsGroupChangePolicyType } from "../types";
6567

6668
interface ITenantMonitoring {
6769
classes: any;
@@ -150,6 +152,10 @@ const TenantMonitoring = ({ classes }: ITenantMonitoring) => {
150152
const runAsNonRoot = useSelector(
151153
(state: AppState) => state.editTenantMonitoring.runAsNonRoot
152154
);
155+
const fsGroupChangePolicy = useSelector(
156+
(state: AppState) => state.editTenantSecurityContext.fsGroupChangePolicy
157+
);
158+
153159
const cleanValidation = (fieldName: string) => {
154160
setValidationErrors(clearValidationError(validationErrors, fieldName));
155161
};
@@ -551,12 +557,16 @@ const TenantMonitoring = ({ classes }: ITenantMonitoring) => {
551557
runAsUser={runAsUser}
552558
fsGroup={fsGroup}
553559
runAsNonRoot={runAsNonRoot}
560+
fsGroupChangePolicy={fsGroupChangePolicy}
554561
setFSGroup={(value: string) => dispatch(setFSGroup(value))}
555562
setRunAsUser={(value: string) => dispatch(setRunAsUser(value))}
556563
setRunAsGroup={(value: string) => dispatch(setRunAsGroup(value))}
557564
setRunAsNonRoot={(value: boolean) =>
558565
dispatch(setRunAsNonRoot(value))
559566
}
567+
setFSGroupChangePolicy={(value: fsGroupChangePolicyType) =>
568+
dispatch(setFSGroupChangePolicy(value))
569+
}
560570
/>
561571
</Grid>
562572
<Grid item xs={12} textAlign={"right"}>

portal-ui/src/screens/Console/Tenants/TenantDetails/LoggingDBDetails.tsx

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,14 +50,16 @@ import {
5050
setDBMemRequest,
5151
setDBRunAsUser,
5252
setDBFSGroup,
53+
setDBFSGroupChangePolicy,
5354
setDBRunAsGroup,
5455
setDBRunAsNonRoot,
5556
setRefreshLoggingInfo,
56-
} from "../TenantDetails/tenantAuditLogSlice";
57+
} from "./tenantAuditLogSlice";
5758

5859
import SecurityContextSelector from "../securityContextSelector";
5960

6061
import { clearValidationError, imagePattern, numericPattern } from "../utils";
62+
import { fsGroupChangePolicyType } from "../types";
6163

6264
const styles = (theme: Theme) =>
6365
createStyles({
@@ -116,6 +118,10 @@ const LoggingDBDetails = ({
116118
const dbFSGroup = useSelector(
117119
(state: AppState) => state.editTenantLogging.dbSecurityContext.fsGroup
118120
);
121+
const dbFSGroupChangePolicy = useSelector(
122+
(state: AppState) =>
123+
state.editTenantLogging.dbSecurityContext.fsGroupChangePolicy
124+
);
119125
const dbRunAsNonRoot = useSelector(
120126
(state: AppState) => state.editTenantLogging.dbSecurityContext.runAsNonRoot
121127
);
@@ -178,6 +184,8 @@ const LoggingDBDetails = ({
178184
runAsUser: dbRunAsUser != null ? dbRunAsUser : "",
179185
fsGroup: dbFSGroup != null ? dbFSGroup : "",
180186
runAsNonRoot: dbRunAsNonRoot != null ? dbRunAsNonRoot : true,
187+
fsGroupChangePolicy:
188+
dbFSGroupChangePolicy != null ? dbFSGroupChangePolicy : "Always",
181189
};
182190
api
183191
.invoke(
@@ -328,13 +336,17 @@ const LoggingDBDetails = ({
328336
runAsGroup={dbRunAsGroup}
329337
runAsUser={dbRunAsUser}
330338
fsGroup={dbFSGroup}
339+
fsGroupChangePolicy={dbFSGroupChangePolicy}
331340
runAsNonRoot={dbRunAsNonRoot}
332341
setFSGroup={(value: string) => dispatch(setDBFSGroup(value))}
333342
setRunAsUser={(value: string) => dispatch(setDBRunAsUser(value))}
334343
setRunAsGroup={(value: string) => dispatch(setDBRunAsGroup(value))}
335344
setRunAsNonRoot={(value: boolean) =>
336345
dispatch(setDBRunAsNonRoot(value))
337346
}
347+
setFSGroupChangePolicy={(value: fsGroupChangePolicyType) =>
348+
dispatch(setDBFSGroupChangePolicy(value))
349+
}
338350
/>
339351
</Grid>
340352
<Grid item xs={12} textAlign={"right"}>

portal-ui/src/screens/Console/Tenants/TenantDetails/LoggingDetails.tsx

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,8 @@ import {
5757
setRunAsNonRoot,
5858
setRefreshLoggingInfo,
5959
} from "../TenantDetails/tenantAuditLogSlice";
60+
import { setFSGroupChangePolicy } from "../tenantSecurityContextSlice";
61+
import { fsGroupChangePolicyType } from "../types";
6062

6163
const styles = (theme: Theme) =>
6264
createStyles({
@@ -118,6 +120,9 @@ const TenantAuditLogging = ({
118120
const runAsNonRoot = useSelector(
119121
(state: AppState) => state.editTenantLogging.securityContext.runAsNonRoot
120122
);
123+
const fsGroupChangePolicy = useSelector(
124+
(state: AppState) => state.editTenantSecurityContext.fsGroupChangePolicy
125+
);
121126

122127
const [validationErrors, setValidationErrors] = useState<any>({});
123128
const [loading, setLoading] = useState<boolean>(false);
@@ -332,12 +337,16 @@ const TenantAuditLogging = ({
332337
runAsUser={runAsUser}
333338
fsGroup={fsGroup}
334339
runAsNonRoot={runAsNonRoot}
340+
fsGroupChangePolicy={fsGroupChangePolicy}
335341
setFSGroup={(value: string) => dispatch(setFSGroup(value))}
336342
setRunAsUser={(value: string) => dispatch(setRunAsUser(value))}
337343
setRunAsGroup={(value: string) => dispatch(setRunAsGroup(value))}
338344
setRunAsNonRoot={(value: boolean) =>
339345
dispatch(setRunAsNonRoot(value))
340346
}
347+
setFSGroupChangePolicy={(value: fsGroupChangePolicyType) =>
348+
dispatch(setFSGroupChangePolicy(value))
349+
}
341350
/>
342351
</Grid>
343352

0 commit comments

Comments
 (0)