Added FSGroupChangePolicy support to create tenant screen (#2233)

Signed-off-by: Benjamin Perez <benjamin@bexsoft.net>

Signed-off-by: Benjamin Perez <benjamin@bexsoft.net>
Co-authored-by: Benjamin Perez <benjamin@bexsoft.net>

Author: bexsoft

operatorapi/tenants_helper.go

@@ -58,11 +58,14 @@ func convertModelSCToK8sSC(sc *models.SecurityContext) (*corev1.PodSecurityConte
 	if err != nil {
 		return nil, err
 	}
+	FSGroupChangePolicy := corev1.PodFSGroupChangePolicy(sc.FsGroupChangePolicy)
+
 	return &corev1.PodSecurityContext{
-		RunAsUser:    &runAsUser,
-		RunAsGroup:   &runAsGroup,
-		RunAsNonRoot: sc.RunAsNonRoot,
-		FSGroup:      &fsGroup,
+		RunAsUser:           &runAsUser,
+		RunAsGroup:          &runAsGroup,
+		RunAsNonRoot:        sc.RunAsNonRoot,
+		FSGroup:             &fsGroup,
+		FSGroupChangePolicy: &FSGroupChangePolicy,
 	}, nil
 }
 
@@ -71,11 +74,18 @@ func convertK8sSCToModelSC(sc *corev1.PodSecurityContext) *models.SecurityContex
 	runAsUser := strconv.FormatInt(*sc.RunAsUser, 10)
 	runAsGroup := strconv.FormatInt(*sc.RunAsGroup, 10)
 	fsGroup := strconv.FormatInt(*sc.FSGroup, 10)
+	fsGroupPolicy := ""
+
+	if sc.FSGroupChangePolicy != nil {
+		fsGroupPolicy = string(*sc.FSGroupChangePolicy)
+	}
+
 	return &models.SecurityContext{
-		RunAsUser:    &runAsUser,
-		RunAsGroup:   &runAsGroup,
-		RunAsNonRoot: sc.RunAsNonRoot,
-		FsGroup:      fsGroup,
+		RunAsUser:           &runAsUser,
+		RunAsGroup:          &runAsGroup,
+		RunAsNonRoot:        sc.RunAsNonRoot,
+		FsGroup:             fsGroup,
+		FsGroupChangePolicy: fsGroupPolicy,
 	}
 }
 

portal-ui/src/screens/Console/Tenants/AddTenant/Steps/ConfigLogSearch.tsx

@@ -400,6 +400,13 @@ const ConfigLogSearch = ({ classes }: IConfigureProps) => {
                       min="0"
                     />
                   </div>
+                </div>
+              </Grid>
+              <br />
+              <Grid item xs={12}>
+                <div
+                  className={`${classes.multiContainer} ${classes.responsiveSectionItem}`}
+                >
                   <div className={classes.configSectionItem}>
                     <InputBoxWrapper
                       type="number"
@@ -422,6 +429,30 @@ const ConfigLogSearch = ({ classes }: IConfigureProps) => {
                       min="0"
                     />
                   </div>
+                  <div className={classes.configSectionItem}>
+                    <SelectWrapper
+                      label="FsGroupChangePolicy"
+                      id="securityContext_fsGroupChangePolicy"
+                      name="securityContext_fsGroupChangePolicy"
+                      value={logSearchSecurityContext.fsGroupChangePolicy}
+                      onChange={(e: SelectChangeEvent<string>) => {
+                        updateField("logSearchSecurityContext", {
+                          ...logSearchSecurityContext,
+                          fsGroupChangePolicy: e.target.value,
+                        });
+                      }}
+                      options={[
+                        {
+                          label: "Always",
+                          value: "Always",
+                        },
+                        {
+                          label: "OnRootMismatch",
+                          value: "OnRootMismatch",
+                        },
+                      ]}
+                    />
+                  </div>
                 </div>
               </Grid>
               <br />
@@ -500,6 +531,13 @@ const ConfigLogSearch = ({ classes }: IConfigureProps) => {
                       min="0"
                     />
                   </div>
+                </div>
+              </Grid>
+              <br />
+              <Grid item xs={12}>
+                <div
+                  className={`${classes.multiContainer} ${classes.responsiveSectionItem}`}
+                >
                   <div className={classes.configSectionItem}>
                     <InputBoxWrapper
                       type="number"
@@ -522,6 +560,32 @@ const ConfigLogSearch = ({ classes }: IConfigureProps) => {
                       min="0"
                     />
                   </div>
+                  <div className={classes.configSectionItem}>
+                    <SelectWrapper
+                      label="FsGroupChangePolicy"
+                      id="securityContext_fsGroupChangePolicy"
+                      name="securityContext_fsGroupChangePolicy"
+                      value={
+                        logSearchPostgresSecurityContext.fsGroupChangePolicy
+                      }
+                      onChange={(e: SelectChangeEvent<string>) => {
+                        updateField("logSearchPostgresSecurityContext", {
+                          ...logSearchPostgresSecurityContext,
+                          fsGroupChangePolicy: e.target.value,
+                        });
+                      }}
+                      options={[
+                        {
+                          label: "Always",
+                          value: "Always",
+                        },
+                        {
+                          label: "OnRootMismatch",
+                          value: "OnRootMismatch",
+                        },
+                      ]}
+                    />
+                  </div>
                 </div>
               </Grid>
               <br />

portal-ui/src/screens/Console/Tenants/AddTenant/Steps/ConfigPrometheus.tsx

@@ -368,6 +368,13 @@ const ConfigPrometheus = ({ classes }: IConfigureProps) => {
                       min="0"
                     />
                   </div>
+                </div>
+              </Grid>
+              <br />
+              <Grid item xs={12} className={classes.configSectionItem}>
+                <div
+                  className={`${classes.multiContainer} ${classes.responsiveSectionItem}`}
+                >
                   <div className={classes.configSectionItem}>
                     <InputBoxWrapper
                       type="number"
@@ -391,8 +398,33 @@ const ConfigPrometheus = ({ classes }: IConfigureProps) => {
                       min="0"
                     />
                   </div>
+                  <div className={classes.configSectionItem}>
+                    <SelectWrapper
+                      label="FsGroupChangePolicy"
+                      id="securityContext_fsGroupChangePolicy"
+                      name="securityContext_fsGroupChangePolicy"
+                      value={prometheusSecurityContext.fsGroupChangePolicy}
+                      onChange={(e: SelectChangeEvent<string>) => {
+                        updateField("prometheusSecurityContext", {
+                          ...prometheusSecurityContext,
+                          fsGroupChangePolicy: e.target.value,
+                        });
+                      }}
+                      options={[
+                        {
+                          label: "Always",
+                          value: "Always",
+                        },
+                        {
+                          label: "OnRootMismatch",
+                          value: "OnRootMismatch",
+                        },
+                      ]}
+                    />
+                  </div>
                 </div>
               </Grid>
+              <br />
               <Grid item xs={12} className={classes.configSectionItem}>
                 <div
                   className={`${classes.multiContainer} ${classes.fieldSpaceTop}`}

portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Configure.tsx

@@ -19,7 +19,7 @@ import { useSelector } from "react-redux";
 import { Theme } from "@mui/material/styles";
 import createStyles from "@mui/styles/createStyles";
 import withStyles from "@mui/styles/withStyles";
-import { Grid, IconButton, Paper } from "@mui/material";
+import { Grid, IconButton, Paper, SelectChangeEvent } from "@mui/material";
 import {
   createTenantCommon,
   modalBasic,
@@ -42,6 +42,7 @@ import {
   removeMinIODomain,
   updateAddField,
 } from "../createTenantSlice";
+import SelectWrapper from "../../../Common/FormComponents/SelectWrapper/SelectWrapper";
 
 interface IConfigureProps {
   classes: any;
@@ -438,6 +439,13 @@ const Configure = ({ classes }: IConfigureProps) => {
                     min="0"
                   />
                 </div>
+              </div>
+            </Grid>
+            <br />
+            <Grid item xs={12} className={`${classes.configSectionItem}`}>
+              <div
+                className={`${classes.multiContainer} ${classes.responsiveSectionItem}`}
+              >
                 <div className={classes.containerItem}>
                   <InputBoxWrapper
                     type="number"
@@ -459,6 +467,32 @@ const Configure = ({ classes }: IConfigureProps) => {
                     min="0"
                   />
                 </div>
+                <div className={classes.containerItem}>
+                  <div className={classes.configSectionItem}>
+                    <SelectWrapper
+                      label="FsGroupChangePolicy"
+                      id="securityContext_fsGroupChangePolicy"
+                      name="securityContext_fsGroupChangePolicy"
+                      value={tenantSecurityContext.fsGroupChangePolicy}
+                      onChange={(e: SelectChangeEvent<string>) => {
+                        updateField("tenantSecurityContext", {
+                          ...tenantSecurityContext,
+                          fsGroupChangePolicy: e.target.value,
+                        });
+                      }}
+                      options={[
+                        {
+                          label: "Always",
+                          value: "Always",
+                        },
+                        {
+                          label: "OnRootMismatch",
+                          value: "OnRootMismatch",
+                        },
+                      ]}
+                    />
+                  </div>
+                </div>
               </div>
             </Grid>
             <br />

portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption.tsx

@@ -19,7 +19,7 @@ import { useSelector } from "react-redux";
 import { Theme } from "@mui/material/styles";
 import createStyles from "@mui/styles/createStyles";
 import withStyles from "@mui/styles/withStyles";
-import { Paper } from "@mui/material";
+import { Paper, SelectChangeEvent } from "@mui/material";
 import Grid from "@mui/material/Grid";
 
 import {
@@ -50,6 +50,7 @@ import AzureKMSAdd from "./Encryption/AzureKMSAdd";
 import GCPKMSAdd from "./Encryption/GCPKMSAdd";
 import GemaltoKMSAdd from "./Encryption/GemaltoKMSAdd";
 import AWSKMSAdd from "./Encryption/AWSKMSAdd";
+import SelectWrapper from "../../../Common/FormComponents/SelectWrapper/SelectWrapper";
 
 interface IEncryptionProps {
   classes: any;
@@ -525,6 +526,13 @@ const Encryption = ({ classes }: IEncryptionProps) => {
                         min="0"
                       />
                     </div>
+                  </div>
+                </Grid>
+                <br />
+                <Grid item xs={12} className={classes.kesSecurityContext}>
+                  <div
+                    className={`${classes.multiContainer} ${classes.responsiveContainer}`}
+                  >
                     <div
                       className={`${classes.formFieldRow} ${classes.rightSpacer}`}
                     >
@@ -548,6 +556,32 @@ const Encryption = ({ classes }: IEncryptionProps) => {
                         min="0"
                       />
                     </div>
+                    <div
+                      className={`${classes.formFieldRow} ${classes.rightSpacer}`}
+                    >
+                      <SelectWrapper
+                        label="FsGroupChangePolicy"
+                        id="securityContext_fsGroupChangePolicy"
+                        name="securityContext_fsGroupChangePolicy"
+                        value={kesSecurityContext.fsGroupChangePolicy}
+                        onChange={(e: SelectChangeEvent<string>) => {
+                          updateField("kesSecurityContext", {
+                            ...kesSecurityContext,
+                            fsGroupChangePolicy: e.target.value,
+                          });
+                        }}
+                        options={[
+                          {
+                            label: "Always",
+                            value: "Always",
+                          },
+                          {
+                            label: "OnRootMismatch",
+                            value: "OnRootMismatch",
+                          },
+                        ]}
+                      />
+                    </div>
                   </div>
                 </Grid>
                 <br />

portal-ui/src/screens/Console/Tenants/AddTenant/createTenantSlice.ts

@@ -125,24 +125,28 @@ const initialState: ICreateTenant = {
         runAsUser: "1000",
         runAsGroup: "1000",
         fsGroup: "1000",
+        fsGroupChangePolicy: "Always",
         runAsNonRoot: true,
       },
       logSearchSecurityContext: {
         runAsUser: "1000",
         runAsGroup: "1000",
         fsGroup: "1000",
+        fsGroupChangePolicy: "Always",
         runAsNonRoot: true,
       },
       logSearchPostgresSecurityContext: {
         runAsUser: "999",
         runAsGroup: "999",
         fsGroup: "999",
+        fsGroupChangePolicy: "Always",
         runAsNonRoot: true,
       },
       prometheusSecurityContext: {
         runAsUser: "1000",
         runAsGroup: "1000",
         fsGroup: "1000",
+        fsGroupChangePolicy: "Always",
         runAsNonRoot: true,
       },
     },
@@ -212,6 +216,7 @@ const initialState: ICreateTenant = {
         runAsUser: "1000",
         runAsGroup: "1000",
         fsGroup: "1000",
+        fsGroupChangePolicy: "Always",
         runAsNonRoot: true,
       },
     },

portal-ui/src/screens/Console/Tenants/TenantDetails/Pools/AddPool/addPoolSlice.ts

@@ -68,6 +68,7 @@ const initialState: IAddPool = {
       runAsUser: "1000",
       runAsGroup: "1000",
       fsGroup: "1000",
+      fsGroupChangePolicy: "Always",
       runAsNonRoot: true,
     },
   },

portal-ui/src/screens/Console/Tenants/TenantDetails/Pools/EditPool/editPoolSlice.ts

@@ -50,6 +50,7 @@ const initialState: IEditPool = {
         runAsUser: "1000",
         runAsGroup: "1000",
         fsGroup: "1000",
+        fsGroupChangePolicy: "Always",
         runAsNonRoot: true,
       },
     },
@@ -151,6 +152,8 @@ export const editPoolSlice = createSlice({
             runAsUser: action.payload.securityContext?.runAsUser || "",
             runAsGroup: action.payload.securityContext?.runAsGroup || "",
             fsGroup: action.payload.securityContext?.fsGroup || "",
+            fsGroupChangePolicy:
+              action.payload.securityContext?.fsGroupChangePolicy || "Always",
             runAsNonRoot: !!action.payload.securityContext?.runAsNonRoot,
           },
         },

portal-ui/src/screens/Console/Tenants/TenantDetails/TenantEncryption.tsx

@@ -97,6 +97,7 @@ const TenantEncryption = ({ classes }: ITenantEncryption) => {
     useState<boolean>(false);
   const [securityContext, setSecurityContext] = useState<ISecurityContext>({
     fsGroup: "1000",
+    fsGroupChangePolicy: "Always",
     runAsGroup: "1000",
     runAsNonRoot: true,
     runAsUser: "1000",

portal-ui/src/screens/Console/Tenants/TenantDetails/tenantAuditLogSlice.ts

@@ -62,12 +62,14 @@ const initialState: IEditTenantAuditLogging = {
     runAsUser: "1000",
     runAsGroup: "1000",
     fsGroup: "1000",
+    fsGroupChangePolicy: "Always",
     runAsNonRoot: false,
   },
   dbSecurityContext: {
     runAsUser: "1000",
     runAsGroup: "1000",
     fsGroup: "1000",
+    fsGroupChangePolicy: "Always",
     runAsNonRoot: false,
   },
   refreshLoggingInfo: true,