gaktive
commented
1 year ago @cbron can you link to the anticipated backend work so UI can keep an eye on things?
Closed cbron closed 1 year ago
gaktive
commented
1 year ago @cbron can you link to the anticipated backend work so UI can keep an eye on things?
snasovich
commented
1 year ago @gaktive @cbron , I believe this is already done per https://github.com/rancher/rancher/issues/40289 Please also note minor UI issue raised related to this change https://github.com/rancher/dashboard/issues/8015 that may as well be absorbed into this one.
gaktive
commented
1 year ago Thanks @snasovich; shall we close this ticket in light of #8015 then? or copy its materials here and then close that?
snasovich
commented
1 year ago @gaktive , this issue seems to be "wider" while #8015 is essentially a minor issue about adding the description to the newly introduced role. I think we want contents of #8015 copied here and close #8015 as superseded by this one.
gaktive
commented
1 year ago From rancher/dashboard#8015 (via @HarrisonWAffel -- we closed that ticket in light of this one):
Recently a PR was raised to introduce a new built-in role for managing
PodSecurityAdmissionConfigurationTemplates. During the creation of that PR I noticed that the UI provides a display name for that role when creating a new user that is not present in rancher/rancher.In the rancher/rancher codebase the role is defined with the following name
However, when viewed in the UI the role looks like the following, and includes a description
We would like to have a similar formatting applied to the new PSACT role, as well as a description added below the name
Both the description and name of the PSACT role should mirror the description and name of the PSP role,
Name:
Manage Pod Security Admission Configuration Templates (PSACTs)Description:Allows the user to define, edit, and remove PSACTs.
cbron
commented
1 year ago I would still consider this backend blocked, because even though the code has merged, we haven't fully decided what to do here.
gaktive
commented
1 year ago This will be a banner, either inline or an alert.
gaktive
commented
1 year ago We await what the copy is to show in the banner/alert/what-have-you.
gaktive
commented
1 year ago @Sahota1225 has a meeting scheduled for Monday to bring this up.
gaktive
commented
1 year ago Upon discussion, there won't be a new role - but we need to add banners to warn users that it they update a PSAC. It will get applied to an existing cluster that references that PSAC the next time a change to that cluster (e.g. edit causes an update).
gaktive
commented
1 year ago As follow, documentation will be updated to indicate this role will be admin only during role creation as a workaround.
cbron
commented
1 year ago This issue has been rewritten, and is no longer backend blocked. Please review the title and description for the new request.
cnotv
commented
1 year ago We have already a warning, so this is about update the content.
slickwarren
commented
1 year ago tested on v2.7-head (cca09e4):
pod security admissions resource on all clusters with the correct messaging:
cross-referencing this issue to improve user experience: https://github.com/rancher/dashboard/issues/8274
On the list, or edit, page for PSAC templates, we need a warning that states how the templates work and repercussions of changes. Specifically: Changing any template that is currently in use will cause an update to those live clusters the next time the cluster is updated.