npm - @rancher/shell - Versions diffs - 0.3.4 → 0.3.5 - Mend

@rancher/shell 0.3.4 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (246) hide show

package/assets/styles/app.scss +1 -1
package/assets/styles/fonts/_fontstack.scss +11 -11
package/assets/styles/vendor/vue-js-modal.scss +3 -3
package/assets/translations/en-us.yaml +92 -22
package/assets/translations/zh-hans.yaml +84 -15
package/babel.config.js +13 -0
package/chart/gatekeeper.vue +77 -0
package/chart/istio.vue +108 -111
package/chart/logging/index.vue +13 -4
package/chart/monitoring/index.vue +15 -5
package/chart/monitoring/steps/uninstall-v1.vue +2 -2
package/chart/rancher-backup/index.vue +10 -3
package/cloud-credential/aws.vue +1 -1
package/cloud-credential/digitalocean.vue +1 -1
package/cloud-credential/gcp.vue +1 -1
package/cloud-credential/generic.vue +2 -2
package/cloud-credential/linode.vue +1 -1
package/cloud-credential/pnap.vue +1 -1
package/components/ActionMenu.vue +3 -4
package/components/AssignTo.vue +1 -1
package/components/AsyncButton.vue +1 -1
package/components/BannerGraphic.vue +1 -1
package/components/ButtonDropdown.vue +2 -3
package/components/ChartPsp.vue +76 -0
package/components/CruResource.vue +6 -2
package/components/DashboardMetrics.vue +12 -10
package/components/DetailText.vue +1 -1
package/components/DisableAuthProviderModal.vue +1 -1
package/components/EmberPage.vue +1 -1
package/components/EtcdInfoBanner.vue +5 -4
package/components/ExplorerMembers.vue +1 -1
package/components/ExplorerProjectsNamespaces.vue +14 -1
package/components/FileDiff.vue +6 -7
package/components/GrafanaDashboard.vue +18 -21
package/components/LazyImage.vue +10 -12
package/components/LogItem.vue +1 -1
package/components/Markdown.vue +1 -1
package/components/PromptRemove.vue +2 -2
package/components/PromptRestore.vue +1 -1
package/components/ResourceDetail/Masthead.vue +16 -0
package/components/ResourceDetail/index.vue +21 -4
package/components/ResourceList/index.vue +1 -1
package/components/ResourceTable.vue +4 -1
package/components/SingleClusterInfo.vue +2 -2
package/components/SortableTable/THead.vue +1 -1
package/components/SortableTable/index.vue +5 -2
package/components/__tests__/AsyncButton.test.ts +3 -1
package/components/__tests__/ChartPsp.test.ts +75 -0
package/components/__tests__/CruResource.test.ts +3 -1
package/components/auth/Principal.vue +1 -1
package/components/fleet/FleetBundles.vue +3 -1
package/components/fleet/FleetClusters.vue +1 -2
package/components/fleet/FleetIntro.vue +9 -1
package/components/fleet/FleetNoWorkspaces.vue +62 -0
package/components/fleet/FleetSummary.vue +7 -1
package/components/form/LabeledSelect.vue +14 -11
package/components/form/MatchExpressions.vue +17 -2
package/components/form/NameNsDescription.vue +31 -45
package/components/form/ResourceSelector.vue +1 -1
package/components/form/SecretSelector.vue +5 -1
package/components/form/ServiceNameSelect.vue +1 -1
package/components/form/SimpleSecretSelector.vue +9 -9
package/components/form/__tests__/LabeledSelect.test.ts +138 -0
package/components/form/__tests__/NameNsDescription.ts +32 -0
package/components/formatter/InternalExternalIP.vue +6 -0
package/components/formatter/InvolvedObjectLink.vue +54 -0
package/components/formatter/Link.vue +20 -4
package/components/formatter/LinkName.vue +6 -1
package/components/formatter/ServiceTargets.vue +1 -1
package/components/nav/Group.vue +2 -2
package/components/nav/NamespaceFilter.vue +15 -11
package/components/nav/TopLevelMenu.vue +2 -4
package/components/nav/Type.vue +1 -1
package/components/nav/WorkspaceSwitcher.vue +46 -5
package/config/labels-annotations.js +17 -0
package/config/product/auth.js +3 -2
package/config/product/explorer.js +11 -4
package/config/product/fleet.js +2 -0
package/config/router.js +414 -0
package/config/table-headers.js +10 -2
package/config/types.js +11 -8
package/config/uiplugins.js +30 -0
package/content/docs/en-us/whats-new.md +10 -0
package/content/docs/zh-hans/whats-new.md +11 -1
package/core/plugin-routes.ts +23 -0
package/creators/app/app.package.json +2 -1
package/creators/app/files/.eslintrc.js +1 -1
package/creators/app/files/babel.config.js +1 -18
package/creators/app/files/vue.config.js +7 -0
package/creators/app/init +5 -5
package/creators/pkg/files/.github/workflows/build-extension.yml +111 -0
package/creators/pkg/init +35 -4
package/creators/update/init +1 -1
package/detail/constraints.gatekeeper.sh.constraint.vue +20 -10
package/detail/fleet.cattle.io.gitrepo.vue +19 -11
package/detail/harvesterhci.io.management.cluster.vue +3 -3
package/detail/provisioning.cattle.io.cluster.vue +54 -12
package/detail/workload/index.vue +3 -3
package/dialog/AddClusterMemberDialog.vue +1 -1
package/dialog/AddProjectMemberDialog.vue +2 -2
package/dialog/AddonConfigConfirmationDialog.vue +27 -15
package/dialog/DiagnosticTimingsDialog.vue +1 -1
package/dialog/ForceMachineRemoveDialog.vue +1 -1
package/dialog/GenericPrompt.vue +18 -6
package/dialog/RotateEncryptionKeyDialog.vue +1 -1
package/dialog/SaveAsRKETemplateDialog.vue +1 -1
package/dialog/ScaleMachineDownDialog.vue +1 -1
package/edit/auth/github.vue +8 -8
package/edit/auth/googleoauth.vue +5 -5
package/edit/auth/ldap/index.vue +1 -1
package/edit/auth/oidc.vue +1 -1
package/edit/auth/saml.vue +1 -1
package/edit/cis.cattle.io.clusterscan.vue +1 -1
package/edit/fleet.cattle.io.clustergroup.vue +6 -4
package/edit/fleet.cattle.io.gitrepo.vue +16 -3
package/edit/helm.cattle.io.projecthelmchart.vue +5 -1
package/edit/management.cattle.io.fleetworkspace.vue +141 -6
package/edit/management.cattle.io.podsecurityadmissionconfigurationtemplate.vue +4 -1
package/edit/management.cattle.io.setting.vue +1 -1
package/edit/monitoring.coreos.com.alertmanagerconfig/types/webhook.vue +2 -2
package/edit/monitoring.coreos.com.receiver/tls.vue +18 -18
package/edit/monitoring.coreos.com.receiver/types/webhook.banner.vue +4 -4
package/edit/monitoring.coreos.com.receiver/types/webhook.vue +1 -1
package/edit/namespace.vue +2 -2
package/edit/networking.k8s.io.networkpolicy/PolicyRuleTarget.vue +126 -45
package/edit/networking.k8s.io.networkpolicy/index.vue +1 -1
package/edit/provisioning.cattle.io.cluster/MachinePool.vue +10 -0
package/edit/provisioning.cattle.io.cluster/RegistryConfigs.vue +1 -0
package/edit/provisioning.cattle.io.cluster/__tests__/rke2.test.ts +202 -2
package/edit/provisioning.cattle.io.cluster/rke2.vue +248 -84
package/edit/resources.cattle.io.backup.vue +1 -1
package/edit/service.vue +1 -1
package/edit/storage.k8s.io.storageclass/provisioners/driver.harvesterhci.io.vue +2 -2
package/edit/workload/__tests__/Job.test.ts +3 -1
package/edit/workload/index.vue +8 -3
package/edit/workload/mixins/workload.js +16 -0
package/layouts/default.vue +7 -3
package/list/fleet.cattle.io.bundle.vue +6 -3
package/list/fleet.cattle.io.clusterregistrationtoken.vue +3 -1
package/list/fleet.cattle.io.gitrepo.vue +44 -5
package/list/management.cattle.io.fleetworkspace.vue +45 -0
package/list/node.vue +69 -16
package/list/provisioning.cattle.io.cluster.vue +30 -1
package/machine-config/azure.vue +97 -38
package/middleware/authenticated.js +34 -0
package/mixins/chart.js +73 -2
package/mixins/resource-fetch.js +2 -2
package/models/apps.statefulset.js +28 -0
package/models/cluster/node.js +23 -2
package/models/cluster.x-k8s.io.machine.js +4 -2
package/models/clusterroletemplatebinding.js +7 -0
package/models/constraints.gatekeeper.sh.constraint.js +9 -0
package/models/fleet.cattle.io.cluster.js +19 -10
package/models/fleet.cattle.io.gitrepo.js +7 -2
package/models/management.cattle.io.cluster.js +1 -1
package/models/management.cattle.io.fleetworkspace.js +12 -0
package/models/management.cattle.io.gitreporestriction.js +5 -0
package/models/management.cattle.io.podsecurityadmissionconfigurationtemplate.js +3 -0
package/models/provisioning.cattle.io.cluster.js +7 -5
package/nuxt/App.js +210 -0
package/nuxt/axios.js +186 -0
package/nuxt/client.js +817 -0
package/nuxt/components/nuxt-build-indicator.vue +143 -0
package/nuxt/components/nuxt-child.js +122 -0
package/nuxt/components/nuxt-error.vue +98 -0
package/nuxt/components/nuxt-link.client.js +98 -0
package/nuxt/components/nuxt-link.server.js +16 -0
package/nuxt/components/nuxt-loading.vue +154 -0
package/nuxt/components/nuxt.js +101 -0
package/nuxt/cookie-universal-nuxt.js +9 -0
package/nuxt/empty.js +1 -0
package/nuxt/index.js +365 -0
package/nuxt/jsonp.js +82 -0
package/nuxt/loading.html +39 -0
package/nuxt/middleware.js +12 -0
package/nuxt/mixins/fetch.client.js +90 -0
package/nuxt/mixins/fetch.server.js +69 -0
package/nuxt/portal-vue.js +4 -0
package/nuxt/server.js +312 -0
package/nuxt/store.js +178 -0
package/nuxt/utils.js +630 -0
package/nuxt/views/app.template.html +9 -0
package/nuxt/views/error.html +23 -0
package/package.json +5 -9
package/pages/auth/setup.vue +2 -2
package/pages/c/_cluster/apps/charts/__tests__/install.helper.test.ts +33 -0
package/pages/c/_cluster/apps/charts/chart.vue +4 -4
package/pages/c/_cluster/apps/charts/install.helpers.js +26 -0
package/pages/c/_cluster/apps/charts/install.vue +40 -66
package/pages/c/_cluster/explorer/EventsTable.vue +5 -19
package/pages/c/_cluster/explorer/index.vue +29 -25
package/pages/c/_cluster/explorer/tools/index.vue +8 -8
package/pages/c/_cluster/fleet/index.vue +95 -34
package/pages/c/_cluster/gatekeeper/index.vue +1 -1
package/pages/c/_cluster/istio/index.vue +5 -5
package/pages/c/_cluster/manager/cloudCredential/index.vue +1 -1
package/pages/c/_cluster/monitoring/index.vue +7 -0
package/pages/c/_cluster/uiplugins/InstallDialog.vue +8 -8
package/pages/c/_cluster/uiplugins/PluginInfoPanel.vue +20 -7
package/pages/c/_cluster/uiplugins/index.vue +49 -17
package/pages/home.vue +9 -4
package/pages/index.vue +10 -1
package/plugins/clean-html-directive.js +31 -0
package/plugins/dashboard-store/actions.js +32 -9
package/plugins/dashboard-store/mutations.js +5 -2
package/plugins/dashboard-store/resource-class.js +8 -1
package/plugins/steve/mutations.js +3 -2
package/plugins/steve/steve-description-class.js +5 -1
package/plugins/steve/subscribe.js +63 -54
package/plugins/steve-create-worker.js +14 -0
package/promptRemove/management.cattle.io.globalrole.vue +2 -2
package/promptRemove/management.cattle.io.project.vue +2 -2
package/promptRemove/management.cattle.io.roletemplate.vue +2 -2
package/promptRemove/pod.vue +1 -1
package/public/index.html +65 -0
package/rancher-components/components/Banner/Banner.test.ts +9 -1
package/rancher-components/components/Banner/Banner.vue +1 -1
package/rancher-components/components/Form/Checkbox/Checkbox.vue +2 -0
package/rancher-components/components/Form/Radio/RadioButton.vue +1 -1
package/scripts/build-pkg.sh +1 -0
package/scripts/clean +6 -0
package/scripts/extension/bundle +58 -0
package/scripts/extension/helmpatch +89 -0
package/scripts/extension/publish +314 -0
package/scripts/test-plugins-build.sh +4 -0
package/store/__tests__/index.test.ts +110 -0
package/store/index.js +145 -58
package/store/type-map.js +5 -1
package/tsconfig.default.json +36 -0
package/tsconfig.json +24 -0
package/types/shell/index.d.ts +420 -343
package/utils/__tests__/string.test.ts +12 -0
package/utils/auth.js +65 -0
package/utils/monitoring.js +2 -1
package/utils/position.js +5 -8
package/utils/router.scrollBehavior.js +80 -0
package/utils/select.js +1 -3
package/utils/socket.js +1 -0
package/utils/string.js +13 -0
package/utils/time.js +9 -0
package/vue.config.js +679 -0
package/chart/rancher-alerting-drivers.vue +0 -53
package/chart/rancher-gatekeeper.vue +0 -37
package/creators/app/files/nuxt.config.js +0 -6
package/models/management.cattle.io.podsecurityadmissionconfigurationtemplate.ts +0 -4
package/nuxt.config.js +0 -798

package/edit/provisioning.cattle.io.cluster/rke2.vue CHANGED Viewed

@@ -15,6 +15,7 @@ import {
   DEFAULT_WORKSPACE,
   SECRET,
   HCI,
+  PSPS,
 } from '@shell/config/types';
 import { _CREATE, _EDIT, _VIEW } from '@shell/config/query-params';
@@ -129,6 +130,9 @@ export default {
   },
   async fetch() {
+    // Check presence of PSP in RKE2, which is where we show the templates
+    this.psps = await this.checkPsps();
     if ( !this.rke2Versions ) {
       const hash = {
         rke2Versions: this.$store.dispatch('management/request', { url: '/v1-rke2-release/releases' }),
@@ -312,14 +316,17 @@ export default {
         path: 'metadata.name', rules: ['subDomain'], translationKey: 'nameNsDescription.name.label'
       }],
       harvesterVersionRange: {},
-      lastDefaultPodSecurityPolicyTemplateName,
+      lastDefaultPodSecurityPolicyTemplateName, // Used for reset on k8s version changes
       previousKubernetesVersion,
-      harvesterVersion:      ''
+      cisOverride:           false,
+      cisPsaChangeBanner:    false,
+      psps:                  null, // List of policies if any
     };
   },
   computed: {
     ...mapGetters({ allCharts: 'catalog/charts' }),
+    ...mapGetters(['currentCluster']),
     ...mapGetters({ features: 'features/get' }),
     PUBLIC:   () => PUBLIC,
@@ -330,6 +337,13 @@ export default {
       return this.value.spec.rkeConfig;
     },
+    /**
+     * Check presence of PSPs as template or CLI creation
+     */
+    hasPsps() {
+      return !!this.psps?.count;
+    },
     isElementalCluster() {
       return this.provider === ELEMENTAL_CLUSTER_PROVIDER || this.value?.machineProvider?.toLowerCase() === KIND.MACHINE_INV_SELECTOR_TEMPLATES.toLowerCase();
     },
@@ -353,7 +367,7 @@ export default {
     },
     /**
-     * Return need of PSA if RKE and min k8s version
+     * Define introduction of PSA and return need of PSA templates based on min k8s version
      */
     needsPSA() {
       const release = this.value?.spec?.kubernetesVersion || '';
@@ -364,22 +378,18 @@ export default {
     },
     /**
-     * Restrict use of PSP based on min k8s version
+     * Define PSP deprecation and restrict use of PSP based on min k8s version
      */
     needsPSP() {
-      const release = this.value?.spec?.kubernetesVersion || '';
-      const version = release.match(/\d+/g);
-      const isRequiredVersion = version?.length ? +version[0] === 1 && +version[1] < 25 : false;
-      return isRequiredVersion;
+      return this.getNeedsPSP();
     },
-    // kubeletConfigs() {
-    //   return this.value.spec.rkeConfig.machineSelectorConfig.filter(x => !!x.machineLabelSelector);
-    // },
     /**
-     * Check if k8s release version used is RKE2 ^1.25
+     * Define introduction of Rancher defined PSA templates
      */
+    hasPsaTemplates() {
+      return !this.needsPSP;
+    },
     unsupportedSelectorConfig() {
       let global = 0;
@@ -416,8 +426,8 @@ export default {
       const existingRke2 = this.mode === _EDIT && cur.includes('rke2');
       const existingK3s = this.mode === _EDIT && cur.includes('k3s');
-      let allValidRke2Versions = this.getAllOptionsAfterMinVersion(this.rke2Versions, (existingRke2 ? cur : null), this.defaultRke2);
-      let allValidK3sVersions = this.getAllOptionsAfterMinVersion(this.k3sVersions, (existingK3s ? cur : null), this.defaultK3s);
+      let allValidRke2Versions = this.getAllOptionsAfterCurrentVersion(this.rke2Versions, (existingRke2 ? cur : null), this.defaultRke2);
+      let allValidK3sVersions = this.getAllOptionsAfterCurrentVersion(this.k3sVersions, (existingK3s ? cur : null), this.defaultK3s);
       if (!this.showDeprecatedPatchVersions) {
         // Normally, we only want to show the most recent patch version
@@ -452,8 +462,6 @@ export default {
         if ( existing ) {
           existing.disabled = false;
-        } else {
-          out.unshift({ label: `${ cur } (current)`, value: cur });
         }
       }
@@ -465,7 +473,7 @@ export default {
     },
     profileOptions() {
-      const out = (this.agentArgs.profile?.options || []).map((x) => {
+      const out = (this.agentArgs?.profile?.options || []).map((x) => {
         return { label: x, value: x };
       });
@@ -477,6 +485,15 @@ export default {
       return out;
     },
+    /**
+     * Allow to display override if PSA is needed and profile is set
+     */
+    hasCisOverride() {
+      return (this.serverConfig?.profile || this.agentConfig?.profile) && this.needsPSA &&
+        // Also check other cases on when to display the override
+        this.hasPsaTemplates && this.showCisProfile && this.isCisSupported;
+    },
     pspOptions() {
       if ( this.isK3s ) {
         return null;
@@ -505,6 +522,24 @@ export default {
       return out;
     },
+    /**
+     * Disable PSA if CIS hardening is enabled, except override
+     */
+    isPsaDisabled() {
+      const cisValue = this.agentConfig?.profile || this.serverConfig?.profile;
+      return !(!cisValue || this.cisOverride) && this.hasPsaTemplates && this.isCisSupported;
+    },
+    /**
+     * Get the default label for the PSA template option
+     */
+    defaultPsaOptionLabel() {
+      const optionCase = !this.needsPSP && !this.isK3s ? 'default' : 'none';
+      return this.$store.getters['i18n/t'](`cluster.rke2.defaultPodSecurityAdmissionConfigurationTemplateName.option.${ optionCase }`);
+    },
     /**
      * Convert PSA templates into options, sorting and flagging if any selected
      */
@@ -513,7 +548,7 @@ export default {
         return [];
       }
       const out = [{
-        label: this.$store.getters['i18n/t']('cluster.rke2.defaultPodSecurityAdmissionConfigurationTemplateName.option'),
+        label: this.defaultPsaOptionLabel,
         value: ''
       }];
@@ -534,6 +569,15 @@ export default {
       return out;
     },
+    /**
+     * Check if current CIS profile is required and listed in the options
+     */
+    isCisSupported() {
+      const cisProfile = this.serverConfig.profile || this.agentConfig.profile;
+      return !cisProfile || this.profileOptions.map(option => option.value).includes(cisProfile);
+    },
     disableOptions() {
       return this.serverArgs.disable.options.map((value) => {
         return {
@@ -610,7 +654,7 @@ export default {
     },
     showCisProfile() {
-      return (this.provider === 'custom' || this.isElementalCluster) && ( this.serverArgs.profile || this.agentArgs.profile );
+      return (this.provider === 'custom' || this.isElementalCluster) && ( this.serverArgs?.profile || this.agentArgs?.profile );
     },
     needCredential() {
@@ -816,7 +860,7 @@ export default {
       const first = all[0]?.value;
       const preferred = all.find(x => x.value === this.defaultRke2)?.value;
-      const rke2 = this.getAllOptionsAfterMinVersion(this.rke2Versions, null);
+      const rke2 = this.getAllOptionsAfterCurrentVersion(this.rke2Versions, null);
       const showRke2 = rke2.length;
       let out;
@@ -903,7 +947,6 @@ export default {
     },
     isHarvesterIncompatible() {
-      const CompareVersion = '<v1.2';
       let ccmRke2Version = (this.chartVersions['harvester-cloud-provider'] || {})['version'];
       let csiRke2Version = (this.chartVersions['harvester-csi-driver'] || {})['version'];
@@ -919,11 +962,7 @@ export default {
       }
       if (ccmVersion && csiVersion) {
-        if (semver.satisfies(this.harvesterVersion, CompareVersion) || !(this.harvesterVersion || '').startsWith('v')) {
-          // When harveste version is less than `CompareVersion`, compatibility is not determined,
-          // At the same time, version numbers like this will not be checked: master-14bbee2c-head
-          return false;
-        } else if (semver.satisfies(ccmRke2Version, ccmVersion) &&
+        if (semver.satisfies(ccmRke2Version, ccmVersion) &&
           semver.satisfies(csiRke2Version, csiVersion)) {
           return false;
         } else {
@@ -933,19 +972,6 @@ export default {
         return false;
       }
     },
-    displayInvalidPspsBanner() {
-      const version = VERSION.parse(this.value.spec.kubernetesVersion);
-      const major = parseInt(version?.[0] || 0);
-      const minor = parseInt(version?.[1] || 0);
-      if (major === 1 && minor >= 25) {
-        return this.allPSPs?.length > 0;
-      }
-      return false;
-    }
   },
   watch: {
@@ -1035,6 +1061,17 @@ export default {
     nlToBr,
     set,
+    /**
+     * Define PSP deprecation and restrict use of PSP based on min k8s version and current/edited mode
+     */
+    getNeedsPSP(value = this.value) {
+      const release = value?.spec?.kubernetesVersion || '';
+      const version = release.match(/\d+/g);
+      const isRequiredVersion = version?.length ? +version[0] === 1 && +version[1] < 25 : false;
+      return isRequiredVersion;
+    },
     async initMachinePools(existing) {
       const out = [];
@@ -1264,7 +1301,27 @@ export default {
     showAddonConfirmation() {
       return new Promise((resolve, reject) => {
-        this.$store.dispatch('cluster/promptModal', { component: 'AddonConfigConfirmationDialog', resources: [value => resolve(value)] });
+        this.$store.dispatch('cluster/promptModal', {
+          component: 'AddonConfigConfirmationDialog',
+          resources: [value => resolve(value)]
+        });
+      });
+    },
+    /**
+     * Inform user to remove PSP for current cluster due deprecation
+     */
+    showPspConfirmation() {
+      return new Promise((resolve, reject) => {
+        this.$store.dispatch('cluster/promptModal', {
+          component:      'GenericPrompt',
+          componentProps: {
+            title:     this.t('cluster.rke2.modal.pspChange.title'),
+            body:      this.t('cluster.rke2.modal.pspChange.body'),
+            applyMode: 'continue',
+            confirm:   resolve
+          },
+        });
       });
     },
@@ -1273,7 +1330,16 @@ export default {
         clear(this.errors);
       }
-      if (this.isEdit && this.liveValue?.spec?.kubernetesVersion !== this.value?.spec?.kubernetesVersion) {
+      const isEditVersion = this.isEdit && this.liveValue?.spec?.kubernetesVersion !== this.value?.spec?.kubernetesVersion;
+      const hasPspManuallyAdded = !!this.value.spec.rkeConfig?.machineGlobalConfig?.['kube-apiserver-arg'];
+      if (isEditVersion && !this.needsPSP && hasPspManuallyAdded) {
+        if (!await this.showPspConfirmation()) {
+          return btnCb('cancelled');
+        }
+      }
+      if (isEditVersion) {
         const shouldContinue = await this.showAddonConfirmation();
         if (!shouldContinue) {
@@ -1350,6 +1416,11 @@ export default {
         return;
       }
+      // Remove null profile on machineGlobalConfig - https://github.com/rancher/dashboard/issues/8480
+      if (this.value.spec?.rkeConfig?.machineGlobalConfig?.profile === null) {
+        delete this.value.spec.rkeConfig.machineGlobalConfig.profile;
+      }
       await this.save(btnCb);
     },
     // create a secret to reference the harvester cluster kubeconfig in rkeConfig
@@ -1496,7 +1567,7 @@ export default {
         }
       }
-      if ( !this.serverConfig.profile ) {
+      if ( !this.serverConfig?.profile ) {
         set(this.serverConfig, 'profile', null);
       }
     },
@@ -1625,21 +1696,32 @@ export default {
       set(this.value.spec.rkeConfig.registries, 'configs', configs);
     },
-    getAllOptionsAfterMinVersion(versions, minVersion, defaultVersion) {
+    getAllOptionsAfterCurrentVersion(versions, currentVersion, defaultVersion) {
       const out = (versions || []).filter(obj => !!obj.serverArgs).map((obj) => {
         let disabled = false;
         let experimental = false;
+        let isCurrentVersion = false;
+        let label = obj.id;
-        if ( minVersion ) {
-          disabled = compare(obj.id, minVersion) < 0;
+        if ( currentVersion ) {
+          disabled = compare(obj.id, currentVersion) < 0;
+          isCurrentVersion = compare(obj.id, currentVersion) === 0;
         }
         if ( defaultVersion ) {
           experimental = compare(defaultVersion, obj.id) < 0;
         }
+        if (isCurrentVersion) {
+          label = `${ label } ${ this.t('cluster.kubernetesVersion.current') }`;
+        }
+        if (experimental) {
+          label = `${ label } ${ this.t('cluster.kubernetesVersion.experimental') }`;
+        }
         return {
-          label:      obj.id + (experimental ? ` (${ this.t('cluster.kubernetesVersion.experimental') })` : ''),
+          label,
           value:      obj.id,
           sort:       sortable(obj.id),
           serverArgs: obj.serverArgs,
@@ -1648,6 +1730,15 @@ export default {
           disabled,
         };
       });
+      if (currentVersion && !out.find(obj => obj.value === currentVersion)) {
+        out.push({
+          label: `${ currentVersion } ${ this.t('cluster.kubernetesVersion.current') }`,
+          value: currentVersion,
+          sort:  sortable(currentVersion),
+        });
+      }
       const sorted = sortBy(out, 'sort:desc');
       const mostRecentPatchVersions = this.getMostRecentPatchVersions(sorted);
@@ -1661,7 +1752,7 @@ export default {
         return {
           ...optionData,
-          label: `${ optionData.label } (${ this.t('cluster.kubernetesVersion.deprecated') })`
+          label: `${ optionData.label } ${ this.t('cluster.kubernetesVersion.deprecated') }`
         };
       });
@@ -1699,7 +1790,7 @@ export default {
         const majorMinor = `${ semver.major(version.value) }.${ semver.minor(version.value) }`;
         // Always show current version, else show if we haven't shown anything for this major.minor version yet
-        if (version === currentVersion || mostRecentPatchVersions[majorMinor] === version.value) {
+        if (version.value === currentVersion || mostRecentPatchVersions[majorMinor] === version.value) {
           return true;
         }
@@ -1757,10 +1848,7 @@ export default {
         const res = await this.$store.dispatch('cluster/request', { url: `${ url }/${ HCI.SETTING }s` });
         const version = (res?.data || []).find(s => s.id === 'harvester-csi-ccm-versions');
-        // get harvester server-version
-        const serverVersion = (res?.data || []).find(s => s.id === 'server-version');
-        this.harvesterVersion = serverVersion.value;
         if (version) {
           this.harvesterVersionRange = JSON.parse(version.value || version.default || '{}');
         } else {
@@ -1777,6 +1865,52 @@ export default {
         this.initRegistry();
       }
     },
+    /**
+     * Check if current cluster has PSP enabled
+     * Consider exclusively RKE2 provisioned clusters in edit mode
+     */
+    async checkPsps() {
+      // As server returns 500 we exclude all the possible cases
+      if (
+        this.mode !== _CREATE &&
+        !this.isK3s &&
+        this.value.state !== 'reconciling' &&
+        this.getNeedsPSP(this.liveValue) // We consider editing only possible PSP cases
+      ) {
+        const clusterId = this.value.mgmtClusterId;
+        const url = `/k8s/clusters/${ clusterId }/v1/${ PSPS }`;
+        try {
+          return await this.$store.dispatch('cluster/request', { url });
+        } catch (error) {
+          // PSP may not exists for this cluster and an error is returned without need to handle
+        }
+      }
+    },
+    /**
+     * Reset PSA on several input changes for given conditions
+     */
+    togglePsaDefault() {
+      // This option is created from the server and is guaranteed to exist #8032
+      const hardcodedTemplate = 'rancher-restricted';
+      const cisValue = this.agentConfig?.profile || this.serverConfig?.profile;
+      if (!this.cisOverride) {
+        if (this.hasPsaTemplates && cisValue) {
+          set(this.value.spec, 'defaultPodSecurityAdmissionConfigurationTemplateName', hardcodedTemplate);
+        }
+        this.cisPsaChangeBanner = this.hasPsaTemplates;
+      }
+    },
+    handleCisChange() {
+      this.togglePsaDefault();
+      this.updateCisProfile();
+    },
     updateCisProfile() {
       // If the user selects any Worker CIS Profile,
       // protect-kernel-defaults should be set to false
@@ -1795,6 +1929,7 @@ export default {
      */
     handleKubernetesChange(value) {
       if (value) {
+        this.togglePsaDefault();
         const version = VERSION.parse(value);
         const major = parseInt(version?.[0] || 0);
         const minor = parseInt(version?.[1] || 0);
@@ -1856,7 +1991,7 @@ export default {
         v-if="isEdit"
         color="warning"
       >
-        <span v-html="t('cluster.banner.rke2-k3-reprovisioning', {}, true)" />
+        <span v-clean-html="t('cluster.banner.rke2-k3-reprovisioning', {}, true)" />
       </Banner>
     </div>
     <SelectCredential
@@ -1989,7 +2124,7 @@ export default {
             color="warning"
           >
             <span
-              v-html="t('cluster.harvester.warning.cloudProvider.incompatible', null, true)"
+              v-clean-html="t('cluster.harvester.warning.cloudProvider.incompatible', null, true)"
             />
           </Banner>
           <div class="row mb-10">
@@ -2075,40 +2210,29 @@ export default {
             {{ t('cluster.rke2.security.header') }}
           </h3>
           <Banner
-            v-if="isEdit && displayInvalidPspsBanner"
+            v-if="isEdit && !needsPSP && hasPsps"
             color="warning"
-          >
-            <span v-html="t('cluster.banner.invalidPsps', {}, true)" />
-          </Banner>
+            :label="t('cluster.banner.invalidPsps')"
+          />
           <Banner
             v-else-if="isCreate && !needsPSP"
             color="info"
-          >
-            <span v-html="t('cluster.banner.removedPsp', {}, true)" />
-          </Banner>
+            :label="t('cluster.banner.removedPsp')"
+          />
+          <Banner
+            v-else-if="isCreate && hasPsps"
+            color="info"
+            :label="t('cluster.banner.deprecatedPsp')"
+          />
           <Banner
-            v-else-if="isCreate"
+            v-if="showCisProfile && !isCisSupported && isEdit"
             color="info"
           >
-            <span v-html="t('cluster.banner.deprecatedPsp', {}, true)" />
+            <p v-clean-html="t('cluster.rke2.banner.cisUnsupported', {cisProfile: serverConfig.profile || agentConfig.profile}, true)" />
           </Banner>
-          <div
-            v-if="needsPSA"
-            class="row mb-10"
-          >
-            <div class="col span-6">
-              <!-- PSA template selector -->
-              <LabeledSelect
-                v-model="value.spec.defaultPodSecurityAdmissionConfigurationTemplateName"
-                :mode="mode"
-                data-testid="rke2-custom-edit-psa"
-                :options="psaOptions"
-                :label="t('cluster.rke2.defaultPodSecurityAdmissionConfigurationTemplateName.label')"
-              />
-            </div>
-          </div>
-          <div class="row">
+          <div class="row mb-10">
             <div
               v-if="pspOptions && needsPSP"
               class="col span-6"
@@ -2129,22 +2253,62 @@ export default {
               class="col span-6"
             >
               <LabeledSelect
-                v-if="serverArgs.profile"
+                v-if="serverArgs && serverArgs.profile"
                 v-model="serverConfig.profile"
                 :mode="mode"
                 :options="profileOptions"
-                label="Server CIS Profile"
+                :label="t('cluster.rke2.cis.sever')"
+                @input="handleCisChange"
               />
               <LabeledSelect
-                v-else-if="agentArgs.profile"
+                v-else-if="agentArgs && agentArgs.profile"
                 v-model="agentConfig.profile"
+                data-testid="rke2-custom-edit-cis-agent"
                 :mode="mode"
                 :options="profileOptions"
-                :label="t('cis.workerProfile')"
-                @input="updateCisProfile"
+                :label="t('cluster.rke2.cis.agent')"
+                @input="handleCisChange"
               />
             </div>
           </div>
+          <template v-if="hasCisOverride">
+            <Checkbox
+              v-model="cisOverride"
+              :mode="mode"
+              :label="t('cluster.rke2.cis.override')"
+              @input="togglePsaDefault"
+            />
+            <Banner
+              v-if="cisOverride"
+              color="warning"
+              :label="t('cluster.rke2.banner.cisOverride')"
+            />
+            <Banner
+              v-if="cisPsaChangeBanner && !cisOverride"
+              color="info"
+              :label="t('cluster.rke2.banner.psaChange')"
+            />
+          </template>
+          <div
+            v-if="needsPSA"
+            class="row mb-10 mt-10"
+          >
+            <div class="col span-6">
+              <!-- PSA template selector -->
+              <LabeledSelect
+                v-model="value.spec.defaultPodSecurityAdmissionConfigurationTemplateName"
+                :mode="mode"
+                data-testid="rke2-custom-edit-psa"
+                :options="psaOptions"
+                :disabled="isPsaDisabled"
+                :label="t('cluster.rke2.defaultPodSecurityAdmissionConfigurationTemplateName.label')"
+              />
+            </div>
+          </div>
           <div class="row">
             <div class="col span-12 mt-20">
               <Checkbox

package/edit/resources.cattle.io.backup.vue CHANGED Viewed

@@ -296,7 +296,7 @@ export default {
           v-else
           color="error"
         >
-          <span v-html="t('backupRestoreOperator.noResourceSet')" />
+          <span v-clean-html="t('backupRestoreOperator.noResourceSet')" />
         </Banner>
       </template>
     </CruResource>

package/edit/service.vue CHANGED Viewed

@@ -390,7 +390,7 @@ export default {
         <div class="row">
           <div class="col span-12">
             <Banner :color="(matchingPods.none ? 'warning' : 'success')">
-              <span v-html="t('servicesPage.selectors.matchingPods.matchesSome', matchingPods)" />
+              <span v-clean-html="t('servicesPage.selectors.matchingPods.matchesSome', matchingPods)" />
             </Banner>
           </div>
         </div>

package/edit/storage.k8s.io.storageclass/provisioners/driver.harvesterhci.io.vue CHANGED Viewed

@@ -45,10 +45,10 @@ export default {
     ...mapGetters(['currentCluster']),
     isSatisfiesVersion() {
-      const kubernetesVersion = this.currentCluster.kubernetesVersion;
+      const kubernetesVersion = this.currentCluster.kubernetesVersion || '';
       const kubernetesVersionExtension = this.currentCluster.kubernetesVersionExtension;
-      if (kubernetesVersionExtension.startsWith('rke2')) {
+      if (kubernetesVersionExtension.startsWith('+rke2')) {
         const charts = ((this.rke2Versions?.data || []).find(v => v.id === kubernetesVersion) || {}).charts;
         let csiVersion = charts?.['harvester-csi-driver']?.version || '';

package/edit/workload/__tests__/Job.test.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import { mount } from '@vue/test-utils';
 import Job from '@shell/edit/workload/Job.vue';
 import { _EDIT } from '@shell/config/query-params';
 import { WORKLOAD_TYPES } from '@shell/config/types';
+import { cleanHtmlDirective } from '@shell/plugins/clean-html-directive';
 describe('component: Job', () => {
   describe('given CronJob types', () => {
@@ -10,7 +11,8 @@ describe('component: Job', () => {
       'failed',
     ])('should emit an update on %p input', (field) => {
       const wrapper = mount(Job, {
-        propsData: {
+        directives: { cleanHtmlDirective },
+        propsData:  {
           mode: _EDIT,
           type: WORKLOAD_TYPES.CRON_JOB
         }

package/edit/workload/index.vue CHANGED Viewed

@@ -36,9 +36,15 @@ export default {
      * Find error exceptions to be mapped for each case
      */
     mapError(error) {
+      const isObject = error && typeof error === 'object' && !Array.isArray(error);
+      // We have just 2 cases, so we'll set a ternary operation:
+      // - one is for when we submit a YAML edited form (object - YAMLexceptions)
+      // - other is for a string message
+      const errorMessage = isObject ? error.message || '' : error || '';
       switch (true) {
-      case error.includes('violates PodSecurity'): {
-        const match = error.match(/\"(.*?)\"/gi);
+      case errorMessage.includes('violates PodSecurity'): {
+        const match = errorMessage.match(/\"(.*?)\"/gi);
         const name = match[0];
         const policy = match[1];
@@ -47,7 +53,6 @@ export default {
           icon:    'icon-pod_security'
         };
       }
       default:
         break;
       }