@rancher/shell 1.2.2 → 1.2.5-rc.1

package/assets/translations/en-us.yaml

@@ -1300,6 +1300,7 @@ cluster:
       placeholder: 'Namespace/Name'
       cluster: Imported Harvester Cluster
       installGuestAgent: Install guest agent
+      tokenExpirationWarning: 'Warning: Harvester Cloud Credentials use an underlying authentication token that may have an expiry time - please see the following <a href="https://harvesterhci.io/kb/renew_harvester_cloud_credentials" target="_blank" rel="noopener nofollow">knowledge base article</a> for possible implications on management operations.'
   description:
     label: Cluster Description
     placeholder: Any text you want that better describes this cluster
@@ -1818,6 +1819,7 @@ cluster:
     oracleoke: Oracle OKE
     otc: Open Telekom Cloud
     other: Other
+    ovhcloudmks: OVHcloud MKS
     packet: Equinix Metal
     pinganyunecs: Pinganyun ECS
     pnap: phoenixNAP
@@ -7128,6 +7130,9 @@ advancedSettings:
     'ui-default-landing': 'The default page users land on after login.'
     'brand': Folder name for an alternative theme defined in '/assets/brand'
     'hide-local-cluster': Hide the local cluster
+    'agent-tls-mode': "Rancher Certificate Verification. In `strict` mode the agents (system, cluster, fleet, etc) will only trust Rancher installations which are using a certificate signed by the CABundle in the `cacerts` setting. When the mode is system-store, the agents will trust any certificate signed by a CABundle in the operating system’s trust store."
+  warnings:
+    'agent-tls-mode': 'Changing this setting will cause all agents to be redeployed.'
   editHelp:
     'ui-banners': This setting takes a JSON object containing 3 root parameters; <code>banner</code>, <code>showHeader</code>, <code>showFooter</code>. <code>banner</code> is an object containing; <code>textColor</code>, <code>background</code>, and <code>text</code>, where <code>textColor</code> and <code>background</code> are any valid CSS color value.
   enum:
@@ -7150,6 +7155,9 @@ advancedSettings:
       info: Info
       debug: Debug
       trace: Trace
+    'agent-tls-mode':
+      strict: 'Strict'
+      system-store: 'System Store'
 
 featureFlags:
   label: Feature Flags

package/assets/translations/zh-hans.yaml

@@ -1803,6 +1803,7 @@ cluster:
     oracleoke: Oracle OKE
     otc: Open Telekom Cloud
     other: 其他
+    ovhcloudmks: OVHcloud MKS
     packet: Equinix Metal
     pinganyunecs: 平安云 ECS
     pnap: phoenixNAP

package/cloud-credential/__tests__/harvester.test.ts

@@ -0,0 +1,18 @@
+import { mount } from '@vue/test-utils';
+import HarvesterCloudCreds from '@shell/cloud-credential/harvester.vue';
+
+const mockStore = { getters: { 'i18n/t': jest.fn() } };
+
+describe('cloud credentials: Harvester', () => {
+  const wrapper = mount(HarvesterCloudCreds, {
+    propsData: { value: {} },
+    mocks:     { $store: mockStore }
+  });
+
+  it('should display the warning banner for token expiration', async() => {
+    const warningBanner = wrapper.find('[data-testid="harvester-token-expiration-warning-banner"]');
+
+    expect(warningBanner.exists()).toBe(true);
+    expect(warningBanner.isVisible()).toBe(true);
+  });
+});

package/cloud-credential/harvester.vue

@@ -1,12 +1,13 @@
 <script>
 import CreateEditView from '@shell/mixins/create-edit-view';
 import LabeledSelect from '@shell/components/form/LabeledSelect';
+import { Banner } from '@components/Banner';
 
 import { get, set } from '@shell/utils/object';
 import { MANAGEMENT, VIRTUAL_HARVESTER_PROVIDER } from '@shell/config/types';
 
 export default {
-  components: { LabeledSelect },
+  components: { LabeledSelect, Banner },
   mixins:     [CreateEditView],
 
   async fetch() {
@@ -97,6 +98,13 @@ export default {
 
 <template>
   <div>
+    <div class="row mb-10">
+      <Banner
+        color="warning"
+        label-key="cluster.credential.harvester.tokenExpirationWarning"
+        data-testid="harvester-token-expiration-warning-banner"
+      />
+    </div>
     <div class="row mb-10">
       <div
         class="col span-6"

package/components/AlertTable.vue

@@ -49,6 +49,7 @@ export default {
     ];
 
     return {
+      inStore:            this.$store.getters['currentProduct'].inStore,
       alertManagerPoller: new Poller(
         this.loadAlertManagerEvents,
         ALERTMANAGER_POLL_RATE_MS,
@@ -69,15 +70,24 @@ export default {
   },
 
   methods: {
-    async loadAlertManagerEvents() {
-      const inStore = this.$store.getters['currentProduct'].inStore;
-      const alertsEvents = await this.$store.dispatch(
-        `${ inStore }/request`,
-        { url: `/k8s/clusters/${ this.currentCluster.id }/api/v1/namespaces/${ this.monitoringNamespace }/services/http:${ this.alertServiceEndpoint }:9093/proxy/api/v1/alerts` }
+    async fetchAlertManagerEvents(version) {
+      return await this.$store.dispatch(
+        `${ this.inStore }/request`,
+        { url: `/k8s/clusters/${ this.currentCluster.id }/api/v1/namespaces/${ this.monitoringNamespace }/services/http:${ this.alertServiceEndpoint }:9093/proxy/api/${ version }/alerts` }
       );
+    },
+
+    async loadAlertManagerEvents() {
+      let alertEvents;
+
+      try {
+        alertEvents = await this.fetchAlertManagerEvents('v2');
+      } catch (err) {
+        alertEvents = await this.fetchAlertManagerEvents('v1').then((res) => res?.data);
+      }
 
-      if (alertsEvents.data) {
-        this.allAlerts = alertsEvents.data;
+      if (alertEvents) {
+        this.allAlerts = alertEvents;
       }
     },
 

package/components/GrafanaDashboard.vue

@@ -114,10 +114,12 @@ export default {
       this.interval = setInterval(() => {
         try {
           const graphWindow = this.$refs.frame?.contentWindow;
-          const errorElements = graphWindow.document.getElementsByClassName('alert-error');
-          const errorCornerElements = graphWindow.document.getElementsByClassName('panel-info-corner--error');
-          const panelInFullScreenElements = graphWindow.document.getElementsByClassName('panel-in-fullscreen');
-          const panelContainerElements = graphWindow.document.getElementsByClassName('panel-container');
+
+          // Note. getElementsByClassName won't work, following a grafana bump class names are now unique - for example css-2qng6u-panel-container
+          const errorElements = graphWindow.document.querySelectorAll('[class$="alert-error');
+          const errorCornerElements = graphWindow.document.querySelectorAll('[class$="panel-info-corner--error');
+          const panelInFullScreenElements = graphWindow.document.querySelectorAll('[class$="panel-in-fullscreen');
+          const panelContainerElements = graphWindow.document.querySelectorAll('[class$="panel-container');
           const error = errorElements.length > 0 || errorCornerElements.length > 0;
           const loaded = panelInFullScreenElements.length > 0 || panelContainerElements.length > 0;
           const errorMessageElms = graphWindow.document.getElementsByTagName('pre');

package/components/nav/TopLevelMenu.vue

@@ -855,7 +855,7 @@ export default {
           }
         }
 
-        > i {
+        > i, > img {
           display: block;
           width: 42px;
           font-size: $icon-size;
@@ -867,9 +867,6 @@ export default {
           margin-right: 16px;
           fill: var(--link);
         }
-        img {
-          margin-right: 16px;
-        }
 
         &.nuxt-link-active {
           background: var(--primary-hover-bg);

package/config/product/explorer.js

@@ -22,6 +22,7 @@ import {
 } from '@shell/config/table-headers';
 
 import { DSL } from '@shell/store/type-map';
+import { configureConditionalDepaginate } from '@shell/store/type-map.utils';
 
 export const NAME = 'explorer';
 
@@ -49,7 +50,9 @@ export function init(store) {
     typeStoreMap:        {
       [MANAGEMENT.PROJECT]:                       'management',
       [MANAGEMENT.CLUSTER_ROLE_TEMPLATE_BINDING]: 'management',
-      [MANAGEMENT.PROJECT_ROLE_TEMPLATE_BINDING]: 'management'
+      [MANAGEMENT.PROJECT_ROLE_TEMPLATE_BINDING]: 'management',
+      [NORMAN.CLUSTER_ROLE_TEMPLATE_BINDING]:     'rancher',
+      [NORMAN.PROJECT_ROLE_TEMPLATE_BINDING]:     'rancher',
     }
   });
 
@@ -156,12 +159,16 @@ export function init(store) {
   mapGroup(/^(.*\.)?cluster\.x-k8s\.io$/, 'clusterProvisioning');
   mapGroup(/^(aks|eks|gke|rke|rke-machine-config|rke-machine|provisioning)\.cattle\.io$/, 'clusterProvisioning');
 
+  const dePaginateBindings = configureConditionalDepaginate({ maxResourceCount: 5000 });
+  const dePaginateNormanBindings = configureConditionalDepaginate({ maxResourceCount: 5000, isNorman: true }) ;
+
   configureType(NODE, { isCreatable: false, isEditable: true });
   configureType(WORKLOAD_TYPES.JOB, { isEditable: false, match: WORKLOAD_TYPES.JOB });
-  configureType(MANAGEMENT.CLUSTER_ROLE_TEMPLATE_BINDING, { isEditable: false });
-  configureType(MANAGEMENT.PROJECT_ROLE_TEMPLATE_BINDING, { isEditable: false, depaginate: true });
+  configureType(MANAGEMENT.CLUSTER_ROLE_TEMPLATE_BINDING, { isEditable: false, depaginate: dePaginateBindings });
+  configureType(MANAGEMENT.PROJECT_ROLE_TEMPLATE_BINDING, { isEditable: false, depaginate: dePaginateBindings });
   configureType(MANAGEMENT.PROJECT, { displayName: store.getters['i18n/t']('namespace.project.label') });
-  configureType(NORMAN.PROJECT_ROLE_TEMPLATE_BINDING, { depaginate: true });
+  configureType(NORMAN.CLUSTER_ROLE_TEMPLATE_BINDING, { depaginate: dePaginateNormanBindings });
+  configureType(NORMAN.PROJECT_ROLE_TEMPLATE_BINDING, { depaginate: dePaginateNormanBindings });
 
   configureType(EVENT, { limit: 500 });
   weightType(EVENT, -1, true);

package/config/settings.ts

@@ -19,7 +19,8 @@ interface GlobalSetting {
     /**
      * Function used from the form validation
      */
-     ruleSet?: GlobalSettingRuleset[],
+    ruleSet?: GlobalSettingRuleset[],
+    warning?: string
   };
 }
 
@@ -90,8 +91,9 @@ export const SETTING = {
   FLEET_AGENT_DEFAULT_AFFINITY:         'fleet-agent-default-affinity',
   /**
    * manage rancher repositories in extensions (official, partners repos)
-   */
+  */
   ADD_EXTENSION_REPOS_BANNER_DISPLAY:   'display-add-extension-repos-banner',
+  AGENT_TLS_MODE:                       'agent-tls-mode',
   /**
    * User retention settings
    */
@@ -152,6 +154,11 @@ export const ALLOWED_SETTINGS: GlobalSetting = {
     options: ['prompt', 'in', 'out']
   },
   [SETTING.HIDE_LOCAL_CLUSTER]: { kind: 'boolean' },
+  [SETTING.AGENT_TLS_MODE]:     {
+    kind:    'enum',
+    options: ['strict', 'system-store'],
+    warning: 'agent-tls-mode'
+  },
 };
 
 /**

package/config/types.js

@@ -14,7 +14,7 @@ export const NORMAN = {
   ETCD_BACKUP:                   'etcdbackup',
   CLUSTER:                       'cluster',
   CLUSTER_TOKEN:                 'clusterregistrationtoken',
-  CLUSTER_ROLE_TEMPLATE_BINDING: 'clusterRoleTemplateBinding',
+  CLUSTER_ROLE_TEMPLATE_BINDING: 'clusterroletemplatebinding',
   CLOUD_CREDENTIAL:              'cloudcredential',
   FLEET_WORKSPACES:              'fleetworkspace',
   GLOBAL_ROLE:                   'globalRole',

package/config/uiplugins.js

@@ -178,7 +178,7 @@ export function isChartVersionAvailableForInstall(versionsData, returnObj = fals
 
   const parsedRancherVersion = rancherVersion.split('-')?.[0];
   const regexHashString = new RegExp('^[A-Za-z0-9]{9}$');
-  const isRancherVersionHashString = regexHashString.test(rancherVersion);
+  const isRancherVersionHashStringOrHead = regexHashString.test(rancherVersion) || rancherVersion.includes('head');
   const requiredUiVersion = version.annotations?.[UI_PLUGIN_CHART_ANNOTATIONS.UI_VERSION];
   const requiredKubeVersion = version.annotations?.[UI_PLUGIN_CHART_ANNOTATIONS.KUBE_VERSION];
   const versionObj = { ...version };
@@ -187,7 +187,7 @@ export function isChartVersionAvailableForInstall(versionsData, returnObj = fals
   versionObj.isCompatibleWithKubeVersion = true;
 
   // if it's a head version of Rancher, then we skip the validation and enable them all
-  if (!isRancherVersionHashString && requiredUiVersion && !semver.satisfies(parsedRancherVersion, requiredUiVersion)) {
+  if (!isRancherVersionHashStringOrHead && requiredUiVersion && !semver.satisfies(parsedRancherVersion, requiredUiVersion)) {
     if (!returnObj) {
       return false;
     }

package/edit/management.cattle.io.setting.vue

@@ -4,6 +4,7 @@ import { LabeledInput } from '@components/Form/LabeledInput';
 import LabeledSelect from '@shell/components/form/LabeledSelect';
 import CreateEditView from '@shell/mixins/create-edit-view';
 import { TextAreaAutoGrow } from '@components/Form/TextArea';
+import { Banner } from '@components/Banner';
 import formRulesGenerator from '@shell/utils/validators/formRules/index';
 
 import { ALLOWED_SETTINGS, SETTING } from '@shell/config/settings';
@@ -18,7 +19,8 @@ export default {
     LabeledInput,
     LabeledSelect,
     RadioGroup,
-    TextAreaAutoGrow
+    TextAreaAutoGrow,
+    Banner,
   },
 
   mixins: [CreateEditView, FormValidation],
@@ -63,7 +65,11 @@ export default {
 
           return factoryArg ? rule(factoryArg) : rule;
         }) : {};
-    }
+    },
+
+    showWarningBanner() {
+      return this.setting?.warning;
+    },
   },
 
   methods: {
@@ -118,6 +124,13 @@ export default {
     @finish="saveSettings"
     @cancel="done"
   >
+    <Banner
+      v-if="showWarningBanner"
+      color="warning"
+      :label="t(`advancedSettings.warnings.${ setting.warning }`)"
+      data-testid="advanced_settings_warning_banner"
+    />
+
     <h4>{{ description }}</h4>
 
     <h5

package/edit/provisioning.cattle.io.cluster/RegistryConfigs.vue

@@ -7,6 +7,7 @@ import SelectOrCreateAuthSecret from '@shell/components/form/SelectOrCreateAuthS
 import CreateEditView from '@shell/mixins/create-edit-view';
 import SecretSelector from '@shell/components/form/SecretSelector';
 import { SECRET_TYPES as TYPES } from '@shell/config/secret';
+import { base64Decode, base64Encode } from '@shell/utils/crypto';
 
 export default {
   components: {
@@ -55,7 +56,7 @@ export default {
       if (configMap[hostname]) {
         configMap[hostname].insecureSkipVerify = configMap[hostname].insecureSkipVerify ?? defaultAddValue.insecureSkipVerify;
         configMap[hostname].authConfigSecretName = configMap[hostname].authConfigSecretName ?? defaultAddValue.authConfigSecretName;
-        configMap[hostname].caBundle = configMap[hostname].caBundle ?? defaultAddValue.caBundle;
+        configMap[hostname].caBundle = base64Decode(configMap[hostname].caBundle ?? defaultAddValue.caBundle);
         configMap[hostname].tlsSecretName = configMap[hostname].tlsSecretName ?? defaultAddValue.tlsSecretName;
       }
       entries.push({
@@ -94,7 +95,11 @@ export default {
           continue;
         }
 
-        configs[h] = { ...entry };
+        configs[h] = {
+          ...entry,
+          caBundle: base64Encode(entry.caBundle)
+        };
+
         delete configs[h].hostname;
       }
 
@@ -174,6 +179,7 @@ export default {
 
             <LabeledInput
               v-model="row.value.caBundle"
+              :data-testid="`registry-caBundle-${i}`"
               class="mt-20"
               type="multiline"
               label="CA Cert Bundle"

package/edit/provisioning.cattle.io.cluster/__tests__/RegistryConfigs.test.ts

@@ -0,0 +1,61 @@
+import { mount, Wrapper } from '@vue/test-utils';
+import { clone } from '@shell/utils/object';
+import { _EDIT } from '@shell/config/query-params';
+import { PROV_CLUSTER } from '@shell/edit/provisioning.cattle.io.cluster/__tests__/utils/cluster';
+import RegistryConfigs from '@shell/edit/provisioning.cattle.io.cluster/RegistryConfigs.vue';
+
+describe('component: RegistryConfigs', () => {
+  let wrapper: Wrapper<InstanceType<typeof RegistryConfigs> & { [key: string]: any }>;
+
+  const mountOptions = {
+    propsData: {
+      value:                     {},
+      mode:                      _EDIT,
+      clusterRegisterBeforeHook: () => {}
+    },
+    stubs: {
+      SelectOrCreateAuthSecret: true,
+      SecretSelector:           true,
+    },
+    mocks: { $store: { getters: { 'i18n/t': jest.fn() } } }
+  };
+
+  describe('key CA Cert Bundle', () => {
+    it('should display default key', () => {
+      const value = clone(PROV_CLUSTER);
+
+      value.spec.rkeConfig.registries.configs = { foo: { caBundle: 'Zm9vYmFy' } };
+
+      mountOptions.propsData.value = value;
+
+      wrapper = mount(
+        RegistryConfigs,
+        mountOptions
+      );
+
+      const registry = wrapper.find('[data-testid^="registry-caBundle"]').element as HTMLTextAreaElement;
+
+      expect(registry.value).toBe('foobar');
+    });
+
+    it('should update key in base64 format', async() => {
+      const value = clone(PROV_CLUSTER);
+
+      value.spec.rkeConfig.registries.configs = { foo: { caBundle: 'Zm9vYmFy' } };
+
+      mountOptions.propsData.value = value;
+
+      wrapper = mount(
+        RegistryConfigs,
+        mountOptions
+      );
+
+      const registry = wrapper.find('[data-testid^="registry-caBundle"]');
+
+      await registry.setValue('ssh key');
+      wrapper.vm.update();
+
+      expect(wrapper.emitted('updateConfigs')![0][0]['foo']['caBundle']).toBe('c3NoIGtleQ==');
+    });
+  });
+});