/** * Copyright (c) OpenLens Authors. All rights reserved. * Licensed under MIT License. See LICENSE in root directory for more information. */ import "./pod-security-policy-details.scss"; import React from "react"; import { observer } from "mobx-react"; import { DrawerItem, DrawerTitle } from "../drawer"; import type { KubeObjectDetailsProps } from "../kube-object-details"; import { PodSecurityPolicy } from "../../../common/k8s-api/endpoints"; import { Badge } from "../badge"; import { Table, TableCell, TableHead, TableRow } from "../table"; import { KubeObjectMeta } from "../kube-object-meta"; import logger from "../../../common/logger"; export interface PodSecurityPolicyDetailsProps extends KubeObjectDetailsProps { } interface RuleGroup { rule: string; ranges?: { max: number; min: number; }[]; } @observer export class PodSecurityPolicyDetails extends React.Component { renderRuleGroup( title: React.ReactNode, group: RuleGroup) { if (!group) return null; const { rule, ranges } = group; return ( <> {rule} {ranges && ( {ranges.map(({ min, max }, index) => { return ; })} )} ); } render() { const { object: psp } = this.props; if (!psp) { return null; } if (!(psp instanceof PodSecurityPolicy)) { logger.error("[PodSecurityPolicyDetails]: passed object that is not an instanceof PodSecurityPolicy", psp); return null; } const { allowedHostPaths, allowedCapabilities, allowedCSIDrivers, allowedFlexVolumes, allowedProcMountTypes, allowedUnsafeSysctls, allowPrivilegeEscalation, defaultAddCapabilities, forbiddenSysctls, fsGroup, hostIPC, hostNetwork, hostPID, hostPorts, privileged, readOnlyRootFilesystem, requiredDropCapabilities, runAsGroup, runAsUser, runtimeClass, seLinux, supplementalGroups, volumes, } = psp.spec; return (
{allowedCapabilities && ( {allowedCapabilities.join(", ")} )} {volumes && ( {volumes.join(", ")} )} {allowedCSIDrivers && ( {allowedCSIDrivers.map(({ name }) => name).join(", ")} )} {allowedFlexVolumes && ( {allowedFlexVolumes.map(({ driver }) => driver).join(", ")} )} {allowedProcMountTypes && ( {allowedProcMountTypes.join(", ")} )} {allowedUnsafeSysctls && ( {allowedUnsafeSysctls.join(", ")} )} {forbiddenSysctls && ( {forbiddenSysctls.join(", ")} )} {allowPrivilegeEscalation ? "Yes" : "No"} {privileged ? "Yes" : "No"} {readOnlyRootFilesystem ? "Yes" : "No"} {defaultAddCapabilities && ( {defaultAddCapabilities.join(", ")} )} {requiredDropCapabilities && ( {requiredDropCapabilities.join(", ")} )} {hostIPC ? "Yes" : "No"} {hostNetwork ? "Yes" : "No"} {hostPID ? "Yes" : "No"} {hostPorts && ( {hostPorts.map(({ min, max }, index) => { return ; })} )} {allowedHostPaths && ( <> Path Prefix Read-only { allowedHostPaths.map(({ pathPrefix, readOnly }, index) => ( {pathPrefix} {readOnly ? "Yes" : "No"} )) }
)} {this.renderRuleGroup("Fs Group", fsGroup)} {this.renderRuleGroup("Run As Group", runAsGroup)} {this.renderRuleGroup("Run As User", runAsUser)} {this.renderRuleGroup("Supplemental Groups", supplementalGroups)} {runtimeClass && ( <> {runtimeClass.allowedRuntimeClassNames?.join(", ") || "-"} {runtimeClass.defaultRuntimeClassName || "-"} )} {seLinux && ( <> {seLinux.rule} {seLinux.seLinuxOptions && ( <> {seLinux.seLinuxOptions.level} {seLinux.seLinuxOptions.role} {seLinux.seLinuxOptions.type} {seLinux.seLinuxOptions.user} )} )}
); } }