Add agent tls mode to global settings (rancher#11287)

* Add agent tls mode to global settings * Update shell/assets/translations/en-us.yaml Co-authored-by: Richard Cox <[email protected]> * Move agent test to avoid issues with _ and local for cluster name based on previous test --------- Co-authored-by: Richard Cox <[email protected]> Co-authored-by: Neil MacDougall <[email protected]>
rak-phillip · Jun 28, 2024 · 6aeadc3 · 6aeadc3
1 parent 6bf0813
commit 6aeadc3
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 2 deletions.
diff --git a/cypress/e2e/tests/pages/global-settings/settings.spec.ts b/cypress/e2e/tests/pages/global-settings/settings.spec.ts
@@ -258,6 +258,34 @@ describe('Settings', { testIsolation: 'off' }, () => {
     settingsPage.settingsValue('auth-token-max-ttl-minutes').contains(settings['auth-token-max-ttl-minutes'].original);
   });
 
+  it('can update agent-tls-mode', { tags: ['@globalSettings', '@adminUser'] }, () => {
+    // Update setting
+    SettingsPagePo.navTo();
+    settingsPage.editSettingsByLabel('agent-tls-mode');
+
+    const settingsEdit = settingsPage.editSettings('local', 'agent-tls-mode');
+
+    settingsEdit.waitForPage();
+    settingsEdit.title().contains('Setting: agent-tls-mode').should('be.visible');
+    settingsEdit.selectSettingsByLabel('System Store');
+    settingsEdit.saveAndWait('agent-tls-mode');
+    settingsPage.waitForPage();
+    settingsPage.settingsValue('agent-tls-mode').contains('System Store');
+
+    // Reset
+    SettingsPagePo.navTo();
+    settingsPage.waitForPage();
+    settingsPage.editSettingsByLabel('agent-tls-mode');
+
+    settingsEdit.waitForPage();
+    settingsEdit.title().contains('Setting: agent-tls-mode').should('be.visible');
+    settingsEdit.useDefaultButton().click();
+    settingsEdit.saveAndWait('agent-tls-mode');
+
+    settingsPage.waitForPage();
+    settingsPage.settingsValue('agent-tls-mode').contains('Strict');
+  });
+
   it('can update kubeconfig-default-token-ttl-minutes', { tags: ['@globalSettings', '@adminUser'] }, () => {
     // Update setting
     SettingsPagePo.navTo();

diff --git a/shell/assets/translations/en-us.yaml b/shell/assets/translations/en-us.yaml
@@ -7331,6 +7331,9 @@ advancedSettings:
     'ui-default-landing': 'The default page users land on after login.'
     'brand': Folder name for an alternative theme defined in '/assets/brand'
     'hide-local-cluster': Hide the local cluster
+    'agent-tls-mode': "Rancher Certificate Verification. In `strict` mode the agents (system, cluster, fleet, etc) will only trust Rancher installations which are using a certificate signed by the CABundle in the `cacerts` setting. When the mode is system-store, the agents will trust any certificate signed by a CABundle in the operating system’s trust store."
+  warnings:
+    'agent-tls-mode': 'Changing this setting will cause all agents to be redeployed.'
   editHelp:
     'ui-banners': This setting takes a JSON object containing 3 root parameters; <code>banner</code>, <code>showHeader</code>, <code>showFooter</code>. <code>banner</code> is an object containing; <code>textColor</code>, <code>background</code>, and <code>text</code>, where <code>textColor</code> and <code>background</code> are any valid CSS color value.
   enum:
@@ -7353,6 +7356,9 @@ advancedSettings:
       info: Info
       debug: Debug
       trace: Trace
+    'agent-tls-mode':
+      strict: 'Strict'
+      system-store: 'System Store'
 
 featureFlags:
   label: Feature Flags

diff --git a/shell/config/settings.ts b/shell/config/settings.ts
@@ -20,7 +20,8 @@ interface GlobalSetting {
     /**
      * Function used from the form validation
      */
-     ruleSet?: GlobalSettingRuleset[],
+    ruleSet?: GlobalSettingRuleset[],
+    warning?: string
   };
 }
 
@@ -96,8 +97,9 @@ export const SETTING = {
   FLEET_AGENT_DEFAULT_AFFINITY:         'fleet-agent-default-affinity',
   /**
    * manage rancher repositories in extensions (official, partners repos)
-   */
+  */
   ADD_EXTENSION_REPOS_BANNER_DISPLAY:   'display-add-extension-repos-banner',
+  AGENT_TLS_MODE:                       'agent-tls-mode',
   /**
    * User retention settings
    */
@@ -158,6 +160,11 @@ export const ALLOWED_SETTINGS: GlobalSetting = {
     options: ['prompt', 'in', 'out']
   },
   [SETTING.HIDE_LOCAL_CLUSTER]: { kind: 'boolean' },
+  [SETTING.AGENT_TLS_MODE]:     {
+    kind:    'enum',
+    options: ['strict', 'system-store'],
+    warning: 'agent-tls-mode'
+  },
 };
 
 /**

diff --git a/shell/edit/management.cattle.io.setting.vue b/shell/edit/management.cattle.io.setting.vue
@@ -79,6 +79,10 @@ export default {
       return isServerUrl(this.value.id) && isLocalhost(this.value.value);
     },
 
+    showWarningBanner() {
+      return this.setting?.warning;
+    },
+
     validationPassed() {
       return this.fvFormIsValid && this.fvGetPathErrors(['value']).length === 0;
     }
@@ -141,6 +145,13 @@ export default {
     @finish="saveSettings"
     @cancel="done"
   >
+    <Banner
+      v-if="showWarningBanner"
+      color="warning"
+      :label="t(`advancedSettings.warnings.${ setting.warning }`)"
+      data-testid="advanced_settings_warning_banner"
+    />
+
     <h4>{{ description }}</h4>
 
     <h5