[9614] Seccomp Profile added to POD and Container page of all Worklods | Pod Name Validation fixed

[marcelofukumoto]

Summary

Fixes #9614

• Added Seccomp Profile to the POD (create/edit) and Container (create/edit) Security Context
  • It contains 4 options
    • None, RuntimeDefault, Localhost, Unconfined
    • Some ref: https://kubernetes.io/docs/reference/node/seccomp/
      • Localhost has a second Input called Localhost Profile which is the Path of the file used
      • The new input requires a value (validation)
        • Added the (!) showing error for the Tab and the Security Context on the lsit
  • As default for POD the option selected is RuntimeDefault
  • As default for Container the option select is None
  • Those options are added to all Workloads
  • Pods cannot edit it (error)
    • But other workloads, they can
• Fixed a validation for the NAME of the POD [BUG-9614-1]
  • The validation for the "Create" button to be enabled was not considering NAME
• Fixed a bug where the YAML file got the config lost if changes the security context [BUG-9614-2]
• Merged the Security from Pod and Container, adding a conditional if container or pod.
• Change accessibility only for security context
  • Added focus on list click
  • Added some new texts for label
  • Fieldset added to the page

Occurred changes and/or fixed issues

#9614

• pkg/rancher-components/src/components/Form/Checkbox/Checkbox.vue - [ACCESSIBILITY] Added some focus for Checkbox and styles as well
• pkg/rancher-components/src/components/LabeledTooltip/LabeledTooltip.vue - [ACCESSIBILITY] Added Tooltip text to the Tooltip
• shell/assets/styles/base/_typography.scss - [ACCESSIBILITY] Changed Typography to use H3 style for Legend, so we can use Fieldset
• shell/assets/translations/en-us.yaml - Added new texts for the SeccompProfile fields, Added texts for accessibility, title for capabilities
• shell/components/form/LabeledSelect.vue - [ACCESSIBILITY] Added for the Value to be added to accessibility
• shell/components/form/SeccompProfile.vue - New component create to be reused on the Pod and Container pages to represent the SeccompProfile option
• shell/components/form/Security.vue - Changed UI to accept container and pod changes, changed Yes/No Radio to Checkbox
• shell/components/form/tests/LabeledSelect.test.ts - Test changed because of the label
• shell/components/form/tests/SeccompProfile.test.js - Added test for the new component
• shell/components/form/tests/Security.test.ts - Refactored to have more detailed tests
• shell/edit/workload/tests/index.test.ts - Removed podFsGroup, not using anymore on the new structure
• shell/edit/workload/index.vue - Security Context of the pod
• shell/edit/workload/mixins/workload.js - Logic of the workload, added validation logics for the new Seccomp fields
• shell/models/pod.js - Added the missing custom validation for the name on the pod model [BUG-9614-1]

Technical notes summary

• The Update of the security context of the pod happens at the shell/edit/workload/mixins/workload.js for the podFsGroup. I could use the same place to update the changes on the SeccompProfile, but I decided to pass the podTemplateSpec directly to the Pod
• I made sure that the YAML file is not rewritten when changing security context for containers (pod seems ok) [BUG-9614-2]

Areas or cases that should be tested

• All workloads CREATE for POD and CONTAINERS
• All workloads EDIT for POD and CONTAINER
• Test cases on the PDF
  Issue 9614 - 2.pdf

Areas which could experience regressions

• Create and Edit for POD and CONTAINER were edited
• Since there was many changes to the page structure, Security Context needs to be texted throughly

Screenshot/Video

• Test results on the PDF
  Issue 9614 - 2.pdf
  Issue 9614 - 2 - UI Check.pdf

Checklist

• The PR is linked to an issue and the linked issue has a Milestone, or no issue is needed
• The PR has a Milestone
• The PR template has been filled out
• The PR has been self reviewed
• The PR has a reviewer assigned
• The PR has automated tests or clear instructions for manual tests and the linked issue has appropriate QA labels, or tests are not needed
• The PR has reviewed with UX and tested in light and dark mode, or there are no UX changes
• The PR has been reviewed in terms of Accessibility
• The PR has considered, and if applicable tested with, the three Global Roles Admin, Standard User and User Base

[richard-cox]

Just a few minor questions and requests, otherwise looking good

[richard-cox]

how come the image has been removed (not needed?) and localHostProfile added? i would have though it's both or neither?

[marcelofukumoto]

It moved to the allContainers() at line 433.
Before the validation of the "image" was only applying to the "current" container showing, there was only ONE validation for it, and so it was bugged.
The correct is to apply the validation of the "image" for each container separately, so here it has been removed and added to the containers" validation.

[richard-cox]

Gotcha.

Missed this the first time around, generally we should avoid adding properties to the resource we will eventually save (that container.error object). Normally they would get persisted when the object is saved, but i think kube now sends a warning back. These are a bit different though

1. There's already an error object, so the issue exists already
2. The only way to produce the bug is to setup the form such that the errors exist --> edit as yaml --> save. This isn't something we would expect to happen often

Given above lets keep as is for the moment

[richard-cox]

There's the _init as well (not changed by this PR), which in theory i think we strip before sending. Not sure

[marcelofukumoto]

Thanks! Interesting to know. I just followed the same way that the Container Image was being done.
So to use the "spec" to control the UI is never a good idea. I think that happens on the computed "allContainers" which means that if we just use an UI Helper for the errors instead of using the "spec" would fix this problem.

As you said, it is already an issue now. Let's discuss, would be great to have an "issue" to track this one. But I think with the form changes, maybe the logic will disappear as well.

[richard-cox]

I think @mantis-toboggan-md is doing some work on the new form work which will be used an example for all new (and at some point existing) forms.

If we go with the fieldset + legend pattern it would be good to also do it there. If we're not sure can you bring up in the next demo session?

[marcelofukumoto]

That seems like a good idea to share about it and why we should use fieldset + legends.
Instead of demo session, maybe we can have a meeting between us(me, you and @mantis-toboggan-md) first and discuss about it. Than after we got agreement or direction we can share on the demo.

[richard-cox]

Ok, we can shortcut and start a slack discussion in our team channel? I think it should be easy to get consensus there. Should be straight forward if Alex and myself are onboard

[marcelofukumoto]

Changed applied as requested:
shell/assets/translations/en-us.yaml - Added localisation text
shell/components/form/Security.vue - Added _EDIT and new const FORM_TYPES created
shell/components/form/tests/Security.test.ts - Fixed test to use FORM_TYPES (this one since they are tests, I think would make sense to keep them as string
shell/edit/workload/index.vue - Changed to use FORM_TYPES
shell/edit/workload/mixins/workload.js - Added comments for the fvFormRulesets[0] to explain the details of implementation and changed the localisation

---

Merged master to fix conflict