@@ -541,7 +564,7 @@
{{'service.SWITCH_MODE' | translate | capitalizeEach}}
diff --git a/admin/webapp/root/app_src/i18n/en/en.json b/admin/webapp/root/app_src/i18n/en/en.json
index d5e7ea5ee..6e4dd7eb5 100755
--- a/admin/webapp/root/app_src/i18n/en/en.json
+++ b/admin/webapp/root/app_src/i18n/en/en.json
@@ -1869,6 +1869,11 @@
"SELECT_ALL_ALERT": "The selection contains 'nodes' group. Please confirm if you want to switch this group to ",
"SWITCH_MODE_DISABLED": "Policy mode in following {{noModeGroupCount}} group(s) cannot be switched.",
"SCORED_DISABLED": "Cannot turn on/off scorable attribute for one or more currently selected groups.",
+ "ZERODRIFT_COMMENT": "Enable/disable automated protection that prevents processes and file system drift for selected groups.",
+ "ZERO_DRIFT_HINT": "To disable zeroDrift we need switch the mode to discover",
+ "ZERO_DRIFT": "Zero Drift",
+ "NO_CHANGE": "No Change",
+ "BASIC": "Basic",
"MODE_NODES": " mode or unselect it.",
"SWITCH_SCORABLE": "Scorable",
"RESPONSE_RULES": "Response rules",
@@ -2695,7 +2700,7 @@
"WEBHOOKS": "Webhooks",
"CLUSTER": "Cluster",
"CLUSTER_COMMENT": "Used to identify the cluster in notifications",
- "ZERODRIFT_COMMENT": "For new Groups, enable/disable automated process and file protections based drift detection from the original image.",
+ "ZERODRIFT_COMMENT": "Enable/disable automated protection that prevents processes and file system drift for new groups.",
"CLUSTER_NAME": "Cluster Name:",
"SERVER": "Server",
"PROTOCOL": "Protocol",
@@ -2737,10 +2742,10 @@
"IMPORT_FAILED": "Import failed ",
"NEW_SERVICE_POLICY_MODE": "Default mode for new services",
"NEW_SERVICE": "New Services Mode",
- "NEW_SERVICE_COMMENT": "The default services mode for new Groups detected which have not been previously learned or configured.",
+ "NEW_SERVICE_COMMENT": "The default policy mode for new groups that have not been previously detected.",
"NET_SERVICE_POLICY_MODE": "Network Service Policy Mode",
"MODE_AUTO_SWITCH": "Service Group Mode Automation",
- "MODE_AUTO_SWITCH_HINT": "Promotes a Group’s protection Mode based on elapsed time and criteria. Does not apply to CRD created Groups.",
+ "MODE_AUTO_SWITCH_HINT": "Promote groups' policy mode automatically. This does not affect CRD created groups.",
"D2M": "Discover to Monitor",
"M2P": "Monitor to Protect",
"D2M_HINT": "Criteria: Elapsed time for learning all network and process activity of at least one live pod in the Group.",
@@ -2820,7 +2825,7 @@
"OPENID": "Configure single sign on using OpenID Connect.",
"ENABLED_NET_POLICY_MODE": "The selected policy mode will apply globally to the network rules for all groups, and each Group’s individual policy mode will only apply to process and file rules.",
"ENABLED_NET_POLICY_MODE_GROUP": " mode will apply globally to the network rules for all groups, and each Group’s individual policy mode will only apply to process and file rules.",
- "DISABLED_NET_POLICY_MODE": "Per group level policy mode will apply to network rules, process and file rules"
+ "DISABLED_NET_POLICY_MODE": "Set the network policy mode at the global level"
}
},
"ldap": {
diff --git a/admin/webapp/root/app_src/i18n/zh_cn/zh_cn.json b/admin/webapp/root/app_src/i18n/zh_cn/zh_cn.json
index 2d9d9dcc6..987cbb2d7 100644
--- a/admin/webapp/root/app_src/i18n/zh_cn/zh_cn.json
+++ b/admin/webapp/root/app_src/i18n/zh_cn/zh_cn.json
@@ -1868,6 +1868,11 @@
"SELECT_ALL_ALERT": "已选组里含有 \"nodes\" 组, 请确认是否将此组切换成",
"SWITCH_MODE_DISABLED": "以下{{noModeGroupCount}}组上策略模式不能被切换",
"SCORED_DISABLED": "在一些现在选中的组上评分属性不能被开关",
+ "ZERODRIFT_COMMENT": "启用/禁用防止选定组的进程和文件系统漂移的自动保护.",
+ "ZERO_DRIFT_HINT": "禁用ZeroDrift时需要将模式转换为学习",
+ "ZERO_DRIFT": "Zero Drift",
+ "NO_CHANGE": "不更改",
+ "BASIC": "基本",
"MODE_NODES": "模式或者不选择此组的。",
"SWITCH_SCORABLE": "参与评分",
"RESPONSE_RULES": "响应规则",
@@ -2694,7 +2699,7 @@
"WEBHOOK": "网络挂接",
"CLUSTER": "集群",
"CLUSTER_COMMENT": "用于在通知里识别集群",
- "ZERODRIFT_COMMENT": "对于新的组, 启用/禁用基于从原始镜像Drift检测自动处理和文件保护.",
+ "ZERODRIFT_COMMENT": "启用/禁用防止新建组的进程和文件系统漂移的自动保护.",
"CLUSTER_NAME": "集群名:",
"SERVER": "服务器",
"PROTOCOL": "协议",
@@ -2736,10 +2741,10 @@
"IMPORT_FAILED": "输入失败 ",
"NEW_SERVICE_POLICY_MODE": "新增服务的策略模式",
"NEW_SERVICE": "新增服务",
- "NEW_SERVICE_COMMENT": "为检测出之前没有学习或配置的新组的默认服务模式.",
+ "NEW_SERVICE_COMMENT": "新建组的默认策略模式没有被提前监测到.",
"NET_SERVICE_POLICY_MODE": "网络服务策略模式",
"MODE_AUTO_SWITCH": "服务组模式自动化",
- "MODE_AUTO_SWITCH_HINT": "基于消耗时间和条件的升级组的保护模式. 它不应用于CRD创建的组.",
+ "MODE_AUTO_SWITCH_HINT": "自动升级组的策略模式. 这不会影响CRD创建的组.",
"D2M": "学习模式到监视模式",
"M2P": "监视模式到保护模式",
"D2M_HINT": "条件: 学习全部网络的消耗时间和至少组里的一个活跃Pod处理活动.",
@@ -2819,7 +2824,7 @@
"OPENID": "用OpenID Connect配置单一登录.",
"ENABLED_NET_POLICY_MODE": "选定的策略模式将全局地应用于所有组的网络规则上, 每个组各自的策略模式将只应用于进程和文件规则上.",
"ENABLED_NET_POLICY_MODE_GROUP": "模式将全局地应用于所有组的网络规则上, 每个组各自的策略模式将只应用于进程和文件规则上.",
- "DISABLED_NET_POLICY_MODE": "各组的策略模式将应用在网络规则,进程及文件规则上"
+ "DISABLED_NET_POLICY_MODE": "在全局级别设置网络策略模式"
}
},
"ldap": {
diff --git a/admin/webapp/root/app_src/js/nv/security/groupController.js b/admin/webapp/root/app_src/js/nv/security/groupController.js
index 795525ffc..8b0243bd3 100644
--- a/admin/webapp/root/app_src/js/nv/security/groupController.js
+++ b/admin/webapp/root/app_src/js/nv/security/groupController.js
@@ -2905,29 +2905,35 @@
};
function getMessage(id) {
- if (id.zeroDrift !== "basic") {
- return (
- $translate.instant("topbar.mode.SWITCH") +
+ let msgArray = [];
+ if (id.mode !== "") {
+ msgArray.push(
$translate.instant("enum." + id.mode.toUpperCase()) +
- $translate.instant("topbar.mode.MODE") +
- " - " + $translate.instant("enum." + id.zeroDrift.split("-").join("").toUpperCase()) +
- "?"
+ $translate.instant("topbar.mode.MODE")
);
}
- return (
- $translate.instant("topbar.mode.SWITCH") +
- $translate.instant("enum." + id.mode.toUpperCase()) +
- $translate.instant("topbar.mode.MODE") +
- "?"
- );
+ if (id.zeroDrift === "zero-drift") {
+ msgArray.push(
+ $translate.instant("enum." + id.zeroDrift.split("-").join("").toUpperCase())
+ );
+ }
+ return `${$translate.instant("topbar.mode.SWITCH")} ${msgArray.join(", ")}?`
}
function getMessage4NodesSelected(id) {
- return (
- $translate.instant("group.SELECT_ALL_ALERT") +
- $translate.instant("enum." + id.toUpperCase()) +
- $translate.instant("group.MODE_NODES")
- );
+ let msgArray = [];
+ if (id.mode !== "") {
+ msgArray.push(
+ $translate.instant("enum." + id.mode.toUpperCase()) +
+ $translate.instant("topbar.mode.MODE")
+ );
+ }
+ if (id.zeroDrift === "zero-drift") {
+ msgArray.push(
+ $translate.instant("enum." + id.zeroDrift.split("-").join("").toUpperCase())
+ );
+ }
+ return `${$translate.instant("group.SELECT_ALL_ALERT")} ${msgArray.join(", ")}.`;
}
const suppressShowNodesAlerts = function(mode, nodesGroup) {
@@ -3001,7 +3007,7 @@
const selectNodesAlert = function(cb, mode, nodesGroup) {
if (!suppressShowNodesAlerts(mode, nodesGroup)) {
- Alertify.confirm(getMessage4NodesSelected(mode.mode)).then(
+ Alertify.confirm(getMessage4NodesSelected(mode)).then(
function onOk() {
cb(mode, true);
},
@@ -3015,8 +3021,16 @@
const switchAllMode = function(mode, isAlerted) {
const switchAll = function(mode) {
$scope.isSwitchingMode = true;
+ let payload = {};
+ if (mode.zeroDrift !== "no-change") {
+ payload = Object.assign({baseline_profile: mode.zeroDrift}, payload);
+ }
+ if (mode.mode !== "") {
+ payload = Object.assign({policy_mode: mode.mode}, payload);
+ }
+ console.log("payload on switchAllMode:", payload);
$http
- .patch(SERVICE_ALL, { policy_mode: mode.mode, baseline_profile: mode.zeroDrift })
+ .patch(SERVICE_ALL, payload)
.then(function() {
Alertify.set({ delay: ALERTIFY_SUCCEED_DELAY });
Alertify.success($translate.instant("service.ALL_SUBMIT_OK"));
@@ -3061,10 +3075,17 @@
: element.name;
});
$scope.isSwitchingMode = true;
- let data = {
- config: { services: serviceList, policy_mode: mode.mode, baseline_profile: mode.zeroDrift }
- };
- data = pako.gzip(JSON.stringify(data));
+ let payload = {services: serviceList};
+ if (mode.zeroDrift !== "no-change") {
+ payload = Object.assign({baseline_profile: mode.zeroDrift}, payload);
+ }
+ if (mode.mode !== "") {
+ payload = Object.assign({policy_mode: mode.mode}, payload);
+ }
+
+ console.log("payload on switchSomeMode:", payload);
+
+ let data = pako.gzip(JSON.stringify({config: payload}));
data = new Blob([data], {type: 'application/gzip'});
let config = {
headers: {
@@ -3725,7 +3746,7 @@
$scope.updateServiceMode = function() {
$mdDialog.hide();
- $scope.switch.mode = $scope.switch.mode.charAt(0).toUpperCase() + $scope.switch.mode.slice(1);
+ $scope.switch.mode = $scope.switch.mode ? $scope.switch.mode.charAt(0).toUpperCase() + $scope.switch.mode.slice(1) : "";
callback($scope.switch);
};
@@ -3742,15 +3763,32 @@
};
$scope.getDefaultBaseline = function(baselineCount) {
- if (baselineCount["zerodrift"] !== 0 && baselineCount["basic"] == 0) {
+ if (baselineCount["zerodrift"] !== 0 && baselineCount["basic"] === 0) {
return "zero-drift";
- } else {
+ } else if (baselineCount["zerodrift"] === 0 && baselineCount["basic"] !== 0) {
return "basic";
+ } else {
+ return "no-change";
+ }
+ };
+
+ $scope.switchZeroDrift = () => {
+ if (!canCauseViolatedSwitch) return;
+ $scope.zeroDriftHint = "";
+ $scope.isViolatedSwitch = false;
+ if ($scope.switch.zeroDrift === 'basic') {
+ if ($scope.switch.mode !== 'discover') {
+ $scope.zeroDriftHint = $translate.instant('group.ZERO_DRIFT_HINT');
+ $scope.switch.mode = 'discover';
+ $scope.isViolatedSwitch = true;
+ }
}
};
$scope.switch.mode = $scope.getDefaultMode(counts.modeCount);
$scope.switch.zeroDrift = $scope.getDefaultBaseline(counts.baselineCount);
+ $scope.showNoChange = $scope.switch.zeroDrift === "no-change";
+ let canCauseViolatedSwitch = ($scope.switch.zeroDrift === 'zero-drift' || $scope.showNoChange) && $scope.switch.mode !== 'discover';
}
}