stackrox · pedrottimark · Sep 19, 2025 · Sep 15, 2025
@@ -202,7 +202,12 @@ function ClusterPage({ clusterId }: ClusterPageProps): ReactElement {
     function onChange(path: string, value: boolean | number | string) {
         // path can be a dot path to property like: tolerationsConfig.disabled
         setSelectedCluster((oldClusterSettings) => {
-            if (get(oldClusterSettings, path) === undefined) {
+            if (
+                get(oldClusterSettings, path) === undefined &&
+                path !== 'dynamicConfig.autoLockProcessBaselinesConfig.enabled'
+            ) {
+                // TODO delete if statement?
+                // Added exception above to set property if autoLockProcessBaselinesConfig is null.
                 return oldClusterSettings;
             }
 

@@ -12,6 +12,7 @@ import {
 
 import ExternalLink from 'Components/PatternFly/IconText/ExternalLink';
 import SelectSingle from 'Components/SelectSingle';
+import useFeatureFlags from 'hooks/useFeatureFlags';
 import useMetadata from 'hooks/useMetadata';
 import type { ClusterType, CompleteClusterConfig, DynamicClusterConfig } from 'types/cluster.proto';
 import { getVersionedDocs } from 'utils/versioning';
@@ -35,6 +36,10 @@ function DynamicConfigurationForm({
     helmConfig,
     isManagerTypeNonConfigurable,
 }: DynamicConfigurationFormProps) {
+    const { isFeatureFlagEnabled } = useFeatureFlags();
+    const isAutoLockProcessBaselinesEnabled = isFeatureFlagEnabled(
+        'ROX_AUTOLOCK_PROCESS_BASELINES'
+    );
     const { version } = useMetadata();
 
     const isLoggingSupported = clusterType === 'OPENSHIFT4_CLUSTER';
@@ -185,6 +190,30 @@ function DynamicConfigurationForm({
                     </Alert>
                 )}
             </FormGroup>
+            {isAutoLockProcessBaselinesEnabled && (
+                <FormGroup label="Automatically lock process baselines">
+                    <SelectSingle
+                        id="dynamicConfig.autoLockProcessBaselinesConfig.enabled"
+                        value={
+                            dynamicConfig.autoLockProcessBaselinesConfig?.enabled
+                                ? 'enabled'
+                                : 'disabled'
+                        }
+                        handleSelect={(id, value) => handleChange(id, value === 'enabled')}
+                        isDisabled={isManagerTypeNonConfigurable}
+                        isFullWidth={false}
+                    >
+                        <SelectOption value="enabled">Enabled</SelectOption>
+                        <SelectOption value="disabled">Disabled</SelectOption>
+                    </SelectSingle>
+                    <HelmValueWarning
+                        currentValue={dynamicConfig.autoLockProcessBaselinesConfig?.enabled}
+                        helmValue={
+                            helmConfig?.dynamicConfig?.autoLockProcessBaselinesConfig?.enabled
+                        }
+                    />
+                </FormGroup>
+            )}
         </Form>
     );
 }

@@ -70,21 +70,20 @@ const defaultNewClusterType = 'KUBERNETES_CLUSTER';
 const defaultCollectionMethod = 'CORE_BPF';
 
 export const newClusterDefault = {
-    id: undefined,
+    // TODO Add Cluster type and add missing properties?
+    id: undefined, // TODO empty string?
     name: '',
     type: defaultNewClusterType,
     mainImage: 'stackrox/main',
     collectorImage: 'stackrox/collector',
     centralApiEndpoint: 'central.stackrox:443',
     runtimeSupport: false,
     collectionMethod: defaultCollectionMethod,
-    DEPRECATEDProviderMetadata: null,
     admissionControllerEvents: true,
     admissionController: true, // default changed in 4.9
     admissionControllerUpdates: true, // default changed in 4.9
-    admissionControlFailOnError: false, // property added in 4.9 false means Fail open
-    DEPRECATEDOrchestratorMetadata: null,
-    status: undefined,
+    admissionControllerFailOnError: false, // property added in 4.9 false means Fail open
+    status: null,
     tolerationsConfig: {
         disabled: false,
     },
@@ -97,6 +96,8 @@ export const newClusterDefault = {
             disableBypass: false,
         },
         registryOverride: '',
+        disableAuditLogs: false,
+        autoLockProcessBaselinesConfig: null,
     },
     healthStatus: undefined,
     slimCollector: false,

@@ -77,10 +77,16 @@ export type StaticClusterConfig = {
     admissionControllerFailOnError: boolean;
 };
 
+export type AutoLockProcessBaselinesConfig = {
+    // More fields can be added later to control the feature at the namespace level
+    enabled: boolean;
+};
+
 export type DynamicClusterConfig = {
     admissionControllerConfig: AdmissionControllerConfig;
     registryOverride: string;
     disableAuditLogs: boolean;
+    autoLockProcessBaselinesConfig: AutoLockProcessBaselinesConfig | null;
 };
 
 // Encodes a complete cluster configuration minus ID/Name identifiers
@@ -117,7 +123,7 @@ export type Cluster = {
     admissionController: boolean;
     admissionControllerUpdates: boolean;
     admissionControllerEvents: boolean;
-    status: ClusterStatus;
+    status: ClusterStatus; // TODO fix errors so be able to add: | null
     dynamicConfig: DynamicClusterConfig;
     tolerationsConfig: TolerationsConfig;
     priority: string; // int64

@@ -4,6 +4,7 @@
 export type FeatureFlagEnvVar =
     | 'ROX_ACTIVE_VULN_MGMT'
     | 'ROX_ADMISSION_CONTROLLER_CONFIG'
+    | 'ROX_AUTOLOCK_PROCESS_BASELINES'
     | 'ROX_CLUSTERS_PAGE_MIGRATION_UI'
     | 'ROX_CUSTOMIZABLE_PLATFORM_COMPONENTS'
     | 'ROX_EXTERNAL_IPS'