portainer/api/cli/cli.go

package cli

import (
	"errors"
	"log"
	"time"

	portainer "github.com/portainer/portainer/api"

	"os"
	"path/filepath"
	"strings"

	"gopkg.in/alecthomas/kingpin.v2"
)

// Service implements the CLIService interface
type Service struct{}

var (
	errInvalidEndpointProtocol       = errors.New("Invalid environment protocol: Portainer only supports unix://, npipe:// or tcp://")
	errSocketOrNamedPipeNotFound     = errors.New("Unable to locate Unix socket or named pipe")
	errInvalidSnapshotInterval       = errors.New("Invalid snapshot interval")
	errAdminPassExcludeAdminPassFile = errors.New("Cannot use --admin-password with --admin-password-file")
)

// ParseFlags parse the CLI flags and return a portainer.Flags struct
func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
	kingpin.Version(version)

	flags := &portainer.CLIFlags{
		Addr:                      kingpin.Flag("bind", "Address and port to serve Portainer").Default(defaultBindAddress).Short('p').String(),
		AddrHTTPS:                 kingpin.Flag("bind-https", "Address and port to serve Portainer via https").Default(defaultHTTPSBindAddress).String(),
		TunnelAddr:                kingpin.Flag("tunnel-addr", "Address to serve the tunnel server").Default(defaultTunnelServerAddress).String(),
		TunnelPort:                kingpin.Flag("tunnel-port", "Port to serve the tunnel server").Default(defaultTunnelServerPort).String(),
		Assets:                    kingpin.Flag("assets", "Path to the assets").Default(defaultAssetsDirectory).Short('a').String(),
		Data:                      kingpin.Flag("data", "Path to the folder where the data is stored").Default(defaultDataDirectory).Short('d').String(),
		EndpointURL:               kingpin.Flag("host", "Environment URL").Short('H').String(),
		EnableEdgeComputeFeatures: kingpin.Flag("edge-compute", "Enable Edge Compute features").Bool(),
		NoAnalytics:               kingpin.Flag("no-analytics", "Disable Analytics in app (deprecated)").Bool(),
		TLS:                       kingpin.Flag("tlsverify", "TLS support").Default(defaultTLS).Bool(),
		TLSSkipVerify:             kingpin.Flag("tlsskipverify", "Disable TLS server verification").Default(defaultTLSSkipVerify).Bool(),
		TLSCacert:                 kingpin.Flag("tlscacert", "Path to the CA").Default(defaultTLSCACertPath).String(),
		TLSCert:                   kingpin.Flag("tlscert", "Path to the TLS certificate file").Default(defaultTLSCertPath).String(),
		TLSKey:                    kingpin.Flag("tlskey", "Path to the TLS key").Default(defaultTLSKeyPath).String(),
		HTTPDisabled:              kingpin.Flag("http-disabled", "Serve portainer only on https").Default(defaultHTTPDisabled).Bool(),
		SSL:                       kingpin.Flag("ssl", "Secure Portainer instance using SSL (deprecated)").Default(defaultSSL).Bool(),
		SSLCert:                   kingpin.Flag("sslcert", "Path to the SSL certificate used to secure the Portainer instance").String(),
		SSLKey:                    kingpin.Flag("sslkey", "Path to the SSL key used to secure the Portainer instance").String(),
		Rollback:                  kingpin.Flag("rollback", "Rollback the database store to the previous version").Bool(),
		SnapshotInterval:          kingpin.Flag("snapshot-interval", "Duration between each environment snapshot job").Default(defaultSnapshotInterval).String(),
		AdminPassword:             kingpin.Flag("admin-password", "Hashed admin password").String(),
		AdminPasswordFile:         kingpin.Flag("admin-password-file", "Path to the file containing the password for the admin user").String(),
		Labels:                    pairs(kingpin.Flag("hide-label", "Hide containers with a specific label in the UI").Short('l')),
		Logo:                      kingpin.Flag("logo", "URL for the logo displayed in the UI").String(),
		Templates:                 kingpin.Flag("templates", "URL to the templates definitions.").Short('t').String(),
	}

	kingpin.Parse()

	if !filepath.IsAbs(*flags.Assets) {
		ex, err := os.Executable()
		if err != nil {
			panic(err)
		}
		*flags.Assets = filepath.Join(filepath.Dir(ex), *flags.Assets)
	}

	return flags, nil
}

// ValidateFlags validates the values of the flags.
func (*Service) ValidateFlags(flags *portainer.CLIFlags) error {

	displayDeprecationWarnings(flags)

	err := validateEndpointURL(*flags.EndpointURL)
	if err != nil {
		return err
	}

	err = validateSnapshotInterval(*flags.SnapshotInterval)
	if err != nil {
		return err
	}

	if *flags.AdminPassword != "" && *flags.AdminPasswordFile != "" {
		return errAdminPassExcludeAdminPassFile
	}

	return nil
}

func displayDeprecationWarnings(flags *portainer.CLIFlags) {
	if *flags.NoAnalytics {
		log.Println("Warning: The --no-analytics flag has been kept to allow migration of instances running a previous version of Portainer with this flag enabled, to version 2.0 where enabling this flag will have no effect.")
	}

	if *flags.SSL {
		log.Println("Warning: SSL is enabled by default and there is no need for the --ssl flag. It has been kept to allow migration of instances running a previous version of Portainer with this flag enabled")
	}
}

func validateEndpointURL(endpointURL string) error {
	if endpointURL != "" {
		if !strings.HasPrefix(endpointURL, "unix://") && !strings.HasPrefix(endpointURL, "tcp://") && !strings.HasPrefix(endpointURL, "npipe://") {
			return errInvalidEndpointProtocol
		}

		if strings.HasPrefix(endpointURL, "unix://") || strings.HasPrefix(endpointURL, "npipe://") {
			socketPath := strings.TrimPrefix(endpointURL, "unix://")
			socketPath = strings.TrimPrefix(socketPath, "npipe://")
			if _, err := os.Stat(socketPath); err != nil {
				if os.IsNotExist(err) {
					return errSocketOrNamedPipeNotFound
				}
				return err
			}
		}
	}
	return nil
}

func validateSnapshotInterval(snapshotInterval string) error {
	if snapshotInterval != defaultSnapshotInterval {
		_, err := time.ParseDuration(snapshotInterval)
		if err != nil {
			return errInvalidSnapshotInterval
		}
	}
	return nil
}
refactor(api): API overhaul (#392) 2016-12-18 05:21:29 +00:00			`package cli`

			`import (`
refactor(errors): reorganize errors (#3938) * refactor(bolt): move ErrObjectNotFound to bolt * refactor(http): move ErrUnauthorized to http package * refactor(http): move ErrResourceAccessDenied to http errors * refactor(http): move security errors to package * refactor(users): move user errors to users package * refactor(errors): move single errors to their package * refactor(schedules): move schedule error to package * refactor(http): move endpoint error to http package * refactor(docker): move docker errors to package * refactor(filesystem): move filesystem errors to package * refactor(errors): remove portainer.Error * style(chisel): reorder imports * fix(stacks): remove portainer.Error 2020-07-07 21:57:52 +00:00			`"errors"`
feat(telemetry): replace GA with matomo (#4140) * feat(core/telemetry): add posthog * feat(core/telemetry): add posthog * feat(core/telemetry): add matomo * feat(core/telemetry): update matomo * feat(core/telemetry): update matomo * feat(core/telemetry): update matomo * feat(telemetry): remove google analytics code * refactor(telemetry): move matomo code to bundle * refactor(telemetry): move matomo lib to assets * refactor(telemetry): depreciate --no-analytics * feat(settings): introduce a setting to enable telemetry * fix(cli): fix typo * feat(settings): allow toggle telemetry from settings * fix(settings): handle case where AuthenticationMethod is missing * feat(admin): set telemetry on admin init * refactor(app); revert file * refactor(state-manager): move optout to state manager * feat(telemetry): set matomo url * feat(core/settings): minor UI update * feat(core/telemetry): update custom URL * feat(core/telemetry): add placeholder for privacy policy * feat(core/telemetry): add privacy policy link Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com> 2020-08-06 22:46:25 +00:00			`"log"`
feat(endpoints): add the ability to define endpoints from an external source 2017-02-06 05:29:34 +00:00			`"time"`

feat(logger): Init logrus [DTD-55] (#5232) 2021-08-03 23:26:22 +00:00			`portainer "github.com/portainer/portainer/api"`
refactor(api): API overhaul (#392) 2016-12-18 05:21:29 +00:00
			`"os"`
chore(build-system): make assets default relative, serve assets from assets/public (#1309) 2017-10-26 09:17:45 +00:00			`"path/filepath"`
refactor(api): API overhaul (#392) 2016-12-18 05:21:29 +00:00			`"strings"`
feat(global): multi endpoint management (#407) 2016-12-25 20:34:02 +00:00
			`"gopkg.in/alecthomas/kingpin.v2"`
refactor(api): API overhaul (#392) 2016-12-18 05:21:29 +00:00			`)`

			`// Service implements the CLIService interface`
			`type Service struct{}`

refactor(errors): reorganize errors (#3938) * refactor(bolt): move ErrObjectNotFound to bolt * refactor(http): move ErrUnauthorized to http package * refactor(http): move ErrResourceAccessDenied to http errors * refactor(http): move security errors to package * refactor(users): move user errors to users package * refactor(errors): move single errors to their package * refactor(schedules): move schedule error to package * refactor(http): move endpoint error to http package * refactor(docker): move docker errors to package * refactor(filesystem): move filesystem errors to package * refactor(errors): remove portainer.Error * style(chisel): reorder imports * fix(stacks): remove portainer.Error 2020-07-07 21:57:52 +00:00			`var (`
feat(ui):rename endpoint(s) to environment(s) EE-1206 (#5588) * rename endpoints to environments EE-1206 2021-09-08 08:42:17 +00:00			`errInvalidEndpointProtocol = errors.New("Invalid environment protocol: Portainer only supports unix://, npipe:// or tcp://")`
refactor(errors): reorganize errors (#3938) * refactor(bolt): move ErrObjectNotFound to bolt * refactor(http): move ErrUnauthorized to http package * refactor(http): move ErrResourceAccessDenied to http errors * refactor(http): move security errors to package * refactor(users): move user errors to users package * refactor(errors): move single errors to their package * refactor(schedules): move schedule error to package * refactor(http): move endpoint error to http package * refactor(docker): move docker errors to package * refactor(filesystem): move filesystem errors to package * refactor(errors): remove portainer.Error * style(chisel): reorder imports * fix(stacks): remove portainer.Error 2020-07-07 21:57:52 +00:00			`errSocketOrNamedPipeNotFound = errors.New("Unable to locate Unix socket or named pipe")`
			`errInvalidSnapshotInterval = errors.New("Invalid snapshot interval")`
			`errAdminPassExcludeAdminPassFile = errors.New("Cannot use --admin-password with --admin-password-file")`
refactor(api): API overhaul (#392) 2016-12-18 05:21:29 +00:00			`)`

			`// ParseFlags parse the CLI flags and return a portainer.Flags struct`
			`func (Service) ParseFlags(version string) (portainer.CLIFlags, error) {`
			`kingpin.Version(version)`

			`flags := &portainer.CLIFlags{`
feat(edge-compute): add flag to auto enable Edge compute features (#3922) 2020-06-16 07:55:45 +00:00			`Addr: kingpin.Flag("bind", "Address and port to serve Portainer").Default(defaultBindAddress).Short('p').String(),`
feat(server): use https by default (#5315) [EE-332] 2021-08-10 04:59:47 +00:00			`AddrHTTPS: kingpin.Flag("bind-https", "Address and port to serve Portainer via https").Default(defaultHTTPSBindAddress).String(),`
feat(edge-compute): add flag to auto enable Edge compute features (#3922) 2020-06-16 07:55:45 +00:00			`TunnelAddr: kingpin.Flag("tunnel-addr", "Address to serve the tunnel server").Default(defaultTunnelServerAddress).String(),`
			`TunnelPort: kingpin.Flag("tunnel-port", "Port to serve the tunnel server").Default(defaultTunnelServerPort).String(),`
			`Assets: kingpin.Flag("assets", "Path to the assets").Default(defaultAssetsDirectory).Short('a').String(),`
			`Data: kingpin.Flag("data", "Path to the folder where the data is stored").Default(defaultDataDirectory).Short('d').String(),`
feat(ui):rename endpoint(s) to environment(s) EE-1206 (#5588) * rename endpoints to environments EE-1206 2021-09-08 08:42:17 +00:00			`EndpointURL: kingpin.Flag("host", "Environment URL").Short('H').String(),`
feat(edge-compute): add flag to auto enable Edge compute features (#3922) 2020-06-16 07:55:45 +00:00			`EnableEdgeComputeFeatures: kingpin.Flag("edge-compute", "Enable Edge Compute features").Bool(),`
feat(core/cli): change analytics flag message (#4273) * feat(cli): remove no-analytics flag default value * feat(cli): hide no-analytics deprecation message when it's false 2020-08-26 11:58:19 +00:00			`NoAnalytics: kingpin.Flag("no-analytics", "Disable Analytics in app (deprecated)").Bool(),`
feat(edge-compute): add flag to auto enable Edge compute features (#3922) 2020-06-16 07:55:45 +00:00			`TLS: kingpin.Flag("tlsverify", "TLS support").Default(defaultTLS).Bool(),`
			`TLSSkipVerify: kingpin.Flag("tlsskipverify", "Disable TLS server verification").Default(defaultTLSSkipVerify).Bool(),`
			`TLSCacert: kingpin.Flag("tlscacert", "Path to the CA").Default(defaultTLSCACertPath).String(),`
			`TLSCert: kingpin.Flag("tlscert", "Path to the TLS certificate file").Default(defaultTLSCertPath).String(),`
			`TLSKey: kingpin.Flag("tlskey", "Path to the TLS key").Default(defaultTLSKeyPath).String(),`
feat(server): use https by default (#5315) [EE-332] 2021-08-10 04:59:47 +00:00			`HTTPDisabled: kingpin.Flag("http-disabled", "Serve portainer only on https").Default(defaultHTTPDisabled).Bool(),`
			`SSL: kingpin.Flag("ssl", "Secure Portainer instance using SSL (deprecated)").Default(defaultSSL).Bool(),`
			`SSLCert: kingpin.Flag("sslcert", "Path to the SSL certificate used to secure the Portainer instance").String(),`
			`SSLKey: kingpin.Flag("sslkey", "Path to the SSL key used to secure the Portainer instance").String(),`
feat(db): upgrade auto-backup backup and rollback support EE-867 EE-1158 (#5341) * backport migration EE code structure * filesystem copy function * set db status to updating before migration - reset on completion * support for auto-backup on version upgrade * - rollback cli flag support (with confirmation) - rollback implementation backport from EE * removed edition as it is not required in CE * migrated test datastore from bolttest to bolt package to make it usable for testing * backported failsafe migration * - backported tests from EE - refactored tests to use test datastore * test store implementing datastore interface * addressed PR issues/improvements * refactor test * added backup file removal error logging * resolved conflicts, updated code * fixed missing bolttest package - migrated to bolt * feat(migration): wrap migration errors to provide context for failure EE-1742 (#5711) * feat(migrator): wrap errors to provide more context to failures EE-1742 * add overall failure back in. diff log file * updated helm tests pointing to correct teststore Co-authored-by: Matt Hook <hookenz@gmail.com> 2021-09-27 00:52:50 +00:00			`Rollback: kingpin.Flag("rollback", "Rollback the database store to the previous version").Bool(),`
feat(ui):rename endpoint(s) to environment(s) EE-1206 (#5588) * rename endpoints to environments EE-1206 2021-09-08 08:42:17 +00:00			`SnapshotInterval: kingpin.Flag("snapshot-interval", "Duration between each environment snapshot job").Default(defaultSnapshotInterval).String(),`
feat(edge-compute): add flag to auto enable Edge compute features (#3922) 2020-06-16 07:55:45 +00:00			`AdminPassword: kingpin.Flag("admin-password", "Hashed admin password").String(),`
			`AdminPasswordFile: kingpin.Flag("admin-password-file", "Path to the file containing the password for the admin user").String(),`
			`Labels: pairs(kingpin.Flag("hide-label", "Hide containers with a specific label in the UI").Short('l')),`
			`Logo: kingpin.Flag("logo", "URL for the logo displayed in the UI").String(),`
			`Templates: kingpin.Flag("templates", "URL to the templates definitions.").Short('t').String(),`
refactor(api): API overhaul (#392) 2016-12-18 05:21:29 +00:00			`}`

			`kingpin.Parse()`
chore(build-system): make assets default relative, serve assets from assets/public (#1309) 2017-10-26 09:17:45 +00:00
			`if !filepath.IsAbs(*flags.Assets) {`
			`ex, err := os.Executable()`
			`if err != nil {`
			`panic(err)`
			`}`
			`flags.Assets = filepath.Join(filepath.Dir(ex), flags.Assets)`
			`}`

refactor(api): API overhaul (#392) 2016-12-18 05:21:29 +00:00			`return flags, nil`
			`}`

			`// ValidateFlags validates the values of the flags.`
			`func (Service) ValidateFlags(flags portainer.CLIFlags) error {`
refactor(api): refactor 2017-02-07 03:26:12 +00:00
feat(cli): add deprecation warnings (#3826) 2020-05-13 04:21:17 +00:00			`displayDeprecationWarnings(flags)`

feat(templates): remove template management features (#3719) * feat(api): remove template management features * feat(templates): remove template management features 2020-04-15 05:49:34 +00:00			`err := validateEndpointURL(*flags.EndpointURL)`
refactor(api): refactor 2017-02-07 03:26:12 +00:00			`if err != nil {`
			`return err`
			`}`

feat(home): add a new home view (#2033) 2018-07-11 08:39:20 +00:00			`err = validateSnapshotInterval(*flags.SnapshotInterval)`
			`if err != nil {`
			`return err`
			`}`

feat(cli): Allow adding admin password using docker secrets aka file (#1199) (#1214) 2017-09-25 16:13:56 +00:00			`if flags.AdminPassword != "" && flags.AdminPasswordFile != "" {`
			`return errAdminPassExcludeAdminPassFile`
			`}`

refactor(api): refactor 2017-02-07 03:26:12 +00:00			`return nil`
			`}`

feat(cli): add deprecation warnings (#3826) 2020-05-13 04:21:17 +00:00			`func displayDeprecationWarnings(flags *portainer.CLIFlags) {`
feat(core/cli): change analytics flag message (#4273) * feat(cli): remove no-analytics flag default value * feat(cli): hide no-analytics deprecation message when it's false 2020-08-26 11:58:19 +00:00			`if *flags.NoAnalytics {`
			`log.Println("Warning: The --no-analytics flag has been kept to allow migration of instances running a previous version of Portainer with this flag enabled, to version 2.0 where enabling this flag will have no effect.")`
feat(telemetry): replace GA with matomo (#4140) * feat(core/telemetry): add posthog * feat(core/telemetry): add posthog * feat(core/telemetry): add matomo * feat(core/telemetry): update matomo * feat(core/telemetry): update matomo * feat(core/telemetry): update matomo * feat(telemetry): remove google analytics code * refactor(telemetry): move matomo code to bundle * refactor(telemetry): move matomo lib to assets * refactor(telemetry): depreciate --no-analytics * feat(settings): introduce a setting to enable telemetry * fix(cli): fix typo * feat(settings): allow toggle telemetry from settings * fix(settings): handle case where AuthenticationMethod is missing * feat(admin): set telemetry on admin init * refactor(app); revert file * refactor(state-manager): move optout to state manager * feat(telemetry): set matomo url * feat(core/settings): minor UI update * feat(core/telemetry): update custom URL * feat(core/telemetry): add placeholder for privacy policy * feat(core/telemetry): add privacy policy link Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com> 2020-08-06 22:46:25 +00:00			`}`
feat(server): use https by default (#5315) [EE-332] 2021-08-10 04:59:47 +00:00
			`if *flags.SSL {`
			`log.Println("Warning: SSL is enabled by default and there is no need for the --ssl flag. It has been kept to allow migration of instances running a previous version of Portainer with this flag enabled")`
			`}`
feat(cli): add deprecation warnings (#3826) 2020-05-13 04:21:17 +00:00			`}`

fix(api): refactor TLS support (#1909) * refactor(api): refactor TLS support * feat(api): migrate endpoint data * refactor(api): remove unused code and rename functions * refactor(app): remove console.log statement 2018-05-19 14:25:11 +00:00			`func validateEndpointURL(endpointURL string) error {`
			`if endpointURL != "" {`
feat(api): Add npipe support (#2018) 2018-07-20 09:02:06 +00:00			`if !strings.HasPrefix(endpointURL, "unix://") && !strings.HasPrefix(endpointURL, "tcp://") && !strings.HasPrefix(endpointURL, "npipe://") {`
feat(cli): Allow setting admin password from CLI (#752) 2017-04-16 07:54:51 +00:00			`return errInvalidEndpointProtocol`
feat(global): multi endpoint management (#407) 2016-12-25 20:34:02 +00:00			`}`
refactor(api): API overhaul (#392) 2016-12-18 05:21:29 +00:00
feat(api): Add npipe support (#2018) 2018-07-20 09:02:06 +00:00			`if strings.HasPrefix(endpointURL, "unix://") \|\| strings.HasPrefix(endpointURL, "npipe://") {`
fix(api): refactor TLS support (#1909) * refactor(api): refactor TLS support * feat(api): migrate endpoint data * refactor(api): remove unused code and rename functions * refactor(app): remove console.log statement 2018-05-19 14:25:11 +00:00			`socketPath := strings.TrimPrefix(endpointURL, "unix://")`
feat(api): Add npipe support (#2018) 2018-07-20 09:02:06 +00:00			`socketPath = strings.TrimPrefix(socketPath, "npipe://")`
feat(global): multi endpoint management (#407) 2016-12-25 20:34:02 +00:00			`if _, err := os.Stat(socketPath); err != nil {`
			`if os.IsNotExist(err) {`
feat(api): Add npipe support (#2018) 2018-07-20 09:02:06 +00:00			`return errSocketOrNamedPipeNotFound`
feat(global): multi endpoint management (#407) 2016-12-25 20:34:02 +00:00			`}`
			`return err`
refactor(api): API overhaul (#392) 2016-12-18 05:21:29 +00:00			`}`
			`}`
			`}`
refactor(api): refactor 2017-02-07 03:26:12 +00:00			`return nil`
			`}`
refactor(api): API overhaul (#392) 2016-12-18 05:21:29 +00:00
feat(home): add a new home view (#2033) 2018-07-11 08:39:20 +00:00			`func validateSnapshotInterval(snapshotInterval string) error {`
			`if snapshotInterval != defaultSnapshotInterval {`
			`_, err := time.ParseDuration(snapshotInterval)`
			`if err != nil {`
			`return errInvalidSnapshotInterval`
			`}`
			`}`
			`return nil`
			`}`