github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

feat(k8s/advanced-deployment): allow standard users to see and use advanced deployment feature EE-446 (#5050)

pull/5201/head
Alice Groux 2021-06-16 07:28:44 +02:00 committed by GitHub
parent 0b93714de4
commit 7f96220a09
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api/http/handler/stacks/stack_create.go
View File

@ -14,9 +14,9 @@ import (
portainer "github.com/portainer/portainer/api" portainer "github.com/portainer/portainer/api"
bolterrors "github.com/portainer/portainer/api/bolt/errors" bolterrors "github.com/portainer/portainer/api/bolt/errors"
gittypes "github.com/portainer/portainer/api/git/types" gittypes "github.com/portainer/portainer/api/git/types"
httperrors "github.com/portainer/portainer/api/http/errors"
"github.com/portainer/portainer/api/http/security" "github.com/portainer/portainer/api/http/security"
"github.com/portainer/portainer/api/internal/authorization" "github.com/portainer/portainer/api/internal/authorization"
"github.com/portainer/portainer/api/internal/endpointutils"
"github.com/portainer/portainer/api/internal/stackutils" "github.com/portainer/portainer/api/internal/stackutils"
) )
@ -78,7 +78,7 @@ func (handler *Handler) stackCreate(w http.ResponseWriter, r *http.Request) *htt
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find an endpoint with the specified identifier inside the database", err} return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find an endpoint with the specified identifier inside the database", err}
} }
if !endpoint.SecuritySettings.AllowStackManagementForRegularUsers { if endpointutils.IsDockerEndpoint(endpoint) && !endpoint.SecuritySettings.AllowStackManagementForRegularUsers {
securityContext, err := security.RetrieveRestrictedRequestContext(r) securityContext, err := security.RetrieveRestrictedRequestContext(r)
if err != nil { if err != nil {
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user info from request context", err} return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user info from request context", err}
@ -112,10 +112,6 @@ func (handler *Handler) stackCreate(w http.ResponseWriter, r *http.Request) *htt
case portainer.DockerComposeStack: case portainer.DockerComposeStack:
return handler.createComposeStack(w, r, method, endpoint, tokenData.ID) return handler.createComposeStack(w, r, method, endpoint, tokenData.ID)
case portainer.KubernetesStack: case portainer.KubernetesStack:
if tokenData.Role != portainer.AdministratorRole {
return &httperror.HandlerError{http.StatusForbidden, "Access denied", httperrors.ErrUnauthorized}
}
return handler.createKubernetesStack(w, r, endpoint) return handler.createKubernetesStack(w, r, endpoint)
} }

14
api/internal/endpointutils/endpointutils.go
View File

@ -9,3 +9,17 @@ import (
func IsLocalEndpoint(endpoint *portainer.Endpoint) bool { func IsLocalEndpoint(endpoint *portainer.Endpoint) bool {
return strings.HasPrefix(endpoint.URL, "unix://") || strings.HasPrefix(endpoint.URL, "npipe://") || endpoint.Type == 5 return strings.HasPrefix(endpoint.URL, "unix://") || strings.HasPrefix(endpoint.URL, "npipe://") || endpoint.Type == 5
} }
// IsKubernetesEndpoint returns true if this is a kubernetes endpoint
func IsKubernetesEndpoint(endpoint *portainer.Endpoint) bool {
return endpoint.Type == portainer.KubernetesLocalEnvironment ||
endpoint.Type == portainer.AgentOnKubernetesEnvironment ||
endpoint.Type == portainer.EdgeAgentOnKubernetesEnvironment
}
// IsDockerEndpoint returns true if this is a docker endpoint
func IsDockerEndpoint(endpoint *portainer.Endpoint) bool {
return endpoint.Type == portainer.DockerEnvironment ||
endpoint.Type == portainer.AgentOnDockerEnvironment ||
endpoint.Type == portainer.EdgeAgentOnDockerEnvironment
}

2
app/kubernetes/templates/advancedDeploymentPanel.html
View File

@ -2,7 +2,7 @@
<span class="small"> <span class="small">
<p class="text-muted"> <p class="text-muted">
<i class="fa fa-info-circle blue-icon" aria-hidden="true" style="margin-right: 2px;"></i> <i class="fa fa-info-circle blue-icon" aria-hidden="true" style="margin-right: 2px;"></i>
As an administrator user, you have access to the advanced deployment feature allowing you to deploy any Kubernetes manifest inside your cluster. Advanced deployment allows you to deploy any Kubernetes manifest inside your cluster.
</p> </p>
<p> <p>
<button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.deploy"> <i class="fa fa-file-code space-right" aria-hidden="true"></i>Advanced deployment </button> <button type="button" class="btn btn-sm btn-primary" ui-sref="kubernetes.deploy"> <i class="fa fa-file-code space-right" aria-hidden="true"></i>Advanced deployment </button>

2
app/kubernetes/views/applications/applications.html
View File

@ -5,7 +5,7 @@
<kubernetes-view-loading view-ready="ctrl.state.viewReady"></kubernetes-view-loading> <kubernetes-view-loading view-ready="ctrl.state.viewReady"></kubernetes-view-loading>
<div ng-if="ctrl.state.viewReady"> <div ng-if="ctrl.state.viewReady">
<div ng-if="ctrl.state.isAdmin" ng-include="'app/kubernetes/templates/advancedDeploymentPanel.html'"></div> <div ng-include="'app/kubernetes/templates/advancedDeploymentPanel.html'"></div>
<div class="row"> <div class="row">
<div class="col-sm-12"> <div class="col-sm-12">

2
app/kubernetes/views/configurations/configurations.html
View File

@ -5,7 +5,7 @@
<kubernetes-view-loading view-ready="ctrl.state.viewReady"></kubernetes-view-loading> <kubernetes-view-loading view-ready="ctrl.state.viewReady"></kubernetes-view-loading>
<div ng-if="ctrl.state.viewReady"> <div ng-if="ctrl.state.viewReady">
<div ng-if="ctrl.state.isAdmin" ng-include="'app/kubernetes/templates/advancedDeploymentPanel.html'"></div> <div ng-include="'app/kubernetes/templates/advancedDeploymentPanel.html'"></div>
<div class="row"> <div class="row">
<div class="col-sm-12"> <div class="col-sm-12">

2
app/kubernetes/views/volumes/volumes.html
View File

@ -5,7 +5,7 @@
<kubernetes-view-loading view-ready="ctrl.state.viewReady"></kubernetes-view-loading> <kubernetes-view-loading view-ready="ctrl.state.viewReady"></kubernetes-view-loading>
<div ng-if="ctrl.state.viewReady"> <div ng-if="ctrl.state.viewReady">
<div ng-if="ctrl.state.isAdmin" ng-include="'app/kubernetes/templates/advancedDeploymentPanel.html'"></div> <div ng-include="'app/kubernetes/templates/advancedDeploymentPanel.html'"></div>
<div class="row"> <div class="row">
<div class="col-sm-12"> <div class="col-sm-12">