From 60ef6d0270867d1ff9e730251ecdf9bc3fbb4abd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Busso?= Date: Thu, 17 Jun 2021 16:55:11 +1200 Subject: [PATCH 1/6] Bump version to 2.6.0 --- api/portainer.go | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/api/portainer.go b/api/portainer.go index 897fc6b99..ab61f37bf 100644 --- a/api/portainer.go +++ b/api/portainer.go @@ -1341,7 +1341,7 @@ type ( const ( // APIVersion is the version number of the Portainer API - APIVersion = "2.5.1" + APIVersion = "2.6.0" // DBVersion is the version number of the Portainer database DBVersion = 30 // ComposeSyntaxMaxVersion is a maximum supported version of the docker compose syntax diff --git a/package.json b/package.json index b39d7106b..03731fd25 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "author": "Portainer.io", "name": "portainer", "homepage": "http://portainer.io", - "version": "2.5.1", + "version": "2.6.0", "repository": { "type": "git", "url": "git@github.com:portainer/portainer.git" From 5466e68f502a15b8f0e698bc06ec4099ee4bf0d7 Mon Sep 17 00:00:00 2001 From: cong meng Date: Fri, 18 Jun 2021 11:30:18 +1200 Subject: [PATCH 2/6] fix(ACI): At least one team or user should be specified when creating a restricted container in Azure ACI EE-578 (#5204) Co-authored-by: Simon Meng --- .../create/createContainerInstanceController.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/app/azure/views/containerinstances/create/createContainerInstanceController.js b/app/azure/views/containerinstances/create/createContainerInstanceController.js index 7d73a4477..3ea1ef8ea 100644 --- a/app/azure/views/containerinstances/create/createContainerInstanceController.js +++ b/app/azure/views/containerinstances/create/createContainerInstanceController.js @@ -8,7 +8,8 @@ angular.module('portainer.azure').controller('AzureCreateContainerInstanceContro 'Notifications', 'Authentication', 'ResourceControlService', - function ($q, $scope, $state, AzureService, Notifications, Authentication, ResourceControlService) { + 'FormValidator', + function ($q, $scope, $state, AzureService, Notifications, Authentication, ResourceControlService, FormValidator) { var allResourceGroups = []; var allProviders = []; @@ -70,6 +71,11 @@ angular.module('portainer.azure').controller('AzureCreateContainerInstanceContro return 'At least one port binding is required'; } + const error = FormValidator.validateAccessControl(model.AccessControlData, Authentication.isAdmin()); + if (error !== '') { + return error; + } + return null; } From 89f53458c62ad6380a74d6fa8c28b223ba42ce95 Mon Sep 17 00:00:00 2001 From: Dmitry Salakhov Date: Mon, 21 Jun 2021 09:53:48 +1200 Subject: [PATCH 3/6] fix(stack): allow standard users use advanced deployment (#5205) --- api/http/handler/stacks/stack_create.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/api/http/handler/stacks/stack_create.go b/api/http/handler/stacks/stack_create.go index 7693746ca..427d4470c 100644 --- a/api/http/handler/stacks/stack_create.go +++ b/api/http/handler/stacks/stack_create.go @@ -14,7 +14,6 @@ import ( portainer "github.com/portainer/portainer/api" bolterrors "github.com/portainer/portainer/api/bolt/errors" gittypes "github.com/portainer/portainer/api/git/types" - httperrors "github.com/portainer/portainer/api/http/errors" "github.com/portainer/portainer/api/http/security" "github.com/portainer/portainer/api/internal/authorization" "github.com/portainer/portainer/api/internal/endpointutils" @@ -113,10 +112,6 @@ func (handler *Handler) stackCreate(w http.ResponseWriter, r *http.Request) *htt case portainer.DockerComposeStack: return handler.createComposeStack(w, r, method, endpoint, tokenData.ID) case portainer.KubernetesStack: - if tokenData.Role != portainer.AdministratorRole { - return &httperror.HandlerError{StatusCode: http.StatusForbidden, Message: "Access denied", Err: httperrors.ErrUnauthorized} - } - return handler.createKubernetesStack(w, r, method, endpoint) } From 8e3751d0b7ef5f97025ec57d383557e5df6443fc Mon Sep 17 00:00:00 2001 From: cong meng Date: Tue, 22 Jun 2021 12:58:54 +1200 Subject: [PATCH 4/6] fix(stack) Unable to update and redeploy a stack created from a git repository if it has failed once EE-1012 (#5212) testing passed --- api/http/handler/stacks/stack_update_git.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/api/http/handler/stacks/stack_update_git.go b/api/http/handler/stacks/stack_update_git.go index 1daefec19..dd38365b9 100644 --- a/api/http/handler/stacks/stack_update_git.go +++ b/api/http/handler/stacks/stack_update_git.go @@ -116,6 +116,13 @@ func (handler *Handler) stackUpdateGit(w http.ResponseWriter, r *http.Request) * return &httperror.HandlerError{http.StatusInternalServerError, "Unable to clone git repository", err} } + defer func() { + err = handler.FileService.RemoveDirectory(backupProjectPath) + if err != nil { + log.Printf("[WARN] [http,stacks,git] [error: %s] [message: unable to remove git repository directory]", err) + } + }() + httpErr := handler.deployStack(r, stack, endpoint) if httpErr != nil { return httpErr @@ -126,11 +133,6 @@ func (handler *Handler) stackUpdateGit(w http.ResponseWriter, r *http.Request) * return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the stack changes inside the database", err} } - err = handler.FileService.RemoveDirectory(backupProjectPath) - if err != nil { - return &httperror.HandlerError{http.StatusInternalServerError, "Unable to remove git repository directory", err} - } - return response.JSON(w, stack) } From a13ad8927f0d0e0006376116fe392408722bdfbf Mon Sep 17 00:00:00 2001 From: cong meng Date: Tue, 22 Jun 2021 19:59:05 +1200 Subject: [PATCH 5/6] fix(stack) ignore username and password when authentication is disabled EE-161 (#5222) * fix(stack) ignore username and password when authentication is disabled EE-161 * fix(stack) ignore username and password when authentication is disabled for stack creation EE-161 Co-authored-by: Simon Meng --- .../handler/customtemplates/customtemplate_create.go | 9 ++++++++- api/http/handler/edgestacks/edgestack_create.go | 9 ++++++++- api/http/handler/stacks/create_kubernetes_stack.go | 9 ++++++++- api/http/handler/stacks/stack_create.go | 4 ++++ api/http/handler/stacks/stack_update_git.go | 9 ++++++++- 5 files changed, 36 insertions(+), 4 deletions(-) diff --git a/api/http/handler/customtemplates/customtemplate_create.go b/api/http/handler/customtemplates/customtemplate_create.go index 9433affa2..e01ba01df 100644 --- a/api/http/handler/customtemplates/customtemplate_create.go +++ b/api/http/handler/customtemplates/customtemplate_create.go @@ -236,7 +236,14 @@ func (handler *Handler) createCustomTemplateFromGitRepository(r *http.Request) ( projectPath := handler.FileService.GetCustomTemplateProjectPath(strconv.Itoa(customTemplateID)) customTemplate.ProjectPath = projectPath - err = handler.GitService.CloneRepository(projectPath, payload.RepositoryURL, payload.RepositoryReferenceName, payload.RepositoryUsername, payload.RepositoryPassword) + repositoryUsername := payload.RepositoryUsername + repositoryPassword := payload.RepositoryPassword + if !payload.RepositoryAuthentication { + repositoryUsername = "" + repositoryPassword = "" + } + + err = handler.GitService.CloneRepository(projectPath, payload.RepositoryURL, payload.RepositoryReferenceName, repositoryUsername, repositoryPassword) if err != nil { return nil, err } diff --git a/api/http/handler/edgestacks/edgestack_create.go b/api/http/handler/edgestacks/edgestack_create.go index b0b904faa..06edc2278 100644 --- a/api/http/handler/edgestacks/edgestack_create.go +++ b/api/http/handler/edgestacks/edgestack_create.go @@ -212,7 +212,14 @@ func (handler *Handler) createSwarmStackFromGitRepository(r *http.Request) (*por projectPath := handler.FileService.GetEdgeStackProjectPath(strconv.Itoa(int(stack.ID))) stack.ProjectPath = projectPath - err = handler.GitService.CloneRepository(projectPath, payload.RepositoryURL, payload.RepositoryReferenceName, payload.RepositoryUsername, payload.RepositoryPassword) + repositoryUsername := payload.RepositoryUsername + repositoryPassword := payload.RepositoryPassword + if !payload.RepositoryAuthentication { + repositoryUsername = "" + repositoryPassword = "" + } + + err = handler.GitService.CloneRepository(projectPath, payload.RepositoryURL, payload.RepositoryReferenceName, repositoryUsername, repositoryPassword) if err != nil { return nil, err } diff --git a/api/http/handler/stacks/create_kubernetes_stack.go b/api/http/handler/stacks/create_kubernetes_stack.go index 27d0971f7..918d1047d 100644 --- a/api/http/handler/stacks/create_kubernetes_stack.go +++ b/api/http/handler/stacks/create_kubernetes_stack.go @@ -172,7 +172,14 @@ func (handler *Handler) deployKubernetesStack(endpoint *portainer.Endpoint, stac } func (handler *Handler) cloneManifestContentFromGitRepo(gitInfo *kubernetesGitDeploymentPayload, projectPath string) (string, error) { - err := handler.GitService.CloneRepository(projectPath, gitInfo.RepositoryURL, gitInfo.RepositoryReferenceName, gitInfo.RepositoryUsername, gitInfo.RepositoryPassword) + repositoryUsername := gitInfo.RepositoryUsername + repositoryPassword := gitInfo.RepositoryPassword + if !gitInfo.RepositoryAuthentication { + repositoryUsername = "" + repositoryPassword = "" + } + + err := handler.GitService.CloneRepository(projectPath, gitInfo.RepositoryURL, gitInfo.RepositoryReferenceName, repositoryUsername, repositoryPassword) if err != nil { return "", err } diff --git a/api/http/handler/stacks/stack_create.go b/api/http/handler/stacks/stack_create.go index 427d4470c..53533ca33 100644 --- a/api/http/handler/stacks/stack_create.go +++ b/api/http/handler/stacks/stack_create.go @@ -236,6 +236,10 @@ func (handler *Handler) decorateStackResponse(w http.ResponseWriter, stack *port } func (handler *Handler) cloneAndSaveConfig(stack *portainer.Stack, projectPath, repositoryURL, refName, configFilePath string, auth bool, username, password string) error { + if !auth { + username = "" + password = "" + } err := handler.GitService.CloneRepository(projectPath, repositoryURL, refName, username, password) if err != nil { diff --git a/api/http/handler/stacks/stack_update_git.go b/api/http/handler/stacks/stack_update_git.go index dd38365b9..9d266cd89 100644 --- a/api/http/handler/stacks/stack_update_git.go +++ b/api/http/handler/stacks/stack_update_git.go @@ -106,7 +106,14 @@ func (handler *Handler) stackUpdateGit(w http.ResponseWriter, r *http.Request) * return &httperror.HandlerError{http.StatusInternalServerError, "Unable to move git repository directory", err} } - err = handler.GitService.CloneRepository(stack.ProjectPath, stack.GitConfig.URL, payload.RepositoryReferenceName, payload.RepositoryUsername, payload.RepositoryPassword) + repositoryUsername := payload.RepositoryUsername + repositoryPassword := payload.RepositoryPassword + if !payload.RepositoryAuthentication { + repositoryUsername = "" + repositoryPassword = "" + } + + err = handler.GitService.CloneRepository(stack.ProjectPath, stack.GitConfig.URL, payload.RepositoryReferenceName, repositoryUsername, repositoryPassword) if err != nil { restoreError := filesystem.MoveDirectory(backupProjectPath, stack.ProjectPath) if restoreError != nil { From 1ddf76dbda0c728d1aa65bc52b94c666639c706f Mon Sep 17 00:00:00 2001 From: Chaim Lev-Ari Date: Tue, 22 Jun 2021 12:41:50 +0300 Subject: [PATCH 6/6] fix(git-form): show git form and clear auth values (#5224) * fix(custom-templates): show git form fix [EE-1025] * fix(git-form): empty auth values when auth is off --- .../git-form-auth-fieldset.controller.js | 36 ++++++++++++++++++- .../createCustomTemplateView.html | 2 +- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/app/portainer/components/forms/git-form/git-form-auth-fieldset/git-form-auth-fieldset.controller.js b/app/portainer/components/forms/git-form/git-form-auth-fieldset/git-form-auth-fieldset.controller.js index 1fac1f4fd..1bc7db19e 100644 --- a/app/portainer/components/forms/git-form/git-form-auth-fieldset/git-form-auth-fieldset.controller.js +++ b/app/portainer/components/forms/git-form/git-form-auth-fieldset/git-form-auth-fieldset.controller.js @@ -1,8 +1,13 @@ class GitFormComposeAuthFieldsetController { /* @ngInject */ constructor() { + this.authValues = { + username: '', + password: '', + }; + this.onChangeField = this.onChangeField.bind(this); - this.onChangeAuth = this.onChangeField('RepositoryAuthentication'); + this.onChangeAuth = this.onChangeAuth.bind(this); this.onChangeUsername = this.onChangeField('RepositoryUsername'); this.onChangePassword = this.onChangeField('RepositoryPassword'); } @@ -15,6 +20,35 @@ class GitFormComposeAuthFieldsetController { }); }; } + + onChangeAuth(auth) { + if (!auth) { + this.authValues.username = this.model.RepositoryUsername; + this.authValues.password = this.model.RepositoryPassword; + this.onChange({ + ...this.model, + RepositoryAuthentication: true, + RepositoryUsername: '', + RepositoryPassword: '', + }); + + return; + } + + this.onChange({ + ...this.model, + RepositoryAuthentication: false, + RepositoryUsername: this.authValues.username, + RepositoryPassword: this.authValues.password, + }); + } + + $onInit() { + if (this.model.RepositoryAuthentication) { + this.authValues.username = this.model.RepositoryUsername; + this.authValues.password = this.model.RepositoryPassword; + } + } } export default GitFormComposeAuthFieldsetController; diff --git a/app/portainer/views/custom-templates/create-custom-template-view/createCustomTemplateView.html b/app/portainer/views/custom-templates/create-custom-template-view/createCustomTemplateView.html index c84198744..049fcdfc3 100644 --- a/app/portainer/views/custom-templates/create-custom-template-view/createCustomTemplateView.html +++ b/app/portainer/views/custom-templates/create-custom-template-view/createCustomTemplateView.html @@ -103,7 +103,7 @@ - +