github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

feat(templates): re-introduce external template management (#2119) 

* feat(templates): re-introduce external template management

* refactor(api): review error handling
pull/2144/head
Anthony Lapenna 2018-08-07 17:43:36 +02:00 committed by GitHub
parent 09cb8e7350
commit ee9c8d7d1a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 120 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
api/cmd/portainer/main.go
View File

@ -193,6 +193,10 @@ func initSettings(settingsService portainer.SettingsService, flags *portainer.CL
} }
func initTemplates(templateService portainer.TemplateService, fileService portainer.FileService, templateURL, templateFile string) error { func initTemplates(templateService portainer.TemplateService, fileService portainer.FileService, templateURL, templateFile string) error {
if templateURL != "" {
log.Printf("Portainer started with the --templates flag. Using external templates, template management will be disabled.")
return nil
}
existingTemplates, err := templateService.Templates() existingTemplates, err := templateService.Templates()
if err != nil { if err != nil {
@ -204,32 +208,14 @@ func initTemplates(templateService portainer.TemplateService, fileService portai
return nil return nil
} }
var templatesJSON []byte
if templateURL == "" {
return loadTemplatesFromFile(fileService, templateService, templateFile)
}
templatesJSON, err = client.Get(templateURL)
if err != nil {
log.Println("Unable to retrieve templates via HTTP")
return err
}
return unmarshalAndPersistTemplates(templateService, templatesJSON)
}
func loadTemplatesFromFile(fileService portainer.FileService, templateService portainer.TemplateService, templateFile string) error {
templatesJSON, err := fileService.GetFileContent(templateFile) templatesJSON, err := fileService.GetFileContent(templateFile)
if err != nil { if err != nil {
log.Println("Unable to retrieve template via filesystem") log.Println("Unable to retrieve template definitions via filesystem")
return err return err
} }
return unmarshalAndPersistTemplates(templateService, templatesJSON)
}
func unmarshalAndPersistTemplates(templateService portainer.TemplateService, templateData []byte) error {
var templates []portainer.Template var templates []portainer.Template
err := json.Unmarshal(templateData, &templates) err = json.Unmarshal(templatesJSON, &templates)
if err != nil { if err != nil {
log.Println("Unable to parse templates file. Please review your template definition file.") log.Println("Unable to parse templates file. Please review your template definition file.")
return err return err
@ -241,6 +227,7 @@ func unmarshalAndPersistTemplates(templateService portainer.TemplateService, tem
return err return err
} }
} }
return nil return nil
} }

6
api/http/handler/settings/settings_public.go
View File

@ -13,6 +13,7 @@ type publicSettingsResponse struct {
AuthenticationMethod portainer.AuthenticationMethod `json:"AuthenticationMethod"` AuthenticationMethod portainer.AuthenticationMethod `json:"AuthenticationMethod"`
AllowBindMountsForRegularUsers bool `json:"AllowBindMountsForRegularUsers"` AllowBindMountsForRegularUsers bool `json:"AllowBindMountsForRegularUsers"`
AllowPrivilegedModeForRegularUsers bool `json:"AllowPrivilegedModeForRegularUsers"` AllowPrivilegedModeForRegularUsers bool `json:"AllowPrivilegedModeForRegularUsers"`
ExternalTemplates bool `json:"ExternalTemplates"`
} }
// GET request on /api/settings/public // GET request on /api/settings/public
@ -27,6 +28,11 @@ func (handler *Handler) settingsPublic(w http.ResponseWriter, r *http.Request) *
AuthenticationMethod: settings.AuthenticationMethod, AuthenticationMethod: settings.AuthenticationMethod,
AllowBindMountsForRegularUsers: settings.AllowBindMountsForRegularUsers, AllowBindMountsForRegularUsers: settings.AllowBindMountsForRegularUsers,
AllowPrivilegedModeForRegularUsers: settings.AllowPrivilegedModeForRegularUsers, AllowPrivilegedModeForRegularUsers: settings.AllowPrivilegedModeForRegularUsers,
ExternalTemplates: false,
}
if settings.TemplatesURL != "" {
publicSettings.ExternalTemplates = true
} }
return response.JSON(w, publicSettings) return response.JSON(w, publicSettings)

8
api/http/handler/settings/settings_update.go
View File

@ -19,6 +19,7 @@ type settingsUpdatePayload struct {
AllowBindMountsForRegularUsers *bool AllowBindMountsForRegularUsers *bool
AllowPrivilegedModeForRegularUsers *bool AllowPrivilegedModeForRegularUsers *bool
SnapshotInterval *string SnapshotInterval *string
TemplatesURL *string
} }
func (payload *settingsUpdatePayload) Validate(r *http.Request) error { func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
@ -28,6 +29,9 @@ func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
if payload.LogoURL != nil && *payload.LogoURL != "" && !govalidator.IsURL(*payload.LogoURL) { if payload.LogoURL != nil && *payload.LogoURL != "" && !govalidator.IsURL(*payload.LogoURL) {
return portainer.Error("Invalid logo URL. Must correspond to a valid URL format") return portainer.Error("Invalid logo URL. Must correspond to a valid URL format")
} }
if payload.TemplatesURL != nil && *payload.TemplatesURL != "" && !govalidator.IsURL(*payload.TemplatesURL) {
return portainer.Error("Invalid external templates URL. Must correspond to a valid URL format")
}
return nil return nil
} }
@ -52,6 +56,10 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
settings.LogoURL = *payload.LogoURL settings.LogoURL = *payload.LogoURL
} }
if payload.TemplatesURL != nil {
settings.TemplatesURL = *payload.TemplatesURL
}
if payload.BlackListedLabels != nil { if payload.BlackListedLabels != nil {
settings.BlackListedLabels = payload.BlackListedLabels settings.BlackListedLabels = payload.BlackListedLabels
} }

30
api/http/handler/templates/handler.go
View File

@ -9,10 +9,15 @@ import (
"github.com/portainer/portainer/http/security" "github.com/portainer/portainer/http/security"
) )
const (
errTemplateManagementDisabled = portainer.Error("Template management is disabled")
)
// Handler represents an HTTP API handler for managing templates. // Handler represents an HTTP API handler for managing templates.
type Handler struct { type Handler struct {
*mux.Router *mux.Router
TemplateService portainer.TemplateService TemplateService portainer.TemplateService
SettingsService portainer.SettingsService
} }
// NewHandler returns a new instance of Handler. // NewHandler returns a new instance of Handler.
@ -20,15 +25,32 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
h := &Handler{ h := &Handler{
Router: mux.NewRouter(), Router: mux.NewRouter(),
} }
h.Handle("/templates", h.Handle("/templates",
bouncer.RestrictedAccess(httperror.LoggerHandler(h.templateList))).Methods(http.MethodGet) bouncer.RestrictedAccess(httperror.LoggerHandler(h.templateList))).Methods(http.MethodGet)
h.Handle("/templates", h.Handle("/templates",
bouncer.AdministratorAccess(httperror.LoggerHandler(h.templateCreate))).Methods(http.MethodPost) bouncer.AdministratorAccess(h.templateManagementCheck(httperror.LoggerHandler(h.templateCreate)))).Methods(http.MethodPost)
h.Handle("/templates/{id}", h.Handle("/templates/{id}",
bouncer.AdministratorAccess(httperror.LoggerHandler(h.templateInspect))).Methods(http.MethodGet) bouncer.AdministratorAccess(h.templateManagementCheck(httperror.LoggerHandler(h.templateInspect)))).Methods(http.MethodGet)
h.Handle("/templates/{id}", h.Handle("/templates/{id}",
bouncer.AdministratorAccess(httperror.LoggerHandler(h.templateUpdate))).Methods(http.MethodPut) bouncer.AdministratorAccess(h.templateManagementCheck(httperror.LoggerHandler(h.templateUpdate)))).Methods(http.MethodPut)
h.Handle("/templates/{id}", h.Handle("/templates/{id}",
bouncer.AdministratorAccess(httperror.LoggerHandler(h.templateDelete))).Methods(http.MethodDelete) bouncer.AdministratorAccess(h.templateManagementCheck(httperror.LoggerHandler(h.templateDelete)))).Methods(http.MethodDelete)
return h return h
} }
func (handler *Handler) templateManagementCheck(next http.Handler) http.Handler {
return httperror.LoggerHandler(func(rw http.ResponseWriter, r *http.Request) *httperror.HandlerError {
settings, err := handler.SettingsService.Settings()
if err != nil {
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
}
if settings.TemplatesURL != "" {
return &httperror.HandlerError{http.StatusServiceUnavailable, "Portainer is configured to use external templates, template management is disabled", errTemplateManagementDisabled}
}
next.ServeHTTP(rw, r)
return nil
})
}

25
api/http/handler/templates/template_list.go
View File

@ -1,8 +1,11 @@
package templates package templates
import ( import (
"encoding/json"
"net/http" "net/http"
"github.com/portainer/portainer"
"github.com/portainer/portainer/http/client"
httperror "github.com/portainer/portainer/http/error" httperror "github.com/portainer/portainer/http/error"
"github.com/portainer/portainer/http/response" "github.com/portainer/portainer/http/response"
"github.com/portainer/portainer/http/security" "github.com/portainer/portainer/http/security"
@ -10,10 +13,29 @@ import (
// GET request on /api/templates // GET request on /api/templates
func (handler *Handler) templateList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError { func (handler *Handler) templateList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
templates, err := handler.TemplateService.Templates() settings, err := handler.SettingsService.Settings()
if err != nil {
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
}
var templates []portainer.Template
if settings.TemplatesURL == "" {
templates, err = handler.TemplateService.Templates()
if err != nil { if err != nil {
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve templates from the database", err} return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve templates from the database", err}
} }
} else {
var templateData []byte
templateData, err = client.Get(settings.TemplatesURL)
if err != nil {
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve external templates", err}
}
err = json.Unmarshal(templateData, &templates)
if err != nil {
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to parse external templates", err}
}
}
securityContext, err := security.RetrieveRestrictedRequestContext(r) securityContext, err := security.RetrieveRestrictedRequestContext(r)
if err != nil { if err != nil {
@ -21,6 +43,5 @@ func (handler *Handler) templateList(w http.ResponseWriter, r *http.Request) *ht
} }
filteredTemplates := security.FilterTemplates(templates, securityContext) filteredTemplates := security.FilterTemplates(templates, securityContext)
return response.JSON(w, filteredTemplates) return response.JSON(w, filteredTemplates)
} }

1
api/http/server.go
View File

@ -151,6 +151,7 @@ func (server *Server) Start() error {
var templatesHandler = templates.NewHandler(requestBouncer) var templatesHandler = templates.NewHandler(requestBouncer)
templatesHandler.TemplateService = server.TemplateService templatesHandler.TemplateService = server.TemplateService
templatesHandler.SettingsService = server.SettingsService
var uploadHandler = upload.NewHandler(requestBouncer) var uploadHandler = upload.NewHandler(requestBouncer)
uploadHandler.FileService = server.FileService uploadHandler.FileService = server.FileService

2
api/portainer.go
View File

@ -88,11 +88,11 @@ type (
AllowBindMountsForRegularUsers bool `json:"AllowBindMountsForRegularUsers"` AllowBindMountsForRegularUsers bool `json:"AllowBindMountsForRegularUsers"`
AllowPrivilegedModeForRegularUsers bool `json:"AllowPrivilegedModeForRegularUsers"` AllowPrivilegedModeForRegularUsers bool `json:"AllowPrivilegedModeForRegularUsers"`
SnapshotInterval string `json:"SnapshotInterval"` SnapshotInterval string `json:"SnapshotInterval"`
TemplatesURL string `json:"TemplatesURL"`
// Deprecated fields // Deprecated fields
DisplayDonationHeader bool DisplayDonationHeader bool
DisplayExternalContributors bool DisplayExternalContributors bool
TemplatesURL string
} }
// User represents a user account. // User represents a user account.

2
app/portainer/models/settings.js
View File

@ -6,6 +6,8 @@ function SettingsViewModel(data) {
this.AllowBindMountsForRegularUsers = data.AllowBindMountsForRegularUsers; this.AllowBindMountsForRegularUsers = data.AllowBindMountsForRegularUsers;
this.AllowPrivilegedModeForRegularUsers = data.AllowPrivilegedModeForRegularUsers; this.AllowPrivilegedModeForRegularUsers = data.AllowPrivilegedModeForRegularUsers;
this.SnapshotInterval = data.SnapshotInterval; this.SnapshotInterval = data.SnapshotInterval;
this.TemplatesURL = data.TemplatesURL;
this.ExternalTemplates = data.ExternalTemplates;
} }
function LDAPSettingsViewModel(data) { function LDAPSettingsViewModel(data) {

31
app/portainer/views/settings/settings.html
View File

@ -44,6 +44,37 @@
</div> </div>
</div> </div>
<!-- !logo --> <!-- !logo -->
<!-- templates -->
<div class="col-sm-12 form-section-title">
App Templates
</div>
<div class="form-group">
<div class="col-sm-12">
<label for="toggle_templates" class="control-label text-left">
Use external templates
<portainer-tooltip position="bottom" message="When using external templates, in-app template management will be disabled."></portainer-tooltip>
</label>
<label class="switch" style="margin-left: 20px;">
<input type="checkbox" name="toggle_templates" ng-model="formValues.externalTemplates"><i></i>
</label>
</div>
</div>
<div ng-if="formValues.externalTemplates">
<div class="form-group">
<span class="col-sm-12 text-muted small">
You can specify the URL to your own template definitions file here. See <a href="https://portainer.readthedocs.io/en/stable/templates.html" target="_blank">Portainer documentation</a> for more details.
</span>
</div>
<div class="form-group" >
<label for="templates_url" class="col-sm-1 control-label text-left">
URL
</label>
<div class="col-sm-11">
<input type="text" class="form-control" ng-model="settings.TemplatesURL" id="templates_url" placeholder="https://myserver.mydomain/templates.json">
</div>
</div>
</div>
<!-- !templates -->
<!-- security --> <!-- security -->
<div class="col-sm-12 form-section-title"> <div class="col-sm-12 form-section-title">
Security Security

8
app/portainer/views/settings/settingsController.js
View File

@ -8,6 +8,7 @@ function ($scope, $state, Notifications, SettingsService, StateManager, DEFAULT_
$scope.formValues = { $scope.formValues = {
customLogo: false, customLogo: false,
externalTemplates: false,
restrictBindMounts: false, restrictBindMounts: false,
restrictPrivilegedMode: false, restrictPrivilegedMode: false,
labelName: '', labelName: '',
@ -39,6 +40,10 @@ function ($scope, $state, Notifications, SettingsService, StateManager, DEFAULT_
settings.LogoURL = ''; settings.LogoURL = '';
} }
if (!$scope.formValues.externalTemplates) {
settings.TemplatesURL = '';
}
settings.AllowBindMountsForRegularUsers = !$scope.formValues.restrictBindMounts; settings.AllowBindMountsForRegularUsers = !$scope.formValues.restrictBindMounts;
settings.AllowPrivilegedModeForRegularUsers = !$scope.formValues.restrictPrivilegedMode; settings.AllowPrivilegedModeForRegularUsers = !$scope.formValues.restrictPrivilegedMode;
@ -70,6 +75,9 @@ function ($scope, $state, Notifications, SettingsService, StateManager, DEFAULT_
if (settings.LogoURL !== '') { if (settings.LogoURL !== '') {
$scope.formValues.customLogo = true; $scope.formValues.customLogo = true;
} }
if (settings.TemplatesURL !== '') {
$scope.formValues.externalTemplates = true;
}
$scope.formValues.restrictBindMounts = !settings.AllowBindMountsForRegularUsers; $scope.formValues.restrictBindMounts = !settings.AllowBindMountsForRegularUsers;
$scope.formValues.restrictPrivilegedMode = !settings.AllowPrivilegedModeForRegularUsers; $scope.formValues.restrictPrivilegedMode = !settings.AllowPrivilegedModeForRegularUsers;
}) })

6
app/portainer/views/templates/templates.html
View File

@ -353,9 +353,9 @@
templates="templates" templates="templates"
select-action="selectTemplate" select-action="selectTemplate"
delete-action="deleteTemplate" delete-action="deleteTemplate"
show-add-action="isAdmin" show-add-action="state.templateManagement && isAdmin"
show-update-action="isAdmin" show-update-action="state.templateManagement && isAdmin"
show-delete-action="isAdmin" show-delete-action="state.templateManagement && isAdmin"
show-swarm-stacks="applicationState.endpoint.mode.provider === 'DOCKER_SWARM_MODE' && applicationState.endpoint.mode.role === 'MANAGER' && applicationState.endpoint.apiVersion >= 1.25" show-swarm-stacks="applicationState.endpoint.mode.provider === 'DOCKER_SWARM_MODE' && applicationState.endpoint.mode.role === 'MANAGER' && applicationState.endpoint.apiVersion >= 1.25"
></template-list> ></template-list>
</div> </div>

4
app/portainer/views/templates/templatesController.js
View File

@ -5,7 +5,8 @@ function ($scope, $q, $state, $transition$, $anchorScroll, ContainerService, Ima
selectedTemplate: null, selectedTemplate: null,
showAdvancedOptions: false, showAdvancedOptions: false,
formValidationError: '', formValidationError: '',
actionInProgress: false actionInProgress: false,
templateManagement: true
}; };
$scope.formValues = { $scope.formValues = {
@ -253,6 +254,7 @@ function ($scope, $q, $state, $transition$, $anchorScroll, ContainerService, Ima
$scope.availableNetworks = networks; $scope.availableNetworks = networks;
var settings = data.settings; var settings = data.settings;
$scope.allowBindMounts = settings.AllowBindMountsForRegularUsers; $scope.allowBindMounts = settings.AllowBindMountsForRegularUsers;
$scope.state.templateManagement = !settings.ExternalTemplates;
}) })
.catch(function error(err) { .catch(function error(err) {
$scope.templates = []; $scope.templates = [];