* refactor(oauth): move oauth client code
* feat(oauth): move extension code into server code
* feat(oauth): enable oauth without extension
* refactor(oauth): make it easier to remove providers
* feat(cluster): add kubernetes endpoint resource
* feat(cluster): add kubernetes endpoint service
* feat(node): Show which IP address / port the cluster API is listening on
* fix(cluster): support multi-master clusters
* fix(cluster): support multi-master clusters
* feat(k8s/cluster): minor UI update
* refactor(k8s/cluster): rename variable
* refactor(k8s/endpoints): refactor KubernetesEndpointsFactory
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(application): add horizontalpodautoscaler creation
* feat(application): Add the ability to set the auto-scale policy of an application
* feat(k8s/application): minor UI update
* fix(application): set api version and prevent to use hpa with global deployment type
* feat(settings): add a switch to enable features based on server metrics
* feat(k8s/applications): minor UI update
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(k8s/application): expose placement conditions
* feat(k8s/applications): minor UI update
* feat(k8s/application): update message for admin and non admin users
* feat(kubernetes/applications): minor UI update
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(containers): enforce disable bind mounts
* refactor(docker): move check for endpoint admin to a function
* feat(docker): check if service has bind mounts
* feat(services): allow bind mounts for endpoint admin
* feat(container): enable bind mounts for endpoint admin
* fix(services): fix typo
* feat(settings): add info about container edit disable
* feat(settings): set security settings
* feat(containers): hide recreate button when setting is enabled
* feat(settings): rephrase security notice
* fix(settings): save allowHostNamespaceForRegularUsers to state
* feat(settings): introduce settings to allow/disable
* feat(settings): update the setting
* feat(docker): prevent user from using caps if disabled
* refactor(stacks): revert file
* style(api): remove portainer ns
* feat(stacks): add a setting to disable the creation of stacks for non-admin users
* feat(settings): introduce a setting to prevent non-admin from stack creation
* feat(settings): update stack creation setting
* feat(settings): fail stack creation if user is non admin
* fix(settings): save preventStackCreation setting to state
* feat(stacks): disable add button when settings is enabled
* format(stacks): remove line
* feat(stacks): setting to hide stacks from users
* feat(settings): rename disable stacks setting
* refactor(settings): rename setting to disableStackManagementForRegularUsers
* feat(settings): hide stacks for non admin when settings is set
* refactor(settings): replace disableDeviceMapping with allow
* feat(dashboard): hide stacks if settings disabled and non admin
* refactor(sidebar): check if user is endpoint admin
* feat(settings): set the default value for stack management
* feat(settings): rename field label
* fix(sidebar): refresh show stacks state
* fix(docker): hide stacks when not admin
* feat(settings): add setting to disable device mapping for regular users
* feat(settings): introduce device mapping service
* feat(containers): hide devices field when setting is on
* feat(containers): prevent passing of devices when not allowed
* feat(stacks): prevent non admin from device mapping
* feat(stacks): disallow swarm stack creation for user
* refactor(settings): replace disableDeviceMapping with allow
* fix(stacks): remove check for disable device mappings from swarm
* feat(settings): rename field to disable
* feat(settings): supply default value for disableDeviceMapping
* feat(container): check for endpoint admin
* style(server): sort imports
* feat(containers): prevent non-admin users from running containers using the host namespace pid (#3970)
* feat(containers): Prevent non-admin users from running containers using the host namespace pid
* feat(containers): add rbac check for swarm stack too
* feat(containers): remove forgotten conflict
* feat(containers): init EnableHostNamespaceUse to true and return 403 on forbidden action
* feat(containers): change enableHostNamespaceUse to restrictHostNamespaceUse in html
* feat(settings): rename EnableHostNamespaceUse to AllowHostNamespaceForRegularUsers
* feat(database): trigger migration for AllowHostNamespace
* feat(containers): check container creation authorization
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
* refactor(agent): replace root with index
* refactor(agent): use simple export
* refactor(agent): replace function with class
* refactor(agent): replace promise with async
* feat(containers): Ensure users cannot create privileged containers via the API
* feat(containers): add rbac check in stack creation
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
* fix(datatables): persist state changes
* fix(datatables): persist order
* feat(sidebar): use local storage to store toggle toolbar
* feat(config): use local storage instead of cookies
* refactor(agent): rename files
* refactor(agent): replace controller with regular export
* refactor(agent): replace function with class
* refactor(agent): replace promise with async
* refactor(agent): rename main file
* feat(aci): show basic details
* feat(aci): style container details page
* fix(aci): fix container ip
* feat(aci): provide functions to get single aci resource
* feat(aci): show readable data
* feat(aci): style container instance
* fix(app): use deps injection in router correctly
* feat(app): guard against using wrong endpoint type
* feat(sidebar): supply endpoint id
* feat(templates): move custom templates to docker
Chaim Lev-Ari