Oscar Zhou
53025178ef
fix(access): support to list users or teams with specified endpoint [EE-1704] ( #7610 )
2022-09-16 14:45:14 +12:00
congs
0522032515
feat(teamleader) EE-294 redesign team leader ( #6973 )
...
feat(teamleader) EE-294 redesign team leader (#6973 )
2022-06-03 16:44:42 +12:00
Richard Wei
dd808bb7bd
fix(swagger): fix swagger api docs endpoint(s) rename to environment(s) EE-1661 ( #5629 )
...
* fix swagger api docs endpoint(s) rename to environment(s)
2021-09-20 12:14:22 +12:00
LP B
179df06267
feat(app): rework private registries and support private registries in kubernetes EE-30 ( #5131 )
...
* feat(app): rework private registries and support private registries in kubernetes
[EE-30]
feat(api): backport private registries backend changes (#5072 )
* feat(api/bolt): backport bolt changes
* feat(api/exec): backport exec changes
* feat(api/http): backport http/handler/dockerhub changes
* feat(api/http): backport http/handler/endpoints changes
* feat(api/http): backport http/handler/registries changes
* feat(api/http): backport http/handler/stacks changes
* feat(api/http): backport http/handler changes
* feat(api/http): backport http/proxy/factory/azure changes
* feat(api/http): backport http/proxy/factory/docker changes
* feat(api/http): backport http/proxy/factory/utils changes
* feat(api/http): backport http/proxy/factory/kubernetes changes
* feat(api/http): backport http/proxy/factory changes
* feat(api/http): backport http/security changes
* feat(api/http): backport http changes
* feat(api/internal): backport internal changes
* feat(api): backport api changes
* feat(api/kubernetes): backport kubernetes changes
* fix(api/http): changes on backend following backport
feat(app): backport private registries frontend changes (#5056 )
* feat(app/docker): backport docker/components changes
* feat(app/docker): backport docker/helpers changes
* feat(app/docker): backport docker/views/container changes
* feat(app/docker): backport docker/views/images changes
* feat(app/docker): backport docker/views/registries changes
* feat(app/docker): backport docker/views/services changes
* feat(app/docker): backport docker changes
* feat(app/kubernetes): backport kubernetes/components changes
* feat(app/kubernetes): backport kubernetes/converters changes
* feat(app/kubernetes): backport kubernetes/models changes
* feat(app/kubernetes): backport kubernetes/registries changes
* feat(app/kubernetes): backport kubernetes/services changes
* feat(app/kubernetes): backport kubernetes/views/applications changes
* feat(app/kubernetes): backport kubernetes/views/configurations changes
* feat(app/kubernetes): backport kubernetes/views/configure changes
* feat(app/kubernetes): backport kubernetes/views/resource-pools changes
* feat(app/kubernetes): backport kubernetes/views changes
* feat(app/portainer): backport portainer/components/accessManagement changes
* feat(app/portainer): backport portainer/components/datatables changes
* feat(app/portainer): backport portainer/components/forms changes
* feat(app/portainer): backport portainer/components/registry-details changes
* feat(app/portainer): backport portainer/models changes
* feat(app/portainer): backport portainer/rest changes
* feat(app/portainer): backport portainer/services changes
* feat(app/portainer): backport portainer/views changes
* feat(app/portainer): backport portainer changes
* feat(app): backport app changes
* config(project): gitignore + jsconfig changes
gitignore all files under api/cmd/portainer but main.go and enable Code Editor autocomplete on import ... from '@/...'
fix(app): fix pull rate limit checker
fix(app/registries): sidebar menus and registry accesses users filtering
fix(api): add missing kube client factory
fix(kube): fetch dockerhub pull limits (#5133 )
fix(app): pre review fixes (#5142 )
* fix(app/registries): remove checkbox for endpointRegistries view
* fix(endpoints): allow access to default namespace
* fix(docker): fetch pull limits
* fix(kube/ns): show selected registries for non admin
Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>
chore(webpack): ignore missing sourcemaps
fix(registries): fetch registry config from url
feat(kube/registries): ignore not found when deleting secret
feat(db): move migration to db 31
fix(registries): fix bugs in PR EE-869 (#5169 )
* fix(registries): hide role
* fix(endpoints): set empty access policy to edge endpoint
* fix(registry): remove double arguments
* fix(admin): ignore warning
* feat(kube/configurations): tag registry secrets (#5157 )
* feat(kube/configurations): tag registry secrets
* feat(kube/secrets): show registry secrets for admins
* fix(registries): move dockerhub to beginning
* refactor(registries): use endpoint scoped registries
feat(registries): filter by namespace if supplied
feat(access-managment): filter users for registry (#5191 )
* refactor(access-manage): move users selector to component
* feat(access-managment): filter users for registry
refactor(registries): sync code with CE (#5200 )
* refactor(registry): add inspect handler under endpoints
* refactor(endpoint): sync endpoint_registries_list
* refactor(endpoints): sync registry_access
* fix(db): rename migration functions
* fix(registries): show accesses for admin
* fix(kube): set token on transport
* refactor(kube): move secret help to bottom
* fix(kuberentes): remove shouldLog parameter
* style(auth): add description of security.IsAdmin
* feat(security): allow admin access to registry
* feat(edge): connect to edge endpoint when creating client
* style(portainer): change deprecation version
* refactor(sidebar): hide manage
* refactor(containers): revert changes
* style(container): remove whitespace
* fix(endpoint): add handler to registy on endpointService
* refactor(image): use endpointService.registries
* fix(kueb/namespaces): rename resource pool to namespace
* fix(kube/namespace): move selected registries
* fix(api/registries): hide accesses on registry creation
Co-authored-by: LP B <xAt0mZ@users.noreply.github.com>
refactor(api): remove code duplication after rebase
fix(app/registries): replace last registry api usage by endpoint registry api
fix(api/endpoints): update registry access policies on endpoint deletion (#5226 )
[EE-1027]
fix(db): update db version
* fix(dockerhub): fetch rate limits
* fix(registry/tests): supply restricred context
* fix(registries): show proget registry only when selected
* fix(registry): create dockerhub registry
* feat(db): move migrations to db 32
Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>
2021-07-14 21:15:21 +12:00
Anthony Lapenna
19d4db13be
feat(api): rewrite access control management in Docker ( #3337 )
...
* feat(api): decorate Docker resource creation response with resource control
* fix(api): fix a potential resource control conflict between stacks/volumes
* feat(api): generate a default private resource control instead of admin only
* fix(api): fix default RC value
* fix(api): update RC authorizations check to support admin only flag
* refactor(api): relocate access control related methods
* fix(api): fix a potential conflict when fetching RC from database
* refactor(api): refactor access control logic
* refactor(api): remove the concept of DecoratedStack
* feat(api): automatically remove RC when removing a Docker resource
* refactor(api): update filter resource methods documentation
* refactor(api): update proxy package structure
* refactor(api): renamed proxy/misc package
* feat(api): re-introduce ResourceControlDelete operation as admin restricted
* refactor(api): relocate default endpoint authorizations
* feat(api): migrate RBAC data
* feat(app): ResourceControl management refactor
* fix(api): fix access control issue on stack deletion and automatically delete RC
* fix(api): fix stack filtering
* fix(api): fix UpdateResourceControl operation checks
* refactor(api): introduce a NewTransport builder method
* refactor(api): inject endpoint in Docker transport
* refactor(api): introduce Docker client into Docker transport
* refactor(api): refactor http/proxy package
* feat(api): inspect a Docker resource labels during access control validation
* fix(api): only apply automatic resource control creation on success response
* fix(api): fix stack access control check
* fix(api): use StatusCreated instead of StatusOK for automatic resource control creation
* fix(app): resource control fixes
* fix(api): fix an issue preventing administrator to inspect a resource with a RC
* refactor(api): remove useless error return
* refactor(api): document DecorateStacks function
* fix(api): fix invalid resource control type for container deletion
* feat(api): support Docker system networks
* feat(api): update Swagger docs
* refactor(api): rename transport variable
* refactor(api): rename transport variable
* feat(networks): add system tag for system networks
* feat(api): add support for resource control labels
* feat(api): upgrade to DBVersion 22
* refactor(api): refactor access control management in Docker proxy
* refactor(api): re-implement docker proxy taskListOperation
* refactor(api): review parameters declaration
* refactor(api): remove extra blank line
* refactor(api): review method comments
* fix(api): fix invalid ServerAddress property and review method visibility
* feat(api): update error message
* feat(api): update restrictedVolumeBrowserOperation method
* refactor(api): refactor method parameters
* refactor(api): minor refactor
* refactor(api): change Azure transport visibility
* refactor(api): update struct documentation
* refactor(api): update struct documentation
* feat(api): review restrictedResourceOperation method
* refactor(api): remove unused authorization methods
* feat(api): apply RBAC when enabled on stack operations
* fix(api): fix invalid data migration procedure for DBVersion = 22
* fix(app): RC duplicate on private resource
* feat(api): change Docker API version logic for libcompose/client factory
* fix(api): update access denied error message to be Docker API compliant
* fix(api): update volume browsing authorizations data migration
* fix(api): fix an issue with access control in multi-node agent Swarm cluster
2019-11-13 12:41:42 +13:00
Anthony Lapenna
8057aa45c4
feat(extensions): introduce RBAC extension ( #2900 )
2019-05-24 18:04:58 +12:00
Anthony Lapenna
14845a4a53
refactor(api): refactor base import path ( #2788 )
...
* refactor(api): refactor base import path
* fix(build-system): update build_binary_devops
* fix(build-system): fix build_binary_devops for linux
* fix(build-system): fix build_binary_devops for Windows
2019-03-21 14:20:14 +13:00
baron_l
7aa6a30614
feat(registry-manager): allow regular users to use the registry browse feature ( #2664 )
...
* feat(registries): registries accessibility to all authorized people and not only admins
* feat(registry): dockerhub settings for admin only
* feat(registry): remove registry config access for non admin users
* feat(api): use AuthenticatedAccess policy instead of RestrictedAccess for extensionList operation
* refactor(api): minor update to security package
* refactor(api): revert unexporting function changes
* refactor(api): apply gofmt
2019-02-25 13:02:49 +13:00
Ricardo Cardona Ramirez
e1e263d8c8
feat(UAC): change default ownership to admininstrators ( #2137 )
...
* #960 feat(UAC): change ownership to admins for externally created ressources
* feat(UAC): change ownership to admins for externally created resources
Deprecated AdministratorsOnly js and go backend
* #960 feat(UAC): remove AdministratorsOnly property and minor GUI fixes
Update swagger definition changing AdministratorsOnly to Public
* #960 feat(UAC): fix create resource with access control data
* #960 feat(UAC): authorization of non-admin users for restricted operations
On stacks, containers networks, services , tasks and volumes.
* #960 feat(UAC): database migration to version 14
The administrator resources are deleted and Public resources are now managed by admins
* #960 feat(UAC): small fixes from PR #2137
* #960 feat(UAC): improve the readability of the source code
* feat(UAC) fix displayed ownership for Swarm related resources (#960 )
2018-08-19 07:57:28 +02:00
Anthony Lapenna
da5a430b8c
fix(api): add an authenticated access policy to the websocket endpoint ( #1979 )
...
* fix(api): add an authenticated access policy to the websocket endpoint
* refactor(api): centralize EndpointAccess validation
* feat(api): validate id query parameter for the /websocket/exec endpoint
2018-06-18 11:56:31 +02:00
Anthony Lapenna
1e12057cdd
fix(api): review security policies when creating/updating a resource control ( #1964 )
2018-06-11 17:58:46 +02:00
Anthony Lapenna
1162549209
feat(endpoint-groups): add endpoint-groups ( #1837 )
2018-04-26 18:08:46 +02:00
Anthony Lapenna
30dfd3d616
fix(api): manage registry authentication in the API ( #1751 )
2018-03-23 08:44:43 +10:00
Anthony Lapenna
eb43579378
feat(storidge): introduce endpoint extensions and proxy Storidge API ( #1661 )
2018-02-23 03:10:26 +01:00
Anthony Lapenna
3f085a977c
fix(UAC): allow a team member to delete a resource control ( #1030 )
2017-07-13 09:12:06 +02:00
Anthony Lapenna
5523fc9023
feat(global): introduce user teams and new UAC system ( #868 )
2017-05-23 20:56:10 +02:00