Commit Graph

73 Commits (6a67e8142d99014ad861ce474a724c236eb7d79f)

Author SHA1 Message Date
Anthony Lapenna 130c188717
fix(libcompose): apply same normalize name rule as libcompose on stack name (#3395) 2019-11-24 14:28:07 +13:00
Anthony Lapenna 19d4db13be
feat(api): rewrite access control management in Docker (#3337)
* feat(api): decorate Docker resource creation response with resource control

* fix(api): fix a potential resource control conflict between stacks/volumes

* feat(api): generate a default private resource control instead of admin only

* fix(api): fix default RC value

* fix(api): update RC authorizations check to support admin only flag

* refactor(api): relocate access control related methods

* fix(api): fix a potential conflict when fetching RC from database

* refactor(api): refactor access control logic

* refactor(api): remove the concept of DecoratedStack

* feat(api): automatically remove RC when removing a Docker resource

* refactor(api): update filter resource methods documentation

* refactor(api): update proxy package structure

* refactor(api): renamed proxy/misc package

* feat(api): re-introduce ResourceControlDelete operation as admin restricted

* refactor(api): relocate default endpoint authorizations

* feat(api): migrate RBAC data

* feat(app): ResourceControl management refactor

* fix(api): fix access control issue on stack deletion and automatically delete RC

* fix(api): fix stack filtering

* fix(api): fix UpdateResourceControl operation checks

* refactor(api): introduce a NewTransport builder method

* refactor(api): inject endpoint in Docker transport

* refactor(api): introduce Docker client into Docker transport

* refactor(api): refactor http/proxy package

* feat(api): inspect a Docker resource labels during access control validation

* fix(api): only apply automatic resource control creation on success response

* fix(api): fix stack access control check

* fix(api): use StatusCreated instead of StatusOK for automatic resource control creation

* fix(app): resource control fixes

* fix(api): fix an issue preventing administrator to inspect a resource with a RC

* refactor(api): remove useless error return

* refactor(api): document DecorateStacks function

* fix(api): fix invalid resource control type for container deletion

* feat(api): support Docker system networks

* feat(api): update Swagger docs

* refactor(api): rename transport variable

* refactor(api): rename transport variable

* feat(networks): add system tag for system networks

* feat(api): add support for resource control labels

* feat(api): upgrade to DBVersion 22

* refactor(api): refactor access control management in Docker proxy

* refactor(api): re-implement docker proxy taskListOperation

* refactor(api): review parameters declaration

* refactor(api): remove extra blank line

* refactor(api): review method comments

* fix(api): fix invalid ServerAddress property and review method visibility

* feat(api): update error message

* feat(api): update restrictedVolumeBrowserOperation method

* refactor(api): refactor method parameters

* refactor(api): minor refactor

* refactor(api): change Azure transport visibility

* refactor(api): update struct documentation

* refactor(api): update struct documentation

* feat(api): review restrictedResourceOperation method

* refactor(api): remove unused authorization methods

* feat(api): apply RBAC when enabled on stack operations

* fix(api): fix invalid data migration procedure for DBVersion = 22

* fix(app): RC duplicate on private resource

* feat(api): change Docker API version logic for libcompose/client factory

* fix(api): update access denied error message to be Docker API compliant

* fix(api): update volume browsing authorizations data migration

* fix(api): fix an issue with access control in multi-node agent Swarm cluster
2019-11-13 12:41:42 +13:00
Anthony Lapenna fb6f6738d9
fix(api): prevent the use of bind mounts in stacks if setting enabled (#3232) 2019-10-07 16:12:21 +13:00
Anthony Lapenna f7480c4ad4
feat(api): prevent non administrator users to use admin restricted API endpoints (#3227) 2019-10-07 16:10:51 +13:00
Anthony Lapenna 8057aa45c4
feat(extensions): introduce RBAC extension (#2900) 2019-05-24 18:04:58 +12:00
Anthony Lapenna 14845a4a53
refactor(api): refactor base import path (#2788)
* refactor(api): refactor base import path

* fix(build-system): update build_binary_devops

* fix(build-system): fix build_binary_devops for linux

* fix(build-system): fix build_binary_devops for Windows
2019-03-21 14:20:14 +13:00
Chaim Lev-Ari 9b4870d57e feat(stack-details): Add the ability to duplicate a stack (#2278)
* feat(stack-details): add duplicate-stack button

* feat(stack-details): add stack-duplication-form component

* feat(stack-details): add duplicate stack method on controller

* feat(stack-details): add duplicate stack method

* feat(stack-details): remove old duplication in progress flag

* feat(stack-details): combine migration and duplication forms

* feat(stack-details): pass new stack name to server

* feat(stack-details): add option to rename migrated stack

* feat(stack-details): disable both migrate/duplicate buttons

* feat(stack-details): disable migration button on same endpoint

* feat(stack-details): change duplicate icon

* style(stack-details): remove whitespaces and fix pattern

* feat(stack-details): add name to migration payload in swagger.yml

* style(stack-details): add semicolon

* bug(stack-details): toggle endpoints before and after duplication
2018-10-01 14:36:49 +13:00
Anthony Lapenna b24891a6bc
refactor(api): introduce libhttp usage (#2263) 2018-09-10 12:01:38 +02:00
Ricardo Cardona Ramirez e1e263d8c8 feat(UAC): change default ownership to admininstrators (#2137)
* #960 feat(UAC): change ownership to admins for externally created ressources

* feat(UAC): change ownership to admins for externally created resources

Deprecated AdministratorsOnly js and go backend

* #960 feat(UAC): remove AdministratorsOnly property and minor GUI  fixes

Update swagger definition changing AdministratorsOnly to Public

* #960 feat(UAC): fix create resource with access control data

* #960 feat(UAC): authorization of non-admin users for restricted operations

On stacks, containers networks, services , tasks and volumes.

* #960 feat(UAC): database migration to version 14

 The administrator resources are deleted and Public resources are now managed by admins

* #960 feat(UAC):  small fixes from PR #2137

* #960 feat(UAC): improve the readability of the source code

* feat(UAC) fix displayed ownership for Swarm related  resources  (#960)
2018-08-19 07:57:28 +02:00
Jan Jansen 76e1aa97e2 feat(stack-creation): add the ability to specify git reference (#1948) (#2063) 2018-07-24 16:11:35 +02:00
Anthony Lapenna ea7615d71c refactor(api): remove log statement 2018-07-22 20:51:43 +02:00
Anthony Lapenna 509e3fa795 fix(api): fix an issue with optional numeric query parameter parsing 2018-07-20 16:11:45 +02:00
Anthony Lapenna e15da005a5 feat(templates): support env variables in Compose stacks 2018-07-12 09:17:07 +02:00
Anthony Lapenna 61c285bd2e
feat(templates): introduce templates management (#2017) 2018-07-03 20:31:02 +02:00
Anthony Lapenna dbcc6a9624
fix(stack-creation): use numeric value for stack root folder name (#2000) 2018-06-25 14:48:28 +03:00
Anthony Lapenna 23b0d6f1dc fix(stack): fix an issue with stack migration 2018-06-20 21:02:53 +03:00
Anthony Lapenna a5bd2743f3 fix(stacks): fix an issue with stack update 2018-06-20 20:55:00 +03:00
Anthony Lapenna 0da9e564b9
feat(stacks): add the ability to migrate stacks to another endpoint (#1976)
* feat(stacks): add the ability to migrate stacks to another endpoint

* feat(stack-details): do not redirect to alternate endpoint after migration

* fix(api): fix merge conflicts

* feat(stack-details): add a modal to confirm stack migration
2018-06-19 17:28:40 +02:00
Anthony Lapenna d7ff14777f
refactor(api): restructure bolt package (#1981)
* refactor(api): bolt package refactor

* refactor(api): refactor bolt package
2018-06-19 13:15:10 +02:00
Anthony Lapenna b4c2820ad7
refactor(api): use a standard stack identifier (#1980) 2018-06-18 12:07:56 +02:00
Anthony Lapenna da5a430b8c
fix(api): add an authenticated access policy to the websocket endpoint (#1979)
* fix(api): add an authenticated access policy to the websocket endpoint

* refactor(api): centralize EndpointAccess validation

* feat(api): validate id query parameter for the /websocket/exec endpoint
2018-06-18 11:56:31 +02:00
Anthony Lapenna e1345416b4 feat(stacks): migrate stack data from previous portainer version 2018-06-15 18:14:01 +03:00
Anthony Lapenna e3d564325b
feat(stacks): support compose v2.0 stack (#1963) 2018-06-11 15:13:19 +02:00