LP B
179df06267
feat(app): rework private registries and support private registries in kubernetes EE-30 ( #5131 )
...
* feat(app): rework private registries and support private registries in kubernetes
[EE-30]
feat(api): backport private registries backend changes (#5072 )
* feat(api/bolt): backport bolt changes
* feat(api/exec): backport exec changes
* feat(api/http): backport http/handler/dockerhub changes
* feat(api/http): backport http/handler/endpoints changes
* feat(api/http): backport http/handler/registries changes
* feat(api/http): backport http/handler/stacks changes
* feat(api/http): backport http/handler changes
* feat(api/http): backport http/proxy/factory/azure changes
* feat(api/http): backport http/proxy/factory/docker changes
* feat(api/http): backport http/proxy/factory/utils changes
* feat(api/http): backport http/proxy/factory/kubernetes changes
* feat(api/http): backport http/proxy/factory changes
* feat(api/http): backport http/security changes
* feat(api/http): backport http changes
* feat(api/internal): backport internal changes
* feat(api): backport api changes
* feat(api/kubernetes): backport kubernetes changes
* fix(api/http): changes on backend following backport
feat(app): backport private registries frontend changes (#5056 )
* feat(app/docker): backport docker/components changes
* feat(app/docker): backport docker/helpers changes
* feat(app/docker): backport docker/views/container changes
* feat(app/docker): backport docker/views/images changes
* feat(app/docker): backport docker/views/registries changes
* feat(app/docker): backport docker/views/services changes
* feat(app/docker): backport docker changes
* feat(app/kubernetes): backport kubernetes/components changes
* feat(app/kubernetes): backport kubernetes/converters changes
* feat(app/kubernetes): backport kubernetes/models changes
* feat(app/kubernetes): backport kubernetes/registries changes
* feat(app/kubernetes): backport kubernetes/services changes
* feat(app/kubernetes): backport kubernetes/views/applications changes
* feat(app/kubernetes): backport kubernetes/views/configurations changes
* feat(app/kubernetes): backport kubernetes/views/configure changes
* feat(app/kubernetes): backport kubernetes/views/resource-pools changes
* feat(app/kubernetes): backport kubernetes/views changes
* feat(app/portainer): backport portainer/components/accessManagement changes
* feat(app/portainer): backport portainer/components/datatables changes
* feat(app/portainer): backport portainer/components/forms changes
* feat(app/portainer): backport portainer/components/registry-details changes
* feat(app/portainer): backport portainer/models changes
* feat(app/portainer): backport portainer/rest changes
* feat(app/portainer): backport portainer/services changes
* feat(app/portainer): backport portainer/views changes
* feat(app/portainer): backport portainer changes
* feat(app): backport app changes
* config(project): gitignore + jsconfig changes
gitignore all files under api/cmd/portainer but main.go and enable Code Editor autocomplete on import ... from '@/...'
fix(app): fix pull rate limit checker
fix(app/registries): sidebar menus and registry accesses users filtering
fix(api): add missing kube client factory
fix(kube): fetch dockerhub pull limits (#5133 )
fix(app): pre review fixes (#5142 )
* fix(app/registries): remove checkbox for endpointRegistries view
* fix(endpoints): allow access to default namespace
* fix(docker): fetch pull limits
* fix(kube/ns): show selected registries for non admin
Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>
chore(webpack): ignore missing sourcemaps
fix(registries): fetch registry config from url
feat(kube/registries): ignore not found when deleting secret
feat(db): move migration to db 31
fix(registries): fix bugs in PR EE-869 (#5169 )
* fix(registries): hide role
* fix(endpoints): set empty access policy to edge endpoint
* fix(registry): remove double arguments
* fix(admin): ignore warning
* feat(kube/configurations): tag registry secrets (#5157 )
* feat(kube/configurations): tag registry secrets
* feat(kube/secrets): show registry secrets for admins
* fix(registries): move dockerhub to beginning
* refactor(registries): use endpoint scoped registries
feat(registries): filter by namespace if supplied
feat(access-managment): filter users for registry (#5191 )
* refactor(access-manage): move users selector to component
* feat(access-managment): filter users for registry
refactor(registries): sync code with CE (#5200 )
* refactor(registry): add inspect handler under endpoints
* refactor(endpoint): sync endpoint_registries_list
* refactor(endpoints): sync registry_access
* fix(db): rename migration functions
* fix(registries): show accesses for admin
* fix(kube): set token on transport
* refactor(kube): move secret help to bottom
* fix(kuberentes): remove shouldLog parameter
* style(auth): add description of security.IsAdmin
* feat(security): allow admin access to registry
* feat(edge): connect to edge endpoint when creating client
* style(portainer): change deprecation version
* refactor(sidebar): hide manage
* refactor(containers): revert changes
* style(container): remove whitespace
* fix(endpoint): add handler to registy on endpointService
* refactor(image): use endpointService.registries
* fix(kueb/namespaces): rename resource pool to namespace
* fix(kube/namespace): move selected registries
* fix(api/registries): hide accesses on registry creation
Co-authored-by: LP B <xAt0mZ@users.noreply.github.com>
refactor(api): remove code duplication after rebase
fix(app/registries): replace last registry api usage by endpoint registry api
fix(api/endpoints): update registry access policies on endpoint deletion (#5226 )
[EE-1027]
fix(db): update db version
* fix(dockerhub): fetch rate limits
* fix(registry/tests): supply restricred context
* fix(registries): show proget registry only when selected
* fix(registry): create dockerhub registry
* feat(db): move migrations to db 32
Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>
2021-07-14 21:15:21 +12:00
Hui
caa6c15032
feat(k8s): advanced deployment from Git repo EE-447 ( #5166 )
...
* feat(stack): UI updates in git repo deployment method for k8s EE-640. (#5097 )
* feat(stack): UI updates in git repo deployment method for k8s EE-640.
* feat(stack): supports the combination of GIT + COMPOSE.
* feat(stack): rename variable
* feat(stack): add git repo deployment method for k8s EE-638
* cleanup
* update payload validation rules
* make repo ref optional in frond end
Co-authored-by: fhanportainer <79428273+fhanportainer@users.noreply.github.com>
2021-06-16 23:47:32 +02:00
Dmitry Salakhov
0b93714de4
feat(stacks): redeploy git stack [EE-161] ( #5139 )
...
* feat(git): save git config when creating stack (#5048 )
* feat(git): save git config when creating stack
* chore(fs): test fileExists
* fix(git): fix tests to use CloneRepository
* refactor(git): move options to new object
* feat(stacks): redeploy git stack api (#5112 )
* feat(stacks): redeploy git stacks form
[EE-666]
* feat(stack): show loading after confirmation
* fix(stacks): show same size description
* fix(stacks): reload state when deployed
* feat(stacks): set stopped stacks status to activate when updating
* feat(stacks): backup stack folder before cloning
* feat(stacks): don't accept prune and env on update git
Co-authored-by: Chaim Lev-Ari <chiptus@users.noreply.github.com>
Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>
2021-06-16 09:11:35 +12:00
Lukas Grotz
d09ae22ba8
feat(container): add sysctls setting in the container view ( #4910 )
...
* feat(container): add sysctls in the container view (#2756 )
* feat(container): add setting to restrict sysctl access
* feat(endpoint): move sysctl disable setting to security settings
* feat(container): add sysctls to container edit view
* fix(container) remove unnecessary migration setting
Co-authored-by: Owen Kirby <oskirby@gmail.com>
2021-04-12 19:40:45 +12:00
Dmitry Salakhov
4cbd231a5f
fix: normalize stack name only for libcompose ( #4862 )
...
* fix: normilize stack name only for libcompose
* fix
2021-03-14 20:08:31 +01:00
Chaim Lev-Ari
86ad1c6af1
feat(stacks): scope stack names to endpoint ( #4520 )
...
* refactor(stack): create unique name function
* refactor(stack): change stack resource control id
* feat(stacks): validate stack unique name in endpoint
* feat(stacks): prevent name collision with external stacks
* refactor(stacks): move resource id util
* refactor(stacks): supply resource id util with name and endpoint
* fix(docker): calculate swarm resource id
* feat(stack): prevent migration if stack name already exist
* feat(authorization): use stackutils
2021-02-23 21:18:05 +01:00
Chaim Lev-Ari
50b57614cf
docs(api): document apis with swagger ( #4678 )
...
* feat(api): introduce swagger
* feat(api): anottate api
* chore(api): tag endpoints
* chore(api): remove tags
* chore(api): add docs for oauth auth
* chore(api): document create endpoint api
* chore(api): document endpoint inspect and list
* chore(api): document endpoint update and snapshots
* docs(endpointgroups): document groups api
* docs(auth): document auth api
* chore(build): introduce a yarn script to build api docs
* docs(api): document auth
* docs(customtemplates): document customtemplates api
* docs(tags): document api
* docs(api): document the use of token
* docs(dockerhub): document dockerhub api
* docs(edgegroups): document edgegroups api
* docs(edgejobs): document api
* docs(edgestacks): doc api
* docs(http/upload): add security
* docs(api): document edge templates
* docs(edge): document edge jobs
* docs(endpointgroups): change description
* docs(endpoints): document missing apis
* docs(motd): doc api
* docs(registries): doc api
* docs(resourcecontrol): api doc
* docs(role): add swagger docs
* docs(settings): add swagger docs
* docs(api/status): add swagger docs
* docs(api/teammembership): add swagger docs
* docs(api/teams): add swagger docs
* docs(api/templates): add swagger docs
* docs(api/users): add swagger docs
* docs(api/webhooks): add swagger docs
* docs(api/webscokets): add swagger docs
* docs(api/stacks): swagger
* docs(api): fix missing apis
* docs(swagger): regen
* chore(build): remove docs from build
* docs(api): update tags
* docs(api): document tags
* docs(api): add description
* docs(api): rename jwt token
* docs(api): add info about types
* docs(api): document types
* docs(api): update request types annotation
* docs(api): doc registry and resource control
* chore(docs): add snippet
* docs(api): add description to role
* docs(api): add types for settings
* docs(status): add types
* style(swagger): remove documented code
* docs(http/upload): update docs with types
* docs(http/tags): add types
* docs(api/custom_templates): add types
* docs(api/teammembership): add types
* docs(http/teams): add types
* docs(http/stacks): add types
* docs(edge): add types to edgestack
* docs(http/teammembership): remove double returns
* docs(api/user): add types
* docs(http): fixes to make file built
* chore(snippets): add scope to swagger snippet
* chore(deps): install swag
* chore(swagger): remove handler
* docs(api): add description
* docs(api): ignore docs folder
* docs(api): add contributing guidelines
* docs(api): cleanup handler
* chore(deps): require swaggo
* fix(auth): fix typo
* fix(docs): make http ids pascal case
* feat(edge): add ids to http handlers
* fix(docs): add ids
* fix(docs): show correct api version
* chore(deps): remove swaggo dependency
* chore(docs): add install script for swag
2021-02-23 16:21:39 +13:00
Chaim Lev-Ari
46dec01fe3
feat(endpoint): relocate docker security settings ( #4657 )
...
* feat(endpoint): migrate security settings to endpoint
* feat(endpoint): check for specific endpoint settings
* feat(endpoint): check security settings
* feat(docker): add config page
* feat(endpoint): save settings page
* feat(endpoints): disable features when not agent
* feat(sidebar): hide docker settings for regular user
* fix(docker): small fixes in configs
* fix(volumes): hide browse button for non admins
* refactor(docker): introduce switch component
* refactor(components/switch): seprate label from switch
* feat(app/components): align switch label
* refactor(app/components): move switch css
* fix(docker/settings): add ngijnect
* feat(endpoints): set default security values
* style(portainer): sort types
* fix(endpoint): rename security heading
* fix(endpoints): update endpoints settings
2021-02-09 21:09:06 +13:00
Dmitry Salakhov
a71e71f481
feat(compose): add docker-compose wrapper ( #4713 )
...
* feat(compose): add docker-compose wrapper
ce-187
* fix(compose): pick compose implementation upon startup
* Add static compose build for linux
* Fix wget
* Fix platofrm specific docker-compose download
* Keep amd64 architecture as download parameter
* Add tmp folder for docker-compose
* fix: line endings
* add proxy server
* logs
* Proxy
* Add lite transport for compose
* Fix local deployment
* refactor: pass proxyManager by ref
* fix: string conversion
* refactor: compose wrapper remove unused code
* fix: tests
* Add edge
* Fix merge issue
* refactor: remove unused code
* Move server to proxy implementation
* Cleanup wrapper and manager
* feat: pass max supported compose syntax version with each endpoint
* fix: pick compose syntax version
* fix: store wrapper version in portainer
* Get and show composeSyntaxMaxVersion at stack creation screen
* Get and show composeSyntaxMaxVersion at stack editor screen
* refactor: proxy server
* Fix used tmp
* Bump docker-compose to 1.28.0
* remove message for docker compose limitation
* fix: markup typo
* Rollback docker compose to 1.27.4
* * attempt to fix the windows build issue
* * attempt to debug grunt issue
* * use console log in grunt file
* fix: try to fix windows build by removing indirect deps from go.mod
* Remove tmp folder
* Remove builder stage
* feat(build/windows): add git for Docker Compose
* feat(build/windows): add git for Docker Compose
* feat(build/windows): add git for Docker Compose
* feat(build/windows): add git for Docker Compose
* feat(build/windows): add git for Docker Compose
* feat(build/windows): add git for Docker Compose - fixed verbose output
* refactor: renames
* fix(stack): get endpoint by EndpointProvider
* fix(stack): use margin to add space between line instead of using br tag
Co-authored-by: Stéphane Busso <stephane.busso@gmail.com>
Co-authored-by: Simon Meng <simon.meng@portainer.io>
Co-authored-by: yi-portainer <yi.chen@portainer.io>
Co-authored-by: Steven Kang <skan070@gmail.com>
2021-01-26 08:16:53 +13:00
Chaim Lev-Ari
cbd7fdc62e
feat(docker/stacks): introduce date info for stacks ( #4660 )
...
* feat(docker/stacks): add creation and update dates
* feat(docker/stacks): put ownership column as the last column
* feat(docker/stacks): fix the no stacks message
* refactor(docker/stacks): make external stacks helpers more readable
* feat(docker/stacks): add updated and created by
* feat(docker/stacks): toggle updated column
* refactor(datatable): create column visibility component
Co-authored-by: alice groux <alice.grx@gmail.com>
2021-01-12 12:38:49 +13:00
Yi Chen
7975ef796d
Revert "feat(docker/stacks): add creation and update dates ( #4418 )" ( #4606 )
...
This reverts commit bd98b8956a
.
2020-12-17 13:33:45 +13:00
Alice Groux
bd98b8956a
feat(docker/stacks): add creation and update dates ( #4418 )
...
* feat(docker/stacks): add creation and update dates
* feat(docker/stacks): put ownership column as the last column
* feat(docker/stacks): fix the no stacks message
2020-12-16 16:11:59 +13:00
Chaim Lev-Ari
4d5836138b
feat(stacks): add the ability to stop a stack ( #4042 )
...
* feat(stacks): add stack status
* feat(stacks): add empty start/stop handlers
* feat(stacks): show start/stop button
* feat(stacks): implement stack stop
* feat(stacks): implement start stack
* feat(stacks): filter by active/inactive stacks
* fix(stacks): update authorizations for stack start/stop
* feat(stacks): assign default status on create
* fix(bolt): fix import
* fix(stacks): show external stacks
* fix(stacks): reload on stop/start
* feat(stacks): confirm before stop
2020-08-04 10:18:53 +12:00
Chaim Lev-Ari
1a3f77137a
feat(settings): introduce setting to disable container caps for non-admins ( #4109 )
...
* feat(settings): introduce settings to allow/disable
* feat(settings): update the setting
* feat(docker): prevent user from using caps if disabled
* refactor(stacks): revert file
* style(api): remove portainer ns
2020-07-28 19:08:15 +12:00
Chaim Lev-Ari
07efd4bdda
feat(settings): add setting to disable device mapping for regular users ( #4099 )
...
* feat(settings): add setting to disable device mapping for regular users
* feat(settings): introduce device mapping service
* feat(containers): hide devices field when setting is on
* feat(containers): prevent passing of devices when not allowed
* feat(stacks): prevent non admin from device mapping
* feat(stacks): disallow swarm stack creation for user
* refactor(settings): replace disableDeviceMapping with allow
* fix(stacks): remove check for disable device mappings from swarm
* feat(settings): rename field to disable
* feat(settings): supply default value for disableDeviceMapping
* feat(container): check for endpoint admin
* style(server): sort imports
2020-07-27 09:31:14 +12:00
Chaim Lev-Ari
adf33385ce
feat(containers): Prevent non-admin users from running containers using the host namespace pid ( #4098 )
...
* feat(containers): prevent non-admin users from running containers using the host namespace pid (#3970 )
* feat(containers): Prevent non-admin users from running containers using the host namespace pid
* feat(containers): add rbac check for swarm stack too
* feat(containers): remove forgotten conflict
* feat(containers): init EnableHostNamespaceUse to true and return 403 on forbidden action
* feat(containers): change enableHostNamespaceUse to restrictHostNamespaceUse in html
* feat(settings): rename EnableHostNamespaceUse to AllowHostNamespaceForRegularUsers
* feat(database): trigger migration for AllowHostNamespace
* feat(containers): check container creation authorization
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
2020-07-25 11:14:46 +12:00
Chaim Lev-Ari
6f6bc24efd
feat(containers): Ensure users cannot create privileged containers via the API ( #3969 ) ( #4077 )
...
* feat(containers): Ensure users cannot create privileged containers via the API
* feat(containers): add rbac check in stack creation
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
2020-07-23 06:38:45 +12:00
Chaim Lev-Ari
db4a5292be
refactor(errors): reorganize errors ( #3938 )
...
* refactor(bolt): move ErrObjectNotFound to bolt
* refactor(http): move ErrUnauthorized to http package
* refactor(http): move ErrResourceAccessDenied to http errors
* refactor(http): move security errors to package
* refactor(users): move user errors to users package
* refactor(errors): move single errors to their package
* refactor(schedules): move schedule error to package
* refactor(http): move endpoint error to http package
* refactor(docker): move docker errors to package
* refactor(filesystem): move filesystem errors to package
* refactor(errors): remove portainer.Error
* style(chisel): reorder imports
* fix(stacks): remove portainer.Error
2020-07-08 09:57:52 +12:00
Anthony Lapenna
25103f08f9
feat(api): introduce new datastore interface ( #3802 )
...
* feat(api): introduce new datastore interface
* refactor(api): refactor http and main layers
* refactor(api): refactor http and bolt layers
2020-06-03 11:40:04 +12:00
Anthony Lapenna
130c188717
fix(libcompose): apply same normalize name rule as libcompose on stack name ( #3395 )
2019-11-24 14:28:07 +13:00
Anthony Lapenna
19d4db13be
feat(api): rewrite access control management in Docker ( #3337 )
...
* feat(api): decorate Docker resource creation response with resource control
* fix(api): fix a potential resource control conflict between stacks/volumes
* feat(api): generate a default private resource control instead of admin only
* fix(api): fix default RC value
* fix(api): update RC authorizations check to support admin only flag
* refactor(api): relocate access control related methods
* fix(api): fix a potential conflict when fetching RC from database
* refactor(api): refactor access control logic
* refactor(api): remove the concept of DecoratedStack
* feat(api): automatically remove RC when removing a Docker resource
* refactor(api): update filter resource methods documentation
* refactor(api): update proxy package structure
* refactor(api): renamed proxy/misc package
* feat(api): re-introduce ResourceControlDelete operation as admin restricted
* refactor(api): relocate default endpoint authorizations
* feat(api): migrate RBAC data
* feat(app): ResourceControl management refactor
* fix(api): fix access control issue on stack deletion and automatically delete RC
* fix(api): fix stack filtering
* fix(api): fix UpdateResourceControl operation checks
* refactor(api): introduce a NewTransport builder method
* refactor(api): inject endpoint in Docker transport
* refactor(api): introduce Docker client into Docker transport
* refactor(api): refactor http/proxy package
* feat(api): inspect a Docker resource labels during access control validation
* fix(api): only apply automatic resource control creation on success response
* fix(api): fix stack access control check
* fix(api): use StatusCreated instead of StatusOK for automatic resource control creation
* fix(app): resource control fixes
* fix(api): fix an issue preventing administrator to inspect a resource with a RC
* refactor(api): remove useless error return
* refactor(api): document DecorateStacks function
* fix(api): fix invalid resource control type for container deletion
* feat(api): support Docker system networks
* feat(api): update Swagger docs
* refactor(api): rename transport variable
* refactor(api): rename transport variable
* feat(networks): add system tag for system networks
* feat(api): add support for resource control labels
* feat(api): upgrade to DBVersion 22
* refactor(api): refactor access control management in Docker proxy
* refactor(api): re-implement docker proxy taskListOperation
* refactor(api): review parameters declaration
* refactor(api): remove extra blank line
* refactor(api): review method comments
* fix(api): fix invalid ServerAddress property and review method visibility
* feat(api): update error message
* feat(api): update restrictedVolumeBrowserOperation method
* refactor(api): refactor method parameters
* refactor(api): minor refactor
* refactor(api): change Azure transport visibility
* refactor(api): update struct documentation
* refactor(api): update struct documentation
* feat(api): review restrictedResourceOperation method
* refactor(api): remove unused authorization methods
* feat(api): apply RBAC when enabled on stack operations
* fix(api): fix invalid data migration procedure for DBVersion = 22
* fix(app): RC duplicate on private resource
* feat(api): change Docker API version logic for libcompose/client factory
* fix(api): update access denied error message to be Docker API compliant
* fix(api): update volume browsing authorizations data migration
* fix(api): fix an issue with access control in multi-node agent Swarm cluster
2019-11-13 12:41:42 +13:00
Anthony Lapenna
fb6f6738d9
fix(api): prevent the use of bind mounts in stacks if setting enabled ( #3232 )
2019-10-07 16:12:21 +13:00
Anthony Lapenna
14845a4a53
refactor(api): refactor base import path ( #2788 )
...
* refactor(api): refactor base import path
* fix(build-system): update build_binary_devops
* fix(build-system): fix build_binary_devops for linux
* fix(build-system): fix build_binary_devops for Windows
2019-03-21 14:20:14 +13:00
Anthony Lapenna
b24891a6bc
refactor(api): introduce libhttp usage ( #2263 )
2018-09-10 12:01:38 +02:00
Jan Jansen
76e1aa97e2
feat(stack-creation): add the ability to specify git reference ( #1948 ) ( #2063 )
2018-07-24 16:11:35 +02:00
Anthony Lapenna
e15da005a5
feat(templates): support env variables in Compose stacks
2018-07-12 09:17:07 +02:00
Anthony Lapenna
dbcc6a9624
fix(stack-creation): use numeric value for stack root folder name ( #2000 )
2018-06-25 14:48:28 +03:00
Anthony Lapenna
a5bd2743f3
fix(stacks): fix an issue with stack update
2018-06-20 20:55:00 +03:00
Anthony Lapenna
b4c2820ad7
refactor(api): use a standard stack identifier ( #1980 )
2018-06-18 12:07:56 +02:00
Anthony Lapenna
e3d564325b
feat(stacks): support compose v2.0 stack ( #1963 )
2018-06-11 15:13:19 +02:00