* feat(access-token): Multi-auth middleware support EE-1891 (#5936)
* AnyAuth middleware initial implementation with tests
* using mux.MiddlewareFunc instead of custom definition
* removed redundant comments
* - ExtractBearerToken bouncer func made private
- changed helm token handling functionality to use jwt service to convert token to jwt string
- updated tests
- fixed helm list broken test due to missing token in request context
* rename mwCheckAuthentication -> mwCheckJWTAuthentication
* - introduce initial api-key auth support using X-API-KEY header
- added tests to validate x-api-key request header presence
* updated core mwAuthenticatedUser middleware to support multiple auth paradigms
* - simplified anyAuth middleware
- enforcing authmiddleware to implement verificationFunc interface
- created tests for middleware
* simplify bouncer
Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com>
* feat(api-key): user-access-token generation endpoint EE-1889 EE-1888 EE-1895 (#6012)
* user-access-token generation endpoint
* fix comment
* - introduction of apikey service
- seperation of repository from service logic - called in handler
* fixed tests
* - fixed api key prefix
- added tests
* added another test for digest matching
* updated swagger spec for access token creation
* api key response returns raw key and struct - easing testability
* test for api key prefix length
* added another TODO to middleware
* - api-key prefix rune -> string (rune does not auto-encode when response sent back to client)
- digest -> pointer as we want to allow nil values and omit digest in responses (when nil)
* - updated apikey struct
- updated apikey service to support all common operations
- updated apikey repo
- integration of apikey service into bouncer
- added test for all apikey service functions
- boilerplate code for apikey service integration
* - user access token generation tests
- apiKeyLookup updated to support query params
- added api-key tests for query params
- added api-key tests for apiKeyLookup
* get and remove access token handlers
* get and remove access token handler tests
* - delete user deletes all associated api keys
- tests for this functionality
* removed redundant []byte cast
* automatic api-key eviction set within cache for 1 hour
* fixed bug with loop var using final value
* fixed service comment
* ignore bolt error responses
* case-insensitive query param check
* simplified query var assignment
* - added GetAPIKey func to get by unique id
- updated DeleteAPIKey func to not require user ID
- updated tests
* GenerateRandomKey helper func from github.com/gorilla/securecookie moved to codebase
* json response casing for api-keys fixed
* updating api-key will update the cache
* updated golang LRU cache
* using hashicorps golang-LRU cache for api keys
* simplified jwt check in create user access token
* fixed api-key update logic on cache miss
* Prefix generated api-keys with `ptr_` (#6067)
* prefix api-keys with 'ptr_'
* updated apikey description
* refactor
Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com>
* helm list test refactor
* fixed user delete test
* reduce test nil pointer errors
* using correct http 201 created status code for token creation; updated tests
* fixed swagger doc user id path param for user access token based endpoints
* added api-key security openapi spec to existing jwt secured endpoints (#6091)
* fixed flaky test
* apikey datecreated and lastused attrs converted to unix timestamp
* feat(user): added access token datatable. (#6124)
* feat(user): added access token datatable.
* feat(tokens): only display lastUsed time when it is not the default date
* Update app/portainer/views/account/accountController.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* Update app/portainer/views/account/accountController.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* Update app/portainer/views/account/accountController.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* Update app/portainer/components/datatables/access-tokens-datatable/accessTokensDatatableController.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* Update app/portainer/services/api/userService.js
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* feat(improvements): proposed datatable improvements to speed up dev time (#6138)
* modal code update
* updated datatable filenames, updated controller to be default class export
* fix(access-token): code improvement.
Co-authored-by: zees-dev <63374656+zees-dev@users.noreply.github.com>
* feat(apikeys): create access token view initial implementation EE-1886 (#6129)
* CopyButton implementation
* Code component implementation
* ToolTip component migration to another folder
* TextTip component implementation - continued
* form Heading component
* Button component updated to be more dynamic
* copybutton - small size
* form control pass tip error
* texttip small text
* CreateAccessToken react feature initial implementation
* create user access token angularjs view implementation
* registration of CreateAccessToken component in AngularJS
* user token generation API request moved to angular service, method passed down instead
* consistent naming of access token operations; clustered similar code together
* any user can add access token
* create access token page routing
* moved code component to the correct location
* removed isadmin check as all functionality applicable to all users
* create access token angular view moved up a level
* fixed PR issues, updated PR
* addressed PR issues/improvements
* explicit hr for horizontal line
* fixed merge conflict storybook build breaking
* - apikey test
- cache test
* addressed testing issues:
- description validations
- remove token description link on table
* fix(api-keys): user role change evicts user keys in cache EE-2113 (#6168)
* user role change evicts user api keys in cache
* EvictUserKeyCache -> InvalidateUserKeyCache
* godoc for InvalidateUserKeyCache func
* additional test line
* disable add access token button after adding token to prevent spam
Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com>
Co-authored-by: fhanportainer <79428273+fhanportainer@users.noreply.github.com>
This fixes a bug where image/registry names that contain a port number were inadvertently truncated (because port numbers are specified with a colon, just like the image tag).
For example, updating an image named `registry.example.com:5000/myimage:oldtag` with the new image tag `newtag` was incorrectly transformed into `registry.example.com:newtag`
* github workflow to generate and validate openapi spec
* updated github workflow name to remove spaces and be more explicit
* added swagger-cli globally to reduce dep installation times
* removed redundant webhook payload in GET request
* fixed edgeGroupList OAS3 response model
* updated CI pipeline to convert OAS2 to OAS3 and validate OAS3 instead
* updated pipeline name to be more explicit
* removed redundant swagger-cli dependency as we are using swagger2openapi only in github CI
* fixed bug with no validation - using swagger-cli to validate
* fix(helm): allow clearing global helm repo EE-1965
* fix(helm): show hint if global helm repo is blank EE-1965
* fix(helm): skip loading charts if repo is blank EE-1965
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* skip validating default helm repo to allow offline saving of settings. Default repo is hardcoded and correct.
* dont validate the helm repo if the repo hasn't changed or is the default
* fix logic
* allow settings to be saved offline. Due to helm repo validation not working for bitnami when offline!
* @hookenz
dont validate the helm repo if the repo hasn't changed or is the default
* fix(namespaces): remove the stacks from the data store when deleting their corresponding Kubernetes namespace EE-1872
* add endpoint ID checking
Co-authored-by: andres-portainer <andres-portainer@users.noreply.github.com>
Co-authored-by: ArrisLee <arris_li@hotmail.com>
* fix(namespaces): remove the stacks from the data store when deleting their corresponding Kubernetes namespace EE-1872
* add endpoint ID checking
Co-authored-by: andres-portainer <andres-portainer@users.noreply.github.com>
Co-authored-by: ArrisLee <arris_li@hotmail.com>
* fix(stack) normalize stack name EE-1701
* fix(stack) normalize swarm stack name and fix rebase error EE-1701
* fix(stack) add front end stack name validation EE-1701
* fix(stack) make stack name regex as a const EE-1701
* fix(stack) reuse stack name regex for compose and swarm EE-1701
* fix(stack) add name validation for stack duplication form EE-1701
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* feat(stack): backport changes to CE EE-1189
* feat(stack): front end backport changes to CE EE-1199 (#5455)
* feat(stack): front end backport changes to CE EE-1199
* fix k8s deploy logic
* fixed web editor confirmation message typo. EE-1501
* fix(stack): fixed issue auth detail not remembered EE-1502 (#5459)
* show status in buttons
* removed onChangeRef function.
* moved buttons in git form to its own component
* removed unused variable.
Co-authored-by: ArrisLee <arris_li@hotmail.com>
* moved formvalue to kube app component
* fix(stack): failed to pull and redeploy compose format k8s stack
* fixed form value
* fix(k8s): file content overridden when deployment failed with compose format EE-1548
* updated API response to get IsComposeFormat and show appropriate text.
* feat(k8s): front end backport to CE
* feat(kube): kube app auto update backend (#5547)
* error message updates for different file type
* not display creation source for external application
* added confirmation modal to advanced app created by web editor
* stop showing confirmation modal when updating application
* disable rollback button when application type is not applicatiom form
* only update file after deployment succeded
* Revert "only update file after deployment succeded"
This reverts commit b94bd2e96f.
* fix(k8s): file content overridden when deployment failed with compose format EE-1556
* added analytics-on directive to pull and redeploy button
* fix(kube): don't valide resource control access for kube (#5568)
* added missing question mark to k8s confirmation modal
* fixed webhook format issue
* added question marks to k8s app confirmation modal
* added space in additional file list.
* ignoring error on deletion
* fix(k8s): Git authentication info not persisted
* added RepositoryMechanismTypes constant
* updated analytics functions
* covert RepositoryMechanism to constant
* fixed typo
* removed unused function.
* post tech review updates
* fixed save settings n redeploy button
* refact kub deploy logic
* Revert "refact kub deploy logic"
This reverts commit cbfdd58ece.
* feat(k8s): utilize user token for k8s auto update EE-1594
* feat(k8s): persist kub stack name EE-1630
* feat(k8s): support delete kub stack
* fix(app): updated logic to delete stack for different kind apps. (#5648)
* fix(app): updated logic to delete stack for different kind apps.
* renamed variable
* fix import
* added StackName field.
* fixed stack id not found issue.
* fix(k8s): fixed qusetion mark alignment issue in PAT field. (#5611)
* fix(k8s): fixed qusetion mark alignment issue in PAT field.
* moved inline css to file.
* fix(git-form: made auth input text full width
* add ignore deleted arg
* tech review updates
* typo fix
* fix(k8s): added console error when deleting k8s service.
* fix(console): added no-console config
* fix(deploy): added missing service.
* fix: use stack editor as an owner when exists (#5678)
* fix: tempalte/content based stacks edit/delete
* fix(stack): remove stack when no app. (#5769)
* fix(stack): remove stack when no app.
* support compose format in delete
Co-authored-by: ArrisLee <arris_li@hotmail.com>
Co-authored-by: Hui <arris_li@hotmail.com>
Co-authored-by: fhanportainer <79428273+fhanportainer@users.noreply.github.com>
Co-authored-by: Felix Han <felix.han@portainer.io>
* helm lib update
* helm handler requires kubernetes deployer to modify helm deployed resources
* AddAppLabels updated to be more generic - support for adding multiple labels using map
* path installed helm release manifest with portainer labels using kubectl
* updated helm handler unit tests to use mock KubernetesDeployer
* adding labels to manifest retrieved from release
* optional namespace support for k8s raw manifest deployment
* - inline postprocessing support when extracting
- get namespace from yaml support
- added and updated tests
* lowercase error wrapping
* updated libhelm dep
* feat(kubeshell) allow overriding default kubeshell
* Add missing error check and struct tag
* Add migrator for kube shell image and add it as a default in the db
* Fix file name to match migrator pattern
* remove default as it's now coming from the db
* remove blank line
* - conflict resolution code update
- logging migration error on migration failures
* - migrateDBVersionTo34 -> migrateDBVersionToDB34 (naming consistency)
Co-authored-by: zees-dev <dev.786zshan@gmail.com>
* fix(k8s): EE-1585: the K8s API uses other mediatypes, so we can't rely on parsing JSON bodies for security.
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
* fix(k8s): EE-1511 add striped prefix back to location header if response status is 301 moved permanently
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
* feat(k8s): EE-1631:improve the secrets handling by removing un-necessary code
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
* backport migration EE code structure
* filesystem copy function
* set db status to updating before migration - reset on completion
* support for auto-backup on version upgrade
* - rollback cli flag support (with confirmation)
- rollback implementation backport from EE
* removed edition as it is not required in CE
* migrated test datastore from bolttest to bolt package to make it usable for testing
* backported failsafe migration
* - backported tests from EE
- refactored tests to use test datastore
* test store implementing datastore interface
* addressed PR issues/improvements
* refactor test
* added backup file removal error logging
* resolved conflicts, updated code
* fixed missing bolttest package - migrated to bolt
* feat(migration): wrap migration errors to provide context for failure EE-1742 (#5711)
* feat(migrator): wrap errors to provide more context to failures EE-1742
* add overall failure back in. diff log file
* updated helm tests pointing to correct teststore
Co-authored-by: Matt Hook <hookenz@gmail.com>