package portainer import ( "context" "io" "time" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/volume" gittypes "github.com/portainer/portainer/api/git/types" models "github.com/portainer/portainer/api/http/models/kubernetes" "github.com/portainer/portainer/pkg/featureflags" v1 "k8s.io/api/core/v1" ) type ( // AccessPolicy represent a policy that can be associated to a user or team AccessPolicy struct { // Role identifier. Reference the role that will be associated to this access policy RoleID RoleID `json:"RoleId" example:"1"` } // AgentPlatform represents a platform type for an Agent AgentPlatform int // AuthenticationMethod represents the authentication method used to authenticate a user AuthenticationMethod int // Authorization represents an authorization associated to an operation Authorization string // Authorizations represents a set of authorizations associated to a role Authorizations map[Authorization]bool //AutoUpdateSettings represents the git auto sync config for stack deployment AutoUpdateSettings struct { // Auto update interval Interval string `example:"1m30s"` // A UUID generated from client Webhook string `example:"05de31a2-79fa-4644-9c12-faa67e5c49f0"` // Autoupdate job id JobID string `example:"15"` // Force update ignores repo changes ForceUpdate bool `example:"false"` // Pull latest image ForcePullImage bool `example:"false"` } // AzureCredentials represents the credentials used to connect to an Azure // environment(endpoint). AzureCredentials struct { // Azure application ID ApplicationID string `json:"ApplicationID" example:"eag7cdo9-o09l-9i83-9dO9-f0b23oe78db4"` // Azure tenant ID TenantID string `json:"TenantID" example:"34ddc78d-4fel-2358-8cc1-df84c8o839f5"` // Azure authentication key AuthenticationKey string `json:"AuthenticationKey" example:"cOrXoK/1D35w8YQ8nH1/8ZGwzz45JIYD5jxHKXEQknk="` } // OpenAMTConfiguration represents the credentials and configurations used to connect to an OpenAMT MPS server OpenAMTConfiguration struct { Enabled bool `json:"enabled"` MPSServer string `json:"mpsServer"` MPSUser string `json:"mpsUser"` MPSPassword string `json:"mpsPassword"` MPSToken string `json:"mpsToken"` // retrieved from API CertFileName string `json:"certFileName"` CertFileContent string `json:"certFileContent"` CertFilePassword string `json:"certFilePassword"` DomainName string `json:"domainName"` } // OpenAMTDeviceInformation represents an AMT managed device information OpenAMTDeviceInformation struct { GUID string `json:"guid"` HostName string `json:"hostname"` ConnectionStatus bool `json:"connectionStatus"` PowerState PowerState `json:"powerState"` EnabledFeatures *OpenAMTDeviceEnabledFeatures `json:"features"` } // OpenAMTDeviceEnabledFeatures represents an AMT managed device features information OpenAMTDeviceEnabledFeatures struct { Redirection bool `json:"redirection"` KVM bool `json:"KVM"` SOL bool `json:"SOL"` IDER bool `json:"IDER"` UserConsent string `json:"userConsent"` } // PowerState represents an AMT managed device power state PowerState int FDOConfiguration struct { Enabled bool `json:"enabled"` OwnerURL string `json:"ownerURL"` OwnerUsername string `json:"ownerUsername"` OwnerPassword string `json:"ownerPassword"` } // FDOProfileID represents a fdo profile id FDOProfileID int FDOProfile struct { ID FDOProfileID `json:"id"` Name string `json:"name"` FilePath string `json:"filePath"` NumberDevices int `json:"numberDevices"` DateCreated int64 `json:"dateCreated"` } // CLIFlags represents the available flags on the CLI CLIFlags struct { Addr *string AddrHTTPS *string TunnelAddr *string TunnelPort *string AdminPassword *string AdminPasswordFile *string Assets *string Data *string FeatureFlags *[]string DemoEnvironment *bool EnableEdgeComputeFeatures *bool EndpointURL *string Labels *[]Pair Logo *string NoAnalytics *bool Templates *string TLS *bool TLSSkipVerify *bool TLSCacert *string TLSCert *string TLSKey *string HTTPDisabled *bool HTTPEnabled *bool SSL *bool SSLCert *string SSLKey *string Rollback *bool SnapshotInterval *string BaseURL *string InitialMmapSize *int MaxBatchSize *int MaxBatchDelay *time.Duration SecretKeyName *string LogLevel *string LogMode *string } // CustomTemplateVariableDefinition CustomTemplateVariableDefinition struct { Name string `json:"name" example:"MY_VAR"` Label string `json:"label" example:"My Variable"` DefaultValue string `json:"defaultValue" example:"default value"` Description string `json:"description" example:"Description"` } // CustomTemplate represents a custom template CustomTemplate struct { // CustomTemplate Identifier ID CustomTemplateID `json:"Id" example:"1"` // Title of the template Title string `json:"Title" example:"Nginx"` // Description of the template Description string `json:"Description" example:"High performance web server"` // Path on disk to the repository hosting the Stack file ProjectPath string `json:"ProjectPath" example:"/data/custom_template/3"` // Path to the Stack file EntryPoint string `json:"EntryPoint" example:"docker-compose.yml"` // User identifier who created this template CreatedByUserID UserID `json:"CreatedByUserId" example:"3"` // A note that will be displayed in the UI. Supports HTML content Note string `json:"Note" example:"This is my custom template"` // Platform associated to the template. // Valid values are: 1 - 'linux', 2 - 'windows' Platform CustomTemplatePlatform `json:"Platform" example:"1" enums:"1,2"` // URL of the template's logo Logo string `json:"Logo" example:"https://portainer.io/img/logo.svg"` // Type of created stack: // * 1 - swarm // * 2 - compose // * 3 - kubernetes Type StackType `json:"Type" example:"1" enums:"1,2,3"` ResourceControl *ResourceControl `json:"ResourceControl"` Variables []CustomTemplateVariableDefinition GitConfig *gittypes.RepoConfig `json:"GitConfig"` // IsComposeFormat indicates if the Kubernetes template is created from a Docker Compose file IsComposeFormat bool `example:"false"` // EdgeTemplate indicates if this template purpose for Edge Stack EdgeTemplate bool `example:"false"` } // CustomTemplateID represents a custom template identifier CustomTemplateID int // CustomTemplatePlatform represents a custom template platform CustomTemplatePlatform int // DockerHub represents all the required information to connect and use the // Docker Hub DockerHub struct { // Is authentication against DockerHub enabled Authentication bool `json:"Authentication" example:"true"` // Username used to authenticate against the DockerHub Username string `json:"Username" example:"user"` // Password used to authenticate against the DockerHub Password string `json:"Password,omitempty" example:"passwd"` } // DockerSnapshot represents a snapshot of a specific Docker environment(endpoint) at a specific time DockerSnapshot struct { Time int64 `json:"Time"` DockerVersion string `json:"DockerVersion"` Swarm bool `json:"Swarm"` TotalCPU int `json:"TotalCPU"` TotalMemory int64 `json:"TotalMemory"` RunningContainerCount int `json:"RunningContainerCount"` StoppedContainerCount int `json:"StoppedContainerCount"` HealthyContainerCount int `json:"HealthyContainerCount"` UnhealthyContainerCount int `json:"UnhealthyContainerCount"` VolumeCount int `json:"VolumeCount"` ImageCount int `json:"ImageCount"` ServiceCount int `json:"ServiceCount"` StackCount int `json:"StackCount"` SnapshotRaw DockerSnapshotRaw `json:"DockerSnapshotRaw"` NodeCount int `json:"NodeCount"` GpuUseAll bool `json:"GpuUseAll"` GpuUseList []string `json:"GpuUseList"` } // DockerContainerSnapshot is an extent of Docker's Container struct // It contains some information of Docker's ContainerJSON struct DockerContainerSnapshot struct { types.Container Env []string `json:"Env,omitempty"` // EE-5240 } // DockerSnapshotRaw represents all the information related to a snapshot as returned by the Docker API DockerSnapshotRaw struct { Containers []DockerContainerSnapshot `json:"Containers" swaggerignore:"true"` Volumes volume.ListResponse `json:"Volumes" swaggerignore:"true"` Networks []types.NetworkResource `json:"Networks" swaggerignore:"true"` Images []types.ImageSummary `json:"Images" swaggerignore:"true"` Info types.Info `json:"Info" swaggerignore:"true"` Version types.Version `json:"Version" swaggerignore:"true"` } // EdgeGroup represents an Edge group EdgeGroup struct { // EdgeGroup Identifier ID EdgeGroupID `json:"Id" example:"1"` Name string `json:"Name"` Dynamic bool `json:"Dynamic"` TagIDs []TagID `json:"TagIds"` Endpoints []EndpointID `json:"Endpoints"` PartialMatch bool `json:"PartialMatch"` } // EdgeGroupID represents an Edge group identifier EdgeGroupID int // EdgeJob represents a job that can run on Edge environments(endpoints). EdgeJob struct { // EdgeJob Identifier ID EdgeJobID `json:"Id" example:"1"` Created int64 `json:"Created"` CronExpression string `json:"CronExpression"` Endpoints map[EndpointID]EdgeJobEndpointMeta `json:"Endpoints"` EdgeGroups []EdgeGroupID `json:"EdgeGroups"` Name string `json:"Name"` ScriptPath string `json:"ScriptPath"` Recurring bool `json:"Recurring"` Version int `json:"Version"` // Field used for log collection of Endpoints belonging to EdgeGroups GroupLogsCollection map[EndpointID]EdgeJobEndpointMeta } // EdgeJobEndpointMeta represents a meta data object for an Edge job and Environment(Endpoint) relation EdgeJobEndpointMeta struct { LogsStatus EdgeJobLogsStatus CollectLogs bool } // EdgeJobID represents an Edge job identifier EdgeJobID int // EdgeJobLogsStatus represent status of logs collection job EdgeJobLogsStatus int // EdgeSchedule represents a scheduled job that can run on Edge environments(endpoints). // // Deprecated: in favor of EdgeJob EdgeSchedule struct { // EdgeSchedule Identifier ID ScheduleID `json:"Id" example:"1"` CronExpression string `json:"CronExpression"` Script string `json:"Script"` Version int `json:"Version"` Endpoints []EndpointID `json:"Endpoints"` } // StackDeploymentInfo records the information of a deployed stack StackDeploymentInfo struct { // Version is the version of the stack and also is the deployed version in edge agent Version int `json:"Version"` // FileVersion is the version of the stack file, used to detect changes FileVersion int `json:"FileVersion"` // ConfigHash is the commit hash of the git repository used for deploying the stack ConfigHash string `json:"ConfigHash"` } //EdgeStack represents an edge stack EdgeStack struct { // EdgeStack Identifier ID EdgeStackID `json:"Id" example:"1"` Name string `json:"Name"` Status map[EndpointID]EdgeStackStatus `json:"Status"` // StatusArray map[EndpointID][]EdgeStackStatus `json:"StatusArray"` CreationDate int64 `json:"CreationDate"` EdgeGroups []EdgeGroupID `json:"EdgeGroups"` ProjectPath string `json:"ProjectPath"` EntryPoint string `json:"EntryPoint"` Version int `json:"Version"` NumDeployments int `json:"NumDeployments"` ManifestPath string DeploymentType EdgeStackDeploymentType // Uses the manifest's namespaces instead of the default one UseManifestNamespaces bool // Deprecated Prune bool `json:"Prune,omitempty"` } EdgeStackDeploymentType int //EdgeStackID represents an edge stack id EdgeStackID int EdgeStackStatusDetails struct { Pending bool Ok bool Error bool Acknowledged bool Remove bool RemoteUpdateSuccess bool ImagesPulled bool } //EdgeStackStatus represents an edge stack status EdgeStackStatus struct { Status []EdgeStackDeploymentStatus EndpointID EndpointID // EE only feature DeploymentInfo StackDeploymentInfo // Deprecated Details EdgeStackStatusDetails // Deprecated Error string // Deprecated Type EdgeStackStatusType `json:"Type"` } // EdgeStackDeploymentStatus represents an edge stack deployment status EdgeStackDeploymentStatus struct { Time int64 Type EdgeStackStatusType Error string // EE only feature RollbackTo *int } //EdgeStackStatusType represents an edge stack status type EdgeStackStatusType int PendingActionsID int PendingActions struct { ID PendingActionsID `json:"ID"` EndpointID EndpointID `json:"EndpointID"` Action string `json:"Action"` ActionData interface{} `json:"ActionData"` CreatedAt int64 `json:"CreatedAt"` } // Environment(Endpoint) represents a Docker environment(endpoint) with all the info required // to connect to it Endpoint struct { // Environment(Endpoint) Identifier ID EndpointID `json:"Id" example:"1"` // Environment(Endpoint) name Name string `json:"Name" example:"my-environment"` // Environment(Endpoint) environment(endpoint) type. 1 for a Docker environment(endpoint), 2 for an agent on Docker environment(endpoint) or 3 for an Azure environment(endpoint). Type EndpointType `json:"Type" example:"1"` // URL or IP address of the Docker host associated to this environment(endpoint) URL string `json:"URL" example:"docker.mydomain.tld:2375"` // Environment(Endpoint) group identifier GroupID EndpointGroupID `json:"GroupId" example:"1"` // URL or IP address where exposed containers will be reachable PublicURL string `json:"PublicURL" example:"docker.mydomain.tld:2375"` Gpus []Pair `json:"Gpus"` TLSConfig TLSConfiguration `json:"TLSConfig"` AzureCredentials AzureCredentials `json:"AzureCredentials,omitempty"` // List of tag identifiers to which this environment(endpoint) is associated TagIDs []TagID `json:"TagIds"` // The status of the environment(endpoint) (1 - up, 2 - down) Status EndpointStatus `json:"Status" example:"1"` // List of snapshots Snapshots []DockerSnapshot `json:"Snapshots"` // List of user identifiers authorized to connect to this environment(endpoint) UserAccessPolicies UserAccessPolicies `json:"UserAccessPolicies"` // List of team identifiers authorized to connect to this environment(endpoint) TeamAccessPolicies TeamAccessPolicies `json:"TeamAccessPolicies"` // The identifier of the edge agent associated with this environment(endpoint) EdgeID string `json:"EdgeID,omitempty"` // The key which is used to map the agent to Portainer EdgeKey string `json:"EdgeKey"` // The check in interval for edge agent (in seconds) EdgeCheckinInterval int `json:"EdgeCheckinInterval" example:"5"` // Associated Kubernetes data Kubernetes KubernetesData `json:"Kubernetes"` // Maximum version of docker-compose ComposeSyntaxMaxVersion string `json:"ComposeSyntaxMaxVersion" example:"3.8"` // Environment(Endpoint) specific security settings SecuritySettings EndpointSecuritySettings // The identifier of the AMT Device associated with this environment(endpoint) AMTDeviceGUID string `json:"AMTDeviceGUID,omitempty" example:"4c4c4544-004b-3910-8037-b6c04f504633"` // LastCheckInDate mark last check-in date on checkin LastCheckInDate int64 // QueryDate of each query with the endpoints list QueryDate int64 // Heartbeat indicates the heartbeat status of an edge environment Heartbeat bool `json:"Heartbeat" example:"true"` // Whether the device has been trusted or not by the user UserTrusted bool `json:"UserTrusted,omitempty"` // Whether we need to run any "post init migrations". PostInitMigrations EndpointPostInitMigrations `json:"PostInitMigrations"` Edge EnvironmentEdgeSettings Agent struct { Version string `example:"1.0.0"` } EnableGPUManagement bool `json:"EnableGPUManagement,omitempty"` // Deprecated fields // Deprecated in DBVersion == 4 TLS bool `json:"TLS,omitempty"` TLSCACertPath string `json:"TLSCACert,omitempty"` TLSCertPath string `json:"TLSCert,omitempty"` TLSKeyPath string `json:"TLSKey,omitempty"` // Deprecated in DBVersion == 18 AuthorizedUsers []UserID `json:"AuthorizedUsers"` AuthorizedTeams []TeamID `json:"AuthorizedTeams"` // Deprecated in DBVersion == 22 Tags []string `json:"Tags"` // Deprecated v2.18 IsEdgeDevice bool `json:"IsEdgeDevice,omitempty"` } EnvironmentEdgeSettings struct { // Whether the device has been started in edge async mode AsyncMode bool // The ping interval for edge agent - used in edge async mode [seconds] PingInterval int `json:"PingInterval" example:"60"` // The snapshot interval for edge agent - used in edge async mode [seconds] SnapshotInterval int `json:"SnapshotInterval" example:"60"` // The command list interval for edge agent - used in edge async mode [seconds] CommandInterval int `json:"CommandInterval" example:"60"` } // EndpointAuthorizations represents the authorizations associated to a set of environments(endpoints) EndpointAuthorizations map[EndpointID]Authorizations // EndpointGroup represents a group of environments(endpoints). // // An environment(endpoint) may belong to only 1 environment(endpoint) group. EndpointGroup struct { // Environment(Endpoint) group Identifier ID EndpointGroupID `json:"Id" example:"1"` // Environment(Endpoint) group name Name string `json:"Name" example:"my-environment-group"` // Description associated to the environment(endpoint) group Description string `json:"Description" example:"Environment(Endpoint) group description"` UserAccessPolicies UserAccessPolicies `json:"UserAccessPolicies"` TeamAccessPolicies TeamAccessPolicies `json:"TeamAccessPolicies"` // List of tags associated to this environment(endpoint) group TagIDs []TagID `json:"TagIds"` // Deprecated fields Labels []Pair `json:"Labels"` // Deprecated in DBVersion == 18 AuthorizedUsers []UserID `json:"AuthorizedUsers"` AuthorizedTeams []TeamID `json:"AuthorizedTeams"` // Deprecated in DBVersion == 22 Tags []string `json:"Tags,omitempty"` } // EndpointGroupID represents an environment(endpoint) group identifier EndpointGroupID int // EndpointID represents an environment(endpoint) identifier EndpointID int // EndpointStatus represents the status of an environment(endpoint) EndpointStatus int // EndpointSyncJob represents a scheduled job that synchronize environments(endpoints) based on an external file // Deprecated EndpointSyncJob struct{} // EndpointSecuritySettings represents settings for an environment(endpoint) EndpointSecuritySettings struct { // Whether non-administrator should be able to use bind mounts when creating containers AllowBindMountsForRegularUsers bool `json:"allowBindMountsForRegularUsers" example:"false"` // Whether non-administrator should be able to use privileged mode when creating containers AllowPrivilegedModeForRegularUsers bool `json:"allowPrivilegedModeForRegularUsers" example:"false"` // Whether non-administrator should be able to browse volumes AllowVolumeBrowserForRegularUsers bool `json:"allowVolumeBrowserForRegularUsers" example:"true"` // Whether non-administrator should be able to use the host pid AllowHostNamespaceForRegularUsers bool `json:"allowHostNamespaceForRegularUsers" example:"true"` // Whether non-administrator should be able to use device mapping AllowDeviceMappingForRegularUsers bool `json:"allowDeviceMappingForRegularUsers" example:"true"` // Whether non-administrator should be able to manage stacks AllowStackManagementForRegularUsers bool `json:"allowStackManagementForRegularUsers" example:"true"` // Whether non-administrator should be able to use container capabilities AllowContainerCapabilitiesForRegularUsers bool `json:"allowContainerCapabilitiesForRegularUsers" example:"true"` // Whether non-administrator should be able to use sysctl settings AllowSysctlSettingForRegularUsers bool `json:"allowSysctlSettingForRegularUsers" example:"true"` // Whether host management features are enabled EnableHostManagementFeatures bool `json:"enableHostManagementFeatures" example:"true"` } // EndpointType represents the type of an environment(endpoint) EndpointType int // EndpointRelation represents a environment(endpoint) relation object EndpointRelation struct { EndpointID EndpointID EdgeStacks map[EdgeStackID]bool } // EndpointPostInitMigrations EndpointPostInitMigrations struct { MigrateIngresses bool `json:"MigrateIngresses"` MigrateGPUs bool `json:"MigrateGPUs"` } // Extension represents a deprecated Portainer extension Extension struct { // Extension Identifier ID ExtensionID `json:"Id" example:"1"` Enabled bool `json:"Enabled"` Name string `json:"Name,omitempty"` ShortDescription string `json:"ShortDescription,omitempty"` Description string `json:"Description,omitempty"` DescriptionURL string `json:"DescriptionURL,omitempty"` Price string `json:"Price,omitempty"` PriceDescription string `json:"PriceDescription,omitempty"` Deal bool `json:"Deal,omitempty"` Available bool `json:"Available,omitempty"` License LicenseInformation `json:"License,omitempty"` Version string `json:"Version"` UpdateAvailable bool `json:"UpdateAvailable"` ShopURL string `json:"ShopURL,omitempty"` Images []string `json:"Images,omitempty"` Logo string `json:"Logo,omitempty"` } // ExtensionID represents a extension identifier ExtensionID int // GitlabRegistryData represents data required for gitlab registry to work GitlabRegistryData struct { ProjectID int `json:"ProjectId"` InstanceURL string `json:"InstanceURL"` ProjectPath string `json:"ProjectPath"` } HelmUserRepositoryID int // HelmUserRepositories stores a Helm repository URL for the given user HelmUserRepository struct { // Membership Identifier ID HelmUserRepositoryID `json:"Id" example:"1"` // User identifier UserID UserID `json:"UserId" example:"1"` // Helm repository URL URL string `json:"URL" example:"https://charts.bitnami.com/bitnami"` } // QuayRegistryData represents data required for Quay registry to work QuayRegistryData struct { UseOrganisation bool `json:"UseOrganisation,omitempty"` OrganisationName string `json:"OrganisationName"` } // EcrData represents data required for ECR registry EcrData struct { Region string `json:"Region" example:"ap-southeast-2"` } // JobType represents a job type JobType int K8sNamespaceInfo struct { IsSystem bool `json:"IsSystem"` IsDefault bool `json:"IsDefault"` } K8sNodeLimits struct { CPU int64 `json:"CPU"` Memory int64 `json:"Memory"` } K8sNodesLimits map[string]*K8sNodeLimits K8sNamespaceAccessPolicy struct { UserAccessPolicies UserAccessPolicies `json:"UserAccessPolicies"` TeamAccessPolicies TeamAccessPolicies `json:"TeamAccessPolicies"` } // KubernetesData contains all the Kubernetes related environment(endpoint) information KubernetesData struct { Snapshots []KubernetesSnapshot `json:"Snapshots"` Configuration KubernetesConfiguration `json:"Configuration"` Flags KubernetesFlags `json:"Flags"` } // KubernetesFlags are used to detect if we need to run initial cluster // detection again. KubernetesFlags struct { IsServerMetricsDetected bool `json:"IsServerMetricsDetected"` IsServerIngressClassDetected bool `json:"IsServerIngressClassDetected"` IsServerStorageDetected bool `json:"IsServerStorageDetected"` } // KubernetesSnapshot represents a snapshot of a specific Kubernetes environment(endpoint) at a specific time KubernetesSnapshot struct { Time int64 `json:"Time"` KubernetesVersion string `json:"KubernetesVersion"` NodeCount int `json:"NodeCount"` TotalCPU int64 `json:"TotalCPU"` TotalMemory int64 `json:"TotalMemory"` } // KubernetesConfiguration represents the configuration of a Kubernetes environment(endpoint) KubernetesConfiguration struct { UseLoadBalancer bool `json:"UseLoadBalancer"` UseServerMetrics bool `json:"UseServerMetrics"` EnableResourceOverCommit bool `json:"EnableResourceOverCommit"` ResourceOverCommitPercentage int `json:"ResourceOverCommitPercentage"` StorageClasses []KubernetesStorageClassConfig `json:"StorageClasses"` IngressClasses []KubernetesIngressClassConfig `json:"IngressClasses"` RestrictDefaultNamespace bool `json:"RestrictDefaultNamespace"` IngressAvailabilityPerNamespace bool `json:"IngressAvailabilityPerNamespace"` AllowNoneIngressClass bool `json:"AllowNoneIngressClass"` } // KubernetesStorageClassConfig represents a Kubernetes Storage Class configuration KubernetesStorageClassConfig struct { Name string `json:"Name"` AccessModes []string `json:"AccessModes"` Provisioner string `json:"Provisioner"` AllowVolumeExpansion bool `json:"AllowVolumeExpansion"` } // KubernetesIngressClassConfig represents a Kubernetes Ingress Class configuration KubernetesIngressClassConfig struct { Name string `json:"Name"` Type string `json:"Type"` GloballyBlocked bool `json:"Blocked"` BlockedNamespaces []string `json:"BlockedNamespaces"` } // KubernetesShellPod represents a Kubectl Shell details to facilitate pod exec functionality KubernetesShellPod struct { Namespace string PodName string ContainerName string ShellExecCommand string } // InternalAuthSettings represents settings used for the default 'internal' authentication InternalAuthSettings struct { RequiredPasswordLength int } // LDAPGroupSearchSettings represents settings used to search for groups in a LDAP server LDAPGroupSearchSettings struct { // The distinguished name of the element from which the LDAP server will search for groups GroupBaseDN string `json:"GroupBaseDN" example:"dc=ldap,dc=domain,dc=tld"` // The LDAP search filter used to select group elements, optional GroupFilter string `json:"GroupFilter" example:"(objectClass=account"` // LDAP attribute which denotes the group membership GroupAttribute string `json:"GroupAttribute" example:"member"` } // LDAPSearchSettings represents settings used to search for users in a LDAP server LDAPSearchSettings struct { // The distinguished name of the element from which the LDAP server will search for users BaseDN string `json:"BaseDN" example:"dc=ldap,dc=domain,dc=tld"` // Optional LDAP search filter used to select user elements Filter string `json:"Filter" example:"(objectClass=account)"` // LDAP attribute which denotes the username UserNameAttribute string `json:"UserNameAttribute" example:"uid"` } // LDAPSettings represents the settings used to connect to a LDAP server LDAPSettings struct { // Enable this option if the server is configured for Anonymous access. When enabled, ReaderDN and Password will not be used AnonymousMode bool `json:"AnonymousMode" example:"true" validate:"validate_bool"` // Account that will be used to search for users ReaderDN string `json:"ReaderDN" example:"cn=readonly-account,dc=ldap,dc=domain,dc=tld" validate:"required_if=AnonymousMode false"` // Password of the account that will be used to search users Password string `json:"Password,omitempty" example:"readonly-password" validate:"required_if=AnonymousMode false"` // URL or IP address of the LDAP server URL string `json:"URL" example:"myldap.domain.tld:389" validate:"hostname_port"` TLSConfig TLSConfiguration `json:"TLSConfig"` // Whether LDAP connection should use StartTLS StartTLS bool `json:"StartTLS" example:"true"` SearchSettings []LDAPSearchSettings `json:"SearchSettings"` GroupSearchSettings []LDAPGroupSearchSettings `json:"GroupSearchSettings"` // Automatically provision users and assign them to matching LDAP group names AutoCreateUsers bool `json:"AutoCreateUsers" example:"true"` } // LDAPUser represents a LDAP user LDAPUser struct { Name string Groups []string } // LicenseInformation represents information about an extension license LicenseInformation struct { LicenseKey string `json:"LicenseKey,omitempty"` Company string `json:"Company,omitempty"` Expiration string `json:"Expiration,omitempty"` Valid bool `json:"Valid,omitempty"` } // MembershipRole represents the role of a user within a team MembershipRole int // OAuthSettings represents the settings used to authorize with an authorization server OAuthSettings struct { ClientID string `json:"ClientID"` ClientSecret string `json:"ClientSecret,omitempty"` AccessTokenURI string `json:"AccessTokenURI"` AuthorizationURI string `json:"AuthorizationURI"` ResourceURI string `json:"ResourceURI"` RedirectURI string `json:"RedirectURI"` UserIdentifier string `json:"UserIdentifier"` Scopes string `json:"Scopes"` OAuthAutoCreateUsers bool `json:"OAuthAutoCreateUsers"` DefaultTeamID TeamID `json:"DefaultTeamID"` SSO bool `json:"SSO"` LogoutURI string `json:"LogoutURI"` KubeSecretKey []byte `json:"KubeSecretKey"` } // Pair defines a key/value string pair Pair struct { Name string `json:"name" example:"name"` Value string `json:"value" example:"value"` } // Registry represents a Docker registry with all the info required // to connect to it Registry struct { // Registry Identifier ID RegistryID `json:"Id" example:"1"` // Registry Type (1 - Quay, 2 - Azure, 3 - Custom, 4 - Gitlab, 5 - ProGet, 6 - DockerHub, 7 - ECR) Type RegistryType `json:"Type" enums:"1,2,3,4,5,6,7"` // Registry Name Name string `json:"Name" example:"my-registry"` // URL or IP address of the Docker registry URL string `json:"URL" example:"registry.mydomain.tld:2375"` // Base URL, introduced for ProGet registry BaseURL string `json:"BaseURL" example:"registry.mydomain.tld:2375"` // Is authentication against this registry enabled Authentication bool `json:"Authentication" example:"true"` // Username or AccessKeyID used to authenticate against this registry Username string `json:"Username" example:"registry user"` // Password or SecretAccessKey used to authenticate against this registry Password string `json:"Password,omitempty" example:"registry_password"` ManagementConfiguration *RegistryManagementConfiguration `json:"ManagementConfiguration"` Gitlab GitlabRegistryData `json:"Gitlab"` Quay QuayRegistryData `json:"Quay"` Ecr EcrData `json:"Ecr"` RegistryAccesses RegistryAccesses `json:"RegistryAccesses"` // Deprecated fields // Deprecated in DBVersion == 31 UserAccessPolicies UserAccessPolicies `json:"UserAccessPolicies"` // Deprecated in DBVersion == 31 TeamAccessPolicies TeamAccessPolicies `json:"TeamAccessPolicies"` // Deprecated in DBVersion == 18 AuthorizedUsers []UserID `json:"AuthorizedUsers"` // Deprecated in DBVersion == 18 AuthorizedTeams []TeamID `json:"AuthorizedTeams"` // Stores temporary access token AccessToken string `json:"AccessToken,omitempty"` AccessTokenExpiry int64 `json:"AccessTokenExpiry,omitempty"` } RegistryAccesses map[EndpointID]RegistryAccessPolicies RegistryAccessPolicies struct { UserAccessPolicies UserAccessPolicies `json:"UserAccessPolicies"` TeamAccessPolicies TeamAccessPolicies `json:"TeamAccessPolicies"` Namespaces []string `json:"Namespaces"` } // RegistryID represents a registry identifier RegistryID int // RegistryManagementConfiguration represents a configuration that can be used to query // the registry API via the registry management extension. RegistryManagementConfiguration struct { Type RegistryType `json:"Type"` Authentication bool `json:"Authentication"` Username string `json:"Username"` Password string `json:"Password"` TLSConfig TLSConfiguration `json:"TLSConfig"` Ecr EcrData `json:"Ecr"` AccessToken string `json:"AccessToken,omitempty"` AccessTokenExpiry int64 `json:"AccessTokenExpiry,omitempty"` } // RegistryType represents a type of registry RegistryType int // ResourceAccessLevel represents the level of control associated to a resource ResourceAccessLevel int // ResourceControl represent a reference to a Docker resource with specific access controls ResourceControl struct { // ResourceControl Identifier ID ResourceControlID `json:"Id" example:"1"` // Docker resource identifier on which access control will be applied.\ // In the case of a resource control applied to a stack, use the stack name as identifier ResourceID string `json:"ResourceId" example:"617c5f22bb9b023d6daab7cba43a57576f83492867bc767d1c59416b065e5f08"` // List of Docker resources that will inherit this access control SubResourceIDs []string `json:"SubResourceIds" example:"617c5f22bb9b023d6daab7cba43a57576f83492867bc767d1c59416b065e5f08"` // Type of Docker resource. Valid values are: 1- container, 2 -service // 3 - volume, 4 - secret, 5 - stack, 6 - config or 7 - custom template Type ResourceControlType `json:"Type" example:"1"` UserAccesses []UserResourceAccess `json:"UserAccesses"` TeamAccesses []TeamResourceAccess `json:"TeamAccesses"` // Permit access to the associated resource to any user Public bool `json:"Public" example:"true"` // Permit access to resource only to admins AdministratorsOnly bool `json:"AdministratorsOnly" example:"true"` System bool `json:"System"` // Deprecated fields // Deprecated in DBVersion == 2 OwnerID UserID `json:"OwnerId,omitempty"` AccessLevel ResourceAccessLevel `json:"AccessLevel,omitempty"` } // ResourceControlID represents a resource control identifier ResourceControlID int // ResourceControlType represents the type of resource associated to the resource control (volume, container, service...) ResourceControlType int // Role represents a set of authorizations that can be associated to a user or // to a team. Role struct { // Role Identifier ID RoleID `json:"Id" example:"1"` // Role name Name string `json:"Name" example:"HelpDesk"` // Role description Description string `json:"Description" example:"Read-only access of all resources in an environment(endpoint)"` // Authorizations associated to a role Authorizations Authorizations `json:"Authorizations"` Priority int `json:"Priority"` } // RoleID represents a role identifier RoleID int // APIKeyID represents an API key identifier APIKeyID int // APIKey represents an API key APIKey struct { ID APIKeyID `json:"id" example:"1"` UserID UserID `json:"userId" example:"1"` Description string `json:"description" example:"portainer-api-key"` Prefix string `json:"prefix"` // API key identifier (7 char prefix) DateCreated int64 `json:"dateCreated"` // Unix timestamp (UTC) when the API key was created LastUsed int64 `json:"lastUsed"` // Unix timestamp (UTC) when the API key was last used Digest []byte `json:"digest,omitempty"` // Digest represents SHA256 hash of the raw API key } // Schedule represents a scheduled job. // It only contains a pointer to one of the JobRunner implementations // based on the JobType. // NOTE: The Recurring option is only used by ScriptExecutionJob at the moment // Deprecated in favor of EdgeJob Schedule struct { // Schedule Identifier ID ScheduleID `json:"Id" example:"1"` Name string CronExpression string Recurring bool Created int64 JobType JobType EdgeSchedule *EdgeSchedule } // ScheduleID represents a schedule identifier. // Deprecated in favor of EdgeJob ScheduleID int // ScriptExecutionJob represents a scheduled job that can execute a script via a privileged container ScriptExecutionJob struct { Endpoints []EndpointID Image string ScriptPath string RetryCount int RetryInterval int } GlobalDeploymentOptions struct { HideStacksFunctionality bool `json:"hideStacksFunctionality" example:"false"` } // Settings represents the application settings Settings struct { // URL to a logo that will be displayed on the login page as well as on top of the sidebar. Will use default Portainer logo when value is empty string LogoURL string `json:"LogoURL" example:"https://mycompany.mydomain.tld/logo.png"` // A list of label name & value that will be used to hide containers when querying containers BlackListedLabels []Pair `json:"BlackListedLabels"` // Active authentication method for the Portainer instance. Valid values are: 1 for internal, 2 for LDAP, or 3 for oauth AuthenticationMethod AuthenticationMethod `json:"AuthenticationMethod" example:"1"` InternalAuthSettings InternalAuthSettings `json:"InternalAuthSettings"` LDAPSettings LDAPSettings `json:"LDAPSettings"` OAuthSettings OAuthSettings `json:"OAuthSettings"` OpenAMTConfiguration OpenAMTConfiguration `json:"openAMTConfiguration"` FDOConfiguration FDOConfiguration `json:"fdoConfiguration"` FeatureFlagSettings map[featureflags.Feature]bool `json:"FeatureFlagSettings"` // The interval in which environment(endpoint) snapshots are created SnapshotInterval string `json:"SnapshotInterval" example:"5m"` // URL to the templates that will be displayed in the UI when navigating to App Templates TemplatesURL string `json:"TemplatesURL" example:"https://raw.githubusercontent.com/portainer/templates/master/templates.json"` // Deployment options for encouraging git ops workflows GlobalDeploymentOptions GlobalDeploymentOptions `json:"GlobalDeploymentOptions"` // The default check in interval for edge agent (in seconds) EdgeAgentCheckinInterval int `json:"EdgeAgentCheckinInterval" example:"5"` // Show the Kompose build option (discontinued in 2.18) ShowKomposeBuildOption bool `json:"ShowKomposeBuildOption" example:"false"` // Whether edge compute features are enabled EnableEdgeComputeFeatures bool `json:"EnableEdgeComputeFeatures"` // The duration of a user session UserSessionTimeout string `json:"UserSessionTimeout" example:"5m"` // The expiry of a Kubeconfig KubeconfigExpiry string `json:"KubeconfigExpiry" example:"24h"` // Whether telemetry is enabled EnableTelemetry bool `json:"EnableTelemetry" example:"false"` // Helm repository URL, defaults to "https://charts.bitnami.com/bitnami" HelmRepositoryURL string `json:"HelmRepositoryURL" example:"https://charts.bitnami.com/bitnami"` // KubectlImage, defaults to portainer/kubectl-shell KubectlShellImage string `json:"KubectlShellImage" example:"portainer/kubectl-shell"` // TrustOnFirstConnect makes Portainer accepting edge agent connection by default TrustOnFirstConnect bool `json:"TrustOnFirstConnect" example:"false"` // EnforceEdgeID makes Portainer store the Edge ID instead of accepting anyone EnforceEdgeID bool `json:"EnforceEdgeID" example:"false"` // Container environment parameter AGENT_SECRET AgentSecret string `json:"AgentSecret"` // EdgePortainerURL is the URL that is exposed to edge agents EdgePortainerURL string `json:"EdgePortainerUrl"` Edge struct { // The command list interval for edge agent - used in edge async mode (in seconds) CommandInterval int `json:"CommandInterval" example:"5"` // The ping interval for edge agent - used in edge async mode (in seconds) PingInterval int `json:"PingInterval" example:"5"` // The snapshot interval for edge agent - used in edge async mode (in seconds) SnapshotInterval int `json:"SnapshotInterval" example:"5"` // Deprecated 2.18 AsyncMode bool } // Deprecated fields DisplayDonationHeader bool `json:"DisplayDonationHeader,omitempty"` DisplayExternalContributors bool `json:"DisplayExternalContributors,omitempty"` // Deprecated fields v26 EnableHostManagementFeatures bool `json:"EnableHostManagementFeatures,omitempty"` AllowVolumeBrowserForRegularUsers bool `json:"AllowVolumeBrowserForRegularUsers,omitempty"` AllowBindMountsForRegularUsers bool `json:"AllowBindMountsForRegularUsers,omitempty"` AllowPrivilegedModeForRegularUsers bool `json:"AllowPrivilegedModeForRegularUsers,omitempty"` AllowHostNamespaceForRegularUsers bool `json:"AllowHostNamespaceForRegularUsers,omitempty"` AllowStackManagementForRegularUsers bool `json:"AllowStackManagementForRegularUsers,omitempty"` AllowDeviceMappingForRegularUsers bool `json:"AllowDeviceMappingForRegularUsers,omitempty"` AllowContainerCapabilitiesForRegularUsers bool `json:"AllowContainerCapabilitiesForRegularUsers,omitempty"` IsDockerDesktopExtension bool `json:"IsDockerDesktopExtension,omitempty"` } // SnapshotJob represents a scheduled job that can create environment(endpoint) snapshots SnapshotJob struct{} // SoftwareEdition represents an edition of Portainer SoftwareEdition int // SSLSettings represents a pair of SSL certificate and key SSLSettings struct { CertPath string `json:"certPath"` KeyPath string `json:"keyPath"` SelfSigned bool `json:"selfSigned"` HTTPEnabled bool `json:"httpEnabled"` } // Stack represents a Docker stack created via docker stack deploy Stack struct { // Stack Identifier ID StackID `json:"Id" example:"1"` // Stack name Name string `json:"Name" example:"myStack"` // Stack type. 1 for a Swarm stack, 2 for a Compose stack Type StackType `json:"Type" example:"2"` // Environment(Endpoint) identifier. Reference the environment(endpoint) that will be used for deployment EndpointID EndpointID `json:"EndpointId" example:"1"` // Cluster identifier of the Swarm cluster where the stack is deployed SwarmID string `json:"SwarmId" example:"jpofkc0i9uo9wtx1zesuk649w"` // Path to the Stack file EntryPoint string `json:"EntryPoint" example:"docker-compose.yml"` // A list of environment(endpoint) variables used during stack deployment Env []Pair `json:"Env"` // ResourceControl *ResourceControl `json:"ResourceControl"` // Stack status (1 - active, 2 - inactive) Status StackStatus `json:"Status" example:"1"` // Path on disk to the repository hosting the Stack file ProjectPath string `example:"/data/compose/myStack_jpofkc0i9uo9wtx1zesuk649w"` // The date in unix time when stack was created CreationDate int64 `example:"1587399600"` // The username which created this stack CreatedBy string `example:"admin"` // The date in unix time when stack was last updated UpdateDate int64 `example:"1587399600"` // The username which last updated this stack UpdatedBy string `example:"bob"` // Only applies when deploying stack with multiple files AdditionalFiles []string `json:"AdditionalFiles"` // The GitOps update settings of a git stack AutoUpdate *AutoUpdateSettings `json:"AutoUpdate"` // The stack deployment option Option *StackOption `json:"Option"` // The git config of this stack GitConfig *gittypes.RepoConfig // Whether the stack is from a app template FromAppTemplate bool `example:"false"` // Kubernetes namespace if stack is a kube application Namespace string `example:"default"` // IsComposeFormat indicates if the Kubernetes stack is created from a Docker Compose file IsComposeFormat bool `example:"false"` } // StackOption represents the options for stack deployment StackOption struct { // Prune services that are no longer referenced Prune bool `example:"false"` } // StackID represents a stack identifier (it must be composed of Name + "_" + SwarmID to create a unique identifier) StackID int // StackStatus represent a status for a stack StackStatus int // StackType represents the type of the stack (compose v2, stack deploy v3) StackType int // Status represents the application status Status struct { // Portainer API version Version string `json:"Version" example:"2.0.0"` // Server Instance ID InstanceID string `example:"299ab403-70a8-4c05-92f7-bf7a994d50df"` } // Tag represents a tag that can be associated to a resource Tag struct { // Tag identifier ID TagID `example:"1"` // Tag name Name string `json:"Name" example:"org/acme"` // A set of environment(endpoint) ids that have this tag Endpoints map[EndpointID]bool `json:"Endpoints"` // A set of environment(endpoint) group ids that have this tag EndpointGroups map[EndpointGroupID]bool `json:"EndpointGroups"` } // TagID represents a tag identifier TagID int // Team represents a list of user accounts Team struct { // Team Identifier ID TeamID `json:"Id" example:"1"` // Team name Name string `json:"Name" example:"developers"` } // TeamAccessPolicies represent the association of an access policy and a team TeamAccessPolicies map[TeamID]AccessPolicy // TeamID represents a team identifier TeamID int // TeamMembership represents a membership association between a user and a team. // // A user may belong to multiple teams. TeamMembership struct { // Membership Identifier ID TeamMembershipID `json:"Id" example:"1"` // User identifier UserID UserID `json:"UserID" example:"1"` // Team identifier TeamID TeamID `json:"TeamID" example:"1"` // Team role (1 for team leader and 2 for team member) Role MembershipRole `json:"Role" example:"1"` } // TeamMembershipID represents a team membership identifier TeamMembershipID int // TeamResourceAccess represents the level of control on a resource for a specific team TeamResourceAccess struct { TeamID TeamID `json:"TeamId"` AccessLevel ResourceAccessLevel `json:"AccessLevel"` } // Template represents an application template that can be used as an App Template // or an Edge template Template struct { // Mandatory container/stack fields // Template Identifier ID TemplateID `json:"id" example:"1"` // Template type. Valid values are: 1 (container), 2 (Swarm stack), 3 (Compose stack), 4 (Compose edge stack) Type TemplateType `json:"type" example:"1"` // Title of the template Title string `json:"title" example:"Nginx"` // Description of the template Description string `json:"description" example:"High performance web server"` // Whether the template should be available to administrators only AdministratorOnly bool `json:"administrator_only" example:"true"` // Mandatory container fields // Image associated to a container template. Mandatory for a container template Image string `json:"image" example:"nginx:latest"` // Mandatory stack fields Repository TemplateRepository `json:"repository"` // Mandatory Edge stack fields // Stack file used for this template StackFile string `json:"stackFile"` // Optional stack/container fields // Default name for the stack/container to be used on deployment Name string `json:"name,omitempty" example:"mystackname"` // URL of the template's logo Logo string `json:"logo,omitempty" example:"https://portainer.io/img/logo.svg"` // A list of environment(endpoint) variables used during the template deployment Env []TemplateEnv `json:"env,omitempty"` // A note that will be displayed in the UI. Supports HTML content Note string `json:"note,omitempty" example:"This is my custom template"` // Platform associated to the template. // Valid values are: 'linux', 'windows' or leave empty for multi-platform Platform string `json:"platform,omitempty" example:"linux"` // A list of categories associated to the template Categories []string `json:"categories,omitempty" example:"database"` // Optional container fields // The URL of a registry associated to the image for a container template Registry string `json:"registry,omitempty" example:"quay.io"` // The command that will be executed in a container template Command string `json:"command,omitempty" example:"ls -lah"` // Name of a network that will be used on container deployment if it exists inside the environment(endpoint) Network string `json:"network,omitempty" example:"mynet"` // A list of volumes used during the container template deployment Volumes []TemplateVolume `json:"volumes,omitempty"` // A list of ports exposed by the container Ports []string `json:"ports,omitempty" example:"8080:80/tcp"` // Container labels Labels []Pair `json:"labels,omitempty"` // Whether the container should be started in privileged mode Privileged bool `json:"privileged,omitempty" example:"true"` // Whether the container should be started in // interactive mode (-i -t equivalent on the CLI) Interactive bool `json:"interactive,omitempty" example:"true"` // Container restart policy RestartPolicy string `json:"restart_policy,omitempty" example:"on-failure"` // Container hostname Hostname string `json:"hostname,omitempty" example:"mycontainer"` } // TemplateEnv represents a template environment(endpoint) variable configuration TemplateEnv struct { // name of the environment(endpoint) variable Name string `json:"name" example:"MYSQL_ROOT_PASSWORD"` // Text for the label that will be generated in the UI Label string `json:"label,omitempty" example:"Root password"` // Content of the tooltip that will be generated in the UI Description string `json:"description,omitempty" example:"MySQL root account password"` // Default value that will be set for the variable Default string `json:"default,omitempty" example:"default_value"` // If set to true, will not generate any input for this variable in the UI Preset bool `json:"preset,omitempty" example:"false"` // A list of name/value that will be used to generate a dropdown in the UI Select []TemplateEnvSelect `json:"select,omitempty"` } // TemplateEnvSelect represents text/value pair that will be displayed as a choice for the // template user TemplateEnvSelect struct { // Some text that will displayed as a choice Text string `json:"text" example:"text value"` // A value that will be associated to the choice Value string `json:"value" example:"value"` // Will set this choice as the default choice Default bool `json:"default" example:"false"` } // TemplateID represents a template identifier TemplateID int // TemplateRepository represents the git repository configuration for a template TemplateRepository struct { // URL of a git repository used to deploy a stack template. Mandatory for a Swarm/Compose stack template URL string `json:"url" example:"https://github.com/portainer/portainer-compose"` // Path to the stack file inside the git repository StackFile string `json:"stackfile" example:"./subfolder/docker-compose.yml"` } // TemplateType represents the type of a template TemplateType int // TemplateVolume represents a template volume configuration TemplateVolume struct { // Path inside the container Container string `json:"container" example:"/data"` // Path on the host Bind string `json:"bind,omitempty" example:"/tmp"` // Whether the volume used should be readonly ReadOnly bool `json:"readonly,omitempty" example:"true"` } // TLSConfiguration represents a TLS configuration TLSConfiguration struct { // Use TLS TLS bool `json:"TLS" example:"true"` // Skip the verification of the server TLS certificate TLSSkipVerify bool `json:"TLSSkipVerify" example:"false"` // Path to the TLS CA certificate file TLSCACertPath string `json:"TLSCACert,omitempty" example:"/data/tls/ca.pem"` // Path to the TLS client certificate file TLSCertPath string `json:"TLSCert,omitempty" example:"/data/tls/cert.pem"` // Path to the TLS client key file TLSKeyPath string `json:"TLSKey,omitempty" example:"/data/tls/key.pem"` } // TLSFileType represents a type of TLS file required to connect to a Docker environment(endpoint). // It can be either a TLS CA file, a TLS certificate file or a TLS key file TLSFileType int // TokenData represents the data embedded in a JWT token TokenData struct { ID UserID Username string Role UserRole ForceChangePassword bool Token string } // TunnelDetails represents information associated to a tunnel TunnelDetails struct { Status string LastActivity time.Time Port int Jobs []EdgeJob Credentials string } // TunnelServerInfo represents information associated to the tunnel server TunnelServerInfo struct { PrivateKeySeed string `json:"PrivateKeySeed"` } // User represents a user account User struct { // User Identifier ID UserID `json:"Id" example:"1"` Username string `json:"Username" example:"bob"` Password string `json:"Password,omitempty" swaggerignore:"true"` // User role (1 for administrator account and 2 for regular account) Role UserRole `json:"Role" example:"1"` TokenIssueAt int64 `json:"TokenIssueAt" example:"1"` ThemeSettings UserThemeSettings // Deprecated fields // Deprecated UserTheme string `json:"UserTheme,omitempty" example:"dark"` // Deprecated in DBVersion == 25 PortainerAuthorizations Authorizations // Deprecated in DBVersion == 25 EndpointAuthorizations EndpointAuthorizations } // UserAccessPolicies represent the association of an access policy and a user UserAccessPolicies map[UserID]AccessPolicy // UserID represents a user identifier UserID int // UserResourceAccess represents the level of control on a resource for a specific user UserResourceAccess struct { UserID UserID `json:"UserId"` AccessLevel ResourceAccessLevel `json:"AccessLevel"` } // UserRole represents the role of a user. It can be either an administrator // or a regular user UserRole int // UserThemeSettings represents the theme settings for a user UserThemeSettings struct { // Color represents the color theme of the UI Color string `json:"color" example:"dark" enums:"dark,light,highcontrast,auto"` } // Webhook represents a url webhook that can be used to update a service Webhook struct { // Webhook Identifier ID WebhookID `json:"Id" example:"1"` Token string `json:"Token"` ResourceID string `json:"ResourceId"` EndpointID EndpointID `json:"EndpointId"` RegistryID RegistryID `json:"RegistryId"` // Type of webhook (1 - service) WebhookType WebhookType `json:"Type"` } // WebhookID represents a webhook identifier. WebhookID int // WebhookType represents the type of resource a webhook is related to WebhookType int Snapshot struct { EndpointID EndpointID `json:"EndpointId"` Docker *DockerSnapshot `json:"Docker"` Kubernetes *KubernetesSnapshot `json:"Kubernetes"` } // CLIService represents a service for managing CLI CLIService interface { ParseFlags(version string) (*CLIFlags, error) ValidateFlags(flags *CLIFlags) error } // ComposeStackManager represents a service to manage Compose stacks ComposeStackManager interface { ComposeSyntaxMaxVersion() string NormalizeStackName(name string) string Up(ctx context.Context, stack *Stack, endpoint *Endpoint, forceRecreate bool) error Down(ctx context.Context, stack *Stack, endpoint *Endpoint) error Pull(ctx context.Context, stack *Stack, endpoint *Endpoint) error } // CryptoService represents a service for encrypting/hashing data CryptoService interface { Hash(data string) (string, error) CompareHashAndData(hash string, data string) error } // DigitalSignatureService represents a service to manage digital signatures DigitalSignatureService interface { ParseKeyPair(private, public []byte) error GenerateKeyPair() ([]byte, []byte, error) EncodedPublicKey() string PEMHeaders() (string, string) CreateSignature(message string) (string, error) } // DockerSnapshotter represents a service used to create Docker environment(endpoint) snapshots DockerSnapshotter interface { CreateSnapshot(endpoint *Endpoint) (*DockerSnapshot, error) } // FileService represents a service for managing files FileService interface { GetDockerConfigPath() string GetFileContent(trustedRootPath, filePath string) ([]byte, error) Copy(fromFilePath string, toFilePath string, deleteIfExists bool) error Rename(oldPath, newPath string) error RemoveDirectory(directoryPath string) error StoreTLSFileFromBytes(folder string, fileType TLSFileType, data []byte) (string, error) GetPathForTLSFile(folder string, fileType TLSFileType) (string, error) DeleteTLSFile(folder string, fileType TLSFileType) error DeleteTLSFiles(folder string) error GetStackProjectPath(stackIdentifier string) string GetStackProjectPathByVersion(stackIdentifier string, version int, commitHash string) string StoreStackFileFromBytes(stackIdentifier, fileName string, data []byte) (string, error) StoreStackFileFromBytesByVersion(stackIdentifier, fileName string, version int, data []byte) (string, error) UpdateStoreStackFileFromBytes(stackIdentifier, fileName string, data []byte) (string, error) UpdateStoreStackFileFromBytesByVersion(stackIdentifier, fileName string, version int, commitHash string, data []byte) (string, error) RemoveStackFileBackup(stackIdentifier, fileName string) error RemoveStackFileBackupByVersion(stackIdentifier string, version int, fileName string) error RollbackStackFile(stackIdentifier, fileName string) error RollbackStackFileByVersion(stackIdentifier string, version int, fileName string) error GetEdgeStackProjectPath(edgeStackIdentifier string) string StoreEdgeStackFileFromBytes(edgeStackIdentifier, fileName string, data []byte) (string, error) GetEdgeStackProjectPathByVersion(edgeStackIdentifier string, version int, commitHash string) string StoreEdgeStackFileFromBytesByVersion(edgeStackIdentifier, fileName string, version int, data []byte) (string, error) FormProjectPathByVersion(projectPath string, version int, commitHash string) string SafeMoveDirectory(src, dst string) error StoreRegistryManagementFileFromBytes(folder, fileName string, data []byte) (string, error) KeyPairFilesExist() (bool, error) StoreKeyPair(private, public []byte, privatePEMHeader, publicPEMHeader string) error LoadKeyPair() ([]byte, []byte, error) WriteJSONToFile(path string, content interface{}) error FileExists(path string) (bool, error) StoreEdgeJobFileFromBytes(identifier string, data []byte) (string, error) GetEdgeJobFolder(identifier string) string ClearEdgeJobTaskLogs(edgeJobID, taskID string) error GetEdgeJobTaskLogFileContent(edgeJobID, taskID string) (string, error) StoreEdgeJobTaskLogFileFromBytes(edgeJobID, taskID string, data []byte) error GetBinaryFolder() string StoreCustomTemplateFileFromBytes(identifier, fileName string, data []byte) (string, error) GetCustomTemplateProjectPath(identifier string) string GetTemporaryPath() (string, error) GetDatastorePath() string GetDefaultSSLCertsPath() (string, string) StoreSSLCertPair(cert, key []byte) (string, string, error) CopySSLCertPair(certPath, keyPath string) (string, string, error) CopySSLCACert(caCertPath string) (string, error) StoreFDOProfileFileFromBytes(fdoProfileIdentifier string, data []byte) (string, error) StoreMTLSCertificates(cert, caCert, key []byte) (string, string, string, error) GetDefaultChiselPrivateKeyPath() string StoreChiselPrivateKey(privateKey []byte) error } // GitService represents a service for managing Git GitService interface { CloneRepository(destination string, repositoryURL, referenceName, username, password string, tlsSkipVerify bool) error LatestCommitID(repositoryURL, referenceName, username, password string, tlsSkipVerify bool) (string, error) ListRefs(repositoryURL, username, password string, hardRefresh bool, tlsSkipVerify bool) ([]string, error) ListFiles(repositoryURL, referenceName, username, password string, dirOnly, hardRefresh bool, includeExts []string, tlsSkipVerify bool) ([]string, error) } // OpenAMTService represents a service for managing OpenAMT OpenAMTService interface { Configure(configuration OpenAMTConfiguration) error DeviceInformation(configuration OpenAMTConfiguration, deviceGUID string) (*OpenAMTDeviceInformation, error) EnableDeviceFeatures(configuration OpenAMTConfiguration, deviceGUID string, features OpenAMTDeviceEnabledFeatures) (string, error) ExecuteDeviceAction(configuration OpenAMTConfiguration, deviceGUID string, action string) error } // KubeClient represents a service used to query a Kubernetes environment(endpoint) KubeClient interface { SetupUserServiceAccount(userID int, teamIDs []int, restrictDefaultNamespace bool) error IsRBACEnabled() (bool, error) GetServiceAccount(tokendata *TokenData) (*v1.ServiceAccount, error) GetServiceAccountBearerToken(userID int) (string, error) CreateUserShellPod(ctx context.Context, serviceAccountName, shellPodImage string) (*KubernetesShellPod, error) StartExecProcess(token string, useAdminToken bool, namespace, podName, containerName string, command []string, stdin io.Reader, stdout io.Writer, errChan chan error) HasStackName(namespace string, stackName string) (bool, error) NamespaceAccessPoliciesDeleteNamespace(namespace string) error CreateNamespace(info models.K8sNamespaceDetails) error UpdateNamespace(info models.K8sNamespaceDetails) error GetNamespaces() (map[string]K8sNamespaceInfo, error) GetNamespace(string) (K8sNamespaceInfo, error) DeleteNamespace(namespace string) error GetConfigMapsAndSecrets(namespace string) ([]models.K8sConfigMapOrSecret, error) GetIngressControllers() (models.K8sIngressControllers, error) GetMetrics() (models.K8sMetrics, error) GetStorage() ([]KubernetesStorageClassConfig, error) CreateIngress(namespace string, info models.K8sIngressInfo, owner string) error UpdateIngress(namespace string, info models.K8sIngressInfo) error GetIngresses(namespace string) ([]models.K8sIngressInfo, error) DeleteIngresses(reqs models.K8sIngressDeleteRequests) error CreateService(namespace string, service models.K8sServiceInfo) error UpdateService(namespace string, service models.K8sServiceInfo) error GetServices(namespace string, lookupApplications bool) ([]models.K8sServiceInfo, error) DeleteServices(reqs models.K8sServiceDeleteRequests) error GetNodesLimits() (K8sNodesLimits, error) GetMaxResourceLimits(name string, overCommitEnabled bool, resourceOverCommitPercent int) (K8sNodeLimits, error) GetNamespaceAccessPolicies() (map[string]K8sNamespaceAccessPolicy, error) UpdateNamespaceAccessPolicies(accessPolicies map[string]K8sNamespaceAccessPolicy) error DeleteRegistrySecret(registry RegistryID, namespace string) error CreateRegistrySecret(registry *Registry, namespace string) error IsRegistrySecret(namespace, secretName string) (bool, error) ToggleSystemState(namespace string, isSystem bool) error } // KubernetesDeployer represents a service to deploy a manifest inside a Kubernetes environment(endpoint) KubernetesDeployer interface { Deploy(userID UserID, endpoint *Endpoint, manifestFiles []string, namespace string) (string, error) Remove(userID UserID, endpoint *Endpoint, manifestFiles []string, namespace string) (string, error) ConvertCompose(data []byte) ([]byte, error) } // KubernetesSnapshotter represents a service used to create Kubernetes environment(endpoint) snapshots KubernetesSnapshotter interface { CreateSnapshot(endpoint *Endpoint) (*KubernetesSnapshot, error) } // LDAPService represents a service used to authenticate users against a LDAP/AD LDAPService interface { AuthenticateUser(username, password string, settings *LDAPSettings) error TestConnectivity(settings *LDAPSettings) error GetUserGroups(username string, settings *LDAPSettings) ([]string, error) SearchGroups(settings *LDAPSettings) ([]LDAPUser, error) SearchUsers(settings *LDAPSettings) ([]string, error) } // OAuthService represents a service used to authenticate users using OAuth OAuthService interface { Authenticate(code string, configuration *OAuthSettings) (string, error) } // ReverseTunnelService represents a service used to manage reverse tunnel connections. ReverseTunnelService interface { StartTunnelServer(addr, port string, snapshotService SnapshotService) error StopTunnelServer() error GenerateEdgeKey(url, host string, endpointIdentifier int) string SetTunnelStatusToActive(endpointID EndpointID) SetTunnelStatusToRequired(endpointID EndpointID) error SetTunnelStatusToIdle(endpointID EndpointID) KeepTunnelAlive(endpointID EndpointID, ctx context.Context, maxKeepAlive time.Duration) GetTunnelDetails(endpointID EndpointID) TunnelDetails GetActiveTunnel(endpoint *Endpoint) (TunnelDetails, error) AddEdgeJob(endpoint *Endpoint, edgeJob *EdgeJob) RemoveEdgeJob(edgeJobID EdgeJobID) RemoveEdgeJobFromEndpoint(endpointID EndpointID, edgeJobID EdgeJobID) } // Server defines the interface to serve the API Server interface { Start() error } // SnapshotService represents a service for managing environment(endpoint) snapshots SnapshotService interface { Start() SetSnapshotInterval(snapshotInterval string) error SnapshotEndpoint(endpoint *Endpoint) error FillSnapshotData(endpoint *Endpoint) error } // SwarmStackManager represents a service to manage Swarm stacks SwarmStackManager interface { Login(registries []Registry, endpoint *Endpoint) error Logout(endpoint *Endpoint) error Deploy(stack *Stack, prune bool, pullImage bool, endpoint *Endpoint) error Remove(stack *Stack, endpoint *Endpoint) error NormalizeStackName(name string) string } ) const ( // APIVersion is the version number of the Portainer API APIVersion = "2.20.0" // Edition is what this edition of Portainer is called Edition = PortainerCE // ComposeSyntaxMaxVersion is a maximum supported version of the docker compose syntax ComposeSyntaxMaxVersion = "3.9" // AssetsServerURL represents the URL of the Portainer asset server AssetsServerURL = "https://portainer-io-assets.sfo2.digitaloceanspaces.com" // MessageOfTheDayURL represents the URL where Portainer MOTD message can be retrieved MessageOfTheDayURL = AssetsServerURL + "/motd.json" // VersionCheckURL represents the URL used to retrieve the latest version of Portainer VersionCheckURL = "https://api.github.com/repos/portainer/portainer/releases/latest" // PortainerAgentHeader represents the name of the header available in any agent response PortainerAgentHeader = "Portainer-Agent" // PortainerAgentEdgeIDHeader represent the name of the header containing the Edge ID associated to an agent/agent cluster PortainerAgentEdgeIDHeader = "X-PortainerAgent-EdgeID" // HTTPResponseAgentPlatform represents the name of the header containing the Agent platform HTTPResponseAgentPlatform = "Portainer-Agent-Platform" // PortainerAgentTargetHeader represent the name of the header containing the target node name PortainerAgentTargetHeader = "X-PortainerAgent-Target" // PortainerAgentSignatureHeader represent the name of the header containing the digital signature PortainerAgentSignatureHeader = "X-PortainerAgent-Signature" // PortainerAgentPublicKeyHeader represent the name of the header containing the public key PortainerAgentPublicKeyHeader = "X-PortainerAgent-PublicKey" // PortainerAgentKubernetesSATokenHeader represent the name of the header containing a Kubernetes SA token PortainerAgentKubernetesSATokenHeader = "X-PortainerAgent-SA-Token" // PortainerAgentSignatureMessage represents the message used to create a digital signature // to be used when communicating with an agent PortainerAgentSignatureMessage = "Portainer-App" // DefaultSnapshotInterval represents the default interval between each environment snapshot job DefaultSnapshotInterval = "5m" // DefaultEdgeAgentCheckinIntervalInSeconds represents the default interval (in seconds) used by Edge agents to checkin with the Portainer instance DefaultEdgeAgentCheckinIntervalInSeconds = 5 // DefaultTemplatesURL represents the URL to the official templates supported by Portainer DefaultTemplatesURL = "https://raw.githubusercontent.com/portainer/templates/v3.0/templates.json" // DefaultHelmrepositoryURL represents the URL to the official templates supported by Bitnami DefaultHelmRepositoryURL = "https://charts.bitnami.com/bitnami" // DefaultUserSessionTimeout represents the default timeout after which the user session is cleared DefaultUserSessionTimeout = "8h" // DefaultUserSessionTimeout represents the default timeout after which the user session is cleared DefaultKubeconfigExpiry = "0" // DefaultKubectlShellImage represents the default image and tag for the kubectl shell DefaultKubectlShellImage = "portainer/kubectl-shell" // WebSocketKeepAlive web socket keep alive for edge environments WebSocketKeepAlive = 1 * time.Hour ) // List of supported features const ( FeatureFdo = "fdo" ) var SupportedFeatureFlags = []featureflags.Feature{ FeatureFdo, } const ( _ AuthenticationMethod = iota // AuthenticationInternal represents the internal authentication method (authentication against Portainer API) AuthenticationInternal // AuthenticationLDAP represents the LDAP authentication method (authentication against a LDAP server) AuthenticationLDAP //AuthenticationOAuth represents the OAuth authentication method (authentication against a authorization server) AuthenticationOAuth ) const ( _ AgentPlatform = iota // AgentPlatformDocker represent the Docker platform (Standalone/Swarm) AgentPlatformDocker // AgentPlatformKubernetes represent the Kubernetes platform AgentPlatformKubernetes ) const ( _ EdgeJobLogsStatus = iota // EdgeJobLogsStatusIdle represents an idle log collection job EdgeJobLogsStatusIdle // EdgeJobLogsStatusPending represents a pending log collection job EdgeJobLogsStatusPending // EdgeJobLogsStatusCollected represents a completed log collection job EdgeJobLogsStatusCollected ) const ( _ CustomTemplatePlatform = iota // CustomTemplatePlatformLinux represents a custom template for linux CustomTemplatePlatformLinux // CustomTemplatePlatformWindows represents a custom template for windows CustomTemplatePlatformWindows ) const ( // EdgeStackDeploymentCompose represent an edge stack deployed using a compose file EdgeStackDeploymentCompose EdgeStackDeploymentType = iota // EdgeStackDeploymentKubernetes represent an edge stack deployed using a kubernetes manifest file EdgeStackDeploymentKubernetes ) const ( // EdgeStackStatusPending represents a pending edge stack EdgeStackStatusPending EdgeStackStatusType = iota //EdgeStackStatusDeploymentReceived represents an edge environment which received the edge stack deployment EdgeStackStatusDeploymentReceived //EdgeStackStatusError represents an edge environment which failed to deploy its edge stack EdgeStackStatusError //EdgeStackStatusAcknowledged represents an acknowledged edge stack EdgeStackStatusAcknowledged //EdgeStackStatusRemoved represents a removed edge stack EdgeStackStatusRemoved // StatusRemoteUpdateSuccess represents a successfully updated edge stack EdgeStackStatusRemoteUpdateSuccess // EdgeStackStatusImagesPulled represents a successfully images-pulling EdgeStackStatusImagesPulled // EdgeStackStatusRunning represents a running Edge stack EdgeStackStatusRunning // EdgeStackStatusDeploying represents an Edge stack which is being deployed EdgeStackStatusDeploying // EdgeStackStatusRemoving represents an Edge stack which is being removed EdgeStackStatusRemoving // EdgeStackStatusPausedDeploying represents a paused Edge stack EdgeStackStatusPausedDeploying // EdgeStackStatusRollingBack represents an Edge stack which is being rolled back EdgeStackStatusRollingBack // EdgeStackStatusRolledBack represents an Edge stack which has rolled back EdgeStackStatusRolledBack ) const ( _ EndpointStatus = iota // EndpointStatusUp is used to represent an available environment(endpoint) EndpointStatusUp // EndpointStatusDown is used to represent an unavailable environment(endpoint) EndpointStatusDown ) const ( _ EndpointType = iota // DockerEnvironment represents an environment(endpoint) connected to a Docker environment(endpoint) DockerEnvironment // AgentOnDockerEnvironment represents an environment(endpoint) connected to a Portainer agent deployed on a Docker environment(endpoint) AgentOnDockerEnvironment // AzureEnvironment represents an environment(endpoint) connected to an Azure environment(endpoint) AzureEnvironment // EdgeAgentOnDockerEnvironment represents an environment(endpoint) connected to an Edge agent deployed on a Docker environment(endpoint) EdgeAgentOnDockerEnvironment // KubernetesLocalEnvironment represents an environment(endpoint) connected to a local Kubernetes environment(endpoint) KubernetesLocalEnvironment // AgentOnKubernetesEnvironment represents an environment(endpoint) connected to a Portainer agent deployed on a Kubernetes environment(endpoint) AgentOnKubernetesEnvironment // EdgeAgentOnKubernetesEnvironment represents an environment(endpoint) connected to an Edge agent deployed on a Kubernetes environment(endpoint) EdgeAgentOnKubernetesEnvironment ) const ( _ JobType = iota // SnapshotJobType is a system job used to create environment(endpoint) snapshots SnapshotJobType = 2 ) const ( _ MembershipRole = iota // TeamLeader represents a leader role inside a team TeamLeader // TeamMember represents a member role inside a team TeamMember ) const ( _ SoftwareEdition = iota // PortainerCE represents the community edition of Portainer PortainerCE // PortainerBE represents the business edition of Portainer PortainerBE // PortainerEE represents the business edition of Portainer PortainerEE ) const ( _ RegistryType = iota // QuayRegistry represents a Quay.io registry QuayRegistry // AzureRegistry represents an ACR registry AzureRegistry // CustomRegistry represents a custom registry CustomRegistry // GitlabRegistry represents a gitlab registry GitlabRegistry // ProGetRegistry represents a proget registry ProGetRegistry // DockerHubRegistry represents a dockerhub registry DockerHubRegistry // EcrRegistry represents an ECR registry EcrRegistry ) const ( _ ResourceAccessLevel = iota // ReadWriteAccessLevel represents an access level with read-write permissions on a resource ReadWriteAccessLevel ) const ( _ ResourceControlType = iota // ContainerResourceControl represents a resource control associated to a Docker container ContainerResourceControl // ServiceResourceControl represents a resource control associated to a Docker service ServiceResourceControl // VolumeResourceControl represents a resource control associated to a Docker volume VolumeResourceControl // NetworkResourceControl represents a resource control associated to a Docker network NetworkResourceControl // SecretResourceControl represents a resource control associated to a Docker secret SecretResourceControl // StackResourceControl represents a resource control associated to a stack composed of Docker services StackResourceControl // ConfigResourceControl represents a resource control associated to a Docker config ConfigResourceControl // CustomTemplateResourceControl represents a resource control associated to a custom template CustomTemplateResourceControl // ContainerGroupResourceControl represents a resource control associated to an Azure container group ContainerGroupResourceControl ) const ( _ StackType = iota // DockerSwarmStack represents a stack managed via docker stack DockerSwarmStack // DockerComposeStack represents a stack managed via docker-compose DockerComposeStack // KubernetesStack represents a stack managed via kubectl KubernetesStack ) // StackStatus represents a status for a stack const ( _ StackStatus = iota StackStatusActive StackStatusInactive ) const ( _ TemplateType = iota // ContainerTemplate represents a container template ContainerTemplate // SwarmStackTemplate represents a template used to deploy a Swarm stack SwarmStackTemplate // ComposeStackTemplate represents a template used to deploy a Compose stack ComposeStackTemplate ) const ( // TLSFileCA represents a TLS CA certificate file TLSFileCA TLSFileType = iota // TLSFileCert represents a TLS certificate file TLSFileCert // TLSFileKey represents a TLS key file TLSFileKey ) const ( _ UserRole = iota // AdministratorRole represents an administrator user role AdministratorRole // StandardUserRole represents a regular user role StandardUserRole ) const ( _ WebhookType = iota // ServiceWebhook is a webhook for restarting a docker service ServiceWebhook ) const ( // EdgeAgentIdle represents an idle state for a tunnel connected to an Edge environment(endpoint). EdgeAgentIdle string = "IDLE" // EdgeAgentManagementRequired represents a required state for a tunnel connected to an Edge environment(endpoint) EdgeAgentManagementRequired string = "REQUIRED" // EdgeAgentActive represents an active state for a tunnel connected to an Edge environment(endpoint) EdgeAgentActive string = "ACTIVE" ) // represents an authorization type const ( OperationDockerContainerArchiveInfo Authorization = "DockerContainerArchiveInfo" OperationDockerContainerList Authorization = "DockerContainerList" OperationDockerContainerExport Authorization = "DockerContainerExport" OperationDockerContainerChanges Authorization = "DockerContainerChanges" OperationDockerContainerInspect Authorization = "DockerContainerInspect" OperationDockerContainerTop Authorization = "DockerContainerTop" OperationDockerContainerLogs Authorization = "DockerContainerLogs" OperationDockerContainerStats Authorization = "DockerContainerStats" OperationDockerContainerAttachWebsocket Authorization = "DockerContainerAttachWebsocket" OperationDockerContainerArchive Authorization = "DockerContainerArchive" OperationDockerContainerCreate Authorization = "DockerContainerCreate" OperationDockerContainerPrune Authorization = "DockerContainerPrune" OperationDockerContainerKill Authorization = "DockerContainerKill" OperationDockerContainerPause Authorization = "DockerContainerPause" OperationDockerContainerUnpause Authorization = "DockerContainerUnpause" OperationDockerContainerRestart Authorization = "DockerContainerRestart" OperationDockerContainerStart Authorization = "DockerContainerStart" OperationDockerContainerStop Authorization = "DockerContainerStop" OperationDockerContainerWait Authorization = "DockerContainerWait" OperationDockerContainerResize Authorization = "DockerContainerResize" OperationDockerContainerAttach Authorization = "DockerContainerAttach" OperationDockerContainerExec Authorization = "DockerContainerExec" OperationDockerContainerRename Authorization = "DockerContainerRename" OperationDockerContainerUpdate Authorization = "DockerContainerUpdate" OperationDockerContainerPutContainerArchive Authorization = "DockerContainerPutContainerArchive" OperationDockerContainerDelete Authorization = "DockerContainerDelete" OperationDockerImageList Authorization = "DockerImageList" OperationDockerImageSearch Authorization = "DockerImageSearch" OperationDockerImageGetAll Authorization = "DockerImageGetAll" OperationDockerImageGet Authorization = "DockerImageGet" OperationDockerImageHistory Authorization = "DockerImageHistory" OperationDockerImageInspect Authorization = "DockerImageInspect" OperationDockerImageLoad Authorization = "DockerImageLoad" OperationDockerImageCreate Authorization = "DockerImageCreate" OperationDockerImagePrune Authorization = "DockerImagePrune" OperationDockerImagePush Authorization = "DockerImagePush" OperationDockerImageTag Authorization = "DockerImageTag" OperationDockerImageDelete Authorization = "DockerImageDelete" OperationDockerImageCommit Authorization = "DockerImageCommit" OperationDockerImageBuild Authorization = "DockerImageBuild" OperationDockerNetworkList Authorization = "DockerNetworkList" OperationDockerNetworkInspect Authorization = "DockerNetworkInspect" OperationDockerNetworkCreate Authorization = "DockerNetworkCreate" OperationDockerNetworkConnect Authorization = "DockerNetworkConnect" OperationDockerNetworkDisconnect Authorization = "DockerNetworkDisconnect" OperationDockerNetworkPrune Authorization = "DockerNetworkPrune" OperationDockerNetworkDelete Authorization = "DockerNetworkDelete" OperationDockerVolumeList Authorization = "DockerVolumeList" OperationDockerVolumeInspect Authorization = "DockerVolumeInspect" OperationDockerVolumeCreate Authorization = "DockerVolumeCreate" OperationDockerVolumePrune Authorization = "DockerVolumePrune" OperationDockerVolumeDelete Authorization = "DockerVolumeDelete" OperationDockerExecInspect Authorization = "DockerExecInspect" OperationDockerExecStart Authorization = "DockerExecStart" OperationDockerExecResize Authorization = "DockerExecResize" OperationDockerSwarmInspect Authorization = "DockerSwarmInspect" OperationDockerSwarmUnlockKey Authorization = "DockerSwarmUnlockKey" OperationDockerSwarmInit Authorization = "DockerSwarmInit" OperationDockerSwarmJoin Authorization = "DockerSwarmJoin" OperationDockerSwarmLeave Authorization = "DockerSwarmLeave" OperationDockerSwarmUpdate Authorization = "DockerSwarmUpdate" OperationDockerSwarmUnlock Authorization = "DockerSwarmUnlock" OperationDockerNodeList Authorization = "DockerNodeList" OperationDockerNodeInspect Authorization = "DockerNodeInspect" OperationDockerNodeUpdate Authorization = "DockerNodeUpdate" OperationDockerNodeDelete Authorization = "DockerNodeDelete" OperationDockerServiceList Authorization = "DockerServiceList" OperationDockerServiceInspect Authorization = "DockerServiceInspect" OperationDockerServiceLogs Authorization = "DockerServiceLogs" OperationDockerServiceCreate Authorization = "DockerServiceCreate" OperationDockerServiceUpdate Authorization = "DockerServiceUpdate" OperationDockerServiceDelete Authorization = "DockerServiceDelete" OperationDockerSecretList Authorization = "DockerSecretList" OperationDockerSecretInspect Authorization = "DockerSecretInspect" OperationDockerSecretCreate Authorization = "DockerSecretCreate" OperationDockerSecretUpdate Authorization = "DockerSecretUpdate" OperationDockerSecretDelete Authorization = "DockerSecretDelete" OperationDockerConfigList Authorization = "DockerConfigList" OperationDockerConfigInspect Authorization = "DockerConfigInspect" OperationDockerConfigCreate Authorization = "DockerConfigCreate" OperationDockerConfigUpdate Authorization = "DockerConfigUpdate" OperationDockerConfigDelete Authorization = "DockerConfigDelete" OperationDockerTaskList Authorization = "DockerTaskList" OperationDockerTaskInspect Authorization = "DockerTaskInspect" OperationDockerTaskLogs Authorization = "DockerTaskLogs" OperationDockerPluginList Authorization = "DockerPluginList" OperationDockerPluginPrivileges Authorization = "DockerPluginPrivileges" OperationDockerPluginInspect Authorization = "DockerPluginInspect" OperationDockerPluginPull Authorization = "DockerPluginPull" OperationDockerPluginCreate Authorization = "DockerPluginCreate" OperationDockerPluginEnable Authorization = "DockerPluginEnable" OperationDockerPluginDisable Authorization = "DockerPluginDisable" OperationDockerPluginPush Authorization = "DockerPluginPush" OperationDockerPluginUpgrade Authorization = "DockerPluginUpgrade" OperationDockerPluginSet Authorization = "DockerPluginSet" OperationDockerPluginDelete Authorization = "DockerPluginDelete" OperationDockerSessionStart Authorization = "DockerSessionStart" OperationDockerDistributionInspect Authorization = "DockerDistributionInspect" OperationDockerBuildPrune Authorization = "DockerBuildPrune" OperationDockerBuildCancel Authorization = "DockerBuildCancel" OperationDockerPing Authorization = "DockerPing" OperationDockerInfo Authorization = "DockerInfo" OperationDockerEvents Authorization = "DockerEvents" OperationDockerSystem Authorization = "DockerSystem" OperationDockerVersion Authorization = "DockerVersion" OperationDockerAgentPing Authorization = "DockerAgentPing" OperationDockerAgentList Authorization = "DockerAgentList" OperationDockerAgentHostInfo Authorization = "DockerAgentHostInfo" OperationDockerAgentBrowseDelete Authorization = "DockerAgentBrowseDelete" OperationDockerAgentBrowseGet Authorization = "DockerAgentBrowseGet" OperationDockerAgentBrowseList Authorization = "DockerAgentBrowseList" OperationDockerAgentBrowsePut Authorization = "DockerAgentBrowsePut" OperationDockerAgentBrowseRename Authorization = "DockerAgentBrowseRename" OperationPortainerDockerHubInspect Authorization = "PortainerDockerHubInspect" OperationPortainerDockerHubUpdate Authorization = "PortainerDockerHubUpdate" OperationPortainerEndpointGroupCreate Authorization = "PortainerEndpointGroupCreate" OperationPortainerEndpointGroupList Authorization = "PortainerEndpointGroupList" OperationPortainerEndpointGroupDelete Authorization = "PortainerEndpointGroupDelete" OperationPortainerEndpointGroupInspect Authorization = "PortainerEndpointGroupInspect" OperationPortainerEndpointGroupUpdate Authorization = "PortainerEndpointGroupEdit" OperationPortainerEndpointGroupAccess Authorization = "PortainerEndpointGroupAccess " OperationPortainerEndpointList Authorization = "PortainerEndpointList" OperationPortainerEndpointInspect Authorization = "PortainerEndpointInspect" OperationPortainerEndpointCreate Authorization = "PortainerEndpointCreate" OperationPortainerEndpointJob Authorization = "PortainerEndpointJob" OperationPortainerEndpointSnapshots Authorization = "PortainerEndpointSnapshots" OperationPortainerEndpointSnapshot Authorization = "PortainerEndpointSnapshot" OperationPortainerEndpointUpdate Authorization = "PortainerEndpointUpdate" OperationPortainerEndpointUpdateAccess Authorization = "PortainerEndpointUpdateAccess" OperationPortainerEndpointDelete Authorization = "PortainerEndpointDelete" OperationPortainerExtensionList Authorization = "PortainerExtensionList" OperationPortainerExtensionInspect Authorization = "PortainerExtensionInspect" OperationPortainerExtensionCreate Authorization = "PortainerExtensionCreate" OperationPortainerExtensionUpdate Authorization = "PortainerExtensionUpdate" OperationPortainerExtensionDelete Authorization = "PortainerExtensionDelete" OperationPortainerMOTD Authorization = "PortainerMOTD" OperationPortainerRegistryList Authorization = "PortainerRegistryList" OperationPortainerRegistryInspect Authorization = "PortainerRegistryInspect" OperationPortainerRegistryCreate Authorization = "PortainerRegistryCreate" OperationPortainerRegistryConfigure Authorization = "PortainerRegistryConfigure" OperationPortainerRegistryUpdate Authorization = "PortainerRegistryUpdate" OperationPortainerRegistryUpdateAccess Authorization = "PortainerRegistryUpdateAccess" OperationPortainerRegistryDelete Authorization = "PortainerRegistryDelete" OperationPortainerResourceControlCreate Authorization = "PortainerResourceControlCreate" OperationPortainerResourceControlUpdate Authorization = "PortainerResourceControlUpdate" OperationPortainerResourceControlDelete Authorization = "PortainerResourceControlDelete" OperationPortainerRoleList Authorization = "PortainerRoleList" OperationPortainerRoleInspect Authorization = "PortainerRoleInspect" OperationPortainerRoleCreate Authorization = "PortainerRoleCreate" OperationPortainerRoleUpdate Authorization = "PortainerRoleUpdate" OperationPortainerRoleDelete Authorization = "PortainerRoleDelete" OperationPortainerScheduleList Authorization = "PortainerScheduleList" OperationPortainerScheduleInspect Authorization = "PortainerScheduleInspect" OperationPortainerScheduleFile Authorization = "PortainerScheduleFile" OperationPortainerScheduleTasks Authorization = "PortainerScheduleTasks" OperationPortainerScheduleCreate Authorization = "PortainerScheduleCreate" OperationPortainerScheduleUpdate Authorization = "PortainerScheduleUpdate" OperationPortainerScheduleDelete Authorization = "PortainerScheduleDelete" OperationPortainerSettingsInspect Authorization = "PortainerSettingsInspect" OperationPortainerSettingsUpdate Authorization = "PortainerSettingsUpdate" OperationPortainerSettingsLDAPCheck Authorization = "PortainerSettingsLDAPCheck" OperationPortainerStackList Authorization = "PortainerStackList" OperationPortainerStackInspect Authorization = "PortainerStackInspect" OperationPortainerStackFile Authorization = "PortainerStackFile" OperationPortainerStackCreate Authorization = "PortainerStackCreate" OperationPortainerStackMigrate Authorization = "PortainerStackMigrate" OperationPortainerStackUpdate Authorization = "PortainerStackUpdate" OperationPortainerStackDelete Authorization = "PortainerStackDelete" OperationPortainerTagList Authorization = "PortainerTagList" OperationPortainerTagCreate Authorization = "PortainerTagCreate" OperationPortainerTagDelete Authorization = "PortainerTagDelete" OperationPortainerTeamMembershipList Authorization = "PortainerTeamMembershipList" OperationPortainerTeamMembershipCreate Authorization = "PortainerTeamMembershipCreate" OperationPortainerTeamMembershipUpdate Authorization = "PortainerTeamMembershipUpdate" OperationPortainerTeamMembershipDelete Authorization = "PortainerTeamMembershipDelete" OperationPortainerTeamList Authorization = "PortainerTeamList" OperationPortainerTeamInspect Authorization = "PortainerTeamInspect" OperationPortainerTeamMemberships Authorization = "PortainerTeamMemberships" OperationPortainerTeamCreate Authorization = "PortainerTeamCreate" OperationPortainerTeamUpdate Authorization = "PortainerTeamUpdate" OperationPortainerTeamDelete Authorization = "PortainerTeamDelete" OperationPortainerTemplateList Authorization = "PortainerTemplateList" OperationPortainerTemplateInspect Authorization = "PortainerTemplateInspect" OperationPortainerTemplateCreate Authorization = "PortainerTemplateCreate" OperationPortainerTemplateUpdate Authorization = "PortainerTemplateUpdate" OperationPortainerTemplateDelete Authorization = "PortainerTemplateDelete" OperationPortainerUploadTLS Authorization = "PortainerUploadTLS" OperationPortainerUserList Authorization = "PortainerUserList" OperationPortainerUserInspect Authorization = "PortainerUserInspect" OperationPortainerUserMemberships Authorization = "PortainerUserMemberships" OperationPortainerUserCreate Authorization = "PortainerUserCreate" OperationPortainerUserListToken Authorization = "PortainerUserListToken" OperationPortainerUserCreateToken Authorization = "PortainerUserCreateToken" OperationPortainerUserRevokeToken Authorization = "PortainerUserRevokeToken" OperationPortainerUserUpdate Authorization = "PortainerUserUpdate" OperationPortainerUserUpdatePassword Authorization = "PortainerUserUpdatePassword" OperationPortainerUserDelete Authorization = "PortainerUserDelete" OperationPortainerWebsocketExec Authorization = "PortainerWebsocketExec" OperationPortainerWebhookList Authorization = "PortainerWebhookList" OperationPortainerWebhookCreate Authorization = "PortainerWebhookCreate" OperationPortainerWebhookDelete Authorization = "PortainerWebhookDelete" OperationDockerUndefined Authorization = "DockerUndefined" OperationDockerAgentUndefined Authorization = "DockerAgentUndefined" OperationPortainerUndefined Authorization = "PortainerUndefined" EndpointResourcesAccess Authorization = "EndpointResourcesAccess" // Deprecated operations OperationPortainerEndpointExtensionAdd Authorization = "PortainerEndpointExtensionAdd" OperationPortainerEndpointExtensionRemove Authorization = "PortainerEndpointExtensionRemove" OperationIntegrationStoridgeAdmin Authorization = "IntegrationStoridgeAdmin" ) // GetEditionLabel returns the portainer edition label func (e SoftwareEdition) GetEditionLabel() string { switch e { case PortainerCE: return "CE" case PortainerBE: return "BE" case PortainerEE: return "EE" } return "CE" } const ( AzurePathContainerGroups = "/subscriptions/*/providers/Microsoft.ContainerInstance/containerGroups" AzurePathContainerGroup = "/subscriptions/*/resourceGroups/*/providers/Microsoft.ContainerInstance/containerGroups/*" ) type PerDevConfigsFilterType string const ( PerDevConfigsTypeFile PerDevConfigsFilterType = "file" PerDevConfigsTypeDir PerDevConfigsFilterType = "dir" )