mirror of https://github.com/portainer/portainer
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
485 lines
18 KiB
485 lines
18 KiB
package stacks
|
|
|
|
import (
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/asaskevich/govalidator"
|
|
"github.com/pkg/errors"
|
|
httperror "github.com/portainer/libhttp/error"
|
|
"github.com/portainer/libhttp/request"
|
|
portainer "github.com/portainer/portainer/api"
|
|
"github.com/portainer/portainer/api/filesystem"
|
|
gittypes "github.com/portainer/portainer/api/git/types"
|
|
"github.com/portainer/portainer/api/http/security"
|
|
"github.com/portainer/portainer/api/internal/stackutils"
|
|
)
|
|
|
|
type composeStackFromFileContentPayload struct {
|
|
// Name of the stack
|
|
Name string `example:"myStack" validate:"required"`
|
|
// Content of the Stack file
|
|
StackFileContent string `example:"version: 3\n services:\n web:\n image:nginx" validate:"required"`
|
|
// A list of environment(endpoint) variables used during stack deployment
|
|
Env []portainer.Pair `example:""`
|
|
// Whether the stack is from a app template
|
|
FromAppTemplate bool `example:"false"`
|
|
}
|
|
|
|
func (payload *composeStackFromFileContentPayload) Validate(r *http.Request) error {
|
|
if govalidator.IsNull(payload.Name) {
|
|
return errors.New("Invalid stack name")
|
|
}
|
|
|
|
if govalidator.IsNull(payload.StackFileContent) {
|
|
return errors.New("Invalid stack file content")
|
|
}
|
|
return nil
|
|
}
|
|
func (handler *Handler) checkAndCleanStackDupFromSwarm(w http.ResponseWriter, r *http.Request, endpoint *portainer.Endpoint, userID portainer.UserID, stack *portainer.Stack) error {
|
|
resourceControl, err := handler.DataStore.ResourceControl().ResourceControlByResourceIDAndType(stackutils.ResourceControlID(stack.EndpointID, stack.Name), portainer.StackResourceControl)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
// stop scheduler updates of the stack before removal
|
|
if stack.AutoUpdate != nil {
|
|
stopAutoupdate(stack.ID, stack.AutoUpdate.JobID, *handler.Scheduler)
|
|
}
|
|
|
|
err = handler.DataStore.Stack().DeleteStack(stack.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if resourceControl != nil {
|
|
err = handler.DataStore.ResourceControl().DeleteResourceControl(resourceControl.ID)
|
|
if err != nil {
|
|
log.Printf("[ERROR] [Stack] Unable to remove the associated resource control from the database for stack: [%+v].", stack)
|
|
}
|
|
}
|
|
|
|
if exists, _ := handler.FileService.FileExists(stack.ProjectPath); exists {
|
|
err = handler.FileService.RemoveDirectory(stack.ProjectPath)
|
|
if err != nil {
|
|
log.Printf("Unable to remove stack files from disk for stack: [%+v].", stack)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (handler *Handler) createComposeStackFromFileContent(w http.ResponseWriter, r *http.Request, endpoint *portainer.Endpoint, userID portainer.UserID) *httperror.HandlerError {
|
|
var payload composeStackFromFileContentPayload
|
|
err := request.DecodeAndValidateJSONPayload(r, &payload)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid request payload", Err: err}
|
|
}
|
|
|
|
payload.Name = handler.ComposeStackManager.NormalizeStackName(payload.Name)
|
|
|
|
isUnique, err := handler.checkUniqueStackNameInDocker(endpoint, payload.Name, 0, false)
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to check for name collision", err}
|
|
}
|
|
|
|
if !isUnique {
|
|
stacks, err := handler.DataStore.Stack().StacksByName(payload.Name)
|
|
if err != nil {
|
|
return stackExistsError(payload.Name)
|
|
}
|
|
for _, stack := range stacks {
|
|
if stack.Type != portainer.DockerComposeStack && stack.EndpointID == endpoint.ID {
|
|
err := handler.checkAndCleanStackDupFromSwarm(w, r, endpoint, userID, &stack)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid request payload", Err: err}
|
|
}
|
|
} else {
|
|
return stackExistsError(payload.Name)
|
|
}
|
|
}
|
|
}
|
|
|
|
stackID := handler.DataStore.Stack().GetNextIdentifier()
|
|
stack := &portainer.Stack{
|
|
ID: portainer.StackID(stackID),
|
|
Name: payload.Name,
|
|
Type: portainer.DockerComposeStack,
|
|
EndpointID: endpoint.ID,
|
|
EntryPoint: filesystem.ComposeFileDefaultName,
|
|
Env: payload.Env,
|
|
Status: portainer.StackStatusActive,
|
|
CreationDate: time.Now().Unix(),
|
|
FromAppTemplate: payload.FromAppTemplate,
|
|
}
|
|
|
|
stackFolder := strconv.Itoa(int(stack.ID))
|
|
projectPath, err := handler.FileService.StoreStackFileFromBytes(stackFolder, stack.EntryPoint, []byte(payload.StackFileContent))
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist Compose file on disk", Err: err}
|
|
}
|
|
stack.ProjectPath = projectPath
|
|
|
|
doCleanUp := true
|
|
defer handler.cleanUp(stack, &doCleanUp)
|
|
|
|
config, configErr := handler.createComposeDeployConfig(r, stack, endpoint)
|
|
if configErr != nil {
|
|
return configErr
|
|
}
|
|
|
|
err = handler.deployComposeStack(config)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: err.Error(), Err: err}
|
|
}
|
|
|
|
stack.CreatedBy = config.user.Username
|
|
|
|
err = handler.DataStore.Stack().Create(stack)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist the stack inside the database", Err: err}
|
|
}
|
|
|
|
doCleanUp = false
|
|
return handler.decorateStackResponse(w, stack, userID)
|
|
}
|
|
|
|
type composeStackFromGitRepositoryPayload struct {
|
|
// Name of the stack
|
|
Name string `example:"myStack" validate:"required"`
|
|
// URL of a Git repository hosting the Stack file
|
|
RepositoryURL string `example:"https://github.com/openfaas/faas" validate:"required"`
|
|
// Reference name of a Git repository hosting the Stack file
|
|
RepositoryReferenceName string `example:"refs/heads/master"`
|
|
// Use basic authentication to clone the Git repository
|
|
RepositoryAuthentication bool `example:"true"`
|
|
// Username used in basic authentication. Required when RepositoryAuthentication is true.
|
|
RepositoryUsername string `example:"myGitUsername"`
|
|
// Password used in basic authentication. Required when RepositoryAuthentication is true.
|
|
RepositoryPassword string `example:"myGitPassword"`
|
|
// Path to the Stack file inside the Git repository
|
|
ComposeFile string `example:"docker-compose.yml" default:"docker-compose.yml"`
|
|
// Applicable when deploying with multiple stack files
|
|
AdditionalFiles []string `example:"[nz.compose.yml, uat.compose.yml]"`
|
|
// Optional auto update configuration
|
|
AutoUpdate *portainer.StackAutoUpdate
|
|
// A list of environment(endpoint) variables used during stack deployment
|
|
Env []portainer.Pair
|
|
// Whether the stack is from a app template
|
|
FromAppTemplate bool `example:"false"`
|
|
}
|
|
|
|
func (payload *composeStackFromGitRepositoryPayload) Validate(r *http.Request) error {
|
|
if govalidator.IsNull(payload.Name) {
|
|
return errors.New("Invalid stack name")
|
|
}
|
|
if govalidator.IsNull(payload.RepositoryURL) || !govalidator.IsURL(payload.RepositoryURL) {
|
|
return errors.New("Invalid repository URL. Must correspond to a valid URL format")
|
|
}
|
|
if govalidator.IsNull(payload.RepositoryReferenceName) {
|
|
payload.RepositoryReferenceName = defaultGitReferenceName
|
|
}
|
|
if payload.RepositoryAuthentication && govalidator.IsNull(payload.RepositoryPassword) {
|
|
return errors.New("Invalid repository credentials. Password must be specified when authentication is enabled")
|
|
}
|
|
if err := validateStackAutoUpdate(payload.AutoUpdate); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (handler *Handler) createComposeStackFromGitRepository(w http.ResponseWriter, r *http.Request, endpoint *portainer.Endpoint, userID portainer.UserID) *httperror.HandlerError {
|
|
var payload composeStackFromGitRepositoryPayload
|
|
err := request.DecodeAndValidateJSONPayload(r, &payload)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid request payload", Err: err}
|
|
}
|
|
|
|
payload.Name = handler.ComposeStackManager.NormalizeStackName(payload.Name)
|
|
if payload.ComposeFile == "" {
|
|
payload.ComposeFile = filesystem.ComposeFileDefaultName
|
|
}
|
|
|
|
isUnique, err := handler.checkUniqueStackNameInDocker(endpoint, payload.Name, 0, false)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to check for name collision", Err: err}
|
|
}
|
|
|
|
if !isUnique {
|
|
stacks, err := handler.DataStore.Stack().StacksByName(payload.Name)
|
|
if err != nil {
|
|
return stackExistsError(payload.Name)
|
|
}
|
|
for _, stack := range stacks {
|
|
if stack.Type != portainer.DockerComposeStack && stack.EndpointID == endpoint.ID {
|
|
err := handler.checkAndCleanStackDupFromSwarm(w, r, endpoint, userID, &stack)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid request payload", Err: err}
|
|
}
|
|
} else {
|
|
return stackExistsError(payload.Name)
|
|
}
|
|
}
|
|
}
|
|
|
|
//make sure the webhook ID is unique
|
|
if payload.AutoUpdate != nil && payload.AutoUpdate.Webhook != "" {
|
|
isUnique, err := handler.checkUniqueWebhookID(payload.AutoUpdate.Webhook)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to check for webhook ID collision", Err: err}
|
|
}
|
|
if !isUnique {
|
|
return &httperror.HandlerError{StatusCode: http.StatusConflict, Message: fmt.Sprintf("Webhook ID: %s already exists", payload.AutoUpdate.Webhook), Err: errWebhookIDAlreadyExists}
|
|
}
|
|
}
|
|
|
|
stackID := handler.DataStore.Stack().GetNextIdentifier()
|
|
stack := &portainer.Stack{
|
|
ID: portainer.StackID(stackID),
|
|
Name: payload.Name,
|
|
Type: portainer.DockerComposeStack,
|
|
EndpointID: endpoint.ID,
|
|
EntryPoint: payload.ComposeFile,
|
|
AdditionalFiles: payload.AdditionalFiles,
|
|
AutoUpdate: payload.AutoUpdate,
|
|
Env: payload.Env,
|
|
FromAppTemplate: payload.FromAppTemplate,
|
|
GitConfig: &gittypes.RepoConfig{
|
|
URL: payload.RepositoryURL,
|
|
ReferenceName: payload.RepositoryReferenceName,
|
|
ConfigFilePath: payload.ComposeFile,
|
|
},
|
|
Status: portainer.StackStatusActive,
|
|
CreationDate: time.Now().Unix(),
|
|
}
|
|
|
|
if payload.RepositoryAuthentication {
|
|
stack.GitConfig.Authentication = &gittypes.GitAuthentication{
|
|
Username: payload.RepositoryUsername,
|
|
Password: payload.RepositoryPassword,
|
|
}
|
|
}
|
|
|
|
projectPath := handler.FileService.GetStackProjectPath(strconv.Itoa(int(stack.ID)))
|
|
stack.ProjectPath = projectPath
|
|
|
|
doCleanUp := true
|
|
defer handler.cleanUp(stack, &doCleanUp)
|
|
|
|
err = handler.clone(projectPath, payload.RepositoryURL, payload.RepositoryReferenceName, payload.RepositoryAuthentication, payload.RepositoryUsername, payload.RepositoryPassword)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to clone git repository", Err: err}
|
|
}
|
|
|
|
commitID, err := handler.latestCommitID(payload.RepositoryURL, payload.RepositoryReferenceName, payload.RepositoryAuthentication, payload.RepositoryUsername, payload.RepositoryPassword)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to fetch git repository id", Err: err}
|
|
}
|
|
stack.GitConfig.ConfigHash = commitID
|
|
|
|
config, configErr := handler.createComposeDeployConfig(r, stack, endpoint)
|
|
if configErr != nil {
|
|
return configErr
|
|
}
|
|
|
|
err = handler.deployComposeStack(config)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: err.Error(), Err: err}
|
|
}
|
|
|
|
if payload.AutoUpdate != nil && payload.AutoUpdate.Interval != "" {
|
|
jobID, e := startAutoupdate(stack.ID, stack.AutoUpdate.Interval, handler.Scheduler, handler.StackDeployer, handler.DataStore, handler.GitService)
|
|
if e != nil {
|
|
return e
|
|
}
|
|
|
|
stack.AutoUpdate.JobID = jobID
|
|
}
|
|
|
|
stack.CreatedBy = config.user.Username
|
|
|
|
err = handler.DataStore.Stack().Create(stack)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist the stack inside the database", Err: err}
|
|
}
|
|
|
|
doCleanUp = false
|
|
return handler.decorateStackResponse(w, stack, userID)
|
|
}
|
|
|
|
type composeStackFromFileUploadPayload struct {
|
|
Name string
|
|
StackFileContent []byte
|
|
Env []portainer.Pair
|
|
}
|
|
|
|
func decodeRequestForm(r *http.Request) (*composeStackFromFileUploadPayload, error) {
|
|
payload := &composeStackFromFileUploadPayload{}
|
|
name, err := request.RetrieveMultiPartFormValue(r, "Name", false)
|
|
if err != nil {
|
|
return nil, errors.New("Invalid stack name")
|
|
}
|
|
payload.Name = name
|
|
|
|
composeFileContent, _, err := request.RetrieveMultiPartFormFile(r, "file")
|
|
if err != nil {
|
|
return nil, errors.New("Invalid Compose file. Ensure that the Compose file is uploaded correctly")
|
|
}
|
|
payload.StackFileContent = composeFileContent
|
|
|
|
var env []portainer.Pair
|
|
err = request.RetrieveMultiPartFormJSONValue(r, "Env", &env, true)
|
|
if err != nil {
|
|
return nil, errors.New("Invalid Env parameter")
|
|
}
|
|
payload.Env = env
|
|
return payload, nil
|
|
}
|
|
|
|
func (handler *Handler) createComposeStackFromFileUpload(w http.ResponseWriter, r *http.Request, endpoint *portainer.Endpoint, userID portainer.UserID) *httperror.HandlerError {
|
|
payload, err := decodeRequestForm(r)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid request payload", Err: err}
|
|
}
|
|
|
|
payload.Name = handler.ComposeStackManager.NormalizeStackName(payload.Name)
|
|
|
|
isUnique, err := handler.checkUniqueStackNameInDocker(endpoint, payload.Name, 0, false)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to check for name collision", Err: err}
|
|
}
|
|
|
|
if !isUnique {
|
|
stacks, err := handler.DataStore.Stack().StacksByName(payload.Name)
|
|
if err != nil {
|
|
return stackExistsError(payload.Name)
|
|
}
|
|
for _, stack := range stacks {
|
|
if stack.Type != portainer.DockerComposeStack && stack.EndpointID == endpoint.ID {
|
|
err := handler.checkAndCleanStackDupFromSwarm(w, r, endpoint, userID, &stack)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid request payload", Err: err}
|
|
}
|
|
} else {
|
|
return stackExistsError(payload.Name)
|
|
}
|
|
}
|
|
}
|
|
|
|
stackID := handler.DataStore.Stack().GetNextIdentifier()
|
|
stack := &portainer.Stack{
|
|
ID: portainer.StackID(stackID),
|
|
Name: payload.Name,
|
|
Type: portainer.DockerComposeStack,
|
|
EndpointID: endpoint.ID,
|
|
EntryPoint: filesystem.ComposeFileDefaultName,
|
|
Env: payload.Env,
|
|
Status: portainer.StackStatusActive,
|
|
CreationDate: time.Now().Unix(),
|
|
}
|
|
|
|
stackFolder := strconv.Itoa(int(stack.ID))
|
|
projectPath, err := handler.FileService.StoreStackFileFromBytes(stackFolder, stack.EntryPoint, payload.StackFileContent)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist Compose file on disk", Err: err}
|
|
}
|
|
stack.ProjectPath = projectPath
|
|
|
|
doCleanUp := true
|
|
defer handler.cleanUp(stack, &doCleanUp)
|
|
|
|
config, configErr := handler.createComposeDeployConfig(r, stack, endpoint)
|
|
if configErr != nil {
|
|
return configErr
|
|
}
|
|
|
|
err = handler.deployComposeStack(config)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: err.Error(), Err: err}
|
|
}
|
|
|
|
stack.CreatedBy = config.user.Username
|
|
|
|
err = handler.DataStore.Stack().Create(stack)
|
|
if err != nil {
|
|
return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist the stack inside the database", Err: err}
|
|
}
|
|
|
|
doCleanUp = false
|
|
return handler.decorateStackResponse(w, stack, userID)
|
|
}
|
|
|
|
type composeStackDeploymentConfig struct {
|
|
stack *portainer.Stack
|
|
endpoint *portainer.Endpoint
|
|
registries []portainer.Registry
|
|
isAdmin bool
|
|
user *portainer.User
|
|
}
|
|
|
|
func (handler *Handler) createComposeDeployConfig(r *http.Request, stack *portainer.Stack, endpoint *portainer.Endpoint) (*composeStackDeploymentConfig, *httperror.HandlerError) {
|
|
securityContext, err := security.RetrieveRestrictedRequestContext(r)
|
|
if err != nil {
|
|
return nil, &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to retrieve info from request context", Err: err}
|
|
}
|
|
|
|
user, err := handler.DataStore.User().User(securityContext.UserID)
|
|
if err != nil {
|
|
return nil, &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to load user information from the database", Err: err}
|
|
}
|
|
|
|
registries, err := handler.DataStore.Registry().Registries()
|
|
if err != nil {
|
|
return nil, &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to retrieve registries from the database", Err: err}
|
|
}
|
|
filteredRegistries := security.FilterRegistries(registries, user, securityContext.UserMemberships, endpoint.ID)
|
|
|
|
config := &composeStackDeploymentConfig{
|
|
stack: stack,
|
|
endpoint: endpoint,
|
|
registries: filteredRegistries,
|
|
isAdmin: securityContext.IsAdmin,
|
|
user: user,
|
|
}
|
|
|
|
return config, nil
|
|
}
|
|
|
|
// TODO: libcompose uses credentials store into a config.json file to pull images from
|
|
// private registries. Right now the only solution is to re-use the embedded Docker binary
|
|
// to login/logout, which will generate the required data in the config.json file and then
|
|
// clean it. Hence the use of the mutex.
|
|
// We should contribute to libcompose to support authentication without using the config.json file.
|
|
func (handler *Handler) deployComposeStack(config *composeStackDeploymentConfig) error {
|
|
isAdminOrEndpointAdmin, err := handler.userIsAdminOrEndpointAdmin(config.user, config.endpoint.ID)
|
|
if err != nil {
|
|
return errors.Wrap(err, "failed to check user priviliges deploying a stack")
|
|
}
|
|
|
|
securitySettings := &config.endpoint.SecuritySettings
|
|
|
|
if (!securitySettings.AllowBindMountsForRegularUsers ||
|
|
!securitySettings.AllowPrivilegedModeForRegularUsers ||
|
|
!securitySettings.AllowHostNamespaceForRegularUsers ||
|
|
!securitySettings.AllowDeviceMappingForRegularUsers ||
|
|
!securitySettings.AllowSysctlSettingForRegularUsers ||
|
|
!securitySettings.AllowContainerCapabilitiesForRegularUsers) &&
|
|
!isAdminOrEndpointAdmin {
|
|
|
|
for _, file := range append([]string{config.stack.EntryPoint}, config.stack.AdditionalFiles...) {
|
|
stackContent, err := handler.FileService.GetFileContent(config.stack.ProjectPath, file)
|
|
if err != nil {
|
|
return errors.Wrapf(err, "failed to get stack file content `%q`", file)
|
|
}
|
|
|
|
err = handler.isValidStackFile(stackContent, securitySettings)
|
|
if err != nil {
|
|
return errors.Wrap(err, "compose file is invalid")
|
|
}
|
|
}
|
|
}
|
|
|
|
return handler.StackDeployer.DeployComposeStack(config.stack, config.endpoint, config.registries)
|
|
}
|