diff --git a/api/git/azure_integration_test.go b/api/git/azure_integration_test.go index 9f3a60c2a..6d684d877 100644 --- a/api/git/azure_integration_test.go +++ b/api/git/azure_integration_test.go @@ -55,7 +55,7 @@ func TestService_ClonePublicRepository_Azure(t *testing.T) { assert.NoError(t, err) defer os.RemoveAll(dst) repositoryUrl := fmt.Sprintf(tt.args.repositoryURLFormat, tt.args.password) - err = service.CloneRepository(repositoryUrl, tt.args.referenceName, dst, "", "") + err = service.CloneRepository(dst, repositoryUrl, tt.args.referenceName, "", "") assert.NoError(t, err) assert.FileExists(t, filepath.Join(dst, "README.md")) }) @@ -73,7 +73,7 @@ func TestService_ClonePrivateRepository_Azure(t *testing.T) { defer os.RemoveAll(dst) repositoryUrl := "https://portainer.visualstudio.com/Playground/_git/dev_integration" - err = service.CloneRepository(repositoryUrl, "refs/heads/main", dst, "", pat) + err = service.CloneRepository(dst, repositoryUrl, "refs/heads/main", "", pat) assert.NoError(t, err) assert.FileExists(t, filepath.Join(dst, "README.md")) } diff --git a/api/git/git.go b/api/git/git.go index 9415cc2d0..7887f7d95 100644 --- a/api/git/git.go +++ b/api/git/git.go @@ -89,7 +89,7 @@ func NewService() *Service { // CloneRepository clones a git repository using the specified URL in the specified // destination folder. -func (service *Service) CloneRepository(repositoryURL, referenceName, destination, username, password string) error { +func (service *Service) CloneRepository(destination, repositoryURL, referenceName, username, password string) error { options := cloneOptions{ repositoryUrl: repositoryURL, username: username, diff --git a/api/git/git_integration_test.go b/api/git/git_integration_test.go index 5c9103690..d35ba8d52 100644 --- a/api/git/git_integration_test.go +++ b/api/git/git_integration_test.go @@ -21,7 +21,7 @@ func TestService_ClonePrivateRepository_GitHub(t *testing.T) { defer os.RemoveAll(dst) repositoryUrl := "https://github.com/portainer/private-test-repository.git" - err = service.CloneRepository(repositoryUrl, "refs/heads/main", dst, username, pat) + err = service.CloneRepository(dst, repositoryUrl, "refs/heads/main", username, pat) assert.NoError(t, err) assert.FileExists(t, filepath.Join(dst, "README.md")) } diff --git a/api/git/git_test.go b/api/git/git_test.go index 8ffba3364..14878b304 100644 --- a/api/git/git_test.go +++ b/api/git/git_test.go @@ -60,7 +60,7 @@ func Test_ClonePublicRepository_Shallow(t *testing.T) { } defer os.RemoveAll(dir) t.Logf("Cloning into %s", dir) - err = service.CloneRepository(repositoryURL, referenceName, dir, "", "") + err = service.CloneRepository(dir, repositoryURL, referenceName, "", "") assert.NoError(t, err) assert.Equal(t, 1, getCommitHistoryLength(t, err, dir), "cloned repo has incorrect depth") } @@ -79,7 +79,7 @@ func Test_ClonePublicRepository_NoGitDirectory(t *testing.T) { defer os.RemoveAll(dir) t.Logf("Cloning into %s", dir) - err = service.CloneRepository(repositoryURL, referenceName, dir, "", "") + err = service.CloneRepository(dir, repositoryURL, referenceName, "", "") assert.NoError(t, err) assert.NoDirExists(t, filepath.Join(dir, ".git")) } diff --git a/api/http/handler/stacks/handler.go b/api/http/handler/stacks/handler.go index f61952515..bf92baeaf 100644 --- a/api/http/handler/stacks/handler.go +++ b/api/http/handler/stacks/handler.go @@ -54,6 +54,8 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler { bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.stackDelete))).Methods(http.MethodDelete) h.Handle("/stacks/{id}", bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.stackUpdate))).Methods(http.MethodPut) + h.Handle("/stacks/{id}/git", + bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.stackUpdateGit))).Methods(http.MethodPut) h.Handle("/stacks/{id}/file", bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.stackFile))).Methods(http.MethodGet) h.Handle("/stacks/{id}/migrate", diff --git a/api/http/handler/stacks/stack_update_git.go b/api/http/handler/stacks/stack_update_git.go new file mode 100644 index 000000000..8715686c9 --- /dev/null +++ b/api/http/handler/stacks/stack_update_git.go @@ -0,0 +1,159 @@ +package stacks + +import ( + "errors" + "net/http" + "time" + + "github.com/asaskevich/govalidator" + httperror "github.com/portainer/libhttp/error" + "github.com/portainer/libhttp/request" + "github.com/portainer/libhttp/response" + portainer "github.com/portainer/portainer/api" + bolterrors "github.com/portainer/portainer/api/bolt/errors" + httperrors "github.com/portainer/portainer/api/http/errors" + "github.com/portainer/portainer/api/http/security" + "github.com/portainer/portainer/api/internal/stackutils" +) + +type updateStackGitPayload struct { + Env []portainer.Pair + Prune bool + + RepositoryReferenceName string + RepositoryAuthentication bool + RepositoryUsername string + RepositoryPassword string +} + +func (payload *updateStackGitPayload) Validate(r *http.Request) error { + if payload.RepositoryAuthentication && (govalidator.IsNull(payload.RepositoryUsername) || govalidator.IsNull(payload.RepositoryPassword)) { + return errors.New("Invalid repository credentials. Username and password must be specified when authentication is enabled") + } + return nil +} + +// PUT request on /api/stacks/:id/git?endpointId= +func (handler *Handler) stackUpdateGit(w http.ResponseWriter, r *http.Request) *httperror.HandlerError { + stackID, err := request.RetrieveNumericRouteVariableValue(r, "id") + if err != nil { + return &httperror.HandlerError{http.StatusBadRequest, "Invalid stack identifier route variable", err} + } + + stack, err := handler.DataStore.Stack().Stack(portainer.StackID(stackID)) + if err == bolterrors.ErrObjectNotFound { + return &httperror.HandlerError{http.StatusNotFound, "Unable to find a stack with the specified identifier inside the database", err} + } else if err != nil { + return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a stack with the specified identifier inside the database", err} + } + + if stack.GitConfig == nil { + return &httperror.HandlerError{http.StatusBadRequest, "Stack is not created from git", err} + } + + // TODO: this is a work-around for stacks created with Portainer version >= 1.17.1 + // The EndpointID property is not available for these stacks, this API endpoint + // can use the optional EndpointID query parameter to associate a valid endpoint identifier to the stack. + endpointID, err := request.RetrieveNumericQueryParameter(r, "endpointId", true) + if err != nil { + return &httperror.HandlerError{http.StatusBadRequest, "Invalid query parameter: endpointId", err} + } + if endpointID != int(stack.EndpointID) { + stack.EndpointID = portainer.EndpointID(endpointID) + } + + endpoint, err := handler.DataStore.Endpoint().Endpoint(stack.EndpointID) + if err == bolterrors.ErrObjectNotFound { + return &httperror.HandlerError{http.StatusNotFound, "Unable to find the endpoint associated to the stack inside the database", err} + } else if err != nil { + return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find the endpoint associated to the stack inside the database", err} + } + + err = handler.requestBouncer.AuthorizedEndpointOperation(r, endpoint) + if err != nil { + return &httperror.HandlerError{http.StatusForbidden, "Permission denied to access endpoint", err} + } + + resourceControl, err := handler.DataStore.ResourceControl().ResourceControlByResourceIDAndType(stackutils.ResourceControlID(stack.EndpointID, stack.Name), portainer.StackResourceControl) + if err != nil { + return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve a resource control associated to the stack", err} + } + + securityContext, err := security.RetrieveRestrictedRequestContext(r) + if err != nil { + return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err} + } + + access, err := handler.userCanAccessStack(securityContext, endpoint.ID, resourceControl) + if err != nil { + return &httperror.HandlerError{http.StatusInternalServerError, "Unable to verify user authorizations to validate stack access", err} + } + if !access { + return &httperror.HandlerError{http.StatusForbidden, "Access denied to resource", httperrors.ErrResourceAccessDenied} + } + + var payload updateStackGitPayload + err = request.DecodeAndValidateJSONPayload(r, &payload) + if err != nil { + return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err} + } + + stack.Env = payload.Env + stack.GitConfig.ReferenceName = payload.RepositoryReferenceName + + err = handler.FileService.RemoveDirectory(stack.ProjectPath) + if err != nil { + return &httperror.HandlerError{http.StatusInternalServerError, "Unable to remove git repository directory", err} + } + + err = handler.GitService.CloneRepository(stack.ProjectPath, stack.GitConfig.URL, payload.RepositoryReferenceName, payload.RepositoryUsername, payload.RepositoryPassword) + if err != nil { + return &httperror.HandlerError{http.StatusInternalServerError, "Unable to clone git repository", err} + } + + httpErr := handler.deployStack(r, stack, endpoint, payload.Prune) + if httpErr != nil { + return httpErr + } + + err = handler.DataStore.Stack().UpdateStack(stack.ID, stack) + if err != nil { + return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the stack changes inside the database", err} + } + + return response.JSON(w, stack) +} + +func (handler *Handler) deployStack(r *http.Request, stack *portainer.Stack, endpoint *portainer.Endpoint, prune bool) *httperror.HandlerError { + if stack.Type == portainer.DockerSwarmStack { + config, httpErr := handler.createSwarmDeployConfig(r, stack, endpoint, prune) + if httpErr != nil { + return httpErr + } + + err := handler.deploySwarmStack(config) + if err != nil { + return &httperror.HandlerError{http.StatusInternalServerError, err.Error(), err} + } + + stack.UpdateDate = time.Now().Unix() + stack.UpdatedBy = config.user.Username + + return nil + } + + config, httpErr := handler.createComposeDeployConfig(r, stack, endpoint) + if httpErr != nil { + return httpErr + } + + err := handler.deployComposeStack(config) + if err != nil { + return &httperror.HandlerError{http.StatusInternalServerError, err.Error(), err} + } + + stack.UpdateDate = time.Now().Unix() + stack.UpdatedBy = config.user.Username + + return nil +} diff --git a/api/internal/testhelpers/git_service.go b/api/internal/testhelpers/git_service.go index a51c431c6..8dca32cd1 100644 --- a/api/internal/testhelpers/git_service.go +++ b/api/internal/testhelpers/git_service.go @@ -7,6 +7,6 @@ func NewGitService() *gitService { return &gitService{} } -func (service *gitService) CloneRepository(destination string, repositoryURL, referenceName string, auth bool, username, password string) error { +func (service *gitService) CloneRepository(destination string, repositoryURL, referenceName string, username, password string) error { return nil }