* fix(rbac) override AccessPolicies by endpint group ID correctly instead by array index EE-744
* fix(rbac) Iterate users and teams who are existing in NAP EE-744
* fix(rbac) Rename long func name to CleanNAPWithOverridePolicies EE-744
* fix(rbac) cleanup code EE-744
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* EE-384: add endpoint to set auto backup (#224)
* EE-383: add endpoint to fetch backup settings (#231)
* add get backup settings handler
* add api docs desc
* EE-382: restore from s3 (#233)
* EE-381: add GET backup status handler (#234)
* EE-385: Add S3 backup execute handler (#237)
* add s3 backup execute handler
* refactories inside `./api/backup/backup_scheduler.go` and `./api/backup/backup_scheduler.go`
* fix tests
* EE-375: added backup to S3 form
* EE-376: added restore from S3 form
* EE-377: Update Home screen to display last backup run status
* update backup service with back end endpoints.
* restart admin monitor during s3 restores
* use go 1.13
* go 1.13 compatibility
* EE-375: added cron-validator lib
* EE-375: using enum to compare form types
* EE-375: validate cron rule field
* try fix windows build
* EE-375 EE-376 backup and restore forms validation changes
* fix(autobackup): update autobackup settings validation rules (#260)
* fix(autobackup): automate backup to s3 fe update (#261)
* EE-292: fixed typo in property.
* EE-292: updated auto backup front end validation.
* EE-292: updated lib to validate cron rule in front end
* fix dependencies
* bumped libcompose version
Co-authored-by: Hui <arris_li@hotmail.com>
Co-authored-by: Felix Han <felix.han@portainer.io>
Co-authored-by: fhanportainer <79428273+fhanportainer@users.noreply.github.com>
* fix(k8s): EE-354 Unable to use advanced deployment feature on agent and Edge agent endpoints
* fix(k8s): EE-354 enable advance deploy UI
* fix(k8s): EE-354 use the v2 version of agent api instead of v3
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* EE-319: backup endpoint (#193)
* feat(backup):
* add an orbiter to block writes while backup
* add backup handler
* add an ability to tar.gz a dir
* add aes encryption support
* EE-320: restore endpoint (#196)
* feat(backup):
* add restore handler
* re-init system state after restore
* feat(backup): Update server to respect readonly lock (#199)
* feat(backup): EE-322 Add backup and restore screen (#198)
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* name archive as portainer-backup_yyyy-mm-dd_hh-mm-ss
* backup custom templates and edge jobs
* restart http and proxy servers after restore to re-init internal state
* feat(backup): EE-322 hide password field if password protect toggle is off
* feat(backup): EE-322 add tooltip for password field of restore backup
* feat(backup): EE-322 wait for backend restart after restoring
* Shutdown background go-routines
* changed restore err message when cannot extract
* fix: symlinks are ignored from backups
* replace single admin check with a restartable monitor (#238)
* clean log
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
Co-authored-by: cong meng <mcpacino@gmail.com>
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* feat(rbac): EE-226 Add a new RBAC "Operator" Role
* feat(rbac): EE-226 prioritize Operator after EndpointAdmin and before Helpdesk
* feat(rbac): EE-226 access viewer shows incorrect effective role after introduce of Operator
* feat(rbac): EE-226 show roles order by priority other than name
* feat(rbac): EE-226 remove OperationK8sVolumeDetailsW authorization from operator role
* feat(rbac): EE-226 always increase bucket next sequence when create a role
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* feat(docker) EE-131 relocate the Docker features/security settings to be available per endpoint
* feat(docker) EE-131 allow endpoint admin role user to update endpoint settings
* feat(docker) EE-131 populate volume browsing authorizations to user endpoint authorizations when user toggle the setting of volume management for non-administrators
* feat(docker) EE-131 remove parameter volumeBrowsingAuthorizations from all DefaultEndpointAuthorizationsForxxx functions
* feat(docker) EE-131 fix a layout bug of the browse button
* feat(ACI): EE-273 move migrator of 27 into migrate_dbversion26.go
* feat(docker) EE-131 in container creation view, show the privileged mode toggle if cureent user is admin or endpoint admin
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* refactor(stack): create unique name function
* refactor(stack): change stack resource control id
* feat(stacks): validate stack unique name in endpoint
* feat(stacks): prevent name collision with external stacks
* refactor(stacks): move resource id util
* refactor(stacks): supply resource id util with name and endpoint
* fix(docker): calculate swarm resource id
* feat(stack): prevent migration if stack name already exist
* feat(authorization): use stackutils
* feat(docker/stacks): add creation and update dates
* feat(docker/stacks): put ownership column as the last column
* feat(docker/stacks): fix the no stacks message
* refactor(docker/stacks): make external stacks helpers more readable
* feat(docker/stacks): add updated and created by
* feat(docker/stacks): toggle updated column
* refactor(datatable): create column visibility component
Co-authored-by: alice groux <alice.grx@gmail.com>
* * handle teams been added or removed in the resource pool
* do not delete role bindings but just remove the user subject
* * fix missing rolemap
* * revert the role bindings changes (not the cause of the issue)
* * fix token cache cleaning endpoint tokens
* * partially ignore errors during user deletion
* collect all errors during user deletion
* remove role/cluster role bindings when empty
* + update resource pool access endpoint
* remove bindings when user is removed from resource pool
* remove token cache when user is added to the resource pool
* - remove delete tokens endpoint
* use actual TriggerUserAuthUpdate
* * fix comments
* * improve error returns
* * removed authorization in stack deployment, will let k8s handling it
* * removed unused import
* + OperationK8sApplicationsAdvancedDeploymentRW for user
* check namespace authorization in k8s stack deployment endpoint
* - remove OperationK8sApplicationsAdvancedDeploymentRW from user
* fix(rbac): Endpoint admin cannot access the cluster setup view
* * allow endpoint admin to update k8s cluster setup in endpoint
* * make sure a user token is issued first
* fix(rbac): allow admin to update cluster setup
Co-authored-by: yi-portainer <yi.chen@portainer.io>
* fix(rbac): Not enforcing on backend for resource creation, application edit and console log operations of users that this should be prevented for
* + k8s access user namespaces policy
+ debug logs
* fix multiple authorization calculation issues
* * use endpoint role rather than user role for calculating authorizations
* * fix namespace role binding
* * check user authorization in k8s pod exec
* * fix some of the logging messages
Co-authored-by: yi-portainer <yi.chen@portainer.io>
* feat(router): add transition guard for init route
* feat(router): check if license is valid between routes
* style(app): change order of config and run
* feat(bouncer): block non admins from using without license
* style(bouncer): add comment about license validation
* + endpoint and namespace level authorizations
+ user namespace authorization API
+ k8s client setup service account with k8s roles and policies by portainer role
* User authorization changes refresh token cache
* rbac authorizes k8s requests
* CE to EE migrator to include new authorizations
* code clean up
* comments
* * merge in the RestrictDefaultNamespace changes
* - remove unnecessary check for default namespace
* + updates namespace access policies when generating token
* * updates namespace access policies when querying the user namespace endpoint
* + k8s rule in rbac.go for endpoint access test
+ missing k8s cluster rules for different roles
* feat(rbac): update kube rbac
* feat(rbac): use the authorization directive
* feat(rbac): Update namespace access policies when user/team is deleted
* refactor(app): use new angular-multi-select capabilities
* feat(rbac): fix authorizations
* feat(rbac): fix userAccessPolicies update bug
* feat(rbac): add W applications authorizations
* feat(rbac): add application details W authorizations
* feat(rbac): add configurations W autohorizations
* feat(rbac): add configuration details W authorizations
* feat(rbac): add volumes W authorizations
* feat(rbac): add volume details W authorizations
* feat(rbac): add componentstatus to portainer-view role and add cluster/node authorizations
* fix(rbac): disable application note for non authorized user
* fix(rbac): add endpoints list and components status to portainer-basic
* fix(rbac): allow user to access default namespace when restrict default namespace isn't activated
* fix(rbac): remove default namespace from useraccesspolicies when restrict default namespace isn't activated
* fix(rbac): change some things
* fix(rbac): allow standard user to access container console
* - removed unused parameter
* fix(rbac): fix team authorizations
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
Co-authored-by: xAt0mZ <baron_l@epitech.eu>
* feat(stacks): check for name collision within external stacks
* feat(stacks): check for name collisions
* feat(stacks): check for running stacks
* feat(stacks): change name collision message
* feat(stack): check for existing services only on swarm
* fix(http): supply docker factory to handler
* feat(stacks): look at all containers
* feat(ldap): simplify ldap configuration
refactor(auth): move ldap settings to a component
feat(ldap): add username style autofill
feat(ldap): customs for ad
feat(app): introduce box selector
refactor(auth-settings): use box selector
feat(ldap): style changes
refactor(ldap): move connectivity check button to a component
refactor(settings): move ldap security settings to a component
refactor(ldap): move user search to component
refactor(ldap): move group search to component
style(ldap): remove comment
refactor(auth-settings): move auto-user-toggle to component
feat(ldap): provide methods to search for users and groups
refactor(ldap): move group/user settings into component
refactor(ldap): provide labels for components
refactor(ldap): separate custom and ad settings
fix(ldap): search for users
feat(ldap): search users
feat(ldap): complete password if missing
feat(ldap): search for users
feat(ldap): show a list of users
feat(ldap): get user uid
feat(ldap): search groups without password
feat(groups): show group results
feat(ldap): add display types
feat(ldap): search for groups
refactor(ldap): clean code
fix(ldap): sort users table
fix(ldap): show settings by type
feat(ldap): parse values from basedn
feat(ldap): parse values
feat(app): emit on change event from box-selector
feat(ldap): user search filter
feat(ldap): search username attribute
feat(ldap): remove format around search filter
feat(ldap): ad group search
refactor(ldap): move dn builder to component
feat(ldap): use base dn builder for group search
feat(ldap): search for ad groups
refactor(ldap): replace domain root object
feat(ldap): openldap settings
refactor(ldap): delete empty controllers
feat(ldap): remove warning on wrong group filter
feat(ldap): clear username and pass if not AD
feat(ldap): clear basedn when switch from openldap to ad
feat(ldap): clear ldap settings when switich from ldap to ad
feat(ldap): set dn only if there are values
feat(ldap): support more cases of domains
feat(ldap): parse openldap domain correctly
refactor(ldap): move server type check
feat(ldap): move entries
feat(ldap): show username format
style(ldap): remove comments
feat(ldap): clear group filter when no groups
refactor(ldap): replace generic payload
feat(ldap): allow the user to test login
feat(ldap): add test login to custom and open ldap settings
feat(ldap): style fixes
fix(ldap): style fix
fix(ldap): style fixes
refactor(ldap): move components to module
feat(ldap): add group entries
feat(ldap): add borders around each group entry
feat(ldap): parse user filter
feat(ldap): add/remove group
feat(ldap): set ad anonymous mode to false
feat(ldap): add group name
feat(ldap): fix parentheses
feat(ldap): separate between each search config
fix(ldap): fix parsing of group dn
feat(ldap): style fixes
feat(ldap): remove of change of filter
refactor(ldap): remove user display style
feat(ldap): rename group entries field
refactor(auth): move auto user provision
refactor(ldap): refactor box selector
feat(ldap): move ad settings to be a global setting
style(ldap): remove comments
feat(ldap): add auto user toggle
refactor(auth/ad): rename ad component
fix(auth/ad): fix the use of a certificate
refactor(ldap): rename components
fix(ldap): show user and group search
fix(ldap): design group settings
feat(ldap): search users and groups
feat(ldap): add margins
refactor(ldap): separate ldap and ad settings
refactor(auth): use central check for auth method
feat(ldap): clear margins
feat(ldap): add port if missing
feat(ldap): fix ad name
fix(ldap): rename fields
feat(ldap): add domain root field
feat(auth/ad): remove domain root field
feat(ldap): rename base dn to root domain
feat(ldap/openldap): get suffix
feat(ldap/open): change base filter
fix(ldap): align
feat(db): introduce migration for ldap server type
refactor(ldap): move service to ldap module
refactor(ldap): sync between client and server constants
fix(ldap): use post for check
style(ldap): fix handler comments
fix(ldap): check for errors
style(ldap): fix tyop
fix(ldap): check equality
style(ldap): add comments
fix(ldap): allow anonymous mode
fix(ldap): show errors on search users
feat(lasp): use custom settings for each server
fix(ldap): supply default group filter
fix(ldap): show domain suffix in new settings
fix(ldap): replace icon with text
refactor(components): remove box-selector-wrapper
* fix(ldap): enable test when form is valid
* fix(ldap): add port if missing