* EE-319: backup endpoint (#193)
* feat(backup):
* add an orbiter to block writes while backup
* add backup handler
* add an ability to tar.gz a dir
* add aes encryption support
* EE-320: restore endpoint (#196)
* feat(backup):
* add restore handler
* re-init system state after restore
* feat(backup): Update server to respect readonly lock (#199)
* feat(backup): EE-322 Add backup and restore screen (#198)
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* name archive as portainer-backup_yyyy-mm-dd_hh-mm-ss
* backup custom templates and edge jobs
* restart http and proxy servers after restore to re-init internal state
* feat(backup): EE-322 hide password field if password protect toggle is off
* feat(backup): EE-322 add tooltip for password field of restore backup
* feat(backup): EE-322 wait for backend restart after restoring
* Shutdown background go-routines
* changed restore err message when cannot extract
* fix: symlinks are ignored from backups
* replace single admin check with a restartable monitor (#238)
* clean log
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
Co-authored-by: cong meng <mcpacino@gmail.com>
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* feat(rbac): EE-226 Add a new RBAC "Operator" Role
* feat(rbac): EE-226 prioritize Operator after EndpointAdmin and before Helpdesk
* feat(rbac): EE-226 access viewer shows incorrect effective role after introduce of Operator
* feat(rbac): EE-226 show roles order by priority other than name
* feat(rbac): EE-226 remove OperationK8sVolumeDetailsW authorization from operator role
* feat(rbac): EE-226 always increase bucket next sequence when create a role
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* feat(docker) EE-131 relocate the Docker features/security settings to be available per endpoint
* feat(docker) EE-131 allow endpoint admin role user to update endpoint settings
* feat(docker) EE-131 populate volume browsing authorizations to user endpoint authorizations when user toggle the setting of volume management for non-administrators
* feat(docker) EE-131 remove parameter volumeBrowsingAuthorizations from all DefaultEndpointAuthorizationsForxxx functions
* feat(docker) EE-131 fix a layout bug of the browse button
* feat(ACI): EE-273 move migrator of 27 into migrate_dbversion26.go
* feat(docker) EE-131 in container creation view, show the privileged mode toggle if cureent user is admin or endpoint admin
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* refactor(stack): create unique name function
* refactor(stack): change stack resource control id
* feat(stacks): validate stack unique name in endpoint
* feat(stacks): prevent name collision with external stacks
* refactor(stacks): move resource id util
* refactor(stacks): supply resource id util with name and endpoint
* fix(docker): calculate swarm resource id
* feat(stack): prevent migration if stack name already exist
* feat(authorization): use stackutils
* feat(docker/stacks): add creation and update dates
* feat(docker/stacks): put ownership column as the last column
* feat(docker/stacks): fix the no stacks message
* refactor(docker/stacks): make external stacks helpers more readable
* feat(docker/stacks): add updated and created by
* feat(docker/stacks): toggle updated column
* refactor(datatable): create column visibility component
Co-authored-by: alice groux <alice.grx@gmail.com>
* * handle teams been added or removed in the resource pool
* do not delete role bindings but just remove the user subject
* * fix missing rolemap
* * revert the role bindings changes (not the cause of the issue)
* * fix token cache cleaning endpoint tokens
* fix(license): Fix license expiration inconsistency with displayed date
* Fix inconsistent expiration
* Use liblicense expiration compute
* wip
* Use db for expiresAt in license detailed view
* Fix date differences
* * partially ignore errors during user deletion
* collect all errors during user deletion
* remove role/cluster role bindings when empty
* + update resource pool access endpoint
* remove bindings when user is removed from resource pool
* remove token cache when user is added to the resource pool
* - remove delete tokens endpoint
* use actual TriggerUserAuthUpdate
* * fix comments
* * improve error returns
* * removed authorization in stack deployment, will let k8s handling it
* * removed unused import
* + OperationK8sApplicationsAdvancedDeploymentRW for user
* check namespace authorization in k8s stack deployment endpoint
* - remove OperationK8sApplicationsAdvancedDeploymentRW from user
* fix(rbac): Endpoint admin cannot access the cluster setup view
* * allow endpoint admin to update k8s cluster setup in endpoint
* * make sure a user token is issued first
* fix(rbac): allow admin to update cluster setup
Co-authored-by: yi-portainer <yi.chen@portainer.io>
* fix(rbac): Not enforcing on backend for resource creation, application edit and console log operations of users that this should be prevented for
* + k8s access user namespaces policy
+ debug logs
* fix multiple authorization calculation issues
* * use endpoint role rather than user role for calculating authorizations
* * fix namespace role binding
* * check user authorization in k8s pod exec
* * fix some of the logging messages
Co-authored-by: yi-portainer <yi.chen@portainer.io>
* feat(router): add transition guard for init route
* feat(router): check if license is valid between routes
* style(app): change order of config and run
* feat(bouncer): block non admins from using without license
* style(bouncer): add comment about license validation
* fix(frontend): show failing placement details for endpoint-admin and helpdesk users
* fix(frontend): add excludeAuthorization directive to determine endpoint-admin and helpdesk users
* fix(k8s/rbac): add OperationK8sApplicationErrorDetailsR authorization for endpoint-admin and helpdesk users
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* fix(licenses): prevent removal of last valid license
* * add back the logic that prevent the last license been removed, whether valid or not.
* Revert "* add back the logic that prevent the last license been removed, whether valid or not."
This reverts commit 389b5f8985bf543821cab02ad3252d75ef46ccee.
Co-authored-by: yi-portainer <yi.chen@portainer.io>
* refactor backup
Update upgrade texts
* Restore Failed Upgrade to EE to initial CE version
* Store version before upgrading
* Check rollback command line
* Fix version display
* Update template url only for CE 1.xx
* Fix comments
* revert go modules
* remove duplicate migration
* remove unused files