* EE-319: backup endpoint (#193)
* feat(backup):
* add an orbiter to block writes while backup
* add backup handler
* add an ability to tar.gz a dir
* add aes encryption support
* EE-320: restore endpoint (#196)
* feat(backup):
* add restore handler
* re-init system state after restore
* feat(backup): Update server to respect readonly lock (#199)
* feat(backup): EE-322 Add backup and restore screen (#198)
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* name archive as portainer-backup_yyyy-mm-dd_hh-mm-ss
* backup custom templates and edge jobs
* restart http and proxy servers after restore to re-init internal state
* feat(backup): EE-322 hide password field if password protect toggle is off
* feat(backup): EE-322 add tooltip for password field of restore backup
* feat(backup): EE-322 wait for backend restart after restoring
* Shutdown background go-routines
* changed restore err message when cannot extract
* fix: symlinks are ignored from backups
* replace single admin check with a restartable monitor (#238)
* clean log
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
Co-authored-by: cong meng <mcpacino@gmail.com>
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* feat(rbac): EE-226 Add a new RBAC "Operator" Role
* feat(rbac): EE-226 prioritize Operator after EndpointAdmin and before Helpdesk
* feat(rbac): EE-226 access viewer shows incorrect effective role after introduce of Operator
* feat(rbac): EE-226 show roles order by priority other than name
* feat(rbac): EE-226 remove OperationK8sVolumeDetailsW authorization from operator role
* feat(rbac): EE-226 always increase bucket next sequence when create a role
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* feat(docker) EE-131 relocate the Docker features/security settings to be available per endpoint
* feat(docker) EE-131 allow endpoint admin role user to update endpoint settings
* feat(docker) EE-131 populate volume browsing authorizations to user endpoint authorizations when user toggle the setting of volume management for non-administrators
* feat(docker) EE-131 remove parameter volumeBrowsingAuthorizations from all DefaultEndpointAuthorizationsForxxx functions
* feat(docker) EE-131 fix a layout bug of the browse button
* feat(ACI): EE-273 move migrator of 27 into migrate_dbversion26.go
* feat(docker) EE-131 in container creation view, show the privileged mode toggle if cureent user is admin or endpoint admin
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* refactor(stack): create unique name function
* refactor(stack): change stack resource control id
* feat(stacks): validate stack unique name in endpoint
* feat(stacks): prevent name collision with external stacks
* refactor(stacks): move resource id util
* refactor(stacks): supply resource id util with name and endpoint
* fix(docker): calculate swarm resource id
* feat(stack): prevent migration if stack name already exist
* feat(authorization): use stackutils
* feat(docker/stacks): add creation and update dates
* feat(docker/stacks): put ownership column as the last column
* feat(docker/stacks): fix the no stacks message
* refactor(docker/stacks): make external stacks helpers more readable
* feat(docker/stacks): add updated and created by
* feat(docker/stacks): toggle updated column
* refactor(datatable): create column visibility component
Co-authored-by: alice groux <alice.grx@gmail.com>
* * handle teams been added or removed in the resource pool
* do not delete role bindings but just remove the user subject
* * fix missing rolemap
* * revert the role bindings changes (not the cause of the issue)
* * fix token cache cleaning endpoint tokens
* * partially ignore errors during user deletion
* collect all errors during user deletion
* remove role/cluster role bindings when empty
* + update resource pool access endpoint
* remove bindings when user is removed from resource pool
* remove token cache when user is added to the resource pool
* - remove delete tokens endpoint
* use actual TriggerUserAuthUpdate
* * fix comments
* * improve error returns
* * removed authorization in stack deployment, will let k8s handling it
* * removed unused import
* + OperationK8sApplicationsAdvancedDeploymentRW for user
* check namespace authorization in k8s stack deployment endpoint
* - remove OperationK8sApplicationsAdvancedDeploymentRW from user
* fix(rbac): Endpoint admin cannot access the cluster setup view
* * allow endpoint admin to update k8s cluster setup in endpoint
* * make sure a user token is issued first
* fix(rbac): allow admin to update cluster setup
Co-authored-by: yi-portainer <yi.chen@portainer.io>
* fix(rbac): Not enforcing on backend for resource creation, application edit and console log operations of users that this should be prevented for
* + k8s access user namespaces policy
+ debug logs
* fix multiple authorization calculation issues
* * use endpoint role rather than user role for calculating authorizations
* * fix namespace role binding
* * check user authorization in k8s pod exec
* * fix some of the logging messages
Co-authored-by: yi-portainer <yi.chen@portainer.io>
* feat(router): add transition guard for init route
* feat(router): check if license is valid between routes
* style(app): change order of config and run
* feat(bouncer): block non admins from using without license
* style(bouncer): add comment about license validation
* + endpoint and namespace level authorizations
+ user namespace authorization API
+ k8s client setup service account with k8s roles and policies by portainer role
* User authorization changes refresh token cache
* rbac authorizes k8s requests
* CE to EE migrator to include new authorizations
* code clean up
* comments
* * merge in the RestrictDefaultNamespace changes
* - remove unnecessary check for default namespace
* + updates namespace access policies when generating token
* * updates namespace access policies when querying the user namespace endpoint
* + k8s rule in rbac.go for endpoint access test
+ missing k8s cluster rules for different roles
* feat(rbac): update kube rbac
* feat(rbac): use the authorization directive
* feat(rbac): Update namespace access policies when user/team is deleted
* refactor(app): use new angular-multi-select capabilities
* feat(rbac): fix authorizations
* feat(rbac): fix userAccessPolicies update bug
* feat(rbac): add W applications authorizations
* feat(rbac): add application details W authorizations
* feat(rbac): add configurations W autohorizations
* feat(rbac): add configuration details W authorizations
* feat(rbac): add volumes W authorizations
* feat(rbac): add volume details W authorizations
* feat(rbac): add componentstatus to portainer-view role and add cluster/node authorizations
* fix(rbac): disable application note for non authorized user
* fix(rbac): add endpoints list and components status to portainer-basic
* fix(rbac): allow user to access default namespace when restrict default namespace isn't activated
* fix(rbac): remove default namespace from useraccesspolicies when restrict default namespace isn't activated
* fix(rbac): change some things
* fix(rbac): allow standard user to access container console
* - removed unused parameter
* fix(rbac): fix team authorizations
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
Co-authored-by: xAt0mZ <baron_l@epitech.eu>
* feat(stacks): check for name collision within external stacks
* feat(stacks): check for name collisions
* feat(stacks): check for running stacks
* feat(stacks): change name collision message
* feat(stack): check for existing services only on swarm
* fix(http): supply docker factory to handler
* feat(stacks): look at all containers
* feat(ldap): simplify ldap configuration
refactor(auth): move ldap settings to a component
feat(ldap): add username style autofill
feat(ldap): customs for ad
feat(app): introduce box selector
refactor(auth-settings): use box selector
feat(ldap): style changes
refactor(ldap): move connectivity check button to a component
refactor(settings): move ldap security settings to a component
refactor(ldap): move user search to component
refactor(ldap): move group search to component
style(ldap): remove comment
refactor(auth-settings): move auto-user-toggle to component
feat(ldap): provide methods to search for users and groups
refactor(ldap): move group/user settings into component
refactor(ldap): provide labels for components
refactor(ldap): separate custom and ad settings
fix(ldap): search for users
feat(ldap): search users
feat(ldap): complete password if missing
feat(ldap): search for users
feat(ldap): show a list of users
feat(ldap): get user uid
feat(ldap): search groups without password
feat(groups): show group results
feat(ldap): add display types
feat(ldap): search for groups
refactor(ldap): clean code
fix(ldap): sort users table
fix(ldap): show settings by type
feat(ldap): parse values from basedn
feat(ldap): parse values
feat(app): emit on change event from box-selector
feat(ldap): user search filter
feat(ldap): search username attribute
feat(ldap): remove format around search filter
feat(ldap): ad group search
refactor(ldap): move dn builder to component
feat(ldap): use base dn builder for group search
feat(ldap): search for ad groups
refactor(ldap): replace domain root object
feat(ldap): openldap settings
refactor(ldap): delete empty controllers
feat(ldap): remove warning on wrong group filter
feat(ldap): clear username and pass if not AD
feat(ldap): clear basedn when switch from openldap to ad
feat(ldap): clear ldap settings when switich from ldap to ad
feat(ldap): set dn only if there are values
feat(ldap): support more cases of domains
feat(ldap): parse openldap domain correctly
refactor(ldap): move server type check
feat(ldap): move entries
feat(ldap): show username format
style(ldap): remove comments
feat(ldap): clear group filter when no groups
refactor(ldap): replace generic payload
feat(ldap): allow the user to test login
feat(ldap): add test login to custom and open ldap settings
feat(ldap): style fixes
fix(ldap): style fix
fix(ldap): style fixes
refactor(ldap): move components to module
feat(ldap): add group entries
feat(ldap): add borders around each group entry
feat(ldap): parse user filter
feat(ldap): add/remove group
feat(ldap): set ad anonymous mode to false
feat(ldap): add group name
feat(ldap): fix parentheses
feat(ldap): separate between each search config
fix(ldap): fix parsing of group dn
feat(ldap): style fixes
feat(ldap): remove of change of filter
refactor(ldap): remove user display style
feat(ldap): rename group entries field
refactor(auth): move auto user provision
refactor(ldap): refactor box selector
feat(ldap): move ad settings to be a global setting
style(ldap): remove comments
feat(ldap): add auto user toggle
refactor(auth/ad): rename ad component
fix(auth/ad): fix the use of a certificate
refactor(ldap): rename components
fix(ldap): show user and group search
fix(ldap): design group settings
feat(ldap): search users and groups
feat(ldap): add margins
refactor(ldap): separate ldap and ad settings
refactor(auth): use central check for auth method
feat(ldap): clear margins
feat(ldap): add port if missing
feat(ldap): fix ad name
fix(ldap): rename fields
feat(ldap): add domain root field
feat(auth/ad): remove domain root field
feat(ldap): rename base dn to root domain
feat(ldap/openldap): get suffix
feat(ldap/open): change base filter
fix(ldap): align
feat(db): introduce migration for ldap server type
refactor(ldap): move service to ldap module
refactor(ldap): sync between client and server constants
fix(ldap): use post for check
style(ldap): fix handler comments
fix(ldap): check for errors
style(ldap): fix tyop
fix(ldap): check equality
style(ldap): add comments
fix(ldap): allow anonymous mode
fix(ldap): show errors on search users
feat(lasp): use custom settings for each server
fix(ldap): supply default group filter
fix(ldap): show domain suffix in new settings
fix(ldap): replace icon with text
refactor(components): remove box-selector-wrapper
* fix(ldap): enable test when form is valid
* fix(ldap): add port if missing
* feat(license): add liblicense dep
* feat(license): add bolt license service
* feat(license): introduce license service
* feat(license): validate license before adding
* feat(license): aggregate info after changing of licenses
* feat(http): implement http handlers
* feat(license-management): introduce license service
* feat(licenses): introduce empty view
* feat(license-management): add datatable
* feat(licenses): show license info
* fix(license): inject services
* feat(licenses): add buttons to buy/renew license
* feat(licenses): introduce add license route
* feat(licenses): add license form
* feat(license): datatable
* feat(license): show more details about license
* refactor(license): rename components name
* feat(licenses): show expiration date
* feat(license): introduce init license route
* feat(license): validate license
* feat(license): save licenses
* feat(bouncer): check if license is valid on restricted
* feat(bouncer): remove license check on api
* feat(home): add node warning
* feat(licenses): remove license
* feat(licenses): listen to info changes
* feat(license): show license expiration message
* feat(license): block regular users from licenses view
* feat(license): prevent removing of last license
* fix(license): show message when failed delete
* feat(license): remove trial license when applying oneoff
* feat(license): hide the number of nodes for trial
* feat(auth): disable login if license is invalid
* feat(licenses): add confirmation before removal of license
* feat(nodes): count nodes in env
* feat(license): show message if nodes exceed allowed
* feat(deps): update liblicense
* feat(licenses): show validation errors
* feat(license): use information panel for node info
* fix(license): reload license data on remove
* fix(license): always send list of failed keys
* fix(license): rename buttons
* feat(license): replace icon
* feat(license): add link to licenses page in add license
* fix(licenses): show green valid icon
* fix(licenses): rename expires at
* fix(licenses): rename Attach to add
* fix(licenses): show license type label
* feat(license): aggregate revoked info
* chore(deps): update liblicense
* fix(license): remove space
* fix(sidebar): align icon
* fix(license): change info layout
* feat(license): aggregate only valid licenses
* fix(licenses): move add license to a new line
* style(license): remove console
* refactor(license): move license line to component
* feat(license): check server validation
* fix(licenses): check form validation before submit
* feat(licenses): send only invalid licenses
* fix(license): hide panels when not needed
* feat(licnese): receive a single license on init
* refactor(header): move header to module
* feat(license): move license panel to header
* fix(header): set min height
* fix(home): show node warning only if subscription
* feat(licenses): minor UI updates
* feat(licenses): minor UI update
* feat(licenses-datatable): add copy button
* fix(licenses-datatable): show date without hours
* feat(license): show expiration message
* fix(users): get user info only on restriced access
* fix(license): clear check for single license
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(ldap): move urls to url
* feat(ldap): test a few connections
* feat(ldap): update urls
* feat(settings-auth): support array of ldap urls
* feat(settings-auth): support list of urls
* feat(auth): add explanation about server urls
* feat(bolt): add url to urls only if needed
* fix(settings): add nil guards
* fix(settings): set inital value for ldap urls
* feat(settings): prevent the deletion of the first url
* feat(core/settings): minor UI update
* feat(authentication): check that ldap settings are valid
* feat(bolt): create migration for settings
* fix(settings): add wrapping
* feat(ldap): disable submit button only on ldap
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(templates): show templates link
* feat(templates): protect deploying of templates
* feat(templates): allow fetching of templates to any user
* feat(rbac): allow template file fetching
* feat(namespace): Hide Default Namespace for non-admins
* feat(namespace): fix expected behavior when turning on the setting
* feat(resourcePool): Handle when user doesn't have access to any resource pool
* Update app/kubernetes/views/applications/create/createApplication.html
* Update app/kubernetes/views/configurations/create/createConfiguration.html
* Update app/kubernetes/views/applications/create/createApplication.html
* Update app/kubernetes/views/configurations/create/createConfiguration.html
Co-authored-by: Anthony Lapenna <anthony.lapenna@portainer.io>
* refactor(rbac): move client extension code
* feat(app): remove checks for extension
* feat(rbac): remove checks for extensions
* feat(extensions): remove reference to rbac extensions
* feat(roles): add changes from codebase before removal of rbac
* refactor(security): remove rbac service
* refactor(security): use AdminAccess as an alias
* fix(access): rename policies type
* style(security): add comment about Aliasing AdminAccess to RestrictedAccess
* feat(bolt): add auth migration from ce to ee
* feat(stacks): use authorized access to stop/start stacks
* fix(bolt): supply right params to migrator
* feat(rbac): get authorization on client side
* refactor(oauth): move oauth client code
* feat(oauth): move extension code into server code
* feat(oauth): enable oauth without extension
* refactor(oauth): make it easier to remove providers