* EE-319: backup endpoint (#193)
* feat(backup):
* add an orbiter to block writes while backup
* add backup handler
* add an ability to tar.gz a dir
* add aes encryption support
* EE-320: restore endpoint (#196)
* feat(backup):
* add restore handler
* re-init system state after restore
* feat(backup): Update server to respect readonly lock (#199)
* feat(backup): EE-322 Add backup and restore screen (#198)
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* name archive as portainer-backup_yyyy-mm-dd_hh-mm-ss
* backup custom templates and edge jobs
* restart http and proxy servers after restore to re-init internal state
* feat(backup): EE-322 hide password field if password protect toggle is off
* feat(backup): EE-322 add tooltip for password field of restore backup
* feat(backup): EE-322 wait for backend restart after restoring
* Shutdown background go-routines
* changed restore err message when cannot extract
* fix: symlinks are ignored from backups
* replace single admin check with a restartable monitor (#238)
* clean log
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
Co-authored-by: cong meng <mcpacino@gmail.com>
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* feat(rbac): EE-226 Add a new RBAC "Operator" Role
* feat(rbac): EE-226 prioritize Operator after EndpointAdmin and before Helpdesk
* feat(rbac): EE-226 access viewer shows incorrect effective role after introduce of Operator
* feat(rbac): EE-226 show roles order by priority other than name
* feat(rbac): EE-226 remove OperationK8sVolumeDetailsW authorization from operator role
* feat(rbac): EE-226 always increase bucket next sequence when create a role
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* feat(docker) EE-131 relocate the Docker features/security settings to be available per endpoint
* feat(docker) EE-131 allow endpoint admin role user to update endpoint settings
* feat(docker) EE-131 populate volume browsing authorizations to user endpoint authorizations when user toggle the setting of volume management for non-administrators
* feat(docker) EE-131 remove parameter volumeBrowsingAuthorizations from all DefaultEndpointAuthorizationsForxxx functions
* feat(docker) EE-131 fix a layout bug of the browse button
* feat(ACI): EE-273 move migrator of 27 into migrate_dbversion26.go
* feat(docker) EE-131 in container creation view, show the privileged mode toggle if cureent user is admin or endpoint admin
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* + endpoint and namespace level authorizations
+ user namespace authorization API
+ k8s client setup service account with k8s roles and policies by portainer role
* User authorization changes refresh token cache
* rbac authorizes k8s requests
* CE to EE migrator to include new authorizations
* code clean up
* comments
* * merge in the RestrictDefaultNamespace changes
* - remove unnecessary check for default namespace
* + updates namespace access policies when generating token
* * updates namespace access policies when querying the user namespace endpoint
* + k8s rule in rbac.go for endpoint access test
+ missing k8s cluster rules for different roles
* feat(rbac): update kube rbac
* feat(rbac): use the authorization directive
* feat(rbac): Update namespace access policies when user/team is deleted
* refactor(app): use new angular-multi-select capabilities
* feat(rbac): fix authorizations
* feat(rbac): fix userAccessPolicies update bug
* feat(rbac): add W applications authorizations
* feat(rbac): add application details W authorizations
* feat(rbac): add configurations W autohorizations
* feat(rbac): add configuration details W authorizations
* feat(rbac): add volumes W authorizations
* feat(rbac): add volume details W authorizations
* feat(rbac): add componentstatus to portainer-view role and add cluster/node authorizations
* fix(rbac): disable application note for non authorized user
* fix(rbac): add endpoints list and components status to portainer-basic
* fix(rbac): allow user to access default namespace when restrict default namespace isn't activated
* fix(rbac): remove default namespace from useraccesspolicies when restrict default namespace isn't activated
* fix(rbac): change some things
* fix(rbac): allow standard user to access container console
* - removed unused parameter
* fix(rbac): fix team authorizations
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
Co-authored-by: xAt0mZ <baron_l@epitech.eu>
* feat(templates): show templates link
* feat(templates): protect deploying of templates
* feat(templates): allow fetching of templates to any user
* feat(rbac): allow template file fetching
* refactor(rbac): move client extension code
* feat(app): remove checks for extension
* feat(rbac): remove checks for extensions
* feat(extensions): remove reference to rbac extensions
* feat(roles): add changes from codebase before removal of rbac
* refactor(security): remove rbac service
* refactor(security): use AdminAccess as an alias
* fix(access): rename policies type
* style(security): add comment about Aliasing AdminAccess to RestrictedAccess
* feat(bolt): add auth migration from ce to ee
* feat(stacks): use authorized access to stop/start stacks
* fix(bolt): supply right params to migrator
* feat(rbac): get authorization on client side