Commit Graph

262 Commits

Author SHA1 Message Date
cong meng f9cf76234f feat(rbac): EE-226 Add a new RBAC "Operator" Role (#191)
* feat(rbac): EE-226 Add a new RBAC "Operator" Role

* feat(rbac): EE-226 prioritize Operator after EndpointAdmin and before Helpdesk

* feat(rbac): EE-226 access viewer shows incorrect effective role after introduce of Operator

* feat(rbac): EE-226 show roles order by priority other than name

* feat(rbac): EE-226 remove OperationK8sVolumeDetailsW authorization from operator role

* feat(rbac): EE-226 always increase bucket next sequence when create a role

Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-04-06 11:34:54 +12:00
cong meng 1c938516ee Feat(docker): relocate docker features security settings to be available per endpoint EE-131 (#209)
* feat(docker) EE-131 relocate the Docker features/security settings to be available per endpoint

* feat(docker) EE-131 allow endpoint admin role user to update endpoint settings

* feat(docker) EE-131 populate volume browsing authorizations to user endpoint authorizations when user toggle the setting of volume management for non-administrators

* feat(docker) EE-131 remove parameter volumeBrowsingAuthorizations from all DefaultEndpointAuthorizationsForxxx functions

* feat(docker) EE-131 fix a layout bug of the browse button

* feat(ACI): EE-273 move migrator of 27 into migrate_dbversion26.go

* feat(docker) EE-131 in container creation view, show the privileged mode toggle if cureent user is admin or endpoint admin

Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-03-24 23:10:10 +01:00
Maxime Bajeux 0eda4ff41d fix(configs): fix error with binary file (#164) 2021-03-12 23:26:11 +01:00
Chaim Lev-Ari 92d5eba499 feat(service): clear source volume when change type (#4627) (#171)
* feat(service): clear source volume when change type

* feat(service): init volume source to the correct value
2021-03-03 15:47:49 +01:00
Alice Groux 61c7379312 feat(docker/network): rename restrict external access to the network label (#141) 2021-03-02 11:30:53 +01:00
Alice Groux 006d19cd63 feat(app/images): in advanced mode, remove tooltip and add information message (#150) 2021-03-01 15:39:27 +01:00
Alice Groux a0001305cc feat(app/logs): add download button on logs views (#151) 2021-02-28 21:14:22 +01:00
cong meng e71fc3bb0e fix(service): set volume source to the correct value (ee-132) (#178)
Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-02-28 20:19:50 +01:00
Alice Groux e78756ccfa feat(docker/volumes): add confirmation modal before deleting volumes (#140) 2021-02-26 03:05:57 +01:00
Chaim Lev-Ari 1cbda51517 feat(image-details): Show labels in images datatable (#4287) (#137)
* feat(images): show labels in images datatable

* move labels to image details view

Co-authored-by: DarkAEther <30438425+DarkAEther@users.noreply.github.com>
2021-02-25 16:04:49 +01:00
Chaim Lev-Ari 924bfdee2a feat(docker/stacks): introduce date info for stacks (#182)
* feat(docker/stacks): add creation and update dates

* feat(docker/stacks): put ownership column as the last column

* feat(docker/stacks): fix the no stacks message

* refactor(docker/stacks): make external stacks helpers more readable

* feat(docker/stacks): add updated and created by

* feat(docker/stacks): toggle updated column

* refactor(datatable): create column visibility component

Co-authored-by: alice groux <alice.grx@gmail.com>
2021-02-25 15:59:38 +01:00
Anthony Lapenna 674d20bfb9 feat(docker/dashboard): wrap dashboard elements in div (#127) 2020-12-01 22:27:36 +13:00
Chaim Lev-Ari 0de11465d0 fix(containers): allow bind mounts and privileged mode for admins (#50)
* fix(containers): allow bind mounts for admins

* fix(container-create): allow priviliged mode for endpoint admin
2020-11-11 18:39:56 +13:00
Anthony Lapenna 72cf5d8ede feat(css): update sidebar color and dashboard items color (#44) 2020-11-04 21:30:43 +13:00
xAt0mZ 7e768a54d5 feat(k8s/resource-pool): storage quotas (#26)
* feat(k8s/resource-pool): add storage quota create/edit

* feat(kubernetes): persistent volume claim size validation on app create/edit

* feat(k8s/volume): quota validation on volume expansion

* fix(k8s/application): remove resource limitation message when then is no resource limitation but volume quota

* style(k8s/application): remove HTML layout debug string

* feat(k8s/resource-pool): remove warning message on storage quota reduction

* fix(k8s/application): available size on storage quota is now properly computed on init

* fix(k8s/application): 'flagged for removal' bindings are not considered free space anymore

* feat(k8s/application): allow users to use existing available volumes when quotas are exhausted

* feat(k8s/resource-pool): storage quota usage bar in edit view

* fix(k8s/resource-pool): create RP enable quota by default

* refactor(k8s): move all volume related units to base 10 instead of base 2 (remive i suffix)

* fix(k8s/application): visual issues caused by latency in computation

* feat(k8s/resource-pool): allow standard users to see storage quota usage

* feat(k8s/volume): show max available size on volume expand

* style(k8s/application): exhausted storage quota message

* fix(k8s/application): remove persisted folders entries when selecting RP with all exhausted storage quotas and no available volumes

* style(k8s/application): file format after rebase

* fix(k8s/application): evaluate quota onInit for app edit

* chore(grunt): add prod watch grunt rule and config

* fix(k8s/application): display 'no storages' message on all restricted quotas

* refactor(k8s/volumes): unify volume parsing

* refactor(app): proper prod watch + enforce parseInt radix
2020-11-04 14:07:21 +13:00
Chaim Lev-Ari c23d2a33da feat(rbac): protect templates deployment (#34)
* feat(templates): show templates link

* feat(templates): protect deploying of templates

* feat(templates): allow fetching of templates to any user

* feat(rbac): allow template file fetching
2020-10-27 20:33:49 +13:00
Chaim Lev-Ari 41eb89cdb1 fix(docker): check for endpoint access auth (#32)
* fix(docker): check for endpoint access auth

* fix(rbac): load user authorizations

* fix(volumes): hide browse button when not agent
2020-10-22 16:07:43 +13:00
Chaim Lev-Ari 8dba19694a feat(roles-management): integrate rbac extension (#6)
* refactor(rbac): move client extension code

* feat(app): remove checks for extension

* feat(rbac): remove checks for extensions

* feat(extensions): remove reference to rbac extensions

* feat(roles): add changes from codebase before removal of rbac

* refactor(security): remove rbac service

* refactor(security): use AdminAccess as an alias

* fix(access): rename policies type

* style(security): add comment about Aliasing AdminAccess to RestrictedAccess

* feat(bolt): add auth migration from ce to ee

* feat(stacks): use authorized access to stop/start stacks

* fix(bolt): supply right params to migrator

* feat(rbac): get authorization on client side
2020-10-07 23:21:14 +13:00
portainer-ci 1a57f656e8 Merge branch 'ce-develop' into develop 2020-10-04 23:59:29 +00:00
Ranjan Purbey 9e80037e72 style(containers): fix word-break on container details table (#4359)
Co-authored-by: Rajesh Swarna <rajeshswarna123@gmail.com>
Co-authored-by: naveenrayudu <naveenkumar.rayudu@gmail.com>
Co-authored-by: Ranjan Purbey <ranjan.purbey@gmail.com>

Co-authored-by: Rajesh Swarna <rajeshswarna123@gmail.com>
Co-authored-by: naveenrayudu <naveenkumar.rayudu@gmail.com>
2020-10-05 11:00:13 +13:00
xAt0mZ c6a8eba1e8 fix(rest): remove timeouts for all REST services (#23) 2020-09-10 16:04:56 +12:00
Chaim Lev-Ari c48d05449c fix(volumes): set right resource id for volume (#4247) 2020-08-21 00:48:53 +12:00
Chaim Lev-Ari 7329ea91ca fix(app): set defaults for select boxes (#4235)
* fix(container): select runtime by default

* fix(network): set default network config

* fix(container): set default network container placeholder

* fix(services): default service mount
2020-08-20 13:02:25 +12:00
Chaim Lev-Ari 68851aada4 fix(containers): persist column settings (#4234)
* feat(containers): remove ip column

* fix(containers): persist column settings
2020-08-19 11:50:16 +12:00
Chaim Lev-Ari b6fc434291 fix(dashboard): show endpoint tags (#4216)
* fix(dashboard): show endpoint tags

* fix(dashboard): use ctrl
2020-08-17 12:30:02 +12:00
Chaim Lev-Ari 9d18d47194 feat(extensions): remove rbac extension (#4157)
* feat(extensions): remove rbac extension client code

* feat(extensions): remove server rbac code

* remove extensions code

* fix(notifications): remove error

* feat(extensions): remove authorizations service

* feat(rbac): deprecate fields

* fix(portainer): revert change

* fix(bouncer): remove rbac authorization check

* feat(sidebar): remove roles link

* fix(portainer): remove portainer module
2020-08-11 17:41:37 +12:00
Chaim Lev-Ari 134f2f1532 feat(docker/routes): add /docker parent route (#4185) 2020-08-10 23:37:49 +12:00
itsconquest 8408484f8b feat(docker/node): change table to div and fix styling (#4173) 2020-08-10 10:59:00 +12:00
itsconquest c5731e237e fix(docker/container): handle multiple ips with the same port (#4121)
* fix(containers): handle multiple ips with the same port

* fix(containers): fix parsing
2020-08-10 10:27:27 +12:00
itsconquest 26ee78e1e7 refactor(UX): fix improper grammar (#4161) 2020-08-07 16:50:56 +12:00
itsconquest b9c2bf487b fix(container-creation): add default/override options (#4119)
* fix(container-creation): add default/override options

* fix(container-creation): allow override with empty string on creation

* fix(container-creation): add tooltip & update placeholder

* fix(container-creation): add warning on duplicate
2020-08-07 14:10:40 +12:00
itsconquest 1b88ca2285 fix(container-creation): handle extraHosts correctly (#4139)
* fix(container-creation): handle extraHosts correctly

* fix(container-creation): refactor for readability
2020-08-07 14:10:08 +12:00
Maxime Bajeux d85708f6ea feat(docker/services): Add the ability to edit a service networks (#3957)
* feat(services): update services details view

* feat(services): Add the ability to edit a service networks

* feat(services): show ingress network

* refactor(services): use lodash

* feat(networks): disable sending when updating

* feat(networks): limit size of select

* feat(services): update networks only when network is new

* feat(services): prevent submitting of empty networks

* feat(services): show unique networks

* fix(service): use empty array default for networks

* feat(service): show only swarm networks

* feat(services): show placeholder for network

* feat(services): show spaced select box

* feat(services): show macvlan ip

* feat(service): fetch the network subnet

* feat(services): show empty ip when network is not connected

Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>
2020-08-07 11:11:47 +12:00
Chaim Lev-Ari 82064152ec feat(registries): remove registry extension (#4155)
* feat(registries): remove client extension code

* feat(registry): remove server registry code

* refactor(registry): remove extension related code

* feat(extensions): remove registry extension type
2020-08-05 22:23:19 +12:00
itsconquest 490b7ad26f fix(container-creation): allow resetting to unlimited (#4138)
* fix(container-creation): allow resetting to unlimited

* fix(container-creation): refactor for readability
2020-08-04 11:14:59 +12:00
Chaim Lev-Ari da143a7a22 fix(docker/images): ignore pull image rejection (#4128) 2020-07-31 06:24:34 +12:00
Chaim Lev-Ari 93d8c179f1 feat(containers): enforce disable bind mounts (#4110)
* feat(containers): enforce disable bind mounts

* refactor(docker): move check for endpoint admin to a function

* feat(docker): check if service has bind mounts

* feat(services): allow bind mounts for endpoint admin

* feat(container): enable bind mounts for endpoint admin

* fix(services): fix typo
2020-07-29 21:10:46 +12:00
Chaim Lev-Ari 7539f09f98 feat(containers): disable edit container on security setting restricting regular users (#4111)
* feat(settings): add info about container edit disable

* feat(settings): set security settings

* feat(containers): hide recreate button when setting is enabled

* feat(settings): rephrase security notice

* fix(settings): save allowHostNamespaceForRegularUsers to state
2020-07-29 14:52:23 +12:00
Chaim Lev-Ari 1a3f77137a feat(settings): introduce setting to disable container caps for non-admins (#4109)
* feat(settings): introduce settings to allow/disable

* feat(settings): update the setting

* feat(docker): prevent user from using caps if disabled

* refactor(stacks): revert file

* style(api): remove portainer ns
2020-07-28 19:08:15 +12:00
Chaim Lev-Ari 1edf981330 fix(container-creation): preselect network (#4117) 2020-07-28 09:52:54 +12:00
Chaim Lev-Ari fa9eeaf3b1 feat(settings): introduce disable stack management setting (#4100)
* feat(stacks): add a setting to disable the creation of stacks for non-admin users

* feat(settings): introduce a setting to prevent non-admin from stack creation

* feat(settings): update stack creation setting

* feat(settings): fail stack creation if user is non admin

* fix(settings): save preventStackCreation setting to state

* feat(stacks): disable add button when settings is enabled

* format(stacks): remove line

* feat(stacks): setting to hide stacks from users

* feat(settings): rename disable stacks setting

* refactor(settings): rename setting to disableStackManagementForRegularUsers

* feat(settings): hide stacks for non admin when settings is set

* refactor(settings): replace disableDeviceMapping with allow

* feat(dashboard): hide stacks if settings disabled and non admin

* refactor(sidebar): check if user is endpoint admin

* feat(settings): set the default value for stack management

* feat(settings): rename field label

* fix(sidebar): refresh show stacks state

* fix(docker): hide stacks when not admin
2020-07-27 19:11:32 +12:00
Chaim Lev-Ari 07efd4bdda feat(settings): add setting to disable device mapping for regular users (#4099)
* feat(settings): add setting to disable device mapping for regular users

* feat(settings): introduce device mapping service

* feat(containers): hide devices field when setting is on

* feat(containers): prevent passing of devices when not allowed

* feat(stacks): prevent non admin from device mapping

* feat(stacks): disallow swarm stack creation for user

* refactor(settings): replace disableDeviceMapping with allow

* fix(stacks): remove check for disable device mappings from swarm

* feat(settings): rename field to disable

* feat(settings): supply default value for disableDeviceMapping

* feat(container): check for endpoint admin

* style(server): sort imports
2020-07-27 09:31:14 +12:00
DarkAEther 2bc6b2dff7 feat(docker/container-creation): sort volumes in container creation view (#4078)
* #3635 fix(containers) sort volumes in container creation view

* fix(3635) sort volumes in container creation view
2020-07-27 09:28:33 +12:00
Chaim Lev-Ari 43bbc14c58 feat(app/package): upgrade angularjs to 1.8 (#4073)
* chore(yarn): upgrade angularjs

* refactor(app): use $onInit instead of initComponent

* feat(app/package): remove angular-cookies dependency

Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
2020-07-25 11:23:44 +12:00
Chaim Lev-Ari 4346bf95a7 feat(settings): replace cookies with local storage (#4075)
* fix(datatables): persist state changes

* fix(datatables): persist order

* feat(sidebar): use local storage to store toggle toolbar

* feat(config): use local storage instead of cookies
2020-07-23 06:36:22 +12:00
Chaim Lev-Ari 4b97cf738e fix(app): use deps injection in router correctly (#4049)
* fix(app): use deps injection in router correctly

* feat(app): guard against using wrong endpoint type

* feat(sidebar): supply endpoint id

* feat(templates): move custom templates to docker
2020-07-21 09:06:37 +12:00
Chaim Lev-Ari 3c34fbd8f2 refactor(router): show endpoint id in url (#3966)
* refactor(module): provide basic endpoint id url

* fix(stacks): fix route to include endpointId

* fix(stacks): fix stacks urls

* fix(sidebar): fix urls to docker routes

* refactor(app): set endpoint id on change view

* refactor(dashboard): revert to old version

* refactor(sidebar): revert file

* feat(app): wip load endpoint on route change

* feat(home): show error

* feat(app): load endpoint route

* feat(sidebar): show endpoint per provider

* refactor(app): revert

* refactor(app): clean endpoint startup

* feat(edge): check for edge k8s

* refactor(endpoints): move all modules under endpoint route

* refactor(stacks): move stacks route to docker

* refactor(templates): move templates route to docker

* refactor(app): check endpoint when entering docker module

* fix(app): load endpoint when entering endpoints modules

* feat(azure): check endpoint

* feat(kubernetes): check endpoint

* feat(home): show loading state when loading edge

* style(app): revert small changes

* refactor(sidebar): remove refernce to endpointId

* fix(stacks): fix stacks route

* style(docker): sort routes

* feat(app): change route to home if endpoint failed

* fix(services): guard against empty snapshots

* feat(app): show error when failed to load endpoint

* feat(app): reload home route when failing

* refactor(router): replace resolvers with onEnter
2020-07-15 08:46:38 +12:00
itsconquest 181a6f4553 fix(container-creation): always rebuild exposed ports (#4024) 2020-07-09 17:08:52 +12:00
Maxime Bajeux c778ef6404 feat(networks): Support multiple excluded IPs for MACVLAN networks (#3962)
* feat(networks): Support multiple excluded IPs for MACVLAN networks

* feat(networks): add a generated name

* feat(networks): prevent create macvlan network where exclude ip is the same as gateway

* feat(networks): remove auxaddresses validation on submit

* feat(networks): check exclude ip validation on change

* feat(networks): check form validation on change

* feat(networks): clean checkAuxiliaryAddress function
2020-07-08 13:35:52 +12:00
Chaim Lev-Ari 53b37ab8c8 feat(custom-templates): introduce custom templates (#3906)
* feat(custom-templates): introduce types

* feat(custom-templates): introduce data layer service

* feat(custom-templates): introduce http handler

* feat(custom-templates): create routes and view stubs

* feat(custom-templates): add create custom template ui

* feat(custom-templates): add json keys

* feat(custom-templates): introduce custom templates list page

* feat(custom-templates): introduce update page

* feat(stack): create template from stack

* feat(stacks): create stack from custom template

* feat(custom-templates): disable edit/delete of templates

* fix(custom-templates): fail update on non admin/owner

* fix(custom-templates): add ng-inject decorator

* chore(plop): revert template

* feat(stacks): remove actions column

* feat(stack): add button to create template from stack

* feat(stacks): add empty state for templates

* feat(custom-templates): show templates in a list

* feat(custom-template): replace table with list

* feat(custom-templates): move create template button

* refactor(custom-templates): introduce more fields

* feat(custom-templates): use stack type when creating template

* feat(custom-templates): use same type as stack

* feat(custom-templates): add edit and delete buttons to template item

* feat(custom-templates): customize stack before deploy

* feat(stack): show template details

* feat(custom-templates): move customize

* feat(custom-templates): create description required

* fix(template): show platform icon

* fix(custom-templates): show spinner when creating stack

* feat(custom-templates): prevent user from edit templates

* feat(custom-templates): use resource control for custom templates

* feat(custom-templates): show created templates

* feat(custom-templates): filter templates by stack type

* fix(custom-templates): create swarm or standalone stack

* feat(stacks): filter templates by type

* feat(resource-control): disable resource control on public

* feat(custom-template): apply access control on edit

* feat(custom-template): add form validation

* feat(stack): disable create custom template from external task

* refactor(custom-templates): create template from file and type

* feat(templates): introduce a file handler that returns template docker file

* feat(template): introduce template duplication

* feat(custom-template): enforce unique template name

* fix(template): rename copy button

* fix(custom-template): clear access control selection between templates

* fix(custom-templates): show required fields

* refactor(filesystem): use a constant for temp path
2020-07-07 11:18:39 +12:00