Commit Graph

260 Commits

Author SHA1 Message Date
yi-portainer c42756ae23 Merge branch 'release/2.4' into develop 2021-06-04 12:09:25 +12:00
Hui 1d7ed11462 docs(api): document apis with swagger EE-155 (#326)
* document apis with swagger

* feat(api): introduce swagger

* feat(api): anottate api

* chore(api): tag endpoints

* chore(api): remove tags

* chore(api): add docs for oauth auth

* chore(api): document create endpoint api

* chore(api): document endpoint inspect and list

* chore(api): document endpoint update and snapshots

* docs(endpointgroups): document groups api

* docs(auth): document auth api

* chore(build): introduce a yarn script to build api docs

* docs(api): document auth

* docs(customtemplates): document customtemplates api

* docs(tags): document api

* docs(api): document the use of token

* docs(dockerhub): document dockerhub api

* docs(edgegroups): document edgegroups api

* docs(edgejobs): document api

* docs(edgestacks): doc api

* docs(http/upload): add security

* docs(api): document edge templates

* docs(edge): document edge jobs

* docs(endpointgroups): change description

* docs(endpoints): document missing apis

* docs(motd): doc api

* docs(registries): doc api

* docs(resourcecontrol): api doc

* docs(role): add swagger docs

* docs(settings): add swagger docs

* docs(api/status): add swagger docs

* docs(api/teammembership): add swagger docs

* docs(api/teams): add swagger docs

* docs(api/templates): add swagger docs

* docs(api/users): add swagger docs

* docs(api/webhooks): add swagger docs

* docs(api/webscokets): add swagger docs

* docs(api/stacks): swagger

* docs(api): fix missing apis

* docs(swagger): regen

* chore(build): remove docs from build

* docs(api): update tags

* docs(api): document tags

* docs(api): add description

* docs(api): rename jwt token

* docs(api): add info about types

* docs(api): document types

* docs(api): update request types annotation

* docs(api): doc registry and resource control

* chore(docs): add snippet

* docs(api): add description to role

* docs(api): add types for settings

* docs(status): add types

* style(swagger): remove documented code

* docs(http/upload): update docs with types

* docs(http/tags): add types

* docs(api/custom_templates): add types

* docs(api/teammembership): add types

* docs(http/teams): add types

* docs(http/stacks): add types

* docs(edge): add types to edgestack

* docs(http/teammembership): remove double returns

* docs(api/user): add types

* docs(http): fixes to make file built

* chore(snippets): add scope to swagger snippet

* chore(deps): install swag

* chore(swagger): remove handler

* docs(api): add description

* docs(api): ignore docs folder

* docs(api): add contributing guidelines

* docs(api): cleanup handler

* chore(deps): require swaggo

* fix(auth): fix typo

* fix(docs): make http ids pascal case

* feat(edge): add ids to http handlers

* fix(docs): add ids

* fix(docs): show correct api version

* chore(deps): remove swaggo dependency

* chore(docs): add install script for swag

* merge examples

* go.mod update

* merge validate rules

* remove empty example tag

* swagger anotation format

* swagger annotation update

* clean up go.mod

* update docs prebuild script

* Update porImageRegistry.html

* Update yamlInspector.html

* Update porImageRegistry.html

* Update package.json

* wording change

Co-authored-by: Chaim Lev-Ari <chiptus@users.noreply.github.com>
2021-06-04 09:37:23 +12:00
Chaim Lev-Ari 8e0f681dd3 fix(docker/settings): fetch correct value for allow sysctl (#343)
* fix(docker/settings): fetch correct value for allow sysctl

* fix(endpoints): set sysctl setting for new endpoints
2021-06-03 11:36:50 +02:00
cong meng a6cab5f439 fix(rbac): clean namespace access policies EE-744 (#377)
* fix(rbac) override AccessPolicies by endpint group ID correctly instead by array index  EE-744

* fix(rbac) Iterate users and teams who are existing in NAP EE-744

* fix(rbac) Rename long func name to CleanNAPWithOverridePolicies EE-744

* fix(rbac) cleanup code EE-744

Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-05-20 15:06:02 +12:00
cong meng 54ddb902e4 fix(rbac) Unable to remove an endpoint role from the user when the k8s endpoint is offline EE-736 (#375)
Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-05-17 11:15:05 +12:00
Chaim Lev-Ari d64cc63a96 feat(k8s): UI: replace resourcepool with namespace EE-445 (#333) 2021-05-14 16:03:07 +12:00
cong meng 4837ab6a60 fix(rbac) User previously given access to namespace, can see it when they shouldn't EE-717 (#363)
Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-05-13 04:39:24 +02:00
zees-dev 432c2e7751 fix(access): homepage accessible by non-admin users (#344) 2021-05-05 11:53:14 +12:00
Hui dc86024078 fix(stack): normalize stack name only for libcompose (#301)
* normalize stack name only for libcompose

* reformat and cleanup

Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com>
2021-05-03 18:11:34 +02:00
zees-dev 27ad7d077f fix(customtemplate): Cannot create custom template from uploaded compose file EE-163 (#283) 2021-04-29 11:08:47 +12:00
Hui 5596a3bc99 feat(container): add sysctls setting in the container view EE-43 (#280) 2021-04-29 11:07:48 +12:00
cong meng cbc34bdd6d feat(edge): Show the status of the edge agent check-in on the home page dashboard EE-178 (#325) 2021-04-28 16:46:19 +12:00
fhanportainer cb6fb3e47b fix(k8s/endpoint): update endpoint URL (#324) 2021-04-27 15:29:38 +12:00
Hui 0295552a7a fix(stack): show correct error message 2021-04-21 14:47:45 +12:00
Chaim Lev-Ari 99a372fb88 feat(useractivity): log user activity for write actions (#229)
* feat(useractivity): introduce backend for useractivity logging (#213)

* refactor(useractivity): move query and logs to base type

* feat(useractivity): cleanup user activity logs

* feat(useractivity): log an activity

* refactor(useractivity): create generic get logs function

* fix(api): hide unused function

* refactor(useractivity): create generic get logs function

* feat(useractivity): get user activity logs

* feat(http/ua): add http get logs handler

* refactor(http/ua): rename logs_list file

* feat(useractivity): fetch logs as csv

* feat(useractivity): save payload as bytes

* style(useractivity): doc the count parameter

* feat(useractivity): introduce UI for user activity logs (#220)

* feat(useractivity): add useractivity page

* feat(useractivity): get logs from server

* feat(useractivity): show logs in datatable

* fix(useractivity): save logs as csv

* feat(useractivity): show logs payload

* feat(useractivity): sort desc by default

* feat(useractivity): parse object

* fix(useractivity): expect base64 payload

* feat(useractivity): show message when missing logs

* feat(useractivity): log api (#215)

* feat(templates): log write methods

* refactor(useractivity): move middleware

* feat(dockerhub): log update docker settings

* feat(edgegroup): log write

* feat(edgejobs): log write request

* feat(useractivity): return bytes to user

* fix(customtemplates): set activity context

* feat(edgestacks): log activities

* feat(endpointgroup): log activities

* feat(endpoint): log write activities

* feat(licenses): log write activities

* feat(registries): log activitites

* feat(resource_control): log user activity

* feat(settings): log update

* feat(stacks): log activity

* feat(tags): log user activitiy

* feat(teammembership): log user activity

* feat(teams): log write activities

* feat(useractivity): get default context

* feat(http/upload): log upload tls

* feat(users): log user activities

* fix(settings): clean payload

* feat(webhook): log user activities

* feat(websocket): log activities

* feat(docker): log write activities

* refactor(useractivity): move log proxy

* feat(azure): log write activity

* refactor(kube): use basic transport for all transports

* feat(kube): log kube activity

* fix(useractivity): parse body

* refactor(kuberenetes): log requests only if success

* refactor(docker): log requests only if success

* refactor(azure): log requests only if success

* feat(gitlab): log activity

* feat(registries): log proxy request

Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>

* feat(activity-logs): save pagination limit

* feat(useractivity): remove config payload

* fix(docker): log request after success

* refactor(http): move copy body to utils

* feat(kuberentes): remove config values

* feat(useractivity): copy body before request

* fix(useractivity): fix column size

* feat(useractivity): filter json payloads

* refactor(useractivity): log with same logic

* fix(useractivity/csv): export same columns as datatable

* fix(useractivity): replace context with endpoint

* fix(user-activity): rename tables

* feat(endpoint): clear azure key

* feat(stacks): omit empty migrate values

* fix(stacks): add back import

* feat(endpoints): log update settings

* fix(registry): clear password value

* feat(registry): omit update empty value

* fix(registries): don't return from unauthorized azure request

* fix(useractivity): log any payload similar to json

* feat(useractivity): ignoer binary upload

* fix(useractivity): refresh user activity logs

* feat(useractivity): use [REDACTED] for cleared credential (#265)

* feat(docker/services): log force update service

* feat(useractivity): log username when available

* feat(webhooks): remove logging of execute

* refactor(http): replace redacted values

* style(kube): remove commented code

* feat(http/kube): proxy local requests

* feat(useractivity): log patch method

* fix(datatables): use unique filter id

* fix kube settings update

* fix: EE-527 set payload to [REDACTED] when update kube config

* refactor(http/k8s): rename proxy function

* EE-530: a dummy fix of exec activity log for a local kube setup

Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com>
Co-authored-by: Hui <arris_li@hotmail.com>
Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-04-15 20:37:29 +12:00
Dmitry Salakhov 37baabe134 EE-292: backup to and restore from s3 (#240)
* EE-384: add endpoint to set auto backup (#224)

* EE-383: add endpoint to fetch backup settings (#231)

* add get backup settings handler
* add api docs desc

* EE-382: restore from s3 (#233)

* EE-381: add GET backup status handler (#234)

* EE-385: Add S3 backup execute handler (#237)

* add s3 backup execute handler

* refactories inside `./api/backup/backup_scheduler.go` and `./api/backup/backup_scheduler.go`

* fix tests

* EE-375: added backup to S3 form

* EE-376: added restore from S3 form

* EE-377: Update Home screen to display last backup run status

* update backup service with back end endpoints.

* restart admin monitor during s3 restores

* use go 1.13

* go 1.13 compatibility

* EE-375: added cron-validator lib

* EE-375: using enum to compare form types

* EE-375: validate cron rule field

* try fix windows build

* EE-375 EE-376 backup and restore forms validation changes

* fix(autobackup): update autobackup settings validation rules (#260)

* fix(autobackup): automate backup to s3 fe update (#261)

* EE-292: fixed typo in property.

* EE-292: updated auto backup front end validation.

* EE-292: updated lib to validate cron rule in front end

* fix dependencies

* bumped libcompose version

Co-authored-by: Hui <arris_li@hotmail.com>
Co-authored-by: Felix Han <felix.han@portainer.io>
Co-authored-by: fhanportainer <79428273+fhanportainer@users.noreply.github.com>
2021-04-15 12:12:53 +12:00
Maxime Bajeux 7d3790fc18 feat(custom-templates): switching a template to standalone makes it disappear in swarm mode (#219) 2021-04-13 13:14:50 +12:00
cong meng aeadb5c375 fix(k8s): EE-354 Unable to use advanced deployment feature on agent and Edge agent endpoints (#194)
* fix(k8s): EE-354 Unable to use advanced deployment feature on agent and Edge agent endpoints

* fix(k8s): EE-354 enable advance deploy UI

* fix(k8s): EE-354 use the v2 version of agent api instead of v3

Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-04-12 15:34:33 +02:00
cong meng 6eb3dfd3c2 feat(ACI): EE-261 Add RBAC to ACI (#226)
Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-04-09 02:20:33 +02:00
cong meng edb05e6e00 feat(ACI): EE-273 add UAC to ACI (#222)
Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-04-08 10:46:04 +12:00
Chaim Lev-Ari b8ecadb314 feat(useractivity): introduce auth logs (#203) 2021-04-07 16:54:07 +12:00
Dmitry Salakhov e15b908983 Feat(backup): add the ability to backup and restore portainer from file [EE-279] (#204)
* EE-319: backup endpoint (#193)

* feat(backup):
* add an orbiter to block writes while backup
* add backup handler
* add an ability to tar.gz a dir
* add aes encryption support

* EE-320: restore endpoint (#196)

* feat(backup):
* add restore handler
* re-init system state after restore

* feat(backup): Update server to respect readonly lock (#199)

* feat(backup): EE-322 Add backup and restore screen (#198)

Co-authored-by: Simon Meng <simon.meng@portainer.io>

* name archive as portainer-backup_yyyy-mm-dd_hh-mm-ss

* backup custom templates and edge jobs

* restart http and proxy servers after restore to re-init internal state

* feat(backup): EE-322 hide password field if password protect toggle is off

* feat(backup): EE-322 add tooltip for password field of restore backup

* feat(backup): EE-322 wait for backend restart after restoring

* Shutdown background go-routines

* changed restore err message when cannot extract

* fix: symlinks are ignored from backups

* replace single admin check with a restartable monitor (#238)

* clean log

Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
Co-authored-by: cong meng <mcpacino@gmail.com>
Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-04-06 15:41:41 +12:00
cong meng f9cf76234f feat(rbac): EE-226 Add a new RBAC "Operator" Role (#191)
* feat(rbac): EE-226 Add a new RBAC "Operator" Role

* feat(rbac): EE-226 prioritize Operator after EndpointAdmin and before Helpdesk

* feat(rbac): EE-226 access viewer shows incorrect effective role after introduce of Operator

* feat(rbac): EE-226 show roles order by priority other than name

* feat(rbac): EE-226 remove OperationK8sVolumeDetailsW authorization from operator role

* feat(rbac): EE-226 always increase bucket next sequence when create a role

Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-04-06 11:34:54 +12:00
cong meng 1c938516ee Feat(docker): relocate docker features security settings to be available per endpoint EE-131 (#209)
* feat(docker) EE-131 relocate the Docker features/security settings to be available per endpoint

* feat(docker) EE-131 allow endpoint admin role user to update endpoint settings

* feat(docker) EE-131 populate volume browsing authorizations to user endpoint authorizations when user toggle the setting of volume management for non-administrators

* feat(docker) EE-131 remove parameter volumeBrowsingAuthorizations from all DefaultEndpointAuthorizationsForxxx functions

* feat(docker) EE-131 fix a layout bug of the browse button

* feat(ACI): EE-273 move migrator of 27 into migrate_dbversion26.go

* feat(docker) EE-131 in container creation view, show the privileged mode toggle if cureent user is admin or endpoint admin

Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-03-24 23:10:10 +01:00
Chaim Lev-Ari 65028ed96f feat(stacks): scope stack names to endpoint (#4520) (#212)
* refactor(stack): create unique name function

* refactor(stack): change stack resource control id

* feat(stacks): validate stack unique name in endpoint

* feat(stacks): prevent name collision with external stacks

* refactor(stacks): move resource id util

* refactor(stacks): supply resource id util with name and endpoint

* fix(docker): calculate swarm resource id

* feat(stack): prevent migration if stack name already exist

* feat(authorization): use stackutils
2021-03-24 16:40:25 +13:00
Chaim Lev-Ari 78cf608990 feat(compose): add docker-compose wrapper (#161)
* feat(compose): add docker-compose wrapper (#4713)

* feat(compose): add docker-compose wrapper

ce-187

* fix(compose): pick compose implementation upon startup

* Add static compose build for linux

* Fix wget

* Fix platofrm specific docker-compose download

* Keep amd64 architecture as download parameter

* Add tmp folder for docker-compose

* fix: line endings

* add proxy server

* logs

* Proxy

* Add lite transport for compose

* Fix local deployment

* refactor: pass proxyManager by ref

* fix: string conversion

* refactor: compose wrapper remove unused code

* fix: tests

* Add edge

* Fix merge issue

* refactor: remove unused code

* Move server to proxy implementation

* Cleanup wrapper and manager

* feat: pass max supported compose syntax version with each endpoint

* fix: pick compose syntax version

* fix: store wrapper version in portainer

* Get and show composeSyntaxMaxVersion at stack creation screen

* Get and show composeSyntaxMaxVersion at stack editor screen

* refactor: proxy server

* Fix used tmp

* Bump docker-compose to 1.28.0

* remove message for docker compose limitation

* fix: markup typo

* Rollback docker compose to 1.27.4

* * attempt to fix the windows build issue

* * attempt to debug grunt issue

* * use console log in grunt file

* fix: try to fix windows build by removing indirect deps from go.mod

* Remove tmp folder

* Remove builder stage

* feat(build/windows): add git for Docker Compose

* feat(build/windows): add git for Docker Compose

* feat(build/windows): add git for Docker Compose

* feat(build/windows): add git for Docker Compose

* feat(build/windows): add git for Docker Compose

* feat(build/windows): add git for Docker Compose - fixed verbose output

* refactor: renames

* fix(stack): get endpoint by EndpointProvider

* fix(stack): use margin to add space between line instead of using br tag

Co-authored-by: Stéphane Busso <stephane.busso@gmail.com>
Co-authored-by: Simon Meng <simon.meng@portainer.io>
Co-authored-by: yi-portainer <yi.chen@portainer.io>
Co-authored-by: Steven Kang <skan070@gmail.com>

* refactor(stacks): use compose library

* refactor(stacks): remove utils

* chore(deps): pin docker-compose-wrapper

* chore(build): simplify docker-compose build

* chore(build): remove ps compose script

* chore(deps): update docker-compose-wrapper

* fix(compose): close proxy after command

Co-authored-by: Stéphane Busso <stephane.busso@gmail.com>
Co-authored-by: Simon Meng <simon.meng@portainer.io>
Co-authored-by: yi-portainer <yi.chen@portainer.io>
Co-authored-by: Steven Kang <skan070@gmail.com>
2021-03-21 22:38:45 +01:00
cong meng b401ab5081 fix(registries): update password only when not empty (ee-138) (#175)
Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-03-12 22:27:41 +01:00
cong meng d618d05ee1 fix(stack): stacks created via API are incorrectly marked as private with no owner (ee#74) (#156)
Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-02-26 01:16:18 +01:00
Chaim Lev-Ari 924bfdee2a feat(docker/stacks): introduce date info for stacks (#182)
* feat(docker/stacks): add creation and update dates

* feat(docker/stacks): put ownership column as the last column

* feat(docker/stacks): fix the no stacks message

* refactor(docker/stacks): make external stacks helpers more readable

* feat(docker/stacks): add updated and created by

* feat(docker/stacks): toggle updated column

* refactor(datatable): create column visibility component

Co-authored-by: alice groux <alice.grx@gmail.com>
2021-02-25 15:59:38 +01:00
Yi Chen 92d597608e fix(RBAC) adding/removing teams into namespace causing error (#129)
* * handle teams been added or removed in the resource pool
* do not delete role bindings but just remove the user subject

* * fix missing rolemap

* * revert the role bindings changes (not the cause of the issue)

* * fix token cache cleaning endpoint tokens
2020-12-02 20:38:09 +13:00
Yi Chen f6824ce11c - remove rbac debug statements (#126) 2020-12-01 22:37:13 +13:00
Yi Chen db9a1826e5 * fix nil user or team access in edge endpoint (#125) 2020-12-01 15:27:26 +13:00
Yi Chen 02b1ccd521 fix(RBAC) remove role/cluster role bindings when user is deleted (#120)
* * partially ignore errors during user deletion
* collect all errors during user deletion
* remove role/cluster role bindings when empty

* + update resource pool access endpoint
* remove bindings when user is removed from resource pool
* remove token cache when user is added to the resource pool

* - remove delete tokens endpoint
* use actual TriggerUserAuthUpdate

* * fix comments

* * improve error returns
2020-12-01 11:45:49 +13:00
Yi Chen d4929f06f8 fix(RBAC) refresh user token when operating on endpoints, namespaces, users, teams and memberships (#117)
* * refresh user auth when operating endpoint, team, user and membership

* + adding delete token endpoint
* remove tokens when auth config map is changed

* feat(rbac): add warning messages in the UI

* feat(endpoint): update access warnings

* * fix delete tokens api url

Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
2020-11-30 21:15:52 +13:00
Yi Chen 05cd7094a5 fix(RBAC): authorize advanced deployment (#116)
* * removed authorization in stack deployment, will let k8s handling it

* * removed unused import

* + OperationK8sApplicationsAdvancedDeploymentRW for user
* check namespace authorization in k8s stack deployment endpoint

* - remove OperationK8sApplicationsAdvancedDeploymentRW from user
2020-11-30 13:02:05 +13:00
Maxime Bajeux 7254703449 fix(rbac): Endpoint admin cannot access the cluster setup view (#112)
* fix(rbac): Endpoint admin cannot access the cluster setup view

* * allow endpoint admin to update k8s cluster setup in endpoint

* * make sure a user token is issued first

* fix(rbac): allow admin to update cluster setup

Co-authored-by: yi-portainer <yi.chen@portainer.io>
2020-11-27 14:12:46 +13:00
Maxime Bajeux 414e62503b fix(rbac): forbidden view access (#101)
* fix(rbac): Not enforcing on backend for resource creation, application edit and console log operations of users that this should be prevented for

* + k8s access user namespaces policy
+ debug logs
* fix multiple authorization calculation issues

* * use endpoint role rather than user role for calculating authorizations

* * fix namespace role binding

* * check user authorization in k8s pod exec

* * fix some of the logging messages

Co-authored-by: yi-portainer <yi.chen@portainer.io>
2020-11-26 11:30:36 +13:00
Chaim Lev-Ari 9a16af37af fix(router): block route if license is invalid (#90)
* feat(router): add transition guard for init route

* feat(router): check if license is valid between routes

* style(app): change order of config and run

* feat(bouncer): block non admins from using without license

* style(bouncer): add comment about license validation
2020-11-26 09:35:40 +13:00
Chaim Lev-Ari 9dbe6d9474 feat(license): count standalone nodes (#102)
* feat(license): count standalone nodes

* refactor(http/status): return maximum
2020-11-26 09:33:54 +13:00
Stéphane Busso 428ac54b08 fix(license): better error message when login with no valid license (#99)
* fix(license): better error message when login with no valid license

* add authenticateOAuth
2020-11-21 08:37:48 +13:00
Stéphane Busso 4897f3a87c fix(portainer): Remove the version update notifier on the sidebar in BE (#96) 2020-11-20 15:36:55 +13:00
Yi Chen 2247d8c3a2 (feat)k8s/RBAC: Provide Portainer RBAC functionality for Kubernetes endpoints (#35)
* + endpoint and namespace level authorizations
+ user namespace authorization API
+ k8s client setup service account with k8s roles and policies by portainer role
* User authorization changes refresh token cache
* rbac authorizes k8s requests
* CE to EE migrator to include new authorizations

* code clean up
* comments

* * merge in the RestrictDefaultNamespace changes

* - remove unnecessary check for default namespace

* + updates namespace access policies when generating token

* * updates namespace access policies when querying the user namespace endpoint

* + k8s rule in rbac.go for endpoint access test
+ missing k8s cluster rules for different roles

* feat(rbac): update kube rbac

* feat(rbac): use the authorization directive

* feat(rbac): Update namespace access policies when user/team is deleted

* refactor(app): use new angular-multi-select capabilities

* feat(rbac): fix authorizations

* feat(rbac): fix userAccessPolicies update bug

* feat(rbac): add W applications authorizations

* feat(rbac): add application details W authorizations

* feat(rbac): add configurations W autohorizations

* feat(rbac): add configuration details W authorizations

* feat(rbac): add volumes W authorizations

* feat(rbac): add volume details W authorizations

* feat(rbac): add componentstatus to portainer-view role and add cluster/node authorizations

* fix(rbac): disable application note for non authorized user

* fix(rbac): add endpoints list and components status to portainer-basic

* fix(rbac): allow user to access default namespace when restrict default namespace isn't activated

* fix(rbac): remove default namespace from useraccesspolicies when restrict default namespace isn't activated

* fix(rbac): change some things

* fix(rbac): allow standard user to access container console

* - removed unused parameter

* fix(rbac): fix team authorizations

Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
Co-authored-by: xAt0mZ <baron_l@epitech.eu>
2020-11-03 22:08:09 +13:00
Chaim Lev-Ari 0e7cb4cb42 feat(stacks): prevent name collision with external stacks (#16)
* feat(stacks): check for name collision within external stacks

* feat(stacks): check for name collisions

* feat(stacks): check for running stacks

* feat(stacks): change name collision message

* feat(stack): check for existing services only on swarm

* fix(http): supply docker factory to handler

* feat(stacks): look at all containers
2020-11-03 15:50:18 +13:00
Chaim Lev-Ari 812c0b34ea feat(ldap): simplify ldap configuration (#15)
* feat(ldap): simplify ldap configuration

refactor(auth): move ldap settings to a component

feat(ldap): add username style autofill

feat(ldap): customs for ad

feat(app): introduce box selector

refactor(auth-settings): use box selector

feat(ldap): style changes

refactor(ldap): move connectivity check button to a component

refactor(settings): move ldap security settings to a component

refactor(ldap): move user search to component

refactor(ldap): move group search to component

style(ldap): remove comment

refactor(auth-settings): move auto-user-toggle to component

feat(ldap): provide methods to search for users and groups

refactor(ldap): move group/user settings into component

refactor(ldap): provide labels for components

refactor(ldap): separate custom and ad settings

fix(ldap): search for users

feat(ldap): search users

feat(ldap): complete password if missing

feat(ldap): search for users

feat(ldap): show a list of users

feat(ldap): get user uid

feat(ldap): search groups without password

feat(groups): show group results

feat(ldap): add display types

feat(ldap): search for groups

refactor(ldap): clean code

fix(ldap): sort users table

fix(ldap): show settings by type

feat(ldap): parse values from basedn

feat(ldap): parse values

feat(app): emit on change event from box-selector

feat(ldap): user search filter

feat(ldap): search username attribute

feat(ldap): remove format around search filter

feat(ldap): ad group search

refactor(ldap): move dn builder to component

feat(ldap): use base dn builder for group search

feat(ldap): search for ad groups

refactor(ldap): replace domain root object

feat(ldap): openldap settings

refactor(ldap): delete empty controllers

feat(ldap): remove warning on wrong group filter

feat(ldap): clear username and pass if not AD

feat(ldap): clear basedn when switch from openldap to ad

feat(ldap): clear ldap settings when switich from ldap to ad

feat(ldap): set dn only if there are values

feat(ldap): support more cases of domains

feat(ldap): parse openldap domain correctly

refactor(ldap): move server type check

feat(ldap): move entries

feat(ldap): show username format

style(ldap): remove comments

feat(ldap): clear group filter when no groups

refactor(ldap): replace generic payload

feat(ldap): allow the user to test login

feat(ldap): add test login to custom and open ldap settings

feat(ldap): style fixes

fix(ldap): style fix

fix(ldap): style fixes

refactor(ldap): move components to module

feat(ldap): add group entries

feat(ldap): add borders around each group entry

feat(ldap): parse user filter

feat(ldap): add/remove group

feat(ldap): set ad anonymous mode to false

feat(ldap): add group name

feat(ldap): fix parentheses

feat(ldap): separate between each search config

fix(ldap): fix parsing of group dn

feat(ldap): style fixes

feat(ldap): remove of change of filter

refactor(ldap): remove user display style

feat(ldap): rename group entries field

refactor(auth): move auto user provision

refactor(ldap): refactor box selector

feat(ldap): move ad settings to be a global setting

style(ldap): remove comments

feat(ldap): add auto user toggle

refactor(auth/ad): rename ad component

fix(auth/ad): fix the use of a certificate

refactor(ldap): rename components

fix(ldap): show user and group search

fix(ldap): design group settings

feat(ldap): search users and groups

feat(ldap): add margins

refactor(ldap): separate ldap and ad settings

refactor(auth): use central check for auth method

feat(ldap): clear margins

feat(ldap): add port if missing

feat(ldap): fix ad name

fix(ldap): rename fields

feat(ldap): add domain root field

feat(auth/ad): remove domain root field

feat(ldap): rename base dn to root domain

feat(ldap/openldap): get suffix

feat(ldap/open): change base filter

fix(ldap): align

feat(db): introduce migration for ldap server type

refactor(ldap): move service to ldap module

refactor(ldap): sync between client and server constants

fix(ldap): use post for check

style(ldap): fix handler comments

fix(ldap): check for errors

style(ldap): fix tyop

fix(ldap): check equality

style(ldap): add comments

fix(ldap): allow anonymous mode

fix(ldap): show errors on search users

feat(lasp): use custom settings for each server

fix(ldap): supply default group filter

fix(ldap): show domain suffix in new settings

fix(ldap): replace icon with text

refactor(components): remove box-selector-wrapper

* fix(ldap): enable test when form is valid

* fix(ldap): add port if missing
2020-11-03 15:26:28 +13:00
Chaim Lev-Ari 15ce12e7b7 feat(license): introduce license management (#31)
* feat(license): add liblicense dep

* feat(license): add bolt license service

* feat(license): introduce license service

* feat(license): validate license before adding

* feat(license): aggregate info after changing of licenses

* feat(http): implement http handlers

* feat(license-management): introduce license service

* feat(licenses): introduce empty view

* feat(license-management): add datatable

* feat(licenses): show license info

* fix(license): inject services

* feat(licenses): add buttons to buy/renew license

* feat(licenses): introduce add license route

* feat(licenses): add license form

* feat(license): datatable

* feat(license): show more details about license

* refactor(license): rename components name

* feat(licenses): show expiration date

* feat(license): introduce init license route

* feat(license): validate license

* feat(license): save licenses

* feat(bouncer): check if license is valid on restricted

* feat(bouncer): remove license check on api

* feat(home): add node warning

* feat(licenses): remove license

* feat(licenses): listen to info changes

* feat(license): show license expiration message

* feat(license): block regular users from licenses view

* feat(license): prevent removing of last license

* fix(license): show message when failed delete

* feat(license): remove trial license when applying oneoff

* feat(license): hide the number of nodes for trial

* feat(auth): disable login if license is invalid

* feat(licenses): add confirmation before removal of license

* feat(nodes): count nodes in env

* feat(license): show message if nodes exceed allowed

* feat(deps): update liblicense

* feat(licenses): show validation errors

* feat(license): use information panel for node info

* fix(license): reload license data on remove

* fix(license): always send list of failed keys

* fix(license): rename buttons

* feat(license): replace icon

* feat(license): add link to licenses page in add license

* fix(licenses): show green valid icon

* fix(licenses): rename expires at

* fix(licenses): rename Attach to add

* fix(licenses): show license type label

* feat(license): aggregate revoked info

* chore(deps): update liblicense

* fix(license): remove space

* fix(sidebar): align icon

* fix(license): change info layout

* feat(license): aggregate only valid licenses

* fix(licenses): move add license to a new line

* style(license): remove console

* refactor(license): move license line to component

* feat(license): check server validation

* fix(licenses): check form validation before submit

* feat(licenses): send only invalid licenses

* fix(license):  hide panels when not needed

* feat(licnese): receive a single license on init

* refactor(header): move header to module

* feat(license): move license panel to header

* fix(header): set min height

* fix(home): show node warning only if subscription

* feat(licenses): minor UI updates

* feat(licenses): minor UI update

* feat(licenses-datatable): add copy button

* fix(licenses-datatable): show date without hours

* feat(license): show expiration message

* fix(users): get user info only on restriced access

* fix(license): clear check for single license

Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
2020-11-02 19:10:57 +13:00
Chaim Lev-Ari 9591e1012c feat(auth): support a list of LDAP urls (#9)
* feat(ldap): move urls to url

* feat(ldap): test a few connections

* feat(ldap): update urls

* feat(settings-auth): support array of ldap urls

* feat(settings-auth): support list of urls

* feat(auth): add explanation about server urls

* feat(bolt): add url to urls only if needed

* fix(settings): add nil guards

* fix(settings): set inital value for ldap urls

* feat(settings): prevent the deletion of the first url

* feat(core/settings): minor UI update

* feat(authentication): check that ldap settings are valid

* feat(bolt): create migration for settings

* fix(settings): add wrapping

* feat(ldap): disable submit button only on ldap

Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
2020-11-02 11:39:25 +13:00
Chaim Lev-Ari b357cb54f0 fix(kuberentes): disable rbac check for kuberentes (#38) 2020-10-28 23:13:51 +13:00
Chaim Lev-Ari c23d2a33da feat(rbac): protect templates deployment (#34)
* feat(templates): show templates link

* feat(templates): protect deploying of templates

* feat(templates): allow fetching of templates to any user

* feat(rbac): allow template file fetching
2020-10-27 20:33:49 +13:00
Maxime Bajeux 1f26bc6e8b feat(namespace): Hide Default Namespace for non-admins (#25)
* feat(namespace): Hide Default Namespace for non-admins

* feat(namespace): fix expected behavior when turning on the setting

* feat(resourcePool): Handle when user doesn't have access to any resource pool

* Update app/kubernetes/views/applications/create/createApplication.html

* Update app/kubernetes/views/configurations/create/createConfiguration.html

* Update app/kubernetes/views/applications/create/createApplication.html

* Update app/kubernetes/views/configurations/create/createConfiguration.html

Co-authored-by: Anthony Lapenna <anthony.lapenna@portainer.io>
2020-10-15 14:02:29 +13:00
Chaim Lev-Ari 8dba19694a feat(roles-management): integrate rbac extension (#6)
* refactor(rbac): move client extension code

* feat(app): remove checks for extension

* feat(rbac): remove checks for extensions

* feat(extensions): remove reference to rbac extensions

* feat(roles): add changes from codebase before removal of rbac

* refactor(security): remove rbac service

* refactor(security): use AdminAccess as an alias

* fix(access): rename policies type

* style(security): add comment about Aliasing AdminAccess to RestrictedAccess

* feat(bolt): add auth migration from ce to ee

* feat(stacks): use authorized access to stop/start stacks

* fix(bolt): supply right params to migrator

* feat(rbac): get authorization on client side
2020-10-07 23:21:14 +13:00