Hui
1d7ed11462
docs(api): document apis with swagger EE-155 ( #326 )
...
* document apis with swagger
* feat(api): introduce swagger
* feat(api): anottate api
* chore(api): tag endpoints
* chore(api): remove tags
* chore(api): add docs for oauth auth
* chore(api): document create endpoint api
* chore(api): document endpoint inspect and list
* chore(api): document endpoint update and snapshots
* docs(endpointgroups): document groups api
* docs(auth): document auth api
* chore(build): introduce a yarn script to build api docs
* docs(api): document auth
* docs(customtemplates): document customtemplates api
* docs(tags): document api
* docs(api): document the use of token
* docs(dockerhub): document dockerhub api
* docs(edgegroups): document edgegroups api
* docs(edgejobs): document api
* docs(edgestacks): doc api
* docs(http/upload): add security
* docs(api): document edge templates
* docs(edge): document edge jobs
* docs(endpointgroups): change description
* docs(endpoints): document missing apis
* docs(motd): doc api
* docs(registries): doc api
* docs(resourcecontrol): api doc
* docs(role): add swagger docs
* docs(settings): add swagger docs
* docs(api/status): add swagger docs
* docs(api/teammembership): add swagger docs
* docs(api/teams): add swagger docs
* docs(api/templates): add swagger docs
* docs(api/users): add swagger docs
* docs(api/webhooks): add swagger docs
* docs(api/webscokets): add swagger docs
* docs(api/stacks): swagger
* docs(api): fix missing apis
* docs(swagger): regen
* chore(build): remove docs from build
* docs(api): update tags
* docs(api): document tags
* docs(api): add description
* docs(api): rename jwt token
* docs(api): add info about types
* docs(api): document types
* docs(api): update request types annotation
* docs(api): doc registry and resource control
* chore(docs): add snippet
* docs(api): add description to role
* docs(api): add types for settings
* docs(status): add types
* style(swagger): remove documented code
* docs(http/upload): update docs with types
* docs(http/tags): add types
* docs(api/custom_templates): add types
* docs(api/teammembership): add types
* docs(http/teams): add types
* docs(http/stacks): add types
* docs(edge): add types to edgestack
* docs(http/teammembership): remove double returns
* docs(api/user): add types
* docs(http): fixes to make file built
* chore(snippets): add scope to swagger snippet
* chore(deps): install swag
* chore(swagger): remove handler
* docs(api): add description
* docs(api): ignore docs folder
* docs(api): add contributing guidelines
* docs(api): cleanup handler
* chore(deps): require swaggo
* fix(auth): fix typo
* fix(docs): make http ids pascal case
* feat(edge): add ids to http handlers
* fix(docs): add ids
* fix(docs): show correct api version
* chore(deps): remove swaggo dependency
* chore(docs): add install script for swag
* merge examples
* go.mod update
* merge validate rules
* remove empty example tag
* swagger anotation format
* swagger annotation update
* clean up go.mod
* update docs prebuild script
* Update porImageRegistry.html
* Update yamlInspector.html
* Update porImageRegistry.html
* Update package.json
* wording change
Co-authored-by: Chaim Lev-Ari <chiptus@users.noreply.github.com >
2021-06-04 09:37:23 +12:00
Chaim Lev-Ari
99a372fb88
feat(useractivity): log user activity for write actions ( #229 )
...
* feat(useractivity): introduce backend for useractivity logging (#213 )
* refactor(useractivity): move query and logs to base type
* feat(useractivity): cleanup user activity logs
* feat(useractivity): log an activity
* refactor(useractivity): create generic get logs function
* fix(api): hide unused function
* refactor(useractivity): create generic get logs function
* feat(useractivity): get user activity logs
* feat(http/ua): add http get logs handler
* refactor(http/ua): rename logs_list file
* feat(useractivity): fetch logs as csv
* feat(useractivity): save payload as bytes
* style(useractivity): doc the count parameter
* feat(useractivity): introduce UI for user activity logs (#220 )
* feat(useractivity): add useractivity page
* feat(useractivity): get logs from server
* feat(useractivity): show logs in datatable
* fix(useractivity): save logs as csv
* feat(useractivity): show logs payload
* feat(useractivity): sort desc by default
* feat(useractivity): parse object
* fix(useractivity): expect base64 payload
* feat(useractivity): show message when missing logs
* feat(useractivity): log api (#215 )
* feat(templates): log write methods
* refactor(useractivity): move middleware
* feat(dockerhub): log update docker settings
* feat(edgegroup): log write
* feat(edgejobs): log write request
* feat(useractivity): return bytes to user
* fix(customtemplates): set activity context
* feat(edgestacks): log activities
* feat(endpointgroup): log activities
* feat(endpoint): log write activities
* feat(licenses): log write activities
* feat(registries): log activitites
* feat(resource_control): log user activity
* feat(settings): log update
* feat(stacks): log activity
* feat(tags): log user activitiy
* feat(teammembership): log user activity
* feat(teams): log write activities
* feat(useractivity): get default context
* feat(http/upload): log upload tls
* feat(users): log user activities
* fix(settings): clean payload
* feat(webhook): log user activities
* feat(websocket): log activities
* feat(docker): log write activities
* refactor(useractivity): move log proxy
* feat(azure): log write activity
* refactor(kube): use basic transport for all transports
* feat(kube): log kube activity
* fix(useractivity): parse body
* refactor(kuberenetes): log requests only if success
* refactor(docker): log requests only if success
* refactor(azure): log requests only if success
* feat(gitlab): log activity
* feat(registries): log proxy request
Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com >
* feat(activity-logs): save pagination limit
* feat(useractivity): remove config payload
* fix(docker): log request after success
* refactor(http): move copy body to utils
* feat(kuberentes): remove config values
* feat(useractivity): copy body before request
* fix(useractivity): fix column size
* feat(useractivity): filter json payloads
* refactor(useractivity): log with same logic
* fix(useractivity/csv): export same columns as datatable
* fix(useractivity): replace context with endpoint
* fix(user-activity): rename tables
* feat(endpoint): clear azure key
* feat(stacks): omit empty migrate values
* fix(stacks): add back import
* feat(endpoints): log update settings
* fix(registry): clear password value
* feat(registry): omit update empty value
* fix(registries): don't return from unauthorized azure request
* fix(useractivity): log any payload similar to json
* feat(useractivity): ignoer binary upload
* fix(useractivity): refresh user activity logs
* feat(useractivity): use [REDACTED] for cleared credential (#265 )
* feat(docker/services): log force update service
* feat(useractivity): log username when available
* feat(webhooks): remove logging of execute
* refactor(http): replace redacted values
* style(kube): remove commented code
* feat(http/kube): proxy local requests
* feat(useractivity): log patch method
* fix(datatables): use unique filter id
* fix kube settings update
* fix: EE-527 set payload to [REDACTED] when update kube config
* refactor(http/k8s): rename proxy function
* EE-530: a dummy fix of exec activity log for a local kube setup
Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com >
Co-authored-by: Hui <arris_li@hotmail.com >
Co-authored-by: Simon Meng <simon.meng@portainer.io >
2021-04-15 20:37:29 +12:00
Yi Chen
02b1ccd521
fix(RBAC) remove role/cluster role bindings when user is deleted ( #120 )
...
* * partially ignore errors during user deletion
* collect all errors during user deletion
* remove role/cluster role bindings when empty
* + update resource pool access endpoint
* remove bindings when user is removed from resource pool
* remove token cache when user is added to the resource pool
* - remove delete tokens endpoint
* use actual TriggerUserAuthUpdate
* * fix comments
* * improve error returns
2020-12-01 11:45:49 +13:00
Yi Chen
d4929f06f8
fix(RBAC) refresh user token when operating on endpoints, namespaces, users, teams and memberships ( #117 )
...
* * refresh user auth when operating endpoint, team, user and membership
* + adding delete token endpoint
* remove tokens when auth config map is changed
* feat(rbac): add warning messages in the UI
* feat(endpoint): update access warnings
* * fix delete tokens api url
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com >
2020-11-30 21:15:52 +13:00
Maxime Bajeux
414e62503b
fix(rbac): forbidden view access ( #101 )
...
* fix(rbac): Not enforcing on backend for resource creation, application edit and console log operations of users that this should be prevented for
* + k8s access user namespaces policy
+ debug logs
* fix multiple authorization calculation issues
* * use endpoint role rather than user role for calculating authorizations
* * fix namespace role binding
* * check user authorization in k8s pod exec
* * fix some of the logging messages
Co-authored-by: yi-portainer <yi.chen@portainer.io >
2020-11-26 11:30:36 +13:00
Chaim Lev-Ari
9a16af37af
fix(router): block route if license is invalid ( #90 )
...
* feat(router): add transition guard for init route
* feat(router): check if license is valid between routes
* style(app): change order of config and run
* feat(bouncer): block non admins from using without license
* style(bouncer): add comment about license validation
2020-11-26 09:35:40 +13:00
Yi Chen
2247d8c3a2
(feat)k8s/RBAC: Provide Portainer RBAC functionality for Kubernetes endpoints ( #35 )
...
* + endpoint and namespace level authorizations
+ user namespace authorization API
+ k8s client setup service account with k8s roles and policies by portainer role
* User authorization changes refresh token cache
* rbac authorizes k8s requests
* CE to EE migrator to include new authorizations
* code clean up
* comments
* * merge in the RestrictDefaultNamespace changes
* - remove unnecessary check for default namespace
* + updates namespace access policies when generating token
* * updates namespace access policies when querying the user namespace endpoint
* + k8s rule in rbac.go for endpoint access test
+ missing k8s cluster rules for different roles
* feat(rbac): update kube rbac
* feat(rbac): use the authorization directive
* feat(rbac): Update namespace access policies when user/team is deleted
* refactor(app): use new angular-multi-select capabilities
* feat(rbac): fix authorizations
* feat(rbac): fix userAccessPolicies update bug
* feat(rbac): add W applications authorizations
* feat(rbac): add application details W authorizations
* feat(rbac): add configurations W autohorizations
* feat(rbac): add configuration details W authorizations
* feat(rbac): add volumes W authorizations
* feat(rbac): add volume details W authorizations
* feat(rbac): add componentstatus to portainer-view role and add cluster/node authorizations
* fix(rbac): disable application note for non authorized user
* fix(rbac): add endpoints list and components status to portainer-basic
* fix(rbac): allow user to access default namespace when restrict default namespace isn't activated
* fix(rbac): remove default namespace from useraccesspolicies when restrict default namespace isn't activated
* fix(rbac): change some things
* fix(rbac): allow standard user to access container console
* - removed unused parameter
* fix(rbac): fix team authorizations
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com >
Co-authored-by: xAt0mZ <baron_l@epitech.eu >
2020-11-03 22:08:09 +13:00
Chaim Lev-Ari
8dba19694a
feat(roles-management): integrate rbac extension ( #6 )
...
* refactor(rbac): move client extension code
* feat(app): remove checks for extension
* feat(rbac): remove checks for extensions
* feat(extensions): remove reference to rbac extensions
* feat(roles): add changes from codebase before removal of rbac
* refactor(security): remove rbac service
* refactor(security): use AdminAccess as an alias
* fix(access): rename policies type
* style(security): add comment about Aliasing AdminAccess to RestrictedAccess
* feat(bolt): add auth migration from ce to ee
* feat(stacks): use authorized access to stop/start stacks
* fix(bolt): supply right params to migrator
* feat(rbac): get authorization on client side
2020-10-07 23:21:14 +13:00
Chaim Lev-Ari
9d18d47194
feat(extensions): remove rbac extension ( #4157 )
...
* feat(extensions): remove rbac extension client code
* feat(extensions): remove server rbac code
* remove extensions code
* fix(notifications): remove error
* feat(extensions): remove authorizations service
* feat(rbac): deprecate fields
* fix(portainer): revert change
* fix(bouncer): remove rbac authorization check
* feat(sidebar): remove roles link
* fix(portainer): remove portainer module
2020-08-11 17:41:37 +12:00
Chaim Lev-Ari
db4a5292be
refactor(errors): reorganize errors ( #3938 )
...
* refactor(bolt): move ErrObjectNotFound to bolt
* refactor(http): move ErrUnauthorized to http package
* refactor(http): move ErrResourceAccessDenied to http errors
* refactor(http): move security errors to package
* refactor(users): move user errors to users package
* refactor(errors): move single errors to their package
* refactor(schedules): move schedule error to package
* refactor(http): move endpoint error to http package
* refactor(docker): move docker errors to package
* refactor(filesystem): move filesystem errors to package
* refactor(errors): remove portainer.Error
* style(chisel): reorder imports
* fix(stacks): remove portainer.Error
2020-07-08 09:57:52 +12:00
Chaim Lev-Ari
7c3b83f6e5
refactor(portainer): introduce internal package ( #3924 )
...
* refactor(auth): move auth helpers to internal package
* refactor(edge-compute): move edge helpers to internal package
* refactor(tags): move tags helper to internal package
* style(portainer): sort imports
2020-06-16 19:58:16 +12:00
Chaim Lev-Ari
24888fbbae
feat(users): prevent the removal of initial admin account ( #3912 )
...
* feat(users): prevent the removal of initial admin account
* feat(users): disabled init admin delete button
2020-06-15 11:48:58 +12:00
Chaim Lev-Ari
25ca036070
feat(users): add the ability to rename a user ( #3884 )
...
* feat(users): update username in server
* feat(users): add username text field
* fix(users): rename label and change buttons size
* feat(users): change update message
* feat(users): disable submit when not changed
* feat(users): confirm updating username
* feat(users): minor UI update
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com >
2020-06-09 14:42:40 +12:00
Anthony Lapenna
25103f08f9
feat(api): introduce new datastore interface ( #3802 )
...
* feat(api): introduce new datastore interface
* refactor(api): refactor http and main layers
* refactor(api): refactor http and bolt layers
2020-06-03 11:40:04 +12:00
Anthony Lapenna
f7480c4ad4
feat(api): prevent non administrator users to use admin restricted API endpoints ( #3227 )
2019-10-07 16:10:51 +13:00
Anthony Lapenna
b7c38b9569
feat(api): trigger user authorization update when required ( #3213 )
...
* refactor(api): remove useless type cast
* feat(api): trigger user authorization update when required
* fix(api): fix missing RegistryService injection
2019-10-07 15:42:01 +13:00
Anthony Lapenna
7d76bc89e7
feat(api): relocate authorizations outside of JWT ( #3079 )
...
* feat(api): relocate authorizations outside of JWT
* fix(api): update user authorization after enabling the RBAC extension
* feat(api): add PortainerEndpointList operation in the default portainer authorizations
* feat(auth): retrieve authorization from API instead of JWT
* refactor(auth): move permissions retrieval to function
* refactor(api): document authorizations methods
2019-09-10 10:58:26 +12:00
Anthony Lapenna
4349f5803c
fix(api): fix missing default Portainer permissions for users
2019-05-27 09:31:20 +12:00
Anthony Lapenna
8057aa45c4
feat(extensions): introduce RBAC extension ( #2900 )
2019-05-24 18:04:58 +12:00
Anthony Lapenna
14845a4a53
refactor(api): refactor base import path ( #2788 )
...
* refactor(api): refactor base import path
* fix(build-system): update build_binary_devops
* fix(build-system): fix build_binary_devops for linux
* fix(build-system): fix build_binary_devops for Windows
2019-03-21 14:20:14 +13:00
Anthony Lapenna
130baddea0
fix(api): fix an issue when removing non local administrators
2019-02-25 18:54:21 +13:00
Anthony Lapenna
b24891a6bc
refactor(api): introduce libhttp usage ( #2263 )
2018-09-10 12:01:38 +02:00
Anthony Lapenna
7ba19ee1f9
fix(api): change user password update flow ( #2247 )
...
* fix(api): change password update flow
* feat(update-password): add current password confirmation
2018-09-05 08:49:43 +02:00
Anthony Lapenna
0b8f7f6cea
refactor(api): update error message for /users/admin/init
2018-09-03 20:18:04 +02:00
Anthony Lapenna
5f79547138
fix(api): filter sensitive information from API response ( #2103 )
2018-07-31 11:50:04 +02:00
Olli Janatuinen
cec878b01d
feat(authentication/ldap): Auto create and assign LDAP users ( #2042 )
2018-07-23 06:57:38 +02:00
Anthony Lapenna
d7ff14777f
refactor(api): restructure bolt package ( #1981 )
...
* refactor(api): bolt package refactor
* refactor(api): refactor bolt package
2018-06-19 13:15:10 +02:00
Anthony Lapenna
e3d564325b
feat(stacks): support compose v2.0 stack ( #1963 )
2018-06-11 15:13:19 +02:00