* + endpoint and namespace level authorizations
+ user namespace authorization API
+ k8s client setup service account with k8s roles and policies by portainer role
* User authorization changes refresh token cache
* rbac authorizes k8s requests
* CE to EE migrator to include new authorizations
* code clean up
* comments
* * merge in the RestrictDefaultNamespace changes
* - remove unnecessary check for default namespace
* + updates namespace access policies when generating token
* * updates namespace access policies when querying the user namespace endpoint
* + k8s rule in rbac.go for endpoint access test
+ missing k8s cluster rules for different roles
* feat(rbac): update kube rbac
* feat(rbac): use the authorization directive
* feat(rbac): Update namespace access policies when user/team is deleted
* refactor(app): use new angular-multi-select capabilities
* feat(rbac): fix authorizations
* feat(rbac): fix userAccessPolicies update bug
* feat(rbac): add W applications authorizations
* feat(rbac): add application details W authorizations
* feat(rbac): add configurations W autohorizations
* feat(rbac): add configuration details W authorizations
* feat(rbac): add volumes W authorizations
* feat(rbac): add volume details W authorizations
* feat(rbac): add componentstatus to portainer-view role and add cluster/node authorizations
* fix(rbac): disable application note for non authorized user
* fix(rbac): add endpoints list and components status to portainer-basic
* fix(rbac): allow user to access default namespace when restrict default namespace isn't activated
* fix(rbac): remove default namespace from useraccesspolicies when restrict default namespace isn't activated
* fix(rbac): change some things
* fix(rbac): allow standard user to access container console
* - removed unused parameter
* fix(rbac): fix team authorizations
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
Co-authored-by: xAt0mZ <baron_l@epitech.eu>
* feat(stacks): check for name collision within external stacks
* feat(stacks): check for name collisions
* feat(stacks): check for running stacks
* feat(stacks): change name collision message
* feat(stack): check for existing services only on swarm
* fix(http): supply docker factory to handler
* feat(stacks): look at all containers
* feat(ldap): simplify ldap configuration
refactor(auth): move ldap settings to a component
feat(ldap): add username style autofill
feat(ldap): customs for ad
feat(app): introduce box selector
refactor(auth-settings): use box selector
feat(ldap): style changes
refactor(ldap): move connectivity check button to a component
refactor(settings): move ldap security settings to a component
refactor(ldap): move user search to component
refactor(ldap): move group search to component
style(ldap): remove comment
refactor(auth-settings): move auto-user-toggle to component
feat(ldap): provide methods to search for users and groups
refactor(ldap): move group/user settings into component
refactor(ldap): provide labels for components
refactor(ldap): separate custom and ad settings
fix(ldap): search for users
feat(ldap): search users
feat(ldap): complete password if missing
feat(ldap): search for users
feat(ldap): show a list of users
feat(ldap): get user uid
feat(ldap): search groups without password
feat(groups): show group results
feat(ldap): add display types
feat(ldap): search for groups
refactor(ldap): clean code
fix(ldap): sort users table
fix(ldap): show settings by type
feat(ldap): parse values from basedn
feat(ldap): parse values
feat(app): emit on change event from box-selector
feat(ldap): user search filter
feat(ldap): search username attribute
feat(ldap): remove format around search filter
feat(ldap): ad group search
refactor(ldap): move dn builder to component
feat(ldap): use base dn builder for group search
feat(ldap): search for ad groups
refactor(ldap): replace domain root object
feat(ldap): openldap settings
refactor(ldap): delete empty controllers
feat(ldap): remove warning on wrong group filter
feat(ldap): clear username and pass if not AD
feat(ldap): clear basedn when switch from openldap to ad
feat(ldap): clear ldap settings when switich from ldap to ad
feat(ldap): set dn only if there are values
feat(ldap): support more cases of domains
feat(ldap): parse openldap domain correctly
refactor(ldap): move server type check
feat(ldap): move entries
feat(ldap): show username format
style(ldap): remove comments
feat(ldap): clear group filter when no groups
refactor(ldap): replace generic payload
feat(ldap): allow the user to test login
feat(ldap): add test login to custom and open ldap settings
feat(ldap): style fixes
fix(ldap): style fix
fix(ldap): style fixes
refactor(ldap): move components to module
feat(ldap): add group entries
feat(ldap): add borders around each group entry
feat(ldap): parse user filter
feat(ldap): add/remove group
feat(ldap): set ad anonymous mode to false
feat(ldap): add group name
feat(ldap): fix parentheses
feat(ldap): separate between each search config
fix(ldap): fix parsing of group dn
feat(ldap): style fixes
feat(ldap): remove of change of filter
refactor(ldap): remove user display style
feat(ldap): rename group entries field
refactor(auth): move auto user provision
refactor(ldap): refactor box selector
feat(ldap): move ad settings to be a global setting
style(ldap): remove comments
feat(ldap): add auto user toggle
refactor(auth/ad): rename ad component
fix(auth/ad): fix the use of a certificate
refactor(ldap): rename components
fix(ldap): show user and group search
fix(ldap): design group settings
feat(ldap): search users and groups
feat(ldap): add margins
refactor(ldap): separate ldap and ad settings
refactor(auth): use central check for auth method
feat(ldap): clear margins
feat(ldap): add port if missing
feat(ldap): fix ad name
fix(ldap): rename fields
feat(ldap): add domain root field
feat(auth/ad): remove domain root field
feat(ldap): rename base dn to root domain
feat(ldap/openldap): get suffix
feat(ldap/open): change base filter
fix(ldap): align
feat(db): introduce migration for ldap server type
refactor(ldap): move service to ldap module
refactor(ldap): sync between client and server constants
fix(ldap): use post for check
style(ldap): fix handler comments
fix(ldap): check for errors
style(ldap): fix tyop
fix(ldap): check equality
style(ldap): add comments
fix(ldap): allow anonymous mode
fix(ldap): show errors on search users
feat(lasp): use custom settings for each server
fix(ldap): supply default group filter
fix(ldap): show domain suffix in new settings
fix(ldap): replace icon with text
refactor(components): remove box-selector-wrapper
* fix(ldap): enable test when form is valid
* fix(ldap): add port if missing
* feat(db): add flag to rollback to ce edition
* refactor(db): make backup of db
* style(api): remove comments
* refactor(db): export backup function
Co-authored-by: yi-portainer <yi.chen@portainer.io>
* feat(resource-pool): change resource over commit implementation
* fix(resource-pool): hide resource reservation gauges when resources are set to unlimited both
* feat(resource-pool): renaming and hide switch when resource over commit is disabled
* feat(k8s/resource-pools): minor UI update
* fix(resource-pool): fix resource quota validation on resource pool details
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(license): add liblicense dep
* feat(license): add bolt license service
* feat(license): introduce license service
* feat(license): validate license before adding
* feat(license): aggregate info after changing of licenses
* feat(http): implement http handlers
* feat(license-management): introduce license service
* feat(licenses): introduce empty view
* feat(license-management): add datatable
* feat(licenses): show license info
* fix(license): inject services
* feat(licenses): add buttons to buy/renew license
* feat(licenses): introduce add license route
* feat(licenses): add license form
* feat(license): datatable
* feat(license): show more details about license
* refactor(license): rename components name
* feat(licenses): show expiration date
* feat(license): introduce init license route
* feat(license): validate license
* feat(license): save licenses
* feat(bouncer): check if license is valid on restricted
* feat(bouncer): remove license check on api
* feat(home): add node warning
* feat(licenses): remove license
* feat(licenses): listen to info changes
* feat(license): show license expiration message
* feat(license): block regular users from licenses view
* feat(license): prevent removing of last license
* fix(license): show message when failed delete
* feat(license): remove trial license when applying oneoff
* feat(license): hide the number of nodes for trial
* feat(auth): disable login if license is invalid
* feat(licenses): add confirmation before removal of license
* feat(nodes): count nodes in env
* feat(license): show message if nodes exceed allowed
* feat(deps): update liblicense
* feat(licenses): show validation errors
* feat(license): use information panel for node info
* fix(license): reload license data on remove
* fix(license): always send list of failed keys
* fix(license): rename buttons
* feat(license): replace icon
* feat(license): add link to licenses page in add license
* fix(licenses): show green valid icon
* fix(licenses): rename expires at
* fix(licenses): rename Attach to add
* fix(licenses): show license type label
* feat(license): aggregate revoked info
* chore(deps): update liblicense
* fix(license): remove space
* fix(sidebar): align icon
* fix(license): change info layout
* feat(license): aggregate only valid licenses
* fix(licenses): move add license to a new line
* style(license): remove console
* refactor(license): move license line to component
* feat(license): check server validation
* fix(licenses): check form validation before submit
* feat(licenses): send only invalid licenses
* fix(license): hide panels when not needed
* feat(licnese): receive a single license on init
* refactor(header): move header to module
* feat(license): move license panel to header
* fix(header): set min height
* fix(home): show node warning only if subscription
* feat(licenses): minor UI updates
* feat(licenses): minor UI update
* feat(licenses-datatable): add copy button
* fix(licenses-datatable): show date without hours
* feat(license): show expiration message
* fix(users): get user info only on restriced access
* fix(license): clear check for single license
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(ldap): move urls to url
* feat(ldap): test a few connections
* feat(ldap): update urls
* feat(settings-auth): support array of ldap urls
* feat(settings-auth): support list of urls
* feat(auth): add explanation about server urls
* feat(bolt): add url to urls only if needed
* fix(settings): add nil guards
* fix(settings): set inital value for ldap urls
* feat(settings): prevent the deletion of the first url
* feat(core/settings): minor UI update
* feat(authentication): check that ldap settings are valid
* feat(bolt): create migration for settings
* fix(settings): add wrapping
* feat(ldap): disable submit button only on ldap
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(templates): show templates link
* feat(templates): protect deploying of templates
* feat(templates): allow fetching of templates to any user
* feat(rbac): allow template file fetching
* feat(namespace): Hide Default Namespace for non-admins
* feat(namespace): fix expected behavior when turning on the setting
* feat(resourcePool): Handle when user doesn't have access to any resource pool
* Update app/kubernetes/views/applications/create/createApplication.html
* Update app/kubernetes/views/configurations/create/createConfiguration.html
* Update app/kubernetes/views/applications/create/createApplication.html
* Update app/kubernetes/views/configurations/create/createConfiguration.html
Co-authored-by: Anthony Lapenna <anthony.lapenna@portainer.io>
* refactor(rbac): move client extension code
* feat(app): remove checks for extension
* feat(rbac): remove checks for extensions
* feat(extensions): remove reference to rbac extensions
* feat(roles): add changes from codebase before removal of rbac
* refactor(security): remove rbac service
* refactor(security): use AdminAccess as an alias
* fix(access): rename policies type
* style(security): add comment about Aliasing AdminAccess to RestrictedAccess
* feat(bolt): add auth migration from ce to ee
* feat(stacks): use authorized access to stop/start stacks
* fix(bolt): supply right params to migrator
* feat(rbac): get authorization on client side
* feat(db): add edition value to db
* feat(bolt): handle migrations from ce to ee
* refactor(bolt): merge if branches
* refactor(bolt): rename migration function
* feat(bolt): change migration message
* feat(bolt): add edition to migration messages
* feat(bolt): add log tags
* feat(portainer): add edition
* feat(db): set initial db version
* feat(bolt): cache current version
* refactor(portainer): remove current edition const
* feat(k8s/configure): separate ingress class name and ingress class type
* feat(k8s/resource-pool): ability to add custom annotations to ingress classes on RP create/edit
* feat(k8s/ingresses): remove 'allow users to use ingress' switch
* feat(k8s/configure): minor UI update
* feat(k8s/resource-pool): minor UI update
* feat(k8s/application): update ingress route form validation
* refactor(k8s/resource-pool): remove console.log statement
* feat(k8s/resource-pool): update ingress annotation placeholders
* feat(k8s/configure): add pattern form validation on ingress class
* fix(k8s/resource-pool): automatically associate ingress class to ingress
* fix(k8s/resource-pool): fix invalid ingress when updating a resource pool
* fix(k8s/resource-pool): update ingress rewrite target annotation value
* feat(k8s/application): ingress form validation
* fix(k8s/application): squash ingress rules with empty host inside a single one
* feat(k8s/resource-pool): ingress host validation
* fix(k8s/resource-pool): rewrite rewrite option and only display it for ingress of type nginx
* feat(k8s/application): do not expose ingress applications over node port
* feat(k8s/application): add specific notice for ingress
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(k8s/endpoint): expose ingress controllers on endpoints
* feat(k8s/applications): add ability to expose applications over ingress - missing RP and app edits
* feat(k8s/application): add validation for ingress routes
* feat(k8s/resource-pools): edit available ingress classes
* fix(k8s/ingress): var name refactor was partially applied
* feat(kubernetes): double validation on RP edit
* feat(k8s/application): app edit ingress update + formvalidation + UI rework
* feat(k8s/ingress): dictionary for default annotations on ingress creation
* fix(k8s/application): temporary fix + TODO dev notice
* feat(k8s/application): select default ingress of selected resource pool
* feat(k8s/ingress): revert ingressClassName removal
* feat(k8s/ingress): admins can now add an host to ingress in a resource pool
* feat(k8s/resource-pool): list applications using RP ingresses
* feat(k8s/configure): minor UI update
* feat(k8s/configure): minor UI update
* feat(k8s/configure): minor UI update
* feat(k8s/configure): minor UI update
* feat(k8s/configure): minor UI update
* fix(k8s/ingresses): remove host if undefined
* feat(k8s/resource-pool): remove the activate ingresses switch
* fix(k8s/resource-pool): edditing an ingress host was deleting all the routes of the ingress
* feat(k8s/application): prevent app deploy if no ports to publish and publishing type not internal
* feat(k8s/ingress): minor UI update
* fix(k8s/ingress): allow routes without prepending /
* feat(k8s/application): add form validation on ingress route
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(applications): update UI to use existing volumes
* feat(application): Add the ability to use existing volumes when creating an application
* feat(application): Existing persisted folders should default to associated volumes
* feat(application): add form validation to existing volume
* feat(application): remove the ability to use an existing volume with statefulset application
* feat(k8s/applications): minor UI update
* feat(k8s/application): minor UI update
* feat(volume): allow to increase volume size and few other things
* feat(volumes): add the ability to allow volume expansion
* fix(storage): fix the storage patch request
* fix(k8s/applications): remove conflict leftover
* feat(k8s/configure): minor UI update
* feat(k8s/volume): minor UI update
* fix(storage): change few things
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* refactor(oauth): move oauth client code
* feat(oauth): move extension code into server code
* feat(oauth): enable oauth without extension
* refactor(oauth): make it easier to remove providers
* feat(application): add horizontalpodautoscaler creation
* feat(application): Add the ability to set the auto-scale policy of an application
* feat(k8s/application): minor UI update
* fix(application): set api version and prevent to use hpa with global deployment type
* feat(settings): add a switch to enable features based on server metrics
* feat(k8s/applications): minor UI update
Co-authored-by: Anthony Lapenna <lapenna.anthony@gmail.com>
* feat(containers): enforce disable bind mounts
* refactor(docker): move check for endpoint admin to a function
* feat(docker): check if service has bind mounts
* feat(services): allow bind mounts for endpoint admin
* feat(container): enable bind mounts for endpoint admin
* fix(services): fix typo
* feat(settings): introduce settings to allow/disable
* feat(settings): update the setting
* feat(docker): prevent user from using caps if disabled
* refactor(stacks): revert file
* style(api): remove portainer ns