* fix(rbac) user in 2 teams with mix of endpoint admin and operator has perms of endpoint admin EE-587
* fix(rbac) add unit test for getKeyRole function EE-587
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* EE-384: add endpoint to set auto backup (#224)
* EE-383: add endpoint to fetch backup settings (#231)
* add get backup settings handler
* add api docs desc
* EE-382: restore from s3 (#233)
* EE-381: add GET backup status handler (#234)
* EE-385: Add S3 backup execute handler (#237)
* add s3 backup execute handler
* refactories inside `./api/backup/backup_scheduler.go` and `./api/backup/backup_scheduler.go`
* fix tests
* EE-375: added backup to S3 form
* EE-376: added restore from S3 form
* EE-377: Update Home screen to display last backup run status
* update backup service with back end endpoints.
* restart admin monitor during s3 restores
* use go 1.13
* go 1.13 compatibility
* EE-375: added cron-validator lib
* EE-375: using enum to compare form types
* EE-375: validate cron rule field
* try fix windows build
* EE-375 EE-376 backup and restore forms validation changes
* fix(autobackup): update autobackup settings validation rules (#260)
* fix(autobackup): automate backup to s3 fe update (#261)
* EE-292: fixed typo in property.
* EE-292: updated auto backup front end validation.
* EE-292: updated lib to validate cron rule in front end
* fix dependencies
* bumped libcompose version
Co-authored-by: Hui <arris_li@hotmail.com>
Co-authored-by: Felix Han <felix.han@portainer.io>
Co-authored-by: fhanportainer <79428273+fhanportainer@users.noreply.github.com>
* fix(k8s): EE-354 Unable to use advanced deployment feature on agent and Edge agent endpoints
* fix(k8s): EE-354 enable advance deploy UI
* fix(k8s): EE-354 use the v2 version of agent api instead of v3
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* EE-319: backup endpoint (#193)
* feat(backup):
* add an orbiter to block writes while backup
* add backup handler
* add an ability to tar.gz a dir
* add aes encryption support
* EE-320: restore endpoint (#196)
* feat(backup):
* add restore handler
* re-init system state after restore
* feat(backup): Update server to respect readonly lock (#199)
* feat(backup): EE-322 Add backup and restore screen (#198)
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* name archive as portainer-backup_yyyy-mm-dd_hh-mm-ss
* backup custom templates and edge jobs
* restart http and proxy servers after restore to re-init internal state
* feat(backup): EE-322 hide password field if password protect toggle is off
* feat(backup): EE-322 add tooltip for password field of restore backup
* feat(backup): EE-322 wait for backend restart after restoring
* Shutdown background go-routines
* changed restore err message when cannot extract
* fix: symlinks are ignored from backups
* replace single admin check with a restartable monitor (#238)
* clean log
Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com>
Co-authored-by: cong meng <mcpacino@gmail.com>
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* feat(rbac): EE-226 Add a new RBAC "Operator" Role
* feat(rbac): EE-226 prioritize Operator after EndpointAdmin and before Helpdesk
* feat(rbac): EE-226 access viewer shows incorrect effective role after introduce of Operator
* feat(rbac): EE-226 show roles order by priority other than name
* feat(rbac): EE-226 remove OperationK8sVolumeDetailsW authorization from operator role
* feat(rbac): EE-226 always increase bucket next sequence when create a role
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* feat(docker) EE-131 relocate the Docker features/security settings to be available per endpoint
* feat(docker) EE-131 allow endpoint admin role user to update endpoint settings
* feat(docker) EE-131 populate volume browsing authorizations to user endpoint authorizations when user toggle the setting of volume management for non-administrators
* feat(docker) EE-131 remove parameter volumeBrowsingAuthorizations from all DefaultEndpointAuthorizationsForxxx functions
* feat(docker) EE-131 fix a layout bug of the browse button
* feat(ACI): EE-273 move migrator of 27 into migrate_dbversion26.go
* feat(docker) EE-131 in container creation view, show the privileged mode toggle if cureent user is admin or endpoint admin
Co-authored-by: Simon Meng <simon.meng@portainer.io>
* refactor(stack): create unique name function
* refactor(stack): change stack resource control id
* feat(stacks): validate stack unique name in endpoint
* feat(stacks): prevent name collision with external stacks
* refactor(stacks): move resource id util
* refactor(stacks): supply resource id util with name and endpoint
* fix(docker): calculate swarm resource id
* feat(stack): prevent migration if stack name already exist
* feat(authorization): use stackutils
* feat(docker/stacks): add creation and update dates
* feat(docker/stacks): put ownership column as the last column
* feat(docker/stacks): fix the no stacks message
* refactor(docker/stacks): make external stacks helpers more readable
* feat(docker/stacks): add updated and created by
* feat(docker/stacks): toggle updated column
* refactor(datatable): create column visibility component
Co-authored-by: alice groux <alice.grx@gmail.com>
* * handle teams been added or removed in the resource pool
* do not delete role bindings but just remove the user subject
* * fix missing rolemap
* * revert the role bindings changes (not the cause of the issue)
* * fix token cache cleaning endpoint tokens
* fix(license): Fix license expiration inconsistency with displayed date
* Fix inconsistent expiration
* Use liblicense expiration compute
* wip
* Use db for expiresAt in license detailed view
* Fix date differences
* * partially ignore errors during user deletion
* collect all errors during user deletion
* remove role/cluster role bindings when empty
* + update resource pool access endpoint
* remove bindings when user is removed from resource pool
* remove token cache when user is added to the resource pool
* - remove delete tokens endpoint
* use actual TriggerUserAuthUpdate
* * fix comments
* * improve error returns
* * removed authorization in stack deployment, will let k8s handling it
* * removed unused import
* + OperationK8sApplicationsAdvancedDeploymentRW for user
* check namespace authorization in k8s stack deployment endpoint
* - remove OperationK8sApplicationsAdvancedDeploymentRW from user
* fix(rbac): Endpoint admin cannot access the cluster setup view
* * allow endpoint admin to update k8s cluster setup in endpoint
* * make sure a user token is issued first
* fix(rbac): allow admin to update cluster setup
Co-authored-by: yi-portainer <yi.chen@portainer.io>
* fix(rbac): Not enforcing on backend for resource creation, application edit and console log operations of users that this should be prevented for
* + k8s access user namespaces policy
+ debug logs
* fix multiple authorization calculation issues
* * use endpoint role rather than user role for calculating authorizations
* * fix namespace role binding
* * check user authorization in k8s pod exec
* * fix some of the logging messages
Co-authored-by: yi-portainer <yi.chen@portainer.io>
* feat(router): add transition guard for init route
* feat(router): check if license is valid between routes
* style(app): change order of config and run
* feat(bouncer): block non admins from using without license
* style(bouncer): add comment about license validation