Chaim Lev-Ari
99a372fb88
feat(useractivity): log user activity for write actions ( #229 )
...
* feat(useractivity): introduce backend for useractivity logging (#213 )
* refactor(useractivity): move query and logs to base type
* feat(useractivity): cleanup user activity logs
* feat(useractivity): log an activity
* refactor(useractivity): create generic get logs function
* fix(api): hide unused function
* refactor(useractivity): create generic get logs function
* feat(useractivity): get user activity logs
* feat(http/ua): add http get logs handler
* refactor(http/ua): rename logs_list file
* feat(useractivity): fetch logs as csv
* feat(useractivity): save payload as bytes
* style(useractivity): doc the count parameter
* feat(useractivity): introduce UI for user activity logs (#220 )
* feat(useractivity): add useractivity page
* feat(useractivity): get logs from server
* feat(useractivity): show logs in datatable
* fix(useractivity): save logs as csv
* feat(useractivity): show logs payload
* feat(useractivity): sort desc by default
* feat(useractivity): parse object
* fix(useractivity): expect base64 payload
* feat(useractivity): show message when missing logs
* feat(useractivity): log api (#215 )
* feat(templates): log write methods
* refactor(useractivity): move middleware
* feat(dockerhub): log update docker settings
* feat(edgegroup): log write
* feat(edgejobs): log write request
* feat(useractivity): return bytes to user
* fix(customtemplates): set activity context
* feat(edgestacks): log activities
* feat(endpointgroup): log activities
* feat(endpoint): log write activities
* feat(licenses): log write activities
* feat(registries): log activitites
* feat(resource_control): log user activity
* feat(settings): log update
* feat(stacks): log activity
* feat(tags): log user activitiy
* feat(teammembership): log user activity
* feat(teams): log write activities
* feat(useractivity): get default context
* feat(http/upload): log upload tls
* feat(users): log user activities
* fix(settings): clean payload
* feat(webhook): log user activities
* feat(websocket): log activities
* feat(docker): log write activities
* refactor(useractivity): move log proxy
* feat(azure): log write activity
* refactor(kube): use basic transport for all transports
* feat(kube): log kube activity
* fix(useractivity): parse body
* refactor(kuberenetes): log requests only if success
* refactor(docker): log requests only if success
* refactor(azure): log requests only if success
* feat(gitlab): log activity
* feat(registries): log proxy request
Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com >
* feat(activity-logs): save pagination limit
* feat(useractivity): remove config payload
* fix(docker): log request after success
* refactor(http): move copy body to utils
* feat(kuberentes): remove config values
* feat(useractivity): copy body before request
* fix(useractivity): fix column size
* feat(useractivity): filter json payloads
* refactor(useractivity): log with same logic
* fix(useractivity/csv): export same columns as datatable
* fix(useractivity): replace context with endpoint
* fix(user-activity): rename tables
* feat(endpoint): clear azure key
* feat(stacks): omit empty migrate values
* fix(stacks): add back import
* feat(endpoints): log update settings
* fix(registry): clear password value
* feat(registry): omit update empty value
* fix(registries): don't return from unauthorized azure request
* fix(useractivity): log any payload similar to json
* feat(useractivity): ignoer binary upload
* fix(useractivity): refresh user activity logs
* feat(useractivity): use [REDACTED] for cleared credential (#265 )
* feat(docker/services): log force update service
* feat(useractivity): log username when available
* feat(webhooks): remove logging of execute
* refactor(http): replace redacted values
* style(kube): remove commented code
* feat(http/kube): proxy local requests
* feat(useractivity): log patch method
* fix(datatables): use unique filter id
* fix kube settings update
* fix: EE-527 set payload to [REDACTED] when update kube config
* refactor(http/k8s): rename proxy function
* EE-530: a dummy fix of exec activity log for a local kube setup
Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com >
Co-authored-by: Hui <arris_li@hotmail.com >
Co-authored-by: Simon Meng <simon.meng@portainer.io >
2021-04-15 20:37:29 +12:00
Chaim Lev-Ari
65028ed96f
feat(stacks): scope stack names to endpoint ( #4520 ) ( #212 )
...
* refactor(stack): create unique name function
* refactor(stack): change stack resource control id
* feat(stacks): validate stack unique name in endpoint
* feat(stacks): prevent name collision with external stacks
* refactor(stacks): move resource id util
* refactor(stacks): supply resource id util with name and endpoint
* fix(docker): calculate swarm resource id
* feat(stack): prevent migration if stack name already exist
* feat(authorization): use stackutils
2021-03-24 16:40:25 +13:00
Chaim Lev-Ari
924bfdee2a
feat(docker/stacks): introduce date info for stacks ( #182 )
...
* feat(docker/stacks): add creation and update dates
* feat(docker/stacks): put ownership column as the last column
* feat(docker/stacks): fix the no stacks message
* refactor(docker/stacks): make external stacks helpers more readable
* feat(docker/stacks): add updated and created by
* feat(docker/stacks): toggle updated column
* refactor(datatable): create column visibility component
Co-authored-by: alice groux <alice.grx@gmail.com >
2021-02-25 15:59:38 +01:00
Chaim Lev-Ari
8dba19694a
feat(roles-management): integrate rbac extension ( #6 )
...
* refactor(rbac): move client extension code
* feat(app): remove checks for extension
* feat(rbac): remove checks for extensions
* feat(extensions): remove reference to rbac extensions
* feat(roles): add changes from codebase before removal of rbac
* refactor(security): remove rbac service
* refactor(security): use AdminAccess as an alias
* fix(access): rename policies type
* style(security): add comment about Aliasing AdminAccess to RestrictedAccess
* feat(bolt): add auth migration from ce to ee
* feat(stacks): use authorized access to stop/start stacks
* fix(bolt): supply right params to migrator
* feat(rbac): get authorization on client side
2020-10-07 23:21:14 +13:00
Chaim Lev-Ari
9d18d47194
feat(extensions): remove rbac extension ( #4157 )
...
* feat(extensions): remove rbac extension client code
* feat(extensions): remove server rbac code
* remove extensions code
* fix(notifications): remove error
* feat(extensions): remove authorizations service
* feat(rbac): deprecate fields
* fix(portainer): revert change
* fix(bouncer): remove rbac authorization check
* feat(sidebar): remove roles link
* fix(portainer): remove portainer module
2020-08-11 17:41:37 +12:00
Chaim Lev-Ari
db4a5292be
refactor(errors): reorganize errors ( #3938 )
...
* refactor(bolt): move ErrObjectNotFound to bolt
* refactor(http): move ErrUnauthorized to http package
* refactor(http): move ErrResourceAccessDenied to http errors
* refactor(http): move security errors to package
* refactor(users): move user errors to users package
* refactor(errors): move single errors to their package
* refactor(schedules): move schedule error to package
* refactor(http): move endpoint error to http package
* refactor(docker): move docker errors to package
* refactor(filesystem): move filesystem errors to package
* refactor(errors): remove portainer.Error
* style(chisel): reorder imports
* fix(stacks): remove portainer.Error
2020-07-08 09:57:52 +12:00
Anthony Lapenna
25103f08f9
feat(api): introduce new datastore interface ( #3802 )
...
* feat(api): introduce new datastore interface
* refactor(api): refactor http and main layers
* refactor(api): refactor http and bolt layers
2020-06-03 11:40:04 +12:00
Anthony Lapenna
19d4db13be
feat(api): rewrite access control management in Docker ( #3337 )
...
* feat(api): decorate Docker resource creation response with resource control
* fix(api): fix a potential resource control conflict between stacks/volumes
* feat(api): generate a default private resource control instead of admin only
* fix(api): fix default RC value
* fix(api): update RC authorizations check to support admin only flag
* refactor(api): relocate access control related methods
* fix(api): fix a potential conflict when fetching RC from database
* refactor(api): refactor access control logic
* refactor(api): remove the concept of DecoratedStack
* feat(api): automatically remove RC when removing a Docker resource
* refactor(api): update filter resource methods documentation
* refactor(api): update proxy package structure
* refactor(api): renamed proxy/misc package
* feat(api): re-introduce ResourceControlDelete operation as admin restricted
* refactor(api): relocate default endpoint authorizations
* feat(api): migrate RBAC data
* feat(app): ResourceControl management refactor
* fix(api): fix access control issue on stack deletion and automatically delete RC
* fix(api): fix stack filtering
* fix(api): fix UpdateResourceControl operation checks
* refactor(api): introduce a NewTransport builder method
* refactor(api): inject endpoint in Docker transport
* refactor(api): introduce Docker client into Docker transport
* refactor(api): refactor http/proxy package
* feat(api): inspect a Docker resource labels during access control validation
* fix(api): only apply automatic resource control creation on success response
* fix(api): fix stack access control check
* fix(api): use StatusCreated instead of StatusOK for automatic resource control creation
* fix(app): resource control fixes
* fix(api): fix an issue preventing administrator to inspect a resource with a RC
* refactor(api): remove useless error return
* refactor(api): document DecorateStacks function
* fix(api): fix invalid resource control type for container deletion
* feat(api): support Docker system networks
* feat(api): update Swagger docs
* refactor(api): rename transport variable
* refactor(api): rename transport variable
* feat(networks): add system tag for system networks
* feat(api): add support for resource control labels
* feat(api): upgrade to DBVersion 22
* refactor(api): refactor access control management in Docker proxy
* refactor(api): re-implement docker proxy taskListOperation
* refactor(api): review parameters declaration
* refactor(api): remove extra blank line
* refactor(api): review method comments
* fix(api): fix invalid ServerAddress property and review method visibility
* feat(api): update error message
* feat(api): update restrictedVolumeBrowserOperation method
* refactor(api): refactor method parameters
* refactor(api): minor refactor
* refactor(api): change Azure transport visibility
* refactor(api): update struct documentation
* refactor(api): update struct documentation
* feat(api): review restrictedResourceOperation method
* refactor(api): remove unused authorization methods
* feat(api): apply RBAC when enabled on stack operations
* fix(api): fix invalid data migration procedure for DBVersion = 22
* fix(app): RC duplicate on private resource
* feat(api): change Docker API version logic for libcompose/client factory
* fix(api): update access denied error message to be Docker API compliant
* fix(api): update volume browsing authorizations data migration
* fix(api): fix an issue with access control in multi-node agent Swarm cluster
2019-11-13 12:41:42 +13:00
Anthony Lapenna
8057aa45c4
feat(extensions): introduce RBAC extension ( #2900 )
2019-05-24 18:04:58 +12:00
Anthony Lapenna
14845a4a53
refactor(api): refactor base import path ( #2788 )
...
* refactor(api): refactor base import path
* fix(build-system): update build_binary_devops
* fix(build-system): fix build_binary_devops for linux
* fix(build-system): fix build_binary_devops for Windows
2019-03-21 14:20:14 +13:00
Anthony Lapenna
b24891a6bc
refactor(api): introduce libhttp usage ( #2263 )
2018-09-10 12:01:38 +02:00
Ricardo Cardona Ramirez
e1e263d8c8
feat(UAC): change default ownership to admininstrators ( #2137 )
...
* #960 feat(UAC): change ownership to admins for externally created ressources
* feat(UAC): change ownership to admins for externally created resources
Deprecated AdministratorsOnly js and go backend
* #960 feat(UAC): remove AdministratorsOnly property and minor GUI fixes
Update swagger definition changing AdministratorsOnly to Public
* #960 feat(UAC): fix create resource with access control data
* #960 feat(UAC): authorization of non-admin users for restricted operations
On stacks, containers networks, services , tasks and volumes.
* #960 feat(UAC): database migration to version 14
The administrator resources are deleted and Public resources are now managed by admins
* #960 feat(UAC): small fixes from PR #2137
* #960 feat(UAC): improve the readability of the source code
* feat(UAC) fix displayed ownership for Swarm related resources (#960 )
2018-08-19 07:57:28 +02:00
Anthony Lapenna
e15da005a5
feat(templates): support env variables in Compose stacks
2018-07-12 09:17:07 +02:00
Anthony Lapenna
a5bd2743f3
fix(stacks): fix an issue with stack update
2018-06-20 20:55:00 +03:00
Anthony Lapenna
d7ff14777f
refactor(api): restructure bolt package ( #1981 )
...
* refactor(api): bolt package refactor
* refactor(api): refactor bolt package
2018-06-19 13:15:10 +02:00
Anthony Lapenna
b4c2820ad7
refactor(api): use a standard stack identifier ( #1980 )
2018-06-18 12:07:56 +02:00
Anthony Lapenna
e1345416b4
feat(stacks): migrate stack data from previous portainer version
2018-06-15 18:14:01 +03:00
Anthony Lapenna
e3d564325b
feat(stacks): support compose v2.0 stack ( #1963 )
2018-06-11 15:13:19 +02:00