Compare commits
25 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 515ef880c0 | |||
| b89f1d314f | |||
| be3cb0690c | |||
| 835a7e41e6 | |||
| 5aae1cd991 | |||
| 34532deccb | |||
| 80c8e483c9 | |||
| 9421e9d452 | |||
| 55cda8c78e | |||
| 4190fc1b4e | |||
| ac5491e864 | |||
| 8cbd23c059 | |||
| 3800a958da | |||
| 09348b8a25 | |||
| 1ef9c249b7 | |||
| 33ac61c600 | |||
| bdb84617fe | |||
| 2d5c834590 | |||
| 280ca22aeb | |||
| 753150e03c | |||
| 517abc662a | |||
| 04e9ee3b3e | |||
| 273ea5df23 | |||
| 6cc95e11ae | |||
| 9133cbf544 |
@@ -1,176 +0,0 @@
|
||||
name: ci
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
branches:
|
||||
- 'develop'
|
||||
- 'release/*'
|
||||
pull_request:
|
||||
branches:
|
||||
- 'develop'
|
||||
- 'release/*'
|
||||
- 'feat/*'
|
||||
- 'fix/*'
|
||||
- 'refactor/*'
|
||||
types:
|
||||
- opened
|
||||
- reopened
|
||||
- synchronize
|
||||
- ready_for_review
|
||||
|
||||
env:
|
||||
DOCKER_HUB_REPO: portainerci/portainer-ce
|
||||
EXTENSION_HUB_REPO: portainerci/portainer-docker-extension
|
||||
GO_VERSION: 1.21.11
|
||||
NODE_VERSION: 18.x
|
||||
|
||||
jobs:
|
||||
build_images:
|
||||
strategy:
|
||||
matrix:
|
||||
config:
|
||||
- { platform: linux, arch: amd64, version: "" }
|
||||
- { platform: linux, arch: arm64, version: "" }
|
||||
- { platform: linux, arch: arm, version: "" }
|
||||
- { platform: linux, arch: ppc64le, version: "" }
|
||||
- { platform: linux, arch: s390x, version: "" }
|
||||
- { platform: windows, arch: amd64, version: 1809 }
|
||||
- { platform: windows, arch: amd64, version: ltsc2022 }
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event.pull_request.draft == false
|
||||
steps:
|
||||
- name: '[preparation] checkout the current branch'
|
||||
uses: actions/checkout@v4.1.1
|
||||
with:
|
||||
ref: ${{ github.event.inputs.branch }}
|
||||
- name: '[preparation] set up golang'
|
||||
uses: actions/setup-go@v5.0.0
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
- name: '[preparation] set up node.js'
|
||||
uses: actions/setup-node@v4.0.1
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
cache: 'yarn'
|
||||
- name: '[preparation] set up qemu'
|
||||
uses: docker/setup-qemu-action@v3.0.0
|
||||
- name: '[preparation] set up docker context for buildx'
|
||||
run: docker context create builders
|
||||
- name: '[preparation] set up docker buildx'
|
||||
uses: docker/setup-buildx-action@v3.0.0
|
||||
with:
|
||||
endpoint: builders
|
||||
- name: '[preparation] docker login'
|
||||
uses: docker/login-action@v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
- name: '[preparation] set the container image tag'
|
||||
run: |
|
||||
if [[ "${GITHUB_REF_NAME}" =~ ^release/.*$ ]]; then
|
||||
# use the release branch name as the tag for release branches
|
||||
# for instance, release/2.19 becomes 2.19
|
||||
CONTAINER_IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -d "/" -f 2)
|
||||
elif [ "${GITHUB_EVENT_NAME}" == "pull_request" ]; then
|
||||
# use pr${{ github.event.number }} as the tag for pull requests
|
||||
# for instance, pr123
|
||||
CONTAINER_IMAGE_TAG="pr${{ github.event.number }}"
|
||||
else
|
||||
# replace / with - in the branch name
|
||||
# for instance, feature/1.0.0 -> feature-1.0.0
|
||||
CONTAINER_IMAGE_TAG=$(echo $GITHUB_REF_NAME | sed 's/\//-/g')
|
||||
fi
|
||||
|
||||
echo "CONTAINER_IMAGE_TAG=${CONTAINER_IMAGE_TAG}-${{ matrix.config.platform }}${{ matrix.config.version }}-${{ matrix.config.arch }}" >> $GITHUB_ENV
|
||||
- name: '[execution] build linux & windows portainer binaries'
|
||||
run: |
|
||||
export YARN_VERSION=$(yarn --version)
|
||||
export WEBPACK_VERSION=$(yarn list webpack --depth=0 | grep webpack | awk -F@ '{print $2}')
|
||||
export BUILDNUMBER=${GITHUB_RUN_NUMBER}
|
||||
GIT_COMMIT_HASH_LONG=${{ github.sha }}
|
||||
export GIT_COMMIT_HASH_SHORT={GIT_COMMIT_HASH_LONG:0:7}
|
||||
|
||||
NODE_ENV="testing"
|
||||
if [[ "${GITHUB_REF_NAME}" =~ ^release/.*$ ]]; then
|
||||
NODE_ENV="production"
|
||||
fi
|
||||
|
||||
make build-all PLATFORM=${{ matrix.config.platform }} ARCH=${{ matrix.config.arch }} ENV=${NODE_ENV}
|
||||
env:
|
||||
CONTAINER_IMAGE_TAG: ${{ env.CONTAINER_IMAGE_TAG }}
|
||||
- name: '[execution] build and push docker images'
|
||||
run: |
|
||||
if [ "${{ matrix.config.platform }}" == "windows" ]; then
|
||||
mv dist/portainer dist/portainer.exe
|
||||
docker buildx build --output=type=registry --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} --build-arg OSVERSION=${{ matrix.config.version }} -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}" -f build/${{ matrix.config.platform }}/Dockerfile .
|
||||
else
|
||||
docker buildx build --output=type=registry --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}" -f build/${{ matrix.config.platform }}/Dockerfile .
|
||||
docker buildx build --output=type=registry --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-alpine" -f build/${{ matrix.config.platform }}/alpine.Dockerfile .
|
||||
|
||||
if [[ "${GITHUB_REF_NAME}" =~ ^release/.*$ ]]; then
|
||||
docker buildx build --output=type=registry --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} -t "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}" -f build/${{ matrix.config.platform }}/Dockerfile .
|
||||
docker buildx build --output=type=registry --platform ${{ matrix.config.platform }}/${{ matrix.config.arch }} -t "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-alpine" -f build/${{ matrix.config.platform }}/alpine.Dockerfile .
|
||||
fi
|
||||
fi
|
||||
env:
|
||||
CONTAINER_IMAGE_TAG: ${{ env.CONTAINER_IMAGE_TAG }}
|
||||
build_manifests:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event.pull_request.draft == false
|
||||
needs: [build_images]
|
||||
steps:
|
||||
- name: '[preparation] docker login'
|
||||
uses: docker/login-action@v3.0.0
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
- name: '[preparation] set up docker context for buildx'
|
||||
run: docker version && docker context create builders
|
||||
- name: '[preparation] set up docker buildx'
|
||||
uses: docker/setup-buildx-action@v3.0.0
|
||||
with:
|
||||
endpoint: builders
|
||||
- name: '[execution] build and push manifests'
|
||||
run: |
|
||||
if [[ "${GITHUB_REF_NAME}" =~ ^release/.*$ ]]; then
|
||||
# use the release branch name as the tag for release branches
|
||||
# for instance, release/2.19 becomes 2.19
|
||||
CONTAINER_IMAGE_TAG=$(echo $GITHUB_REF_NAME | cut -d "/" -f 2)
|
||||
elif [ "${GITHUB_EVENT_NAME}" == "pull_request" ]; then
|
||||
# use pr${{ github.event.number }} as the tag for pull requests
|
||||
# for instance, pr123
|
||||
CONTAINER_IMAGE_TAG="pr${{ github.event.number }}"
|
||||
else
|
||||
# replace / with - in the branch name
|
||||
# for instance, feature/1.0.0 -> feature-1.0.0
|
||||
CONTAINER_IMAGE_TAG=$(echo $GITHUB_REF_NAME | sed 's/\//-/g')
|
||||
fi
|
||||
|
||||
docker buildx imagetools create -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}" \
|
||||
"${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-amd64" \
|
||||
"${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm64" \
|
||||
"${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm" \
|
||||
"${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-ppc64le" \
|
||||
"${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-s390x" \
|
||||
"${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-windows1809-amd64" \
|
||||
"${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-windowsltsc2022-amd64"
|
||||
|
||||
docker buildx imagetools create -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-alpine" \
|
||||
"${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-amd64-alpine" \
|
||||
"${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm64-alpine" \
|
||||
"${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm-alpine"
|
||||
|
||||
if [[ "${GITHUB_REF_NAME}" =~ ^release/.*$ ]]; then
|
||||
docker buildx imagetools create -t "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}" \
|
||||
"${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-amd64" \
|
||||
"${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm64" \
|
||||
"${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm" \
|
||||
"${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-ppc64le" \
|
||||
"${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-s390x"
|
||||
|
||||
docker buildx imagetools create -t "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-alpine" \
|
||||
"${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-amd64-alpine" \
|
||||
"${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm64-alpine" \
|
||||
"${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm-alpine"
|
||||
fi
|
||||
@@ -1,15 +0,0 @@
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- develop
|
||||
- 'release/**'
|
||||
jobs:
|
||||
triage:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: mschilde/auto-label-merge-conflicts@master
|
||||
with:
|
||||
CONFLICT_LABEL_NAME: 'has conflicts'
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
MAX_RETRIES: 10
|
||||
WAIT_MS: 60000
|
||||
@@ -1,55 +0,0 @@
|
||||
name: Lint
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
- develop
|
||||
- release/*
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
- develop
|
||||
- release/*
|
||||
types:
|
||||
- opened
|
||||
- reopened
|
||||
- synchronize
|
||||
- ready_for_review
|
||||
|
||||
env:
|
||||
GO_VERSION: 1.21.9
|
||||
NODE_VERSION: 18.x
|
||||
|
||||
jobs:
|
||||
run-linters:
|
||||
name: Run linters
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event.pull_request.draft == false
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/setup-node@v2
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
cache: 'yarn'
|
||||
- uses: actions/setup-go@v4
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
- run: yarn --frozen-lockfile
|
||||
- name: Run linters
|
||||
uses: wearerequired/lint-action@v1
|
||||
with:
|
||||
eslint: true
|
||||
eslint_extensions: ts,tsx,js,jsx
|
||||
prettier: true
|
||||
prettier_dir: app/
|
||||
gofmt: true
|
||||
gofmt_dir: api/
|
||||
- name: Typecheck
|
||||
uses: icrawl/action-tsc@v1
|
||||
- name: GolangCI-Lint
|
||||
uses: golangci/golangci-lint-action@v3
|
||||
with:
|
||||
version: v1.55.2
|
||||
args: --timeout=10m -c .golangci.yaml
|
||||
@@ -1,252 +0,0 @@
|
||||
name: Nightly Code Security Scan
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 20 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
GO_VERSION: 1.21.9
|
||||
|
||||
jobs:
|
||||
client-dependencies:
|
||||
name: Client Dependency Check
|
||||
runs-on: ubuntu-latest
|
||||
if: >- # only run for develop branch
|
||||
github.ref == 'refs/heads/develop'
|
||||
outputs:
|
||||
js: ${{ steps.set-matrix.outputs.js_result }}
|
||||
steps:
|
||||
- name: checkout repository
|
||||
uses: actions/checkout@master
|
||||
|
||||
- name: scan vulnerabilities by Snyk
|
||||
uses: snyk/actions/node@master
|
||||
continue-on-error: true # To make sure that artifact upload gets called
|
||||
env:
|
||||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||
with:
|
||||
json: true
|
||||
|
||||
- name: upload scan result as develop artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: js-security-scan-develop-result
|
||||
path: snyk.json
|
||||
|
||||
- name: develop scan report export to html
|
||||
run: |
|
||||
$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=snyk --path="/data/snyk.json" --output-type=table --export --export-filename="/data/js-result")
|
||||
|
||||
- name: upload html file as artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: html-js-result-${{github.run_id}}
|
||||
path: js-result.html
|
||||
|
||||
- name: analyse vulnerabilities
|
||||
id: set-matrix
|
||||
run: |
|
||||
result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=snyk --path="/data/snyk.json" --output-type=matrix)
|
||||
echo "js_result=${result}" >> $GITHUB_OUTPUT
|
||||
|
||||
server-dependencies:
|
||||
name: Server Dependency Check
|
||||
runs-on: ubuntu-latest
|
||||
if: >- # only run for develop branch
|
||||
github.ref == 'refs/heads/develop'
|
||||
outputs:
|
||||
go: ${{ steps.set-matrix.outputs.go_result }}
|
||||
steps:
|
||||
- name: checkout repository
|
||||
uses: actions/checkout@master
|
||||
|
||||
- name: install Go
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: download Go modules
|
||||
run: cd ./api && go get -t -v -d ./...
|
||||
|
||||
- name: scan vulnerabilities by Snyk
|
||||
continue-on-error: true # To make sure that artifact upload gets called
|
||||
env:
|
||||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||
run: |
|
||||
yarn global add snyk
|
||||
snyk test --file=./go.mod --json-file-output=snyk.json 2>/dev/null || :
|
||||
|
||||
- name: upload scan result as develop artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: go-security-scan-develop-result
|
||||
path: snyk.json
|
||||
|
||||
- name: develop scan report export to html
|
||||
run: |
|
||||
$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=snyk --path="/data/snyk.json" --output-type=table --export --export-filename="/data/go-result")
|
||||
|
||||
- name: upload html file as artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: html-go-result-${{github.run_id}}
|
||||
path: go-result.html
|
||||
|
||||
- name: analyse vulnerabilities
|
||||
id: set-matrix
|
||||
run: |
|
||||
result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=snyk --path="/data/snyk.json" --output-type=matrix)
|
||||
echo "go_result=${result}" >> $GITHUB_OUTPUT
|
||||
|
||||
image-vulnerability:
|
||||
name: Image Vulnerability Check
|
||||
runs-on: ubuntu-latest
|
||||
if: >-
|
||||
github.ref == 'refs/heads/develop'
|
||||
outputs:
|
||||
image-trivy: ${{ steps.set-trivy-matrix.outputs.image_trivy_result }}
|
||||
image-docker-scout: ${{ steps.set-docker-scout-matrix.outputs.image_docker_scout_result }}
|
||||
steps:
|
||||
- name: scan vulnerabilities by Trivy
|
||||
uses: docker://docker.io/aquasec/trivy:latest
|
||||
continue-on-error: true
|
||||
with:
|
||||
args: image --ignore-unfixed=true --vuln-type="os,library" --exit-code=1 --format="json" --output="image-trivy.json" --no-progress portainerci/portainer:develop
|
||||
|
||||
- name: upload Trivy image security scan result as artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: image-security-scan-develop-result
|
||||
path: image-trivy.json
|
||||
|
||||
- name: develop Trivy scan report export to html
|
||||
run: |
|
||||
$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=trivy --path="/data/image-trivy.json" --output-type=table --export --export-filename="/data/image-trivy-result")
|
||||
|
||||
- name: upload html file as Trivy artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: html-image-result-${{github.run_id}}
|
||||
path: image-trivy-result.html
|
||||
|
||||
- name: analyse vulnerabilities from Trivy
|
||||
id: set-trivy-matrix
|
||||
run: |
|
||||
result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=trivy --path="/data/image-trivy.json" --output-type=matrix)
|
||||
echo "image_trivy_result=${result}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: scan vulnerabilities by Docker Scout
|
||||
uses: docker/scout-action@v1
|
||||
continue-on-error: true
|
||||
with:
|
||||
command: cves
|
||||
image: portainerci/portainer:develop
|
||||
sarif-file: image-docker-scout.json
|
||||
dockerhub-user: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
dockerhub-password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
|
||||
- name: upload Docker Scout image security scan result as artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: image-security-scan-develop-result
|
||||
path: image-docker-scout.json
|
||||
|
||||
- name: develop Docker Scout scan report export to html
|
||||
run: |
|
||||
$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=docker-scout --path="/data/image-docker-scout.json" --output-type=table --export --export-filename="/data/image-docker-scout-result")
|
||||
|
||||
- name: upload html file as Docker Scout artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: html-image-result-${{github.run_id}}
|
||||
path: image-docker-scout-result.html
|
||||
|
||||
- name: analyse vulnerabilities from Docker Scout
|
||||
id: set-docker-scout-matrix
|
||||
run: |
|
||||
result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest summary --report-type=docker-scout --path="/data/image-docker-scout.json" --output-type=matrix)
|
||||
echo "image_docker_scout_result=${result}" >> $GITHUB_OUTPUT
|
||||
|
||||
result-analysis:
|
||||
name: Analyse Scan Results
|
||||
needs: [client-dependencies, server-dependencies, image-vulnerability]
|
||||
runs-on: ubuntu-latest
|
||||
if: >-
|
||||
github.ref == 'refs/heads/develop'
|
||||
strategy:
|
||||
matrix:
|
||||
js: ${{fromJson(needs.client-dependencies.outputs.js)}}
|
||||
go: ${{fromJson(needs.server-dependencies.outputs.go)}}
|
||||
image-trivy: ${{fromJson(needs.image-vulnerability.outputs.image-trivy)}}
|
||||
image-docker-scout: ${{fromJson(needs.image-vulnerability.outputs.image-docker-scout)}}
|
||||
steps:
|
||||
- name: display the results of js, Go, and image scan
|
||||
run: |
|
||||
echo "${{ matrix.js.status }}"
|
||||
echo "${{ matrix.go.status }}"
|
||||
echo "${{ matrix.image-trivy.status }}"
|
||||
echo "${{ matrix.image-docker-scout.status }}"
|
||||
echo "${{ matrix.js.summary }}"
|
||||
echo "${{ matrix.go.summary }}"
|
||||
echo "${{ matrix.image-trivy.summary }}"
|
||||
echo "${{ matrix.image-docker-scout.summary }}"
|
||||
|
||||
- name: send message to Slack
|
||||
if: >-
|
||||
matrix.js.status == 'failure' ||
|
||||
matrix.go.status == 'failure' ||
|
||||
matrix.image-trivy.status == 'failure' ||
|
||||
matrix.image-docker-scout.status == 'failure'
|
||||
uses: slackapi/slack-github-action@v1.23.0
|
||||
with:
|
||||
payload: |
|
||||
{
|
||||
"blocks": [
|
||||
{
|
||||
"type": "section",
|
||||
"text": {
|
||||
"type": "mrkdwn",
|
||||
"text": "Code Scanning Result (*${{ github.repository }}*)\n*<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|GitHub Actions Workflow URL>*"
|
||||
}
|
||||
}
|
||||
],
|
||||
"attachments": [
|
||||
{
|
||||
"color": "#FF0000",
|
||||
"blocks": [
|
||||
{
|
||||
"type": "section",
|
||||
"text": {
|
||||
"type": "mrkdwn",
|
||||
"text": "*JS dependency check*: *${{ matrix.js.status }}*\n${{ matrix.js.summary }}"
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "section",
|
||||
"text": {
|
||||
"type": "mrkdwn",
|
||||
"text": "*Go dependency check*: *${{ matrix.go.status }}*\n${{ matrix.go.summary }}"
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "section",
|
||||
"text": {
|
||||
"type": "mrkdwn",
|
||||
"text": "*Image Trivy vulnerability check*: *${{ matrix.image-trivy.status }}*\n${{ matrix.image-trivy.summary }}\n"
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "section",
|
||||
"text": {
|
||||
"type": "mrkdwn",
|
||||
"text": "*Image Docker Scout vulnerability check*: *${{ matrix.image-docker-scout.status }}*\n${{ matrix.image-docker-scout.summary }}\n"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
env:
|
||||
SLACK_WEBHOOK_URL: ${{ secrets.SECURITY_SLACK_WEBHOOK_URL }}
|
||||
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
|
||||
@@ -1,298 +0,0 @@
|
||||
name: PR Code Security Scan
|
||||
|
||||
on:
|
||||
pull_request_review:
|
||||
types:
|
||||
- submitted
|
||||
- edited
|
||||
paths:
|
||||
- 'package.json'
|
||||
- 'go.mod'
|
||||
- 'build/linux/Dockerfile'
|
||||
- 'build/linux/alpine.Dockerfile'
|
||||
- 'build/windows/Dockerfile'
|
||||
- '.github/workflows/pr-security.yml'
|
||||
|
||||
env:
|
||||
GO_VERSION: 1.21.9
|
||||
NODE_VERSION: 18.x
|
||||
|
||||
jobs:
|
||||
client-dependencies:
|
||||
name: Client Dependency Check
|
||||
runs-on: ubuntu-latest
|
||||
if: >-
|
||||
github.event.pull_request &&
|
||||
github.event.review.body == '/scan' &&
|
||||
github.event.pull_request.draft == false
|
||||
outputs:
|
||||
jsdiff: ${{ steps.set-diff-matrix.outputs.js_diff_result }}
|
||||
steps:
|
||||
- name: checkout repository
|
||||
uses: actions/checkout@master
|
||||
|
||||
- name: scan vulnerabilities by Snyk
|
||||
uses: snyk/actions/node@master
|
||||
continue-on-error: true # To make sure that artifact upload gets called
|
||||
env:
|
||||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||
with:
|
||||
json: true
|
||||
|
||||
- name: upload scan result as pull-request artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: js-security-scan-feat-result
|
||||
path: snyk.json
|
||||
|
||||
- name: download artifacts from develop branch built by nightly scan
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
mv ./snyk.json ./js-snyk-feature.json
|
||||
(gh run download -n js-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
|
||||
if [[ -e ./snyk.json ]]; then
|
||||
mv ./snyk.json ./js-snyk-develop.json
|
||||
else
|
||||
echo "null" > ./js-snyk-develop.json
|
||||
fi
|
||||
|
||||
- name: pr vs develop scan report comparison export to html
|
||||
run: |
|
||||
$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=snyk --path="/data/js-snyk-feature.json" --compare-to="/data/js-snyk-develop.json" --output-type=table --export --export-filename="/data/js-result")
|
||||
|
||||
- name: upload html file as artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: html-js-result-compare-to-develop-${{github.run_id}}
|
||||
path: js-result.html
|
||||
|
||||
- name: analyse different vulnerabilities against develop branch
|
||||
id: set-diff-matrix
|
||||
run: |
|
||||
result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=snyk --path="/data/js-snyk-feature.json" --compare-to="/data/js-snyk-develop.json" --output-type=matrix)
|
||||
echo "js_diff_result=${result}" >> $GITHUB_OUTPUT
|
||||
|
||||
server-dependencies:
|
||||
name: Server Dependency Check
|
||||
runs-on: ubuntu-latest
|
||||
if: >-
|
||||
github.event.pull_request &&
|
||||
github.event.review.body == '/scan' &&
|
||||
github.event.pull_request.draft == false
|
||||
outputs:
|
||||
godiff: ${{ steps.set-diff-matrix.outputs.go_diff_result }}
|
||||
steps:
|
||||
- name: checkout repository
|
||||
uses: actions/checkout@master
|
||||
|
||||
- name: install Go
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: download Go modules
|
||||
run: cd ./api && go get -t -v -d ./...
|
||||
|
||||
- name: scan vulnerabilities by Snyk
|
||||
continue-on-error: true # To make sure that artifact upload gets called
|
||||
env:
|
||||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||
run: |
|
||||
yarn global add snyk
|
||||
snyk test --file=./go.mod --json-file-output=snyk.json 2>/dev/null || :
|
||||
|
||||
- name: upload scan result as pull-request artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: go-security-scan-feature-result
|
||||
path: snyk.json
|
||||
|
||||
- name: download artifacts from develop branch built by nightly scan
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
mv ./snyk.json ./go-snyk-feature.json
|
||||
(gh run download -n go-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
|
||||
if [[ -e ./snyk.json ]]; then
|
||||
mv ./snyk.json ./go-snyk-develop.json
|
||||
else
|
||||
echo "null" > ./go-snyk-develop.json
|
||||
fi
|
||||
|
||||
- name: pr vs develop scan report comparison export to html
|
||||
run: |
|
||||
$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=snyk --path="/data/go-snyk-feature.json" --compare-to="/data/go-snyk-develop.json" --output-type=table --export --export-filename="/data/go-result")
|
||||
|
||||
- name: upload html file as artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: html-go-result-compare-to-develop-${{github.run_id}}
|
||||
path: go-result.html
|
||||
|
||||
- name: analyse different vulnerabilities against develop branch
|
||||
id: set-diff-matrix
|
||||
run: |
|
||||
result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=snyk --path="/data/go-snyk-feature.json" --compare-to="/data/go-snyk-develop.json" --output-type=matrix)
|
||||
echo "go_diff_result=${result}" >> $GITHUB_OUTPUT
|
||||
|
||||
image-vulnerability:
|
||||
name: Image Vulnerability Check
|
||||
runs-on: ubuntu-latest
|
||||
if: >-
|
||||
github.event.pull_request &&
|
||||
github.event.review.body == '/scan' &&
|
||||
github.event.pull_request.draft == false
|
||||
outputs:
|
||||
imagediff-trivy: ${{ steps.set-diff-trivy-matrix.outputs.image_diff_trivy_result }}
|
||||
imagediff-docker-scout: ${{ steps.set-diff-docker-scout-matrix.outputs.image_diff_docker_scout_result }}
|
||||
steps:
|
||||
- name: checkout code
|
||||
uses: actions/checkout@master
|
||||
|
||||
- name: install Go
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: install Node.js
|
||||
uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
|
||||
- name: Install packages
|
||||
run: yarn --frozen-lockfile
|
||||
|
||||
- name: build
|
||||
run: make build-all
|
||||
|
||||
- name: set up docker buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
|
||||
- name: build and compress image
|
||||
uses: docker/build-push-action@v4
|
||||
with:
|
||||
context: .
|
||||
file: build/linux/Dockerfile
|
||||
tags: local-portainer:${{ github.sha }}
|
||||
outputs: type=docker,dest=/tmp/local-portainer-image.tar
|
||||
|
||||
- name: load docker image
|
||||
run: |
|
||||
docker load --input /tmp/local-portainer-image.tar
|
||||
|
||||
- name: scan vulnerabilities by Trivy
|
||||
uses: docker://docker.io/aquasec/trivy:latest
|
||||
continue-on-error: true
|
||||
with:
|
||||
args: image --ignore-unfixed=true --vuln-type="os,library" --exit-code=1 --format="json" --output="image-trivy.json" --no-progress local-portainer:${{ github.sha }}
|
||||
|
||||
- name: upload Trivy image security scan result as artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: image-security-scan-feature-result
|
||||
path: image-trivy.json
|
||||
|
||||
- name: download Trivy artifacts from develop branch built by nightly scan
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
mv ./image-trivy.json ./image-trivy-feature.json
|
||||
(gh run download -n image-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
|
||||
if [[ -e ./image-trivy.json ]]; then
|
||||
mv ./image-trivy.json ./image-trivy-develop.json
|
||||
else
|
||||
echo "null" > ./image-trivy-develop.json
|
||||
fi
|
||||
|
||||
- name: pr vs develop Trivy scan report comparison export to html
|
||||
run: |
|
||||
$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=trivy --path="/data/image-trivy-feature.json" --compare-to="/data/image-trivy-develop.json" --output-type=table --export --export-filename="/data/image-trivy-result")
|
||||
|
||||
- name: upload html file as Trivy artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: html-image-result-compare-to-develop-${{github.run_id}}
|
||||
path: image-trivy-result.html
|
||||
|
||||
- name: analyse different vulnerabilities against develop branch by Trivy
|
||||
id: set-diff-trivy-matrix
|
||||
run: |
|
||||
result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=trivy --path="/data/image-trivy-feature.json" --compare-to="/data/image-trivy-develop.json" --output-type=matrix)
|
||||
echo "image_diff_trivy_result=${result}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: scan vulnerabilities by Docker Scout
|
||||
uses: docker/scout-action@v1
|
||||
continue-on-error: true
|
||||
with:
|
||||
command: cves
|
||||
image: local-portainer:${{ github.sha }}
|
||||
sarif-file: image-docker-scout.json
|
||||
dockerhub-user: ${{ secrets.DOCKER_HUB_USERNAME }}
|
||||
dockerhub-password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
||||
|
||||
- name: upload Docker Scout image security scan result as artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: image-security-scan-feature-result
|
||||
path: image-docker-scout.json
|
||||
|
||||
- name: download Docker Scout artifacts from develop branch built by nightly scan
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
mv ./image-docker-scout.json ./image-docker-scout-feature.json
|
||||
(gh run download -n image-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
|
||||
if [[ -e ./image-docker-scout.json ]]; then
|
||||
mv ./image-docker-scout.json ./image-docker-scout-develop.json
|
||||
else
|
||||
echo "null" > ./image-docker-scout-develop.json
|
||||
fi
|
||||
|
||||
- name: pr vs develop Docker Scout scan report comparison export to html
|
||||
run: |
|
||||
$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=docker-scout --path="/data/image-docker-scout-feature.json" --compare-to="/data/image-docker-scout-develop.json" --output-type=table --export --export-filename="/data/image-docker-scout-result")
|
||||
|
||||
- name: upload html file as Docker Scout artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: html-image-result-compare-to-develop-${{github.run_id}}
|
||||
path: image-docker-scout-result.html
|
||||
|
||||
- name: analyse different vulnerabilities against develop branch by Docker Scout
|
||||
id: set-diff-docker-scout-matrix
|
||||
run: |
|
||||
result=$(docker run --rm -v ${{ github.workspace }}:/data portainerci/code-security-report:latest diff --report-type=docker-scout --path="/data/image-docker-scout-feature.json" --compare-to="/data/image-docker-scout-develop.json" --output-type=matrix)
|
||||
echo "image_diff_docker_scout_result=${result}" >> $GITHUB_OUTPUT
|
||||
|
||||
result-analysis:
|
||||
name: Analyse Scan Result Against develop Branch
|
||||
needs: [client-dependencies, server-dependencies, image-vulnerability]
|
||||
runs-on: ubuntu-latest
|
||||
if: >-
|
||||
github.event.pull_request &&
|
||||
github.event.review.body == '/scan' &&
|
||||
github.event.pull_request.draft == false
|
||||
strategy:
|
||||
matrix:
|
||||
jsdiff: ${{fromJson(needs.client-dependencies.outputs.jsdiff)}}
|
||||
godiff: ${{fromJson(needs.server-dependencies.outputs.godiff)}}
|
||||
imagediff-trivy: ${{fromJson(needs.image-vulnerability.outputs.imagediff-trivy)}}
|
||||
imagediff-docker-scout: ${{fromJson(needs.image-vulnerability.outputs.imagediff-docker-scout)}}
|
||||
steps:
|
||||
- name: check job status of diff result
|
||||
if: >-
|
||||
matrix.jsdiff.status == 'failure' ||
|
||||
matrix.godiff.status == 'failure' ||
|
||||
matrix.imagediff-trivy.status == 'failure' ||
|
||||
matrix.imagediff-docker-scout.status == 'failure'
|
||||
run: |
|
||||
echo "${{ matrix.jsdiff.status }}"
|
||||
echo "${{ matrix.godiff.status }}"
|
||||
echo "${{ matrix.imagediff-trivy.status }}"
|
||||
echo "${{ matrix.imagediff-docker-scout.status }}"
|
||||
echo "${{ matrix.jsdiff.summary }}"
|
||||
echo "${{ matrix.godiff.summary }}"
|
||||
echo "${{ matrix.imagediff-trivy.summary }}"
|
||||
echo "${{ matrix.imagediff-docker-scout.summary }}"
|
||||
exit 1
|
||||
@@ -1,19 +0,0 @@
|
||||
name: Automatic Rebase
|
||||
on:
|
||||
issue_comment:
|
||||
types: [created]
|
||||
jobs:
|
||||
rebase:
|
||||
name: Rebase
|
||||
if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout the latest code
|
||||
uses: actions/checkout@v2
|
||||
with:
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
|
||||
- name: Automatic Rebase
|
||||
uses: cirrus-actions/rebase@1.4
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
@@ -1,28 +0,0 @@
|
||||
name: Close Stale Issues
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 12 * * *'
|
||||
workflow_dispatch:
|
||||
jobs:
|
||||
stale:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
issues: write
|
||||
|
||||
steps:
|
||||
- uses: actions/stale@v8
|
||||
with:
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
# Issue Config
|
||||
days-before-issue-stale: 60
|
||||
days-before-issue-close: 7
|
||||
stale-issue-label: 'status/stale'
|
||||
exempt-all-issue-milestones: true # Do not stale issues in a milestone
|
||||
exempt-issue-labels: kind/enhancement, kind/style, kind/workaround, kind/refactor, bug/need-confirmation, bug/confirmed, status/discuss
|
||||
stale-issue-message: 'This issue has been marked as stale as it has not had recent activity, it will be closed if no further activity occurs in the next 7 days. If you believe that it has been incorrectly labelled as stale, leave a comment and the label will be removed.'
|
||||
close-issue-message: 'Since no further activity has appeared on this issue it will be closed. If you believe that it has been incorrectly closed, leave a comment mentioning `portainer/support` and one of our staff will then review the issue. Note - If it is an old bug report, make sure that it is reproduceable in the latest version of Portainer as it may have already been fixed.'
|
||||
|
||||
# Pull Request Config
|
||||
days-before-pr-stale: -1 # Do not stale pull request
|
||||
days-before-pr-close: -1 # Do not close pull request
|
||||
@@ -1,76 +0,0 @@
|
||||
name: Test
|
||||
|
||||
env:
|
||||
GO_VERSION: 1.21.9
|
||||
NODE_VERSION: 18.x
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
- develop
|
||||
- release/*
|
||||
types:
|
||||
- opened
|
||||
- reopened
|
||||
- synchronize
|
||||
- ready_for_review
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
- develop
|
||||
- release/*
|
||||
|
||||
jobs:
|
||||
test-client:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event.pull_request.draft == false
|
||||
|
||||
steps:
|
||||
- name: 'checkout the current branch'
|
||||
uses: actions/checkout@v4.1.1
|
||||
with:
|
||||
ref: ${{ github.event.inputs.branch }}
|
||||
|
||||
- name: 'set up node.js'
|
||||
uses: actions/setup-node@v4.0.1
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
cache: 'yarn'
|
||||
|
||||
- run: yarn --frozen-lockfile
|
||||
|
||||
- name: Run tests
|
||||
run: make test-client ARGS="--maxWorkers=2 --minWorkers=1"
|
||||
|
||||
test-server:
|
||||
strategy:
|
||||
matrix:
|
||||
config:
|
||||
- { platform: linux, arch: amd64 }
|
||||
- { platform: linux, arch: arm64 }
|
||||
- { platform: windows, arch: amd64, version: 1809 }
|
||||
- { platform: windows, arch: amd64, version: ltsc2022 }
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event.pull_request.draft == false
|
||||
|
||||
steps:
|
||||
- name: 'checkout the current branch'
|
||||
uses: actions/checkout@v4.1.1
|
||||
with:
|
||||
ref: ${{ github.event.inputs.branch }}
|
||||
|
||||
- name: 'set up golang'
|
||||
uses: actions/setup-go@v5.0.0
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: 'install dependencies'
|
||||
run: make test-deps PLATFORM=linux ARCH=amd64
|
||||
|
||||
- name: 'update $PATH'
|
||||
run: echo "$(pwd)/dist" >> $GITHUB_PATH
|
||||
|
||||
- name: 'run tests'
|
||||
run: make test-server
|
||||
@@ -1,39 +0,0 @@
|
||||
name: Validate OpenAPI specs
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
- develop
|
||||
- 'release/*'
|
||||
types:
|
||||
- opened
|
||||
- reopened
|
||||
- synchronize
|
||||
- ready_for_review
|
||||
|
||||
env:
|
||||
GO_VERSION: 1.21.9
|
||||
NODE_VERSION: 18.x
|
||||
|
||||
jobs:
|
||||
openapi-spec:
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event.pull_request.draft == false
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
- uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
- name: Download golang modules
|
||||
run: cd ./api && go get -t -v -d ./...
|
||||
- uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
cache: 'yarn'
|
||||
- run: yarn --frozen-lockfile
|
||||
|
||||
- name: Validate OpenAPI Spec
|
||||
run: make docs-validate
|
||||
+1
-1
@@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env sh
|
||||
. "$(dirname -- "$0")/_/husky.sh"
|
||||
|
||||
yarn lint-staged
|
||||
cd $(dirname -- "$0") && yarn lint-staged
|
||||
@@ -19,8 +19,7 @@ type Service struct {
|
||||
|
||||
// NewService creates a new instance of a service.
|
||||
func NewService(connection portainer.Connection) (*Service, error) {
|
||||
err := connection.SetServiceName(BucketName)
|
||||
if err != nil {
|
||||
if err := connection.SetServiceName(BucketName); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -32,6 +31,16 @@ func NewService(connection portainer.Connection) (*Service, error) {
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (service *Service) Tx(tx portainer.Transaction) ServiceTx {
|
||||
return ServiceTx{
|
||||
BaseDataServiceTx: dataservices.BaseDataServiceTx[portainer.Team, portainer.TeamID]{
|
||||
Bucket: BucketName,
|
||||
Connection: service.Connection,
|
||||
Tx: tx,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// TeamByName returns a team by name.
|
||||
func (service *Service) TeamByName(name string) (*portainer.Team, error) {
|
||||
var t portainer.Team
|
||||
|
||||
@@ -0,0 +1,48 @@
|
||||
package team
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"strings"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
dserrors "github.com/portainer/portainer/api/dataservices/errors"
|
||||
)
|
||||
|
||||
type ServiceTx struct {
|
||||
dataservices.BaseDataServiceTx[portainer.Team, portainer.TeamID]
|
||||
}
|
||||
|
||||
// TeamByName returns a team by name.
|
||||
func (service ServiceTx) TeamByName(name string) (*portainer.Team, error) {
|
||||
var t portainer.Team
|
||||
|
||||
err := service.Tx.GetAll(
|
||||
BucketName,
|
||||
&portainer.Team{},
|
||||
dataservices.FirstFn(&t, func(e portainer.Team) bool {
|
||||
return strings.EqualFold(e.Name, name)
|
||||
}),
|
||||
)
|
||||
|
||||
if errors.Is(err, dataservices.ErrStop) {
|
||||
return &t, nil
|
||||
}
|
||||
|
||||
if err == nil {
|
||||
return nil, dserrors.ErrObjectNotFound
|
||||
}
|
||||
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// CreateTeam creates a new Team.
|
||||
func (service ServiceTx) Create(team *portainer.Team) error {
|
||||
return service.Tx.CreateObject(
|
||||
BucketName,
|
||||
func(id uint64) (int, any) {
|
||||
team.ID = portainer.TeamID(id)
|
||||
return int(team.ID), team
|
||||
},
|
||||
)
|
||||
}
|
||||
@@ -402,7 +402,6 @@ type storeExport struct {
|
||||
}
|
||||
|
||||
func (store *Store) Export(filename string) (err error) {
|
||||
|
||||
backup := storeExport{}
|
||||
|
||||
if c, err := store.CustomTemplate().ReadAll(); err != nil {
|
||||
@@ -606,6 +605,7 @@ func (store *Store) Export(filename string) (err error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return os.WriteFile(filename, b, 0600)
|
||||
}
|
||||
|
||||
|
||||
@@ -80,7 +80,10 @@ func (tx *StoreTx) TeamMembership() dataservices.TeamMembershipService {
|
||||
return tx.store.TeamMembershipService.Tx(tx.tx)
|
||||
}
|
||||
|
||||
func (tx *StoreTx) Team() dataservices.TeamService { return nil }
|
||||
func (tx *StoreTx) Team() dataservices.TeamService {
|
||||
return tx.store.TeamService.Tx(tx.tx)
|
||||
}
|
||||
|
||||
func (tx *StoreTx) TunnelServer() dataservices.TunnelServerService { return nil }
|
||||
|
||||
func (tx *StoreTx) User() dataservices.UserService {
|
||||
|
||||
@@ -941,6 +941,6 @@
|
||||
}
|
||||
],
|
||||
"version": {
|
||||
"VERSION": "{\"SchemaVersion\":\"2.21.0\",\"MigratorCount\":0,\"Edition\":1,\"InstanceID\":\"463d5c47-0ea5-4aca-85b1-405ceefee254\"}"
|
||||
"VERSION": "{\"SchemaVersion\":\"2.21.5\",\"MigratorCount\":0,\"Edition\":1,\"InstanceID\":\"463d5c47-0ea5-4aca-85b1-405ceefee254\"}"
|
||||
}
|
||||
}
|
||||
+57
-10
@@ -4,15 +4,17 @@ import (
|
||||
"context"
|
||||
"strings"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
dockerclient "github.com/portainer/portainer/api/docker/client"
|
||||
"github.com/portainer/portainer/api/docker/images"
|
||||
|
||||
"github.com/Masterminds/semver"
|
||||
"github.com/docker/docker/api/types"
|
||||
dockercontainer "github.com/docker/docker/api/types/container"
|
||||
"github.com/docker/docker/api/types/network"
|
||||
"github.com/docker/docker/client"
|
||||
"github.com/pkg/errors"
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
dockerclient "github.com/portainer/portainer/api/docker/client"
|
||||
"github.com/portainer/portainer/api/docker/images"
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
@@ -30,6 +32,44 @@ func NewContainerService(factory *dockerclient.ClientFactory, dataStore dataserv
|
||||
}
|
||||
}
|
||||
|
||||
// applyVersionConstraint uses the version to apply a transformation function to
|
||||
// the value when the constraint is satisfied
|
||||
func applyVersionConstraint[T any](currentVersion, versionConstraint string, value T, transform func(T) T) (T, error) {
|
||||
newValue := value
|
||||
|
||||
constraint, err := semver.NewConstraint(versionConstraint)
|
||||
if err != nil {
|
||||
return newValue, errors.New("invalid version constraint specified")
|
||||
}
|
||||
|
||||
currentVer, err := semver.NewVersion(currentVersion)
|
||||
if err != nil {
|
||||
log.Warn().Err(err).Msg("Unable to parse the Docker client version")
|
||||
|
||||
return newValue, nil
|
||||
}
|
||||
|
||||
if satisfiesConstraint, _ := constraint.Validate(currentVer); satisfiesConstraint {
|
||||
newValue = transform(value)
|
||||
}
|
||||
|
||||
return newValue, nil
|
||||
}
|
||||
|
||||
func clearMacAddrs(n network.NetworkingConfig) network.NetworkingConfig {
|
||||
netConfig := network.NetworkingConfig{
|
||||
EndpointsConfig: make(map[string]*network.EndpointSettings),
|
||||
}
|
||||
|
||||
for k := range n.EndpointsConfig {
|
||||
endpointConfig := n.EndpointsConfig[k].Copy()
|
||||
endpointConfig.MacAddress = ""
|
||||
netConfig.EndpointsConfig[k] = endpointConfig
|
||||
}
|
||||
|
||||
return netConfig
|
||||
}
|
||||
|
||||
// Recreate a container
|
||||
func (c *ContainerService) Recreate(ctx context.Context, endpoint *portainer.Endpoint, containerId string, forcePullImage bool, imageTag, nodeName string) (*types.ContainerJSON, error) {
|
||||
cli, err := c.factory.CreateClient(endpoint, nodeName, nil)
|
||||
@@ -90,7 +130,7 @@ func (c *ContainerService) Recreate(ctx context.Context, endpoint *portainer.End
|
||||
return nil, errors.Wrap(err, "rename container error")
|
||||
}
|
||||
|
||||
networkWithCreation := network.NetworkingConfig{
|
||||
initialNetwork := network.NetworkingConfig{
|
||||
EndpointsConfig: make(map[string]*network.EndpointSettings),
|
||||
}
|
||||
|
||||
@@ -103,10 +143,10 @@ func (c *ContainerService) Recreate(ctx context.Context, endpoint *portainer.End
|
||||
}
|
||||
|
||||
// 5. get the first network attached to the current container
|
||||
if len(networkWithCreation.EndpointsConfig) == 0 {
|
||||
if len(initialNetwork.EndpointsConfig) == 0 {
|
||||
// Retrieve the first network that is linked to the present container, which
|
||||
// will be utilized when creating the container.
|
||||
networkWithCreation.EndpointsConfig[name] = network
|
||||
initialNetwork.EndpointsConfig[name] = network
|
||||
}
|
||||
}
|
||||
c.sr.enable()
|
||||
@@ -130,7 +170,15 @@ func (c *ContainerService) Recreate(ctx context.Context, endpoint *portainer.End
|
||||
// to retain the same network settings we have to connect on creation to one of the old
|
||||
// container's networks, and connect to the other networks after creation.
|
||||
// see: https://portainer.atlassian.net/browse/EE-5448
|
||||
create, err := cli.ContainerCreate(ctx, container.Config, container.HostConfig, &networkWithCreation, nil, container.Name)
|
||||
|
||||
// Docker API < 1.44 does not support specifying MAC addresses
|
||||
// https://github.com/moby/moby/blob/6aea26b431ea152a8b085e453da06ea403f89886/client/container_create.go#L44-L46
|
||||
initialNetwork, err = applyVersionConstraint(cli.ClientVersion(), "< 1.44", initialNetwork, clearMacAddrs)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
create, err := cli.ContainerCreate(ctx, container.Config, container.HostConfig, &initialNetwork, nil, container.Name)
|
||||
|
||||
c.sr.push(func() {
|
||||
log.Debug().Str("container_id", create.ID).Msg("removing the new container")
|
||||
@@ -150,8 +198,7 @@ func (c *ContainerService) Recreate(ctx context.Context, endpoint *portainer.End
|
||||
log.Debug().Str("container_id", newContainerId).Msg("connecting networks to container")
|
||||
networks := container.NetworkSettings.Networks
|
||||
for key, network := range networks {
|
||||
_, ok := networkWithCreation.EndpointsConfig[key]
|
||||
if ok {
|
||||
if _, ok := initialNetwork.EndpointsConfig[key]; ok {
|
||||
// skip the network that is used during container creation
|
||||
continue
|
||||
}
|
||||
|
||||
@@ -0,0 +1,52 @@
|
||||
package docker
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/docker/docker/api/types/network"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestApplyVersionConstraint(t *testing.T) {
|
||||
initialNet := network.NetworkingConfig{
|
||||
EndpointsConfig: map[string]*network.EndpointSettings{
|
||||
"key1": {
|
||||
MacAddress: "mac1",
|
||||
EndpointID: "endpointID1",
|
||||
},
|
||||
"key2": {
|
||||
MacAddress: "mac2",
|
||||
EndpointID: "endpointID2",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
f := func(currentVer string, constraint string, success, emptyMac bool) {
|
||||
t.Helper()
|
||||
|
||||
transformedNet, err := applyVersionConstraint(currentVer, constraint, initialNet, clearMacAddrs)
|
||||
if success {
|
||||
require.NoError(t, err)
|
||||
} else {
|
||||
require.Error(t, err)
|
||||
}
|
||||
|
||||
require.Len(t, transformedNet.EndpointsConfig, len(initialNet.EndpointsConfig))
|
||||
|
||||
for k := range initialNet.EndpointsConfig {
|
||||
if emptyMac {
|
||||
require.NotEqual(t, initialNet.EndpointsConfig[k], transformedNet.EndpointsConfig[k])
|
||||
require.Empty(t, transformedNet.EndpointsConfig[k].MacAddress)
|
||||
|
||||
continue
|
||||
}
|
||||
|
||||
require.Equal(t, initialNet.EndpointsConfig[k], transformedNet.EndpointsConfig[k])
|
||||
}
|
||||
}
|
||||
|
||||
f("1.45", "< 1.44", true, false) // No transformation
|
||||
f("1.43", "< 1.44", true, true) // Transformation
|
||||
f("a.b.", "< 1.44", true, false) // Invalid current version
|
||||
f("1.45", "z 1.44", false, false) // Invalid version constraint
|
||||
}
|
||||
@@ -143,6 +143,7 @@ func (c *gitClient) listFiles(ctx context.Context, opt fetchOption) ([]string, e
|
||||
ReferenceName: plumbing.ReferenceName(opt.referenceName),
|
||||
Auth: getAuth(opt.username, opt.password),
|
||||
InsecureSkipTLS: opt.tlsSkipVerify,
|
||||
Tags: git.NoTags,
|
||||
}
|
||||
|
||||
repo, err := git.Clone(memory.NewStorage(), nil, cloneOption)
|
||||
@@ -166,7 +167,10 @@ func (c *gitClient) listFiles(ctx context.Context, opt fetchOption) ([]string, e
|
||||
}
|
||||
|
||||
var allPaths []string
|
||||
|
||||
w := object.NewTreeWalker(tree, true, nil)
|
||||
defer w.Close()
|
||||
|
||||
for {
|
||||
name, entry, err := w.Next()
|
||||
if err != nil {
|
||||
|
||||
@@ -91,6 +91,29 @@ func Test_latestCommitID(t *testing.T) {
|
||||
assert.Equal(t, "68dcaa7bd452494043c64252ab90db0f98ecf8d2", id)
|
||||
}
|
||||
|
||||
func Test_ListRefs(t *testing.T) {
|
||||
service := Service{git: NewGitClient(true)}
|
||||
|
||||
repositoryURL := setup(t)
|
||||
|
||||
fs, err := service.ListRefs(repositoryURL, "", "", false, false)
|
||||
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, []string{"refs/heads/main"}, fs)
|
||||
}
|
||||
|
||||
func Test_ListFiles(t *testing.T) {
|
||||
service := Service{git: NewGitClient(true)}
|
||||
|
||||
repositoryURL := setup(t)
|
||||
referenceName := "refs/heads/main"
|
||||
|
||||
fs, err := service.ListFiles(repositoryURL, referenceName, "", "", false, false, []string{".yml"}, false)
|
||||
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, []string{"docker-compose.yml"}, fs)
|
||||
}
|
||||
|
||||
func getCommitHistoryLength(t *testing.T, err error, dir string) int {
|
||||
repo, err := git.PlainOpen(dir)
|
||||
if err != nil {
|
||||
|
||||
+19
-12
@@ -9,6 +9,7 @@ import (
|
||||
|
||||
lru "github.com/hashicorp/golang-lru"
|
||||
"github.com/rs/zerolog/log"
|
||||
"golang.org/x/sync/singleflight"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -223,11 +224,23 @@ func (service *Service) ListRefs(repositoryURL, username, password string, hardR
|
||||
return refs, nil
|
||||
}
|
||||
|
||||
var singleflightGroup = &singleflight.Group{}
|
||||
|
||||
// ListFiles will list all the files of the target repository with specific extensions.
|
||||
// If extension is not provided, it will list all the files under the target repository
|
||||
func (service *Service) ListFiles(repositoryURL, referenceName, username, password string, dirOnly, hardRefresh bool, includedExts []string, tlsSkipVerify bool) ([]string, error) {
|
||||
repoKey := generateCacheKey(repositoryURL, referenceName, username, password, strconv.FormatBool(tlsSkipVerify), strconv.FormatBool(dirOnly))
|
||||
|
||||
fs, err, _ := singleflightGroup.Do(repoKey, func() (any, error) {
|
||||
return service.listFiles(repositoryURL, referenceName, username, password, dirOnly, hardRefresh, tlsSkipVerify)
|
||||
})
|
||||
|
||||
return filterFiles(fs.([]string), includedExts), err
|
||||
}
|
||||
|
||||
func (service *Service) listFiles(repositoryURL, referenceName, username, password string, dirOnly, hardRefresh bool, tlsSkipVerify bool) ([]string, error) {
|
||||
repoKey := generateCacheKey(repositoryURL, referenceName, username, password, strconv.FormatBool(tlsSkipVerify), strconv.FormatBool(dirOnly))
|
||||
|
||||
if service.cacheEnabled && hardRefresh {
|
||||
// Should remove the cache explicitly, so that the following normal list can show the correct result
|
||||
service.repoFileCache.Remove(repoKey)
|
||||
@@ -235,14 +248,9 @@ func (service *Service) ListFiles(repositoryURL, referenceName, username, passwo
|
||||
|
||||
if service.repoFileCache != nil {
|
||||
// lookup the files cache first
|
||||
cache, ok := service.repoFileCache.Get(repoKey)
|
||||
if ok {
|
||||
files, success := cache.([]string)
|
||||
if success {
|
||||
// For the case while searching files in a repository without include extensions for the first time,
|
||||
// but with include extensions for the second time
|
||||
includedFiles := filterFiles(files, includedExts)
|
||||
return includedFiles, nil
|
||||
if cache, ok := service.repoFileCache.Get(repoKey); ok {
|
||||
if files, ok := cache.([]string); ok {
|
||||
return files, nil
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -274,12 +282,11 @@ func (service *Service) ListFiles(repositoryURL, referenceName, username, passwo
|
||||
}
|
||||
}
|
||||
|
||||
includedFiles := filterFiles(files, includedExts)
|
||||
if service.cacheEnabled && service.repoFileCache != nil {
|
||||
service.repoFileCache.Add(repoKey, includedFiles)
|
||||
return includedFiles, nil
|
||||
service.repoFileCache.Add(repoKey, files)
|
||||
}
|
||||
return includedFiles, nil
|
||||
|
||||
return files, nil
|
||||
}
|
||||
|
||||
func (service *Service) purgeCache() {
|
||||
|
||||
@@ -28,5 +28,7 @@ func (handler *Handler) logout(w http.ResponseWriter, r *http.Request) *httperro
|
||||
|
||||
security.RemoveAuthCookie(w)
|
||||
|
||||
handler.bouncer.RevokeJWT(tokenData.Token)
|
||||
|
||||
return response.Empty(w)
|
||||
}
|
||||
|
||||
@@ -78,7 +78,7 @@ func (handler *Handler) imagesList(w http.ResponseWriter, r *http.Request) *http
|
||||
|
||||
imagesList := make([]ImageResponse, len(images))
|
||||
for i, image := range images {
|
||||
if (image.RepoTags == nil || len(image.RepoTags) == 0) && (image.RepoDigests != nil && len(image.RepoDigests) > 0) {
|
||||
if len(image.RepoTags) == 0 && len(image.RepoDigests) > 0 {
|
||||
for _, repoDigest := range image.RepoDigests {
|
||||
image.RepoTags = append(image.RepoTags, repoDigest[0:strings.Index(repoDigest, "@")]+":<none>")
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ package edgestacks
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
@@ -63,9 +64,8 @@ func (handler *Handler) edgeStackStatusUpdate(w http.ResponseWriter, r *http.Req
|
||||
}
|
||||
|
||||
var payload updateStatusPayload
|
||||
err = request.DecodeAndValidateJSONPayload(r, &payload)
|
||||
if err != nil {
|
||||
return httperror.BadRequest("Invalid request payload", err)
|
||||
if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
|
||||
return httperror.BadRequest("Invalid request payload", fmt.Errorf("edge polling error: %w. Environment ID: %d", err, payload.EndpointID))
|
||||
}
|
||||
|
||||
var stack *portainer.EdgeStack
|
||||
@@ -98,17 +98,16 @@ func (handler *Handler) updateEdgeStackStatus(tx dataservices.DataStoreTx, r *ht
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
return nil, err
|
||||
return nil, fmt.Errorf("unable to retrieve Edge stack from the database: %w. Environment ID: %d", err, payload.EndpointID)
|
||||
}
|
||||
|
||||
endpoint, err := tx.Endpoint().Endpoint(payload.EndpointID)
|
||||
if err != nil {
|
||||
return nil, handler.handlerDBErr(err, "Unable to find an environment with the specified identifier inside the database")
|
||||
return nil, handler.handlerDBErr(fmt.Errorf("unable to find the environment from the database: %w. Environment ID: %d", err, payload.EndpointID), "unable to find the environment")
|
||||
}
|
||||
|
||||
err = handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint)
|
||||
if err != nil {
|
||||
return nil, httperror.Forbidden("Permission denied to access environment", err)
|
||||
if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
|
||||
return nil, httperror.Forbidden("Permission denied to access environment", fmt.Errorf("unauthorized edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
|
||||
}
|
||||
|
||||
status := *payload.Status
|
||||
@@ -126,9 +125,8 @@ func (handler *Handler) updateEdgeStackStatus(tx dataservices.DataStoreTx, r *ht
|
||||
|
||||
updateEnvStatus(payload.EndpointID, stack, deploymentStatus)
|
||||
|
||||
err = tx.EdgeStack().UpdateEdgeStack(stackID, stack)
|
||||
if err != nil {
|
||||
return nil, handler.handlerDBErr(err, "Unable to persist the stack changes inside the database")
|
||||
if err := tx.EdgeStack().UpdateEdgeStack(stackID, stack); err != nil {
|
||||
return nil, handler.handlerDBErr(fmt.Errorf("unable to update Edge stack to the database: %w. Environment name: %s", err, endpoint.Name), "unable to update Edge stack")
|
||||
}
|
||||
|
||||
return stack, nil
|
||||
|
||||
@@ -2,6 +2,7 @@ package endpointedge
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strconv"
|
||||
|
||||
@@ -39,32 +40,30 @@ func (handler *Handler) endpointEdgeJobsLogs(w http.ResponseWriter, r *http.Requ
|
||||
return httperror.BadRequest("Unable to find an environment on request context", err)
|
||||
}
|
||||
|
||||
err = handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint)
|
||||
if err != nil {
|
||||
return httperror.Forbidden("Permission denied to access environment", err)
|
||||
if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
|
||||
return httperror.Forbidden("Permission denied to access environment", fmt.Errorf("unauthorized edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
|
||||
}
|
||||
|
||||
edgeJobID, err := request.RetrieveNumericRouteVariableValue(r, "jobID")
|
||||
if err != nil {
|
||||
return httperror.BadRequest("Invalid edge job identifier route variable", err)
|
||||
return httperror.BadRequest("Invalid edge job identifier route variable", fmt.Errorf("invalid Edge job route variable: %w. Environment name: %s", err, endpoint.Name))
|
||||
}
|
||||
|
||||
var payload logsPayload
|
||||
err = request.DecodeAndValidateJSONPayload(r, &payload)
|
||||
if err != nil {
|
||||
return httperror.BadRequest("Invalid request payload", err)
|
||||
if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
|
||||
return httperror.BadRequest("Invalid request payload", fmt.Errorf("invalid Edge job request payload: %w. Environment name: %s", err, endpoint.Name))
|
||||
}
|
||||
|
||||
err = handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
if err := handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
return handler.getEdgeJobLobs(tx, endpoint.ID, portainer.EdgeJobID(edgeJobID), payload)
|
||||
})
|
||||
if err != nil {
|
||||
}); err != nil {
|
||||
var httpErr *httperror.HandlerError
|
||||
if errors.As(err, &httpErr) {
|
||||
httpErr.Err = fmt.Errorf("edge polling error: %w. Environment name: %s", httpErr.Err, endpoint.Name)
|
||||
return httpErr
|
||||
}
|
||||
|
||||
return httperror.InternalServerError("Unexpected error", err)
|
||||
return httperror.InternalServerError("Unexpected error", fmt.Errorf("edge polling error: %w. Environment name: %s", err, endpoint.Name))
|
||||
}
|
||||
|
||||
return response.JSON(w, nil)
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package endpointedge
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
@@ -33,27 +33,26 @@ func (handler *Handler) endpointEdgeStackInspect(w http.ResponseWriter, r *http.
|
||||
return httperror.BadRequest("Unable to find an environment on request context", err)
|
||||
}
|
||||
|
||||
err = handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint)
|
||||
if err != nil {
|
||||
return httperror.Forbidden("Permission denied to access environment", err)
|
||||
if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
|
||||
return httperror.Forbidden("Permission denied to access environment", fmt.Errorf("unauthorized edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
|
||||
}
|
||||
|
||||
edgeStackID, err := request.RetrieveNumericRouteVariableValue(r, "stackId")
|
||||
if err != nil {
|
||||
return httperror.BadRequest("Invalid edge stack identifier route variable", err)
|
||||
return httperror.BadRequest("Invalid edge stack identifier route variable", fmt.Errorf("invalid Edge stack route variable: %w. Environment name: %s", err, endpoint.Name))
|
||||
}
|
||||
|
||||
edgeStack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(edgeStackID))
|
||||
if handler.DataStore.IsErrObjectNotFound(err) {
|
||||
return httperror.NotFound("Unable to find an edge stack with the specified identifier inside the database", err)
|
||||
return httperror.NotFound("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("unable to find the Edge stack from database: %w. Environment name: %s", err, endpoint.Name))
|
||||
} else if err != nil {
|
||||
return httperror.InternalServerError("Unable to find an edge stack with the specified identifier inside the database", err)
|
||||
return httperror.InternalServerError("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("failed to find the Edge stack from database: %w. Environment name: %s", err, endpoint.Name))
|
||||
}
|
||||
|
||||
fileName := edgeStack.EntryPoint
|
||||
if endpointutils.IsDockerEndpoint(endpoint) {
|
||||
if fileName == "" {
|
||||
return httperror.BadRequest("Docker is not supported by this stack", errors.New("Docker is not supported by this stack"))
|
||||
return httperror.BadRequest("Docker is not supported by this stack", fmt.Errorf("no filename is provided for the Docker endpoint. Environment name: %s", endpoint.Name))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -66,18 +65,18 @@ func (handler *Handler) endpointEdgeStackInspect(w http.ResponseWriter, r *http.
|
||||
fileName = edgeStack.ManifestPath
|
||||
|
||||
if fileName == "" {
|
||||
return httperror.BadRequest("Kubernetes is not supported by this stack", errors.New("Kubernetes is not supported by this stack"))
|
||||
return httperror.BadRequest("Kubernetes is not supported by this stack", fmt.Errorf("no filename is provided for the Kubernetes endpoint. Environment name: %s", endpoint.Name))
|
||||
}
|
||||
}
|
||||
|
||||
dirEntries, err := filesystem.LoadDir(edgeStack.ProjectPath)
|
||||
if err != nil {
|
||||
return httperror.InternalServerError("Unable to load repository", err)
|
||||
return httperror.InternalServerError("Unable to load repository", fmt.Errorf("failed to load project directory: %w. Environment name: %s", err, endpoint.Name))
|
||||
}
|
||||
|
||||
fileContent, err := filesystem.FilterDirForCompatibility(dirEntries, fileName, endpoint.Agent.Version)
|
||||
if err != nil {
|
||||
return httperror.InternalServerError("File not found", err)
|
||||
return httperror.InternalServerError("File not found", fmt.Errorf("unable to find file: %w. Environment name: %s", err, endpoint.Name))
|
||||
}
|
||||
|
||||
dirEntries = filesystem.FilterDirForEntryFile(dirEntries, fileName)
|
||||
|
||||
@@ -86,27 +86,27 @@ func (handler *Handler) endpointEdgeStatusInspect(w http.ResponseWriter, r *http
|
||||
|
||||
if _, ok := handler.DataStore.Endpoint().Heartbeat(portainer.EndpointID(endpointID)); !ok {
|
||||
// EE-5190
|
||||
return httperror.Forbidden("Permission denied to access environment", errors.New("the device has not been trusted yet"))
|
||||
return httperror.Forbidden("Permission denied to access environment. The device has not been trusted yet", fmt.Errorf("unable to retrieve endpoint heartbeat. Environment ID: %d", endpointID))
|
||||
}
|
||||
|
||||
endpoint, err := handler.DataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
|
||||
if err != nil {
|
||||
// EE-5190
|
||||
return httperror.Forbidden("Permission denied to access environment", errors.New("the device has not been trusted yet"))
|
||||
return httperror.Forbidden("Permission denied to access environment. The device has not been trusted yet", fmt.Errorf("unable to retrieve endpoint from database: %w. Environment ID: %d", err, endpointID))
|
||||
}
|
||||
|
||||
firstConn := endpoint.LastCheckInDate == 0
|
||||
|
||||
err = handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint)
|
||||
if err != nil {
|
||||
return httperror.Forbidden("Permission denied to access environment", err)
|
||||
return httperror.Forbidden("Permission denied to access environment. The device has not been trusted yet", fmt.Errorf("unauthorized Edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
|
||||
}
|
||||
|
||||
handler.DataStore.Endpoint().UpdateHeartbeat(endpoint.ID)
|
||||
|
||||
err = handler.requestBouncer.TrustedEdgeEnvironmentAccess(handler.DataStore, endpoint)
|
||||
if err != nil {
|
||||
return httperror.Forbidden("Permission denied to access environment", err)
|
||||
return httperror.Forbidden("Permission denied to access environment. The device has not been trusted yet", fmt.Errorf("untrusted Edge environment access: %w. Environment name: %s", err, endpoint.Name))
|
||||
}
|
||||
|
||||
var statusResponse *endpointEdgeStatusInspectResponse
|
||||
@@ -117,10 +117,11 @@ func (handler *Handler) endpointEdgeStatusInspect(w http.ResponseWriter, r *http
|
||||
if err != nil {
|
||||
var httpErr *httperror.HandlerError
|
||||
if errors.As(err, &httpErr) {
|
||||
httpErr.Err = fmt.Errorf("edge polling error: %w. Environment name: %s", httpErr.Err, endpoint.Name)
|
||||
return httpErr
|
||||
}
|
||||
|
||||
return httperror.InternalServerError("Unexpected error", err)
|
||||
return httperror.InternalServerError("Unexpected error", fmt.Errorf("edge polling error: %w. Environment name: %s", err, endpoint.Name))
|
||||
}
|
||||
|
||||
return cacheResponse(w, endpoint.ID, *statusResponse)
|
||||
@@ -265,6 +266,7 @@ func cacheResponse(w http.ResponseWriter, endpointID portainer.EndpointID, statu
|
||||
|
||||
httpErr := response.JSON(rr, statusResponse)
|
||||
if httpErr != nil {
|
||||
httpErr.Err = fmt.Errorf("failed to cache response: %w. Environment ID: %d", httpErr.Err, endpointID)
|
||||
return httpErr
|
||||
}
|
||||
|
||||
|
||||
@@ -154,7 +154,7 @@ func TestMissingEdgeIdentifier(t *testing.T) {
|
||||
handler.ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code != http.StatusForbidden {
|
||||
t.Fatalf(fmt.Sprintf("expected a %d response, found: %d without Edge identifier", http.StatusForbidden, rec.Code))
|
||||
t.Fatalf("expected a %d response, found: %d without Edge identifier", http.StatusForbidden, rec.Code)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -179,7 +179,7 @@ func TestWithEndpoints(t *testing.T) {
|
||||
handler.ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code != test.expectedStatusCode {
|
||||
t.Fatalf(fmt.Sprintf("expected a %d response, found: %d for endpoint ID: %d", test.expectedStatusCode, rec.Code, test.endpoint.ID))
|
||||
t.Fatalf("expected a %d response, found: %d for endpoint ID: %d", test.expectedStatusCode, rec.Code, test.endpoint.ID)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -219,7 +219,7 @@ func TestLastCheckInDateIncreases(t *testing.T) {
|
||||
handler.ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code != http.StatusOK {
|
||||
t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
|
||||
t.Fatalf("expected a %d response, found: %d", http.StatusOK, rec.Code)
|
||||
}
|
||||
|
||||
updatedEndpoint, err := handler.DataStore.Endpoint().Endpoint(endpoint.ID)
|
||||
@@ -262,7 +262,7 @@ func TestEmptyEdgeIdWithAgentPlatformHeader(t *testing.T) {
|
||||
handler.ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code != http.StatusOK {
|
||||
t.Fatalf(fmt.Sprintf("expected a %d response, found: %d with empty edge ID", http.StatusOK, rec.Code))
|
||||
t.Fatalf("expected a %d response, found: %d with empty edge ID", http.StatusOK, rec.Code)
|
||||
}
|
||||
|
||||
updatedEndpoint, err := handler.DataStore.Endpoint().Endpoint(endpoint.ID)
|
||||
@@ -326,7 +326,7 @@ func TestEdgeStackStatus(t *testing.T) {
|
||||
handler.ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code != http.StatusOK {
|
||||
t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
|
||||
t.Fatalf("expected a %d response, found: %d", http.StatusOK, rec.Code)
|
||||
}
|
||||
|
||||
var data endpointEdgeStatusInspectResponse
|
||||
@@ -391,7 +391,7 @@ func TestEdgeJobsResponse(t *testing.T) {
|
||||
handler.ServeHTTP(rec, req)
|
||||
|
||||
if rec.Code != http.StatusOK {
|
||||
t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
|
||||
t.Fatalf("expected a %d response, found: %d", http.StatusOK, rec.Code)
|
||||
}
|
||||
|
||||
var data endpointEdgeStatusInspectResponse
|
||||
|
||||
@@ -96,8 +96,8 @@ func (handler *Handler) updateEndpointGroup(tx dataservices.DataStoreTx, endpoin
|
||||
payloadTagSet := tag.Set(payload.TagIDs)
|
||||
endpointGroupTagSet := tag.Set((endpointGroup.TagIDs))
|
||||
union := tag.Union(payloadTagSet, endpointGroupTagSet)
|
||||
intersection := tag.Intersection(payloadTagSet, endpointGroupTagSet)
|
||||
tagsChanged = len(union) > len(intersection)
|
||||
intersection := tag.IntersectionCount(payloadTagSet, endpointGroupTagSet)
|
||||
tagsChanged = len(union) > intersection
|
||||
|
||||
if tagsChanged {
|
||||
removeTags := tag.Difference(endpointGroupTagSet, payloadTagSet)
|
||||
|
||||
@@ -193,7 +193,7 @@ func (handler *Handler) filterEndpointsByQuery(
|
||||
return nil, 0, errors.WithMessage(err, "Unable to retrieve tags from the database")
|
||||
}
|
||||
|
||||
tagsMap := make(map[portainer.TagID]string)
|
||||
tagsMap := make(map[portainer.TagID]string, len(tags))
|
||||
for _, tag := range tags {
|
||||
tagsMap[tag.ID] = tag.Name
|
||||
}
|
||||
@@ -302,8 +302,7 @@ func filterEndpointsBySearchCriteria(
|
||||
) []portainer.Endpoint {
|
||||
n := 0
|
||||
for _, endpoint := range endpoints {
|
||||
endpointTags := convertTagIDsToTags(tagsMap, endpoint.TagIDs)
|
||||
if endpointMatchSearchCriteria(&endpoint, endpointTags, searchCriteria) {
|
||||
if endpointMatchSearchCriteria(&endpoint, tagsMap, searchCriteria) {
|
||||
endpoints[n] = endpoint
|
||||
n++
|
||||
|
||||
@@ -317,7 +316,7 @@ func filterEndpointsBySearchCriteria(
|
||||
continue
|
||||
}
|
||||
|
||||
if edgeGroupMatchSearchCriteria(&endpoint, edgeGroups, searchCriteria, endpoints, endpointGroups) {
|
||||
if edgeGroupMatchSearchCriteria(&endpoint, edgeGroups, searchCriteria, endpointGroups) {
|
||||
endpoints[n] = endpoint
|
||||
n++
|
||||
|
||||
@@ -363,7 +362,7 @@ func filterEndpointsByStatuses(endpoints []portainer.Endpoint, statuses []portai
|
||||
return endpoints[:n]
|
||||
}
|
||||
|
||||
func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tags []string, searchCriteria string) bool {
|
||||
func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tagsMap map[portainer.TagID]string, searchCriteria string) bool {
|
||||
if strings.Contains(strings.ToLower(endpoint.Name), searchCriteria) {
|
||||
return true
|
||||
}
|
||||
@@ -378,8 +377,8 @@ func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tags []string, se
|
||||
return true
|
||||
}
|
||||
|
||||
for _, tag := range tags {
|
||||
if strings.Contains(strings.ToLower(tag), searchCriteria) {
|
||||
for _, tagID := range endpoint.TagIDs {
|
||||
if strings.Contains(strings.ToLower(tagsMap[tagID]), searchCriteria) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
@@ -389,16 +388,17 @@ func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tags []string, se
|
||||
|
||||
func endpointGroupMatchSearchCriteria(endpoint *portainer.Endpoint, endpointGroups []portainer.EndpointGroup, tagsMap map[portainer.TagID]string, searchCriteria string) bool {
|
||||
for _, group := range endpointGroups {
|
||||
if group.ID == endpoint.GroupID {
|
||||
if strings.Contains(strings.ToLower(group.Name), searchCriteria) {
|
||||
return true
|
||||
}
|
||||
if group.ID != endpoint.GroupID {
|
||||
continue
|
||||
}
|
||||
|
||||
tags := convertTagIDsToTags(tagsMap, group.TagIDs)
|
||||
for _, tag := range tags {
|
||||
if strings.Contains(strings.ToLower(tag), searchCriteria) {
|
||||
return true
|
||||
}
|
||||
if strings.Contains(strings.ToLower(group.Name), searchCriteria) {
|
||||
return true
|
||||
}
|
||||
|
||||
for _, tagID := range group.TagIDs {
|
||||
if strings.Contains(strings.ToLower(tagsMap[tagID]), searchCriteria) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -411,11 +411,10 @@ func edgeGroupMatchSearchCriteria(
|
||||
endpoint *portainer.Endpoint,
|
||||
edgeGroups []portainer.EdgeGroup,
|
||||
searchCriteria string,
|
||||
endpoints []portainer.Endpoint,
|
||||
endpointGroups []portainer.EndpointGroup,
|
||||
) bool {
|
||||
for _, edgeGroup := range edgeGroups {
|
||||
relatedEndpointIDs := edge.EdgeGroupRelatedEndpoints(&edgeGroup, endpoints, endpointGroups)
|
||||
relatedEndpointIDs := edge.EdgeGroupRelatedEndpoints(&edgeGroup, []portainer.Endpoint{*endpoint}, endpointGroups)
|
||||
|
||||
for _, endpointID := range relatedEndpointIDs {
|
||||
if endpointID == endpoint.ID {
|
||||
@@ -446,16 +445,6 @@ func filterEndpointsByTypes(endpoints []portainer.Endpoint, endpointTypes []port
|
||||
return endpoints[:n]
|
||||
}
|
||||
|
||||
func convertTagIDsToTags(tagsMap map[portainer.TagID]string, tagIDs []portainer.TagID) []string {
|
||||
tags := make([]string, 0, len(tagIDs))
|
||||
|
||||
for _, tagID := range tagIDs {
|
||||
tags = append(tags, tagsMap[tagID])
|
||||
}
|
||||
|
||||
return tags
|
||||
}
|
||||
|
||||
func filteredEndpointsByTags(endpoints []portainer.Endpoint, tagIDs []portainer.TagID, endpointGroups []portainer.EndpointGroup, partialMatch bool) []portainer.Endpoint {
|
||||
n := 0
|
||||
for _, endpoint := range endpoints {
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package endpoints
|
||||
|
||||
import (
|
||||
"strconv"
|
||||
"testing"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
@@ -148,6 +149,103 @@ func Test_Filter_excludeIDs(t *testing.T) {
|
||||
runTests(tests, t, handler, environments)
|
||||
}
|
||||
|
||||
func BenchmarkFilterEndpointsBySearchCriteria_PartialMatch(b *testing.B) {
|
||||
n := 10000
|
||||
|
||||
endpointIDs := []portainer.EndpointID{}
|
||||
|
||||
endpoints := []portainer.Endpoint{}
|
||||
for i := 0; i < n; i++ {
|
||||
endpoints = append(endpoints, portainer.Endpoint{
|
||||
ID: portainer.EndpointID(i + 1),
|
||||
Name: "endpoint-" + strconv.Itoa(i+1),
|
||||
GroupID: 1,
|
||||
TagIDs: []portainer.TagID{1},
|
||||
Type: portainer.EdgeAgentOnDockerEnvironment,
|
||||
})
|
||||
|
||||
endpointIDs = append(endpointIDs, portainer.EndpointID(i+1))
|
||||
}
|
||||
|
||||
endpointGroups := []portainer.EndpointGroup{}
|
||||
|
||||
edgeGroups := []portainer.EdgeGroup{}
|
||||
for i := 0; i < 1000; i++ {
|
||||
edgeGroups = append(edgeGroups, portainer.EdgeGroup{
|
||||
ID: portainer.EdgeGroupID(i + 1),
|
||||
Name: "edge-group-" + strconv.Itoa(i+1),
|
||||
Endpoints: append([]portainer.EndpointID{}, endpointIDs...),
|
||||
Dynamic: true,
|
||||
TagIDs: []portainer.TagID{1, 2, 3},
|
||||
PartialMatch: true,
|
||||
})
|
||||
}
|
||||
|
||||
tagsMap := map[portainer.TagID]string{}
|
||||
for i := 0; i < 10; i++ {
|
||||
tagsMap[portainer.TagID(i+1)] = "tag-" + strconv.Itoa(i+1)
|
||||
}
|
||||
|
||||
searchString := "edge-group"
|
||||
|
||||
b.ResetTimer()
|
||||
|
||||
for i := 0; i < b.N; i++ {
|
||||
e := filterEndpointsBySearchCriteria(endpoints, endpointGroups, edgeGroups, tagsMap, searchString)
|
||||
if len(e) != n {
|
||||
b.FailNow()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func BenchmarkFilterEndpointsBySearchCriteria_FullMatch(b *testing.B) {
|
||||
n := 10000
|
||||
|
||||
endpointIDs := []portainer.EndpointID{}
|
||||
|
||||
endpoints := []portainer.Endpoint{}
|
||||
for i := 0; i < n; i++ {
|
||||
endpoints = append(endpoints, portainer.Endpoint{
|
||||
ID: portainer.EndpointID(i + 1),
|
||||
Name: "endpoint-" + strconv.Itoa(i+1),
|
||||
GroupID: 1,
|
||||
TagIDs: []portainer.TagID{1, 2, 3},
|
||||
Type: portainer.EdgeAgentOnDockerEnvironment,
|
||||
})
|
||||
|
||||
endpointIDs = append(endpointIDs, portainer.EndpointID(i+1))
|
||||
}
|
||||
|
||||
endpointGroups := []portainer.EndpointGroup{}
|
||||
|
||||
edgeGroups := []portainer.EdgeGroup{}
|
||||
for i := 0; i < 1000; i++ {
|
||||
edgeGroups = append(edgeGroups, portainer.EdgeGroup{
|
||||
ID: portainer.EdgeGroupID(i + 1),
|
||||
Name: "edge-group-" + strconv.Itoa(i+1),
|
||||
Endpoints: append([]portainer.EndpointID{}, endpointIDs...),
|
||||
Dynamic: true,
|
||||
TagIDs: []portainer.TagID{1},
|
||||
})
|
||||
}
|
||||
|
||||
tagsMap := map[portainer.TagID]string{}
|
||||
for i := 0; i < 10; i++ {
|
||||
tagsMap[portainer.TagID(i+1)] = "tag-" + strconv.Itoa(i+1)
|
||||
}
|
||||
|
||||
searchString := "edge-group"
|
||||
|
||||
b.ResetTimer()
|
||||
|
||||
for i := 0; i < b.N; i++ {
|
||||
e := filterEndpointsBySearchCriteria(endpoints, endpointGroups, edgeGroups, tagsMap, searchString)
|
||||
if len(e) != n {
|
||||
b.FailNow()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func runTests(tests []filterTest, t *testing.T, handler *Handler, endpoints []portainer.Endpoint) {
|
||||
for _, test := range tests {
|
||||
t.Run(test.title, func(t *testing.T) {
|
||||
|
||||
@@ -4,6 +4,9 @@ import (
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"github.com/portainer/portainer/api/http/security"
|
||||
"github.com/portainer/portainer/pkg/featureflags"
|
||||
|
||||
"github.com/gorilla/handlers"
|
||||
)
|
||||
|
||||
@@ -16,8 +19,10 @@ type Handler struct {
|
||||
// NewHandler creates a handler to serve static files.
|
||||
func NewHandler(assetPublicPath string, wasInstanceDisabled func() bool) *Handler {
|
||||
h := &Handler{
|
||||
Handler: handlers.CompressHandler(
|
||||
http.FileServer(http.Dir(assetPublicPath)),
|
||||
Handler: security.MWSecureHeaders(
|
||||
handlers.CompressHandler(http.FileServer(http.Dir(assetPublicPath))),
|
||||
featureflags.IsEnabled("hsts"),
|
||||
featureflags.IsEnabled("csp"),
|
||||
),
|
||||
wasInstanceDisabled: wasInstanceDisabled,
|
||||
}
|
||||
@@ -53,7 +58,5 @@ func (handler *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
|
||||
}
|
||||
|
||||
w.Header().Add("X-XSS-Protection", "1; mode=block")
|
||||
w.Header().Add("X-Content-Type-Options", "nosniff")
|
||||
handler.Handler.ServeHTTP(w, r)
|
||||
}
|
||||
|
||||
@@ -85,7 +85,7 @@ type Handler struct {
|
||||
}
|
||||
|
||||
// @title PortainerCE API
|
||||
// @version 2.21.0
|
||||
// @version 2.21.5
|
||||
// @description.markdown api-description.md
|
||||
// @termsOfService
|
||||
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package stacks
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"time"
|
||||
@@ -95,7 +96,7 @@ func (handler *Handler) stackAssociate(w http.ResponseWriter, r *http.Request) *
|
||||
}
|
||||
if !canManage {
|
||||
errMsg := "Stack management is disabled for non-admin users"
|
||||
return httperror.Forbidden(errMsg, fmt.Errorf(errMsg))
|
||||
return httperror.Forbidden(errMsg, errors.New(errMsg))
|
||||
}
|
||||
|
||||
stack.EndpointID = portainer.EndpointID(endpointID)
|
||||
|
||||
@@ -111,7 +111,7 @@ func (handler *Handler) stackDelete(w http.ResponseWriter, r *http.Request) *htt
|
||||
}
|
||||
if !canManage {
|
||||
errMsg := "stack deletion is disabled for non-admin users"
|
||||
return httperror.Forbidden(errMsg, fmt.Errorf(errMsg))
|
||||
return httperror.Forbidden(errMsg, errors.New(errMsg))
|
||||
}
|
||||
|
||||
// stop scheduler updates of the stack before removal
|
||||
@@ -338,7 +338,7 @@ func (handler *Handler) stackDeleteKubernetesByName(w http.ResponseWriter, r *ht
|
||||
}
|
||||
if !canManage {
|
||||
errMsg := "stack deletion is disabled for non-admin users"
|
||||
return httperror.Forbidden(errMsg, fmt.Errorf(errMsg))
|
||||
return httperror.Forbidden(errMsg, errors.New(errMsg))
|
||||
}
|
||||
|
||||
stacksToDelete = append(stacksToDelete, stack)
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"net/http"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
httperror "github.com/portainer/portainer/pkg/libhttp/error"
|
||||
"github.com/portainer/portainer/pkg/libhttp/request"
|
||||
"github.com/portainer/portainer/pkg/libhttp/response"
|
||||
@@ -23,6 +24,7 @@ func (payload *teamCreatePayload) Validate(r *http.Request) error {
|
||||
if govalidator.IsNull(payload.Name) {
|
||||
return errors.New("Invalid team name")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -43,26 +45,42 @@ func (payload *teamCreatePayload) Validate(r *http.Request) error {
|
||||
// @router /teams [post]
|
||||
func (handler *Handler) teamCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
|
||||
var payload teamCreatePayload
|
||||
err := request.DecodeAndValidateJSONPayload(r, &payload)
|
||||
if err != nil {
|
||||
if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
|
||||
return httperror.BadRequest("Invalid request payload", err)
|
||||
}
|
||||
|
||||
team, err := handler.DataStore.Team().TeamByName(payload.Name)
|
||||
if err != nil && !handler.DataStore.IsErrObjectNotFound(err) {
|
||||
return httperror.InternalServerError("Unable to retrieve teams from the database", err)
|
||||
var team *portainer.Team
|
||||
|
||||
if err := handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
var err error
|
||||
team, err = createTeam(tx, payload)
|
||||
|
||||
return err
|
||||
}); err != nil {
|
||||
var httpErr *httperror.HandlerError
|
||||
if errors.As(err, &httpErr) {
|
||||
return httpErr
|
||||
}
|
||||
|
||||
return httperror.InternalServerError("Unexpected error", err)
|
||||
}
|
||||
|
||||
return response.JSON(w, team)
|
||||
}
|
||||
|
||||
func createTeam(tx dataservices.DataStoreTx, payload teamCreatePayload) (*portainer.Team, error) {
|
||||
team, err := tx.Team().TeamByName(payload.Name)
|
||||
if err != nil && !tx.IsErrObjectNotFound(err) {
|
||||
return nil, httperror.InternalServerError("Unable to retrieve teams from the database", err)
|
||||
}
|
||||
if team != nil {
|
||||
return httperror.Conflict("A team with the same name already exists", errors.New("Team already exists"))
|
||||
return nil, httperror.Conflict("A team with the same name already exists", errors.New("Team already exists"))
|
||||
}
|
||||
|
||||
team = &portainer.Team{
|
||||
Name: payload.Name,
|
||||
}
|
||||
team = &portainer.Team{Name: payload.Name}
|
||||
|
||||
err = handler.DataStore.Team().Create(team)
|
||||
if err != nil {
|
||||
return httperror.InternalServerError("Unable to persist the team inside the database", err)
|
||||
if err := tx.Team().Create(team); err != nil {
|
||||
return nil, httperror.InternalServerError("Unable to persist the team inside the database", err)
|
||||
}
|
||||
|
||||
for _, teamLeader := range payload.TeamLeaders {
|
||||
@@ -72,11 +90,10 @@ func (handler *Handler) teamCreate(w http.ResponseWriter, r *http.Request) *http
|
||||
Role: portainer.TeamLeader,
|
||||
}
|
||||
|
||||
err = handler.DataStore.TeamMembership().Create(membership)
|
||||
if err != nil {
|
||||
return httperror.InternalServerError("Unable to persist team leadership inside the database", err)
|
||||
if err := tx.TeamMembership().Create(membership); err != nil {
|
||||
return nil, httperror.InternalServerError("Unable to persist team leadership inside the database", err)
|
||||
}
|
||||
}
|
||||
|
||||
return response.JSON(w, team)
|
||||
return team, nil
|
||||
}
|
||||
|
||||
@@ -0,0 +1,65 @@
|
||||
package teams
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
|
||||
"github.com/portainer/portainer/api/datastore"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
"golang.org/x/sync/errgroup"
|
||||
)
|
||||
|
||||
func TestConcurrentTeamCreation(t *testing.T) {
|
||||
_, store := datastore.MustNewTestStore(t, true, false)
|
||||
|
||||
h := &Handler{
|
||||
DataStore: store,
|
||||
}
|
||||
|
||||
tcp := teamCreatePayload{
|
||||
Name: "portainer",
|
||||
}
|
||||
|
||||
m, err := json.Marshal(tcp)
|
||||
require.NoError(t, err)
|
||||
|
||||
errGroup := &errgroup.Group{}
|
||||
|
||||
n := 100
|
||||
|
||||
for i := 0; i < n; i++ {
|
||||
errGroup.Go(func() error {
|
||||
req, err := http.NewRequest(http.MethodPost, "/teams", bytes.NewReader(m))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := h.teamCreate(httptest.NewRecorder(), req); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
err = errGroup.Wait()
|
||||
require.Error(t, err)
|
||||
|
||||
teams, err := store.Team().ReadAll()
|
||||
require.NotEmpty(t, teams)
|
||||
require.NoError(t, err)
|
||||
|
||||
teamCreated := false
|
||||
for _, team := range teams {
|
||||
if team.Name == tcp.Name {
|
||||
require.False(t, teamCreated)
|
||||
teamCreated = true
|
||||
}
|
||||
}
|
||||
|
||||
require.True(t, teamCreated)
|
||||
}
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"net/http"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
httperror "github.com/portainer/portainer/pkg/libhttp/error"
|
||||
"github.com/portainer/portainer/pkg/libhttp/request"
|
||||
"github.com/portainer/portainer/pkg/libhttp/response"
|
||||
@@ -54,12 +55,33 @@ func (handler *Handler) userCreate(w http.ResponseWriter, r *http.Request) *http
|
||||
return httperror.BadRequest("Invalid request payload", err)
|
||||
}
|
||||
|
||||
user, err := handler.DataStore.User().UserByUsername(payload.Username)
|
||||
if err != nil && !handler.DataStore.IsErrObjectNotFound(err) {
|
||||
return httperror.InternalServerError("Unable to retrieve users from the database", err)
|
||||
var user *portainer.User
|
||||
|
||||
if err := handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
var err error
|
||||
user, err = handler.createUser(tx, payload)
|
||||
|
||||
return err
|
||||
}); err != nil {
|
||||
var httpErr *httperror.HandlerError
|
||||
if errors.As(err, &httpErr) {
|
||||
return httpErr
|
||||
}
|
||||
|
||||
return httperror.InternalServerError("Unexpected error", err)
|
||||
}
|
||||
|
||||
return response.JSON(w, user)
|
||||
}
|
||||
|
||||
func (handler *Handler) createUser(tx dataservices.DataStoreTx, payload userCreatePayload) (*portainer.User, error) {
|
||||
user, err := tx.User().UserByUsername(payload.Username)
|
||||
if err != nil && !tx.IsErrObjectNotFound(err) {
|
||||
return nil, httperror.InternalServerError("Unable to retrieve users from the database", err)
|
||||
}
|
||||
|
||||
if user != nil {
|
||||
return httperror.Conflict("Another user with the same username already exists", errUserAlreadyExists)
|
||||
return nil, httperror.Conflict("Another user with the same username already exists", errUserAlreadyExists)
|
||||
}
|
||||
|
||||
user = &portainer.User{
|
||||
@@ -67,33 +89,33 @@ func (handler *Handler) userCreate(w http.ResponseWriter, r *http.Request) *http
|
||||
Role: portainer.UserRole(payload.Role),
|
||||
}
|
||||
|
||||
settings, err := handler.DataStore.Settings().Settings()
|
||||
settings, err := tx.Settings().Settings()
|
||||
if err != nil {
|
||||
return httperror.InternalServerError("Unable to retrieve settings from the database", err)
|
||||
return nil, httperror.InternalServerError("Unable to retrieve settings from the database", err)
|
||||
}
|
||||
|
||||
// when ldap/oauth is on, can only add users without password
|
||||
// When LDAP/OAuth is on, can only add users without password
|
||||
if (settings.AuthenticationMethod == portainer.AuthenticationLDAP || settings.AuthenticationMethod == portainer.AuthenticationOAuth) && payload.Password != "" {
|
||||
errMsg := "A user with password can not be created when authentication method is Oauth or LDAP"
|
||||
return httperror.BadRequest(errMsg, errors.New(errMsg))
|
||||
errMsg := "a user with password can not be created when authentication method is Oauth or LDAP"
|
||||
return nil, httperror.BadRequest(errMsg, errors.New(errMsg))
|
||||
}
|
||||
|
||||
if settings.AuthenticationMethod == portainer.AuthenticationInternal {
|
||||
if !handler.passwordStrengthChecker.Check(payload.Password) {
|
||||
return httperror.BadRequest("Password does not meet the requirements", nil)
|
||||
return nil, httperror.BadRequest("Password does not meet the requirements", nil)
|
||||
}
|
||||
|
||||
user.Password, err = handler.CryptoService.Hash(payload.Password)
|
||||
if err != nil {
|
||||
return httperror.InternalServerError("Unable to hash user password", errCryptoHashFailure)
|
||||
return nil, httperror.InternalServerError("Unable to hash user password", errCryptoHashFailure)
|
||||
}
|
||||
}
|
||||
|
||||
err = handler.DataStore.User().Create(user)
|
||||
if err != nil {
|
||||
return httperror.InternalServerError("Unable to persist user inside the database", err)
|
||||
if err := tx.User().Create(user); err != nil {
|
||||
return nil, httperror.InternalServerError("Unable to persist user inside the database", err)
|
||||
}
|
||||
|
||||
hideFields(user)
|
||||
return response.JSON(w, user)
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
@@ -0,0 +1,77 @@
|
||||
package users
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/crypto"
|
||||
"github.com/portainer/portainer/api/datastore"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
"golang.org/x/sync/errgroup"
|
||||
)
|
||||
|
||||
type mockPasswordStrengthChecker struct{}
|
||||
|
||||
func (m *mockPasswordStrengthChecker) Check(string) bool {
|
||||
return true
|
||||
}
|
||||
|
||||
func TestConcurrentUserCreation(t *testing.T) {
|
||||
_, store := datastore.MustNewTestStore(t, true, false)
|
||||
|
||||
h := &Handler{
|
||||
passwordStrengthChecker: &mockPasswordStrengthChecker{},
|
||||
CryptoService: &crypto.Service{},
|
||||
DataStore: store,
|
||||
}
|
||||
|
||||
ucp := userCreatePayload{
|
||||
Username: "portainer",
|
||||
Password: "password",
|
||||
Role: int(portainer.AdministratorRole),
|
||||
}
|
||||
|
||||
m, err := json.Marshal(ucp)
|
||||
require.NoError(t, err)
|
||||
|
||||
errGroup := &errgroup.Group{}
|
||||
|
||||
n := 100
|
||||
|
||||
for i := 0; i < n; i++ {
|
||||
errGroup.Go(func() error {
|
||||
req, err := http.NewRequest(http.MethodPost, "/users", bytes.NewReader(m))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := h.userCreate(httptest.NewRecorder(), req); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
err = errGroup.Wait()
|
||||
require.Error(t, err)
|
||||
|
||||
users, err := store.User().ReadAll()
|
||||
require.NotEmpty(t, users)
|
||||
require.NoError(t, err)
|
||||
|
||||
userCreated := false
|
||||
for _, u := range users {
|
||||
if u.Username == ucp.Username {
|
||||
require.False(t, userCreated)
|
||||
userCreated = true
|
||||
}
|
||||
}
|
||||
|
||||
require.True(t, userCreated)
|
||||
}
|
||||
@@ -122,6 +122,7 @@ func (handler *Handler) executeServiceWebhook(
|
||||
_ = rc.Close()
|
||||
}(rc)
|
||||
}
|
||||
|
||||
_, err = dockerClient.ServiceUpdate(context.Background(), resourceID, service.Version, service.Spec, serviceUpdateOptions)
|
||||
|
||||
if err != nil {
|
||||
|
||||
@@ -45,7 +45,9 @@ func (o *OfflineGate) WaitingMiddleware(timeout time.Duration, next http.Handler
|
||||
httperror.WriteError(w, http.StatusRequestTimeout, "Timeout waiting for the offline gate to signal", http.ErrHandlerTimeout)
|
||||
return
|
||||
}
|
||||
|
||||
defer o.lock.RUnlock()
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
o.lock.RUnlock()
|
||||
})
|
||||
}
|
||||
|
||||
@@ -20,11 +20,16 @@ type postDockerfileRequest struct {
|
||||
}
|
||||
|
||||
// buildOperation inspects the "Content-Type" header to determine if it needs to alter the request.
|
||||
//
|
||||
// If the value of the header is empty, it means that a Dockerfile is posted via upload, the function
|
||||
// will extract the file content from the request body, tar it, and rewrite the body.
|
||||
// !! THIS IS ONLY TRUE WHEN THE UPLOADED DOCKERFILE FILE HAS NO EXTENSION (the generated file.type in the frontend will be empty)
|
||||
// If the Dockerfile is named like Dockerfile.yaml or has an internal type, a non-empty Content-Type header will be generated
|
||||
//
|
||||
// If the value of the header contains "application/json", it means that the content of a Dockerfile is posted
|
||||
// in the request payload as JSON, the function will create a new file called Dockerfile inside a tar archive and
|
||||
// rewrite the body of the request.
|
||||
//
|
||||
// In any other case, it will leave the request unaltered.
|
||||
func buildOperation(request *http.Request) error {
|
||||
contentTypeHeader := request.Header.Get("Content-Type")
|
||||
|
||||
@@ -84,11 +84,28 @@ func (transport *Transport) RoundTrip(request *http.Request) (*http.Response, er
|
||||
return transport.ProxyDockerRequest(request)
|
||||
}
|
||||
|
||||
var prefixProxyFuncMap = map[string]func(*Transport, *http.Request, string) (*http.Response, error){
|
||||
"configs": (*Transport).proxyConfigRequest,
|
||||
"containers": (*Transport).proxyContainerRequest,
|
||||
"services": (*Transport).proxyServiceRequest,
|
||||
"volumes": (*Transport).proxyVolumeRequest,
|
||||
"networks": (*Transport).proxyNetworkRequest,
|
||||
"secrets": (*Transport).proxySecretRequest,
|
||||
"swarm": (*Transport).proxySwarmRequest,
|
||||
"nodes": (*Transport).proxyNodeRequest,
|
||||
"tasks": (*Transport).proxyTaskRequest,
|
||||
"build": (*Transport).proxyBuildRequest,
|
||||
"images": (*Transport).proxyImageRequest,
|
||||
"v2": (*Transport).proxyAgentRequest,
|
||||
}
|
||||
|
||||
// ProxyDockerRequest intercepts a Docker API request and apply logic based
|
||||
// on the requested operation.
|
||||
func (transport *Transport) ProxyDockerRequest(request *http.Request) (*http.Response, error) {
|
||||
requestPath := apiVersionRe.ReplaceAllString(request.URL.Path, "")
|
||||
request.URL.Path = requestPath
|
||||
// from : /v1.41/containers/{id}/json
|
||||
// or : /containers/{id}/json
|
||||
// to : /containers/{id}/json
|
||||
unversionedPath := apiVersionRe.ReplaceAllString(request.URL.Path, "")
|
||||
|
||||
if transport.endpoint.Type == portainer.AgentOnDockerEnvironment || transport.endpoint.Type == portainer.EdgeAgentOnDockerEnvironment {
|
||||
signature, err := transport.signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
|
||||
@@ -100,34 +117,16 @@ func (transport *Transport) ProxyDockerRequest(request *http.Request) (*http.Res
|
||||
request.Header.Set(portainer.PortainerAgentSignatureHeader, signature)
|
||||
}
|
||||
|
||||
switch {
|
||||
case strings.HasPrefix(requestPath, "/configs"):
|
||||
return transport.proxyConfigRequest(request)
|
||||
case strings.HasPrefix(requestPath, "/containers"):
|
||||
return transport.proxyContainerRequest(request)
|
||||
case strings.HasPrefix(requestPath, "/services"):
|
||||
return transport.proxyServiceRequest(request)
|
||||
case strings.HasPrefix(requestPath, "/volumes"):
|
||||
return transport.proxyVolumeRequest(request)
|
||||
case strings.HasPrefix(requestPath, "/networks"):
|
||||
return transport.proxyNetworkRequest(request)
|
||||
case strings.HasPrefix(requestPath, "/secrets"):
|
||||
return transport.proxySecretRequest(request)
|
||||
case strings.HasPrefix(requestPath, "/swarm"):
|
||||
return transport.proxySwarmRequest(request)
|
||||
case strings.HasPrefix(requestPath, "/nodes"):
|
||||
return transport.proxyNodeRequest(request)
|
||||
case strings.HasPrefix(requestPath, "/tasks"):
|
||||
return transport.proxyTaskRequest(request)
|
||||
case strings.HasPrefix(requestPath, "/build"):
|
||||
return transport.proxyBuildRequest(request)
|
||||
case strings.HasPrefix(requestPath, "/images"):
|
||||
return transport.proxyImageRequest(request)
|
||||
case strings.HasPrefix(requestPath, "/v2"):
|
||||
return transport.proxyAgentRequest(request)
|
||||
default:
|
||||
return transport.executeDockerRequest(request)
|
||||
// from : /containers/{id}/json
|
||||
// trim to : containers/{id}/json
|
||||
// pick : [ containers, {id}, json ][0]
|
||||
// prefix : containers
|
||||
prefix := strings.Split(strings.TrimPrefix(unversionedPath, "/"), "/")[0]
|
||||
|
||||
if proxyFunc := prefixProxyFuncMap[prefix]; proxyFunc != nil {
|
||||
return proxyFunc(transport, request, unversionedPath)
|
||||
}
|
||||
return transport.executeDockerRequest(request)
|
||||
}
|
||||
|
||||
func (transport *Transport) executeDockerRequest(request *http.Request) (*http.Response, error) {
|
||||
@@ -144,8 +143,8 @@ func (transport *Transport) executeDockerRequest(request *http.Request) (*http.R
|
||||
return response, err
|
||||
}
|
||||
|
||||
func (transport *Transport) proxyAgentRequest(r *http.Request) (*http.Response, error) {
|
||||
requestPath := strings.TrimPrefix(r.URL.Path, "/v2")
|
||||
func (transport *Transport) proxyAgentRequest(r *http.Request, unversionedPath string) (*http.Response, error) {
|
||||
requestPath := strings.TrimPrefix(unversionedPath, "/v2")
|
||||
|
||||
switch {
|
||||
case strings.HasPrefix(requestPath, "/browse"):
|
||||
@@ -203,8 +202,10 @@ func (transport *Transport) proxyAgentRequest(r *http.Request) (*http.Response,
|
||||
return transport.executeDockerRequest(r)
|
||||
}
|
||||
|
||||
func (transport *Transport) proxyConfigRequest(request *http.Request) (*http.Response, error) {
|
||||
switch requestPath := request.URL.Path; requestPath {
|
||||
func (transport *Transport) proxyConfigRequest(request *http.Request, unversionedPath string) (*http.Response, error) {
|
||||
requestPath := unversionedPath
|
||||
|
||||
switch requestPath {
|
||||
case "/configs/create":
|
||||
return transport.decorateGenericResourceCreationOperation(request, configObjectIdentifier, portainer.ConfigResourceControl)
|
||||
|
||||
@@ -225,8 +226,10 @@ func (transport *Transport) proxyConfigRequest(request *http.Request) (*http.Res
|
||||
}
|
||||
}
|
||||
|
||||
func (transport *Transport) proxyContainerRequest(request *http.Request) (*http.Response, error) {
|
||||
switch requestPath := request.URL.Path; requestPath {
|
||||
func (transport *Transport) proxyContainerRequest(request *http.Request, unversionedPath string) (*http.Response, error) {
|
||||
requestPath := unversionedPath
|
||||
|
||||
switch requestPath {
|
||||
case "/containers/create":
|
||||
return transport.decorateContainerCreationOperation(request, containerObjectIdentifier, portainer.ContainerResourceControl)
|
||||
|
||||
@@ -261,8 +264,10 @@ func (transport *Transport) proxyContainerRequest(request *http.Request) (*http.
|
||||
}
|
||||
}
|
||||
|
||||
func (transport *Transport) proxyServiceRequest(request *http.Request) (*http.Response, error) {
|
||||
switch requestPath := request.URL.Path; requestPath {
|
||||
func (transport *Transport) proxyServiceRequest(request *http.Request, unversionedPath string) (*http.Response, error) {
|
||||
requestPath := unversionedPath
|
||||
|
||||
switch requestPath {
|
||||
case "/services/create":
|
||||
return transport.decorateServiceCreationOperation(request)
|
||||
|
||||
@@ -292,8 +297,10 @@ func (transport *Transport) proxyServiceRequest(request *http.Request) (*http.Re
|
||||
}
|
||||
}
|
||||
|
||||
func (transport *Transport) proxyVolumeRequest(request *http.Request) (*http.Response, error) {
|
||||
switch requestPath := request.URL.Path; requestPath {
|
||||
func (transport *Transport) proxyVolumeRequest(request *http.Request, unversionedPath string) (*http.Response, error) {
|
||||
requestPath := unversionedPath
|
||||
|
||||
switch requestPath {
|
||||
case "/volumes/create":
|
||||
return transport.decorateVolumeResourceCreationOperation(request, portainer.VolumeResourceControl)
|
||||
|
||||
@@ -309,8 +316,10 @@ func (transport *Transport) proxyVolumeRequest(request *http.Request) (*http.Res
|
||||
}
|
||||
}
|
||||
|
||||
func (transport *Transport) proxyNetworkRequest(request *http.Request) (*http.Response, error) {
|
||||
switch requestPath := request.URL.Path; requestPath {
|
||||
func (transport *Transport) proxyNetworkRequest(request *http.Request, unversionedPath string) (*http.Response, error) {
|
||||
requestPath := unversionedPath
|
||||
|
||||
switch requestPath {
|
||||
case "/networks/create":
|
||||
return transport.decorateGenericResourceCreationOperation(request, networkObjectIdentifier, portainer.NetworkResourceControl)
|
||||
|
||||
@@ -330,8 +339,10 @@ func (transport *Transport) proxyNetworkRequest(request *http.Request) (*http.Re
|
||||
}
|
||||
}
|
||||
|
||||
func (transport *Transport) proxySecretRequest(request *http.Request) (*http.Response, error) {
|
||||
switch requestPath := request.URL.Path; requestPath {
|
||||
func (transport *Transport) proxySecretRequest(request *http.Request, unversionedPath string) (*http.Response, error) {
|
||||
requestPath := unversionedPath
|
||||
|
||||
switch requestPath {
|
||||
case "/secrets/create":
|
||||
return transport.decorateGenericResourceCreationOperation(request, secretObjectIdentifier, portainer.SecretResourceControl)
|
||||
|
||||
@@ -351,8 +362,8 @@ func (transport *Transport) proxySecretRequest(request *http.Request) (*http.Res
|
||||
}
|
||||
}
|
||||
|
||||
func (transport *Transport) proxyNodeRequest(request *http.Request) (*http.Response, error) {
|
||||
requestPath := request.URL.Path
|
||||
func (transport *Transport) proxyNodeRequest(request *http.Request, unversionedPath string) (*http.Response, error) {
|
||||
requestPath := unversionedPath
|
||||
|
||||
// assume /nodes/{id}
|
||||
if path.Base(requestPath) != "nodes" {
|
||||
@@ -362,8 +373,10 @@ func (transport *Transport) proxyNodeRequest(request *http.Request) (*http.Respo
|
||||
return transport.executeDockerRequest(request)
|
||||
}
|
||||
|
||||
func (transport *Transport) proxySwarmRequest(request *http.Request) (*http.Response, error) {
|
||||
switch requestPath := request.URL.Path; requestPath {
|
||||
func (transport *Transport) proxySwarmRequest(request *http.Request, unversionedPath string) (*http.Response, error) {
|
||||
requestPath := unversionedPath
|
||||
|
||||
switch requestPath {
|
||||
case "/swarm":
|
||||
return transport.rewriteOperation(request, swarmInspectOperation)
|
||||
default:
|
||||
@@ -372,8 +385,10 @@ func (transport *Transport) proxySwarmRequest(request *http.Request) (*http.Resp
|
||||
}
|
||||
}
|
||||
|
||||
func (transport *Transport) proxyTaskRequest(request *http.Request) (*http.Response, error) {
|
||||
switch requestPath := request.URL.Path; requestPath {
|
||||
func (transport *Transport) proxyTaskRequest(request *http.Request, unversionedPath string) (*http.Response, error) {
|
||||
requestPath := unversionedPath
|
||||
|
||||
switch requestPath {
|
||||
case "/tasks":
|
||||
return transport.rewriteOperation(request, transport.taskListOperation)
|
||||
default:
|
||||
@@ -382,7 +397,7 @@ func (transport *Transport) proxyTaskRequest(request *http.Request) (*http.Respo
|
||||
}
|
||||
}
|
||||
|
||||
func (transport *Transport) proxyBuildRequest(request *http.Request) (*http.Response, error) {
|
||||
func (transport *Transport) proxyBuildRequest(request *http.Request, _ string) (*http.Response, error) {
|
||||
err := transport.updateDefaultGitBranch(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -408,8 +423,10 @@ func (transport *Transport) updateDefaultGitBranch(request *http.Request) error
|
||||
return nil
|
||||
}
|
||||
|
||||
func (transport *Transport) proxyImageRequest(request *http.Request) (*http.Response, error) {
|
||||
switch requestPath := request.URL.Path; requestPath {
|
||||
func (transport *Transport) proxyImageRequest(request *http.Request, unversionedPath string) (*http.Response, error) {
|
||||
requestPath := unversionedPath
|
||||
|
||||
switch requestPath {
|
||||
case "/images/create":
|
||||
return transport.replaceRegistryAuthenticationHeader(request)
|
||||
default:
|
||||
|
||||
@@ -4,18 +4,23 @@ import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/apikey"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
httperrors "github.com/portainer/portainer/api/http/errors"
|
||||
"github.com/portainer/portainer/pkg/featureflags"
|
||||
httperror "github.com/portainer/portainer/pkg/libhttp/error"
|
||||
"github.com/rs/zerolog/log"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
const apiKeyHeader = "X-API-KEY"
|
||||
const jwtTokenHeader = "Authorization"
|
||||
|
||||
type (
|
||||
BouncerService interface {
|
||||
PublicAccess(http.Handler) http.Handler
|
||||
@@ -30,6 +35,7 @@ type (
|
||||
TrustedEdgeEnvironmentAccess(dataservices.DataStoreTx, *portainer.Endpoint) error
|
||||
CookieAuthLookup(*http.Request) (*portainer.TokenData, error)
|
||||
JWTAuthLookup(*http.Request) (*portainer.TokenData, error)
|
||||
RevokeJWT(string)
|
||||
}
|
||||
|
||||
// RequestBouncer represents an entity that manages API request accesses
|
||||
@@ -37,6 +43,9 @@ type (
|
||||
dataStore dataservices.DataStore
|
||||
jwtService portainer.JWTService
|
||||
apiKeyService apikey.APIKeyService
|
||||
revokedJWT sync.Map
|
||||
hsts bool
|
||||
csp bool
|
||||
}
|
||||
|
||||
// RestrictedRequestContext is a data structure containing information
|
||||
@@ -52,22 +61,30 @@ type (
|
||||
tokenLookup func(*http.Request) (*portainer.TokenData, error)
|
||||
)
|
||||
|
||||
const apiKeyHeader = "X-API-KEY"
|
||||
const jwtTokenHeader = "Authorization"
|
||||
var (
|
||||
ErrInvalidKey = errors.New("Invalid API key")
|
||||
ErrRevokedJWT = errors.New("the JWT has been revoked")
|
||||
)
|
||||
|
||||
// NewRequestBouncer initializes a new RequestBouncer
|
||||
func NewRequestBouncer(dataStore dataservices.DataStore, jwtService portainer.JWTService, apiKeyService apikey.APIKeyService) *RequestBouncer {
|
||||
return &RequestBouncer{
|
||||
b := &RequestBouncer{
|
||||
dataStore: dataStore,
|
||||
jwtService: jwtService,
|
||||
apiKeyService: apiKeyService,
|
||||
hsts: featureflags.IsEnabled("hsts"),
|
||||
csp: featureflags.IsEnabled("csp"),
|
||||
}
|
||||
|
||||
go b.cleanUpExpiredJWT()
|
||||
|
||||
return b
|
||||
}
|
||||
|
||||
// PublicAccess defines a security check for public API endpoints.
|
||||
// No authentication is required to access these endpoints.
|
||||
func (bouncer *RequestBouncer) PublicAccess(h http.Handler) http.Handler {
|
||||
return mwSecureHeaders(h)
|
||||
return MWSecureHeaders(h, bouncer.hsts, bouncer.csp)
|
||||
}
|
||||
|
||||
// AdminAccess defines a security check for API endpoints that require an authorization check.
|
||||
@@ -196,7 +213,8 @@ func (bouncer *RequestBouncer) mwAuthenticatedUser(h http.Handler) http.Handler
|
||||
bouncer.CookieAuthLookup,
|
||||
bouncer.JWTAuthLookup,
|
||||
}, h)
|
||||
h = mwSecureHeaders(h)
|
||||
h = MWSecureHeaders(h, bouncer.hsts, bouncer.csp)
|
||||
|
||||
return h
|
||||
}
|
||||
|
||||
@@ -317,11 +335,15 @@ func (bouncer *RequestBouncer) CookieAuthLookup(r *http.Request) (*portainer.Tok
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
tokenData, err := bouncer.jwtService.ParseAndVerifyToken(token)
|
||||
tokenData, jti, _, err := bouncer.jwtService.ParseAndVerifyToken(token)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if _, ok := bouncer.revokedJWT.Load(jti); ok {
|
||||
return nil, ErrRevokedJWT
|
||||
}
|
||||
|
||||
return tokenData, nil
|
||||
}
|
||||
|
||||
@@ -333,15 +355,44 @@ func (bouncer *RequestBouncer) JWTAuthLookup(r *http.Request) (*portainer.TokenD
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
tokenData, err := bouncer.jwtService.ParseAndVerifyToken(token)
|
||||
tokenData, jti, _, err := bouncer.jwtService.ParseAndVerifyToken(token)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if _, ok := bouncer.revokedJWT.Load(jti); ok {
|
||||
return nil, ErrRevokedJWT
|
||||
}
|
||||
|
||||
return tokenData, nil
|
||||
}
|
||||
|
||||
var ErrInvalidKey = errors.New("Invalid API key")
|
||||
func (bouncer *RequestBouncer) RevokeJWT(token string) {
|
||||
_, jti, exp, err := bouncer.jwtService.ParseAndVerifyToken(token)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
bouncer.revokedJWT.Store(jti, exp)
|
||||
}
|
||||
|
||||
func (bouncer *RequestBouncer) cleanUpExpiredJWTPass() {
|
||||
bouncer.revokedJWT.Range(func(key, value any) bool {
|
||||
if time.Now().After(value.(time.Time)) {
|
||||
bouncer.revokedJWT.Delete(key)
|
||||
}
|
||||
|
||||
return true
|
||||
})
|
||||
}
|
||||
|
||||
func (bouncer *RequestBouncer) cleanUpExpiredJWT() {
|
||||
ticker := time.NewTicker(time.Hour)
|
||||
|
||||
for range ticker.C {
|
||||
bouncer.cleanUpExpiredJWTPass()
|
||||
}
|
||||
}
|
||||
|
||||
// apiKeyLookup looks up an verifies an api-key by:
|
||||
// - computing the digest of the raw api-key
|
||||
@@ -461,10 +512,17 @@ func extractAPIKey(r *http.Request) (string, bool) {
|
||||
return "", false
|
||||
}
|
||||
|
||||
// mwSecureHeaders provides secure headers middleware for handlers.
|
||||
func mwSecureHeaders(next http.Handler) http.Handler {
|
||||
// MWSecureHeaders provides secure headers middleware for handlers.
|
||||
func MWSecureHeaders(next http.Handler, hsts, csp bool) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("X-XSS-Protection", "1; mode=block")
|
||||
if hsts {
|
||||
w.Header().Set("Strict-Transport-Security", "max-age=31536000") // 365 days
|
||||
}
|
||||
|
||||
if csp {
|
||||
w.Header().Set("Content-Security-Policy", "script-src 'self' cdn.matomo.cloud")
|
||||
}
|
||||
|
||||
w.Header().Set("X-Content-Type-Options", "nosniff")
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/apikey"
|
||||
@@ -14,6 +15,7 @@ import (
|
||||
"github.com/portainer/portainer/api/jwt"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
// testHandler200 is a simple handler which returns HTTP status 200 OK
|
||||
@@ -459,3 +461,60 @@ func Test_ShouldSkipCSRFCheck(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestJWTRevocation(t *testing.T) {
|
||||
_, store := datastore.MustNewTestStore(t, true, true)
|
||||
|
||||
jwtService, err := jwt.NewService("1h", store)
|
||||
require.NoError(t, err)
|
||||
|
||||
err = store.User().Create(&portainer.User{ID: 1})
|
||||
require.NoError(t, err)
|
||||
|
||||
jwtService.SetUserSessionDuration(time.Second)
|
||||
|
||||
token, _, err := jwtService.GenerateToken(&portainer.TokenData{ID: 1})
|
||||
require.NoError(t, err)
|
||||
|
||||
apiKeyService := apikey.NewAPIKeyService(nil, nil)
|
||||
|
||||
bouncer := NewRequestBouncer(store, jwtService, apiKeyService)
|
||||
|
||||
r, err := http.NewRequest(http.MethodGet, "url", nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
r.Header.Add(jwtTokenHeader, "Bearer "+token)
|
||||
|
||||
r.AddCookie(&http.Cookie{Name: portainer.AuthCookieKey, Value: token})
|
||||
|
||||
_, err = bouncer.JWTAuthLookup(r)
|
||||
require.NoError(t, err)
|
||||
|
||||
_, err = bouncer.CookieAuthLookup(r)
|
||||
require.NoError(t, err)
|
||||
|
||||
bouncer.RevokeJWT(token)
|
||||
|
||||
revokeLen := func() (l int) {
|
||||
bouncer.revokedJWT.Range(func(key, value any) bool {
|
||||
l++
|
||||
|
||||
return true
|
||||
})
|
||||
|
||||
return l
|
||||
}
|
||||
require.Equal(t, 1, revokeLen())
|
||||
|
||||
_, err = bouncer.JWTAuthLookup(r)
|
||||
require.Error(t, err)
|
||||
|
||||
_, err = bouncer.CookieAuthLookup(r)
|
||||
require.Error(t, err)
|
||||
|
||||
time.Sleep(time.Second)
|
||||
|
||||
bouncer.cleanUpExpiredJWTPass()
|
||||
|
||||
require.Equal(t, 0, revokeLen())
|
||||
}
|
||||
|
||||
@@ -77,6 +77,7 @@ func edgeGroupRelatedToEndpoint(edgeGroup *portainer.EdgeGroup, endpoint *portai
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
@@ -84,12 +85,10 @@ func edgeGroupRelatedToEndpoint(edgeGroup *portainer.EdgeGroup, endpoint *portai
|
||||
if endpointGroup.TagIDs != nil {
|
||||
endpointTags = tag.Union(endpointTags, tag.Set(endpointGroup.TagIDs))
|
||||
}
|
||||
edgeGroupTags := tag.Set(edgeGroup.TagIDs)
|
||||
|
||||
if edgeGroup.PartialMatch {
|
||||
intersection := tag.Intersection(endpointTags, edgeGroupTags)
|
||||
return len(intersection) != 0
|
||||
return tag.PartialMatch(edgeGroup.TagIDs, endpointTags)
|
||||
}
|
||||
|
||||
return tag.FullMatch(edgeGroupTags, endpointTags)
|
||||
return tag.FullMatch(edgeGroup.TagIDs, endpointTags)
|
||||
}
|
||||
|
||||
+26
-27
@@ -1,64 +1,63 @@
|
||||
package tag
|
||||
|
||||
import portainer "github.com/portainer/portainer/api"
|
||||
import (
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
)
|
||||
|
||||
type tagSet map[portainer.TagID]bool
|
||||
type tagSet map[portainer.TagID]struct{}
|
||||
|
||||
// Set converts an array of ids to a set
|
||||
func Set(tagIDs []portainer.TagID) tagSet {
|
||||
set := map[portainer.TagID]bool{}
|
||||
set := map[portainer.TagID]struct{}{}
|
||||
for _, tagID := range tagIDs {
|
||||
set[tagID] = true
|
||||
set[tagID] = struct{}{}
|
||||
}
|
||||
|
||||
return set
|
||||
}
|
||||
|
||||
// Intersection returns a set intersection of the provided sets
|
||||
func Intersection(sets ...tagSet) tagSet {
|
||||
intersection := tagSet{}
|
||||
if len(sets) == 0 {
|
||||
return intersection
|
||||
// IntersectionCount returns the element count of the intersection of the sets
|
||||
func IntersectionCount(setA, setB tagSet) int {
|
||||
if len(setA) > len(setB) {
|
||||
setA, setB = setB, setA
|
||||
}
|
||||
setA := sets[0]
|
||||
|
||||
count := 0
|
||||
|
||||
for tag := range setA {
|
||||
inAll := true
|
||||
for _, setB := range sets {
|
||||
if !setB[tag] {
|
||||
inAll = false
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if inAll {
|
||||
intersection[tag] = true
|
||||
if _, ok := setB[tag]; ok {
|
||||
count++
|
||||
}
|
||||
}
|
||||
|
||||
return intersection
|
||||
return count
|
||||
}
|
||||
|
||||
// Union returns a set union of provided sets
|
||||
func Union(sets ...tagSet) tagSet {
|
||||
union := tagSet{}
|
||||
|
||||
for _, set := range sets {
|
||||
for tag := range set {
|
||||
union[tag] = true
|
||||
union[tag] = struct{}{}
|
||||
}
|
||||
}
|
||||
|
||||
return union
|
||||
}
|
||||
|
||||
// Contains return true if setA contains setB
|
||||
func Contains(setA tagSet, setB tagSet) bool {
|
||||
func Contains(setA tagSet, setB []portainer.TagID) bool {
|
||||
if len(setA) == 0 || len(setB) == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
for tag := range setB {
|
||||
if !setA[tag] {
|
||||
for _, tag := range setB {
|
||||
if _, ok := setA[tag]; !ok {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
@@ -67,8 +66,8 @@ func Difference(setA tagSet, setB tagSet) tagSet {
|
||||
set := tagSet{}
|
||||
|
||||
for tag := range setA {
|
||||
if !setB[tag] {
|
||||
set[tag] = true
|
||||
if _, ok := setB[tag]; !ok {
|
||||
set[tag] = struct{}{}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,11 +1,19 @@
|
||||
package tag
|
||||
|
||||
import portainer "github.com/portainer/portainer/api"
|
||||
|
||||
// FullMatch returns true if environment tags matches all edge group tags
|
||||
func FullMatch(edgeGroupTags tagSet, environmentTags tagSet) bool {
|
||||
func FullMatch(edgeGroupTags []portainer.TagID, environmentTags tagSet) bool {
|
||||
return Contains(environmentTags, edgeGroupTags)
|
||||
}
|
||||
|
||||
// PartialMatch returns true if environment tags matches at least one edge group tag
|
||||
func PartialMatch(edgeGroupTags tagSet, environmentTags tagSet) bool {
|
||||
return len(Intersection(edgeGroupTags, environmentTags)) != 0
|
||||
func PartialMatch(edgeGroupTags []portainer.TagID, environmentTags tagSet) bool {
|
||||
for _, tagID := range edgeGroupTags {
|
||||
if _, ok := environmentTags[tagID]; ok {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
@@ -9,49 +9,49 @@ import (
|
||||
func TestFullMatch(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
edgeGroupTags tagSet
|
||||
edgeGroupTags []portainer.TagID
|
||||
environmentTag tagSet
|
||||
expected bool
|
||||
}{
|
||||
{
|
||||
name: "environment tag partially match edge group tags",
|
||||
edgeGroupTags: Set([]portainer.TagID{1, 2, 3}),
|
||||
edgeGroupTags: []portainer.TagID{1, 2, 3},
|
||||
environmentTag: Set([]portainer.TagID{1, 2}),
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "edge group tags equal to environment tags",
|
||||
edgeGroupTags: Set([]portainer.TagID{1, 2}),
|
||||
edgeGroupTags: []portainer.TagID{1, 2},
|
||||
environmentTag: Set([]portainer.TagID{1, 2}),
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: "environment tags fully match edge group tags",
|
||||
edgeGroupTags: Set([]portainer.TagID{1, 2}),
|
||||
edgeGroupTags: []portainer.TagID{1, 2},
|
||||
environmentTag: Set([]portainer.TagID{1, 2, 3}),
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: "environment tags do not match edge group tags",
|
||||
edgeGroupTags: Set([]portainer.TagID{1, 2}),
|
||||
edgeGroupTags: []portainer.TagID{1, 2},
|
||||
environmentTag: Set([]portainer.TagID{3, 4}),
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "edge group has no tags and environment has tags",
|
||||
edgeGroupTags: Set([]portainer.TagID{}),
|
||||
edgeGroupTags: []portainer.TagID{},
|
||||
environmentTag: Set([]portainer.TagID{1, 2}),
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "edge group has tags and environment has no tags",
|
||||
edgeGroupTags: Set([]portainer.TagID{1, 2}),
|
||||
edgeGroupTags: []portainer.TagID{1, 2},
|
||||
environmentTag: Set([]portainer.TagID{}),
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "both edge group and environment have no tags",
|
||||
edgeGroupTags: Set([]portainer.TagID{}),
|
||||
edgeGroupTags: []portainer.TagID{},
|
||||
environmentTag: Set([]portainer.TagID{}),
|
||||
expected: false,
|
||||
},
|
||||
@@ -70,55 +70,55 @@ func TestFullMatch(t *testing.T) {
|
||||
func TestPartialMatch(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
edgeGroupTags tagSet
|
||||
edgeGroupTags []portainer.TagID
|
||||
environmentTag tagSet
|
||||
expected bool
|
||||
}{
|
||||
{
|
||||
name: "environment tags partially match edge group tags 1",
|
||||
edgeGroupTags: Set([]portainer.TagID{1, 2, 3}),
|
||||
edgeGroupTags: []portainer.TagID{1, 2, 3},
|
||||
environmentTag: Set([]portainer.TagID{1, 2}),
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: "environment tags partially match edge group tags 2",
|
||||
edgeGroupTags: Set([]portainer.TagID{1, 2, 3}),
|
||||
edgeGroupTags: []portainer.TagID{1, 2, 3},
|
||||
environmentTag: Set([]portainer.TagID{1, 4, 5}),
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: "edge group tags equal to environment tags",
|
||||
edgeGroupTags: Set([]portainer.TagID{1, 2}),
|
||||
edgeGroupTags: []portainer.TagID{1, 2},
|
||||
environmentTag: Set([]portainer.TagID{1, 2}),
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: "environment tags fully match edge group tags",
|
||||
edgeGroupTags: Set([]portainer.TagID{1, 2}),
|
||||
edgeGroupTags: []portainer.TagID{1, 2},
|
||||
environmentTag: Set([]portainer.TagID{1, 2, 3}),
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: "environment tags do not match edge group tags",
|
||||
edgeGroupTags: Set([]portainer.TagID{1, 2}),
|
||||
edgeGroupTags: []portainer.TagID{1, 2},
|
||||
environmentTag: Set([]portainer.TagID{3, 4}),
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "edge group has no tags and environment has tags",
|
||||
edgeGroupTags: Set([]portainer.TagID{}),
|
||||
edgeGroupTags: []portainer.TagID{},
|
||||
environmentTag: Set([]portainer.TagID{1, 2}),
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "edge group has tags and environment has no tags",
|
||||
edgeGroupTags: Set([]portainer.TagID{1, 2}),
|
||||
edgeGroupTags: []portainer.TagID{1, 2},
|
||||
environmentTag: Set([]portainer.TagID{}),
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "both edge group and environment have no tags",
|
||||
edgeGroupTags: Set([]portainer.TagID{}),
|
||||
edgeGroupTags: []portainer.TagID{},
|
||||
environmentTag: Set([]portainer.TagID{}),
|
||||
expected: false,
|
||||
},
|
||||
|
||||
@@ -7,49 +7,49 @@ import (
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
)
|
||||
|
||||
func TestIntersection(t *testing.T) {
|
||||
func TestIntersectionCount(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
setA tagSet
|
||||
setB tagSet
|
||||
expected tagSet
|
||||
expected int
|
||||
}{
|
||||
{
|
||||
name: "positive numbers set intersection",
|
||||
setA: Set([]portainer.TagID{1, 2, 3, 4, 5}),
|
||||
setB: Set([]portainer.TagID{4, 5, 6, 7}),
|
||||
expected: Set([]portainer.TagID{4, 5}),
|
||||
expected: 2,
|
||||
},
|
||||
{
|
||||
name: "empty setA intersection",
|
||||
setA: Set([]portainer.TagID{1, 2, 3}),
|
||||
setB: Set([]portainer.TagID{}),
|
||||
expected: Set([]portainer.TagID{}),
|
||||
expected: 0,
|
||||
},
|
||||
{
|
||||
name: "empty setB intersection",
|
||||
setA: Set([]portainer.TagID{}),
|
||||
setB: Set([]portainer.TagID{1, 2, 3}),
|
||||
expected: Set([]portainer.TagID{}),
|
||||
expected: 0,
|
||||
},
|
||||
{
|
||||
name: "no common elements sets intersection",
|
||||
setA: Set([]portainer.TagID{1, 2, 3}),
|
||||
setB: Set([]portainer.TagID{4, 5, 6}),
|
||||
expected: Set([]portainer.TagID{}),
|
||||
expected: 0,
|
||||
},
|
||||
{
|
||||
name: "equal sets intersection",
|
||||
setA: Set([]portainer.TagID{1, 2, 3}),
|
||||
setB: Set([]portainer.TagID{1, 2, 3}),
|
||||
expected: Set([]portainer.TagID{1, 2, 3}),
|
||||
expected: 3,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range cases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
result := Intersection(tc.setA, tc.setB)
|
||||
if !reflect.DeepEqual(result, tc.expected) {
|
||||
result := IntersectionCount(tc.setA, tc.setB)
|
||||
if result != tc.expected {
|
||||
t.Errorf("Expected %v, got %v", tc.expected, result)
|
||||
}
|
||||
})
|
||||
@@ -109,49 +109,49 @@ func TestContains(t *testing.T) {
|
||||
cases := []struct {
|
||||
name string
|
||||
setA tagSet
|
||||
setB tagSet
|
||||
setB []portainer.TagID
|
||||
expected bool
|
||||
}{
|
||||
{
|
||||
name: "setA contains setB",
|
||||
setA: Set([]portainer.TagID{1, 2, 3}),
|
||||
setB: Set([]portainer.TagID{1, 2}),
|
||||
setB: []portainer.TagID{1, 2},
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: "setA equals to setB",
|
||||
setA: Set([]portainer.TagID{1, 2}),
|
||||
setB: Set([]portainer.TagID{1, 2}),
|
||||
setB: []portainer.TagID{1, 2},
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: "setA contains parts of setB",
|
||||
setA: Set([]portainer.TagID{1, 2}),
|
||||
setB: Set([]portainer.TagID{1, 2, 3}),
|
||||
setB: []portainer.TagID{1, 2, 3},
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "setA does not contain setB",
|
||||
setA: Set([]portainer.TagID{1, 2}),
|
||||
setB: Set([]portainer.TagID{3, 4}),
|
||||
setB: []portainer.TagID{3, 4},
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "setA is empty and setB is not empty",
|
||||
setA: Set([]portainer.TagID{}),
|
||||
setB: Set([]portainer.TagID{1, 2}),
|
||||
setB: []portainer.TagID{1, 2},
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "setA is not empty and setB is empty",
|
||||
setA: Set([]portainer.TagID{1, 2}),
|
||||
setB: Set([]portainer.TagID{}),
|
||||
setB: []portainer.TagID{},
|
||||
expected: false,
|
||||
},
|
||||
{
|
||||
name: "setA is empty and setB is empty",
|
||||
setA: Set([]portainer.TagID{}),
|
||||
setB: Set([]portainer.TagID{}),
|
||||
setB: []portainer.TagID{},
|
||||
expected: false,
|
||||
},
|
||||
}
|
||||
|
||||
@@ -58,6 +58,8 @@ func (testRequestBouncer) JWTAuthLookup(r *http.Request) (*portainer.TokenData,
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (testRequestBouncer) RevokeJWT(jti string) {}
|
||||
|
||||
// AddTestSecurityCookie adds a security cookie to the request
|
||||
func AddTestSecurityCookie(r *http.Request, jwt string) {
|
||||
r.AddCookie(&http.Cookie{
|
||||
|
||||
+15
-7
@@ -7,9 +7,10 @@ import (
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/portainer/portainer/api/internal/securecookie"
|
||||
|
||||
"github.com/gofrs/uuid"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
@@ -103,7 +104,7 @@ func (service *Service) GenerateToken(data *portainer.TokenData) (string, time.T
|
||||
}
|
||||
|
||||
// ParseAndVerifyToken parses a JWT token and verify its validity. It returns an error if token is invalid.
|
||||
func (service *Service) ParseAndVerifyToken(token string) (*portainer.TokenData, error) {
|
||||
func (service *Service) ParseAndVerifyToken(token string) (*portainer.TokenData, string, time.Time, error) {
|
||||
scope := parseScope(token)
|
||||
secret := service.secrets[scope]
|
||||
parsedToken, err := jwt.ParseWithClaims(token, &claims{}, func(token *jwt.Token) (interface{}, error) {
|
||||
@@ -119,10 +120,10 @@ func (service *Service) ParseAndVerifyToken(token string) (*portainer.TokenData,
|
||||
|
||||
user, err := service.dataStore.User().Read(portainer.UserID(cl.UserID))
|
||||
if err != nil {
|
||||
return nil, errInvalidJWTToken
|
||||
return nil, "", time.Time{}, errInvalidJWTToken
|
||||
}
|
||||
if user.TokenIssueAt > cl.StandardClaims.IssuedAt {
|
||||
return nil, errInvalidJWTToken
|
||||
return nil, "", time.Time{}, errInvalidJWTToken
|
||||
}
|
||||
|
||||
return &portainer.TokenData{
|
||||
@@ -131,10 +132,11 @@ func (service *Service) ParseAndVerifyToken(token string) (*portainer.TokenData,
|
||||
Role: portainer.UserRole(cl.Role),
|
||||
Token: token,
|
||||
ForceChangePassword: cl.ForceChangePassword,
|
||||
}, nil
|
||||
}, cl.Id, time.Unix(cl.ExpiresAt, 0), nil
|
||||
}
|
||||
}
|
||||
return nil, errInvalidJWTToken
|
||||
|
||||
return nil, "", time.Time{}, errInvalidJWTToken
|
||||
}
|
||||
|
||||
// parse a JWT token, fallback to defaultScope if no scope is present in the JWT
|
||||
@@ -173,6 +175,11 @@ func (service *Service) generateSignedToken(data *portainer.TokenData, expiresAt
|
||||
expiresAt = time.Now().Add(time.Hour * 8760 * 99).Unix()
|
||||
}
|
||||
|
||||
uuid, err := uuid.NewV4()
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("unable to generate the JWT ID: %w", err)
|
||||
}
|
||||
|
||||
cl := claims{
|
||||
UserID: int(data.ID),
|
||||
Username: data.Username,
|
||||
@@ -180,6 +187,7 @@ func (service *Service) generateSignedToken(data *portainer.TokenData, expiresAt
|
||||
Scope: scope,
|
||||
ForceChangePassword: data.ForceChangePassword,
|
||||
StandardClaims: jwt.StandardClaims{
|
||||
Id: uuid.String(),
|
||||
ExpiresAt: expiresAt,
|
||||
IssuedAt: time.Now().Unix(),
|
||||
},
|
||||
|
||||
@@ -6,8 +6,10 @@ import (
|
||||
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/datastore"
|
||||
i "github.com/portainer/portainer/api/internal/testhelpers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestGenerateSignedToken(t *testing.T) {
|
||||
@@ -55,3 +57,56 @@ func TestGenerateSignedToken_InvalidScope(t *testing.T) {
|
||||
assert.Error(t, err)
|
||||
assert.Equal(t, "invalid scope: testing", err.Error())
|
||||
}
|
||||
|
||||
func TestGenerationAndParsing(t *testing.T) {
|
||||
_, store := datastore.MustNewTestStore(t, true, false)
|
||||
|
||||
err := store.User().Create(&portainer.User{ID: 1})
|
||||
require.NoError(t, err)
|
||||
|
||||
service, err := NewService("1h", store)
|
||||
require.NoError(t, err)
|
||||
|
||||
expectedToken := &portainer.TokenData{
|
||||
Username: "User",
|
||||
ID: 1,
|
||||
Role: 1,
|
||||
}
|
||||
|
||||
tokenString, _, err := service.GenerateToken(expectedToken)
|
||||
require.NoError(t, err)
|
||||
|
||||
expectedToken.Token = tokenString
|
||||
|
||||
token, _, _, err := service.ParseAndVerifyToken(tokenString)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, expectedToken, token)
|
||||
}
|
||||
|
||||
func TestExpiration(t *testing.T) {
|
||||
_, store := datastore.MustNewTestStore(t, true, false)
|
||||
|
||||
err := store.User().Create(&portainer.User{ID: 1})
|
||||
require.NoError(t, err)
|
||||
|
||||
service, err := NewService("1h", store)
|
||||
require.NoError(t, err)
|
||||
|
||||
expectedToken := &portainer.TokenData{
|
||||
Username: "User",
|
||||
ID: 1,
|
||||
Role: 1,
|
||||
}
|
||||
|
||||
service.SetUserSessionDuration(time.Second)
|
||||
|
||||
tokenString, _, err := service.GenerateToken(expectedToken)
|
||||
require.NoError(t, err)
|
||||
|
||||
expectedToken.Token = tokenString
|
||||
|
||||
time.Sleep(2 * time.Second)
|
||||
|
||||
_, _, _, err = service.ParseAndVerifyToken(tokenString)
|
||||
require.Error(t, err)
|
||||
}
|
||||
|
||||
+7
-3
@@ -1490,7 +1490,7 @@ type (
|
||||
JWTService interface {
|
||||
GenerateToken(data *TokenData) (string, time.Time, error)
|
||||
GenerateTokenForKubeconfig(data *TokenData) (string, error)
|
||||
ParseAndVerifyToken(token string) (*TokenData, error)
|
||||
ParseAndVerifyToken(token string) (*TokenData, string, time.Time, error)
|
||||
SetUserSessionDuration(userSessionDuration time.Duration)
|
||||
}
|
||||
|
||||
@@ -1601,7 +1601,7 @@ type (
|
||||
|
||||
const (
|
||||
// APIVersion is the version number of the Portainer API
|
||||
APIVersion = "2.21.0"
|
||||
APIVersion = "2.21.5"
|
||||
// Edition is what this edition of Portainer is called
|
||||
Edition = PortainerCE
|
||||
// ComposeSyntaxMaxVersion is a maximum supported version of the docker compose syntax
|
||||
@@ -1653,11 +1653,15 @@ const (
|
||||
|
||||
// List of supported features
|
||||
const (
|
||||
FeatureFdo = "fdo"
|
||||
FeatureFdo = "fdo"
|
||||
FeatureHSTS = "hsts"
|
||||
FeatureCSP = "csp"
|
||||
)
|
||||
|
||||
var SupportedFeatureFlags = []featureflags.Feature{
|
||||
FeatureFdo,
|
||||
FeatureHSTS,
|
||||
FeatureCSP,
|
||||
}
|
||||
|
||||
const (
|
||||
|
||||
Vendored
+1
@@ -0,0 +1 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" width="409.333" height="166.751"><defs><clipPath id="a" clipPathUnits="userSpaceOnUse"><path d="M0 0h612v792H0Z"/></clipPath><clipPath id="b" clipPathUnits="userSpaceOnUse"><path d="M0 0h612v792H0Z"/></clipPath></defs><g style="fill:#09c;fill-opacity:1"><path d="M0 0c-6.127 1.862-10.58 7.517-10.58 14.209 0 6.763 4.548 12.465 10.768 14.279.637.189.472.59-.306.59-8.271 0-14.986-6.669-14.986-14.869S-8.389-.66-.118-.66C.66-.66.707-.212 0 0" style="fill:#09c;fill-opacity:1;fill-rule:nonzero;stroke:none" transform="matrix(5.60732 0 0 -5.60732 84.693 163.05)"/></g><g style="fill:#000"><path d="M0 0a10 10 0 0 0-.071 1.202 11.797 11.797 0 0 0 11.806 11.805c6.173 0 8.011-2.757 8.247-2.568.259.188-2.239 5.655-9.473 5.655A11.796 11.796 0 0 1-1.296 4.289c0-1.508.283-2.946.801-4.265C-.283-.542.047-.542 0 0" style="fill:#09c;fill-opacity:1;fill-rule:nonzero;stroke:none" transform="matrix(5.60732 0 0 -5.60732 41.355 102.799)"/></g><g style="fill:#09c;fill-opacity:1"><path d="M0 0c3.063 1.343 6.928 1.39 10.721.047 2.545-.895 4.03-2.168 4.148-2.097.212.094-1.485 2.757-4.525 3.912A10.79 10.79 0 0 1-.165.259C-.495 0-.377-.165 0 0" style="fill:#09c;fill-opacity:1;fill-rule:nonzero;stroke:none" transform="matrix(5.60732 0 0 -5.60732 69.102 55.1)"/></g><g style="fill:#f93;fill-opacity:1"><path d="M0 0c0-.848-.707-1.555-1.555-1.555-.849 0-1.555.683-1.555 1.555 0 .848.683 1.555 1.555 1.555S0 .872 0 0" style="fill:#f93;fill-opacity:1;fill-rule:nonzero;stroke:none" transform="matrix(5.60732 0 0 -5.60732 409.333 86.283)"/></g><path d="m525.457 729.914.188-2.074h3.276l-1.108 12.041h-4.877l-6.174-12.04h3.346l1.037 2.073zm-.165 2.333H522.3l2.57 5.207h.022zM533.469 733.096h.495l2.333 3.18h3.039l-3.228-4.052 1.98-4.383h-3.229l-1.296 3.417h-.471l-.73-3.417h-2.757l2.544 12.04h2.757z" style="fill:#f93;fill-opacity:1;fill-rule:nonzero;stroke:none" transform="matrix(5.60732 0 0 -5.60732 -2820.89 4227.904)"/><g clip-path="url(#b)" style="fill:#f93;fill-opacity:1" transform="matrix(5.60732 0 0 -5.60732 -2820.89 4227.904)"><g style="fill:#f93;fill-opacity:1"><path d="M0 0h2.757l1.107 5.255C4.477 8.153 3.37 8.506.542 8.506c-1.979 0-3.888.024-4.43-2.591h2.757c.165.754.636.918 1.32.918 1.201 0 1.154-.494.989-1.272L.895 4.218H.778c-.095.966-1.32.942-2.098.942-2.002 0-3.181-.636-3.605-2.662-.447-2.144.566-2.616 2.498-2.616.966 0 2.262.189 2.71 1.343h.094Zm-.778 3.487c.896 0 1.485-.07 1.343-.777C.377 1.838 0 1.673-1.155 1.673c-.424 0-1.201 0-1.013.919.165.778.707.895 1.39.895" style="fill:#f93;fill-opacity:1;fill-rule:nonzero;stroke:none" transform="translate(543.649 727.84)"/></g><g style="fill:#f93;fill-opacity:1"><path d="m0 0-.259-1.178h.118C.401-.188 1.508.094 2.451.094c1.178 0 2.356-.212 2.191-1.649h.118C5.16-.353 6.386.094 7.446.094c1.956 0 2.781-.801 2.356-2.757L8.577-8.436H5.82l1.037 4.878c.141.872.283 1.532-.778 1.532-1.084 0-1.437-.707-1.626-1.626L3.44-8.436H.683l1.084 5.114c.142.777.189 1.296-.777 1.296-1.131 0-1.485-.613-1.697-1.626L-1.72-8.436h-2.757L-2.686 0Z" style="fill:#f93;fill-opacity:1;fill-rule:nonzero;stroke:none" transform="translate(551.99 736.277)"/></g><g style="fill:#f93;fill-opacity:1"><path d="M0 0h2.757l1.131 5.255c.613 2.898-.495 3.251-3.322 3.251-1.98 0-3.889.024-4.43-2.591h2.757c.164.754.636.918 1.319.918 1.202 0 1.155-.494.99-1.272L.919 4.218H.801c-.094.966-1.319.942-2.097.942-2.003 0-3.181-.636-3.605-2.662-.448-2.144.565-2.616 2.497-2.616.967 0 2.263.189 2.71 1.343h.095Zm-.754 3.487c.895 0 1.484-.07 1.343-.777-.188-.872-.565-1.037-1.72-1.037-.424 0-1.202 0-1.013.919.165.778.707.895 1.39.895" style="fill:#f93;fill-opacity:1;fill-rule:nonzero;stroke:none" transform="translate(566.906 727.84)"/></g></g><path d="M573.669 727.84h-2.757l1.767 8.437h2.78z" style="fill:#f93;fill-opacity:1;fill-rule:nonzero;stroke:none" transform="matrix(5.60732 0 0 -5.60732 -2820.89 4227.904)"/></svg>
|
||||
|
After Width: | Height: | Size: 3.8 KiB |
Vendored
-1
@@ -1 +0,0 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" viewBox="0 0 32 32"><path d="M9.545 14.42l-1.2-8.258L3.37 3.074l1.612 7.8 4.562 3.556zm1.38 9.443l-.852-5.823-4.356-3.63 1.17 5.648 4.038 3.804zm-3.383-.64l.862 4.165 3.596 3.817L11.386 27l-3.842-3.78zm11.644-1.806l-1.837-1.402.014.33a.19.19 0 0 1-.084.166l-1.386.934 1.507 1.23c.02.02.03.027.035.036l.022.042c.008.027.01.037.01.048l.064 1.45 1.7 1.423-.036-4.26zm6.3-4.507l-.36 4.153-1.2-.828.13-2.118c0-.024-.002-.033-.003-.04-.006-.032-.012-.046-.02-.06s-.02-.028-.032-.04a.23.23 0 0 0-.032-.028l-2.56-1.69.037-1.856 4.03 2.51" fill="#123d10"/><path d="M16.59 11.116l-.335-7.84-7.53 2.894 1.23 8.4 6.635-3.453zm.4 9.135l-.246-5.78-6.27 3.57.88 6.01 5.638-3.798zm.127 2.93l-5.333 3.816.648 4.422 4.872-3.88-.186-4.357zm2.465-1.762l.036 4.275 3.8-3.032.253-4.17-4.1 2.926zm9.48-6.782l-.534 3.955-2.998 2.4.352-4.068 3.18-2.276" fill="#33b652"/><path d="M17.472 22.812l-.008-.042a.21.21 0 0 0-.019-.044c-.015-.024-.023-.032-.03-.04l-1.52-1.24 1.386-.934a.19.19 0 0 0 .084-.166l-.014-.33 1.837 1.402.036 4.26-1.7-1.423-.062-1.44zm-7.398-4.772l.852 5.823-4.038-3.804-1.17-5.648 4.356 3.63zm6.904 2.212L11.34 24.05l-.88-6.01 6.27-3.57.246 5.78zm-.725-16.975l.335 7.84-6.635 3.453-1.23-8.4 7.53-2.894zM8.335 6.16l1.2 8.258-4.562-3.556-1.612-7.8L8.335 6.16zm.07 21.225l-.862-4.165L11.386 27l.615 4.203-3.596-3.817zm8.885.152l-4.872 3.88-.648-4.422 5.333-3.816.186 4.357zm6.116-4.876l-3.8 3.032-.036-4.275 4.1-2.926-.253 4.17zm.53-2.428l.13-2.118c0-.024-.002-.033-.003-.04-.006-.032-.012-.046-.02-.06s-.02-.028-.032-.04a.23.23 0 0 0-.032-.028l-2.56-1.69.037-1.856 4.03 2.51-.36 4.153-1.2-.828zm1.58.747l.352-4.068 3.18-2.276-.534 3.955-2.998 2.4zm3.97-6.77l-.006-.03c-.002-.01-.006-.02-.01-.03a.23.23 0 0 0-.027-.045c-.02-.023-.03-.03-.04-.038l-4.368-2.42c-.06-.033-.133-.032-.192.008l-3.674 2.246c-.006 0-.01.01-.016.013s-.013.01-.02.015l-.016.02c-.005.008-.01.01-.014.018s-.008.017-.01.026-.006.013-.008.02-.003.02-.004.03l-.042 1.97-1.494-.987c-.062-.04-.142-.042-.205 0l-2.15 1.314-.093-2.186-.007-.042c-.002-.008-.004-.013-.007-.02a.19.19 0 0 0-.011-.024c-.004-.008-.008-.013-.013-.02s-.01-.013-.015-.02-.012-.01-.02-.016l-2.25-1.514 2.094-1.1c.066-.034.106-.104.103-.178l-.352-8.228c-.001-.01-.003-.02-.005-.03-.006-.03-.013-.045-.022-.06s-.022-.03-.032-.04c-.017-.017-.022-.02-.028-.024-.017-.008-.02-.008-.022-.015L10.873.115a.19.19 0 0 0-.14-.011L3.036 2.502l-.05.028-.04.037c-.006.008-.01.015-.014.023s-.01.015-.013.024-.006.02-.01.03c-.006.03-.005.04-.005.05s0 .018.001.027l1.718 8.302c.01.044.034.084.07.112l2.33 1.817-1.685.802c-.02.008-.022.015-.026.016l-.027.023c-.022.024-.028.036-.034.047-.014.028-.02.045-.02.062a.24.24 0 0 0 .002.055l1.292 6.25a.19.19 0 0 0 .056.1l1.622 1.528-1.075.658c-.014.008-.026.02-.038.03-.017.02-.025.033-.032.045a.22.22 0 0 0-.021.065c-.002.018-.001.036.003.055l1 4.842c.007.034.024.066.048.092l4.048 4.298c.006.008.013.01.02.017.02.017.033.024.047.03.027.008.05.013.072.013s.038 0 .056-.01.022-.008.027-.015c.008 0 .014-.01.02-.014l5.223-4.157c.048-.04.074-.097.072-.157l-.122-2.85 1.74 1.464c.02.015.03.023.04.028s.02.008.025.015c.02.008.038.01.057.01s.037-.008.056-.01c.017-.008.022-.008.026-.015.01-.008.017-.01.026-.017l4.186-3.337c.043-.034.068-.084.072-.138l.127-2.09 1.27.884c.012.008.015.015.02.015.007.008.015.008.023.01.033.015.05.015.067.015s.038 0 .056-.01.02-.008.026-.015c.01-.008.02-.012.03-.018l3.415-2.722c.04-.03.064-.076.07-.124l.604-4.47.001-.037" fill="#231f20"/></svg>
|
||||
|
Before Width: | Height: | Size: 3.4 KiB |
@@ -5,7 +5,6 @@ function ImageHelperFactory() {
|
||||
return {
|
||||
isValidTag,
|
||||
createImageConfigForContainer,
|
||||
getImagesNamesForDownload,
|
||||
removeDigestFromRepository,
|
||||
imageContainsURL,
|
||||
};
|
||||
@@ -14,20 +13,6 @@ function ImageHelperFactory() {
|
||||
return tag.match(/^(?![\.\-])([a-zA-Z0-9\_\.\-])+$/g);
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param {Array<{tags: Array<string>; id: string;}>} images
|
||||
* @returns {{names: string[]}}}
|
||||
*/
|
||||
function getImagesNamesForDownload(images) {
|
||||
var names = images.map(function (image) {
|
||||
return image.tags[0] !== '<none>:<none>' ? image.tags[0] : image.id;
|
||||
});
|
||||
return {
|
||||
names,
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param {PorImageRegistryModel} registry
|
||||
|
||||
@@ -3,14 +3,6 @@ angular.module('portainer.docker').factory('VolumeHelper', [
|
||||
'use strict';
|
||||
var helper = {};
|
||||
|
||||
helper.createDriverOptions = function (optionArray) {
|
||||
var options = {};
|
||||
optionArray.forEach(function (option) {
|
||||
options[option.name] = option.value;
|
||||
});
|
||||
return options;
|
||||
};
|
||||
|
||||
helper.isVolumeUsedByAService = function (volume, services) {
|
||||
for (var i = 0; i < services.length; i++) {
|
||||
var service = services[i];
|
||||
|
||||
@@ -0,0 +1,33 @@
|
||||
type Data = {
|
||||
stream: string;
|
||||
errorDetail: { message: string };
|
||||
};
|
||||
|
||||
export class ImageBuildModel {
|
||||
hasError: boolean = false;
|
||||
|
||||
buildLogs: string[];
|
||||
|
||||
constructor(data: Data[]) {
|
||||
const buildLogs: string[] = [];
|
||||
|
||||
data.forEach((line) => {
|
||||
if (line.stream) {
|
||||
// convert unicode chars to readable chars
|
||||
const logLine = line.stream.replace(
|
||||
// eslint-disable-next-line no-control-regex
|
||||
/[\u001b\u009b][[()#;?]*(?:[0-9]{1,4}(?:;[0-9]{0,4})*)?[0-9A-ORZcf-nqry=><]/g,
|
||||
''
|
||||
);
|
||||
buildLogs.push(logLine);
|
||||
}
|
||||
|
||||
if (line.errorDetail) {
|
||||
buildLogs.push(line.errorDetail.message);
|
||||
this.hasError = true;
|
||||
}
|
||||
});
|
||||
|
||||
this.buildLogs = buildLogs;
|
||||
}
|
||||
}
|
||||
@@ -1,30 +0,0 @@
|
||||
import { ResourceControlViewModel } from '@/react/portainer/access-control/models/ResourceControlViewModel';
|
||||
|
||||
function b64DecodeUnicode(str) {
|
||||
try {
|
||||
return decodeURIComponent(
|
||||
atob(str)
|
||||
.split('')
|
||||
.map(function (c) {
|
||||
return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
|
||||
})
|
||||
.join('')
|
||||
);
|
||||
} catch (err) {
|
||||
return atob(str);
|
||||
}
|
||||
}
|
||||
|
||||
export function ConfigViewModel(data) {
|
||||
this.Id = data.ID;
|
||||
this.CreatedAt = data.CreatedAt;
|
||||
this.UpdatedAt = data.UpdatedAt;
|
||||
this.Version = data.Version.Index;
|
||||
this.Name = data.Spec.Name;
|
||||
this.Labels = data.Spec.Labels;
|
||||
this.Data = b64DecodeUnicode(data.Spec.Data);
|
||||
|
||||
if (data.Portainer && data.Portainer.ResourceControl) {
|
||||
this.ResourceControl = new ResourceControlViewModel(data.Portainer.ResourceControl);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,54 @@
|
||||
import { Config } from 'docker-types/generated/1.41';
|
||||
|
||||
import { IResource } from '@/react/docker/components/datatables/createOwnershipColumn';
|
||||
import { PortainerResponse } from '@/react/docker/types';
|
||||
import { ResourceControlViewModel } from '@/react/portainer/access-control/models/ResourceControlViewModel';
|
||||
|
||||
export class ConfigViewModel implements IResource {
|
||||
Id: string;
|
||||
|
||||
CreatedAt: string;
|
||||
|
||||
UpdatedAt: string;
|
||||
|
||||
Version: number;
|
||||
|
||||
Name: string;
|
||||
|
||||
Labels: Record<string, string>;
|
||||
|
||||
Data: string;
|
||||
|
||||
ResourceControl?: ResourceControlViewModel;
|
||||
|
||||
constructor(data: PortainerResponse<Config>) {
|
||||
this.Id = data.ID || '';
|
||||
this.CreatedAt = data.CreatedAt || '';
|
||||
this.UpdatedAt = data.UpdatedAt || '';
|
||||
this.Version = data.Version?.Index || 0;
|
||||
this.Name = data.Spec?.Name || '';
|
||||
this.Labels = data.Spec?.Labels || {};
|
||||
this.Data = b64DecodeUnicode(data.Spec?.Data || '');
|
||||
|
||||
if (data.Portainer && data.Portainer.ResourceControl) {
|
||||
this.ResourceControl = new ResourceControlViewModel(
|
||||
data.Portainer.ResourceControl
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function b64DecodeUnicode(str: string) {
|
||||
try {
|
||||
return decodeURIComponent(
|
||||
window
|
||||
.atob(str)
|
||||
.toString()
|
||||
.split('')
|
||||
.map((c) => `%${`00${c.charCodeAt(0).toString(16)}`.slice(-2)}`)
|
||||
.join('')
|
||||
);
|
||||
} catch (err) {
|
||||
return window.atob(str);
|
||||
}
|
||||
}
|
||||
@@ -1,145 +0,0 @@
|
||||
import _ from 'lodash-es';
|
||||
import { ResourceControlViewModel } from '@/react/portainer/access-control/models/ResourceControlViewModel';
|
||||
|
||||
export function createStatus(statusText) {
|
||||
var status = _.toLower(statusText);
|
||||
|
||||
if (status.indexOf('paused') > -1) {
|
||||
return 'paused';
|
||||
} else if (status.indexOf('dead') > -1) {
|
||||
return 'dead';
|
||||
} else if (status.indexOf('created') > -1) {
|
||||
return 'created';
|
||||
} else if (status.indexOf('exited') > -1) {
|
||||
return 'stopped';
|
||||
} else if (status.indexOf('(healthy)') > -1) {
|
||||
return 'healthy';
|
||||
} else if (status.indexOf('(unhealthy)') > -1) {
|
||||
return 'unhealthy';
|
||||
} else if (status.indexOf('(health: starting)') > -1) {
|
||||
return 'starting';
|
||||
}
|
||||
return 'running';
|
||||
}
|
||||
|
||||
export function ContainerViewModel(data) {
|
||||
this.Id = data.Id;
|
||||
this.Status = createStatus(data.Status);
|
||||
this.State = data.State;
|
||||
this.Created = data.Created;
|
||||
this.Names = data.Names;
|
||||
// Unavailable in Docker < 1.10
|
||||
if (data.NetworkSettings && !_.isEmpty(data.NetworkSettings.Networks)) {
|
||||
this.IP = data.NetworkSettings.Networks[Object.keys(data.NetworkSettings.Networks)[0]].IPAddress;
|
||||
}
|
||||
this.NetworkSettings = data.NetworkSettings;
|
||||
this.Image = data.Image;
|
||||
this.ImageID = data.ImageID;
|
||||
this.Command = data.Command;
|
||||
this.Checked = false;
|
||||
this.Labels = data.Labels;
|
||||
if (this.Labels && this.Labels['com.docker.compose.project']) {
|
||||
this.StackName = this.Labels['com.docker.compose.project'];
|
||||
} else if (this.Labels && this.Labels['com.docker.stack.namespace']) {
|
||||
this.StackName = this.Labels['com.docker.stack.namespace'];
|
||||
}
|
||||
this.Mounts = data.Mounts;
|
||||
|
||||
this.IsPortainer = data.IsPortainer;
|
||||
|
||||
this.Ports = [];
|
||||
if (data.Ports) {
|
||||
for (var i = 0; i < data.Ports.length; ++i) {
|
||||
var p = data.Ports[i];
|
||||
if (p.PublicPort) {
|
||||
this.Ports.push({ host: p.IP, private: p.PrivatePort, public: p.PublicPort });
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (data.Portainer) {
|
||||
if (data.Portainer.ResourceControl) {
|
||||
this.ResourceControl = new ResourceControlViewModel(data.Portainer.ResourceControl);
|
||||
}
|
||||
if (data.Portainer.Agent && data.Portainer.Agent.NodeName) {
|
||||
this.NodeName = data.Portainer.Agent.NodeName;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
export function ContainerStatsViewModel(data) {
|
||||
this.read = data.read;
|
||||
this.preread = data.preread;
|
||||
if (data.memory_stats.privateworkingset !== undefined) {
|
||||
// Windows
|
||||
this.MemoryUsage = data.memory_stats.privateworkingset;
|
||||
this.MemoryCache = 0;
|
||||
this.NumProcs = data.num_procs;
|
||||
this.isWindows = true;
|
||||
} else {
|
||||
// Linux
|
||||
if (data.memory_stats.stats === undefined || data.memory_stats.usage === undefined) {
|
||||
this.MemoryUsage = this.MemoryCache = 0;
|
||||
} else {
|
||||
this.MemoryCache = 0;
|
||||
if (data.memory_stats.stats.cache !== undefined) {
|
||||
// cgroups v1
|
||||
this.MemoryCache = data.memory_stats.stats.cache;
|
||||
}
|
||||
this.MemoryUsage = data.memory_stats.usage - this.MemoryCache;
|
||||
}
|
||||
}
|
||||
this.PreviousCPUTotalUsage = data.precpu_stats.cpu_usage.total_usage;
|
||||
this.PreviousCPUSystemUsage = data.precpu_stats.system_cpu_usage;
|
||||
this.CurrentCPUTotalUsage = data.cpu_stats.cpu_usage.total_usage;
|
||||
this.CurrentCPUSystemUsage = data.cpu_stats.system_cpu_usage;
|
||||
this.CPUCores = 1;
|
||||
if (data.cpu_stats.cpu_usage.percpu_usage) {
|
||||
this.CPUCores = data.cpu_stats.cpu_usage.percpu_usage.length;
|
||||
} else {
|
||||
if (data.cpu_stats.online_cpus !== undefined) {
|
||||
this.CPUCores = data.cpu_stats.online_cpus;
|
||||
}
|
||||
}
|
||||
this.Networks = _.values(data.networks);
|
||||
if (data.blkio_stats !== undefined && data.blkio_stats.io_service_bytes_recursive !== null) {
|
||||
//TODO: take care of multiple block devices
|
||||
var readData = data.blkio_stats.io_service_bytes_recursive.find((d) => d.op === 'Read');
|
||||
if (readData === undefined) {
|
||||
// try the cgroups v2 version
|
||||
readData = data.blkio_stats.io_service_bytes_recursive.find((d) => d.op === 'read');
|
||||
}
|
||||
if (readData !== undefined) {
|
||||
this.BytesRead = readData.value;
|
||||
}
|
||||
var writeData = data.blkio_stats.io_service_bytes_recursive.find((d) => d.op === 'Write');
|
||||
if (writeData === undefined) {
|
||||
// try the cgroups v2 version
|
||||
writeData = data.blkio_stats.io_service_bytes_recursive.find((d) => d.op === 'write');
|
||||
}
|
||||
if (writeData !== undefined) {
|
||||
this.BytesWrite = writeData.value;
|
||||
}
|
||||
} else {
|
||||
//no IO related data is available
|
||||
this.noIOdata = true;
|
||||
}
|
||||
}
|
||||
|
||||
export function ContainerDetailsViewModel(data) {
|
||||
this.Model = data;
|
||||
this.Id = data.Id;
|
||||
this.State = data.State;
|
||||
this.Created = data.Created;
|
||||
this.Name = data.Name;
|
||||
this.NetworkSettings = data.NetworkSettings;
|
||||
this.Args = data.Args;
|
||||
this.Image = data.Image;
|
||||
this.Config = data.Config;
|
||||
this.HostConfig = data.HostConfig;
|
||||
this.Mounts = data.Mounts;
|
||||
if (data.Portainer && data.Portainer.ResourceControl) {
|
||||
this.ResourceControl = new ResourceControlViewModel(data.Portainer.ResourceControl);
|
||||
}
|
||||
this.IsPortainer = data.IsPortainer;
|
||||
}
|
||||
@@ -0,0 +1,56 @@
|
||||
import { IResource } from '@/react/docker/components/datatables/createOwnershipColumn';
|
||||
import { ContainerDetailsResponse } from '@/react/docker/containers/queries/useContainer';
|
||||
import { PortainerResponse } from '@/react/docker/types';
|
||||
import { ResourceControlViewModel } from '@/react/portainer/access-control/models/ResourceControlViewModel';
|
||||
|
||||
export class ContainerDetailsViewModel
|
||||
implements IResource, Pick<PortainerResponse<unknown>, 'IsPortainer'>
|
||||
{
|
||||
Model: ContainerDetailsResponse;
|
||||
|
||||
Id: ContainerDetailsResponse['Id'];
|
||||
|
||||
State: ContainerDetailsResponse['State'];
|
||||
|
||||
Created: ContainerDetailsResponse['Created'];
|
||||
|
||||
Name: ContainerDetailsResponse['Name'];
|
||||
|
||||
NetworkSettings: ContainerDetailsResponse['NetworkSettings'];
|
||||
|
||||
Args: ContainerDetailsResponse['Args'];
|
||||
|
||||
Image: ContainerDetailsResponse['Image'];
|
||||
|
||||
Config: ContainerDetailsResponse['Config'];
|
||||
|
||||
HostConfig: ContainerDetailsResponse['HostConfig'];
|
||||
|
||||
Mounts: ContainerDetailsResponse['Mounts'];
|
||||
|
||||
// IResource
|
||||
ResourceControl?: ResourceControlViewModel;
|
||||
|
||||
// PortainerResponse
|
||||
IsPortainer?: ContainerDetailsResponse['IsPortainer'];
|
||||
|
||||
constructor(data: ContainerDetailsResponse) {
|
||||
this.Model = data;
|
||||
this.Id = data.Id;
|
||||
this.State = data.State;
|
||||
this.Created = data.Created;
|
||||
this.Name = data.Name;
|
||||
this.NetworkSettings = data.NetworkSettings;
|
||||
this.Args = data.Args;
|
||||
this.Image = data.Image;
|
||||
this.Config = data.Config;
|
||||
this.HostConfig = data.HostConfig;
|
||||
this.Mounts = data.Mounts;
|
||||
if (data.Portainer && data.Portainer.ResourceControl) {
|
||||
this.ResourceControl = new ResourceControlViewModel(
|
||||
data.Portainer.ResourceControl
|
||||
);
|
||||
}
|
||||
this.IsPortainer = data.IsPortainer;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,113 @@
|
||||
import { values } from 'lodash';
|
||||
|
||||
import { ContainerStats } from '@/react/docker/containers/queries/useContainerStats';
|
||||
import { ValueOf } from '@/types';
|
||||
|
||||
/**
|
||||
* This type is arbitrary and only defined based on what we use / observed from the API responses.
|
||||
*/
|
||||
export class ContainerStatsViewModel {
|
||||
read: string;
|
||||
|
||||
preread: string;
|
||||
|
||||
MemoryUsage: number;
|
||||
|
||||
MemoryCache: number = 0;
|
||||
|
||||
NumProcs: number = 0;
|
||||
|
||||
isWindows: boolean = false;
|
||||
|
||||
PreviousCPUTotalUsage: number;
|
||||
|
||||
PreviousCPUSystemUsage: number;
|
||||
|
||||
CurrentCPUTotalUsage: number;
|
||||
|
||||
CurrentCPUSystemUsage: number;
|
||||
|
||||
CPUCores: number;
|
||||
|
||||
Networks: ValueOf<NonNullable<ContainerStats['networks']>>[];
|
||||
|
||||
BytesRead: number = 0;
|
||||
|
||||
BytesWrite: number = 0;
|
||||
|
||||
noIOdata: boolean = false;
|
||||
|
||||
constructor(data: ContainerStats) {
|
||||
this.read = data.read || '';
|
||||
this.preread = data.preread || '';
|
||||
if (data?.memory_stats?.privateworkingset !== undefined) {
|
||||
// Windows
|
||||
this.MemoryUsage = data?.memory_stats?.privateworkingset;
|
||||
this.MemoryCache = 0;
|
||||
this.NumProcs = data.num_procs || 0;
|
||||
this.isWindows = true;
|
||||
}
|
||||
// Linux
|
||||
else if (
|
||||
data?.memory_stats?.stats === undefined ||
|
||||
data?.memory_stats?.usage === undefined
|
||||
) {
|
||||
this.MemoryUsage = 0;
|
||||
this.MemoryCache = 0;
|
||||
} else {
|
||||
this.MemoryCache = 0;
|
||||
if (data?.memory_stats?.stats?.cache !== undefined) {
|
||||
// cgroups v1
|
||||
this.MemoryCache = data.memory_stats.stats.cache;
|
||||
}
|
||||
this.MemoryUsage = data.memory_stats.usage - this.MemoryCache;
|
||||
}
|
||||
this.PreviousCPUTotalUsage =
|
||||
data?.precpu_stats?.cpu_usage?.total_usage || 0;
|
||||
this.PreviousCPUSystemUsage = data?.precpu_stats?.system_cpu_usage || 0;
|
||||
this.CurrentCPUTotalUsage = data?.cpu_stats?.cpu_usage?.total_usage || 0;
|
||||
this.CurrentCPUSystemUsage = data?.cpu_stats?.system_cpu_usage || 0;
|
||||
this.CPUCores = 1;
|
||||
|
||||
this.CPUCores =
|
||||
data?.cpu_stats?.cpu_usage?.percpu_usage?.length ??
|
||||
data?.cpu_stats?.online_cpus ??
|
||||
1;
|
||||
|
||||
this.Networks = values(data.networks);
|
||||
|
||||
if (
|
||||
data.blkio_stats !== undefined &&
|
||||
data.blkio_stats.io_service_bytes_recursive !== null
|
||||
) {
|
||||
// TODO: take care of multiple block devices
|
||||
let readData = data?.blkio_stats?.io_service_bytes_recursive?.find(
|
||||
(d) => d.op === 'Read'
|
||||
);
|
||||
if (readData === undefined) {
|
||||
// try the cgroups v2 version
|
||||
readData = data?.blkio_stats?.io_service_bytes_recursive?.find(
|
||||
(d) => d.op === 'read'
|
||||
);
|
||||
}
|
||||
if (readData !== undefined) {
|
||||
this.BytesRead = readData.value;
|
||||
}
|
||||
let writeData = data?.blkio_stats?.io_service_bytes_recursive?.find(
|
||||
(d) => d.op === 'Write'
|
||||
);
|
||||
if (writeData === undefined) {
|
||||
// try the cgroups v2 version
|
||||
writeData = data?.blkio_stats?.io_service_bytes_recursive?.find(
|
||||
(d) => d.op === 'write'
|
||||
);
|
||||
}
|
||||
if (writeData !== undefined) {
|
||||
this.BytesWrite = writeData.value;
|
||||
}
|
||||
} else {
|
||||
// no IO related data is available
|
||||
this.noIOdata = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,174 +0,0 @@
|
||||
function createEventDetails(event) {
|
||||
var eventAttr = event.Actor.Attributes;
|
||||
var details = '';
|
||||
|
||||
var action = event.Action;
|
||||
var extra = '';
|
||||
var hasColon = action.indexOf(':');
|
||||
if (hasColon != -1) {
|
||||
extra = action.substring(hasColon);
|
||||
action = action.substring(0, hasColon);
|
||||
}
|
||||
|
||||
switch (event.Type) {
|
||||
case 'container':
|
||||
switch (action) {
|
||||
case 'stop':
|
||||
details = 'Container ' + eventAttr.name + ' stopped';
|
||||
break;
|
||||
case 'destroy':
|
||||
details = 'Container ' + eventAttr.name + ' deleted';
|
||||
break;
|
||||
case 'create':
|
||||
details = 'Container ' + eventAttr.name + ' created';
|
||||
break;
|
||||
case 'start':
|
||||
details = 'Container ' + eventAttr.name + ' started';
|
||||
break;
|
||||
case 'kill':
|
||||
details = 'Container ' + eventAttr.name + ' killed';
|
||||
break;
|
||||
case 'die':
|
||||
details = 'Container ' + eventAttr.name + ' exited with status code ' + eventAttr.exitCode;
|
||||
break;
|
||||
case 'commit':
|
||||
details = 'Container ' + eventAttr.name + ' committed';
|
||||
break;
|
||||
case 'restart':
|
||||
details = 'Container ' + eventAttr.name + ' restarted';
|
||||
break;
|
||||
case 'pause':
|
||||
details = 'Container ' + eventAttr.name + ' paused';
|
||||
break;
|
||||
case 'unpause':
|
||||
details = 'Container ' + eventAttr.name + ' unpaused';
|
||||
break;
|
||||
case 'attach':
|
||||
details = 'Container ' + eventAttr.name + ' attached';
|
||||
break;
|
||||
case 'detach':
|
||||
details = 'Container ' + eventAttr.name + ' detached';
|
||||
break;
|
||||
case 'copy':
|
||||
details = 'Container ' + eventAttr.name + ' copied';
|
||||
break;
|
||||
case 'export':
|
||||
details = 'Container ' + eventAttr.name + ' exported';
|
||||
break;
|
||||
case 'health_status':
|
||||
details = 'Container ' + eventAttr.name + ' executed health status';
|
||||
break;
|
||||
case 'oom':
|
||||
details = 'Container ' + eventAttr.name + ' goes in out of memory';
|
||||
break;
|
||||
case 'rename':
|
||||
details = 'Container ' + eventAttr.name + ' renamed';
|
||||
break;
|
||||
case 'resize':
|
||||
details = 'Container ' + eventAttr.name + ' resized';
|
||||
break;
|
||||
case 'top':
|
||||
details = 'Showed running processes for container ' + eventAttr.name;
|
||||
break;
|
||||
case 'update':
|
||||
details = 'Container ' + eventAttr.name + ' updated';
|
||||
break;
|
||||
case 'exec_create':
|
||||
details = 'Exec instance created';
|
||||
break;
|
||||
case 'exec_start':
|
||||
details = 'Exec instance started';
|
||||
break;
|
||||
case 'exec_die':
|
||||
details = 'Exec instance exited';
|
||||
break;
|
||||
default:
|
||||
details = 'Unsupported event';
|
||||
}
|
||||
break;
|
||||
case 'image':
|
||||
switch (action) {
|
||||
case 'delete':
|
||||
details = 'Image deleted';
|
||||
break;
|
||||
case 'import':
|
||||
details = 'Image ' + event.Actor.ID + ' imported';
|
||||
break;
|
||||
case 'load':
|
||||
details = 'Image ' + event.Actor.ID + ' loaded';
|
||||
break;
|
||||
case 'tag':
|
||||
details = 'New tag created for ' + eventAttr.name;
|
||||
break;
|
||||
case 'untag':
|
||||
details = 'Image untagged';
|
||||
break;
|
||||
case 'save':
|
||||
details = 'Image ' + event.Actor.ID + ' saved';
|
||||
break;
|
||||
case 'pull':
|
||||
details = 'Image ' + event.Actor.ID + ' pulled';
|
||||
break;
|
||||
case 'push':
|
||||
details = 'Image ' + event.Actor.ID + ' pushed';
|
||||
break;
|
||||
default:
|
||||
details = 'Unsupported event';
|
||||
}
|
||||
break;
|
||||
case 'network':
|
||||
switch (action) {
|
||||
case 'create':
|
||||
details = 'Network ' + eventAttr.name + ' created';
|
||||
break;
|
||||
case 'destroy':
|
||||
details = 'Network ' + eventAttr.name + ' deleted';
|
||||
break;
|
||||
case 'remove':
|
||||
details = 'Network ' + eventAttr.name + ' removed';
|
||||
break;
|
||||
case 'connect':
|
||||
details = 'Container connected to ' + eventAttr.name + ' network';
|
||||
break;
|
||||
case 'disconnect':
|
||||
details = 'Container disconnected from ' + eventAttr.name + ' network';
|
||||
break;
|
||||
default:
|
||||
details = 'Unsupported event';
|
||||
}
|
||||
break;
|
||||
case 'volume':
|
||||
switch (action) {
|
||||
case 'create':
|
||||
details = 'Volume ' + event.Actor.ID + ' created';
|
||||
break;
|
||||
case 'destroy':
|
||||
details = 'Volume ' + event.Actor.ID + ' deleted';
|
||||
break;
|
||||
case 'mount':
|
||||
details = 'Volume ' + event.Actor.ID + ' mounted';
|
||||
break;
|
||||
case 'unmount':
|
||||
details = 'Volume ' + event.Actor.ID + ' unmounted';
|
||||
break;
|
||||
default:
|
||||
details = 'Unsupported event';
|
||||
}
|
||||
break;
|
||||
default:
|
||||
details = 'Unsupported event';
|
||||
}
|
||||
return details + extra;
|
||||
}
|
||||
|
||||
export function EventViewModel(data) {
|
||||
// Type, Action, Actor unavailable in Docker < 1.10
|
||||
this.Time = data.time;
|
||||
if (data.Type) {
|
||||
this.Type = data.Type;
|
||||
this.Details = createEventDetails(data);
|
||||
} else {
|
||||
this.Type = data.status;
|
||||
this.Details = data.from;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,134 @@
|
||||
import { EventMessage } from 'docker-types/generated/1.41';
|
||||
|
||||
type EventType = NonNullable<EventMessage['Type']>;
|
||||
type Action = string;
|
||||
|
||||
type Attributes = {
|
||||
id: string;
|
||||
name: string;
|
||||
exitCode: string;
|
||||
};
|
||||
|
||||
type EventToTemplateMap = Record<EventType, ActionToTemplateMap>;
|
||||
type ActionToTemplateMap = Record<Action, TemplateBuilder>;
|
||||
type TemplateBuilder = (attr: Attributes) => string;
|
||||
|
||||
/**
|
||||
* {
|
||||
* [EventType]: {
|
||||
* [Action]: TemplateBuilder,
|
||||
* [Action]: TemplateBuilder
|
||||
* },
|
||||
* [EventType]: {
|
||||
* [Action]: TemplateBuilder,
|
||||
* }
|
||||
* }
|
||||
*
|
||||
* EventType are known and defined by Docker specs
|
||||
* Action are unknown and specific for each EventType
|
||||
*/
|
||||
const templates: EventToTemplateMap = {
|
||||
builder: {},
|
||||
config: {},
|
||||
container: {
|
||||
stop: ({ name }) => `Container ${name} stopped`,
|
||||
destroy: ({ name }) => `Container ${name} deleted`,
|
||||
create: ({ name }) => `Container ${name} created`,
|
||||
start: ({ name }) => `Container ${name} started`,
|
||||
kill: ({ name }) => `Container ${name} killed`,
|
||||
die: ({ name, exitCode }) =>
|
||||
`Container ${name} exited with status code ${exitCode}`,
|
||||
commit: ({ name }) => `Container ${name} committed`,
|
||||
restart: ({ name }) => `Container ${name} restarted`,
|
||||
pause: ({ name }) => `Container ${name} paused`,
|
||||
unpause: ({ name }) => `Container ${name} unpaused`,
|
||||
attach: ({ name }) => `Container ${name} attached`,
|
||||
detach: ({ name }) => `Container ${name} detached`,
|
||||
copy: ({ name }) => `Container ${name} copied`,
|
||||
export: ({ name }) => `Container ${name} exported`,
|
||||
health_status: ({ name }) => `Container ${name} executed health status`,
|
||||
oom: ({ name }) => `Container ${name} goes in out of memory`,
|
||||
rename: ({ name }) => `Container ${name} renamed`,
|
||||
resize: ({ name }) => `Container ${name} resized`,
|
||||
top: ({ name }) => `Showed running processes for container ${name}`,
|
||||
update: ({ name }) => `Container ${name} updated`,
|
||||
exec_create: () => `Exec instance created`,
|
||||
exec_start: () => `Exec instance started`,
|
||||
exec_die: () => `Exec instance exited`,
|
||||
},
|
||||
daemon: {},
|
||||
image: {
|
||||
delete: () => `Image deleted`,
|
||||
import: ({ id }) => `Image ${id} imported`,
|
||||
load: ({ id }) => `Image ${id} loaded`,
|
||||
tag: ({ name }) => `New tag created for ${name}`,
|
||||
untag: () => `Image untagged`,
|
||||
save: ({ id }) => `Image ${id} saved`,
|
||||
pull: ({ id }) => `Image ${id} pulled`,
|
||||
push: ({ id }) => `Image ${id} pushed`,
|
||||
},
|
||||
network: {
|
||||
create: ({ name }) => `Network ${name} created`,
|
||||
destroy: ({ name }) => `Network ${name} deleted`,
|
||||
remove: ({ name }) => `Network ${name} removed`,
|
||||
connect: ({ name }) => `Container connected to ${name} network`,
|
||||
disconnect: ({ name }) => `Container disconnected from ${name} network`,
|
||||
prune: () => `Networks pruned`,
|
||||
},
|
||||
node: {},
|
||||
plugin: {},
|
||||
secret: {},
|
||||
service: {},
|
||||
volume: {
|
||||
create: ({ id }) => `Volume ${id} created`,
|
||||
destroy: ({ id }) => `Volume ${id} deleted`,
|
||||
mount: ({ id }) => `Volume ${id} mounted`,
|
||||
unmount: ({ id }) => `Volume ${id} unmounted`,
|
||||
},
|
||||
};
|
||||
|
||||
function createEventDetails(event: EventMessage) {
|
||||
const eventType = event.Type ?? '';
|
||||
|
||||
// An action can be `action:extra`
|
||||
// For example `docker exec -it CONTAINER sh`
|
||||
// Generates the action `exec_create: sh`
|
||||
let extra = '';
|
||||
let action = event.Action ?? '';
|
||||
const hasColon = action?.indexOf(':') ?? -1;
|
||||
if (hasColon !== -1) {
|
||||
extra = action?.substring(hasColon) ?? '';
|
||||
action = action?.substring(0, hasColon);
|
||||
}
|
||||
|
||||
const attr: Attributes = {
|
||||
id: event.Actor?.ID || '',
|
||||
name: event.Actor?.Attributes?.name || '',
|
||||
exitCode: event.Actor?.Attributes?.exitCode || '',
|
||||
};
|
||||
|
||||
// Event types are defined by the docker API specs
|
||||
// Each event has it own set of actions, which a unknown/not defined by specs
|
||||
// If the received event or action has no builder associated to it
|
||||
// We consider the event unsupported and we provide the raw data
|
||||
const detailsBuilder = templates[eventType as EventType]?.[action];
|
||||
const details = detailsBuilder
|
||||
? detailsBuilder(attr)
|
||||
: `Unsupported event: ${eventType} / ${action}`;
|
||||
|
||||
return details + extra;
|
||||
}
|
||||
|
||||
export class EventViewModel {
|
||||
Time: EventMessage['time'];
|
||||
|
||||
Type: EventMessage['Type'];
|
||||
|
||||
Details: string;
|
||||
|
||||
constructor(data: EventMessage) {
|
||||
this.Time = data.time;
|
||||
this.Type = data.Type;
|
||||
this.Details = createEventDetails(data);
|
||||
}
|
||||
}
|
||||
@@ -1,45 +0,0 @@
|
||||
export function ImageViewModel(data) {
|
||||
this.Id = data.Id;
|
||||
this.Tag = data.Tag;
|
||||
this.Repository = data.Repository;
|
||||
this.Created = data.Created;
|
||||
this.Checked = false;
|
||||
this.RepoTags = data.RepoTags;
|
||||
if ((!this.RepoTags || this.RepoTags.length === 0) && data.RepoDigests) {
|
||||
this.RepoTags = [];
|
||||
for (var i = 0; i < data.RepoDigests.length; i++) {
|
||||
var digest = data.RepoDigests[i];
|
||||
var repository = digest.substring(0, digest.indexOf('@'));
|
||||
this.RepoTags.push(repository + ':<none>');
|
||||
}
|
||||
}
|
||||
|
||||
this.Size = data.Size;
|
||||
this.Used = data.Used;
|
||||
|
||||
if (data.Portainer && data.Portainer.Agent && data.Portainer.Agent.NodeName) {
|
||||
this.NodeName = data.Portainer.Agent.NodeName;
|
||||
}
|
||||
this.Labels = data.Labels;
|
||||
}
|
||||
|
||||
export function ImageBuildModel(data) {
|
||||
this.hasError = false;
|
||||
var buildLogs = [];
|
||||
|
||||
for (var i = 0; i < data.length; i++) {
|
||||
var line = data[i];
|
||||
|
||||
if (line.stream) {
|
||||
line = line.stream.replace(/[\u001b\u009b][[()#;?]*(?:[0-9]{1,4}(?:;[0-9]{0,4})*)?[0-9A-ORZcf-nqry=><]/g, '');
|
||||
buildLogs.push(line);
|
||||
}
|
||||
|
||||
if (line.errorDetail) {
|
||||
buildLogs.push(line.errorDetail.message);
|
||||
this.hasError = true;
|
||||
}
|
||||
}
|
||||
|
||||
this.buildLogs = buildLogs;
|
||||
}
|
||||
@@ -0,0 +1,47 @@
|
||||
import { ImageSummary } from 'docker-types/generated/1.41';
|
||||
|
||||
import { PortainerResponse } from '@/react/docker/types';
|
||||
|
||||
export type ImageId = ImageSummary['Id'];
|
||||
export type ImageName = string;
|
||||
|
||||
/**
|
||||
* Partial copy of ImageSummary
|
||||
*/
|
||||
export class ImageViewModel {
|
||||
Id: ImageId;
|
||||
|
||||
Created: ImageSummary['Created'];
|
||||
|
||||
RepoTags: ImageSummary['RepoTags'];
|
||||
|
||||
Size: ImageSummary['Size'];
|
||||
|
||||
Labels: ImageSummary['Labels'];
|
||||
|
||||
// internal
|
||||
|
||||
NodeName: string;
|
||||
|
||||
Used: boolean = false;
|
||||
|
||||
constructor(data: PortainerResponse<ImageSummary>, used: boolean = false) {
|
||||
this.Id = data.Id;
|
||||
// this.Tag = data.Tag; // doesn't seem to be used?
|
||||
// this.Repository = data.Repository; // doesn't seem to be used?
|
||||
this.Created = data.Created;
|
||||
this.RepoTags = data.RepoTags;
|
||||
if ((!this.RepoTags || this.RepoTags.length === 0) && data.RepoDigests) {
|
||||
this.RepoTags = [];
|
||||
data.RepoDigests.forEach((digest) => {
|
||||
const repository = digest.substring(0, digest.indexOf('@'));
|
||||
this.RepoTags.push(`${repository}:<none>`);
|
||||
});
|
||||
}
|
||||
|
||||
this.Size = data.Size;
|
||||
this.NodeName = data.Portainer?.Agent?.NodeName || '';
|
||||
this.Labels = data.Labels;
|
||||
this.Used = used;
|
||||
}
|
||||
}
|
||||
@@ -1,27 +0,0 @@
|
||||
export function ImageDetailsViewModel(data) {
|
||||
this.Id = data.Id;
|
||||
this.Tag = data.Tag;
|
||||
this.Parent = data.Parent;
|
||||
this.Repository = data.Repository;
|
||||
this.Created = data.Created;
|
||||
this.Checked = false;
|
||||
this.RepoTags = data.RepoTags;
|
||||
this.Size = data.Size;
|
||||
this.DockerVersion = data.DockerVersion;
|
||||
this.Os = data.Os;
|
||||
this.Architecture = data.Architecture;
|
||||
this.Author = data.Author;
|
||||
this.Command = data.Config.Cmd;
|
||||
|
||||
let config = {};
|
||||
if (data.Config) {
|
||||
config = data.Config; // this is part of OCI images-spec
|
||||
} else if (data.ContainerConfig != null) {
|
||||
config = data.ContainerConfig; // not OCI ; has been removed in Docker 26 (API v1.45) along with .Container
|
||||
}
|
||||
this.Entrypoint = config.Entrypoint ? config.Entrypoint : '';
|
||||
this.ExposedPorts = config.ExposedPorts ? Object.keys(config.ExposedPorts) : [];
|
||||
this.Volumes = config.Volumes ? Object.keys(config.Volumes) : [];
|
||||
this.Env = config.Env ? config.Env : [];
|
||||
this.Labels = config.Labels;
|
||||
}
|
||||
@@ -0,0 +1,70 @@
|
||||
import { ImageInspect } from 'docker-types/generated/1.41';
|
||||
|
||||
type ImageInspectConfig = NonNullable<ImageInspect['Config']>;
|
||||
|
||||
export class ImageDetailsViewModel {
|
||||
Id: ImageInspect['Id'];
|
||||
|
||||
Parent: ImageInspect['Parent'];
|
||||
|
||||
Created: ImageInspect['Created'];
|
||||
|
||||
RepoTags: ImageInspect['RepoTags'];
|
||||
|
||||
Size: ImageInspect['Size'];
|
||||
|
||||
DockerVersion: ImageInspect['DockerVersion'];
|
||||
|
||||
Os: ImageInspect['Os'];
|
||||
|
||||
Architecture: ImageInspect['Architecture'];
|
||||
|
||||
Author: ImageInspect['Author'];
|
||||
|
||||
// Config sub fields
|
||||
|
||||
Command: ImageInspectConfig['Cmd'];
|
||||
|
||||
Entrypoint: Required<ImageInspectConfig['Entrypoint']>;
|
||||
|
||||
ExposedPorts: Required<ImageInspectConfig['ExposedPorts']>;
|
||||
|
||||
Volumes: Required<ImageInspectConfig>['Volumes'];
|
||||
|
||||
Env: Required<ImageInspectConfig>['Env'];
|
||||
|
||||
Labels: ImageInspectConfig['Labels'];
|
||||
|
||||
// computed fields
|
||||
|
||||
Used: boolean = false;
|
||||
|
||||
constructor(data: ImageInspect) {
|
||||
this.Id = data.Id;
|
||||
// this.Tag = data.Tag; // doesn't seem to be used?
|
||||
this.Parent = data.Parent;
|
||||
this.Created = data.Created;
|
||||
// this.Repository = data.Repository; // doesn't seem to be used?
|
||||
this.RepoTags = data.RepoTags;
|
||||
this.Size = data.Size;
|
||||
this.DockerVersion = data.DockerVersion;
|
||||
this.Os = data.Os;
|
||||
this.Architecture = data.Architecture;
|
||||
this.Author = data.Author;
|
||||
this.Command = data.Config?.Cmd;
|
||||
|
||||
let config: ImageInspect['Config'] = {};
|
||||
if (data.Config) {
|
||||
config = data.Config; // this is part of OCI images-spec
|
||||
} else if (data.ContainerConfig) {
|
||||
config = data.ContainerConfig; // not OCI ; has been removed in Docker 26 (API v1.45) along with .Container
|
||||
}
|
||||
this.Entrypoint = config.Entrypoint ?? [''];
|
||||
this.ExposedPorts = config.ExposedPorts
|
||||
? Object.keys(config.ExposedPorts)
|
||||
: [];
|
||||
this.Volumes = config.Volumes ? Object.keys(config.Volumes) : [];
|
||||
this.Env = config.Env ?? [];
|
||||
this.Labels = config.Labels;
|
||||
}
|
||||
}
|
||||
@@ -1,9 +0,0 @@
|
||||
export function ImageLayerViewModel(order, data) {
|
||||
this.Order = order;
|
||||
this.Id = data.Id;
|
||||
this.Created = data.Created;
|
||||
this.CreatedBy = data.CreatedBy;
|
||||
this.Size = data.Size;
|
||||
this.Comment = data.Comment;
|
||||
this.Tags = data.Tags;
|
||||
}
|
||||
@@ -0,0 +1,27 @@
|
||||
import { ImageLayer } from '@/react/docker/proxy/queries/images/useImageHistory';
|
||||
|
||||
export class ImageLayerViewModel implements ImageLayer {
|
||||
Id: ImageLayer['Id'];
|
||||
|
||||
Created: ImageLayer['Created'];
|
||||
|
||||
CreatedBy: ImageLayer['CreatedBy'];
|
||||
|
||||
Size: ImageLayer['Size'];
|
||||
|
||||
Comment: ImageLayer['Comment'];
|
||||
|
||||
Tags: ImageLayer['Tags'];
|
||||
|
||||
constructor(
|
||||
public Order: number,
|
||||
data: ImageLayer
|
||||
) {
|
||||
this.Id = data.Id;
|
||||
this.Created = data.Created;
|
||||
this.CreatedBy = data.CreatedBy;
|
||||
this.Size = data.Size;
|
||||
this.Comment = data.Comment;
|
||||
this.Tags = data.Tags;
|
||||
}
|
||||
}
|
||||
@@ -1,8 +1,21 @@
|
||||
import { IPAM, Network, NetworkContainer } from 'docker-types/generated/1.41';
|
||||
|
||||
import { ResourceControlViewModel } from '@/react/portainer/access-control/models/ResourceControlViewModel';
|
||||
import { IResource } from '@/react/docker/components/datatable/createOwnershipColumn';
|
||||
import { PortainerMetadata } from '@/react/docker/types';
|
||||
import { IResource } from '@/react/docker/components/datatables/createOwnershipColumn';
|
||||
import { PortainerResponse } from '@/react/docker/types';
|
||||
|
||||
// TODO later: aggregate NetworkViewModel and DockerNetwork types
|
||||
//
|
||||
// type MacvlanNetwork = {
|
||||
// ConfigFrom?: { Network: string };
|
||||
// ConfigOnly?: boolean;
|
||||
// };
|
||||
//
|
||||
// type NetworkViewModel = Network & {
|
||||
// StackName?: string;
|
||||
// NodeName?: string;
|
||||
// ResourceControl?: ResourceControlViewModel;
|
||||
// } & MacvlanNetwork;
|
||||
|
||||
export class NetworkViewModel implements IResource {
|
||||
Id: string;
|
||||
@@ -38,8 +51,7 @@ export class NetworkViewModel implements IResource {
|
||||
ResourceControl?: ResourceControlViewModel;
|
||||
|
||||
constructor(
|
||||
data: Network & {
|
||||
Portainer?: PortainerMetadata;
|
||||
data: PortainerResponse<Network> & {
|
||||
ConfigFrom?: { Network: string };
|
||||
ConfigOnly?: boolean;
|
||||
}
|
||||
|
||||
@@ -10,8 +10,6 @@ import {
|
||||
ResourceObject,
|
||||
} from 'docker-types/generated/1.41';
|
||||
|
||||
import { WithRequiredProperty } from '@/types';
|
||||
|
||||
export class NodeViewModel {
|
||||
Model: Node;
|
||||
|
||||
@@ -55,7 +53,7 @@ export class NodeViewModel {
|
||||
|
||||
Status: NodeStatus['State'];
|
||||
|
||||
Addr: WithRequiredProperty<NodeStatus, 'Addr'>['Addr'] = '';
|
||||
Addr: Required<NodeStatus>['Addr'] = '';
|
||||
|
||||
Leader: ManagerStatus['Leader'];
|
||||
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
// This model is based on https://github.com/moby/moby/blob/0ac25dfc751fa4304ab45afd5cd8705c2235d101/api/types/plugin.go#L8-L31
|
||||
// instead of the official documentation.
|
||||
// See: https://github.com/moby/moby/issues/34241
|
||||
export function PluginViewModel(data) {
|
||||
this.Id = data.Id;
|
||||
this.Name = data.Name;
|
||||
this.Enabled = data.Enabled;
|
||||
this.Config = data.Config;
|
||||
}
|
||||
@@ -1,8 +1,8 @@
|
||||
import { Secret } from 'docker-types/generated/1.41';
|
||||
|
||||
import { ResourceControlViewModel } from '@/react/portainer/access-control/models/ResourceControlViewModel';
|
||||
import { PortainerMetadata } from '@/react/docker/types';
|
||||
import { IResource } from '@/react/docker/components/datatable/createOwnershipColumn';
|
||||
import { PortainerResponse } from '@/react/docker/types';
|
||||
import { IResource } from '@/react/docker/components/datatables/createOwnershipColumn';
|
||||
|
||||
export class SecretViewModel implements IResource {
|
||||
Id: string;
|
||||
@@ -19,7 +19,7 @@ export class SecretViewModel implements IResource {
|
||||
|
||||
ResourceControl?: ResourceControlViewModel;
|
||||
|
||||
constructor(data: Secret & { Portainer?: PortainerMetadata }) {
|
||||
constructor(data: PortainerResponse<Secret>) {
|
||||
this.Id = data.ID || '';
|
||||
this.CreatedAt = data.CreatedAt || '';
|
||||
this.UpdatedAt = data.UpdatedAt || '';
|
||||
|
||||
@@ -9,15 +9,13 @@ import {
|
||||
} from 'docker-types/generated/1.41';
|
||||
|
||||
import { ResourceControlViewModel } from '@/react/portainer/access-control/models/ResourceControlViewModel';
|
||||
import { PortainerMetadata } from '@/react/docker/types';
|
||||
import { WithRequiredProperty } from '@/types';
|
||||
import { PortainerResponse } from '@/react/docker/types';
|
||||
|
||||
import { TaskViewModel } from './task';
|
||||
|
||||
type ContainerSpec = WithRequiredProperty<
|
||||
TaskSpec,
|
||||
'ContainerSpec'
|
||||
>['ContainerSpec'];
|
||||
type ContainerSpec = Required<TaskSpec>['ContainerSpec'];
|
||||
|
||||
export type ServiceId = string;
|
||||
|
||||
export class ServiceViewModel {
|
||||
Model: Service;
|
||||
@@ -140,7 +138,7 @@ export class ServiceViewModel {
|
||||
|
||||
ResourceControl?: ResourceControlViewModel;
|
||||
|
||||
constructor(data: Service & { Portainer?: PortainerMetadata }) {
|
||||
constructor(data: PortainerResponse<Service>) {
|
||||
this.Model = data;
|
||||
this.Id = data.ID || '';
|
||||
this.Tasks = [];
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
export function SwarmViewModel(data) {
|
||||
this.Id = data.ID;
|
||||
}
|
||||
+13
-11
@@ -1,25 +1,27 @@
|
||||
import { Task, TaskSpec, TaskState } from 'docker-types/generated/1.41';
|
||||
import { Task } from 'docker-types/generated/1.41';
|
||||
|
||||
import { DeepPick } from '@/types/deepPick';
|
||||
|
||||
export class TaskViewModel {
|
||||
Id: string;
|
||||
Id: NonNullable<Task['ID']>;
|
||||
|
||||
Created: string;
|
||||
Created: NonNullable<Task['CreatedAt']>;
|
||||
|
||||
Updated: string;
|
||||
Updated: NonNullable<Task['UpdatedAt']>;
|
||||
|
||||
Slot: number;
|
||||
Slot: NonNullable<Task['Slot']>;
|
||||
|
||||
Spec?: TaskSpec;
|
||||
Spec?: Task['Spec'];
|
||||
|
||||
Status: Task['Status'];
|
||||
Status?: Task['Status'];
|
||||
|
||||
DesiredState: TaskState;
|
||||
DesiredState: NonNullable<Task['DesiredState']>;
|
||||
|
||||
ServiceId: string;
|
||||
ServiceId: NonNullable<Task['ServiceID']>;
|
||||
|
||||
NodeId: string;
|
||||
NodeId: NonNullable<Task['NodeID']>;
|
||||
|
||||
ContainerId: string = '';
|
||||
ContainerId: DeepPick<Task, 'Status.ContainerStatus.ContainerID'>;
|
||||
|
||||
constructor(data: Task) {
|
||||
this.Id = data.ID || '';
|
||||
|
||||
+12
-12
@@ -1,33 +1,33 @@
|
||||
import { Volume } from 'docker-types/generated/1.41';
|
||||
|
||||
import { ResourceControlViewModel } from '@/react/portainer/access-control/models/ResourceControlViewModel';
|
||||
import { IResource } from '@/react/docker/components/datatable/createOwnershipColumn';
|
||||
import { PortainerMetadata } from '@/react/docker/types';
|
||||
import { IResource } from '@/react/docker/components/datatables/createOwnershipColumn';
|
||||
import { PortainerResponse } from '@/react/docker/types';
|
||||
|
||||
export class VolumeViewModel implements IResource {
|
||||
Id: string;
|
||||
Id: Volume['Name'];
|
||||
|
||||
CreatedAt: string | undefined;
|
||||
CreatedAt?: Volume['CreatedAt'];
|
||||
|
||||
Driver: string;
|
||||
Driver: Volume['Driver'];
|
||||
|
||||
Options: Record<string, string>;
|
||||
Options: Volume['Options'];
|
||||
|
||||
Labels: Record<string, string>;
|
||||
Labels: Volume['Labels'];
|
||||
|
||||
StackName?: string;
|
||||
Mountpoint: Volume['Mountpoint'];
|
||||
|
||||
Mountpoint: string;
|
||||
// Portainer properties
|
||||
|
||||
ResourceId?: string;
|
||||
|
||||
NodeName?: string;
|
||||
|
||||
StackName?: string;
|
||||
|
||||
ResourceControl?: ResourceControlViewModel;
|
||||
|
||||
constructor(
|
||||
data: Volume & { Portainer?: PortainerMetadata; ResourceID?: string }
|
||||
) {
|
||||
constructor(data: PortainerResponse<Volume> & { ResourceID?: string }) {
|
||||
this.Id = data.Name;
|
||||
this.CreatedAt = data.CreatedAt;
|
||||
this.Driver = data.Driver;
|
||||
|
||||
@@ -1,28 +0,0 @@
|
||||
import { API_ENDPOINT_ENDPOINTS } from '@/constants';
|
||||
import { jsonObjectsToArrayHandler } from './response/handlers';
|
||||
|
||||
angular.module('portainer.docker').factory('Build', [
|
||||
'$resource',
|
||||
function BuildFactory($resource) {
|
||||
'use strict';
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:endpointId/docker/build',
|
||||
{},
|
||||
{
|
||||
buildImage: {
|
||||
method: 'POST',
|
||||
ignoreLoadingBar: true,
|
||||
transformResponse: jsonObjectsToArrayHandler,
|
||||
isArray: true,
|
||||
headers: { 'Content-Type': 'application/x-tar' },
|
||||
},
|
||||
buildImageOverride: {
|
||||
method: 'POST',
|
||||
ignoreLoadingBar: true,
|
||||
transformResponse: jsonObjectsToArrayHandler,
|
||||
isArray: true,
|
||||
},
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,14 +0,0 @@
|
||||
angular.module('portainer.docker').factory('Commit', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
function CommitFactory($resource, API_ENDPOINT_ENDPOINTS) {
|
||||
'use strict';
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:environmentId/docker/commit',
|
||||
{},
|
||||
{
|
||||
commitContainer: { method: 'POST', params: { container: '@id', repo: '@repo' }, ignoreLoadingBar: true },
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,19 +0,0 @@
|
||||
angular.module('portainer.docker').factory('Config', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
function ConfigFactory($resource, API_ENDPOINT_ENDPOINTS) {
|
||||
'use strict';
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:environmentId/docker/configs/:id/:action',
|
||||
{
|
||||
environmentId: '@environmentId',
|
||||
},
|
||||
{
|
||||
get: { method: 'GET', params: { id: '@id' } },
|
||||
query: { method: 'GET', isArray: true },
|
||||
create: { method: 'POST', params: { action: 'create' }, ignoreLoadingBar: true },
|
||||
remove: { method: 'DELETE', params: { id: '@id' } },
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,73 +0,0 @@
|
||||
import { genericHandler, logsHandler } from './response/handlers';
|
||||
|
||||
angular.module('portainer.docker').factory('Container', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
function ContainerFactory($resource, API_ENDPOINT_ENDPOINTS) {
|
||||
'use strict';
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:environmentId/docker/containers/:id/:action',
|
||||
{
|
||||
name: '@name',
|
||||
environmentId: '@environmentId',
|
||||
},
|
||||
{
|
||||
query: {
|
||||
method: 'GET',
|
||||
params: { all: 0, action: 'json', filters: '@filters' },
|
||||
isArray: true,
|
||||
},
|
||||
get: {
|
||||
method: 'GET',
|
||||
params: { action: 'json' },
|
||||
},
|
||||
logs: {
|
||||
method: 'GET',
|
||||
params: { id: '@id', action: 'logs' },
|
||||
ignoreLoadingBar: true,
|
||||
transformResponse: logsHandler,
|
||||
},
|
||||
stats: {
|
||||
method: 'GET',
|
||||
params: { id: '@id', stream: false, action: 'stats' },
|
||||
ignoreLoadingBar: true,
|
||||
},
|
||||
top: {
|
||||
method: 'GET',
|
||||
params: { id: '@id', action: 'top' },
|
||||
ignoreLoadingBar: true,
|
||||
},
|
||||
create: {
|
||||
method: 'POST',
|
||||
params: { action: 'create' },
|
||||
transformResponse: genericHandler,
|
||||
ignoreLoadingBar: true,
|
||||
},
|
||||
exec: {
|
||||
method: 'POST',
|
||||
params: { id: '@id', action: 'exec' },
|
||||
transformResponse: genericHandler,
|
||||
ignoreLoadingBar: true,
|
||||
},
|
||||
inspect: {
|
||||
method: 'GET',
|
||||
params: { id: '@id', action: 'json' },
|
||||
},
|
||||
update: {
|
||||
method: 'POST',
|
||||
params: { id: '@id', action: 'update' },
|
||||
},
|
||||
prune: {
|
||||
method: 'POST',
|
||||
params: { action: 'prune', filters: '@filters' },
|
||||
},
|
||||
resize: {
|
||||
method: 'POST',
|
||||
params: { id: '@id', action: 'resize', h: '@height', w: '@width' },
|
||||
transformResponse: genericHandler,
|
||||
ignoreLoadingBar: true,
|
||||
},
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,24 +0,0 @@
|
||||
import { genericHandler } from './response/handlers';
|
||||
|
||||
angular.module('portainer.docker').factory('Exec', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
'EndpointProvider',
|
||||
function ExecFactory($resource, API_ENDPOINT_ENDPOINTS, EndpointProvider) {
|
||||
'use strict';
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:endpointId/docker/exec/:id/:action',
|
||||
{
|
||||
endpointId: EndpointProvider.endpointID,
|
||||
},
|
||||
{
|
||||
resize: {
|
||||
method: 'POST',
|
||||
params: { id: '@id', action: 'resize', h: '@height', w: '@width' },
|
||||
transformResponse: genericHandler,
|
||||
ignoreLoadingBar: true,
|
||||
},
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,57 +0,0 @@
|
||||
import { deleteImageHandler, jsonObjectsToArrayHandler } from './response/handlers';
|
||||
import { imageGetResponse } from './response/image';
|
||||
|
||||
angular.module('portainer.docker').factory('Image', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
'EndpointProvider',
|
||||
'HttpRequestHelper',
|
||||
function ImageFactory($resource, API_ENDPOINT_ENDPOINTS, EndpointProvider, HttpRequestHelper) {
|
||||
'use strict';
|
||||
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:endpointId/docker/images/:id/:action',
|
||||
{
|
||||
endpointId: EndpointProvider.endpointID,
|
||||
},
|
||||
{
|
||||
query: { method: 'GET', params: { all: 0, action: 'json' }, isArray: true },
|
||||
get: { method: 'GET', params: { action: 'json' } },
|
||||
search: { method: 'GET', params: { action: 'search' } },
|
||||
history: { method: 'GET', params: { action: 'history' }, isArray: true },
|
||||
insert: { method: 'POST', params: { id: '@id', action: 'insert' } },
|
||||
tag: { method: 'POST', params: { id: '@id', action: 'tag', force: 0, repo: '@repo' }, ignoreLoadingBar: true },
|
||||
inspect: { method: 'GET', params: { id: '@id', action: 'json' } },
|
||||
push: {
|
||||
method: 'POST',
|
||||
params: { action: 'push', id: '@imageName' },
|
||||
isArray: true,
|
||||
transformResponse: jsonObjectsToArrayHandler,
|
||||
headers: { 'X-Registry-Auth': HttpRequestHelper.registryAuthenticationHeader },
|
||||
ignoreLoadingBar: true,
|
||||
},
|
||||
create: {
|
||||
method: 'POST',
|
||||
params: { action: 'create', fromImage: '@fromImage' },
|
||||
isArray: true,
|
||||
transformResponse: jsonObjectsToArrayHandler,
|
||||
headers: { 'X-Registry-Auth': HttpRequestHelper.registryAuthenticationHeader },
|
||||
ignoreLoadingBar: true,
|
||||
},
|
||||
download: {
|
||||
method: 'GET',
|
||||
params: { action: 'get', names: '@names' },
|
||||
transformResponse: imageGetResponse,
|
||||
responseType: 'blob',
|
||||
ignoreLoadingBar: true,
|
||||
},
|
||||
remove: {
|
||||
method: 'DELETE',
|
||||
params: { id: '@id', force: '@force' },
|
||||
isArray: true,
|
||||
transformResponse: deleteImageHandler,
|
||||
},
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,44 +0,0 @@
|
||||
import { genericHandler } from './response/handlers';
|
||||
|
||||
angular.module('portainer.docker').factory('Network', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
'EndpointProvider',
|
||||
function NetworkFactory($resource, API_ENDPOINT_ENDPOINTS, EndpointProvider) {
|
||||
'use strict';
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:endpointId/docker/networks/:id/:action',
|
||||
{
|
||||
id: '@id',
|
||||
endpointId: EndpointProvider.endpointID,
|
||||
},
|
||||
{
|
||||
query: {
|
||||
method: 'GET',
|
||||
isArray: true,
|
||||
},
|
||||
get: {
|
||||
method: 'GET',
|
||||
},
|
||||
create: {
|
||||
method: 'POST',
|
||||
params: { action: 'create' },
|
||||
transformResponse: genericHandler,
|
||||
ignoreLoadingBar: true,
|
||||
},
|
||||
remove: {
|
||||
method: 'DELETE',
|
||||
transformResponse: genericHandler,
|
||||
},
|
||||
connect: {
|
||||
method: 'POST',
|
||||
params: { action: 'connect' },
|
||||
},
|
||||
disconnect: {
|
||||
method: 'POST',
|
||||
params: { action: 'disconnect' },
|
||||
},
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,20 +0,0 @@
|
||||
angular.module('portainer.docker').factory('Node', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
'EndpointProvider',
|
||||
function NodeFactory($resource, API_ENDPOINT_ENDPOINTS, EndpointProvider) {
|
||||
'use strict';
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:endpointId/docker/nodes/:id/:action',
|
||||
{
|
||||
endpointId: EndpointProvider.endpointID,
|
||||
},
|
||||
{
|
||||
query: { method: 'GET', isArray: true },
|
||||
get: { method: 'GET', params: { id: '@id' } },
|
||||
update: { method: 'POST', params: { id: '@id', action: 'update', version: '@version' } },
|
||||
remove: { method: 'DELETE', params: { id: '@id' } },
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,17 +0,0 @@
|
||||
angular.module('portainer.docker').factory('Plugin', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
'EndpointProvider',
|
||||
function PluginFactory($resource, API_ENDPOINT_ENDPOINTS, EndpointProvider) {
|
||||
'use strict';
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:endpointId/docker/plugins/:id/:action',
|
||||
{
|
||||
endpointId: EndpointProvider.endpointID,
|
||||
},
|
||||
{
|
||||
query: { method: 'GET', isArray: true },
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,81 +0,0 @@
|
||||
function isJSONArray(jsonString) {
|
||||
return Object.prototype.toString.call(jsonString) === '[object Array]';
|
||||
}
|
||||
|
||||
function isJSON(jsonString) {
|
||||
try {
|
||||
var o = JSON.parse(jsonString);
|
||||
if (o && typeof o === 'object') {
|
||||
return o;
|
||||
}
|
||||
} catch (e) {
|
||||
//empty
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// The Docker API often returns a list of JSON object.
|
||||
// This handler wrap the JSON objects in an array.
|
||||
// Used by the API in: Image push, Image create, Events query.
|
||||
export function jsonObjectsToArrayHandler(data) {
|
||||
// catching empty data helps the function not to fail and prevents unwanted error message to user.
|
||||
if (!data) {
|
||||
return [];
|
||||
}
|
||||
var str = '[' + data.replace(/\n/g, ' ').replace(/\}\s*\{/g, '}, {') + ']';
|
||||
return angular.fromJson(str);
|
||||
}
|
||||
|
||||
// The Docker API often returns an empty string or a valid JSON object on success (Docker 1.9 -> Docker 1.12).
|
||||
// On error, it returns either an error message as a string (Docker < 1.12) or a JSON object with the field message
|
||||
// container the error (Docker = 1.12)
|
||||
// This handler ensure a valid JSON object is returned in any case.
|
||||
// Used by the API in: container deletion, network deletion, network creation, volume creation,
|
||||
// container exec, exec resize.
|
||||
export function genericHandler(data) {
|
||||
var response = {};
|
||||
// No data is returned when deletion is successful (Docker 1.9 -> 1.12)
|
||||
if (!data) {
|
||||
return response;
|
||||
}
|
||||
// A string is returned on failure (Docker < 1.12)
|
||||
else if (!isJSON(data)) {
|
||||
response.message = data;
|
||||
}
|
||||
// Docker 1.12 returns a valid JSON object when an error occurs
|
||||
else {
|
||||
response = angular.fromJson(data);
|
||||
}
|
||||
return response;
|
||||
}
|
||||
|
||||
// The Docker API returns the logs as a single string.
|
||||
// This handler wraps the data in a JSON object under the "logs" property.
|
||||
export function logsHandler(data) {
|
||||
return {
|
||||
logs: data,
|
||||
};
|
||||
}
|
||||
|
||||
// Image delete API returns an array on success (Docker 1.9 -> Docker 1.12).
|
||||
// On error, it returns either an error message as a string (Docker < 1.12) or a JSON object with the field message
|
||||
// container the error (Docker = 1.12).
|
||||
// This handler returns the original array on success or a newly created array containing
|
||||
// only one JSON object with the field message filled with the error message on failure.
|
||||
export function deleteImageHandler(data) {
|
||||
// A string is returned on failure (Docker < 1.12)
|
||||
var response = [];
|
||||
if (!isJSON(data)) {
|
||||
response.push({ message: data });
|
||||
}
|
||||
// A JSON object is returned on failure (Docker = 1.12)
|
||||
else if (!isJSONArray(data)) {
|
||||
var json = angular.fromJson(data);
|
||||
response.push(json);
|
||||
}
|
||||
// An array is returned on success (Docker 1.9 -> 1.12)
|
||||
else {
|
||||
response = angular.fromJson(data);
|
||||
}
|
||||
return response;
|
||||
}
|
||||
@@ -1,9 +0,0 @@
|
||||
// The get action of the Image service returns a file.
|
||||
// ngResource will transform it as an array of chars.
|
||||
// This functions simply creates a response object and assign
|
||||
// the data to a field.
|
||||
export function imageGetResponse(data) {
|
||||
var response = {};
|
||||
response.file = data;
|
||||
return response;
|
||||
}
|
||||
@@ -1,20 +0,0 @@
|
||||
angular.module('portainer.docker').factory('Secret', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
'EndpointProvider',
|
||||
function SecretFactory($resource, API_ENDPOINT_ENDPOINTS, EndpointProvider) {
|
||||
'use strict';
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:endpointId/docker/secrets/:id/:action',
|
||||
{
|
||||
endpointId: EndpointProvider.endpointID,
|
||||
},
|
||||
{
|
||||
get: { method: 'GET', params: { id: '@id' } },
|
||||
query: { method: 'GET', isArray: true },
|
||||
create: { method: 'POST', params: { action: 'create' }, ignoreLoadingBar: true },
|
||||
remove: { method: 'DELETE', params: { id: '@id' } },
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,45 +0,0 @@
|
||||
import { logsHandler } from './response/handlers';
|
||||
|
||||
angular.module('portainer.docker').factory('Service', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
'EndpointProvider',
|
||||
'HttpRequestHelper',
|
||||
function ServiceFactory($resource, API_ENDPOINT_ENDPOINTS, EndpointProvider, HttpRequestHelper) {
|
||||
'use strict';
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:endpointId/docker/services/:id/:action',
|
||||
{
|
||||
endpointId: EndpointProvider.endpointID,
|
||||
},
|
||||
{
|
||||
get: { method: 'GET', params: { id: '@id' } },
|
||||
query: { method: 'GET', isArray: true, params: { filters: '@filters' } },
|
||||
create: {
|
||||
method: 'POST',
|
||||
params: { action: 'create' },
|
||||
headers: {
|
||||
'X-Registry-Auth': HttpRequestHelper.registryAuthenticationHeader,
|
||||
version: '1.29',
|
||||
},
|
||||
ignoreLoadingBar: true,
|
||||
},
|
||||
update: {
|
||||
method: 'POST',
|
||||
params: { id: '@id', action: 'update', version: '@version', rollback: '@rollback' },
|
||||
headers: {
|
||||
'X-Registry-Auth': (config) => btoa(JSON.stringify({ registryId: config.data.registryId })),
|
||||
version: '1.29',
|
||||
},
|
||||
},
|
||||
remove: { method: 'DELETE', params: { id: '@id' } },
|
||||
logs: {
|
||||
method: 'GET',
|
||||
params: { id: '@id', action: 'logs' },
|
||||
ignoreLoadingBar: true,
|
||||
transformResponse: logsHandler,
|
||||
},
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,17 +0,0 @@
|
||||
angular.module('portainer.docker').factory('Swarm', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
'EndpointProvider',
|
||||
function SwarmFactory($resource, API_ENDPOINT_ENDPOINTS, EndpointProvider) {
|
||||
'use strict';
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:endpointId/docker/swarm',
|
||||
{
|
||||
endpointId: EndpointProvider.endpointID,
|
||||
},
|
||||
{
|
||||
get: { method: 'GET' },
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,32 +0,0 @@
|
||||
import { jsonObjectsToArrayHandler } from './response/handlers';
|
||||
|
||||
angular.module('portainer.docker').factory('System', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
'EndpointProvider',
|
||||
function SystemFactory($resource, API_ENDPOINT_ENDPOINTS, EndpointProvider) {
|
||||
'use strict';
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:endpointId/docker/:action/:subAction',
|
||||
{
|
||||
name: '@name',
|
||||
endpointId: EndpointProvider.endpointID,
|
||||
},
|
||||
{
|
||||
info: {
|
||||
method: 'GET',
|
||||
params: { action: 'info' },
|
||||
},
|
||||
version: { method: 'GET', params: { action: 'version' } },
|
||||
events: {
|
||||
method: 'GET',
|
||||
params: { action: 'events', since: '@since', until: '@until' },
|
||||
isArray: true,
|
||||
transformResponse: jsonObjectsToArrayHandler,
|
||||
},
|
||||
auth: { method: 'POST', params: { action: 'auth' } },
|
||||
dataUsage: { method: 'GET', params: { action: 'system', subAction: 'df' } },
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,26 +0,0 @@
|
||||
import { logsHandler } from './response/handlers';
|
||||
|
||||
angular.module('portainer.docker').factory('Task', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
'EndpointProvider',
|
||||
function TaskFactory($resource, API_ENDPOINT_ENDPOINTS, EndpointProvider) {
|
||||
'use strict';
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:endpointId/docker/tasks/:id/:action',
|
||||
{
|
||||
endpointId: EndpointProvider.endpointID,
|
||||
},
|
||||
{
|
||||
get: { method: 'GET', params: { id: '@id' } },
|
||||
query: { method: 'GET', isArray: true, params: { filters: '@filters' } },
|
||||
logs: {
|
||||
method: 'GET',
|
||||
params: { id: '@id', action: 'logs' },
|
||||
ignoreLoadingBar: true,
|
||||
transformResponse: logsHandler,
|
||||
},
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,37 +0,0 @@
|
||||
import { genericHandler } from './response/handlers';
|
||||
|
||||
angular.module('portainer.docker').factory('Volume', [
|
||||
'$resource',
|
||||
'API_ENDPOINT_ENDPOINTS',
|
||||
'EndpointProvider',
|
||||
function VolumeFactory($resource, API_ENDPOINT_ENDPOINTS, EndpointProvider) {
|
||||
'use strict';
|
||||
|
||||
function addVolumeNameToHeader(config) {
|
||||
return config.data.Name || '';
|
||||
}
|
||||
|
||||
return $resource(
|
||||
API_ENDPOINT_ENDPOINTS + '/:endpointId/docker/volumes/:id/:action',
|
||||
{
|
||||
endpointId: EndpointProvider.endpointID,
|
||||
},
|
||||
{
|
||||
query: { method: 'GET' },
|
||||
get: { method: 'GET', params: { id: '@id' } },
|
||||
create: {
|
||||
method: 'POST',
|
||||
params: { action: 'create' },
|
||||
transformResponse: genericHandler,
|
||||
ignoreLoadingBar: true,
|
||||
headers: { 'X-Portainer-VolumeName': addVolumeNameToHeader },
|
||||
},
|
||||
remove: {
|
||||
method: 'DELETE',
|
||||
transformResponse: genericHandler,
|
||||
params: { id: '@id' },
|
||||
},
|
||||
}
|
||||
);
|
||||
},
|
||||
]);
|
||||
@@ -1,91 +1,65 @@
|
||||
import { ImageBuildModel } from '../models/image';
|
||||
import {
|
||||
buildImageFromDockerfileContent,
|
||||
buildImageFromDockerfileContentAndFiles,
|
||||
buildImageFromURL,
|
||||
buildImageFromUpload,
|
||||
} from '@/react/docker/images/queries/useBuildImageMutation';
|
||||
|
||||
angular.module('portainer.docker').factory('BuildService', [
|
||||
'$q',
|
||||
'Build',
|
||||
'FileUploadService',
|
||||
function BuildServiceFactory($q, Build, FileUploadService) {
|
||||
'use strict';
|
||||
var service = {};
|
||||
import { ImageBuildModel } from '../models/build';
|
||||
|
||||
service.buildImageFromUpload = function (endpointID, names, file, path) {
|
||||
var deferred = $q.defer();
|
||||
angular.module('portainer.docker').factory('BuildService', BuildServiceFactory);
|
||||
|
||||
FileUploadService.buildImage(endpointID, names, file, path)
|
||||
.then(function success(response) {
|
||||
var model = new ImageBuildModel(response.data);
|
||||
deferred.resolve(model);
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject(err);
|
||||
});
|
||||
/* @ngInject */
|
||||
function BuildServiceFactory(AngularToReact) {
|
||||
const { useAxios } = AngularToReact;
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
return {
|
||||
buildImageFromUpload: useAxios(buildImageFromUploadAngularJS), // build image
|
||||
buildImageFromURL: useAxios(buildImageFromURLAngularJS), // build image
|
||||
buildImageFromDockerfileContent: useAxios(buildImageFromDockerfileContentAngularJS), // build image
|
||||
buildImageFromDockerfileContentAndFiles: useAxios(buildImageFromDockerfileContentAndFilesAngularJS), // build image
|
||||
};
|
||||
|
||||
service.buildImageFromURL = function (endpointId, names, url, path) {
|
||||
var params = {
|
||||
endpointId,
|
||||
t: names,
|
||||
remote: url,
|
||||
dockerfile: path,
|
||||
};
|
||||
/**
|
||||
* @param {EnvironmentId} environmentId
|
||||
* @param {string[]} names
|
||||
* @param {File} file
|
||||
* @param {string} path
|
||||
*/
|
||||
async function buildImageFromUploadAngularJS(environmentId, names, file, path) {
|
||||
const data = await buildImageFromUpload(environmentId, names, file, path);
|
||||
return new ImageBuildModel(data);
|
||||
}
|
||||
|
||||
var deferred = $q.defer();
|
||||
/**
|
||||
* @param {EnvironmentId} environmentId
|
||||
* @param {string[]} names
|
||||
* @param {string} url
|
||||
* @param {string} path
|
||||
*/
|
||||
async function buildImageFromURLAngularJS(environmentId, names, url, path) {
|
||||
const data = await buildImageFromURL(environmentId, names, url, path);
|
||||
return new ImageBuildModel(data);
|
||||
}
|
||||
|
||||
Build.buildImage(params, {})
|
||||
.$promise.then(function success(data) {
|
||||
var model = new ImageBuildModel(data);
|
||||
deferred.resolve(model);
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject(err);
|
||||
});
|
||||
/**
|
||||
* @param {EnvironmentId} environmentId
|
||||
* @param {string[]} names
|
||||
* @param {string} content
|
||||
*/
|
||||
async function buildImageFromDockerfileContentAngularJS(environmentId, names, content) {
|
||||
const data = await buildImageFromDockerfileContent(environmentId, names, content);
|
||||
return new ImageBuildModel(data);
|
||||
}
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
|
||||
service.buildImageFromDockerfileContent = function (endpointId, names, content) {
|
||||
var params = {
|
||||
endpointId,
|
||||
t: names,
|
||||
};
|
||||
var payload = {
|
||||
content: content,
|
||||
};
|
||||
|
||||
var deferred = $q.defer();
|
||||
|
||||
Build.buildImageOverride(params, payload)
|
||||
.$promise.then(function success(data) {
|
||||
var model = new ImageBuildModel(data);
|
||||
deferred.resolve(model);
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject(err);
|
||||
});
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
|
||||
service.buildImageFromDockerfileContentAndFiles = function (endpointID, names, content, files) {
|
||||
var dockerfile = new Blob([content], { type: 'text/plain' });
|
||||
var uploadFiles = [dockerfile].concat(files);
|
||||
|
||||
var deferred = $q.defer();
|
||||
|
||||
FileUploadService.buildImageFromFiles(endpointID, names, uploadFiles)
|
||||
.then(function success(response) {
|
||||
var model = new ImageBuildModel(response.data);
|
||||
deferred.resolve(model);
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject(err);
|
||||
});
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
|
||||
return service;
|
||||
},
|
||||
]);
|
||||
/**
|
||||
* @param {EnvironmentId} environmentId
|
||||
* @param {string[]} names
|
||||
* @param {string} content
|
||||
* @param {File[]} files
|
||||
*/
|
||||
async function buildImageFromDockerfileContentAndFilesAngularJS(environmentId, names, content, files) {
|
||||
const data = await buildImageFromDockerfileContentAndFiles(environmentId, names, content, files);
|
||||
return new ImageBuildModel(data);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,66 +1,37 @@
|
||||
import { getConfig } from '@/react/docker/configs/queries/useConfig';
|
||||
import { getConfigs } from '@/react/docker/configs/queries/useConfigs';
|
||||
|
||||
import { deleteConfig } from '@/react/docker/configs/queries/useDeleteConfigMutation';
|
||||
import { createConfig } from '@/react/docker/configs/queries/useCreateConfigMutation';
|
||||
import { ConfigViewModel } from '../models/config';
|
||||
|
||||
angular.module('portainer.docker').factory('ConfigService', [
|
||||
'$q',
|
||||
'Config',
|
||||
function ConfigServiceFactory($q, Config) {
|
||||
'use strict';
|
||||
var service = {};
|
||||
angular.module('portainer.docker').factory('ConfigService', ConfigServiceFactory);
|
||||
|
||||
service.config = function (environmentId, configId) {
|
||||
var deferred = $q.defer();
|
||||
/* @ngInspect */
|
||||
function ConfigServiceFactory(AngularToReact) {
|
||||
const { useAxios } = AngularToReact;
|
||||
|
||||
Config.get({ id: configId, environmentId })
|
||||
.$promise.then(function success(data) {
|
||||
var config = new ConfigViewModel(data);
|
||||
deferred.resolve(config);
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject({ msg: 'Unable to retrieve config details', err: err });
|
||||
});
|
||||
return {
|
||||
configs: useAxios(listConfigsAngularJS), // config list + service create + service edit
|
||||
config: useAxios(getConfigAngularJS), // config create + config edit
|
||||
remove: useAxios(deleteConfig), // config list + config edit
|
||||
create: useAxios(createConfig), // config create
|
||||
};
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
/**
|
||||
* @param {EnvironmentId} environmentId
|
||||
*/
|
||||
async function listConfigsAngularJS(environmentId) {
|
||||
const data = await getConfigs(environmentId);
|
||||
return data.map((c) => new ConfigViewModel(c));
|
||||
}
|
||||
|
||||
service.configs = function (environmentId) {
|
||||
var deferred = $q.defer();
|
||||
|
||||
Config.query({ environmentId })
|
||||
.$promise.then(function success(data) {
|
||||
var configs = data.map(function (item) {
|
||||
return new ConfigViewModel(item);
|
||||
});
|
||||
deferred.resolve(configs);
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject({ msg: 'Unable to retrieve configs', err: err });
|
||||
});
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
|
||||
service.remove = function (environmentId, configId) {
|
||||
var deferred = $q.defer();
|
||||
|
||||
Config.remove({ environmentId, id: configId })
|
||||
.$promise.then(function success(data) {
|
||||
if (data.message) {
|
||||
deferred.reject({ msg: data.message });
|
||||
} else {
|
||||
deferred.resolve();
|
||||
}
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject({ msg: 'Unable to remove config', err: err });
|
||||
});
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
|
||||
service.create = function (environmentId, config) {
|
||||
return Config.create({ environmentId }, config).$promise;
|
||||
};
|
||||
|
||||
return service;
|
||||
},
|
||||
]);
|
||||
/**
|
||||
* @param {EnvironmentId} environmentId
|
||||
* @param {ConfigId} configId
|
||||
*/
|
||||
async function getConfigAngularJS(environmentId, configId) {
|
||||
const data = await getConfig(environmentId, configId);
|
||||
return new ConfigViewModel(data);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,196 +9,129 @@ import {
|
||||
startContainer,
|
||||
stopContainer,
|
||||
recreateContainer,
|
||||
getContainerLogs,
|
||||
} from '@/react/docker/containers/containers.service';
|
||||
import { ContainerDetailsViewModel, ContainerStatsViewModel, ContainerViewModel } from '../models/container';
|
||||
import { getContainers } from '@/react/docker/containers/queries/useContainers';
|
||||
import { getContainer } from '@/react/docker/containers/queries/useContainer';
|
||||
import { resizeTTY } from '@/react/docker/containers/queries/useContainerResizeTTYMutation';
|
||||
import { updateContainer } from '@/react/docker/containers/queries/useUpdateContainer';
|
||||
import { createExec } from '@/react/docker/containers/queries/useCreateExecMutation';
|
||||
import { containerStats } from '@/react/docker/containers/queries/useContainerStats';
|
||||
import { containerTop } from '@/react/docker/containers/queries/useContainerTop';
|
||||
import { createOrReplace } from '@/react/docker/containers/CreateView/useCreateMutation';
|
||||
import { toReactAccessControlFormData } from '@/portainer/components/accessControlForm/porAccessControlFormModel';
|
||||
|
||||
import { ContainerDetailsViewModel } from '../models/containerDetails';
|
||||
import { ContainerStatsViewModel } from '../models/containerStats';
|
||||
import { formatLogs } from '../helpers/logHelper';
|
||||
|
||||
angular.module('portainer.docker').factory('ContainerService', ContainerServiceFactory);
|
||||
|
||||
/* @ngInject */
|
||||
function ContainerServiceFactory($q, Container, $timeout) {
|
||||
const service = {
|
||||
killContainer,
|
||||
pauseContainer,
|
||||
renameContainer,
|
||||
restartContainer,
|
||||
resumeContainer,
|
||||
startContainer,
|
||||
stopContainer,
|
||||
recreateContainer,
|
||||
remove: removeContainer,
|
||||
updateRestartPolicy,
|
||||
updateLimits,
|
||||
function ContainerServiceFactory(AngularToReact) {
|
||||
const { useAxios } = AngularToReact;
|
||||
|
||||
return {
|
||||
killContainer: useAxios(killContainer), // container edit
|
||||
pauseContainer: useAxios(pauseContainer), // container edit
|
||||
renameContainer: useAxios(renameContainer), // container edit
|
||||
restartContainer: useAxios(restartContainer), // container edit
|
||||
resumeContainer: useAxios(resumeContainer), // container edit
|
||||
startContainer: useAxios(startContainer), // container edit
|
||||
stopContainer: useAxios(stopContainer), // container edit
|
||||
recreateContainer: useAxios(recreateContainer), // container edit
|
||||
remove: useAxios(removeContainer), // container edit
|
||||
container: useAxios(getContainerAngularJS), // container console + container edit + container stats
|
||||
containers: useAxios(getContainers), // dashboard + services list + service edit + voluem edit + stackservice + stack create + stack edit
|
||||
resizeTTY: useAxios(resizeTTYAngularJS), // container console
|
||||
updateRestartPolicy: useAxios(updateRestartPolicyAngularJS), // container edit
|
||||
createExec: useAxios(createExec), // container console
|
||||
containerStats: useAxios(containerStatsAngularJS), // container stats
|
||||
containerTop: useAxios(containerTop), // container stats
|
||||
inspect: useAxios(getContainer), // container inspect
|
||||
createAndStartContainer: useAxios(createAndStartContainer), // templates
|
||||
logs: useAxios(containerLogsAngularJS), // container logs
|
||||
};
|
||||
|
||||
service.container = function (environmentId, id) {
|
||||
var deferred = $q.defer();
|
||||
|
||||
Container.get({ environmentId, id })
|
||||
.$promise.then(function success(data) {
|
||||
var container = new ContainerDetailsViewModel(data);
|
||||
deferred.resolve(container);
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject({ msg: 'Unable to retrieve container information', err: err });
|
||||
});
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
|
||||
service.containers = function (environmentId, all, filters) {
|
||||
var deferred = $q.defer();
|
||||
Container.query({ environmentId, all, filters })
|
||||
.$promise.then(function success(data) {
|
||||
var containers = data.map(function (item) {
|
||||
return new ContainerViewModel(item);
|
||||
});
|
||||
deferred.resolve(containers);
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject({ msg: 'Unable to retrieve containers', err: err });
|
||||
});
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
|
||||
service.resizeTTY = function (environmentId, id, width, height, timeout) {
|
||||
var deferred = $q.defer();
|
||||
|
||||
$timeout(function () {
|
||||
Container.resize({}, { environmentId, id, width, height })
|
||||
.$promise.then(function success(data) {
|
||||
if (data.message) {
|
||||
deferred.reject({ msg: 'Unable to resize tty of container ' + id, err: data.message });
|
||||
} else {
|
||||
deferred.resolve(data);
|
||||
}
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject({ msg: 'Unable to resize tty of container ' + id, err: err });
|
||||
});
|
||||
}, timeout);
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
|
||||
function updateRestartPolicy(environmentId, id, restartPolicy, maximumRetryCounts) {
|
||||
return Container.update({ environmentId, id }, { RestartPolicy: { Name: restartPolicy, MaximumRetryCount: maximumRetryCounts } }).$promise;
|
||||
/**
|
||||
* @param {EnvironmentId} environmentId
|
||||
* @param {ContainerId} id
|
||||
* @param {*} param2
|
||||
*/
|
||||
async function getContainerAngularJS(environmentId, id, { nodeName } = {}) {
|
||||
const data = await getContainer(environmentId, id, { nodeName });
|
||||
return new ContainerDetailsViewModel(data);
|
||||
}
|
||||
|
||||
function updateLimits(environmentId, id, config) {
|
||||
return Container.update(
|
||||
{ environmentId, id },
|
||||
{
|
||||
// MemorySwap: must be set
|
||||
// -1: non limits, 0: treated as unset(cause update error).
|
||||
MemoryReservation: config.HostConfig.MemoryReservation,
|
||||
Memory: config.HostConfig.Memory,
|
||||
MemorySwap: -1,
|
||||
NanoCpus: config.HostConfig.NanoCpus,
|
||||
}
|
||||
).$promise;
|
||||
/**
|
||||
* @param {EnvironmentId} environmentId
|
||||
* @param {string} containerId
|
||||
* @param {number} width
|
||||
* @param {number} height
|
||||
* @param timeout DEPRECATED: Previously used in pure AJS implementation
|
||||
*/
|
||||
async function resizeTTYAngularJS(environmentId, containerId, width, height) {
|
||||
return resizeTTY(environmentId, containerId, { width, height });
|
||||
}
|
||||
|
||||
service.createContainer = function (environmentId, configuration) {
|
||||
var deferred = $q.defer();
|
||||
Container.create({ environmentId }, configuration)
|
||||
.$promise.then(function success(data) {
|
||||
deferred.resolve(data);
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject({ msg: 'Unable to create container', err: err });
|
||||
});
|
||||
return deferred.promise;
|
||||
};
|
||||
/**
|
||||
* @param {EnvironmentId} environmentId
|
||||
* @param {ContainerId} id
|
||||
* @param {RestartPolicy['Name']} restartPolicy
|
||||
* @param {RestartPolicy['MaximumRetryCount']} maximumRetryCounts
|
||||
*/
|
||||
async function updateRestartPolicyAngularJS(environmentId, id, restartPolicy, maximumRetryCounts) {
|
||||
return updateContainer(environmentId, id, {
|
||||
RestartPolicy: {
|
||||
Name: restartPolicy,
|
||||
MaximumRetryCount: maximumRetryCounts,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
service.createAndStartContainer = function (environmentId, configuration) {
|
||||
var deferred = $q.defer();
|
||||
var container;
|
||||
service
|
||||
.createContainer(environmentId, configuration)
|
||||
.then(function success(data) {
|
||||
container = data;
|
||||
return service.startContainer(environmentId, container.Id);
|
||||
})
|
||||
.then(function success() {
|
||||
deferred.resolve(container);
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject(err);
|
||||
});
|
||||
return deferred.promise;
|
||||
};
|
||||
/**
|
||||
* @param {Environment} environment
|
||||
* @param {*} configuration
|
||||
* @param {AccessControlFormData} accessControlFormData
|
||||
*/
|
||||
async function createAndStartContainer(environment, configuration, accessControlFormData) {
|
||||
return createOrReplace({
|
||||
config: configuration,
|
||||
environment,
|
||||
values: {
|
||||
name: configuration.name,
|
||||
imageName: configuration.Image,
|
||||
accessControl: toReactAccessControlFormData(accessControlFormData),
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
service.createExec = function (environmentId, execConfig) {
|
||||
var deferred = $q.defer();
|
||||
|
||||
Container.exec({ environmentId }, execConfig)
|
||||
.$promise.then(function success(data) {
|
||||
if (data.message) {
|
||||
deferred.reject({ msg: data.message, err: data.message });
|
||||
} else {
|
||||
deferred.resolve(data);
|
||||
}
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject(err);
|
||||
});
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
|
||||
service.logs = function (environmentId, id, stdout, stderr, timestamps, since, tail, stripHeaders) {
|
||||
var deferred = $q.defer();
|
||||
|
||||
var parameters = {
|
||||
id: id,
|
||||
stdout: stdout || 0,
|
||||
stderr: stderr || 0,
|
||||
timestamps: timestamps || 0,
|
||||
since: since || 0,
|
||||
tail: tail || 'all',
|
||||
environmentId,
|
||||
};
|
||||
|
||||
Container.logs(parameters)
|
||||
.$promise.then(function success(data) {
|
||||
var logs = formatLogs(data.logs, { stripHeaders, withTimestamps: !!timestamps });
|
||||
deferred.resolve(logs);
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject(err);
|
||||
});
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
|
||||
service.containerStats = function (environmentId, id) {
|
||||
var deferred = $q.defer();
|
||||
|
||||
Container.stats({ environmentId, id })
|
||||
.$promise.then(function success(data) {
|
||||
var containerStats = new ContainerStatsViewModel(data);
|
||||
deferred.resolve(containerStats);
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject(err);
|
||||
});
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
|
||||
service.containerTop = function (environmentId, id) {
|
||||
return Container.top({ environmentId, id }).$promise;
|
||||
};
|
||||
|
||||
service.inspect = function (environmentId, id) {
|
||||
return Container.inspect({ environmentId, id }).$promise;
|
||||
};
|
||||
|
||||
service.prune = function (environmentId, filters) {
|
||||
return Container.prune({ environmentId, filters }).$promise;
|
||||
};
|
||||
|
||||
return service;
|
||||
/**
|
||||
* @param {EnvironmentId} environmentId
|
||||
* @param {ContainerId} id
|
||||
*/
|
||||
async function containerStatsAngularJS(environmentId, id) {
|
||||
const data = await containerStats(environmentId, id);
|
||||
return new ContainerStatsViewModel(data);
|
||||
}
|
||||
/**
|
||||
* @param {EnvironmentId} environmentId
|
||||
* @param {Containerid} id
|
||||
* @param {boolean?} stdout
|
||||
* @param {boolean?} stderr
|
||||
* @param {boolean?} timestamps
|
||||
* @param {number?} since
|
||||
* @param {number?} tail
|
||||
* @param {boolean?} stripHeaders
|
||||
*/
|
||||
async function containerLogsAngularJS(environmentId, id, stdout = false, stderr = false, timestamps = false, since = 0, tail = 'all', stripHeaders) {
|
||||
const data = await getContainerLogs(environmentId, id, {
|
||||
since,
|
||||
stderr,
|
||||
stdout,
|
||||
tail,
|
||||
timestamps,
|
||||
});
|
||||
return formatLogs(data, { stripHeaders, withTimestamps: !!timestamps });
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,31 +1,23 @@
|
||||
angular.module('portainer.docker').factory('ExecService', [
|
||||
'$q',
|
||||
'$timeout',
|
||||
'Exec',
|
||||
function ExecServiceFactory($q, $timeout, Exec) {
|
||||
'use strict';
|
||||
var service = {};
|
||||
import { resizeTTY } from '@/react/docker/proxy/queries/useExecResizeTTYMutation';
|
||||
|
||||
service.resizeTTY = function (execId, width, height, timeout) {
|
||||
var deferred = $q.defer();
|
||||
angular.module('portainer.docker').factory('ExecService', ExecServiceFactory);
|
||||
|
||||
$timeout(function () {
|
||||
Exec.resize({}, { id: execId, height: height, width: width })
|
||||
.$promise.then(function success(data) {
|
||||
if (data.message) {
|
||||
deferred.reject({ msg: 'Unable to resize tty of exec', err: data.message });
|
||||
} else {
|
||||
deferred.resolve(data);
|
||||
}
|
||||
})
|
||||
.catch(function error(err) {
|
||||
deferred.reject({ msg: 'Unable to resize tty of exec', err: err });
|
||||
});
|
||||
}, timeout);
|
||||
/* @ngInject */
|
||||
function ExecServiceFactory(AngularToReact) {
|
||||
const { useAxios, injectEnvironmentId } = AngularToReact;
|
||||
|
||||
return deferred.promise;
|
||||
};
|
||||
return {
|
||||
resizeTTY: useAxios(injectEnvironmentId(resizeTTYAngularJS)),
|
||||
};
|
||||
|
||||
return service;
|
||||
},
|
||||
]);
|
||||
/**
|
||||
* @param {EnvironmentId} environmentId Injected
|
||||
* @param {string} execId
|
||||
* @param {number} width
|
||||
* @param {number} height
|
||||
* @param timeout DEPRECATED: Previously used in pure AJS implementation
|
||||
*/
|
||||
async function resizeTTYAngularJS(environmentId, execId, width, height) {
|
||||
return resizeTTY(environmentId, execId, { width, height });
|
||||
}
|
||||
}
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user