Files
portainer/api/http/handler/stacks/create_kubernetes_stack.go
T
cong meng aeadb5c375 fix(k8s): EE-354 Unable to use advanced deployment feature on agent and Edge agent endpoints (#194)
* fix(k8s): EE-354 Unable to use advanced deployment feature on agent and Edge agent endpoints

* fix(k8s): EE-354 enable advance deploy UI

* fix(k8s): EE-354 use the v2 version of agent api instead of v3

Co-authored-by: Simon Meng <simon.meng@portainer.io>
2021-04-12 15:34:33 +02:00

108 lines
3.8 KiB
Go

package stacks
import (
"errors"
"net/http"
"github.com/asaskevich/govalidator"
httperror "github.com/portainer/libhttp/error"
"github.com/portainer/libhttp/request"
"github.com/portainer/libhttp/response"
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/http/security"
endpointutils "github.com/portainer/portainer/api/internal/endpoint"
)
type kubernetesStackPayload struct {
ComposeFormat bool
Namespace string
StackFileContent string
}
func (payload *kubernetesStackPayload) Validate(r *http.Request) error {
if govalidator.IsNull(payload.StackFileContent) {
return errors.New("Invalid stack file content")
}
if govalidator.IsNull(payload.Namespace) {
return errors.New("Invalid namespace")
}
return nil
}
type createKubernetesStackResponse struct {
Output string `json:"Output"`
}
func (handler *Handler) createKubernetesStack(w http.ResponseWriter, r *http.Request, endpoint *portainer.Endpoint) *httperror.HandlerError {
if !endpointutils.IsKubernetesEndpoint(endpoint) {
return &httperror.HandlerError{http.StatusBadRequest, "Endpoint type does not match", errors.New("Endpoint type does not match")}
}
permissionDeniedErr := "Permission denied to access endpoint"
tokenData, err := security.RetrieveTokenData(r)
if err != nil {
return &httperror.HandlerError{http.StatusForbidden, permissionDeniedErr, err}
}
var payload kubernetesStackPayload
err = request.DecodeAndValidateJSONPayload(r, &payload)
if err != nil {
return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
}
namespace := payload.Namespace
if tokenData.Role != portainer.AdministratorRole {
// check if the user has OperationK8sApplicationsAdvancedDeploymentRW access in the endpoint
endpointRole, err := handler.AuthorizationService.GetUserEndpointRole(int(tokenData.ID), int(endpoint.ID))
if err != nil {
return &httperror.HandlerError{http.StatusForbidden, permissionDeniedErr, err}
} else if !endpointRole.Authorizations[portainer.OperationK8sApplicationsAdvancedDeploymentRW] {
err = errors.New(permissionDeniedErr)
return &httperror.HandlerError{http.StatusForbidden, permissionDeniedErr, err}
}
// will skip if user can access all namespaces
if !endpointRole.Authorizations[portainer.OperationK8sAccessAllNamespaces] {
cli, err := handler.KubernetesClientFactory.GetKubeClient(endpoint)
if err != nil {
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to create Kubernetes client", err}
}
// check if the user has RW access to the namespace
namespaceAuthorizations, err := handler.AuthorizationService.GetNamespaceAuthorizations(int(tokenData.ID), *endpoint, cli)
if err != nil {
return &httperror.HandlerError{http.StatusForbidden, permissionDeniedErr, err}
} else if auth, ok := namespaceAuthorizations[namespace]; !ok || !auth[portainer.OperationK8sAccessNamespaceWrite] {
err = errors.New(permissionDeniedErr)
return &httperror.HandlerError{http.StatusForbidden, permissionDeniedErr, err}
}
}
}
output, err := handler.deployKubernetesStack(endpoint, payload.StackFileContent, payload.ComposeFormat, namespace)
if err != nil {
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to deploy Kubernetes stack", err}
}
resp := &createKubernetesStackResponse{
Output: output,
}
return response.JSON(w, resp)
}
func (handler *Handler) deployKubernetesStack(endpoint *portainer.Endpoint, stackConfig string, composeFormat bool, namespace string) (string, error) {
handler.stackCreationMutex.Lock()
defer handler.stackCreationMutex.Unlock()
if composeFormat {
convertedConfig, err := handler.KubernetesDeployer.ConvertCompose(stackConfig)
if err != nil {
return "", err
}
stackConfig = string(convertedConfig)
}
return handler.KubernetesDeployer.Deploy(endpoint, stackConfig, namespace)
}