commite4605d990dAuthor: yi-portainer <yi.chen@portainer.io> Date: Tue Feb 2 17:42:57 2021 +1300 * update portainer version commit768697157cAuthor: LP B <xAt0mZ@users.noreply.github.com> Date: Tue Feb 2 05:00:19 2021 +0100 sec(app): remove unused and vulnerable dependencies (#4801) commitd3086da139Author: cong meng <mcpacino@gmail.com> Date: Tue Feb 2 15:10:06 2021 +1300 fix(k8s) trigger port validation while changing protocol (ce#394) (#4804) Co-authored-by: Simon Meng <simon.meng@portainer.io> commit95894e8047Author: cong meng <mcpacino@gmail.com> Date: Tue Feb 2 15:03:11 2021 +1300 fix(k8s) parse empty configuration as empty string yaml instead of {} (ce#395) (#4805) Co-authored-by: Simon Meng <simon.meng@portainer.io> commit81de55feddAuthor: Yi Chen <69284638+yi-portainer@users.noreply.github.com> Date: Tue Feb 2 11:12:40 2021 +1300 * fix missing kubectl download (#4802) commit84827b8782Author: Steven Kang <skan070@gmail.com> Date: Sun Jan 31 17:32:30 2021 +1300 feat(build): introducing buildx for Windows (#4792) * feat(build): introducing buildx for Windows * feat(build): re-ordered USER * feat(build): Fixed Typo * feat(build): fixed typo commita71e71f481Author: Dmitry Salakhov <to@dimasalakhov.com> Date: Mon Jan 25 19:16:53 2021 +0000 feat(compose): add docker-compose wrapper (#4713) * feat(compose): add docker-compose wrapper ce-187 * fix(compose): pick compose implementation upon startup * Add static compose build for linux * Fix wget * Fix platofrm specific docker-compose download * Keep amd64 architecture as download parameter * Add tmp folder for docker-compose * fix: line endings * add proxy server * logs * Proxy * Add lite transport for compose * Fix local deployment * refactor: pass proxyManager by ref * fix: string conversion * refactor: compose wrapper remove unused code * fix: tests * Add edge * Fix merge issue * refactor: remove unused code * Move server to proxy implementation * Cleanup wrapper and manager * feat: pass max supported compose syntax version with each endpoint * fix: pick compose syntax version * fix: store wrapper version in portainer * Get and show composeSyntaxMaxVersion at stack creation screen * Get and show composeSyntaxMaxVersion at stack editor screen * refactor: proxy server * Fix used tmp * Bump docker-compose to 1.28.0 * remove message for docker compose limitation * fix: markup typo * Rollback docker compose to 1.27.4 * * attempt to fix the windows build issue * * attempt to debug grunt issue * * use console log in grunt file * fix: try to fix windows build by removing indirect deps from go.mod * Remove tmp folder * Remove builder stage * feat(build/windows): add git for Docker Compose * feat(build/windows): add git for Docker Compose * feat(build/windows): add git for Docker Compose * feat(build/windows): add git for Docker Compose * feat(build/windows): add git for Docker Compose * feat(build/windows): add git for Docker Compose - fixed verbose output * refactor: renames * fix(stack): get endpoint by EndpointProvider * fix(stack): use margin to add space between line instead of using br tag Co-authored-by: Stéphane Busso <stephane.busso@gmail.com> Co-authored-by: Simon Meng <simon.meng@portainer.io> Co-authored-by: yi-portainer <yi.chen@portainer.io> Co-authored-by: Steven Kang <skan070@gmail.com> commit83f4c5ec0bAuthor: LP B <xAt0mZ@users.noreply.github.com> Date: Mon Jan 25 02:43:54 2021 +0100 fix(k8s/app): remove advanced deployment panel from app details view (#4730) commit41308d570dAuthor: Maxime Bajeux <max.bajeux@gmail.com> Date: Mon Jan 25 02:14:35 2021 +0100 feat(configurations): Review UI/UX configurations (#4691) * feat(configurations): Review UI/UX configurations * feat(configurations): fix binary secret value * fix(frontend): populate data between simple and advanced modes (#4503) * fix(configuration): parseYaml before create configuration * fix(configurations): change c to C in ConfigurationOwner * fix(application): change configuration index to configuration key in the view * fix(configuration): resolve problem in application create with configuration not overriden. * fix(configuration): fix bad import in helper Co-authored-by: Simon Meng <simon.meng@portainer.io> commit46ff8a01bcAuthor: Chaim Lev-Ari <chiptus@users.noreply.github.com> Date: Fri Jan 22 03:08:08 2021 +0200 fix(kubernetes/pods): save note (#4675) * feat(kubernetes/pods): introduce patch api * feat(k8s/pods): pod converter * feat(kubernetes/pods): introduce patch api * feat(k8s/pod): add annotations only if needed * fix(k8s/pod): replace class with factory function commit2b257d2785Author: yi-portainer <yi.chen@portainer.io> Date: Thu Jan 21 00:02:22 2021 +1300 Squashed commit of the following 2.0.1 release fixes: commitf90d6b55d6Author: Chaim Lev-Ari <chiptus@users.noreply.github.com> Date: Wed Jan 13 00:56:19 2021 +0200 feat(service): clear source volume when change type (#4627) * feat(service): clear source volume when change type * feat(service): init volume source to the correct value commit1b82b450d7Author: Yi Chen <69284638+yi-portainer@users.noreply.github.com> Date: Thu Jan 7 14:47:32 2021 +1300 * bump the APIVersion to 2.0.1 (#4688) commitb78d804881Author: Yi Chen <69284638+yi-portainer@users.noreply.github.com> Date: Wed Dec 30 23:03:43 2020 +1300 Revert "chore(build): bump Kompose version (#4475)" (#4676) This reverts commit380f106571. Co-authored-by: Stéphane Busso <sbusso@users.noreply.github.com> commit51b72c12f9Author: Anthony Lapenna <anthony.lapenna@portainer.io> Date: Wed Dec 23 14:45:32 2020 +1300 fix(docker/stack-details): do not display editor tab for external stack (#4650) commit58c04bdbe3Author: Yi Chen <69284638+yi-portainer@users.noreply.github.com> Date: Tue Dec 22 13:47:11 2020 +1300 + silently continue when downloading artifacts in windows (#4637) commita6320d5222Author: cong meng <mcpacino@gmail.com> Date: Tue Dec 22 13:38:54 2020 +1300 fix(frontend) unable to retrieve config map error when trying to manage newly created resource pool (ce#180) (#4618) * fix(frontend) unable to retrieve config map error when trying to manage newly created resource pool (ce#180) * fix(frontend) rephrase comments (#4629) Co-authored-by: Stéphane Busso <sbusso@users.noreply.github.com> Co-authored-by: Simon Meng <simon.meng@portainer.io> Co-authored-by: Stéphane Busso <sbusso@users.noreply.github.com> commitda41dbb79aAuthor: cong meng <mcpacino@gmail.com> Date: Wed Jan 20 15:19:35 2021 +1300 fix(stack): stacks created via API are incorrectly marked as private with no owner (#3721) (#4725) Co-authored-by: Simon Meng <simon.meng@portainer.io> commit68d42617f2Author: Maxime Bajeux <max.bajeux@gmail.com> Date: Wed Jan 20 01:02:18 2021 +0100 feat(placement): Add a warning notification under the placement tab when an application cannot be scheduled on any node in the cluster (#4525) * feat(placement): Add a warning notification under the placement tab when an application cannot be scheduled on any node in the cluster * fix(applications): if there is at least one node the application can schedule on, then do not show the warning commit8323e22309Author: Anthony McMahon <75223906+Anthony-Portainer@users.noreply.github.com> Date: Wed Jan 20 12:06:25 2021 +1300 Update issue templates Adding auto labelling to Bug Report (kind/bug, bug/unconfirmed) and Question (kind/question) commit20d4341170Author: Chaim Lev-Ari <chiptus@users.noreply.github.com> Date: Tue Jan 19 00:10:08 2021 +0200 fix(state): check validity of state (#4609) commit832cafc933Author: Chaim Lev-Ari <chiptus@users.noreply.github.com> Date: Mon Jan 18 02:59:57 2021 +0200 fix(registries): update password only when not empty (#4669) commitf3c537ac2cAuthor: cong meng <mcpacino@gmail.com> Date: Mon Jan 18 13:02:16 2021 +1300 chore(build): bump Kompose version (#4473) (#4724) Co-authored-by: Simon Meng <simon.meng@portainer.io> commit958baf6283Author: Anthony McMahon <75223906+Anthony-Portainer@users.noreply.github.com> Date: Mon Jan 18 09:30:17 2021 +1300 Update README.md commit08e392378eAuthor: Chaim Lev-Ari <chiptus@users.noreply.github.com> Date: Sun Jan 17 09:28:09 2021 +0200 chore(app): fail on angular components missing nginject (#4224) commita2d9734b8bAuthor: Alice Groux <alice.grx@gmail.com> Date: Sun Jan 17 04:50:22 2021 +0100 fix(k8s/datatables): reduce size of collapse/expand column for stacks datatable and storage datatable (#4511) * fix(k8s/datatables): reduce size of collapse/expand column for stacks datatable and storage datatable * fix(k8s/datatables): reduce size of expand/collapse column commit15aed9fc6fAuthor: DarkAEther <30438425+DarkAEther@users.noreply.github.com> Date: Sun Jan 17 06:23:32 2021 +0530 feat(area/kubernetes): show shared access policy in volume details (#4707) commit121d33538dAuthor: Alice Groux <alice.grx@gmail.com> Date: Fri Jan 15 02:51:36 2021 +0100 fix(k8s/application): validate load balancer ports inputs (#4426) * fix(k8s/application): validate load balancer ports inputs * fix(k8s/application): allow user to only change the protocol on the first port mapping commit7a03351df8Author: Olli Janatuinen <olljanat@users.noreply.github.com> Date: Thu Jan 14 23:05:33 2021 +0200 dep(api): Support Docker Stack 3.8 (#4333) - Linux: Update Docker binary to version 19.03.13 - Windows: Update Docker binary to version 19.03.12 commit0c2987893dAuthor: Alice Groux <alice.grx@gmail.com> Date: Thu Jan 14 03:04:44 2021 +0100 feat(app/images): in advanced mode, remove tooltip and add an information message (#4528) commitd1eddaa188Author: Alice Groux <alice.grx@gmail.com> Date: Thu Jan 14 00:24:56 2021 +0100 feat(app/network): rename restrict external acces to the network label and add a tooltip (#4514) commitd336ada3c2Author: Anthony Lapenna <anthony.lapenna@portainer.io> Date: Wed Jan 13 16:13:27 2021 +1300 feat(k8s/application): review application creation warning style (#4613) commit839198fbffAuthor: Avadhut Tanugade <30384908+mrwhoknows55@users.noreply.github.com> Date: Wed Jan 13 04:49:18 2021 +0530 commit486ffa5bbdAuthor: Chaim Lev-Ari <chiptus@users.noreply.github.com> Date: Tue Jan 12 23:40:09 2021 +0200 chore(webpack): add source maps (#4471) * chore(webpack): add source maps * feat(build): fetch source maps for 3rd party libs commit4cd468ce21Author: Maxime Bajeux <max.bajeux@gmail.com> Date: Tue Jan 12 02:35:59 2021 +0100 Can't create kubernetes resources with a username longer than 63 characters (#4672) * fix(kubernetes): truncate username when we create resource * fix(k8s): remove forbidden characters in owner label commitcbd7fdc62eAuthor: Chaim Lev-Ari <chiptus@users.noreply.github.com> Date: Tue Jan 12 01:38:49 2021 +0200 feat(docker/stacks): introduce date info for stacks (#4660) * feat(docker/stacks): add creation and update dates * feat(docker/stacks): put ownership column as the last column * feat(docker/stacks): fix the no stacks message * refactor(docker/stacks): make external stacks helpers more readable * feat(docker/stacks): add updated and created by * feat(docker/stacks): toggle updated column * refactor(datatable): create column visibility component Co-authored-by: alice groux <alice.grx@gmail.com> commitb9fe8009ddAuthor: DarkAEther <30438425+DarkAEther@users.noreply.github.com> Date: Mon Jan 11 08:05:19 2021 +0530 feat(image-details): Show labels in images datatable (#4287) * feat(images): show labels in images datatable * move labels to image details view commit6a504e7134Author: Stéphane Busso <sbusso@users.noreply.github.com> Date: Mon Jan 11 14:44:15 2021 +1300 fix(settings): Use default setting if UserSessionTimeout not set (#4521) * fix(settings): Use default settings if UserSessionTimeout not set * Update UserSessionTimeout settings in database if set to empty string commit51ba0876a5Author: Alice Groux <alice.grx@gmail.com> Date: Mon Jan 11 00:51:46 2021 +0100 feat(k8s/configuration): rename add ingress controller button and changed information text (#4540) commit769e6a4c6cAuthor: Alice Groux <alice.grx@gmail.com> Date: Sun Jan 10 23:30:31 2021 +0100 feat(k8s/configuration): add extra information panel when creating a sensitive configuration (#4541) commit105d1ae519Author: cong meng <mcpacino@gmail.com> Date: Fri Jan 8 15:30:43 2021 +1300 feat(frontend): de-emphasize internal login when OAuth is enabled (#3065) (#4565) * feat(frontend): de-emphasize internal login when OAuth is enabled (#3065) * feat(frontend): change the "Use internal authentication" style to be primary (#3065) * feat(frontend): resize the login with "provider" button to use a 120% font size (#3065) * feat(frontend): remove unused css for h1 tag (#3065) Co-authored-by: Simon Meng <simon.meng@portainer.io> commitcf508065ecAuthor: cong meng <mcpacino@gmail.com> Date: Fri Jan 8 12:51:27 2021 +1300 fix(frontend): application edit page initializes the overridenKeyType of new added configuration key to NONE so that the user can select how to load it (#4548) (#4593) Co-authored-by: Simon Meng <simon.meng@portainer.io> commiteab828279eAuthor: itsconquest <william.conquest@portainer.io> Date: Fri Jan 8 12:46:57 2021 +1300 chore(project): exclude refactors (#4689) commitd5763a970bAuthor: cong meng <mcpacino@gmail.com> Date: Fri Jan 8 12:45:06 2021 +1300 fix(frontend): Resource pool 'created' attribute is showing the time you view it at & not actual creation time (#4568) (#4599) Co-authored-by: Simon Meng <simon.meng@portainer.io> commitc9f68a4d8fAuthor: cong meng <mcpacino@gmail.com> Date: Fri Jan 8 11:55:42 2021 +1300 fix(kubernetes): removes kube client cache when edge proxy is removed (#4487) (#4574) Co-authored-by: Simon Meng <simon.meng@portainer.io> commit7848bcf2f4Author: Alice Groux <alice.grx@gmail.com> Date: Thu Jan 7 22:29:17 2021 +0100 feat(k8s/resources-list-view): add advanced deployment panel to resources list view (#4516) * feat(k8s/resources-list-view): add advanced deployment panel to applications view, configurations view and volumes view * feat(k8s/resources-list-view): move advanced deployment into a template and use it everywhere commitb924347c5bAuthor: Stéphane Busso <stephane.busso@gmail.com> Date: Thu Jan 7 14:03:46 2021 +1300 Bump portainer version commit9fbda9fb99Author: Yi Chen <69284638+yi-portainer@users.noreply.github.com> Date: Thu Jan 7 13:38:01 2021 +1300 Merge in release fixes to develop (#4687) * fix(frontend) unable to retrieve config map error when trying to manage newly created resource pool (ce#180) (#4618) * fix(frontend) unable to retrieve config map error when trying to manage newly created resource pool (ce#180) * fix(frontend) rephrase comments (#4629) Co-authored-by: Stéphane Busso <sbusso@users.noreply.github.com> Co-authored-by: Simon Meng <simon.meng@portainer.io> Co-authored-by: Stéphane Busso <sbusso@users.noreply.github.com> * + silently continue when downloading artifacts in windows (#4637) * fix(docker/stack-details): do not display editor tab for external stack (#4650) * Revert "chore(build): bump Kompose version (#4475)" (#4676) This reverts commit380f106571. Co-authored-by: Stéphane Busso <sbusso@users.noreply.github.com> Co-authored-by: cong meng <mcpacino@gmail.com> Co-authored-by: Simon Meng <simon.meng@portainer.io> Co-authored-by: Stéphane Busso <sbusso@users.noreply.github.com> Co-authored-by: Anthony Lapenna <anthony.lapenna@portainer.io> commit82f8062784Author: Anthony Lapenna <lapenna.anthony@gmail.com> Date: Wed Jan 6 11:31:05 2021 +1300 chore(github): update issue template commit49982eb98aAuthor: knittl <knittl89+github@gmail.com> Date: Tue Jan 5 20:49:50 2021 +0100 commit4be3ac470fMerge:7975ef79a50ab51bAuthor: Stéphane Busso <sbusso@users.noreply.github.com> Date: Thu Dec 24 23:45:53 2020 +1300 Merge pull request #4658 from portainer/revert-4475-chore-ce-86-bump-kompose-version Revert "chore(build): bump Kompose version" commita50ab51befAuthor: Stéphane Busso <sbusso@users.noreply.github.com> Date: Thu Dec 24 12:12:28 2020 +1300 Revert "chore(build): bump Kompose version (#4475)" This reverts commit380f106571.
207 lines
7.8 KiB
Go
207 lines
7.8 KiB
Go
package stacks
|
|
|
|
import (
|
|
"errors"
|
|
"log"
|
|
"net/http"
|
|
|
|
"github.com/docker/cli/cli/compose/loader"
|
|
"github.com/docker/cli/cli/compose/types"
|
|
httperror "github.com/portainer/libhttp/error"
|
|
"github.com/portainer/libhttp/request"
|
|
"github.com/portainer/libhttp/response"
|
|
portainer "github.com/portainer/portainer/api"
|
|
bolterrors "github.com/portainer/portainer/api/bolt/errors"
|
|
httperrors "github.com/portainer/portainer/api/http/errors"
|
|
"github.com/portainer/portainer/api/http/security"
|
|
"github.com/portainer/portainer/api/internal/authorization"
|
|
)
|
|
|
|
func (handler *Handler) cleanUp(stack *portainer.Stack, doCleanUp *bool) error {
|
|
if !*doCleanUp {
|
|
return nil
|
|
}
|
|
|
|
err := handler.FileService.RemoveDirectory(stack.ProjectPath)
|
|
if err != nil {
|
|
log.Printf("http error: Unable to cleanup stack creation (err=%s)\n", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// POST request on /api/stacks?type=<type>&method=<method>&endpointId=<endpointId>
|
|
func (handler *Handler) stackCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
|
|
stackType, err := request.RetrieveNumericQueryParameter(r, "type", false)
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusBadRequest, "Invalid query parameter: type", err}
|
|
}
|
|
|
|
method, err := request.RetrieveQueryParameter(r, "method", false)
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusBadRequest, "Invalid query parameter: method", err}
|
|
}
|
|
|
|
endpointID, err := request.RetrieveNumericQueryParameter(r, "endpointId", false)
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusBadRequest, "Invalid query parameter: endpointId", err}
|
|
}
|
|
|
|
settings, err := handler.DataStore.Settings().Settings()
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
|
|
}
|
|
|
|
if !settings.AllowStackManagementForRegularUsers {
|
|
securityContext, err := security.RetrieveRestrictedRequestContext(r)
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user info from request context", err}
|
|
}
|
|
|
|
canCreate, err := handler.userCanCreateStack(securityContext, portainer.EndpointID(endpointID))
|
|
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to verify user authorizations to validate stack creation", err}
|
|
}
|
|
|
|
if !canCreate {
|
|
errMsg := "Stack creation is disabled for non-admin users"
|
|
return &httperror.HandlerError{http.StatusForbidden, errMsg, errors.New(errMsg)}
|
|
}
|
|
}
|
|
|
|
endpoint, err := handler.DataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
|
|
if err == bolterrors.ErrObjectNotFound {
|
|
return &httperror.HandlerError{http.StatusNotFound, "Unable to find an endpoint with the specified identifier inside the database", err}
|
|
} else if err != nil {
|
|
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find an endpoint with the specified identifier inside the database", err}
|
|
}
|
|
|
|
err = handler.requestBouncer.AuthorizedEndpointOperation(r, endpoint)
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusForbidden, "Permission denied to access endpoint", err}
|
|
}
|
|
|
|
tokenData, err := security.RetrieveTokenData(r)
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user details from authentication token", err}
|
|
}
|
|
|
|
switch portainer.StackType(stackType) {
|
|
case portainer.DockerSwarmStack:
|
|
return handler.createSwarmStack(w, r, method, endpoint, tokenData.ID)
|
|
case portainer.DockerComposeStack:
|
|
return handler.createComposeStack(w, r, method, endpoint, tokenData.ID)
|
|
case portainer.KubernetesStack:
|
|
if tokenData.Role != portainer.AdministratorRole {
|
|
return &httperror.HandlerError{http.StatusForbidden, "Access denied", httperrors.ErrUnauthorized}
|
|
}
|
|
|
|
return handler.createKubernetesStack(w, r, endpoint)
|
|
}
|
|
|
|
return &httperror.HandlerError{http.StatusBadRequest, "Invalid value for query parameter: type. Value must be one of: 1 (Swarm stack) or 2 (Compose stack)", errors.New(request.ErrInvalidQueryParameter)}
|
|
}
|
|
|
|
func (handler *Handler) createComposeStack(w http.ResponseWriter, r *http.Request, method string, endpoint *portainer.Endpoint, userID portainer.UserID) *httperror.HandlerError {
|
|
|
|
switch method {
|
|
case "string":
|
|
return handler.createComposeStackFromFileContent(w, r, endpoint, userID)
|
|
case "repository":
|
|
return handler.createComposeStackFromGitRepository(w, r, endpoint, userID)
|
|
case "file":
|
|
return handler.createComposeStackFromFileUpload(w, r, endpoint, userID)
|
|
}
|
|
|
|
return &httperror.HandlerError{http.StatusBadRequest, "Invalid value for query parameter: method. Value must be one of: string, repository or file", errors.New(request.ErrInvalidQueryParameter)}
|
|
}
|
|
|
|
func (handler *Handler) createSwarmStack(w http.ResponseWriter, r *http.Request, method string, endpoint *portainer.Endpoint, userID portainer.UserID) *httperror.HandlerError {
|
|
switch method {
|
|
case "string":
|
|
return handler.createSwarmStackFromFileContent(w, r, endpoint, userID)
|
|
case "repository":
|
|
return handler.createSwarmStackFromGitRepository(w, r, endpoint, userID)
|
|
case "file":
|
|
return handler.createSwarmStackFromFileUpload(w, r, endpoint, userID)
|
|
}
|
|
|
|
return &httperror.HandlerError{http.StatusBadRequest, "Invalid value for query parameter: method. Value must be one of: string, repository or file", errors.New(request.ErrInvalidQueryParameter)}
|
|
}
|
|
|
|
func (handler *Handler) isValidStackFile(stackFileContent []byte, settings *portainer.Settings) error {
|
|
composeConfigYAML, err := loader.ParseYAML(stackFileContent)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
composeConfigFile := types.ConfigFile{
|
|
Config: composeConfigYAML,
|
|
}
|
|
|
|
composeConfigDetails := types.ConfigDetails{
|
|
ConfigFiles: []types.ConfigFile{composeConfigFile},
|
|
Environment: map[string]string{},
|
|
}
|
|
|
|
composeConfig, err := loader.Load(composeConfigDetails, func(options *loader.Options) {
|
|
options.SkipValidation = true
|
|
options.SkipInterpolation = true
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for key := range composeConfig.Services {
|
|
service := composeConfig.Services[key]
|
|
if !settings.AllowBindMountsForRegularUsers {
|
|
for _, volume := range service.Volumes {
|
|
if volume.Type == "bind" {
|
|
return errors.New("bind-mount disabled for non administrator users")
|
|
}
|
|
}
|
|
}
|
|
|
|
if !settings.AllowPrivilegedModeForRegularUsers && service.Privileged == true {
|
|
return errors.New("privileged mode disabled for non administrator users")
|
|
}
|
|
|
|
if !settings.AllowHostNamespaceForRegularUsers && service.Pid == "host" {
|
|
return errors.New("pid host disabled for non administrator users")
|
|
}
|
|
|
|
if !settings.AllowDeviceMappingForRegularUsers && service.Devices != nil && len(service.Devices) > 0 {
|
|
return errors.New("device mapping disabled for non administrator users")
|
|
}
|
|
|
|
if !settings.AllowContainerCapabilitiesForRegularUsers && (len(service.CapAdd) > 0 || len(service.CapDrop) > 0) {
|
|
return errors.New("container capabilities disabled for non administrator users")
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (handler *Handler) decorateStackResponse(w http.ResponseWriter, stack *portainer.Stack, userID portainer.UserID) *httperror.HandlerError {
|
|
var resourceControl *portainer.ResourceControl
|
|
|
|
isAdmin, err := handler.userIsAdmin(userID)
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to load user information from the database", err}
|
|
}
|
|
|
|
if isAdmin {
|
|
resourceControl = authorization.NewAdministratorsOnlyResourceControl(stack.Name, portainer.StackResourceControl)
|
|
} else {
|
|
resourceControl = authorization.NewPrivateResourceControl(stack.Name, portainer.StackResourceControl, userID)
|
|
}
|
|
|
|
err = handler.DataStore.ResourceControl().CreateResourceControl(resourceControl)
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist resource control inside the database", err}
|
|
}
|
|
|
|
stack.ResourceControl = resourceControl
|
|
return response.JSON(w, stack)
|
|
}
|