portainer/api/cmd/portainer/main.go

package main // import "github.com/portainer/portainer"

import (
	"github.com/portainer/portainer"
	"github.com/portainer/portainer/bolt"
	"github.com/portainer/portainer/cli"
	"github.com/portainer/portainer/cron"
	"github.com/portainer/portainer/crypto"
	"github.com/portainer/portainer/file"
	"github.com/portainer/portainer/http"
	"github.com/portainer/portainer/jwt"
	"github.com/portainer/portainer/ldap"

	"log"
)

func initCLI() *portainer.CLIFlags {
	var cli portainer.CLIService = &cli.Service{}
	flags, err := cli.ParseFlags(portainer.APIVersion)
	if err != nil {
		log.Fatal(err)
	}

	err = cli.ValidateFlags(flags)
	if err != nil {
		log.Fatal(err)
	}
	return flags
}

func initFileService(dataStorePath string) portainer.FileService {
	fileService, err := file.NewService(dataStorePath, "")
	if err != nil {
		log.Fatal(err)
	}
	return fileService
}

func initStore(dataStorePath string) *bolt.Store {
	store, err := bolt.NewStore(dataStorePath)
	if err != nil {
		log.Fatal(err)
	}

	err = store.Open()
	if err != nil {
		log.Fatal(err)
	}

	err = store.MigrateData()
	if err != nil {
		log.Fatal(err)
	}
	return store
}

func initJWTService(authenticationEnabled bool) portainer.JWTService {
	if authenticationEnabled {
		jwtService, err := jwt.NewService()
		if err != nil {
			log.Fatal(err)
		}
		return jwtService
	}
	return nil
}

func initCryptoService() portainer.CryptoService {
	return &crypto.Service{}
}

func initLDAPService() portainer.LDAPService {
	return &ldap.Service{}
}

func initEndpointWatcher(endpointService portainer.EndpointService, externalEnpointFile string, syncInterval string) bool {
	authorizeEndpointMgmt := true
	if externalEnpointFile != "" {
		authorizeEndpointMgmt = false
		log.Println("Using external endpoint definition. Endpoint management via the API will be disabled.")
		endpointWatcher := cron.NewWatcher(endpointService, syncInterval)
		err := endpointWatcher.WatchEndpointFile(externalEnpointFile)
		if err != nil {
			log.Fatal(err)
		}
	}
	return authorizeEndpointMgmt
}

func initStatus(authorizeEndpointMgmt bool, flags *portainer.CLIFlags) *portainer.Status {
	return &portainer.Status{
		Analytics:          !*flags.NoAnalytics,
		Authentication:     !*flags.NoAuth,
		EndpointManagement: authorizeEndpointMgmt,
		Version:            portainer.APIVersion,
	}
}

func initDockerHub(dockerHubService portainer.DockerHubService) error {
	_, err := dockerHubService.DockerHub()
	if err == portainer.ErrDockerHubNotFound {
		dockerhub := &portainer.DockerHub{
			Authentication: false,
			Username:       "",
			Password:       "",
		}
		return dockerHubService.StoreDockerHub(dockerhub)
	} else if err != nil {
		return err
	}

	return nil
}

func initSettings(settingsService portainer.SettingsService, flags *portainer.CLIFlags) error {
	_, err := settingsService.Settings()
	if err == portainer.ErrSettingsNotFound {
		settings := &portainer.Settings{
			LogoURL:                     *flags.Logo,
			DisplayExternalContributors: true,
			AuthenticationMethod:        portainer.AuthenticationInternal,
			LDAPSettings: portainer.LDAPSettings{
				TLSConfig: portainer.TLSConfiguration{},
				SearchSettings: []portainer.LDAPSearchSettings{
					portainer.LDAPSearchSettings{},
				},
			},
			AllowBindMountsForRegularUsers:     true,
			AllowPrivilegedModeForRegularUsers: true,
		}

		if *flags.Templates != "" {
			settings.TemplatesURL = *flags.Templates
		} else {
			settings.TemplatesURL = portainer.DefaultTemplatesURL
		}

		if *flags.Labels != nil {
			settings.BlackListedLabels = *flags.Labels
		} else {
			settings.BlackListedLabels = make([]portainer.Pair, 0)
		}

		return settingsService.StoreSettings(settings)
	} else if err != nil {
		return err
	}

	return nil
}

func retrieveFirstEndpointFromDatabase(endpointService portainer.EndpointService) *portainer.Endpoint {
	endpoints, err := endpointService.Endpoints()
	if err != nil {
		log.Fatal(err)
	}
	return &endpoints[0]
}

func main() {
	flags := initCLI()

	fileService := initFileService(*flags.Data)

	store := initStore(*flags.Data)
	defer store.Close()

	jwtService := initJWTService(!*flags.NoAuth)

	cryptoService := initCryptoService()

	ldapService := initLDAPService()

	authorizeEndpointMgmt := initEndpointWatcher(store.EndpointService, *flags.ExternalEndpoints, *flags.SyncInterval)

	err := initSettings(store.SettingsService, flags)
	if err != nil {
		log.Fatal(err)
	}

	err = initDockerHub(store.DockerHubService)
	if err != nil {
		log.Fatal(err)
	}

	applicationStatus := initStatus(authorizeEndpointMgmt, flags)

	if *flags.Endpoint != "" {
		var endpoints []portainer.Endpoint
		endpoints, err := store.EndpointService.Endpoints()
		if err != nil {
			log.Fatal(err)
		}
		if len(endpoints) == 0 {
			endpoint := &portainer.Endpoint{
				Name: "primary",
				URL:  *flags.Endpoint,
				TLSConfig: portainer.TLSConfiguration{
					TLS:           *flags.TLSVerify,
					TLSSkipVerify: false,
					TLSCACertPath: *flags.TLSCacert,
					TLSCertPath:   *flags.TLSCert,
					TLSKeyPath:    *flags.TLSKey,
				},
				AuthorizedUsers: []portainer.UserID{},
				AuthorizedTeams: []portainer.TeamID{},
			}
			err = store.EndpointService.CreateEndpoint(endpoint)
			if err != nil {
				log.Fatal(err)
			}
		} else {
			log.Println("Instance already has defined endpoints. Skipping the endpoint defined via CLI.")
		}
	}

	adminPasswordHash := ""
	if *flags.AdminPasswordFile != "" {
		content, err := file.GetStringFromFile(*flags.AdminPasswordFile)
		if err != nil {
			log.Fatal(err)
		}
		adminPasswordHash, err = cryptoService.Hash(content)
		if err != nil {
			log.Fatal(err)
		}
	} else if *flags.AdminPassword != "" {
		adminPasswordHash = *flags.AdminPassword
	}

	if adminPasswordHash != "" {

		log.Printf("Creating admin user with password hash %s", adminPasswordHash)
		user := &portainer.User{
			Username: "admin",
			Role:     portainer.AdministratorRole,
			Password: adminPasswordHash,
		}
		err := store.UserService.CreateUser(user)
		if err != nil {
			log.Fatal(err)
		}
	}

	var server portainer.Server = &http.Server{
		Status:                 applicationStatus,
		BindAddress:            *flags.Addr,
		AssetsPath:             *flags.Assets,
		AuthDisabled:           *flags.NoAuth,
		EndpointManagement:     authorizeEndpointMgmt,
		UserService:            store.UserService,
		TeamService:            store.TeamService,
		TeamMembershipService:  store.TeamMembershipService,
		EndpointService:        store.EndpointService,
		ResourceControlService: store.ResourceControlService,
		SettingsService:        store.SettingsService,
		RegistryService:        store.RegistryService,
		DockerHubService:       store.DockerHubService,
		CryptoService:          cryptoService,
		JWTService:             jwtService,
		FileService:            fileService,
		LDAPService:            ldapService,
		SSL:                    *flags.SSL,
		SSLCert:                *flags.SSLCert,
		SSLKey:                 *flags.SSLKey,
	}

	log.Printf("Starting Portainer %s on %s", portainer.APIVersion, *flags.Addr)
	err = server.Start()
	if err != nil {
		log.Fatal(err)
	}
}
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00			`package main // import "github.com/portainer/portainer"`

			`import (`
			`"github.com/portainer/portainer"`
			`"github.com/portainer/portainer/bolt"`
			`"github.com/portainer/portainer/cli"`
feat(endpoints): add the ability to define endpoints from an external source 2017-02-06 18:29:34 +13:00			`"github.com/portainer/portainer/cron"`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00			`"github.com/portainer/portainer/crypto"`
feat(global): multi endpoint management (#407) 2016-12-26 09:34:02 +13:00			`"github.com/portainer/portainer/file"`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00			`"github.com/portainer/portainer/http"`
			`"github.com/portainer/portainer/jwt"`
feat(authentication): add LDAP authentication support (#1093) 2017-08-10 10:35:23 +02:00			`"github.com/portainer/portainer/ldap"`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00
			`"log"`
			`)`

refactor(api): refactor 2017-02-07 16:26:12 +13:00			`func initCLI() *portainer.CLIFlags {`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00			`var cli portainer.CLIService = &cli.Service{}`
			`flags, err := cli.ParseFlags(portainer.APIVersion)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`err = cli.ValidateFlags(flags)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`return flags`
			`}`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`func initFileService(dataStorePath string) portainer.FileService {`
			`fileService, err := file.NewService(dataStorePath, "")`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00			`if err != nil {`
			`log.Fatal(err)`
			`}`
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`return fileService`
			`}`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`func initStore(dataStorePath string) *bolt.Store {`
feat(uac): add multi user management and UAC (#647) 2017-03-12 17:24:15 +01:00			`store, err := bolt.NewStore(dataStorePath)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`err = store.Open()`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`err = store.MigrateData()`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00			`if err != nil {`
			`log.Fatal(err)`
			`}`
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`return store`
			`}`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`func initJWTService(authenticationEnabled bool) portainer.JWTService {`
			`if authenticationEnabled {`
			`jwtService, err := jwt.NewService()`
feat(authentication): add a --no-auth flag to disable authentication (#553) 2017-02-01 22:13:48 +13:00			`if err != nil {`
			`log.Fatal(err)`
			`}`
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`return jwtService`
feat(global): multi endpoint management (#407) 2016-12-26 09:34:02 +13:00			`}`
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`return nil`
			`}`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`func initCryptoService() portainer.CryptoService {`
			`return &crypto.Service{}`
			`}`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00
feat(authentication): add LDAP authentication support (#1093) 2017-08-10 10:35:23 +02:00			`func initLDAPService() portainer.LDAPService {`
			`return &ldap.Service{}`
			`}`

refactor(api): refactor 2017-02-07 16:26:12 +13:00			`func initEndpointWatcher(endpointService portainer.EndpointService, externalEnpointFile string, syncInterval string) bool {`
feat(endpoints): add the ability to define endpoints from an external source 2017-02-06 18:29:34 +13:00			`authorizeEndpointMgmt := true`
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`if externalEnpointFile != "" {`
feat(endpoints): add the ability to define endpoints from an external source 2017-02-06 18:29:34 +13:00			`authorizeEndpointMgmt = false`
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`log.Println("Using external endpoint definition. Endpoint management via the API will be disabled.")`
			`endpointWatcher := cron.NewWatcher(endpointService, syncInterval)`
			`err := endpointWatcher.WatchEndpointFile(externalEnpointFile)`
feat(authentication): add a --no-auth flag to disable authentication (#553) 2017-02-01 22:13:48 +13:00			`if err != nil {`
			`log.Fatal(err)`
			`}`
feat(global): multi endpoint management (#407) 2016-12-26 09:34:02 +13:00			`}`
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`return authorizeEndpointMgmt`
			`}`
feat(endpoints): add the ability to define endpoints from an external source 2017-02-06 18:29:34 +13:00
feat(settings): add settings management (#906) 2017-06-01 10:14:55 +02:00			`func initStatus(authorizeEndpointMgmt bool, flags portainer.CLIFlags) portainer.Status {`
			`return &portainer.Status{`
merge branch 'release-1.11.4' into develop 2017-03-03 12:54:22 +01:00			`Analytics: !*flags.NoAnalytics,`
feat(endpoints): add the ability to define endpoints from an external source 2017-02-06 18:29:34 +13:00			`Authentication: !*flags.NoAuth,`
			`EndpointManagement: authorizeEndpointMgmt,`
feat(settings): add settings management (#906) 2017-06-01 10:14:55 +02:00			`Version: portainer.APIVersion,`
feat(endpoints): add the ability to define endpoints from an external source 2017-02-06 18:29:34 +13:00			`}`
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`}`
feat(global): multi endpoint management (#407) 2016-12-26 09:34:02 +13:00
feat(registries): add registry management (#930) 2017-06-20 13:00:32 +02:00			`func initDockerHub(dockerHubService portainer.DockerHubService) error {`
			`_, err := dockerHubService.DockerHub()`
			`if err == portainer.ErrDockerHubNotFound {`
			`dockerhub := &portainer.DockerHub{`
			`Authentication: false,`
			`Username: "",`
			`Password: "",`
			`}`
			`return dockerHubService.StoreDockerHub(dockerhub)`
			`} else if err != nil {`
			`return err`
			`}`

			`return nil`
			`}`

feat(settings): add settings management (#906) 2017-06-01 10:14:55 +02:00			`func initSettings(settingsService portainer.SettingsService, flags *portainer.CLIFlags) error {`
			`_, err := settingsService.Settings()`
			`if err == portainer.ErrSettingsNotFound {`
			`settings := &portainer.Settings{`
			`LogoURL: *flags.Logo,`
			`DisplayExternalContributors: true,`
feat(authentication): add LDAP authentication support (#1093) 2017-08-10 10:35:23 +02:00			`AuthenticationMethod: portainer.AuthenticationInternal,`
			`LDAPSettings: portainer.LDAPSettings{`
			`TLSConfig: portainer.TLSConfiguration{},`
			`SearchSettings: []portainer.LDAPSearchSettings{`
			`portainer.LDAPSearchSettings{},`
			`},`
			`},`
feat(settings): add a setting to disable privileged mode for non-admins (#1239) 2017-09-27 09:26:04 +02:00			`AllowBindMountsForRegularUsers: true,`
			`AllowPrivilegedModeForRegularUsers: true,`
feat(settings): add settings management (#906) 2017-06-01 10:14:55 +02:00			`}`

			`if *flags.Templates != "" {`
			`settings.TemplatesURL = *flags.Templates`
			`} else {`
			`settings.TemplatesURL = portainer.DefaultTemplatesURL`
			`}`

			`if *flags.Labels != nil {`
			`settings.BlackListedLabels = *flags.Labels`
			`} else {`
			`settings.BlackListedLabels = make([]portainer.Pair, 0)`
			`}`

			`return settingsService.StoreSettings(settings)`
			`} else if err != nil {`
			`return err`
			`}`

			`return nil`
			`}`

refactor(api): refactor 2017-02-07 16:26:12 +13:00			`func retrieveFirstEndpointFromDatabase(endpointService portainer.EndpointService) *portainer.Endpoint {`
			`endpoints, err := endpointService.Endpoints()`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`return &endpoints[0]`
			`}`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00
refactor(api): refactor 2017-02-07 16:26:12 +13:00			`func main() {`
			`flags := initCLI()`

			`fileService := initFileService(*flags.Data)`

			`store := initStore(*flags.Data)`
			`defer store.Close()`

			`jwtService := initJWTService(!*flags.NoAuth)`

			`cryptoService := initCryptoService()`

feat(authentication): add LDAP authentication support (#1093) 2017-08-10 10:35:23 +02:00			`ldapService := initLDAPService()`

refactor(api): refactor 2017-02-07 16:26:12 +13:00			`authorizeEndpointMgmt := initEndpointWatcher(store.EndpointService, flags.ExternalEndpoints, flags.SyncInterval)`

feat(settings): add settings management (#906) 2017-06-01 10:14:55 +02:00			`err := initSettings(store.SettingsService, flags)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

feat(registries): add registry management (#930) 2017-06-20 13:00:32 +02:00			`err = initDockerHub(store.DockerHubService)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

feat(settings): add settings management (#906) 2017-06-01 10:14:55 +02:00			`applicationStatus := initStatus(authorizeEndpointMgmt, flags)`
refactor(api): refactor 2017-02-07 16:26:12 +13:00
feat(uac): add multi user management and UAC (#647) 2017-03-12 17:24:15 +01:00			`if *flags.Endpoint != "" {`
			`var endpoints []portainer.Endpoint`
			`endpoints, err := store.EndpointService.Endpoints()`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`if len(endpoints) == 0 {`
			`endpoint := &portainer.Endpoint{`
feat(api): TLS endpoint creation and init overhaul (#1173) 2017-09-14 08:08:37 +02:00			`Name: "primary",`
			`URL: *flags.Endpoint,`
			`TLSConfig: portainer.TLSConfiguration{`
			`TLS: *flags.TLSVerify,`
			`TLSSkipVerify: false,`
			`TLSCACertPath: *flags.TLSCacert,`
			`TLSCertPath: *flags.TLSCert,`
			`TLSKeyPath: *flags.TLSKey,`
			`},`
feat(global): introduce user teams and new UAC system (#868) 2017-05-23 20:56:10 +02:00			`AuthorizedUsers: []portainer.UserID{},`
			`AuthorizedTeams: []portainer.TeamID{},`
feat(uac): add multi user management and UAC (#647) 2017-03-12 17:24:15 +01:00			`}`
			`err = store.EndpointService.CreateEndpoint(endpoint)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`} else {`
			`log.Println("Instance already has defined endpoints. Skipping the endpoint defined via CLI.")`
			`}`
			`}`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00
feat(cli): Allow adding admin password using docker secrets aka file (#1199) (#1214) 2017-09-25 18:13:56 +02:00			`adminPasswordHash := ""`
			`if *flags.AdminPasswordFile != "" {`
			`content, err := file.GetStringFromFile(*flags.AdminPasswordFile)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`adminPasswordHash, err = cryptoService.Hash(content)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`} else if *flags.AdminPassword != "" {`
			`adminPasswordHash = *flags.AdminPassword`
			`}`

			`if adminPasswordHash != "" {`

			`log.Printf("Creating admin user with password hash %s", adminPasswordHash)`
feat(cli): Allow setting admin password from CLI (#752) 2017-04-16 17:54:51 +10:00			`user := &portainer.User{`
			`Username: "admin",`
			`Role: portainer.AdministratorRole,`
feat(cli): Allow adding admin password using docker secrets aka file (#1199) (#1214) 2017-09-25 18:13:56 +02:00			`Password: adminPasswordHash,`
feat(cli): Allow setting admin password from CLI (#752) 2017-04-16 17:54:51 +10:00			`}`
			`err := store.UserService.CreateUser(user)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`}`

refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00			`var server portainer.Server = &http.Server{`
feat(settings): add settings management (#906) 2017-06-01 10:14:55 +02:00			`Status: applicationStatus,`
feat(uac): add multi user management and UAC (#647) 2017-03-12 17:24:15 +01:00			`BindAddress: *flags.Addr,`
			`AssetsPath: *flags.Assets,`
			`AuthDisabled: *flags.NoAuth,`
			`EndpointManagement: authorizeEndpointMgmt,`
			`UserService: store.UserService,`
feat(global): introduce user teams and new UAC system (#868) 2017-05-23 20:56:10 +02:00			`TeamService: store.TeamService,`
			`TeamMembershipService: store.TeamMembershipService,`
feat(uac): add multi user management and UAC (#647) 2017-03-12 17:24:15 +01:00			`EndpointService: store.EndpointService,`
			`ResourceControlService: store.ResourceControlService,`
feat(settings): add settings management (#906) 2017-06-01 10:14:55 +02:00			`SettingsService: store.SettingsService,`
feat(registries): add registry management (#930) 2017-06-20 13:00:32 +02:00			`RegistryService: store.RegistryService,`
			`DockerHubService: store.DockerHubService,`
feat(uac): add multi user management and UAC (#647) 2017-03-12 17:24:15 +01:00			`CryptoService: cryptoService,`
			`JWTService: jwtService,`
			`FileService: fileService,`
feat(authentication): add LDAP authentication support (#1093) 2017-08-10 10:35:23 +02:00			`LDAPService: ldapService,`
feat(backend): native SSL support 2017-04-25 11:51:22 +02:00			`SSL: *flags.SSL,`
			`SSLCert: *flags.SSLCert,`
			`SSLKey: *flags.SSLKey,`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00			`}`

feat(api): display version in startup logs (#1175) 2017-09-04 19:04:30 +02:00			`log.Printf("Starting Portainer %s on %s", portainer.APIVersion, *flags.Addr)`
feat(settings): add settings management (#906) 2017-06-01 10:14:55 +02:00			`err = server.Start()`
refactor(api): API overhaul (#392) 2016-12-18 18:21:29 +13:00			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`}`