feat(app): rework private registries and support private registries in kubernetes EE-30 (#5131)

* feat(app): rework private registries and support private registries in kubernetes

[EE-30]

feat(api): backport private registries backend changes (#5072)

* feat(api/bolt): backport bolt changes

* feat(api/exec): backport exec changes

* feat(api/http): backport http/handler/dockerhub changes

* feat(api/http): backport http/handler/endpoints changes

* feat(api/http): backport http/handler/registries changes

* feat(api/http): backport http/handler/stacks changes

* feat(api/http): backport http/handler changes

* feat(api/http): backport http/proxy/factory/azure changes

* feat(api/http): backport http/proxy/factory/docker changes

* feat(api/http): backport http/proxy/factory/utils changes

* feat(api/http): backport http/proxy/factory/kubernetes changes

* feat(api/http): backport http/proxy/factory changes

* feat(api/http): backport http/security changes

* feat(api/http): backport http changes

* feat(api/internal): backport internal changes

* feat(api): backport api changes

* feat(api/kubernetes): backport kubernetes changes

* fix(api/http): changes on backend following backport

feat(app): backport private registries frontend changes (#5056)

* feat(app/docker): backport docker/components changes

* feat(app/docker): backport docker/helpers changes

* feat(app/docker): backport docker/views/container changes

* feat(app/docker): backport docker/views/images changes

* feat(app/docker): backport docker/views/registries changes

* feat(app/docker): backport docker/views/services changes

* feat(app/docker): backport docker changes

* feat(app/kubernetes): backport kubernetes/components changes

* feat(app/kubernetes): backport kubernetes/converters changes

* feat(app/kubernetes): backport kubernetes/models changes

* feat(app/kubernetes): backport kubernetes/registries changes

* feat(app/kubernetes): backport kubernetes/services changes

* feat(app/kubernetes): backport kubernetes/views/applications changes

* feat(app/kubernetes): backport kubernetes/views/configurations changes

* feat(app/kubernetes): backport kubernetes/views/configure changes

* feat(app/kubernetes): backport kubernetes/views/resource-pools changes

* feat(app/kubernetes): backport kubernetes/views changes

* feat(app/portainer): backport portainer/components/accessManagement changes

* feat(app/portainer): backport portainer/components/datatables changes

* feat(app/portainer): backport portainer/components/forms changes

* feat(app/portainer): backport portainer/components/registry-details changes

* feat(app/portainer): backport portainer/models changes

* feat(app/portainer): backport portainer/rest changes

* feat(app/portainer): backport portainer/services changes

* feat(app/portainer): backport portainer/views changes

* feat(app/portainer): backport portainer changes

* feat(app): backport app changes

* config(project): gitignore + jsconfig changes

gitignore all files under api/cmd/portainer but main.go and enable Code Editor autocomplete on import ... from '@/...'

fix(app): fix pull rate limit checker

fix(app/registries): sidebar menus and registry accesses users filtering

fix(api): add missing kube client factory

fix(kube): fetch dockerhub pull limits (#5133)

fix(app): pre review fixes (#5142)

* fix(app/registries): remove checkbox for endpointRegistries view

* fix(endpoints): allow access to default namespace

* fix(docker): fetch pull limits

* fix(kube/ns): show selected registries for non admin

Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>

chore(webpack): ignore missing sourcemaps

fix(registries): fetch registry config from url

feat(kube/registries): ignore not found when deleting secret

feat(db): move migration to db 31

fix(registries): fix bugs in PR EE-869 (#5169)

* fix(registries): hide role

* fix(endpoints): set empty access policy to edge endpoint

* fix(registry): remove double arguments

* fix(admin): ignore warning

* feat(kube/configurations): tag registry secrets (#5157)

* feat(kube/configurations): tag registry secrets

* feat(kube/secrets): show registry secrets for admins

* fix(registries): move dockerhub to beginning

* refactor(registries): use endpoint scoped registries

feat(registries): filter by namespace if supplied

feat(access-managment): filter users for registry (#5191)

* refactor(access-manage): move users selector to component

* feat(access-managment): filter users for registry

refactor(registries): sync code with CE (#5200)

* refactor(registry): add inspect handler under endpoints

* refactor(endpoint): sync endpoint_registries_list

* refactor(endpoints): sync registry_access

* fix(db): rename migration functions

* fix(registries): show accesses for admin

* fix(kube): set token on transport

* refactor(kube): move secret help to bottom

* fix(kuberentes): remove shouldLog parameter

* style(auth): add description of security.IsAdmin

* feat(security): allow admin access to registry

* feat(edge): connect to edge endpoint when creating client

* style(portainer): change deprecation version

* refactor(sidebar): hide manage

* refactor(containers): revert changes

* style(container): remove whitespace

* fix(endpoint): add handler to registy on endpointService

* refactor(image): use endpointService.registries

* fix(kueb/namespaces): rename resource pool to namespace

* fix(kube/namespace): move selected registries

* fix(api/registries): hide accesses on registry creation

Co-authored-by: LP B <xAt0mZ@users.noreply.github.com>

refactor(api): remove code duplication after rebase

fix(app/registries): replace last registry api usage by endpoint registry api

fix(api/endpoints): update registry access policies on endpoint deletion (#5226)

[EE-1027]

fix(db): update db version

* fix(dockerhub): fetch rate limits

* fix(registry/tests): supply restricred context

* fix(registries): show proget registry only when selected

* fix(registry): create dockerhub registry

* feat(db): move migrations to db 32

Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>

app/kubernetes/registries/kube-registry-access-view/index.js

@@ -0,0 +1,9 @@
+import controller from './kube-registry-access-view.controller';
+
+export const kubernetesRegistryAccessView = {
+  templateUrl: './kube-registry-access-view.html',
+  controller,
+  bindings: {
+    endpoint: '<',
+  },
+};

app/kubernetes/registries/kube-registry-access-view/kube-registry-access-view.controller.js

@@ -0,0 +1,70 @@
+export default class KubernetesRegistryAccessController {
+  /* @ngInject */
+  constructor($async, $state, EndpointService, Notifications, KubernetesResourcePoolService, KubernetesNamespaceHelper) {
+    this.$async = $async;
+    this.$state = $state;
+    this.Notifications = Notifications;
+    this.KubernetesResourcePoolService = KubernetesResourcePoolService;
+    this.KubernetesNamespaceHelper = KubernetesNamespaceHelper;
+    this.EndpointService = EndpointService;
+
+    this.state = {
+      actionInProgress: false,
+    };
+
+    this.selectedResourcePools = [];
+    this.resourcePools = [];
+    this.savedResourcePools = [];
+
+    this.handleRemove = this.handleRemove.bind(this);
+  }
+
+  async submit() {
+    return this.updateNamespaces([...this.savedResourcePools.map(({ value }) => value), ...this.selectedResourcePools.map((pool) => pool.name)]);
+  }
+
+  handleRemove(namespaces) {
+    const removeNamespaces = namespaces.map(({ value }) => value);
+
+    return this.updateNamespaces(this.savedResourcePools.map(({ value }) => value).filter((value) => !removeNamespaces.includes(value)));
+  }
+
+  updateNamespaces(namespaces) {
+    return this.$async(async () => {
+      try {
+        await this.EndpointService.updateRegistryAccess(this.endpoint.Id, this.registry.Id, {
+          namespaces,
+        });
+        this.$state.reload();
+      } catch (err) {
+        this.Notifications.error('Failure', err, 'Failed saving registry access');
+      }
+    });
+  }
+
+  $onInit() {
+    return this.$async(async () => {
+      try {
+        this.state = {
+          registryId: this.$state.params.id,
+        };
+        this.registry = await this.EndpointService.registry(this.endpoint.Id, this.state.registryId);
+        if (this.registry.RegistryAccesses && this.registry.RegistryAccesses[this.endpoint.Id]) {
+          this.savedResourcePools = this.registry.RegistryAccesses[this.endpoint.Id].Namespaces.map((value) => ({ value }));
+        }
+      } catch (err) {
+        this.Notifications.error('Failure', err, 'Unable to retrieve registry details');
+      }
+
+      try {
+        const resourcePools = await this.KubernetesResourcePoolService.get();
+
+        this.resourcePools = resourcePools
+          .filter((pool) => !this.KubernetesNamespaceHelper.isSystemNamespace(pool.Namespace.Name) && !this.savedResourcePools.find(({ value }) => value === pool.Namespace.Name))
+          .map((pool) => ({ name: pool.Namespace.Name, id: pool.Namespace.Id }));
+      } catch (err) {
+        this.Notifications.error('Failure', err, 'Unable to retrieve namespaces');
+      }
+    });
+  }
+}

app/kubernetes/registries/kube-registry-access-view/kube-registry-access-view.html

@@ -0,0 +1,72 @@
+<rd-header>
+  <rd-header-title title-text="Registry access"></rd-header-title>
+  <rd-header-content> <a ui-sref="kubernetes.registries">Registries</a> &gt; {{ $ctrl.registry.Name }} &gt; Access management </rd-header-content>
+</rd-header>
+
+<registry-details registry="$ctrl.registry" ng-if="$ctrl.registry"></registry-details>
+
+<div class="row">
+  <div class="col-sm-12">
+    <rd-widget>
+      <rd-widget-header icon="fa-user-lock" title-text="Create access"></rd-widget-header>
+      <rd-widget-body>
+        <form class="form-horizontal">
+          <div class="form-group">
+            <label class="col-sm-3 col-lg-2 control-label text-left" style="padding-top: 0;">
+              Select namespaces
+            </label>
+            <div class="col-sm-9 col-lg-4">
+              <span class="small text-muted" ng-if="!$ctrl.resourcePools.length">
+                No namespaces available.
+              </span>
+              <span
+                isteven-multi-select
+                ng-if="$ctrl.resourcePools.length"
+                input-model="$ctrl.resourcePools"
+                output-model="$ctrl.selectedResourcePools"
+                button-label="name"
+                item-label="name"
+                tick-property="ticked"
+                helper-elements="filter"
+                search-property="name"
+                translation="{nothingSelected: 'Select one or more namespaces', search: 'Search...'}"
+              >
+              </span>
+            </div>
+          </div>
+
+          <!-- actions -->
+          <div class="form-group">
+            <div class="col-sm-12">
+              <button
+                type="submit"
+                class="btn btn-primary btn-sm"
+                ng-disabled="$ctrl.selectedResourcePools.length === 0 || $ctrl.state.actionInProgress"
+                ng-click="$ctrl.submit()"
+                button-spinner="$ctrl.state.actionInProgress"
+              >
+                <span ng-hide="$ctrl.state.actionInProgress"><i class="fa fa-plus" aria-hidden="true"></i> Create access</span>
+                <span ng-show="$ctrl.state.actionInProgress">Creating access...</span>
+              </button>
+            </div>
+          </div>
+          <!-- !actions -->
+        </form>
+      </rd-widget-body>
+    </rd-widget>
+  </div>
+</div>
+<div class="row">
+  <div class="col-sm-12">
+    <strings-datatable
+      title-text="Access"
+      title-icon="fa-user-lock"
+      table-key="access_registry_resourcepools"
+      dataset="$ctrl.savedResourcePools"
+      empty-dataset-message="No namespace has been authorized yet."
+      on-remove="($ctrl.handleRemove)"
+      column-header="Namespace"
+    >
+    </strings-datatable>
+  </div>
+</div>