feat(api): introduce new datastore interface (#3802)

* feat(api): introduce new datastore interface * refactor(api): refactor http and main layers * refactor(api): refactor http and bolt layers
2025-07-23 07:19:41 +02:00 · 2020-05-20 17:23:15 +12:00 · 2020-05-20 17:23:15 +12:00 · 25103f08f9
commit 25103f08f9
parent 493de20540
151 changed files with 792 additions and 1004 deletions
--- a/api/http/proxy/factory/docker.go
+++ b/api/http/proxy/factory/docker.go
@ -56,18 +56,11 @@ func (factory *ProxyFactory) newDockerHTTPProxy(endpoint *portainer.Endpoint) (h
 	}

 	transportParameters := &docker.TransportParameters{
-		Endpoint:               endpoint,
-		ResourceControlService: factory.resourceControlService,
-		UserService:            factory.userService,
-		TeamService:            factory.teamService,
-		TeamMembershipService:  factory.teamMembershipService,
-		RegistryService:        factory.registryService,
-		DockerHubService:       factory.dockerHubService,
-		SettingsService:        factory.settingsService,
-		ReverseTunnelService:   factory.reverseTunnelService,
-		ExtensionService:       factory.extensionService,
-		SignatureService:       factory.signatureService,
-		DockerClientFactory:    factory.dockerClientFactory,
+		Endpoint:             endpoint,
+		DataStore:            factory.dataStore,
+		ReverseTunnelService: factory.reverseTunnelService,
+		SignatureService:     factory.signatureService,
+		DockerClientFactory:  factory.dockerClientFactory,
 	}

 	dockerTransport, err := docker.NewTransport(transportParameters, httpTransport)
--- a/api/http/proxy/factory/docker/access_control.go
+++ b/api/http/proxy/factory/docker/access_control.go
@ -32,7 +32,7 @@ func (transport *Transport) newResourceControlFromPortainerLabels(labelsObject m
 	if labelsObject[resourceLabelForPortainerPublicResourceControl] != nil {
 		resourceControl := portainer.NewPublicResourceControl(resourceID, resourceType)

-		err := transport.resourceControlService.CreateResourceControl(resourceControl)
+		err := transport.dataStore.ResourceControl().CreateResourceControl(resourceControl)
 		if err != nil {
 			return nil, err
 		}
@ -57,7 +57,7 @@ func (transport *Transport) newResourceControlFromPortainerLabels(labelsObject m
 		userIDs := make([]portainer.UserID, 0)

 		for _, name := range teamNames {
-			team, err := transport.teamService.TeamByName(name)
+			team, err := transport.dataStore.Team().TeamByName(name)
 			if err != nil {
 				log.Printf("[WARN] [http,proxy,docker] [message: unknown team name in access control label, ignoring access control rule for this team] [name: %s] [resource_id: %s]", name, resourceID)
 				continue
@ -67,7 +67,7 @@ func (transport *Transport) newResourceControlFromPortainerLabels(labelsObject m
 		}

 		for _, name := range userNames {
-			user, err := transport.userService.UserByUsername(name)
+			user, err := transport.dataStore.User().UserByUsername(name)
 			if err != nil {
 				log.Printf("[WARN] [http,proxy,docker] [message: unknown user name in access control label, ignoring access control rule for this user] [name: %s] [resource_id: %s]", name, resourceID)
 				continue
@ -78,7 +78,7 @@ func (transport *Transport) newResourceControlFromPortainerLabels(labelsObject m

 		resourceControl := portainer.NewRestrictedResourceControl(resourceID, resourceType, userIDs, teamIDs)

-		err := transport.resourceControlService.CreateResourceControl(resourceControl)
+		err := transport.dataStore.ResourceControl().CreateResourceControl(resourceControl)
 		if err != nil {
 			return nil, err
 		}
@ -92,7 +92,7 @@ func (transport *Transport) newResourceControlFromPortainerLabels(labelsObject m
 func (transport *Transport) createPrivateResourceControl(resourceIdentifier string, resourceType portainer.ResourceControlType, userID portainer.UserID) (*portainer.ResourceControl, error) {
 	resourceControl := portainer.NewPrivateResourceControl(resourceIdentifier, resourceType, userID)

-	err := transport.resourceControlService.CreateResourceControl(resourceControl)
+	err := transport.dataStore.ResourceControl().CreateResourceControl(resourceControl)
 	if err != nil {
 		log.Printf("[ERROR] [http,proxy,docker,transport] [message: unable to persist resource control] [resource: %s] [err: %s]", resourceIdentifier, err)
 		return nil, err
--- a/api/http/proxy/factory/docker/transport.go
+++ b/api/http/proxy/factory/docker/transport.go
@ -24,36 +24,22 @@ type (
 	// Transport is a custom transport for Docker API reverse proxy. It allows
 	// interception of requests and rewriting of responses.
 	Transport struct {
-		HTTPTransport          *http.Transport
-		endpoint               *portainer.Endpoint
-		resourceControlService portainer.ResourceControlService
-		userService            portainer.UserService
-		teamService            portainer.TeamService
-		teamMembershipService  portainer.TeamMembershipService
-		registryService        portainer.RegistryService
-		dockerHubService       portainer.DockerHubService
-		settingsService        portainer.SettingsService
-		signatureService       portainer.DigitalSignatureService
-		reverseTunnelService   portainer.ReverseTunnelService
-		extensionService       portainer.ExtensionService
-		dockerClient           *client.Client
-		dockerClientFactory    *docker.ClientFactory
+		HTTPTransport        *http.Transport
+		endpoint             *portainer.Endpoint
+		dataStore            portainer.DataStore
+		signatureService     portainer.DigitalSignatureService
+		reverseTunnelService portainer.ReverseTunnelService
+		dockerClient         *client.Client
+		dockerClientFactory  *docker.ClientFactory
 	}

 	// TransportParameters is used to create a new Transport
 	TransportParameters struct {
-		Endpoint               *portainer.Endpoint
-		ResourceControlService portainer.ResourceControlService
-		UserService            portainer.UserService
-		TeamService            portainer.TeamService
-		TeamMembershipService  portainer.TeamMembershipService
-		RegistryService        portainer.RegistryService
-		DockerHubService       portainer.DockerHubService
-		SettingsService        portainer.SettingsService
-		SignatureService       portainer.DigitalSignatureService
-		ReverseTunnelService   portainer.ReverseTunnelService
-		ExtensionService       portainer.ExtensionService
-		DockerClientFactory    *docker.ClientFactory
+		Endpoint             *portainer.Endpoint
+		DataStore            portainer.DataStore
+		SignatureService     portainer.DigitalSignatureService
+		ReverseTunnelService portainer.ReverseTunnelService
+		DockerClientFactory  *docker.ClientFactory
 	}

 	restrictedDockerOperationContext struct {
@ -80,20 +66,13 @@ func NewTransport(parameters *TransportParameters, httpTransport *http.Transport
 	}

 	transport := &Transport{
-		endpoint:               parameters.Endpoint,
-		resourceControlService: parameters.ResourceControlService,
-		userService:            parameters.UserService,
-		teamService:            parameters.TeamService,
-		teamMembershipService:  parameters.TeamMembershipService,
-		registryService:        parameters.RegistryService,
-		dockerHubService:       parameters.DockerHubService,
-		settingsService:        parameters.SettingsService,
-		signatureService:       parameters.SignatureService,
-		reverseTunnelService:   parameters.ReverseTunnelService,
-		extensionService:       parameters.ExtensionService,
-		dockerClientFactory:    parameters.DockerClientFactory,
-		HTTPTransport:          httpTransport,
-		dockerClient:           dockerClient,
+		endpoint:             parameters.Endpoint,
+		dataStore:            parameters.DataStore,
+		signatureService:     parameters.SignatureService,
+		reverseTunnelService: parameters.ReverseTunnelService,
+		dockerClientFactory:  parameters.DockerClientFactory,
+		HTTPTransport:        httpTransport,
+		dockerClient:         dockerClient,
 	}

 	return transport, nil
@ -429,18 +408,18 @@ func (transport *Transport) restrictedResourceOperation(request *http.Request, r
 	}

 	if tokenData.Role != portainer.AdministratorRole {
-		rbacExtension, err := transport.extensionService.Extension(portainer.RBACExtension)
+		rbacExtension, err := transport.dataStore.Extension().Extension(portainer.RBACExtension)
 		if err != nil && err != portainer.ErrObjectNotFound {
 			return nil, err
 		}

-		user, err := transport.userService.User(tokenData.ID)
+		user, err := transport.dataStore.User().User(tokenData.ID)
 		if err != nil {
 			return nil, err
 		}

 		if volumeBrowseRestrictionCheck {
-			settings, err := transport.settingsService.Settings()
+			settings, err := transport.dataStore.Settings().Settings()
 			if err != nil {
 				return nil, err
 			}
@ -468,7 +447,7 @@ func (transport *Transport) restrictedResourceOperation(request *http.Request, r
 			return transport.executeDockerRequest(request)
 		}

-		teamMemberships, err := transport.teamMembershipService.TeamMembershipsByUserID(tokenData.ID)
+		teamMemberships, err := transport.dataStore.TeamMembership().TeamMembershipsByUserID(tokenData.ID)
 		if err != nil {
 			return nil, err
 		}
@ -478,7 +457,7 @@ func (transport *Transport) restrictedResourceOperation(request *http.Request, r
 			userTeamIDs = append(userTeamIDs, membership.TeamID)
 		}

-		resourceControls, err := transport.resourceControlService.ResourceControls()
+		resourceControls, err := transport.dataStore.ResourceControl().ResourceControls()
 		if err != nil {
 			return nil, err
 		}
@ -516,7 +495,7 @@ func (transport *Transport) rewriteOperationWithLabelFiltering(request *http.Req
 		return nil, err
 	}

-	settings, err := transport.settingsService.Settings()
+	settings, err := transport.dataStore.Settings().Settings()
 	if err != nil {
 		return nil, err
 	}
@ -610,13 +589,13 @@ func (transport *Transport) executeGenericResourceDeletionOperation(request *htt
 		return response, err
 	}

-	resourceControl, err := transport.resourceControlService.ResourceControlByResourceIDAndType(resourceIdentifierAttribute, resourceType)
+	resourceControl, err := transport.dataStore.ResourceControl().ResourceControlByResourceIDAndType(resourceIdentifierAttribute, resourceType)
 	if err != nil {
 		return response, err
 	}

 	if resourceControl != nil {
-		err = transport.resourceControlService.DeleteResourceControl(resourceControl.ID)
+		err = transport.dataStore.ResourceControl().DeleteResourceControl(resourceControl.ID)
 		if err != nil {
 			return response, err
 		}
@ -661,13 +640,13 @@ func (transport *Transport) createRegistryAccessContext(request *http.Request) (
 		userID:  tokenData.ID,
 	}

-	hub, err := transport.dockerHubService.DockerHub()
+	hub, err := transport.dataStore.DockerHub().DockerHub()
 	if err != nil {
 		return nil, err
 	}
 	accessContext.dockerHub = hub

-	registries, err := transport.registryService.Registries()
+	registries, err := transport.dataStore.Registry().Registries()
 	if err != nil {
 		return nil, err
 	}
@ -676,7 +655,7 @@ func (transport *Transport) createRegistryAccessContext(request *http.Request) (
 	if tokenData.Role != portainer.AdministratorRole {
 		accessContext.isAdmin = false

-		teamMemberships, err := transport.teamMembershipService.TeamMembershipsByUserID(tokenData.ID)
+		teamMemberships, err := transport.dataStore.TeamMembership().TeamMembershipsByUserID(tokenData.ID)
 		if err != nil {
 			return nil, err
 		}
@ -694,7 +673,7 @@ func (transport *Transport) createOperationContext(request *http.Request) (*rest
 		return nil, err
 	}

-	resourceControls, err := transport.resourceControlService.ResourceControls()
+	resourceControls, err := transport.dataStore.ResourceControl().ResourceControls()
 	if err != nil {
 		return nil, err
 	}
@ -709,7 +688,7 @@ func (transport *Transport) createOperationContext(request *http.Request) (*rest
 	if tokenData.Role != portainer.AdministratorRole {
 		operationContext.isAdmin = false

-		user, err := transport.userService.User(operationContext.userID)
+		user, err := transport.dataStore.User().User(operationContext.userID)
 		if err != nil {
 			return nil, err
 		}
@ -719,7 +698,7 @@ func (transport *Transport) createOperationContext(request *http.Request) (*rest
 			operationContext.endpointResourceAccess = true
 		}

-		teamMemberships, err := transport.teamMembershipService.TeamMembershipsByUserID(tokenData.ID)
+		teamMemberships, err := transport.dataStore.TeamMembership().TeamMembershipsByUserID(tokenData.ID)
 		if err != nil {
 			return nil, err
 		}
--- a/api/http/proxy/factory/docker_unix.go
+++ b/api/http/proxy/factory/docker_unix.go
@ -12,18 +12,11 @@ import (

 func (factory ProxyFactory) newOSBasedLocalProxy(path string, endpoint *portainer.Endpoint) (http.Handler, error) {
 	transportParameters := &docker.TransportParameters{
-		Endpoint:               endpoint,
-		ResourceControlService: factory.resourceControlService,
-		UserService:            factory.userService,
-		TeamService:            factory.teamService,
-		TeamMembershipService:  factory.teamMembershipService,
-		RegistryService:        factory.registryService,
-		DockerHubService:       factory.dockerHubService,
-		SettingsService:        factory.settingsService,
-		ReverseTunnelService:   factory.reverseTunnelService,
-		ExtensionService:       factory.extensionService,
-		SignatureService:       factory.signatureService,
-		DockerClientFactory:    factory.dockerClientFactory,
+		Endpoint:             endpoint,
+		DataStore:            factory.dataStore,
+		ReverseTunnelService: factory.reverseTunnelService,
+		SignatureService:     factory.signatureService,
+		DockerClientFactory:  factory.dockerClientFactory,
 	}

 	proxy := &dockerLocalProxy{}
--- a/api/http/proxy/factory/docker_windows.go
+++ b/api/http/proxy/factory/docker_windows.go
@ -13,18 +13,11 @@ import (

 func (factory ProxyFactory) newOSBasedLocalProxy(path string, endpoint *portainer.Endpoint) (http.Handler, error) {
 	transportParameters := &docker.TransportParameters{
-		Endpoint:               endpoint,
-		ResourceControlService: factory.resourceControlService,
-		UserService:            factory.userService,
-		TeamService:            factory.teamService,
-		TeamMembershipService:  factory.teamMembershipService,
-		RegistryService:        factory.registryService,
-		DockerHubService:       factory.dockerHubService,
-		SettingsService:        factory.settingsService,
-		ReverseTunnelService:   factory.reverseTunnelService,
-		ExtensionService:       factory.extensionService,
-		SignatureService:       factory.signatureService,
-		DockerClientFactory:    factory.dockerClientFactory,
+		Endpoint:             endpoint,
+		DataStore:            factory.dataStore,
+		ReverseTunnelService: factory.reverseTunnelService,
+		SignatureService:     factory.signatureService,
+		DockerClientFactory:  factory.dockerClientFactory,
 	}

 	proxy := &dockerLocalProxy{}
--- a/api/http/proxy/factory/factory.go
+++ b/api/http/proxy/factory/factory.go
@ -19,49 +19,20 @@ var extensionPorts = map[portainer.ExtensionID]string{
 type (
 	// ProxyFactory is a factory to create reverse proxies to Docker endpoints and extensions
 	ProxyFactory struct {
-		resourceControlService portainer.ResourceControlService
-		userService            portainer.UserService
-		teamService            portainer.TeamService
-		teamMembershipService  portainer.TeamMembershipService
-		settingsService        portainer.SettingsService
-		registryService        portainer.RegistryService
-		dockerHubService       portainer.DockerHubService
-		signatureService       portainer.DigitalSignatureService
-		reverseTunnelService   portainer.ReverseTunnelService
-		extensionService       portainer.ExtensionService
-		dockerClientFactory    *docker.ClientFactory
-	}
-
-	// ProxyFactoryParameters is used to create a new ProxyFactory
-	ProxyFactoryParameters struct {
-		ResourceControlService portainer.ResourceControlService
-		UserService            portainer.UserService
-		TeamService            portainer.TeamService
-		TeamMembershipService  portainer.TeamMembershipService
-		SettingsService        portainer.SettingsService
-		RegistryService        portainer.RegistryService
-		DockerHubService       portainer.DockerHubService
-		SignatureService       portainer.DigitalSignatureService
-		ReverseTunnelService   portainer.ReverseTunnelService
-		ExtensionService       portainer.ExtensionService
-		DockerClientFactory    *docker.ClientFactory
+		dataStore            portainer.DataStore
+		signatureService     portainer.DigitalSignatureService
+		reverseTunnelService portainer.ReverseTunnelService
+		dockerClientFactory  *docker.ClientFactory
 	}
 )

 // NewProxyFactory returns a pointer to a new instance of a ProxyFactory
-func NewProxyFactory(parameters *ProxyFactoryParameters) *ProxyFactory {
+func NewProxyFactory(dataStore portainer.DataStore, signatureService portainer.DigitalSignatureService, tunnelService portainer.ReverseTunnelService, clientFactory *docker.ClientFactory) *ProxyFactory {
 	return &ProxyFactory{
-		resourceControlService: parameters.ResourceControlService,
-		userService:            parameters.UserService,
-		teamService:            parameters.TeamService,
-		teamMembershipService:  parameters.TeamMembershipService,
-		settingsService:        parameters.SettingsService,
-		registryService:        parameters.RegistryService,
-		dockerHubService:       parameters.DockerHubService,
-		signatureService:       parameters.SignatureService,
-		reverseTunnelService:   parameters.ReverseTunnelService,
-		extensionService:       parameters.ExtensionService,
-		dockerClientFactory:    parameters.DockerClientFactory,
+		dataStore:            dataStore,
+		signatureService:     signatureService,
+		reverseTunnelService: tunnelService,
+		dockerClientFactory:  clientFactory,
 	}
 }

--- a/api/http/proxy/manager.go
+++ b/api/http/proxy/manager.go
@ -20,44 +20,15 @@ type (
 		extensionProxies       cmap.ConcurrentMap
 		legacyExtensionProxies cmap.ConcurrentMap
 	}
-
-	// ManagerParams represents the required parameters to create a new Manager instance.
-	ManagerParams struct {
-		ResourceControlService portainer.ResourceControlService
-		UserService            portainer.UserService
-		TeamService            portainer.TeamService
-		TeamMembershipService  portainer.TeamMembershipService
-		SettingsService        portainer.SettingsService
-		RegistryService        portainer.RegistryService
-		DockerHubService       portainer.DockerHubService
-		SignatureService       portainer.DigitalSignatureService
-		ReverseTunnelService   portainer.ReverseTunnelService
-		ExtensionService       portainer.ExtensionService
-		DockerClientFactory    *docker.ClientFactory
-	}
 )

 // NewManager initializes a new proxy Service
-func NewManager(parameters *ManagerParams) *Manager {
-	proxyFactoryParameters := &factory.ProxyFactoryParameters{
-		ResourceControlService: parameters.ResourceControlService,
-		UserService:            parameters.UserService,
-		TeamService:            parameters.TeamService,
-		TeamMembershipService:  parameters.TeamMembershipService,
-		SettingsService:        parameters.SettingsService,
-		RegistryService:        parameters.RegistryService,
-		DockerHubService:       parameters.DockerHubService,
-		SignatureService:       parameters.SignatureService,
-		ReverseTunnelService:   parameters.ReverseTunnelService,
-		ExtensionService:       parameters.ExtensionService,
-		DockerClientFactory:    parameters.DockerClientFactory,
-	}
-
+func NewManager(dataStore portainer.DataStore, signatureService portainer.DigitalSignatureService, tunnelService portainer.ReverseTunnelService, clientFactory *docker.ClientFactory) *Manager {
 	return &Manager{
 		endpointProxies:        cmap.New(),
 		extensionProxies:       cmap.New(),
 		legacyExtensionProxies: cmap.New(),
-		proxyFactory:           factory.NewProxyFactory(proxyFactoryParameters),
+		proxyFactory:           factory.NewProxyFactory(dataStore, signatureService, tunnelService, clientFactory),
 	}
 }