WIP: settings models

api/database/models/accessPolicy.go

@@ -0,0 +1,9 @@
+package models
+
+type (
+	// AccessPolicy represent a policy that can be associated to a user or team
+	AccessPolicy struct {
+		// Role identifier. Reference the role that will be associated to this access policy
+		RoleID RoleID `json:"RoleId" example:"1"`
+	}
+)

api/database/models/authorizations.go

@@ -0,0 +1,9 @@
+package models
+
+type (
+	// Authorization represents an authorization associated to an operation
+	Authorization string
+
+	// Authorizations represents a set of authorizations associated to a role
+	Authorizations map[Authorization]bool
+)

api/database/models/fdo.go

@@ -0,0 +1,21 @@
+package models
+
+type (
+	FDOConfiguration struct {
+		Enabled       bool   `json:"enabled"`
+		OwnerURL      string `json:"ownerURL"`
+		OwnerUsername string `json:"ownerUsername"`
+		OwnerPassword string `json:"ownerPassword"`
+	}
+
+	// FDOProfileID represents a fdo profile id
+	FDOProfileID int
+
+	FDOProfile struct {
+		ID            FDOProfileID `json:"id"`
+		Name          string       `json:"name"`
+		FilePath      string       `json:"filePath"`
+		NumberDevices int          `json:"numberDevices"`
+		DateCreated   int64        `json:"dateCreated"`
+	}
+)

api/database/models/ldap.go

@@ -0,0 +1,48 @@
+package models
+
+type (
+	// LDAPSettings represents the settings used to connect to a LDAP server
+	LDAPSettings struct {
+		// Enable this option if the server is configured for Anonymous access. When enabled, ReaderDN and Password will not be used
+		AnonymousMode bool `json:"AnonymousMode" example:"true" validate:"validate_bool"`
+		// Account that will be used to search for users
+		ReaderDN string `json:"ReaderDN" example:"cn=readonly-account,dc=ldap,dc=domain,dc=tld" validate:"required_if=AnonymousMode false"`
+		// Password of the account that will be used to search users
+		Password string `json:"Password,omitempty" example:"readonly-password" validate:"required_if=AnonymousMode false"`
+		// URL or IP address of the LDAP server
+		URL       string           `json:"URL" example:"myldap.domain.tld:389" validate:"hostname_port"`
+		TLSConfig TLSConfiguration `json:"TLSConfig"`
+		// Whether LDAP connection should use StartTLS
+		StartTLS            bool                      `json:"StartTLS" example:"true"`
+		SearchSettings      []LDAPSearchSettings      `json:"SearchSettings"`
+		GroupSearchSettings []LDAPGroupSearchSettings `json:"GroupSearchSettings"`
+		// Automatically provision users and assign them to matching LDAP group names
+		AutoCreateUsers bool `json:"AutoCreateUsers" example:"true"`
+	}
+
+	// LDAPUser represents a LDAP user
+	LDAPUser struct {
+		Name   string
+		Groups []string
+	}
+
+	// LDAPGroupSearchSettings represents settings used to search for groups in a LDAP server
+	LDAPGroupSearchSettings struct {
+		// The distinguished name of the element from which the LDAP server will search for groups
+		GroupBaseDN string `json:"GroupBaseDN" example:"dc=ldap,dc=domain,dc=tld"`
+		// The LDAP search filter used to select group elements, optional
+		GroupFilter string `json:"GroupFilter" example:"(objectClass=account"`
+		// LDAP attribute which denotes the group membership
+		GroupAttribute string `json:"GroupAttribute" example:"member"`
+	}
+
+	// LDAPSearchSettings represents settings used to search for users in a LDAP server
+	LDAPSearchSettings struct {
+		// The distinguished name of the element from which the LDAP server will search for users
+		BaseDN string `json:"BaseDN" example:"dc=ldap,dc=domain,dc=tld"`
+		// Optional LDAP search filter used to select user elements
+		Filter string `json:"Filter" example:"(objectClass=account)"`
+		// LDAP attribute which denotes the username
+		UserNameAttribute string `json:"UserNameAttribute" example:"uid"`
+	}
+)

api/database/models/membership.go

@@ -0,0 +1,6 @@
+package models
+
+type (
+	// MembershipRole represents the role of a user within a team
+	MembershipRole int
+)

api/database/models/openamt.go

@@ -0,0 +1,37 @@
+package models
+
+type (
+	// PowerState represents an AMT managed device power state
+	PowerState int
+
+	// OpenAMTConfiguration represents the credentials and configurations used to connect to an OpenAMT MPS server
+	OpenAMTConfiguration struct {
+		Enabled          bool   `json:"enabled"`
+		MPSServer        string `json:"mpsServer"`
+		MPSUser          string `json:"mpsUser"`
+		MPSPassword      string `json:"mpsPassword"`
+		MPSToken         string `json:"mpsToken"` // retrieved from API
+		CertFileName     string `json:"certFileName"`
+		CertFileContent  string `json:"certFileContent"`
+		CertFilePassword string `json:"certFilePassword"`
+		DomainName       string `json:"domainName"`
+	}
+
+	// OpenAMTDeviceInformation represents an AMT managed device information
+	OpenAMTDeviceInformation struct {
+		GUID             string                        `json:"guid"`
+		HostName         string                        `json:"hostname"`
+		ConnectionStatus bool                          `json:"connectionStatus"`
+		PowerState       PowerState                    `json:"powerState"`
+		EnabledFeatures  *OpenAMTDeviceEnabledFeatures `json:"features"`
+	}
+
+	// OpenAMTDeviceEnabledFeatures represents an AMT managed device features information
+	OpenAMTDeviceEnabledFeatures struct {
+		Redirection bool   `json:"redirection"`
+		KVM         bool   `json:"KVM"`
+		SOL         bool   `json:"SOL"`
+		IDER        bool   `json:"IDER"`
+		UserConsent string `json:"userConsent"`
+	}
+)

api/database/models/resourceAccess.go

@@ -0,0 +1,6 @@
+package models
+
+type (
+	// ResourceAccessLevel represents the level of control associated to a resource
+	ResourceAccessLevel int
+)

api/database/models/role.go

@@ -0,0 +1,20 @@
+package models
+
+type (
+	// Role represents a set of authorizations that can be associated to a user or
+	// to a team.
+	Role struct {
+		// Role Identifier
+		ID RoleID `json:"Id" example:"1"`
+		// Role name
+		Name string `json:"Name" example:"HelpDesk"`
+		// Role description
+		Description string `json:"Description" example:"Read-only access of all resources in an environment(endpoint)"`
+		// Authorizations associated to a role
+		Authorizations Authorizations `json:"Authorizations"`
+		Priority       int            `json:"Priority"`
+	}
+
+	// RoleID represents a role identifier
+	RoleID int
+)

api/database/models/settings.go

@@ -0,0 +1,118 @@
+package models
+
+const (
+	_ AuthenticationMethod = iota
+	// AuthenticationInternal represents the internal authentication method (authentication against Portainer API)
+	AuthenticationInternal
+	// AuthenticationLDAP represents the LDAP authentication method (authentication against a LDAP server)
+	AuthenticationLDAP
+	//AuthenticationOAuth represents the OAuth authentication method (authentication against a authorization server)
+	AuthenticationOAuth
+)
+
+type (
+
+	// AuthenticationMethod represents the authentication method used to authenticate a user
+	AuthenticationMethod int
+
+	// InternalAuthSettings represents settings used for the default 'internal' authentication
+	InternalAuthSettings struct {
+		RequiredPasswordLength int
+	}
+
+	// OAuthSettings represents the settings used to authorize with an authorization server
+	OAuthSettings struct {
+		ClientID             string `json:"ClientID"`
+		ClientSecret         string `json:"ClientSecret,omitempty"`
+		AccessTokenURI       string `json:"AccessTokenURI"`
+		AuthorizationURI     string `json:"AuthorizationURI"`
+		ResourceURI          string `json:"ResourceURI"`
+		RedirectURI          string `json:"RedirectURI"`
+		UserIdentifier       string `json:"UserIdentifier"`
+		Scopes               string `json:"Scopes"`
+		OAuthAutoCreateUsers bool   `json:"OAuthAutoCreateUsers"`
+		DefaultTeamID        TeamID `json:"DefaultTeamID"`
+		SSO                  bool   `json:"SSO"`
+		LogoutURI            string `json:"LogoutURI"`
+		KubeSecretKey        []byte `json:"KubeSecretKey"`
+	}
+
+	// Settings represents the application settings
+	Settings struct {
+		// URL to a logo that will be displayed on the login page as well as on top of the sidebar. Will use default Portainer logo when value is empty string
+		LogoURL string `json:"LogoURL" example:"https://mycompany.mydomain.tld/logo.png"`
+		// A list of label name & value that will be used to hide containers when querying containers
+		BlackListedLabels []Pair `json:"BlackListedLabels"`
+		// Active authentication method for the Portainer instance. Valid values are: 1 for internal, 2 for LDAP, or 3 for oauth
+		AuthenticationMethod AuthenticationMethod `json:"AuthenticationMethod" example:"1"`
+		InternalAuthSettings InternalAuthSettings `json:"InternalAuthSettings" example:""`
+		LDAPSettings         LDAPSettings         `json:"LDAPSettings" example:""`
+		OAuthSettings        OAuthSettings        `json:"OAuthSettings" example:""`
+		OpenAMTConfiguration OpenAMTConfiguration `json:"openAMTConfiguration" example:""`
+		FDOConfiguration     FDOConfiguration     `json:"fdoConfiguration" example:""`
+		FeatureFlagSettings  map[Feature]bool     `json:"FeatureFlagSettings" example:""`
+		// The interval in which environment(endpoint) snapshots are created
+		SnapshotInterval string `json:"SnapshotInterval" example:"5m"`
+		// URL to the templates that will be displayed in the UI when navigating to App Templates
+		TemplatesURL string `json:"TemplatesURL" example:"https://raw.githubusercontent.com/portainer/templates/master/templates.json"`
+		// The default check in interval for edge agent (in seconds)
+		EdgeAgentCheckinInterval int `json:"EdgeAgentCheckinInterval" example:"5"`
+		// Whether edge compute features are enabled
+		EnableEdgeComputeFeatures bool `json:"EnableEdgeComputeFeatures" example:""`
+		// The duration of a user session
+		UserSessionTimeout string `json:"UserSessionTimeout" example:"5m"`
+		// The expiry of a Kubeconfig
+		KubeconfigExpiry string `json:"KubeconfigExpiry" example:"24h"`
+		// Whether telemetry is enabled
+		EnableTelemetry bool `json:"EnableTelemetry" example:"false"`
+		// Helm repository URL, defaults to "https://charts.bitnami.com/bitnami"
+		HelmRepositoryURL string `json:"HelmRepositoryURL" example:"https://charts.bitnami.com/bitnami"`
+		// KubectlImage, defaults to portainer/kubectl-shell
+		KubectlShellImage string `json:"KubectlShellImage" example:"portainer/kubectl-shell"`
+		// TrustOnFirstConnect makes Portainer accepting edge agent connection by default
+		TrustOnFirstConnect bool `json:"TrustOnFirstConnect" example:"false"`
+		// EnforceEdgeID makes Portainer store the Edge ID instead of accepting anyone
+		EnforceEdgeID bool `json:"EnforceEdgeID" example:"false"`
+		// Container environment parameter AGENT_SECRET
+		AgentSecret string `json:"AgentSecret"`
+		// EdgePortainerURL is the URL that is exposed to edge agents
+		EdgePortainerURL string `json:"EdgePortainerUrl"`
+
+		Edge struct {
+			// The command list interval for edge agent - used in edge async mode (in seconds)
+			CommandInterval int `json:"CommandInterval" example:"5"`
+			// The ping interval for edge agent - used in edge async mode (in seconds)
+			PingInterval int `json:"PingInterval" example:"5"`
+			// The snapshot interval for edge agent - used in edge async mode (in seconds)
+			SnapshotInterval int `json:"SnapshotInterval" example:"5"`
+			// EdgeAsyncMode enables edge async mode by default
+			AsyncMode bool
+		}
+
+		// Deprecated fields
+		DisplayDonationHeader       bool
+		DisplayExternalContributors bool
+
+		// Deprecated fields v26
+		EnableHostManagementFeatures              bool `json:"EnableHostManagementFeatures"`
+		AllowVolumeBrowserForRegularUsers         bool `json:"AllowVolumeBrowserForRegularUsers"`
+		AllowBindMountsForRegularUsers            bool `json:"AllowBindMountsForRegularUsers"`
+		AllowPrivilegedModeForRegularUsers        bool `json:"AllowPrivilegedModeForRegularUsers"`
+		AllowHostNamespaceForRegularUsers         bool `json:"AllowHostNamespaceForRegularUsers"`
+		AllowStackManagementForRegularUsers       bool `json:"AllowStackManagementForRegularUsers"`
+		AllowDeviceMappingForRegularUsers         bool `json:"AllowDeviceMappingForRegularUsers"`
+		AllowContainerCapabilitiesForRegularUsers bool `json:"AllowContainerCapabilitiesForRegularUsers"`
+	}
+
+	/**
+	extras
+	*/
+	// Pair defines a key/value string pair
+	Pair struct {
+		Name  string `json:"name" example:"name"`
+		Value string `json:"value" example:"value"`
+	}
+
+	// Feature represents a feature that can be enabled or disabled via feature flags
+	Feature string
+)

api/database/models/team.go

@@ -0,0 +1,38 @@
+package models
+
+type (
+	// Team represents a list of user accounts
+	Team struct {
+		// Team Identifier
+		ID TeamID `json:"Id" example:"1"`
+		// Team name
+		Name string `json:"Name" example:"developers"`
+	}
+
+	// TeamAccessPolicies represent the association of an access policy and a team
+	TeamAccessPolicies map[TeamID]AccessPolicy
+
+	// TeamID represents a team identifier
+	TeamID int
+
+	// TeamMembership represents a membership association between a user and a team
+	TeamMembership struct {
+		// Membership Identifier
+		ID TeamMembershipID `json:"Id" example:"1"`
+		// User identifier
+		UserID UserID `json:"UserID" example:"1"`
+		// Team identifier
+		TeamID TeamID `json:"TeamID" example:"1"`
+		// Team role (1 for team leader and 2 for team member)
+		Role MembershipRole `json:"Role" example:"1"`
+	}
+
+	// TeamMembershipID represents a team membership identifier
+	TeamMembershipID int
+
+	// TeamResourceAccess represents the level of control on a resource for a specific team
+	TeamResourceAccess struct {
+		TeamID      TeamID              `json:"TeamId"`
+		AccessLevel ResourceAccessLevel `json:"AccessLevel"`
+	}
+)

api/database/models/tls.go

@@ -0,0 +1,17 @@
+package models
+
+type (
+	// TLSConfiguration represents a TLS configuration
+	TLSConfiguration struct {
+		// Use TLS
+		TLS bool `json:"TLS" example:"true"`
+		// Skip the verification of the server TLS certificate
+		TLSSkipVerify bool `json:"TLSSkipVerify" example:"false"`
+		// Path to the TLS CA certificate file
+		TLSCACertPath string `json:"TLSCACert,omitempty" example:"/data/tls/ca.pem"`
+		// Path to the TLS client certificate file
+		TLSCertPath string `json:"TLSCert,omitempty" example:"/data/tls/cert.pem"`
+		// Path to the TLS client key file
+		TLSKeyPath string `json:"TLSKey,omitempty" example:"/data/tls/key.pem"`
+	}
+)

api/database/models/user.go

@@ -0,0 +1,6 @@
+package models
+
+type (
+	// UserID represents a user identifier
+	UserID int
+)