feat(extensions): introduce extension support (#2527)

* wip

* wip: missing repository & tags removal

* feat(registry): private registry management

* style(plugin-details): update view

* wip

* wip

* wip

* feat(plugins): add license info

* feat(plugins): browse feature preview

* feat(registry-configure): add the ability to configure registry management

* style(app): update text in app

* feat(plugins): add plugin version number

* feat(plugins): wip plugin upgrade process

* feat(plugins): wip plugin upgrade

* feat(plugins): add the ability to update a plugin

* feat(plugins): init plugins at startup time

* feat(plugins): add the ability to remove a plugin

* feat(plugins): update to latest plugin definitions

* feat(plugins): introduce plugin-tooltip component

* refactor(app): relocate plugin files to app/plugins

* feat(plugins): introduce PluginDefinitionsURL constant

* feat(plugins): update the flags used by the plugins

* feat(plugins): wip

* feat(plugins): display a label when a plugin has expired

* wip

* feat(registry-creation): update registry creation logic

* refactor(registry-creation): change name/ids for inputs

* feat(api): pass registry type to management configuration

* feat(api): unstrip /v2 in regsitry proxy

* docs(api): add TODO

* feat(store): mockup-1

* feat(store): mockup 2

* feat(store): mockup 2

* feat(store): update mockup-2

* feat(app): add unauthenticated event check

* update gruntfile

* style(support): update support views

* style(support): update product views

* refactor(extensions): refactor plugins to extensions

* feat(extensions): add a deal property

* feat(extensions): introduce ExtensionManager

* style(extensions): update extension details style

* feat(extensions): display license/company when enabling extension

* feat(extensions): update extensions views

* feat(extensions): use ProductId defined in extension schema

* style(app): remove padding left for form section title elements

* style(support): use per host model

* refactor(extensions): multiple refactors related to extensions mecanism

* feat(extensions): update tls file path for registry extension

* feat(extensions): update registry management configuration

* feat(extensions): send license in header to extension proxy

* fix(proxy): fix invalid default loopback address

* feat(extensions): add header X-RegistryManagement-ForceNew for specific operations

* feat(extensions): add the ability to display screenshots

* feat(extensions): center screenshots

* style(extensions): tune style

* feat(extensions-details): open full screen image on click (#2517)

* feat(extension-details): show magnifying glass on images

* feat(extensions): support extension logo

* feat(extensions): update support logos

* refactor(lint): fix lint issues

api/http/handler/endpointproxy/proxy_storidge.go

@@ -1,5 +1,7 @@
 package endpointproxy
 
+// TODO: legacy extension management
+
 import (
 	"strconv"
 
@@ -42,9 +44,9 @@ func (handler *Handler) proxyRequestsToStoridgeAPI(w http.ResponseWriter, r *htt
 	proxyExtensionKey := string(endpoint.ID) + "_" + string(portainer.StoridgeEndpointExtension)
 
 	var proxy http.Handler
-	proxy = handler.ProxyManager.GetExtensionProxy(proxyExtensionKey)
+	proxy = handler.ProxyManager.GetLegacyExtensionProxy(proxyExtensionKey)
 	if proxy == nil {
-		proxy, err = handler.ProxyManager.CreateAndRegisterExtensionProxy(proxyExtensionKey, storidgeExtension.URL)
+		proxy, err = handler.ProxyManager.CreateLegacyExtensionProxy(proxyExtensionKey, storidgeExtension.URL)
 		if err != nil {
 			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to create extension proxy", err}
 		}

api/http/handler/endpoints/endpoint_delete.go

@@ -42,7 +42,6 @@ func (handler *Handler) endpointDelete(w http.ResponseWriter, r *http.Request) *
 	}
 
 	handler.ProxyManager.DeleteProxy(string(endpointID))
-	handler.ProxyManager.DeleteExtensionProxies(string(endpointID))
 
 	return response.Empty(w)
 }

api/http/handler/endpoints/endpoint_extension_add.go

@@ -1,5 +1,7 @@
 package endpoints
 
+// TODO: legacy extension management
+
 import (
 	"net/http"
 

api/http/handler/endpoints/endpoint_extension_remove.go

@@ -1,5 +1,7 @@
 package endpoints
 
+// TODO: legacy extension management
+
 import (
 	"net/http"
 

api/http/handler/extensions/extension_create.go

@@ -0,0 +1,79 @@
+package extensions
+
+import (
+	"net/http"
+	"strconv"
+
+	"github.com/asaskevich/govalidator"
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+	"github.com/portainer/portainer"
+)
+
+type extensionCreatePayload struct {
+	License string
+}
+
+func (payload *extensionCreatePayload) Validate(r *http.Request) error {
+	if govalidator.IsNull(payload.License) {
+		return portainer.Error("Invalid license")
+	}
+
+	return nil
+}
+
+func (handler *Handler) extensionCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	var payload extensionCreatePayload
+	err := request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
+	}
+
+	extensionIdentifier, err := strconv.Atoi(string(payload.License[0]))
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid license format", err}
+	}
+	extensionID := portainer.ExtensionID(extensionIdentifier)
+
+	extensions, err := handler.ExtensionService.Extensions()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve extensions status from the database", err}
+	}
+
+	for _, existingExtension := range extensions {
+		if existingExtension.ID == extensionID {
+			return &httperror.HandlerError{http.StatusConflict, "Unable to enable extension", portainer.ErrExtensionAlreadyEnabled}
+		}
+	}
+
+	extension := &portainer.Extension{
+		ID: extensionID,
+	}
+
+	extensionDefinitions, err := handler.ExtensionManager.FetchExtensionDefinitions()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve extension definitions", err}
+	}
+
+	for _, def := range extensionDefinitions {
+		if def.ID == extension.ID {
+			extension.Version = def.Version
+			break
+		}
+	}
+
+	err = handler.ExtensionManager.EnableExtension(extension, payload.License)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to enable extension", err}
+	}
+
+	extension.Enabled = true
+
+	err = handler.ExtensionService.Persist(extension)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist extension status inside the database", err}
+	}
+
+	return response.Empty(w)
+}

api/http/handler/extensions/extension_delete.go

@@ -0,0 +1,38 @@
+package extensions
+
+import (
+	"net/http"
+
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+	"github.com/portainer/portainer"
+)
+
+// DELETE request on /api/extensions/:id
+func (handler *Handler) extensionDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	extensionIdentifier, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid extension identifier route variable", err}
+	}
+	extensionID := portainer.ExtensionID(extensionIdentifier)
+
+	extension, err := handler.ExtensionService.Extension(extensionID)
+	if err == portainer.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a extension with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a extension with the specified identifier inside the database", err}
+	}
+
+	err = handler.ExtensionManager.DisableExtension(extension)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to delete extension", err}
+	}
+
+	err = handler.ExtensionService.DeleteExtension(extensionID)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to delete the extension from the database", err}
+	}
+
+	return response.Empty(w)
+}

api/http/handler/extensions/extension_inspect.go

@@ -0,0 +1,59 @@
+package extensions
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/coreos/go-semver/semver"
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/http/client"
+)
+
+// GET request on /api/extensions/:id
+func (handler *Handler) extensionInspect(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	extensionIdentifier, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid extension identifier route variable", err}
+	}
+	extensionID := portainer.ExtensionID(extensionIdentifier)
+
+	extensionData, err := client.Get(portainer.ExtensionDefinitionsURL, 30)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve extension definitions", err}
+	}
+
+	var extensions []portainer.Extension
+	err = json.Unmarshal(extensionData, &extensions)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to parse external extension definitions", err}
+	}
+
+	var extension portainer.Extension
+	for _, p := range extensions {
+		if p.ID == extensionID {
+			extension = p
+			break
+		}
+	}
+
+	storedExtension, err := handler.ExtensionService.Extension(extensionID)
+	if err == portainer.ErrObjectNotFound {
+		return response.JSON(w, extension)
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a extension with the specified identifier inside the database", err}
+	}
+
+	extension.Enabled = storedExtension.Enabled
+
+	extensionVer := semver.New(extension.Version)
+	pVer := semver.New(storedExtension.Version)
+
+	if pVer.LessThan(*extensionVer) {
+		extension.UpdateAvailable = true
+	}
+
+	return response.JSON(w, extension)
+}

api/http/handler/extensions/extension_list.go

@@ -0,0 +1,55 @@
+package extensions
+
+import (
+	"net/http"
+
+	"github.com/coreos/go-semver/semver"
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+	"github.com/portainer/portainer"
+)
+
+// GET request on /api/extensions?store=<store>
+func (handler *Handler) extensionList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	storeDetails, _ := request.RetrieveBooleanQueryParameter(r, "store", true)
+
+	extensions, err := handler.ExtensionService.Extensions()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve extensions from the database", err}
+	}
+
+	if storeDetails {
+		definitions, err := handler.ExtensionManager.FetchExtensionDefinitions()
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve extension definitions", err}
+		}
+
+		for idx := range definitions {
+			associateExtensionData(&definitions[idx], extensions)
+		}
+
+		extensions = definitions
+	}
+
+	return response.JSON(w, extensions)
+}
+
+func associateExtensionData(definition *portainer.Extension, extensions []portainer.Extension) {
+	for _, extension := range extensions {
+		if extension.ID == definition.ID {
+
+			definition.Enabled = extension.Enabled
+			definition.License.Company = extension.License.Company
+			definition.License.Expiration = extension.License.Expiration
+
+			definitionVersion := semver.New(definition.Version)
+			extensionVersion := semver.New(extension.Version)
+			if extensionVersion.LessThan(*definitionVersion) {
+				definition.UpdateAvailable = true
+			}
+
+			break
+		}
+	}
+}

api/http/handler/extensions/extension_update.go

@@ -0,0 +1,56 @@
+package extensions
+
+import (
+	"net/http"
+
+	"github.com/asaskevich/govalidator"
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+	"github.com/portainer/portainer"
+)
+
+type extensionUpdatePayload struct {
+	Version string
+}
+
+func (payload *extensionUpdatePayload) Validate(r *http.Request) error {
+	if govalidator.IsNull(payload.Version) {
+		return portainer.Error("Invalid extension version")
+	}
+
+	return nil
+}
+
+func (handler *Handler) extensionUpdate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	extensionIdentifier, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid extension identifier route variable", err}
+	}
+	extensionID := portainer.ExtensionID(extensionIdentifier)
+
+	var payload extensionUpdatePayload
+	err = request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
+	}
+
+	extension, err := handler.ExtensionService.Extension(extensionID)
+	if err == portainer.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a extension with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a extension with the specified identifier inside the database", err}
+	}
+
+	err = handler.ExtensionManager.UpdateExtension(extension, payload.Version)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to update extension", err}
+	}
+
+	err = handler.ExtensionService.Persist(extension)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist extension status inside the database", err}
+	}
+
+	return response.Empty(w)
+}

api/http/handler/extensions/handler.go

@@ -0,0 +1,37 @@
+package extensions
+
+import (
+	"net/http"
+
+	"github.com/gorilla/mux"
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/http/security"
+)
+
+// Handler is the HTTP handler used to handle extension operations.
+type Handler struct {
+	*mux.Router
+	ExtensionService portainer.ExtensionService
+	ExtensionManager portainer.ExtensionManager
+}
+
+// NewHandler creates a handler to manage extension operations.
+func NewHandler(bouncer *security.RequestBouncer) *Handler {
+	h := &Handler{
+		Router: mux.NewRouter(),
+	}
+
+	h.Handle("/extensions",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.extensionList))).Methods(http.MethodGet)
+	h.Handle("/extensions",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.extensionCreate))).Methods(http.MethodPost)
+	h.Handle("/extensions/{id}",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.extensionInspect))).Methods(http.MethodGet)
+	h.Handle("/extensions/{id}",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.extensionDelete))).Methods(http.MethodDelete)
+	h.Handle("/extensions/{id}/update",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.extensionUpdate))).Methods(http.MethodPost)
+
+	return h
+}

api/http/handler/handler.go

@@ -9,6 +9,7 @@ import (
 	"github.com/portainer/portainer/http/handler/endpointgroups"
 	"github.com/portainer/portainer/http/handler/endpointproxy"
 	"github.com/portainer/portainer/http/handler/endpoints"
+	"github.com/portainer/portainer/http/handler/extensions"
 	"github.com/portainer/portainer/http/handler/file"
 	"github.com/portainer/portainer/http/handler/motd"
 	"github.com/portainer/portainer/http/handler/registries"
@@ -37,6 +38,7 @@ type Handler struct {
 	EndpointProxyHandler   *endpointproxy.Handler
 	FileHandler            *file.Handler
 	MOTDHandler            *motd.Handler
+	ExtensionHandler       *extensions.Handler
 	RegistryHandler        *registries.Handler
 	ResourceControlHandler *resourcecontrols.Handler
 	SettingsHandler        *settings.Handler
@@ -75,6 +77,8 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}
 	case strings.HasPrefix(r.URL.Path, "/api/motd"):
 		http.StripPrefix("/api", h.MOTDHandler).ServeHTTP(w, r)
+	case strings.HasPrefix(r.URL.Path, "/api/extensions"):
+		http.StripPrefix("/api", h.ExtensionHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/registries"):
 		http.StripPrefix("/api", h.RegistryHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/resource_controls"):

api/http/handler/registries/handler.go

@@ -1,23 +1,27 @@
 package registries
 
 import (
-	httperror "github.com/portainer/libhttp/error"
-	"github.com/portainer/portainer"
-	"github.com/portainer/portainer/http/security"
-
 	"net/http"
 
 	"github.com/gorilla/mux"
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/http/proxy"
+	"github.com/portainer/portainer/http/security"
 )
 
 func hideFields(registry *portainer.Registry) {
 	registry.Password = ""
+	registry.ManagementConfiguration = nil
 }
 
 // Handler is the HTTP handler used to handle registry operations.
 type Handler struct {
 	*mux.Router
-	RegistryService portainer.RegistryService
+	RegistryService  portainer.RegistryService
+	ExtensionService portainer.ExtensionService
+	FileService      portainer.FileService
+	ProxyManager     *proxy.Manager
 }
 
 // NewHandler creates a handler to manage registry operations.
@@ -36,8 +40,12 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
 		bouncer.AdministratorAccess(httperror.LoggerHandler(h.registryUpdate))).Methods(http.MethodPut)
 	h.Handle("/registries/{id}/access",
 		bouncer.AdministratorAccess(httperror.LoggerHandler(h.registryUpdateAccess))).Methods(http.MethodPut)
+	h.Handle("/registries/{id}/configure",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.registryConfigure))).Methods(http.MethodPost)
 	h.Handle("/registries/{id}",
 		bouncer.AdministratorAccess(httperror.LoggerHandler(h.registryDelete))).Methods(http.MethodDelete)
+	h.PathPrefix("/registries/{id}/v2").Handler(
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.proxyRequestsToRegistryAPI)))
 
 	return h
 }

api/http/handler/registries/proxy.go

@@ -0,0 +1,78 @@
+package registries
+
+import (
+	"encoding/json"
+	"net/http"
+	"strconv"
+
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/portainer"
+)
+
+// request on /api/registries/:id/v2
+func (handler *Handler) proxyRequestsToRegistryAPI(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	registryID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid registry identifier route variable", err}
+	}
+
+	registry, err := handler.RegistryService.Registry(portainer.RegistryID(registryID))
+	if err == portainer.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a registry with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a registry with the specified identifier inside the database", err}
+	}
+
+	extension, err := handler.ExtensionService.Extension(portainer.RegistryManagementExtension)
+	if err == portainer.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Registry management extension is not enabled", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a extension with the specified identifier inside the database", err}
+	}
+
+	var proxy http.Handler
+	proxy = handler.ProxyManager.GetExtensionProxy(portainer.RegistryManagementExtension)
+	if proxy == nil {
+		proxy, err = handler.ProxyManager.CreateExtensionProxy(portainer.RegistryManagementExtension)
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to register registry proxy", err}
+		}
+	}
+
+	managementConfiguration := registry.ManagementConfiguration
+	if managementConfiguration == nil {
+		managementConfiguration = createDefaultManagementConfiguration(registry)
+	}
+
+	encodedConfiguration, err := json.Marshal(managementConfiguration)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to encode management configuration", err}
+	}
+
+	id := strconv.Itoa(int(registryID))
+	r.Header.Set("X-RegistryManagement-Key", id)
+	r.Header.Set("X-RegistryManagement-URI", registry.URL)
+	r.Header.Set("X-RegistryManagement-Config", string(encodedConfiguration))
+	r.Header.Set("X-PortainerExtension-License", extension.License.LicenseKey)
+
+	http.StripPrefix("/registries/"+id, proxy).ServeHTTP(w, r)
+	return nil
+}
+
+func createDefaultManagementConfiguration(registry *portainer.Registry) *portainer.RegistryManagementConfiguration {
+	config := &portainer.RegistryManagementConfiguration{
+		Type: registry.Type,
+		TLSConfig: portainer.TLSConfiguration{
+			TLS: false,
+		},
+	}
+
+	if registry.Authentication {
+		config.Authentication = true
+		config.Username = registry.Username
+		config.Password = registry.Password
+	}
+
+	return config
+}

api/http/handler/registries/registry_configure.go

@@ -0,0 +1,137 @@
+package registries
+
+import (
+	"net/http"
+	"strconv"
+
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+	"github.com/portainer/portainer"
+)
+
+type registryConfigurePayload struct {
+	Authentication bool
+	Username       string
+	Password       string
+	TLS            bool
+	TLSSkipVerify  bool
+	TLSCertFile    []byte
+	TLSKeyFile     []byte
+	TLSCACertFile  []byte
+}
+
+func (payload *registryConfigurePayload) Validate(r *http.Request) error {
+	useAuthentication, _ := request.RetrieveBooleanMultiPartFormValue(r, "Authentication", true)
+	payload.Authentication = useAuthentication
+
+	if useAuthentication {
+		username, err := request.RetrieveMultiPartFormValue(r, "Username", false)
+		if err != nil {
+			return portainer.Error("Invalid username")
+		}
+		payload.Username = username
+
+		password, _ := request.RetrieveMultiPartFormValue(r, "Password", true)
+		payload.Password = password
+	}
+
+	useTLS, _ := request.RetrieveBooleanMultiPartFormValue(r, "TLS", true)
+	payload.TLS = useTLS
+
+	skipTLSVerify, _ := request.RetrieveBooleanMultiPartFormValue(r, "TLSSkipVerify", true)
+	payload.TLSSkipVerify = skipTLSVerify
+
+	if useTLS && !skipTLSVerify {
+		cert, _, err := request.RetrieveMultiPartFormFile(r, "TLSCertFile")
+		if err != nil {
+			return portainer.Error("Invalid certificate file. Ensure that the file is uploaded correctly")
+		}
+		payload.TLSCertFile = cert
+
+		key, _, err := request.RetrieveMultiPartFormFile(r, "TLSKeyFile")
+		if err != nil {
+			return portainer.Error("Invalid key file. Ensure that the file is uploaded correctly")
+		}
+		payload.TLSKeyFile = key
+
+		ca, _, err := request.RetrieveMultiPartFormFile(r, "TLSCACertFile")
+		if err != nil {
+			return portainer.Error("Invalid CA certificate file. Ensure that the file is uploaded correctly")
+		}
+		payload.TLSCACertFile = ca
+	}
+
+	return nil
+}
+
+// POST request on /api/registries/:id/configure
+func (handler *Handler) registryConfigure(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	registryID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid registry identifier route variable", err}
+	}
+
+	payload := &registryConfigurePayload{}
+	err = payload.Validate(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
+	}
+
+	registry, err := handler.RegistryService.Registry(portainer.RegistryID(registryID))
+	if err == portainer.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a registry with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a registry with the specified identifier inside the database", err}
+	}
+
+	registry.ManagementConfiguration = &portainer.RegistryManagementConfiguration{
+		Type: registry.Type,
+	}
+
+	if payload.Authentication {
+		registry.ManagementConfiguration.Authentication = true
+		registry.ManagementConfiguration.Username = payload.Username
+		if payload.Username == registry.Username && payload.Password == "" {
+			registry.ManagementConfiguration.Password = registry.Password
+		} else {
+			registry.ManagementConfiguration.Password = payload.Password
+		}
+	}
+
+	if payload.TLS {
+		registry.ManagementConfiguration.TLSConfig = portainer.TLSConfiguration{
+			TLS:           true,
+			TLSSkipVerify: payload.TLSSkipVerify,
+		}
+
+		if !payload.TLSSkipVerify {
+			folder := strconv.Itoa(int(registry.ID))
+
+			certPath, err := handler.FileService.StoreRegistryManagementFileFromBytes(folder, "cert.pem", payload.TLSCertFile)
+			if err != nil {
+				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist TLS certificate file on disk", err}
+			}
+			registry.ManagementConfiguration.TLSConfig.TLSCertPath = certPath
+
+			keyPath, err := handler.FileService.StoreRegistryManagementFileFromBytes(folder, "key.pem", payload.TLSKeyFile)
+			if err != nil {
+				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist TLS key file on disk", err}
+			}
+			registry.ManagementConfiguration.TLSConfig.TLSKeyPath = keyPath
+
+			cacertPath, err := handler.FileService.StoreRegistryManagementFileFromBytes(folder, "ca.pem", payload.TLSCACertFile)
+			if err != nil {
+				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist TLS CA certificate file on disk", err}
+			}
+			registry.ManagementConfiguration.TLSConfig.TLSCACertPath = cacertPath
+		}
+	}
+
+	err = handler.RegistryService.UpdateRegistry(registry.ID, registry)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist registry changes inside the database", err}
+	}
+
+	return response.Empty(w)
+}

api/http/handler/registries/registry_create.go

@@ -12,6 +12,7 @@ import (
 
 type registryCreatePayload struct {
 	Name           string
+	Type           int
 	URL            string
 	Authentication bool
 	Username       string
@@ -28,6 +29,9 @@ func (payload *registryCreatePayload) Validate(r *http.Request) error {
 	if payload.Authentication && (govalidator.IsNull(payload.Username) || govalidator.IsNull(payload.Password)) {
 		return portainer.Error("Invalid credentials. Username and password must be specified when authentication is enabled")
 	}
+	if payload.Type != 1 && payload.Type != 2 && payload.Type != 3 {
+		return portainer.Error("Invalid registry type. Valid values are: 1 (Quay.io), 2 (Azure container registry) or 3 (custom registry)")
+	}
 	return nil
 }
 
@@ -49,6 +53,7 @@ func (handler *Handler) registryCreate(w http.ResponseWriter, r *http.Request) *
 	}
 
 	registry := &portainer.Registry{
+		Type:            portainer.RegistryType(payload.Type),
 		Name:            payload.Name,
 		URL:             payload.URL,
 		Authentication:  payload.Authentication,