feat(extensions): introduce RBAC extension (#2900)

2025-08-02 20:35:25 +02:00 · 2019-05-24 18:04:58 +12:00 · 2019-05-24 18:04:58 +12:00 · 8057aa45c4
commit 8057aa45c4
parent 27a0188949
196 changed files with 3321 additions and 1316 deletions
--- a/api/portainer.go
+++ b/api/portainer.go
@ -113,10 +113,11 @@ type (

 	// User represents a user account
 	User struct {
-		ID       UserID   `json:"Id"`
-		Username string   `json:"Username"`
-		Password string   `json:"Password,omitempty"`
-		Role     UserRole `json:"Role"`
+		ID                      UserID         `json:"Id"`
+		Username                string         `json:"Username"`
+		Password                string         `json:"Password,omitempty"`
+		Role                    UserRole       `json:"Role"`
+		PortainerAuthorizations Authorizations `json:"PortainerAuthorizations"`
 	}

 	// UserID represents a user identifier
@ -154,9 +155,11 @@ type (

 	// TokenData represents the data embedded in a JWT token
 	TokenData struct {
-		ID       UserID
-		Username string
-		Role     UserRole
+		ID                      UserID
+		Username                string
+		Role                    UserRole
+		EndpointAuthorizations  EndpointAuthorizations
+		PortainerAuthorizations Authorizations
 	}

 	// StackID represents a stack identifier (it must be composed of Name + "_" + SwarmID to create a unique identifier)
@ -193,9 +196,14 @@ type (
 		Authentication          bool                             `json:"Authentication"`
 		Username                string                           `json:"Username"`
 		Password                string                           `json:"Password,omitempty"`
-		AuthorizedUsers         []UserID                         `json:"AuthorizedUsers"`
-		AuthorizedTeams         []TeamID                         `json:"AuthorizedTeams"`
 		ManagementConfiguration *RegistryManagementConfiguration `json:"ManagementConfiguration"`
+		UserAccessPolicies      UserAccessPolicies               `json:"UserAccessPolicies"`
+		TeamAccessPolicies      TeamAccessPolicies               `json:"TeamAccessPolicies"`
+
+		// Deprecated fields
+		// Deprecated in DBVersion == 18
+		AuthorizedUsers []UserID `json:"AuthorizedUsers"`
+		AuthorizedTeams []TeamID `json:"AuthorizedTeams"`
 	}

 	// RegistryManagementConfiguration represents a configuration that can be used to query
@ -228,20 +236,20 @@ type (
 	// Endpoint represents a Docker endpoint with all the info required
 	// to connect to it
 	Endpoint struct {
-		ID               EndpointID          `json:"Id"`
-		Name             string              `json:"Name"`
-		Type             EndpointType        `json:"Type"`
-		URL              string              `json:"URL"`
-		GroupID          EndpointGroupID     `json:"GroupId"`
-		PublicURL        string              `json:"PublicURL"`
-		TLSConfig        TLSConfiguration    `json:"TLSConfig"`
-		AuthorizedUsers  []UserID            `json:"AuthorizedUsers"`
-		AuthorizedTeams  []TeamID            `json:"AuthorizedTeams"`
-		Extensions       []EndpointExtension `json:"Extensions"`
-		AzureCredentials AzureCredentials    `json:"AzureCredentials,omitempty"`
-		Tags             []string            `json:"Tags"`
-		Status           EndpointStatus      `json:"Status"`
-		Snapshots        []Snapshot          `json:"Snapshots"`
+		ID                 EndpointID          `json:"Id"`
+		Name               string              `json:"Name"`
+		Type               EndpointType        `json:"Type"`
+		URL                string              `json:"URL"`
+		GroupID            EndpointGroupID     `json:"GroupId"`
+		PublicURL          string              `json:"PublicURL"`
+		TLSConfig          TLSConfiguration    `json:"TLSConfig"`
+		Extensions         []EndpointExtension `json:"Extensions"`
+		AzureCredentials   AzureCredentials    `json:"AzureCredentials,omitempty"`
+		Tags               []string            `json:"Tags"`
+		Status             EndpointStatus      `json:"Status"`
+		Snapshots          []Snapshot          `json:"Snapshots"`
+		UserAccessPolicies UserAccessPolicies  `json:"UserAccessPolicies"`
+		TeamAccessPolicies TeamAccessPolicies  `json:"TeamAccessPolicies"`

 		// Deprecated fields
 		// Deprecated in DBVersion == 4
@ -249,8 +257,50 @@ type (
 		TLSCACertPath string `json:"TLSCACert,omitempty"`
 		TLSCertPath   string `json:"TLSCert,omitempty"`
 		TLSKeyPath    string `json:"TLSKey,omitempty"`
+
+		// Deprecated in DBVersion == 18
+		AuthorizedUsers []UserID `json:"AuthorizedUsers"`
+		AuthorizedTeams []TeamID `json:"AuthorizedTeams"`
 	}

+	// Authorization represents an authorization associated to an operation
+	Authorization string
+
+	// Authorizations represents a set of authorizations associated to a role
+	Authorizations map[Authorization]bool
+
+	// EndpointAuthorizations represents the authorizations associated to a set of endpoints
+	EndpointAuthorizations map[EndpointID]Authorizations
+
+	// APIOperationAuthorizationRequest represent an request for the authorization to execute an API operation
+	APIOperationAuthorizationRequest struct {
+		Path           string
+		Method         string
+		Authorizations Authorizations
+	}
+
+	// RoleID represents a role identifier
+	RoleID int
+
+	// Role represents a set of authorizations that can be associated to a user or
+	// to a team.
+	Role struct {
+		ID             RoleID         `json:"Id"`
+		Name           string         `json:"Name"`
+		Description    string         `json:"Description"`
+		Authorizations Authorizations `json:"Authorizations"`
+	}
+
+	// AccessPolicy represent a policy that can be associated to a user or team
+	AccessPolicy struct {
+		RoleID RoleID `json:"RoleId"`
+	}
+
+	// UserAccessPolicies represent the association of an access policy and a user
+	UserAccessPolicies map[UserID]AccessPolicy
+	// TeamAccessPolicies represent the association of an access policy and a team
+	TeamAccessPolicies map[TeamID]AccessPolicy
+
 	// ScheduleID represents a schedule identifier.
 	ScheduleID int

@ -342,15 +392,19 @@ type (

 	// EndpointGroup represents a group of endpoints
 	EndpointGroup struct {
-		ID              EndpointGroupID `json:"Id"`
-		Name            string          `json:"Name"`
-		Description     string          `json:"Description"`
-		AuthorizedUsers []UserID        `json:"AuthorizedUsers"`
-		AuthorizedTeams []TeamID        `json:"AuthorizedTeams"`
-		Tags            []string        `json:"Tags"`
+		ID                 EndpointGroupID    `json:"Id"`
+		Name               string             `json:"Name"`
+		Description        string             `json:"Description"`
+		UserAccessPolicies UserAccessPolicies `json:"UserAccessPolicies"`
+		TeamAccessPolicies TeamAccessPolicies `json:"TeamAccessPolicies"`
+		Tags               []string           `json:"Tags"`

 		// Deprecated fields
 		Labels []Pair `json:"Labels"`
+
+		// Deprecated in DBVersion == 18
+		AuthorizedUsers []UserID `json:"AuthorizedUsers"`
+		AuthorizedTeams []TeamID `json:"AuthorizedTeams"`
 	}

 	// EndpointExtension represents a deprecated form of Portainer extension
@ -551,6 +605,12 @@ type (
 		DeleteUser(ID UserID) error
 	}

+	RoleService interface {
+		Role(ID RoleID) (*Role, error)
+		Roles() ([]Role, error)
+		CreateRole(set *Role) error
+	}
+
 	// TeamService represents a service for managing user data
 	TeamService interface {
 		Team(ID TeamID) (*Team, error)
@ -796,7 +856,7 @@ const (
 	// APIVersion is the version number of the Portainer API
 	APIVersion = "1.20.2"
 	// DBVersion is the version number of the Portainer database
-	DBVersion = 17
+	DBVersion = 18
 	// AssetsServerURL represents the URL of the Portainer asset server
 	AssetsServerURL = "https://portainer-io-assets.sfo2.digitaloceanspaces.com"
 	// MessageOfTheDayURL represents the URL where Portainer MOTD message can be retrieved
@ -804,7 +864,7 @@ const (
 	// MessageOfTheDayTitleURL represents the URL where Portainer MOTD title can be retrieved
 	MessageOfTheDayTitleURL = AssetsServerURL + "/motd-title.txt"
 	// ExtensionDefinitionsURL represents the URL where Portainer extension definitions can be retrieved
-	ExtensionDefinitionsURL = AssetsServerURL + "/extensions-1.20.2.json"
+	ExtensionDefinitionsURL = AssetsServerURL + "/extensions-1.20.3.json"
 	// PortainerAgentHeader represents the name of the header available in any agent response
 	PortainerAgentHeader = "Portainer-Agent"
 	// PortainerAgentTargetHeader represent the name of the header containing the target node name
@ -933,6 +993,8 @@ const (
 	RegistryManagementExtension
 	// OAuthAuthenticationExtension represents the OAuth authentication extension
 	OAuthAuthenticationExtension
+	// RBACExtension represents the RBAC extension
+	RBACExtension
 )

 const (
@ -956,3 +1018,214 @@ const (
 	// CustomRegistry represents a custom registry
 	CustomRegistry
 )
+
+const (
+	OperationDockerContainerArchiveInfo         Authorization = "DockerContainerArchiveInfo"
+	OperationDockerContainerList                Authorization = "DockerContainerList"
+	OperationDockerContainerExport              Authorization = "DockerContainerExport"
+	OperationDockerContainerChanges             Authorization = "DockerContainerChanges"
+	OperationDockerContainerInspect             Authorization = "DockerContainerInspect"
+	OperationDockerContainerTop                 Authorization = "DockerContainerTop"
+	OperationDockerContainerLogs                Authorization = "DockerContainerLogs"
+	OperationDockerContainerStats               Authorization = "DockerContainerStats"
+	OperationDockerContainerAttachWebsocket     Authorization = "DockerContainerAttachWebsocket"
+	OperationDockerContainerArchive             Authorization = "DockerContainerArchive"
+	OperationDockerContainerCreate              Authorization = "DockerContainerCreate"
+	OperationDockerContainerPrune               Authorization = "DockerContainerPrune"
+	OperationDockerContainerKill                Authorization = "DockerContainerKill"
+	OperationDockerContainerPause               Authorization = "DockerContainerPause"
+	OperationDockerContainerUnpause             Authorization = "DockerContainerUnpause"
+	OperationDockerContainerRestart             Authorization = "DockerContainerRestart"
+	OperationDockerContainerStart               Authorization = "DockerContainerStart"
+	OperationDockerContainerStop                Authorization = "DockerContainerStop"
+	OperationDockerContainerWait                Authorization = "DockerContainerWait"
+	OperationDockerContainerResize              Authorization = "DockerContainerResize"
+	OperationDockerContainerAttach              Authorization = "DockerContainerAttach"
+	OperationDockerContainerExec                Authorization = "DockerContainerExec"
+	OperationDockerContainerRename              Authorization = "DockerContainerRename"
+	OperationDockerContainerUpdate              Authorization = "DockerContainerUpdate"
+	OperationDockerContainerPutContainerArchive Authorization = "DockerContainerPutContainerArchive"
+	OperationDockerContainerDelete              Authorization = "DockerContainerDelete"
+	OperationDockerImageList                    Authorization = "DockerImageList"
+	OperationDockerImageSearch                  Authorization = "DockerImageSearch"
+	OperationDockerImageGetAll                  Authorization = "DockerImageGetAll"
+	OperationDockerImageGet                     Authorization = "DockerImageGet"
+	OperationDockerImageHistory                 Authorization = "DockerImageHistory"
+	OperationDockerImageInspect                 Authorization = "DockerImageInspect"
+	OperationDockerImageLoad                    Authorization = "DockerImageLoad"
+	OperationDockerImageCreate                  Authorization = "DockerImageCreate"
+	OperationDockerImagePrune                   Authorization = "DockerImagePrune"
+	OperationDockerImagePush                    Authorization = "DockerImagePush"
+	OperationDockerImageTag                     Authorization = "DockerImageTag"
+	OperationDockerImageDelete                  Authorization = "DockerImageDelete"
+	OperationDockerImageCommit                  Authorization = "DockerImageCommit"
+	OperationDockerImageBuild                   Authorization = "DockerImageBuild"
+	OperationDockerNetworkList                  Authorization = "DockerNetworkList"
+	OperationDockerNetworkInspect               Authorization = "DockerNetworkInspect"
+	OperationDockerNetworkCreate                Authorization = "DockerNetworkCreate"
+	OperationDockerNetworkConnect               Authorization = "DockerNetworkConnect"
+	OperationDockerNetworkDisconnect            Authorization = "DockerNetworkDisconnect"
+	OperationDockerNetworkPrune                 Authorization = "DockerNetworkPrune"
+	OperationDockerNetworkDelete                Authorization = "DockerNetworkDelete"
+	OperationDockerVolumeList                   Authorization = "DockerVolumeList"
+	OperationDockerVolumeInspect                Authorization = "DockerVolumeInspect"
+	OperationDockerVolumeCreate                 Authorization = "DockerVolumeCreate"
+	OperationDockerVolumePrune                  Authorization = "DockerVolumePrune"
+	OperationDockerVolumeDelete                 Authorization = "DockerVolumeDelete"
+	OperationDockerExecInspect                  Authorization = "DockerExecInspect"
+	OperationDockerExecStart                    Authorization = "DockerExecStart"
+	OperationDockerExecResize                   Authorization = "DockerExecResize"
+	OperationDockerSwarmInspect                 Authorization = "DockerSwarmInspect"
+	OperationDockerSwarmUnlockKey               Authorization = "DockerSwarmUnlockKey"
+	OperationDockerSwarmInit                    Authorization = "DockerSwarmInit"
+	OperationDockerSwarmJoin                    Authorization = "DockerSwarmJoin"
+	OperationDockerSwarmLeave                   Authorization = "DockerSwarmLeave"
+	OperationDockerSwarmUpdate                  Authorization = "DockerSwarmUpdate"
+	OperationDockerSwarmUnlock                  Authorization = "DockerSwarmUnlock"
+	OperationDockerNodeList                     Authorization = "DockerNodeList"
+	OperationDockerNodeInspect                  Authorization = "DockerNodeInspect"
+	OperationDockerNodeUpdate                   Authorization = "DockerNodeUpdate"
+	OperationDockerNodeDelete                   Authorization = "DockerNodeDelete"
+	OperationDockerServiceList                  Authorization = "DockerServiceList"
+	OperationDockerServiceInspect               Authorization = "DockerServiceInspect"
+	OperationDockerServiceLogs                  Authorization = "DockerServiceLogs"
+	OperationDockerServiceCreate                Authorization = "DockerServiceCreate"
+	OperationDockerServiceUpdate                Authorization = "DockerServiceUpdate"
+	OperationDockerServiceDelete                Authorization = "DockerServiceDelete"
+	OperationDockerSecretList                   Authorization = "DockerSecretList"
+	OperationDockerSecretInspect                Authorization = "DockerSecretInspect"
+	OperationDockerSecretCreate                 Authorization = "DockerSecretCreate"
+	OperationDockerSecretUpdate                 Authorization = "DockerSecretUpdate"
+	OperationDockerSecretDelete                 Authorization = "DockerSecretDelete"
+	OperationDockerConfigList                   Authorization = "DockerConfigList"
+	OperationDockerConfigInspect                Authorization = "DockerConfigInspect"
+	OperationDockerConfigCreate                 Authorization = "DockerConfigCreate"
+	OperationDockerConfigUpdate                 Authorization = "DockerConfigUpdate"
+	OperationDockerConfigDelete                 Authorization = "DockerConfigDelete"
+	OperationDockerTaskList                     Authorization = "DockerTaskList"
+	OperationDockerTaskInspect                  Authorization = "DockerTaskInspect"
+	OperationDockerTaskLogs                     Authorization = "DockerTaskLogs"
+	OperationDockerPluginList                   Authorization = "DockerPluginList"
+	OperationDockerPluginPrivileges             Authorization = "DockerPluginPrivileges"
+	OperationDockerPluginInspect                Authorization = "DockerPluginInspect"
+	OperationDockerPluginPull                   Authorization = "DockerPluginPull"
+	OperationDockerPluginCreate                 Authorization = "DockerPluginCreate"
+	OperationDockerPluginEnable                 Authorization = "DockerPluginEnable"
+	OperationDockerPluginDisable                Authorization = "DockerPluginDisable"
+	OperationDockerPluginPush                   Authorization = "DockerPluginPush"
+	OperationDockerPluginUpgrade                Authorization = "DockerPluginUpgrade"
+	OperationDockerPluginSet                    Authorization = "DockerPluginSet"
+	OperationDockerPluginDelete                 Authorization = "DockerPluginDelete"
+	OperationDockerSessionStart                 Authorization = "DockerSessionStart"
+	OperationDockerDistributionInspect          Authorization = "DockerDistributionInspect"
+	OperationDockerBuildPrune                   Authorization = "DockerBuildPrune"
+	OperationDockerBuildCancel                  Authorization = "DockerBuildCancel"
+	OperationDockerPing                         Authorization = "DockerPing"
+	OperationDockerInfo                         Authorization = "DockerInfo"
+	OperationDockerEvents                       Authorization = "DockerEvents"
+	OperationDockerSystem                       Authorization = "DockerSystem"
+	OperationDockerVersion                      Authorization = "DockerVersion"
+
+	OperationDockerAgentPing         Authorization = "DockerAgentPing"
+	OperationDockerAgentList         Authorization = "DockerAgentList"
+	OperationDockerAgentHostInfo     Authorization = "DockerAgentHostInfo"
+	OperationDockerAgentBrowseDelete Authorization = "DockerAgentBrowseDelete"
+	OperationDockerAgentBrowseGet    Authorization = "DockerAgentBrowseGet"
+	OperationDockerAgentBrowseList   Authorization = "DockerAgentBrowseList"
+	OperationDockerAgentBrowsePut    Authorization = "DockerAgentBrowsePut"
+	OperationDockerAgentBrowseRename Authorization = "DockerAgentBrowseRename"
+
+	OperationPortainerDockerHubInspect        Authorization = "PortainerDockerHubInspect"
+	OperationPortainerDockerHubUpdate         Authorization = "PortainerDockerHubUpdate"
+	OperationPortainerEndpointGroupCreate     Authorization = "PortainerEndpointGroupCreate"
+	OperationPortainerEndpointGroupList       Authorization = "PortainerEndpointGroupList"
+	OperationPortainerEndpointGroupDelete     Authorization = "PortainerEndpointGroupDelete"
+	OperationPortainerEndpointGroupInspect    Authorization = "PortainerEndpointGroupInspect"
+	OperationPortainerEndpointGroupUpdate     Authorization = "PortainerEndpointGroupEdit"
+	OperationPortainerEndpointGroupAccess     Authorization = "PortainerEndpointGroupAccess "
+	OperationPortainerEndpointList            Authorization = "PortainerEndpointList"
+	OperationPortainerEndpointInspect         Authorization = "PortainerEndpointInspect"
+	OperationPortainerEndpointCreate          Authorization = "PortainerEndpointCreate"
+	OperationPortainerEndpointExtensionAdd    Authorization = "PortainerEndpointExtensionAdd"
+	OperationPortainerEndpointJob             Authorization = "PortainerEndpointJob"
+	OperationPortainerEndpointSnapshots       Authorization = "PortainerEndpointSnapshots"
+	OperationPortainerEndpointSnapshot        Authorization = "PortainerEndpointSnapshot"
+	OperationPortainerEndpointUpdate          Authorization = "PortainerEndpointUpdate"
+	OperationPortainerEndpointUpdateAccess    Authorization = "PortainerEndpointUpdateAccess"
+	OperationPortainerEndpointDelete          Authorization = "PortainerEndpointDelete"
+	OperationPortainerEndpointExtensionRemove Authorization = "PortainerEndpointExtensionRemove"
+	OperationPortainerExtensionList           Authorization = "PortainerExtensionList"
+	OperationPortainerExtensionInspect        Authorization = "PortainerExtensionInspect"
+	OperationPortainerExtensionCreate         Authorization = "PortainerExtensionCreate"
+	OperationPortainerExtensionUpdate         Authorization = "PortainerExtensionUpdate"
+	OperationPortainerExtensionDelete         Authorization = "PortainerExtensionDelete"
+	OperationPortainerMOTD                    Authorization = "PortainerMOTD"
+	OperationPortainerRegistryList            Authorization = "PortainerRegistryList"
+	OperationPortainerRegistryInspect         Authorization = "PortainerRegistryInspect"
+	OperationPortainerRegistryCreate          Authorization = "PortainerRegistryCreate"
+	OperationPortainerRegistryConfigure       Authorization = "PortainerRegistryConfigure"
+	OperationPortainerRegistryUpdate          Authorization = "PortainerRegistryUpdate"
+	OperationPortainerRegistryUpdateAccess    Authorization = "PortainerRegistryUpdateAccess"
+	OperationPortainerRegistryDelete          Authorization = "PortainerRegistryDelete"
+	OperationPortainerResourceControlCreate   Authorization = "PortainerResourceControlCreate"
+	OperationPortainerResourceControlUpdate   Authorization = "PortainerResourceControlUpdate"
+	OperationPortainerResourceControlDelete   Authorization = "PortainerResourceControlDelete"
+	OperationPortainerRoleList                Authorization = "PortainerRoleList"
+	OperationPortainerRoleInspect             Authorization = "PortainerRoleInspect"
+	OperationPortainerRoleCreate              Authorization = "PortainerRoleCreate"
+	OperationPortainerRoleUpdate              Authorization = "PortainerRoleUpdate"
+	OperationPortainerRoleDelete              Authorization = "PortainerRoleDelete"
+	OperationPortainerScheduleList            Authorization = "PortainerScheduleList"
+	OperationPortainerScheduleInspect         Authorization = "PortainerScheduleInspect"
+	OperationPortainerScheduleFile            Authorization = "PortainerScheduleFile"
+	OperationPortainerScheduleTasks           Authorization = "PortainerScheduleTasks"
+	OperationPortainerScheduleCreate          Authorization = "PortainerScheduleCreate"
+	OperationPortainerScheduleUpdate          Authorization = "PortainerScheduleUpdate"
+	OperationPortainerScheduleDelete          Authorization = "PortainerScheduleDelete"
+	OperationPortainerSettingsInspect         Authorization = "PortainerSettingsInspect"
+	OperationPortainerSettingsUpdate          Authorization = "PortainerSettingsUpdate"
+	OperationPortainerSettingsLDAPCheck       Authorization = "PortainerSettingsLDAPCheck"
+	OperationPortainerStackList               Authorization = "PortainerStackList"
+	OperationPortainerStackInspect            Authorization = "PortainerStackInspect"
+	OperationPortainerStackFile               Authorization = "PortainerStackFile"
+	OperationPortainerStackCreate             Authorization = "PortainerStackCreate"
+	OperationPortainerStackMigrate            Authorization = "PortainerStackMigrate"
+	OperationPortainerStackUpdate             Authorization = "PortainerStackUpdate"
+	OperationPortainerStackDelete             Authorization = "PortainerStackDelete"
+	OperationPortainerTagList                 Authorization = "PortainerTagList"
+	OperationPortainerTagCreate               Authorization = "PortainerTagCreate"
+	OperationPortainerTagDelete               Authorization = "PortainerTagDelete"
+	OperationPortainerTeamMembershipList      Authorization = "PortainerTeamMembershipList"
+	OperationPortainerTeamMembershipCreate    Authorization = "PortainerTeamMembershipCreate"
+	OperationPortainerTeamMembershipUpdate    Authorization = "PortainerTeamMembershipUpdate"
+	OperationPortainerTeamMembershipDelete    Authorization = "PortainerTeamMembershipDelete"
+	OperationPortainerTeamList                Authorization = "PortainerTeamList"
+	OperationPortainerTeamInspect             Authorization = "PortainerTeamInspect"
+	OperationPortainerTeamMemberships         Authorization = "PortainerTeamMemberships"
+	OperationPortainerTeamCreate              Authorization = "PortainerTeamCreate"
+	OperationPortainerTeamUpdate              Authorization = "PortainerTeamUpdate"
+	OperationPortainerTeamDelete              Authorization = "PortainerTeamDelete"
+	OperationPortainerTemplateList            Authorization = "PortainerTemplateList"
+	OperationPortainerTemplateInspect         Authorization = "PortainerTemplateInspect"
+	OperationPortainerTemplateCreate          Authorization = "PortainerTemplateCreate"
+	OperationPortainerTemplateUpdate          Authorization = "PortainerTemplateUpdate"
+	OperationPortainerTemplateDelete          Authorization = "PortainerTemplateDelete"
+	OperationPortainerUploadTLS               Authorization = "PortainerUploadTLS"
+	OperationPortainerUserList                Authorization = "PortainerUserList"
+	OperationPortainerUserInspect             Authorization = "PortainerUserInspect"
+	OperationPortainerUserMemberships         Authorization = "PortainerUserMemberships"
+	OperationPortainerUserCreate              Authorization = "PortainerUserCreate"
+	OperationPortainerUserUpdate              Authorization = "PortainerUserUpdate"
+	OperationPortainerUserUpdatePassword      Authorization = "PortainerUserUpdatePassword"
+	OperationPortainerUserDelete              Authorization = "PortainerUserDelete"
+	OperationPortainerWebsocketExec           Authorization = "PortainerWebsocketExec"
+	OperationPortainerWebhookList             Authorization = "PortainerWebhookList"
+	OperationPortainerWebhookCreate           Authorization = "PortainerWebhookCreate"
+	OperationPortainerWebhookDelete           Authorization = "PortainerWebhookDelete"
+
+	OperationDockerUndefined      Authorization = "DockerUndefined"
+	OperationDockerAgentUndefined Authorization = "DockerAgentUndefined"
+	OperationPortainerUndefined   Authorization = "PortainerUndefined"
+
+	EndpointResourcesAccess Authorization = "EndpointResourcesAccess"
+)