resolve conflicts

api/http/handler/endpointproxy/proxy_kubernetes.go

@@ -79,4 +79,4 @@ func (handler *Handler) proxyRequestsToKubernetesAPI(w http.ResponseWriter, r *h
 
 	http.StripPrefix(requestPrefix, proxy).ServeHTTP(w, r)
 	return nil
-}
+}

api/http/handler/handler.go

@@ -69,7 +69,7 @@ type Handler struct {
 }
 
 // @title PortainerCE API
-// @version 2.1.1
+// @version 2.6.3
 // @description.markdown api-description.md
 // @termsOfService
 

api/http/handler/kubernetes/handler.go

@@ -20,6 +20,7 @@ type Handler struct {
 	dataStore               portainer.DataStore
 	kubernetesClientFactory *cli.ClientFactory
 	authorizationService    *authorization.Service
+	JwtService              portainer.JWTService
 }
 
 // NewHandler creates a handler to process pre-proxied requests to external APIs.
@@ -39,6 +40,8 @@ func NewHandler(bouncer *security.RequestBouncer, authorizationService *authoriz
 
 	kubeRouter.PathPrefix("/config").Handler(
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.getKubernetesConfig))).Methods(http.MethodGet)
+	kubeRouter.PathPrefix("/nodes_limits").Handler(
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.getKubernetesNodesLimits))).Methods(http.MethodGet)
 
 	// namespaces
 	// in the future this piece of code might be in another package (or a few different packages - namespaces/namespace?)

api/http/handler/kubernetes/kubernetes_config.go

@@ -3,14 +3,11 @@ package kubernetes
 import (
 	"errors"
 	"fmt"
-	"strings"
-
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
 	bolterrors "github.com/portainer/portainer/api/bolt/errors"
-	httperrors "github.com/portainer/portainer/api/http/errors"
 	"github.com/portainer/portainer/api/http/security"
 	kcli "github.com/portainer/portainer/api/kubernetes/cli"
 
@@ -46,16 +43,16 @@ func (handler *Handler) getKubernetesConfig(w http.ResponseWriter, r *http.Reque
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find an endpoint with the specified identifier inside the database", err}
 	}
 
-	bearerToken, err := extractBearerToken(r)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusUnauthorized, "Unauthorized", err}
-	}
-
 	tokenData, err := security.RetrieveTokenData(r)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to access endpoint", err}
 	}
 
+	bearerToken, err := handler.JwtService.GenerateTokenForKubeconfig(tokenData)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to generate JWT token", err}
+	}
+
 	cli, err := handler.kubernetesClientFactory.GetKubeClient(endpoint)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to create Kubernetes client", err}
@@ -84,20 +81,6 @@ func (handler *Handler) getKubernetesConfig(w http.ResponseWriter, r *http.Reque
 	return response.JSON(w, config)
 }
 
-// extractBearerToken extracts user's portainer bearer token from request auth header
-func extractBearerToken(r *http.Request) (string, error) {
-	token := ""
-	tokens := r.Header["Authorization"]
-	if len(tokens) >= 1 {
-		token = tokens[0]
-		token = strings.TrimPrefix(token, "Bearer ")
-	}
-	if token == "" {
-		return "", httperrors.ErrUnauthorized
-	}
-	return token, nil
-}
-
 // getProxyUrl generates portainer proxy url which acts as proxy to k8s api server
 func getProxyUrl(r *http.Request, endpointID int) string {
 	return fmt.Sprintf("https://%s/api/endpoints/%d/kubernetes", r.Host, endpointID)

api/http/handler/kubernetes/kubernetes_nodes_limits.go

@@ -0,0 +1,52 @@
+package kubernetes
+
+import (
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+	portainer "github.com/portainer/portainer/api"
+	bolterrors "github.com/portainer/portainer/api/bolt/errors"
+	"net/http"
+)
+
+// @id getKubernetesNodesLimits
+// @summary Get CPU and memory limits of all nodes within k8s cluster
+// @description Get CPU and memory limits of all nodes within k8s cluster
+// @description **Access policy**: authorized
+// @tags kubernetes
+// @security jwt
+// @accept json
+// @produce json
+// @param id path int true "Endpoint identifier"
+// @success 200 {object} K8sNodesLimits "Success"
+// @failure 400 "Invalid request"
+// @failure 401 "Unauthorized"
+// @failure 403 "Permission denied"
+// @failure 404 "Endpoint not found"
+// @failure 500 "Server error"
+// @router /kubernetes/{id}/nodes_limits [get]
+func (handler *Handler) getKubernetesNodesLimits(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid endpoint identifier route variable", err}
+	}
+
+	endpoint, err := handler.dataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
+	if err == bolterrors.ErrObjectNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find an endpoint with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find an endpoint with the specified identifier inside the database", err}
+	}
+
+	cli, err := handler.kubernetesClientFactory.GetKubeClient(endpoint)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to create Kubernetes client", err}
+	}
+
+	nodesLimits, err := cli.GetNodesLimits()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve nodes limits", err}
+	}
+
+	return response.JSON(w, nodesLimits)
+}

api/http/handler/settings/settings_update.go

@@ -32,6 +32,8 @@ type settingsUpdatePayload struct {
 	EnableEdgeComputeFeatures *bool `example:"true"`
 	// The duration of a user session
 	UserSessionTimeout *string `example:"5m"`
+	// The expiry of a Kubeconfig
+	KubeconfigExpiry *string `example:"24h" default:"0"`
 	// Whether telemetry is enabled
 	EnableTelemetry *bool `example:"false"`
 }
@@ -52,6 +54,12 @@ func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
 			return errors.New("Invalid user session timeout")
 		}
 	}
+	if payload.KubeconfigExpiry != nil {
+		_, err := time.ParseDuration(*payload.KubeconfigExpiry)
+		if err != nil {
+			return errors.New("Invalid Kubeconfig Expiry")
+		}
+	}
 
 	return nil
 }
@@ -135,6 +143,10 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 		settings.EdgeAgentCheckinInterval = *payload.EdgeAgentCheckinInterval
 	}
 
+	if payload.KubeconfigExpiry != nil {
+		settings.KubeconfigExpiry = *payload.KubeconfigExpiry
+	}
+
 	if payload.UserSessionTimeout != nil {
 		settings.UserSessionTimeout = *payload.UserSessionTimeout
 

api/http/handler/stacks/create_kubernetes_stack.go

@@ -103,7 +103,12 @@ func (handler *Handler) createKubernetesStackFromFileContent(w http.ResponseWrit
 	stackFolder := strconv.Itoa(int(stack.ID))
 	projectPath, err := handler.FileService.StoreStackFileFromBytes(stackFolder, stack.EntryPoint, []byte(payload.StackFileContent))
 	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist Kubernetes manifest file on disk", Err: err}
+		fileType := "Manifest"
+		if stack.IsComposeFormat {
+			fileType = "Compose"
+		}
+		errMsg := fmt.Sprintf("Unable to persist Kubernetes %s file on disk", fileType)
+		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: errMsg, Err: err}
 	}
 	stack.ProjectPath = projectPath