feat(stacks): support compose v2.0 stack (#1963)

api/http/handler/registries/handler.go

@@ -0,0 +1,43 @@
+package registries
+
+import (
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/security"
+
+	"net/http"
+
+	"github.com/gorilla/mux"
+)
+
+func hideFields(registry *portainer.Registry) {
+	registry.Password = ""
+}
+
+// Handler is the HTTP handler used to handle registry operations.
+type Handler struct {
+	*mux.Router
+	RegistryService portainer.RegistryService
+}
+
+// NewHandler creates a handler to manage registry operations.
+func NewHandler(bouncer *security.RequestBouncer) *Handler {
+	h := &Handler{
+		Router: mux.NewRouter(),
+	}
+
+	h.Handle("/registries",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.registryCreate))).Methods(http.MethodPost)
+	h.Handle("/registries",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.registryList))).Methods(http.MethodGet)
+	h.Handle("/registries/{id}",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.registryInspect))).Methods(http.MethodGet)
+	h.Handle("/registries/{id}",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.registryUpdate))).Methods(http.MethodPut)
+	h.Handle("/registries/{id}/access",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.registryUpdateAccess))).Methods(http.MethodPut)
+	h.Handle("/registries/{id}",
+		bouncer.AdministratorAccess(httperror.LoggerHandler(h.registryDelete))).Methods(http.MethodDelete)
+
+	return h
+}

api/http/handler/registries/registry_create.go

@@ -0,0 +1,68 @@
+package registries
+
+import (
+	"net/http"
+
+	"github.com/asaskevich/govalidator"
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+)
+
+type registryCreatePayload struct {
+	Name           string
+	URL            string
+	Authentication bool
+	Username       string
+	Password       string
+}
+
+func (payload *registryCreatePayload) Validate(r *http.Request) error {
+	if govalidator.IsNull(payload.Name) {
+		return portainer.Error("Invalid registry name")
+	}
+	if govalidator.IsNull(payload.URL) {
+		return portainer.Error("Invalid registry URL")
+	}
+	if payload.Authentication && (govalidator.IsNull(payload.Username) || govalidator.IsNull(payload.Password)) {
+		return portainer.Error("Invalid credentials. Username and password must be specified when authentication is enabled")
+	}
+	return nil
+}
+
+func (handler *Handler) registryCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	var payload registryCreatePayload
+	err := request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
+	}
+
+	registries, err := handler.RegistryService.Registries()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve registries from the database", err}
+	}
+	for _, r := range registries {
+		if r.URL == payload.URL {
+			return &httperror.HandlerError{http.StatusConflict, "A registry with the same URL already exists", portainer.ErrRegistryAlreadyExists}
+		}
+	}
+
+	registry := &portainer.Registry{
+		Name:            payload.Name,
+		URL:             payload.URL,
+		Authentication:  payload.Authentication,
+		Username:        payload.Username,
+		Password:        payload.Password,
+		AuthorizedUsers: []portainer.UserID{},
+		AuthorizedTeams: []portainer.TeamID{},
+	}
+
+	err = handler.RegistryService.CreateRegistry(registry)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the registry inside the database", err}
+	}
+
+	hideFields(registry)
+	return response.JSON(w, registry)
+}

api/http/handler/registries/registry_delete.go

@@ -0,0 +1,32 @@
+package registries
+
+import (
+	"net/http"
+
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+)
+
+// DELETE request on /api/registries/:id
+func (handler *Handler) registryDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	registryID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid registry identifier route variable", err}
+	}
+
+	_, err = handler.RegistryService.Registry(portainer.RegistryID(registryID))
+	if err == portainer.ErrEndpointGroupNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a registry with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a registry with the specified identifier inside the database", err}
+	}
+
+	err = handler.RegistryService.DeleteRegistry(portainer.RegistryID(registryID))
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to remove the registry from the database", err}
+	}
+
+	return response.Empty(w)
+}

api/http/handler/registries/registry_inspect.go

@@ -0,0 +1,28 @@
+package registries
+
+import (
+	"net/http"
+
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+)
+
+// GET request on /api/registries/:id
+func (handler *Handler) registryInspect(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	registryID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid registry identifier route variable", err}
+	}
+
+	registry, err := handler.RegistryService.Registry(portainer.RegistryID(registryID))
+	if err == portainer.ErrEndpointGroupNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a registry with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a registry with the specified identifier inside the database", err}
+	}
+
+	hideFields(registry)
+	return response.JSON(w, registry)
+}

api/http/handler/registries/registry_list.go

@@ -0,0 +1,29 @@
+package registries
+
+import (
+	"net/http"
+
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/response"
+	"github.com/portainer/portainer/http/security"
+)
+
+// GET request on /api/registries
+func (handler *Handler) registryList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	registries, err := handler.RegistryService.Registries()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve registries from the database", err}
+	}
+
+	securityContext, err := security.RetrieveRestrictedRequestContext(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
+	}
+
+	filteredRegistries := security.FilterRegistries(registries, securityContext)
+
+	for _, registry := range filteredRegistries {
+		hideFields(&registry)
+	}
+	return response.JSON(w, registries)
+}

api/http/handler/registries/registry_update.go

@@ -0,0 +1,82 @@
+package registries
+
+import (
+	"net/http"
+
+	"github.com/asaskevich/govalidator"
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+)
+
+type registryUpdatePayload struct {
+	Name           string
+	URL            string
+	Authentication bool
+	Username       string
+	Password       string
+}
+
+func (payload *registryUpdatePayload) Validate(r *http.Request) error {
+	if payload.Authentication && (govalidator.IsNull(payload.Username) || govalidator.IsNull(payload.Password)) {
+		return portainer.Error("Invalid credentials. Username and password must be specified when authentication is enabled")
+	}
+	return nil
+}
+
+// PUT request on /api/registries/:id
+func (handler *Handler) registryUpdate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	registryID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid registry identifier route variable", err}
+	}
+
+	var payload registryUpdatePayload
+	err = request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
+	}
+
+	registry, err := handler.RegistryService.Registry(portainer.RegistryID(registryID))
+	if err == portainer.ErrEndpointGroupNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a registry with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a registry with the specified identifier inside the database", err}
+	}
+
+	registries, err := handler.RegistryService.Registries()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve registries from the database", err}
+	}
+	for _, r := range registries {
+		if r.URL == payload.URL && r.ID != registry.ID {
+			return &httperror.HandlerError{http.StatusConflict, "Another registry with the same URL already exists", portainer.ErrRegistryAlreadyExists}
+		}
+	}
+
+	if payload.Name != "" {
+		registry.Name = payload.Name
+	}
+
+	if payload.URL != "" {
+		registry.URL = payload.URL
+	}
+
+	if payload.Authentication {
+		registry.Authentication = true
+		registry.Username = payload.Username
+		registry.Password = payload.Password
+	} else {
+		registry.Authentication = false
+		registry.Username = ""
+		registry.Password = ""
+	}
+
+	err = handler.RegistryService.UpdateRegistry(registry.ID, registry)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist registry changes inside the database", err}
+	}
+
+	return response.JSON(w, registry)
+}

api/http/handler/registries/registry_update_access.go

@@ -0,0 +1,63 @@
+package registries
+
+import (
+	"net/http"
+
+	"github.com/portainer/portainer"
+	httperror "github.com/portainer/portainer/http/error"
+	"github.com/portainer/portainer/http/request"
+	"github.com/portainer/portainer/http/response"
+)
+
+type registryUpdateAccessPayload struct {
+	AuthorizedUsers []int
+	AuthorizedTeams []int
+}
+
+func (payload *registryUpdateAccessPayload) Validate(r *http.Request) error {
+	return nil
+}
+
+// PUT request on /api/registries/:id/access
+func (handler *Handler) registryUpdateAccess(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	registryID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid registry identifier route variable", err}
+	}
+
+	var payload registryUpdateAccessPayload
+	err = request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
+	}
+
+	registry, err := handler.RegistryService.Registry(portainer.RegistryID(registryID))
+	if err == portainer.ErrEndpointGroupNotFound {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a registry with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a registry with the specified identifier inside the database", err}
+	}
+
+	if payload.AuthorizedUsers != nil {
+		authorizedUserIDs := []portainer.UserID{}
+		for _, value := range payload.AuthorizedUsers {
+			authorizedUserIDs = append(authorizedUserIDs, portainer.UserID(value))
+		}
+		registry.AuthorizedUsers = authorizedUserIDs
+	}
+
+	if payload.AuthorizedTeams != nil {
+		authorizedTeamIDs := []portainer.TeamID{}
+		for _, value := range payload.AuthorizedTeams {
+			authorizedTeamIDs = append(authorizedTeamIDs, portainer.TeamID(value))
+		}
+		registry.AuthorizedTeams = authorizedTeamIDs
+	}
+
+	err = handler.RegistryService.UpdateRegistry(registry.ID, registry)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist registry changes inside the database", err}
+	}
+
+	return response.JSON(w, registry)
+}