feat(templates): re-introduce external template management (#2119)

* feat(templates): re-introduce external template management * refactor(api): review error handling
2025-07-24 15:59:41 +02:00 · 2018-08-07 17:43:36 +02:00 · 2018-08-07 17:43:36 +02:00 · ee9c8d7d1a
commit ee9c8d7d1a
parent 09cb8e7350
12 changed files with 120 additions and 32 deletions
--- a/api/http/handler/settings/settings_public.go
+++ b/api/http/handler/settings/settings_public.go
@ -13,6 +13,7 @@ type publicSettingsResponse struct {
 	AuthenticationMethod               portainer.AuthenticationMethod `json:"AuthenticationMethod"`
 	AllowBindMountsForRegularUsers     bool                           `json:"AllowBindMountsForRegularUsers"`
 	AllowPrivilegedModeForRegularUsers bool                           `json:"AllowPrivilegedModeForRegularUsers"`
+	ExternalTemplates                  bool                           `json:"ExternalTemplates"`
 }

 // GET request on /api/settings/public
@ -27,6 +28,11 @@ func (handler *Handler) settingsPublic(w http.ResponseWriter, r *http.Request) *
 		AuthenticationMethod:               settings.AuthenticationMethod,
 		AllowBindMountsForRegularUsers:     settings.AllowBindMountsForRegularUsers,
 		AllowPrivilegedModeForRegularUsers: settings.AllowPrivilegedModeForRegularUsers,
+		ExternalTemplates:                  false,
+	}
+
+	if settings.TemplatesURL != "" {
+		publicSettings.ExternalTemplates = true
 	}

 	return response.JSON(w, publicSettings)
--- a/api/http/handler/settings/settings_update.go
+++ b/api/http/handler/settings/settings_update.go
@ -19,6 +19,7 @@ type settingsUpdatePayload struct {
 	AllowBindMountsForRegularUsers     *bool
 	AllowPrivilegedModeForRegularUsers *bool
 	SnapshotInterval                   *string
+	TemplatesURL                       *string
 }

 func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
@ -28,6 +29,9 @@ func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
 	if payload.LogoURL != nil && *payload.LogoURL != "" && !govalidator.IsURL(*payload.LogoURL) {
 		return portainer.Error("Invalid logo URL. Must correspond to a valid URL format")
 	}
+	if payload.TemplatesURL != nil && *payload.TemplatesURL != "" && !govalidator.IsURL(*payload.TemplatesURL) {
+		return portainer.Error("Invalid external templates URL. Must correspond to a valid URL format")
+	}
 	return nil
 }

@ -52,6 +56,10 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 		settings.LogoURL = *payload.LogoURL
 	}

+	if payload.TemplatesURL != nil {
+		settings.TemplatesURL = *payload.TemplatesURL
+	}
+
 	if payload.BlackListedLabels != nil {
 		settings.BlackListedLabels = payload.BlackListedLabels
 	}
--- a/api/http/handler/templates/handler.go
+++ b/api/http/handler/templates/handler.go
@ -9,10 +9,15 @@ import (
 	"github.com/portainer/portainer/http/security"
 )

+const (
+	errTemplateManagementDisabled = portainer.Error("Template management is disabled")
+)
+
 // Handler represents an HTTP API handler for managing templates.
 type Handler struct {
 	*mux.Router
 	TemplateService portainer.TemplateService
+	SettingsService portainer.SettingsService
 }

 // NewHandler returns a new instance of Handler.
@ -20,15 +25,32 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
 	h := &Handler{
 		Router: mux.NewRouter(),
 	}
+
 	h.Handle("/templates",
 		bouncer.RestrictedAccess(httperror.LoggerHandler(h.templateList))).Methods(http.MethodGet)
 	h.Handle("/templates",
-		bouncer.AdministratorAccess(httperror.LoggerHandler(h.templateCreate))).Methods(http.MethodPost)
+		bouncer.AdministratorAccess(h.templateManagementCheck(httperror.LoggerHandler(h.templateCreate)))).Methods(http.MethodPost)
 	h.Handle("/templates/{id}",
-		bouncer.AdministratorAccess(httperror.LoggerHandler(h.templateInspect))).Methods(http.MethodGet)
+		bouncer.AdministratorAccess(h.templateManagementCheck(httperror.LoggerHandler(h.templateInspect)))).Methods(http.MethodGet)
 	h.Handle("/templates/{id}",
-		bouncer.AdministratorAccess(httperror.LoggerHandler(h.templateUpdate))).Methods(http.MethodPut)
+		bouncer.AdministratorAccess(h.templateManagementCheck(httperror.LoggerHandler(h.templateUpdate)))).Methods(http.MethodPut)
 	h.Handle("/templates/{id}",
-		bouncer.AdministratorAccess(httperror.LoggerHandler(h.templateDelete))).Methods(http.MethodDelete)
+		bouncer.AdministratorAccess(h.templateManagementCheck(httperror.LoggerHandler(h.templateDelete)))).Methods(http.MethodDelete)
 	return h
 }
+
+func (handler *Handler) templateManagementCheck(next http.Handler) http.Handler {
+	return httperror.LoggerHandler(func(rw http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+		settings, err := handler.SettingsService.Settings()
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
+		}
+
+		if settings.TemplatesURL != "" {
+			return &httperror.HandlerError{http.StatusServiceUnavailable, "Portainer is configured to use external templates, template management is disabled", errTemplateManagementDisabled}
+		}
+
+		next.ServeHTTP(rw, r)
+		return nil
+	})
+}
--- a/api/http/handler/templates/template_list.go
+++ b/api/http/handler/templates/template_list.go
@ -1,8 +1,11 @@
 package templates

 import (
+	"encoding/json"
 	"net/http"

+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/http/client"
 	httperror "github.com/portainer/portainer/http/error"
 	"github.com/portainer/portainer/http/response"
 	"github.com/portainer/portainer/http/security"
@ -10,9 +13,28 @@ import (

 // GET request on /api/templates
 func (handler *Handler) templateList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	templates, err := handler.TemplateService.Templates()
+	settings, err := handler.SettingsService.Settings()
 	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve templates from the database", err}
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
+	}
+
+	var templates []portainer.Template
+	if settings.TemplatesURL == "" {
+		templates, err = handler.TemplateService.Templates()
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve templates from the database", err}
+		}
+	} else {
+		var templateData []byte
+		templateData, err = client.Get(settings.TemplatesURL)
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve external templates", err}
+		}
+
+		err = json.Unmarshal(templateData, &templates)
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to parse external templates", err}
+		}
 	}

 	securityContext, err := security.RetrieveRestrictedRequestContext(r)
@ -21,6 +43,5 @@ func (handler *Handler) templateList(w http.ResponseWriter, r *http.Request) *ht
 	}

 	filteredTemplates := security.FilterTemplates(templates, securityContext)
-
 	return response.JSON(w, filteredTemplates)
 }
--- a/api/http/server.go
+++ b/api/http/server.go
@ -151,6 +151,7 @@ func (server *Server) Start() error {

 	var templatesHandler = templates.NewHandler(requestBouncer)
 	templatesHandler.TemplateService = server.TemplateService
+	templatesHandler.SettingsService = server.SettingsService

 	var uploadHandler = upload.NewHandler(requestBouncer)
 	uploadHandler.FileService = server.FileService