mirror of
https://github.com/portainer/portainer.git
synced 2025-07-23 23:39:41 +02:00
12a512f01f
* feat(edge): fix webconsole and agent deployment command * feat(edge): display agent features when connected to IoT endpoint * feat(edge): add -e CAP_HOST_MANAGEMENT=1 to agent command * feat(edge): add -v /:/host and --name portainer_agent_iot to agent command * style(endpoint-creation): refactor IoT agent to Edge agent * refactor(api): rename AgentIoTEnvironment to AgentEdgeEnvironment * refactor(api): rename AgentIoTEnvironment to AgentEdgeEnvironment * feat(endpoint-creation): update Edge agent deployment instructions * feat(edge): wip edge * feat(edge): refactor key creation * feat(edge): update deployment instructions * feat(home): update Edge agent endpoint item * feat(edge): support dynamic ports * feat(edge): support sleep/wake and snapshots * feat(edge): support offline mode * feat(edge): host job support for Edge endpoints * feat(edge): introduce STANDBY state * feat(edge): update Edge agent deployment command * feat(edge): introduce EDGE_ID support * feat(edge): update default inactivity interval to 5min * feat(edge): reload Edge schedules after restart * fix(edge): fix execution of endpoint job against an Edge endpoint * fix(edge): fix minor issues with scheduling UI/UX * feat(edge): introduce EdgeSchedule version management * feat(edge): switch back to REQUIRED state from ACTIVE on error * refactor(edge): remove comment * feat(edge): updated tunnel status management * feat(edge): fix flickering UI when accessing Edge endpoint from home view * feat(edge): remove STANDBY status * fix(edge): fix an issue with console and Swarm endpoint * fix(edge): fix an issue with stack deployment * fix(edge): reset timer when applying active status * feat(edge): add background ping for Edge endpoints * fix(edge): fix infinite loading loop after Edge endpoint connection failure * fix(home): fix an issue with merge * feat(api): remove SnapshotRaw from EndpointList response * feat(api): add pagination for EndpointList operation * feat(api): rename last_id query parameter to start * feat(api): implement filter for EndpointList operation * fix(edge): prevent a pointer issue after removing an active Edge endpoint * feat(home): front - endpoint backend pagination (#2990) * feat(home): endpoint pagination with backend * feat(api): remove default limit value * fix(endpoints): fix a minor issue with column span * fix(endpointgroup-create): fix an issue with endpoint group creation * feat(app): minor loading optimizations * refactor(api): small refactor of EndpointList operation * fix(home): fix minor loading text display issue * refactor(api): document bolt services functions * feat(home): minor optimization * fix(api): replace seek with index scanning for EndpointPaginated * fix(api): fix invalid starting index issue * fix(api): first implementation of working filter * fix(home): endpoints list keeps backend pagination when it needs to * fix(api): endpoint pagination doesn't drop the first item on pages >=2 anymore * fix(home): UI flickering on page/filter load/change * feat(auth): login spinner * feat(api): support searching in associated endpoint group data * refactor(api): remove unused API endpoint * refactor(api): remove comment * refactor(api): refactor proxy manager * feat(api): declare EndpointList params as optional * feat(api): support groupID filter on endpoints route * feat(api): add new API operations endpointGroupAddEndpoint and endpointGroupDeleteEndpoint * feat(edge): new icon for Edge agent endpoint * fix(edge): fix missing exec quick action * fix(edge): add loading indicator when connecting to Edge endpoint * feat(edge): disable service webhooks for Edge endpoints * feat(endpoints): backend pagination for endpoints view (#3004) * feat(edge): dynamic loading for stack migration feature * feat(edge): wordwrap edge key * feat(endpoint-groups): backend pagination support for create and edit * feat(endpoint-groups): debounce on filter for create/edit views * feat(endpoint-groups): filter assigned on create view * (endpoint-groups): unassigned endpoints edit view * refactor(endpoint-groups): code clean * feat(endpoint-groups): remove message for Unassigned group * refactor(websocket): minor refactor associated to Edge agent * feat(endpoint-group): enable backend pagination (#3017) * feat(api): support groupID filter on endpoints route * feat(api): add new API operations endpointGroupAddEndpoint and endpointGroupDeleteEndpoint * feat(endpoint-groups): backend pagination support for create and edit * feat(endpoint-groups): debounce on filter for create/edit views * feat(endpoint-groups): filter assigned on create view * (endpoint-groups): unassigned endpoints edit view * refactor(endpoint-groups): code clean * feat(endpoint-groups): remove message for Unassigned group * refactor(api): endpoint group endpoint association refactor * refactor(api): rename files and remove comments * refactor(api): remove usage of utils * refactor(api): optional parameters * Merge branch 'feat-endpoint-backend-pagination' into edge # Conflicts: # api/bolt/endpoint/endpoint.go # api/http/handler/endpointgroups/endpointgroup_update.go # api/http/handler/endpointgroups/handler.go # api/http/handler/endpoints/endpoint_list.go # app/portainer/services/api/endpointService.js * fix(api): fix default tunnel server credentials * feat(api): update endpointListOperation behavior and parameters * fix(api): fix interface declaration * feat(edge): support configurable Edge agent checkin interval * feat(edge): support dynamic tunnel credentials * feat(edge): update Edge agent deployment commands * style(edge): update Edge agent settings text * refactor(edge): remove unused credentials management methods * feat(edge): associate a remote addr to tunnel credentials * style(edge): update Edge endpoint icon * feat(edge): support encrypted tunnel credentials * fix(edge): fix invalid pointer cast * feat(bolt): decode endpoints with jsoniter * feat(edge): persist reverse tunnel keyseed * refactor(edge): minor refactor * feat(edge): update chisel library usage * refactor(endpoint): use controller function * feat(api): database migration to DBVersion 19 * refactor(api): refactor AddSchedule function * refactor(schedules): remove comment * refactor(api): remove comment * refactor(api): remove comment * feat(api): tunnel manager now only manage Edge endpoints * refactor(api): clean-up and clarification of the Edge service * refactor(api): clean-up and clarification of the Edge service * fix(api): fix an issue with Edge agent snapshots * refactor(api): add missing comments * refactor(api): update constant description * style(home): remove loading text on error * feat(endpoint): remove 15s timeout for ping request * style(home): display information about associated Edge endpoints * feat(home): redirect to endpoint details on click on unassociated Edge endpoint * feat(settings): remove 60s Edge poll frequency option
162 lines
5.5 KiB
Go
162 lines
5.5 KiB
Go
package settings
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/asaskevich/govalidator"
|
|
httperror "github.com/portainer/libhttp/error"
|
|
"github.com/portainer/libhttp/request"
|
|
"github.com/portainer/libhttp/response"
|
|
"github.com/portainer/portainer/api"
|
|
"github.com/portainer/portainer/api/filesystem"
|
|
)
|
|
|
|
type settingsUpdatePayload struct {
|
|
LogoURL *string
|
|
BlackListedLabels []portainer.Pair
|
|
AuthenticationMethod *int
|
|
LDAPSettings *portainer.LDAPSettings
|
|
OAuthSettings *portainer.OAuthSettings
|
|
AllowBindMountsForRegularUsers *bool
|
|
AllowPrivilegedModeForRegularUsers *bool
|
|
EnableHostManagementFeatures *bool
|
|
SnapshotInterval *string
|
|
TemplatesURL *string
|
|
EdgeAgentCheckinInterval *int
|
|
}
|
|
|
|
func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
|
|
if *payload.AuthenticationMethod != 1 && *payload.AuthenticationMethod != 2 && *payload.AuthenticationMethod != 3 {
|
|
return portainer.Error("Invalid authentication method value. Value must be one of: 1 (internal), 2 (LDAP/AD) or 3 (OAuth)")
|
|
}
|
|
if payload.LogoURL != nil && *payload.LogoURL != "" && !govalidator.IsURL(*payload.LogoURL) {
|
|
return portainer.Error("Invalid logo URL. Must correspond to a valid URL format")
|
|
}
|
|
if payload.TemplatesURL != nil && *payload.TemplatesURL != "" && !govalidator.IsURL(*payload.TemplatesURL) {
|
|
return portainer.Error("Invalid external templates URL. Must correspond to a valid URL format")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// PUT request on /api/settings
|
|
func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
|
|
var payload settingsUpdatePayload
|
|
err := request.DecodeAndValidateJSONPayload(r, &payload)
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
|
|
}
|
|
|
|
settings, err := handler.SettingsService.Settings()
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve the settings from the database", err}
|
|
}
|
|
|
|
if payload.AuthenticationMethod != nil {
|
|
settings.AuthenticationMethod = portainer.AuthenticationMethod(*payload.AuthenticationMethod)
|
|
}
|
|
|
|
if payload.LogoURL != nil {
|
|
settings.LogoURL = *payload.LogoURL
|
|
}
|
|
|
|
if payload.TemplatesURL != nil {
|
|
settings.TemplatesURL = *payload.TemplatesURL
|
|
}
|
|
|
|
if payload.BlackListedLabels != nil {
|
|
settings.BlackListedLabels = payload.BlackListedLabels
|
|
}
|
|
|
|
if payload.LDAPSettings != nil {
|
|
ldapPassword := settings.LDAPSettings.Password
|
|
if payload.LDAPSettings.Password != "" {
|
|
ldapPassword = payload.LDAPSettings.Password
|
|
}
|
|
settings.LDAPSettings = *payload.LDAPSettings
|
|
settings.LDAPSettings.Password = ldapPassword
|
|
}
|
|
|
|
if payload.OAuthSettings != nil {
|
|
clientSecret := payload.OAuthSettings.ClientSecret
|
|
if clientSecret == "" {
|
|
clientSecret = settings.OAuthSettings.ClientSecret
|
|
}
|
|
settings.OAuthSettings = *payload.OAuthSettings
|
|
settings.OAuthSettings.ClientSecret = clientSecret
|
|
}
|
|
|
|
if payload.AllowBindMountsForRegularUsers != nil {
|
|
settings.AllowBindMountsForRegularUsers = *payload.AllowBindMountsForRegularUsers
|
|
}
|
|
|
|
if payload.AllowPrivilegedModeForRegularUsers != nil {
|
|
settings.AllowPrivilegedModeForRegularUsers = *payload.AllowPrivilegedModeForRegularUsers
|
|
}
|
|
|
|
if payload.EnableHostManagementFeatures != nil {
|
|
settings.EnableHostManagementFeatures = *payload.EnableHostManagementFeatures
|
|
}
|
|
|
|
if payload.SnapshotInterval != nil && *payload.SnapshotInterval != settings.SnapshotInterval {
|
|
err := handler.updateSnapshotInterval(settings, *payload.SnapshotInterval)
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to update snapshot interval", err}
|
|
}
|
|
}
|
|
|
|
if payload.EdgeAgentCheckinInterval != nil {
|
|
settings.EdgeAgentCheckinInterval = *payload.EdgeAgentCheckinInterval
|
|
}
|
|
|
|
tlsError := handler.updateTLS(settings)
|
|
if tlsError != nil {
|
|
return tlsError
|
|
}
|
|
|
|
err = handler.SettingsService.UpdateSettings(settings)
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist settings changes inside the database", err}
|
|
}
|
|
|
|
return response.JSON(w, settings)
|
|
}
|
|
|
|
func (handler *Handler) updateSnapshotInterval(settings *portainer.Settings, snapshotInterval string) error {
|
|
settings.SnapshotInterval = snapshotInterval
|
|
|
|
schedules, err := handler.ScheduleService.SchedulesByJobType(portainer.SnapshotJobType)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if len(schedules) != 0 {
|
|
snapshotSchedule := schedules[0]
|
|
snapshotSchedule.CronExpression = "@every " + snapshotInterval
|
|
|
|
err := handler.JobScheduler.UpdateSystemJobSchedule(portainer.SnapshotJobType, snapshotSchedule.CronExpression)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = handler.ScheduleService.UpdateSchedule(snapshotSchedule.ID, &snapshotSchedule)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (handler *Handler) updateTLS(settings *portainer.Settings) *httperror.HandlerError {
|
|
if (settings.LDAPSettings.TLSConfig.TLS || settings.LDAPSettings.StartTLS) && !settings.LDAPSettings.TLSConfig.TLSSkipVerify {
|
|
caCertPath, _ := handler.FileService.GetPathForTLSFile(filesystem.LDAPStorePath, portainer.TLSFileCA)
|
|
settings.LDAPSettings.TLSConfig.TLSCACertPath = caCertPath
|
|
} else {
|
|
settings.LDAPSettings.TLSConfig.TLSCACertPath = ""
|
|
err := handler.FileService.DeleteTLSFiles(filesystem.LDAPStorePath)
|
|
if err != nil {
|
|
return &httperror.HandlerError{http.StatusInternalServerError, "Unable to remove TLS files from disk", err}
|
|
}
|
|
}
|
|
return nil
|
|
}
|