mirror of
https://github.com/portainer/portainer.git
synced 2025-07-19 13:29:41 +02:00
2c4c638f46
* feat(openamt): add AMT Devices information in Environments view [INT-8] (#6169) * feat(openamt): add AMT Devices Ouf of Band Managamenet actions [INT-9] (#6171) * feat(openamt): add AMT Devices KVM Connection [INT-10] (#6179) * feat(openamt): Enhance the Environments MX to activate OpenAMT on compatible environments [INT-7] (#6196) * feat(openamt): Enable KVM by default [INT-25] (#6228) * feat(fdo): implement the FDO configuration settings INT-19 (#6238) feat(fdo): implement the FDO configuration settings INT-19 * feat(fdo): implement Owner client INT-17 (#6231) feat(fdo): implement Owner client INT-17 * feat(openamt): hide wireless config in OpenAMT form (#6250) * feat(openamt): Increase OpenAMT timeouts [INT-30] (#6253) * feat(openamt): Disable the ability to use KVM and OOB actions on a MPS disconnected device [INT-36] (#6254) * feat(fdo): add import device UI [INT-20] (#6240) feat(fdo): add import device UI INT-20 * refactor(fdo): fix develop merge issues * feat(openamt): Do not fetch OpenAMT details for an unassociated Edge endpoint (#6273) * fix(intel): Fix switches params (#6282) * feat(openamt): preload existing AMT settings (#6283) * feat(openamt): Better UI/UX for AMT activation loading [INT-39] (#6290) * feat(openamt): Remove wireless config related code [INT-41] (#6291) * yarn install * feat(openamt): change kvm redirection for pop up, always enable features [INT-37] (#6292) * feat(openamt): change kvm redirection for pop up, always enable features [INT-37] (#6293) * feat(openmt): use .ts services with axios for OpenAMT (#6312) * Minor code cleanup. * fix(fdo): move the FDO client code to the hostmanagement folder INT-44 (#6345) * refactor(intel): Add Edge Compute Settings view (#6351) * feat(fdo): add FDO profiles INT-22 (#6363) feat(fdo): add FDO profiles INT-22 * fix(fdo): fix incorrect profile URL INT-45 (#6377) * fixed husky version * fix go.mod with go mod tidy * feat(edge): migrate OpenAMT devices views to Edge Devices [EE-2322] (#6373) * feat(intel): OpenAMT UI/UX adjustments (#6394) * only allow edge agent as edge device * show all edge agent environments on Edge Devices view * feat(fdo): add the ability to import multiple ownership vouchers at once EE-2324 (#6395) * fix(edge): settings edge compute alert (#6402) * remove pagination, add useMemo for devices result array (#6409) * feat(edge): minor Edge Devices (AMT) UI fixes (#6410) * chore(eslint): fix versions * chore(app): reformat codebase * change add edge agent modal behaviour, fix yarn.lock * fix use pagination * remove extractedTranslations folder * feat(edge): add FDO Profiles Datatable [EE-2406] (#6415) * feat(edge): add KVM workaround tooltip (#6441) * feat(edge): Add default FDO profile (#6450) * feat(edge): add settings to disable trust on first connect and enforce Edge ID INT-1 EE-2410 (#6429) Co-authored-by: andres-portainer <91705312+andres-portainer@users.noreply.github.com> Co-authored-by: Anthony Lapenna <anthony.lapenna@portainer.io> Co-authored-by: andres-portainer <andres-portainer@users.noreply.github.com> Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>
158 lines
4.9 KiB
Go
158 lines
4.9 KiB
Go
package docker
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/docker/docker/client"
|
|
portainer "github.com/portainer/portainer/api"
|
|
"github.com/portainer/portainer/api/crypto"
|
|
)
|
|
|
|
var errUnsupportedEnvironmentType = errors.New("Environment not supported")
|
|
|
|
const (
|
|
defaultDockerRequestTimeout = 60 * time.Second
|
|
dockerClientVersion = "1.37"
|
|
)
|
|
|
|
// ClientFactory is used to create Docker clients
|
|
type ClientFactory struct {
|
|
signatureService portainer.DigitalSignatureService
|
|
reverseTunnelService portainer.ReverseTunnelService
|
|
}
|
|
|
|
// NewClientFactory returns a new instance of a ClientFactory
|
|
func NewClientFactory(signatureService portainer.DigitalSignatureService, reverseTunnelService portainer.ReverseTunnelService) *ClientFactory {
|
|
return &ClientFactory{
|
|
signatureService: signatureService,
|
|
reverseTunnelService: reverseTunnelService,
|
|
}
|
|
}
|
|
|
|
// CreateClient is a generic function to create a Docker client based on
|
|
// a specific environment(endpoint) configuration. The nodeName parameter can be used
|
|
// with an agent enabled environment(endpoint) to target a specific node in an agent cluster.
|
|
// The underlying http client timeout may be specified, a default value is used otherwise.
|
|
func (factory *ClientFactory) CreateClient(endpoint *portainer.Endpoint, nodeName string, timeout *time.Duration) (*client.Client, error) {
|
|
if endpoint.Type == portainer.AzureEnvironment {
|
|
return nil, errUnsupportedEnvironmentType
|
|
} else if endpoint.Type == portainer.AgentOnDockerEnvironment {
|
|
return createAgentClient(endpoint, factory.signatureService, nodeName, timeout)
|
|
} else if endpoint.Type == portainer.EdgeAgentOnDockerEnvironment {
|
|
return createEdgeClient(endpoint, factory.signatureService, factory.reverseTunnelService, nodeName, timeout)
|
|
}
|
|
|
|
if strings.HasPrefix(endpoint.URL, "unix://") || strings.HasPrefix(endpoint.URL, "npipe://") {
|
|
return createLocalClient(endpoint)
|
|
}
|
|
return createTCPClient(endpoint, timeout)
|
|
}
|
|
|
|
func createLocalClient(endpoint *portainer.Endpoint) (*client.Client, error) {
|
|
return client.NewClientWithOpts(
|
|
client.WithHost(endpoint.URL),
|
|
client.WithVersion(dockerClientVersion),
|
|
)
|
|
}
|
|
|
|
func createTCPClient(endpoint *portainer.Endpoint, timeout *time.Duration) (*client.Client, error) {
|
|
httpCli, err := httpClient(endpoint, timeout)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return client.NewClientWithOpts(
|
|
client.WithHost(endpoint.URL),
|
|
client.WithVersion(dockerClientVersion),
|
|
client.WithHTTPClient(httpCli),
|
|
)
|
|
}
|
|
|
|
func createEdgeClient(endpoint *portainer.Endpoint, signatureService portainer.DigitalSignatureService, reverseTunnelService portainer.ReverseTunnelService, nodeName string, timeout *time.Duration) (*client.Client, error) {
|
|
httpCli, err := httpClient(endpoint, timeout)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
signature, err := signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
headers := map[string]string{
|
|
portainer.PortainerAgentPublicKeyHeader: signatureService.EncodedPublicKey(),
|
|
portainer.PortainerAgentSignatureHeader: signature,
|
|
}
|
|
|
|
if nodeName != "" {
|
|
headers[portainer.PortainerAgentTargetHeader] = nodeName
|
|
}
|
|
|
|
tunnel, err := reverseTunnelService.GetActiveTunnel(endpoint)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
endpointURL := fmt.Sprintf("http://127.0.0.1:%d", tunnel.Port)
|
|
|
|
return client.NewClientWithOpts(
|
|
client.WithHost(endpointURL),
|
|
client.WithVersion(dockerClientVersion),
|
|
client.WithHTTPClient(httpCli),
|
|
client.WithHTTPHeaders(headers),
|
|
)
|
|
}
|
|
|
|
func createAgentClient(endpoint *portainer.Endpoint, signatureService portainer.DigitalSignatureService, nodeName string, timeout *time.Duration) (*client.Client, error) {
|
|
httpCli, err := httpClient(endpoint, timeout)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
signature, err := signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
headers := map[string]string{
|
|
portainer.PortainerAgentPublicKeyHeader: signatureService.EncodedPublicKey(),
|
|
portainer.PortainerAgentSignatureHeader: signature,
|
|
}
|
|
|
|
if nodeName != "" {
|
|
headers[portainer.PortainerAgentTargetHeader] = nodeName
|
|
}
|
|
|
|
return client.NewClientWithOpts(
|
|
client.WithHost(endpoint.URL),
|
|
client.WithVersion(dockerClientVersion),
|
|
client.WithHTTPClient(httpCli),
|
|
client.WithHTTPHeaders(headers),
|
|
)
|
|
}
|
|
|
|
func httpClient(endpoint *portainer.Endpoint, timeout *time.Duration) (*http.Client, error) {
|
|
transport := &http.Transport{}
|
|
|
|
if endpoint.TLSConfig.TLS {
|
|
tlsConfig, err := crypto.CreateTLSConfigurationFromDisk(endpoint.TLSConfig.TLSCACertPath, endpoint.TLSConfig.TLSCertPath, endpoint.TLSConfig.TLSKeyPath, endpoint.TLSConfig.TLSSkipVerify)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
transport.TLSClientConfig = tlsConfig
|
|
}
|
|
|
|
clientTimeout := defaultDockerRequestTimeout
|
|
if timeout != nil {
|
|
clientTimeout = *timeout
|
|
}
|
|
|
|
return &http.Client{
|
|
Transport: transport,
|
|
Timeout: clientTimeout,
|
|
}, nil
|
|
}
|