[WIP] Optimize buildEdgeStacks()

Merge branch 'develop' into debug-api-endpoint
Revert "Add caching to EdgeStack."
2022-05-11 19:38:55 -03:00 · 2022-05-10 18:00:25 -03:00 · 2022-05-08 16:41:11 -03:00 · 2022-05-06 21:45:06 -03:00 · 2022-05-06 19:35:52 -03:00 · 2022-05-05 19:40:40 -03:00
655 changed files with 6130 additions and 11360 deletions
--- a/.storybook/preview.js
+++ b/.storybook/preview.js
@@ -3,7 +3,6 @@ import '../app/assets/css';
 import { pushStateLocationPlugin, UIRouter } from '@uirouter/react';
 import { initialize as initMSW, mswDecorator } from 'msw-storybook-addon';
 import { handlers } from '@/setup-tests/server-handlers';
-import { QueryClient, QueryClientProvider } from 'react-query';

 // Initialize MSW
 initMSW({
@@ -32,17 +31,11 @@ export const parameters = {
  },
 };

-const testQueryClient = new QueryClient({
-  defaultOptions: { queries: { retry: false } },
-});
-
 export const decorators = [
  (Story) => (
-    <QueryClientProvider client={testQueryClient}>
-      <UIRouter plugins={[pushStateLocationPlugin]}>
-        <Story />
-      </UIRouter>
-    </QueryClientProvider>
+    <UIRouter plugins={[pushStateLocationPlugin]}>
+      <Story />
+    </UIRouter>
  ),
  mswDecorator,
 ];
--- a/api/cli/cli.go
+++ b/api/cli/cli.go
@@ -35,7 +35,6 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 		TunnelPort:                kingpin.Flag("tunnel-port", "Port to serve the tunnel server").Default(defaultTunnelServerPort).String(),
 		Assets:                    kingpin.Flag("assets", "Path to the assets").Default(defaultAssetsDirectory).Short('a').String(),
 		Data:                      kingpin.Flag("data", "Path to the folder where the data is stored").Default(defaultDataDirectory).Short('d').String(),
-		DemoEnvironment:           kingpin.Flag("demo", "Demo environment").Bool(),
 		EndpointURL:               kingpin.Flag("host", "Environment URL").Short('H').String(),
 		FeatureFlags:              BoolPairs(kingpin.Flag("feat", "List of feature flags").Hidden()),
 		EnableEdgeComputeFeatures: kingpin.Flag("edge-compute", "Enable Edge Compute features").Bool(),
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@@ -23,7 +23,6 @@ import (
 	"github.com/portainer/portainer/api/database/boltdb"
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/datastore"
-	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/docker"
 	"github.com/portainer/portainer/api/exec"
 	"github.com/portainer/portainer/api/filesystem"
@@ -573,7 +572,6 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 	openAMTService := openamt.NewService()

 	cryptoService := initCryptoService()
-
 	digitalSignatureService := initDigitalSignatureService()

 	sslService, err := initSSLService(*flags.AddrHTTPS, *flags.SSLCert, *flags.SSLKey, fileService, dataStore, shutdownTrigger)
@@ -609,7 +607,7 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {

 	kubeClusterAccessService := kubernetes.NewKubeClusterAccessService(*flags.BaseURL, *flags.AddrHTTPS, sslSettings.CertPath)

-	proxyManager := proxy.NewManager(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager, gitService)
+	proxyManager := proxy.NewManager(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager)

 	reverseTunnelService.ProxyManager = proxyManager

@@ -636,14 +634,6 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {

 	applicationStatus := initStatus(instanceID)

-	demoService := demo.NewService()
-	if *flags.DemoEnvironment {
-		err := demoService.Init(dataStore, cryptoService)
-		if err != nil {
-			log.Fatalf("failed initializing demo environment: %v", err)
-		}
-	}
-
 	err = initEndpoint(flags, dataStore, snapshotService)
 	if err != nil {
 		logrus.Fatalf("Failed initializing environment: %v", err)
@@ -732,7 +722,6 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		ShutdownCtx:                 shutdownCtx,
 		ShutdownTrigger:             shutdownTrigger,
 		StackDeployer:               stackDeployer,
-		DemoService:                 demoService,
 	}
 }

--- a/api/database/boltdb/json_test.go
+++ b/api/database/boltdb/json_test.go
@@ -10,7 +10,7 @@ import (
 )

 const (
-	jsonobject = `{"LogoURL":"","BlackListedLabels":[],"AuthenticationMethod":1,"InternalAuthSettings": {"RequiredPasswordLength": 12}"LDAPSettings":{"AnonymousMode":true,"ReaderDN":"","URL":"","TLSConfig":{"TLS":false,"TLSSkipVerify":false},"StartTLS":false,"SearchSettings":[{"BaseDN":"","Filter":"","UserNameAttribute":""}],"GroupSearchSettings":[{"GroupBaseDN":"","GroupFilter":"","GroupAttribute":""}],"AutoCreateUsers":true},"OAuthSettings":{"ClientID":"","AccessTokenURI":"","AuthorizationURI":"","ResourceURI":"","RedirectURI":"","UserIdentifier":"","Scopes":"","OAuthAutoCreateUsers":false,"DefaultTeamID":0,"SSO":true,"LogoutURI":"","KubeSecretKey":"j0zLVtY/lAWBk62ByyF0uP80SOXaitsABP0TTJX8MhI="},"OpenAMTConfiguration":{"Enabled":false,"MPSServer":"","MPSUser":"","MPSPassword":"","MPSToken":"","CertFileContent":"","CertFileName":"","CertFilePassword":"","DomainName":""},"FeatureFlagSettings":{},"SnapshotInterval":"5m","TemplatesURL":"https://raw.githubusercontent.com/portainer/templates/master/templates-2.0.json","EdgeAgentCheckinInterval":5,"EnableEdgeComputeFeatures":false,"UserSessionTimeout":"8h","KubeconfigExpiry":"0","EnableTelemetry":true,"HelmRepositoryURL":"https://charts.bitnami.com/bitnami","KubectlShellImage":"portainer/kubectl-shell","DisplayDonationHeader":false,"DisplayExternalContributors":false,"EnableHostManagementFeatures":false,"AllowVolumeBrowserForRegularUsers":false,"AllowBindMountsForRegularUsers":false,"AllowPrivilegedModeForRegularUsers":false,"AllowHostNamespaceForRegularUsers":false,"AllowStackManagementForRegularUsers":false,"AllowDeviceMappingForRegularUsers":false,"AllowContainerCapabilitiesForRegularUsers":false}`
+	jsonobject = `{"LogoURL":"","BlackListedLabels":[],"AuthenticationMethod":1,"LDAPSettings":{"AnonymousMode":true,"ReaderDN":"","URL":"","TLSConfig":{"TLS":false,"TLSSkipVerify":false},"StartTLS":false,"SearchSettings":[{"BaseDN":"","Filter":"","UserNameAttribute":""}],"GroupSearchSettings":[{"GroupBaseDN":"","GroupFilter":"","GroupAttribute":""}],"AutoCreateUsers":true},"OAuthSettings":{"ClientID":"","AccessTokenURI":"","AuthorizationURI":"","ResourceURI":"","RedirectURI":"","UserIdentifier":"","Scopes":"","OAuthAutoCreateUsers":false,"DefaultTeamID":0,"SSO":true,"LogoutURI":"","KubeSecretKey":"j0zLVtY/lAWBk62ByyF0uP80SOXaitsABP0TTJX8MhI="},"OpenAMTConfiguration":{"Enabled":false,"MPSServer":"","MPSUser":"","MPSPassword":"","MPSToken":"","CertFileContent":"","CertFileName":"","CertFilePassword":"","DomainName":""},"FeatureFlagSettings":{},"SnapshotInterval":"5m","TemplatesURL":"https://raw.githubusercontent.com/portainer/templates/master/templates-2.0.json","EdgeAgentCheckinInterval":5,"EnableEdgeComputeFeatures":false,"UserSessionTimeout":"8h","KubeconfigExpiry":"0","EnableTelemetry":true,"HelmRepositoryURL":"https://charts.bitnami.com/bitnami","KubectlShellImage":"portainer/kubectl-shell","DisplayDonationHeader":false,"DisplayExternalContributors":false,"EnableHostManagementFeatures":false,"AllowVolumeBrowserForRegularUsers":false,"AllowBindMountsForRegularUsers":false,"AllowPrivilegedModeForRegularUsers":false,"AllowHostNamespaceForRegularUsers":false,"AllowStackManagementForRegularUsers":false,"AllowDeviceMappingForRegularUsers":false,"AllowContainerCapabilitiesForRegularUsers":false}`
 	passphrase = "my secret key"
 )

--- a/api/dataservices/endpoint/endpoint.go
+++ b/api/dataservices/endpoint/endpoint.go
@@ -1,6 +1,7 @@
 package endpoint

 import (
+	"errors"
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
@@ -83,6 +84,15 @@ func (service *Service) Create(endpoint *portainer.Endpoint) error {
 	return service.connection.CreateObjectWithSetSequence(BucketName, int(endpoint.ID), endpoint)
 }

+// CreateEndpoint assign an ID to a new environment(endpoint) and saves it.
+func (service *Service) CreateWithCallback(endpoint *portainer.Endpoint, fn func(id uint64) (int, interface{})) error {
+	if endpoint.ID > 0 {
+		return errors.New("the endpoint must not have an ID")
+	}
+
+	return service.connection.CreateObject(BucketName, fn)
+}
+
 // GetNextIdentifier returns the next identifier for an environment(endpoint).
 func (service *Service) GetNextIdentifier() int {
 	return service.connection.GetNextIdentifier(BucketName)
--- a/api/dataservices/interface.go
+++ b/api/dataservices/interface.go
@@ -97,6 +97,7 @@ type (
 		Endpoint(ID portainer.EndpointID) (*portainer.Endpoint, error)
 		Endpoints() ([]portainer.Endpoint, error)
 		Create(endpoint *portainer.Endpoint) error
+		CreateWithCallback(endpoint *portainer.Endpoint, fn func(uint64) (int, interface{})) error
 		UpdateEndpoint(ID portainer.EndpointID, endpoint *portainer.Endpoint) error
 		DeleteEndpoint(ID portainer.EndpointID) error
 		GetNextIdentifier() int
--- a/api/dataservices/settings/settings.go
+++ b/api/dataservices/settings/settings.go
@@ -1,6 +1,8 @@
 package settings

 import (
+	"sync"
+
 	portainer "github.com/portainer/portainer/api"
 )

@@ -13,6 +15,30 @@ const (
 // Service represents a service for managing environment(endpoint) data.
 type Service struct {
 	connection portainer.Connection
+	cache      *portainer.Settings
+	mu         sync.RWMutex
+}
+
+func cloneSettings(src *portainer.Settings) *portainer.Settings {
+	if src == nil {
+		return nil
+	}
+
+	c := *src
+
+	if c.BlackListedLabels != nil {
+		c.BlackListedLabels = make([]portainer.Pair, len(src.BlackListedLabels))
+		copy(c.BlackListedLabels, src.BlackListedLabels)
+	}
+
+	if src.FeatureFlagSettings != nil {
+		c.FeatureFlagSettings = make(map[portainer.Feature]bool)
+		for k, v := range src.FeatureFlagSettings {
+			c.FeatureFlagSettings[k] = v
+		}
+	}
+
+	return &c
 }

 func (service *Service) BucketName() string {
@@ -33,6 +59,18 @@ func NewService(connection portainer.Connection) (*Service, error) {

 // Settings retrieve the settings object.
 func (service *Service) Settings() (*portainer.Settings, error) {
+	service.mu.RLock()
+	if service.cache != nil {
+		s := cloneSettings(service.cache)
+		service.mu.RUnlock()
+
+		return s, nil
+	}
+	service.mu.RUnlock()
+
+	service.mu.Lock()
+	defer service.mu.Unlock()
+
 	var settings portainer.Settings

 	err := service.connection.GetObject(BucketName, []byte(settingsKey), &settings)
@@ -40,12 +78,24 @@ func (service *Service) Settings() (*portainer.Settings, error) {
 		return nil, err
 	}

+	service.cache = cloneSettings(&settings)
+
 	return &settings, nil
 }

 // UpdateSettings persists a Settings object.
 func (service *Service) UpdateSettings(settings *portainer.Settings) error {
-	return service.connection.UpdateObject(BucketName, []byte(settingsKey), settings)
+	service.mu.Lock()
+	defer service.mu.Unlock()
+
+	err := service.connection.UpdateObject(BucketName, []byte(settingsKey), settings)
+	if err != nil {
+		return err
+	}
+
+	service.cache = cloneSettings(settings)
+
+	return nil
 }

 func (service *Service) IsFeatureFlagEnabled(feature portainer.Feature) bool {
@@ -61,3 +111,9 @@ func (service *Service) IsFeatureFlagEnabled(feature portainer.Feature) bool {

 	return false
 }
+
+func (service *Service) InvalidateCache() {
+	service.mu.Lock()
+	service.cache = nil
+	service.mu.Unlock()
+}
--- a/api/datastore/datastore_test.go
+++ b/api/datastore/datastore_test.go
@@ -177,7 +177,7 @@ func (store *Store) CreateEndpoint(t *testing.T, name string, endpointType porta
 func (store *Store) CreateEndpointRelation(id portainer.EndpointID) {
 	relation := &portainer.EndpointRelation{
 		EndpointID: id,
-		EdgeStacks: map[portainer.EdgeStackID]bool{},
+		EdgeStacks: map[portainer.EdgeStackID]portainer.EdgeStackStatus{},
 	}

 	store.EndpointRelation().Create(relation)
--- a/api/datastore/init.go
+++ b/api/datastore/init.go
@@ -47,9 +47,6 @@ func (store *Store) checkOrCreateDefaultSettings() error {
 			EnableTelemetry:      true,
 			AuthenticationMethod: portainer.AuthenticationInternal,
 			BlackListedLabels:    make([]portainer.Pair, 0),
-			InternalAuthSettings: portainer.InternalAuthSettings{
-				RequiredPasswordLength: 12,
-			},
 			LDAPSettings: portainer.LDAPSettings{
 				AnonymousMode:   true,
 				AutoCreateUsers: true,
--- a/api/datastore/migrate_data.go
+++ b/api/datastore/migrate_data.go
@@ -31,6 +31,8 @@ func (store *Store) MigrateData() error {
 		return werrors.Wrap(err, "while backing up db before migration")
 	}

+	store.SettingsService.InvalidateCache()
+
 	migratorParams := &migrator.MigratorParameters{
 		DatabaseVersion:         version,
 		EndpointGroupService:    store.EndpointGroupService,
--- a/api/datastore/migrate_data_test.go
+++ b/api/datastore/migrate_data_test.go
@@ -34,9 +34,9 @@ func TestMigrateData(t *testing.T) {
 		wantPath string
 	}{
 		{
-			testName: "migrate version 24 to latest",
+			testName: "migrate version 24 to 35",
 			srcPath:  "test_data/input_24.json",
-			wantPath: "test_data/output_24_to_latest.json",
+			wantPath: "test_data/output_35.json",
 		},
 	}
 	for _, test := range snapshotTests {
--- a/api/datastore/migrator/migrate_ce.go
+++ b/api/datastore/migrator/migrate_ce.go
@@ -100,9 +100,6 @@ func (m *Migrator) Migrate() error {

 		// Portainer 2.13
 		newMigration(40, m.migrateDBVersionToDB40),
-
-		// Portainer 2.14
-		newMigration(50, m.migrateDBVersionToDB50),
 	}

 	var lastDbVersion int
--- a/api/datastore/migrator/migrate_dbversion22.go
+++ b/api/datastore/migrator/migrate_dbversion22.go
@@ -54,7 +54,7 @@ func (m *Migrator) updateEndpointsAndEndpointGroupsToDBVersion23() error {

 		relation := &portainer.EndpointRelation{
 			EndpointID: endpoint.ID,
-			EdgeStacks: map[portainer.EdgeStackID]bool{},
+			EdgeStacks: map[portainer.EdgeStackID]portainer.EdgeStackStatus{},
 		}

 		err = m.endpointRelationService.Create(relation)
--- a/api/datastore/migrator/migrate_dbversion31.go
+++ b/api/datastore/migrator/migrate_dbversion31.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"log"

-	"github.com/docker/docker/api/types/volume"
 	"github.com/portainer/portainer/api/dataservices/errors"

 	portainer "github.com/portainer/portainer/api"
@@ -211,14 +210,14 @@ func (m *Migrator) updateVolumeResourceControlToDB32() error {
 			continue
 		}

-		volumesData := snapshot.SnapshotRaw.Volumes
-		if volumesData.Volumes == nil {
-			log.Println("[DEBUG] [volume migration] [message: no volume data found]")
-			continue
+		if volumesData, done := snapshot.SnapshotRaw.Volumes.(map[string]interface{}); done {
+			if volumesData["Volumes"] == nil {
+				log.Println("[DEBUG] [volume migration] [message: no volume data found]")
+				continue
+			}
+
+			findResourcesToUpdateForDB32(endpointDockerID, volumesData, toUpdate, volumeResourceControls)
 		}
-
-		findResourcesToUpdateForDB32(endpointDockerID, volumesData, toUpdate, volumeResourceControls)
-
 	}

 	for _, resourceControl := range volumeResourceControls {
@@ -241,11 +240,18 @@ func (m *Migrator) updateVolumeResourceControlToDB32() error {
 	return nil
 }

-func findResourcesToUpdateForDB32(dockerID string, volumesData volume.VolumeListOKBody, toUpdate map[portainer.ResourceControlID]string, volumeResourceControls map[string]*portainer.ResourceControl) {
-	volumes := volumesData.Volumes
-	for _, volume := range volumes {
-		volumeName := volume.Name
-		createTime := volume.CreatedAt
+func findResourcesToUpdateForDB32(dockerID string, volumesData map[string]interface{}, toUpdate map[portainer.ResourceControlID]string, volumeResourceControls map[string]*portainer.ResourceControl) {
+	volumes := volumesData["Volumes"].([]interface{})
+	for _, volumeMeta := range volumes {
+		volume := volumeMeta.(map[string]interface{})
+		volumeName, nameExist := volume["Name"].(string)
+		if !nameExist {
+			continue
+		}
+		createTime, createTimeExist := volume["CreatedAt"].(string)
+		if !createTimeExist {
+			continue
+		}

 		oldResourceID := fmt.Sprintf("%s%s", volumeName, createTime)
 		resourceControl, ok := volumeResourceControls[oldResourceID]
--- a/api/datastore/migrator/migrate_dbversion50.go
+++ b/api/datastore/migrator/migrate_dbversion50.go
@@ -1,20 +0,0 @@
-package migrator
-
-import (
-	"github.com/pkg/errors"
-)
-
-func (m *Migrator) migrateDBVersionToDB50() error {
-	return m.migratePasswordLengthSettings()
-}
-
-func (m *Migrator) migratePasswordLengthSettings() error {
-	migrateLog.Info("Updating required password length")
-	s, err := m.settingsService.Settings()
-	if err != nil {
-		return errors.Wrap(err, "unable to retrieve settings")
-	}
-
-	s.InternalAuthSettings.RequiredPasswordLength = 12
-	return m.settingsService.UpdateSettings(s)
-}
--- a/api/datastore/test_data/output_24_to_latest.json
+++ b/api/datastore/test_data/output_24_to_latest.json
@@ -35,12 +35,6 @@
        "TenantID": ""
      },
      "ComposeSyntaxMaxVersion": "",
-      "Edge": {
-        "AsyncMode": false,
-        "CommandInterval": 0,
-        "PingInterval": 0,
-        "SnapshotInterval": 0
-      },
      "EdgeCheckinInterval": 0,
      "EdgeKey": "",
      "GroupId": 1,
@@ -76,103 +70,10 @@
          "DockerSnapshotRaw": {
            "Containers": null,
            "Images": null,
-            "Info": {
-              "Architecture": "",
-              "BridgeNfIp6tables": false,
-              "BridgeNfIptables": false,
-              "CPUSet": false,
-              "CPUShares": false,
-              "CgroupDriver": "",
-              "ContainerdCommit": {
-                "Expected": "",
-                "ID": ""
-              },
-              "Containers": 0,
-              "ContainersPaused": 0,
-              "ContainersRunning": 0,
-              "ContainersStopped": 0,
-              "CpuCfsPeriod": false,
-              "CpuCfsQuota": false,
-              "Debug": false,
-              "DefaultRuntime": "",
-              "DockerRootDir": "",
-              "Driver": "",
-              "DriverStatus": null,
-              "ExperimentalBuild": false,
-              "GenericResources": null,
-              "HttpProxy": "",
-              "HttpsProxy": "",
-              "ID": "",
-              "IPv4Forwarding": false,
-              "Images": 0,
-              "IndexServerAddress": "",
-              "InitBinary": "",
-              "InitCommit": {
-                "Expected": "",
-                "ID": ""
-              },
-              "Isolation": "",
-              "KernelMemory": false,
-              "KernelMemoryTCP": false,
-              "KernelVersion": "",
-              "Labels": null,
-              "LiveRestoreEnabled": false,
-              "LoggingDriver": "",
-              "MemTotal": 0,
-              "MemoryLimit": false,
-              "NCPU": 0,
-              "NEventsListener": 0,
-              "NFd": 0,
-              "NGoroutines": 0,
-              "Name": "",
-              "NoProxy": "",
-              "OSType": "",
-              "OSVersion": "",
-              "OomKillDisable": false,
-              "OperatingSystem": "",
-              "PidsLimit": false,
-              "Plugins": {
-                "Authorization": null,
-                "Log": null,
-                "Network": null,
-                "Volume": null
-              },
-              "RegistryConfig": null,
-              "RuncCommit": {
-                "Expected": "",
-                "ID": ""
-              },
-              "Runtimes": null,
-              "SecurityOptions": null,
-              "ServerVersion": "",
-              "SwapLimit": false,
-              "Swarm": {
-                "ControlAvailable": false,
-                "Error": "",
-                "LocalNodeState": "",
-                "NodeAddr": "",
-                "NodeID": "",
-                "RemoteManagers": null
-              },
-              "SystemTime": "",
-              "Warnings": null
-            },
+            "Info": null,
            "Networks": null,
-            "Version": {
-              "ApiVersion": "",
-              "Arch": "",
-              "GitCommit": "",
-              "GoVersion": "",
-              "Os": "",
-              "Platform": {
-                "Name": ""
-              },
-              "Version": ""
-            },
-            "Volumes": {
-              "Volumes": null,
-              "Warnings": null
-            }
+            "Version": null,
+            "Volumes": null
          },
          "DockerVersion": "20.10.13",
          "HealthyContainerCount": 0,
@@ -688,12 +589,6 @@
    "BlackListedLabels": [],
    "DisplayDonationHeader": false,
    "DisplayExternalContributors": false,
-    "Edge": {
-      "AsyncMode": false,
-      "CommandInterval": 0,
-      "PingInterval": 0,
-      "SnapshotInterval": 0
-    },
    "EdgeAgentCheckinInterval": 5,
    "EdgePortainerUrl": "",
    "EnableEdgeComputeFeatures": false,
@@ -702,9 +597,6 @@
    "EnforceEdgeID": false,
    "FeatureFlagSettings": null,
    "HelmRepositoryURL": "https://charts.bitnami.com/bitnami",
-    "InternalAuthSettings": {
-      "RequiredPasswordLength": 12
-    },
    "KubeconfigExpiry": "0",
    "KubectlShellImage": "portainer/kubectl-shell",
    "LDAPSettings": {
@@ -910,7 +802,7 @@
  ],
  "version": {
    "DB_UPDATING": "false",
-    "DB_VERSION": "50",
+    "DB_VERSION": "35",
    "INSTANCE_ID": "null"
  }
 }
--- a/api/demo/demo.go
+++ b/api/demo/demo.go
@@ -1,118 +0,0 @@
-package demo
-
-import (
-	"log"
-
-	"github.com/pkg/errors"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
-)
-
-type EnvironmentDetails struct {
-	Enabled      bool                   `json:"enabled"`
-	Users        []portainer.UserID     `json:"users"`
-	Environments []portainer.EndpointID `json:"environments"`
-}
-
-type Service struct {
-	details EnvironmentDetails
-}
-
-func NewService() *Service {
-	return &Service{}
-}
-
-func (service *Service) Details() EnvironmentDetails {
-	return service.details
-}
-
-func (service *Service) Init(store dataservices.DataStore, cryptoService portainer.CryptoService) error {
-	log.Print("[INFO] [main] Starting demo environment")
-
-	isClean, err := isCleanStore(store)
-	if err != nil {
-		return errors.WithMessage(err, "failed checking if store is clean")
-	}
-
-	if !isClean {
-		return errors.New(" Demo environment can only be initialized on a clean database")
-	}
-
-	id, err := initDemoUser(store, cryptoService)
-	if err != nil {
-		return errors.WithMessage(err, "failed creating demo user")
-	}
-
-	endpointIds, err := initDemoEndpoints(store)
-	if err != nil {
-		return errors.WithMessage(err, "failed creating demo endpoint")
-	}
-
-	err = initDemoSettings(store)
-	if err != nil {
-		return errors.WithMessage(err, "failed updating demo settings")
-	}
-
-	service.details = EnvironmentDetails{
-		Enabled: true,
-		Users:   []portainer.UserID{id},
-		// endpoints 2,3 are created after deployment of portainer
-		Environments: endpointIds,
-	}
-
-	return nil
-}
-
-func isCleanStore(store dataservices.DataStore) (bool, error) {
-	endpoints, err := store.Endpoint().Endpoints()
-	if err != nil {
-		return false, err
-	}
-
-	if len(endpoints) > 0 {
-		return false, nil
-	}
-
-	users, err := store.User().Users()
-	if err != nil {
-		return false, err
-	}
-
-	if len(users) > 0 {
-		return false, nil
-	}
-
-	return true, nil
-}
-
-func (service *Service) IsDemo() bool {
-	return service.details.Enabled
-}
-
-func (service *Service) IsDemoEnvironment(environmentID portainer.EndpointID) bool {
-	if !service.IsDemo() {
-		return false
-	}
-
-	for _, demoEndpointID := range service.details.Environments {
-		if environmentID == demoEndpointID {
-			return true
-		}
-	}
-
-	return false
-}
-
-func (service *Service) IsDemoUser(userID portainer.UserID) bool {
-	if !service.IsDemo() {
-		return false
-	}
-
-	for _, demoUserID := range service.details.Users {
-		if userID == demoUserID {
-			return true
-		}
-	}
-
-	return false
-}
--- a/api/demo/init.go
+++ b/api/demo/init.go
@@ -1,79 +0,0 @@
-package demo
-
-import (
-	"github.com/pkg/errors"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
-)
-
-func initDemoUser(
-	store dataservices.DataStore,
-	cryptoService portainer.CryptoService,
-) (portainer.UserID, error) {
-
-	password, err := cryptoService.Hash("tryportainer")
-	if err != nil {
-		return 0, errors.WithMessage(err, "failed creating password hash")
-	}
-
-	admin := &portainer.User{
-		Username: "admin",
-		Password: password,
-		Role:     portainer.AdministratorRole,
-	}
-
-	err = store.User().Create(admin)
-	return admin.ID, errors.WithMessage(err, "failed creating user")
-}
-
-func initDemoEndpoints(store dataservices.DataStore) ([]portainer.EndpointID, error) {
-	localEndpointId, err := initDemoLocalEndpoint(store)
-	if err != nil {
-		return nil, err
-	}
-
-	// second and third endpoints are going to be created with docker-compose as a part of the demo environment set up.
-	// ref: https://github.com/portainer/portainer-demo/blob/master/docker-compose.yml
-	return []portainer.EndpointID{localEndpointId, localEndpointId + 1, localEndpointId + 2}, nil
-}
-
-func initDemoLocalEndpoint(store dataservices.DataStore) (portainer.EndpointID, error) {
-	id := portainer.EndpointID(store.Endpoint().GetNextIdentifier())
-	localEndpoint := &portainer.Endpoint{
-		ID:        id,
-		Name:      "local",
-		URL:       "unix:///var/run/docker.sock",
-		PublicURL: "demo.portainer.io",
-		Type:      portainer.DockerEnvironment,
-		GroupID:   portainer.EndpointGroupID(1),
-		TLSConfig: portainer.TLSConfiguration{
-			TLS: false,
-		},
-		AuthorizedUsers:    []portainer.UserID{},
-		AuthorizedTeams:    []portainer.TeamID{},
-		UserAccessPolicies: portainer.UserAccessPolicies{},
-		TeamAccessPolicies: portainer.TeamAccessPolicies{},
-		TagIDs:             []portainer.TagID{},
-		Status:             portainer.EndpointStatusUp,
-		Snapshots:          []portainer.DockerSnapshot{},
-		Kubernetes:         portainer.KubernetesDefault(),
-	}
-
-	err := store.Endpoint().Create(localEndpoint)
-	return id, errors.WithMessage(err, "failed creating local endpoint")
-}
-
-func initDemoSettings(
-	store dataservices.DataStore,
-) error {
-	settings, err := store.Settings().Settings()
-	if err != nil {
-		return errors.WithMessage(err, "failed fetching settings")
-	}
-
-	settings.EnableTelemetry = false
-	settings.LogoURL = ""
-
-	err = store.Settings().UpdateSettings(settings)
-	return errors.WithMessage(err, "failed updating settings")
-}
--- a/api/exec/compose_stack_integration_test.go
+++ b/api/exec/compose_stack_integration_test.go
@@ -11,7 +11,6 @@ import (
 	"testing"

 	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/internal/testhelpers"
 )

 const composeFile = `version: "3.9"
@@ -42,8 +41,6 @@ func setup(t *testing.T) (*portainer.Stack, *portainer.Endpoint) {

 func Test_UpAndDown(t *testing.T) {

-	testhelpers.IntegrationTest(t)
-
 	stack, endpoint := setup(t)

 	w, err := NewComposeStackManager("", "", nil)
--- a/api/git/azure.go
+++ b/api/git/azure.go
@@ -108,12 +108,12 @@ func (a *azureDownloader) latestCommitID(ctx context.Context, options fetchOptio
 		return "", errors.WithMessage(err, "failed to parse url")
 	}

-	rootItemUrl, err := a.buildRootItemUrl(config, options.referenceName)
+	refsUrl, err := a.buildRefsUrl(config, options.referenceName)
 	if err != nil {
-		return "", errors.WithMessage(err, "failed to build azure root item url")
+		return "", errors.WithMessage(err, "failed to build azure refs url")
 	}

-	req, err := http.NewRequestWithContext(ctx, "GET", rootItemUrl, nil)
+	req, err := http.NewRequestWithContext(ctx, "GET", refsUrl, nil)
 	if options.username != "" || options.password != "" {
 		req.SetBasicAuth(options.username, options.password)
 	} else if config.username != "" || config.password != "" {
@@ -131,24 +131,26 @@ func (a *azureDownloader) latestCommitID(ctx context.Context, options fetchOptio
 	defer resp.Body.Close()

 	if resp.StatusCode != http.StatusOK {
-		return "", fmt.Errorf("failed to get repository root item with a status \"%v\"", resp.Status)
+		return "", fmt.Errorf("failed to get repository refs with a status \"%v\"", resp.Status)
 	}

-	var items struct {
+	var refs struct {
 		Value []struct {
-			CommitId string `json:"commitId"`
+			Name     string `json:"name"`
+			ObjectId string `json:"objectId"`
+		}
+	}
+	if err := json.NewDecoder(resp.Body).Decode(&refs); err != nil {
+		return "", errors.Wrap(err, "could not parse Azure Refs response")
+	}
+
+	for _, ref := range refs.Value {
+		if strings.EqualFold(ref.Name, options.referenceName) {
+			return ref.ObjectId, nil
 		}
 	}

-	if err := json.NewDecoder(resp.Body).Decode(&items); err != nil {
-		return "", errors.Wrap(err, "could not parse Azure items response")
-	}
-
-	if len(items.Value) == 0 || items.Value[0].CommitId == "" {
-		return "", errors.Errorf("failed to get latest commitID in the repository")
-	}
-
-	return items.Value[0].CommitId, nil
+	return "", errors.Errorf("could not find ref %q in the repository", options.referenceName)
 }

 func parseUrl(rawUrl string) (*azureOptions, error) {
@@ -234,10 +236,8 @@ func (a *azureDownloader) buildDownloadUrl(config *azureOptions, referenceName s
 	// scopePath=/&download=true&versionDescriptor.version=main&$format=zip&recursionLevel=full&api-version=6.0
 	q.Set("scopePath", "/")
 	q.Set("download", "true")
-	if referenceName != "" {
-		q.Set("versionDescriptor.versionType", getVersionType(referenceName))
-		q.Set("versionDescriptor.version", formatReferenceName(referenceName))
-	}
+	q.Set("versionDescriptor.versionType", getVersionType(referenceName))
+	q.Set("versionDescriptor.version", formatReferenceName(referenceName))
 	q.Set("$format", "zip")
 	q.Set("recursionLevel", "full")
 	q.Set("api-version", "6.0")
@@ -246,8 +246,8 @@ func (a *azureDownloader) buildDownloadUrl(config *azureOptions, referenceName s
 	return u.String(), nil
 }

-func (a *azureDownloader) buildRootItemUrl(config *azureOptions, referenceName string) (string, error) {
-	rawUrl := fmt.Sprintf("%s/%s/%s/_apis/git/repositories/%s/items",
+func (a *azureDownloader) buildRefsUrl(config *azureOptions, referenceName string) (string, error) {
+	rawUrl := fmt.Sprintf("%s/%s/%s/_apis/git/repositories/%s/refs",
 		a.baseUrl,
 		url.PathEscape(config.organisation),
 		url.PathEscape(config.project),
@@ -255,15 +255,12 @@ func (a *azureDownloader) buildRootItemUrl(config *azureOptions, referenceName s
 	u, err := url.Parse(rawUrl)

 	if err != nil {
-		return "", errors.Wrapf(err, "failed to parse root item url path %s", rawUrl)
+		return "", errors.Wrapf(err, "failed to parse refs url path %s", rawUrl)
 	}

+	// filterContains=main&api-version=6.0
 	q := u.Query()
-	q.Set("scopePath", "/")
-	if referenceName != "" {
-		q.Set("versionDescriptor.versionType", getVersionType(referenceName))
-		q.Set("versionDescriptor.version", formatReferenceName(referenceName))
-	}
+	q.Set("filterContains", formatReferenceName(referenceName))
 	q.Set("api-version", "6.0")
 	u.RawQuery = q.Encode()

--- a/api/git/azure_test.go
+++ b/api/git/azure_test.go
@@ -28,15 +28,15 @@ func Test_buildDownloadUrl(t *testing.T) {
 	}
 }

-func Test_buildRootItemUrl(t *testing.T) {
+func Test_buildRefsUrl(t *testing.T) {
 	a := NewAzureDownloader(nil)
-	u, err := a.buildRootItemUrl(&azureOptions{
+	u, err := a.buildRefsUrl(&azureOptions{
 		organisation: "organisation",
 		project:      "project",
 		repository:   "repository",
 	}, "refs/heads/main")

-	expectedUrl, _ := url.Parse("https://dev.azure.com/organisation/project/_apis/git/repositories/repository/items?scopePath=/&api-version=6.0&versionDescriptor.version=main&versionDescriptor.versionType=branch")
+	expectedUrl, _ := url.Parse("https://dev.azure.com/organisation/project/_apis/git/repositories/repository/refs?filterContains=main&api-version=6.0")
 	actualUrl, _ := url.Parse(u)
 	assert.NoError(t, err)
 	assert.Equal(t, expectedUrl.Host, actualUrl.Host)
@@ -270,17 +270,63 @@ func Test_azureDownloader_downloadZipFromAzureDevOps(t *testing.T) {
 func Test_azureDownloader_latestCommitID(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		response := `{
-		  "count": 1,
-		  "value": [
-			{
-			  "objectId": "1a5630f017127db7de24d8771da0f536ff98fc9b",
-			  "gitObjectType": "tree",
-			  "commitId": "27104ad7549d9e66685e115a497533f18024be9c",
-			  "path": "/",
-			  "isFolder": true,
-			  "url": "https://dev.azure.com/simonmeng0474/4b546a97-c481-4506-bdd5-976e9592f91a/_apis/git/repositories/a22247ad-053f-43bc-88a7-62ff4846bb97/items?path=%2F&versionType=Branch&versionOptions=None"
-			}
-		  ]
+			"value": [
+				{
+					"name": "refs/heads/feature/calcApp",
+					"objectId": "ffe9cba521f00d7f60e322845072238635edb451",
+					"creator": {
+						"displayName": "Normal Paulk",
+						"url": "https://vssps.dev.azure.com/fabrikam/_apis/Identities/ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"_links": {
+							"avatar": {
+								"href": "https://dev.azure.com/fabrikam/_apis/GraphProfile/MemberAvatars/aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
+							}
+						},
+						"id": "ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"uniqueName": "dev@mailserver.com",
+						"imageUrl": "https://dev.azure.com/fabrikam/_api/_common/identityImage?id=ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"descriptor": "aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
+					},
+					"url": "https://dev.azure.com/fabrikam/7484f783-66a3-4f27-b7cd-6b08b0b077ed/_apis/git/repositories/d3d1760b-311c-4175-a726-20dfc6a7f885/refs?filter=heads%2Ffeature%2FcalcApp"
+				},
+				{
+					"name": "refs/heads/feature/replacer",
+					"objectId": "917131a709996c5cfe188c3b57e9a6ad90e8b85c",
+					"creator": {
+						"displayName": "Normal Paulk",
+						"url": "https://vssps.dev.azure.com/fabrikam/_apis/Identities/ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"_links": {
+							"avatar": {
+								"href": "https://dev.azure.com/fabrikam/_apis/GraphProfile/MemberAvatars/aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
+							}
+						},
+						"id": "ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"uniqueName": "dev@mailserver.com",
+						"imageUrl": "https://dev.azure.com/fabrikam/_api/_common/identityImage?id=ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"descriptor": "aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
+					},
+					"url": "https://dev.azure.com/fabrikam/7484f783-66a3-4f27-b7cd-6b08b0b077ed/_apis/git/repositories/d3d1760b-311c-4175-a726-20dfc6a7f885/refs?filter=heads%2Ffeature%2Freplacer"
+				},
+				{
+					"name": "refs/heads/master",
+					"objectId": "ffe9cba521f00d7f60e322845072238635edb451",
+					"creator": {
+						"displayName": "Normal Paulk",
+						"url": "https://vssps.dev.azure.com/fabrikam/_apis/Identities/ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"_links": {
+							"avatar": {
+								"href": "https://dev.azure.com/fabrikam/_apis/GraphProfile/MemberAvatars/aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
+							}
+						},
+						"id": "ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"uniqueName": "dev@mailserver.com",
+						"imageUrl": "https://dev.azure.com/fabrikam/_api/_common/identityImage?id=ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
+						"descriptor": "aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
+					},
+					"url": "https://dev.azure.com/fabrikam/7484f783-66a3-4f27-b7cd-6b08b0b077ed/_apis/git/repositories/d3d1760b-311c-4175-a726-20dfc6a7f885/refs?filter=heads%2Fmaster"
+				}
+			],
+			"count": 3
 		}`
 		w.Header().Set("Content-Type", "application/json")
 		w.Write([]byte(response))
@@ -301,11 +347,19 @@ func Test_azureDownloader_latestCommitID(t *testing.T) {
 		{
 			name: "should be able to parse response",
 			args: fetchOptions{
-				referenceName: "",
+				referenceName: "refs/heads/master",
 				repositoryUrl: "https://dev.azure.com/Organisation/Project/_git/Repository"},
-			want:    "27104ad7549d9e66685e115a497533f18024be9c",
+			want:    "ffe9cba521f00d7f60e322845072238635edb451",
 			wantErr: false,
 		},
+		{
+			name: "should be able to parse response",
+			args: fetchOptions{
+				referenceName: "refs/heads/unknown",
+				repositoryUrl: "https://dev.azure.com/Organisation/Project/_git/Repository"},
+			want:    "",
+			wantErr: true,
+		},
 	}

 	for _, tt := range tests {
--- a/api/git/git.go
+++ b/api/git/git.go
@@ -82,17 +82,8 @@ func (c gitClient) latestCommitID(ctx context.Context, opt fetchOptions) (string
 		return "", errors.Wrap(err, "failed to list repository refs")
 	}

-	referenceName := opt.referenceName
-	if referenceName == "" {
-		for _, ref := range refs {
-			if strings.EqualFold(ref.Name().String(), "HEAD") {
-				referenceName = ref.Target().String()
-			}
-		}
-	}
-
 	for _, ref := range refs {
-		if strings.EqualFold(ref.Name().String(), referenceName) {
+		if strings.EqualFold(ref.Name().String(), opt.referenceName) {
 			return ref.Hash().String(), nil
 		}
 	}
--- a/api/go.mod
+++ b/api/go.mod
@@ -32,8 +32,8 @@ require (
 	github.com/koding/websocketproxy v0.0.0-20181220232114-7ed82d81a28c
 	github.com/orcaman/concurrent-map v0.0.0-20190826125027-8c72a8bb44f6
 	github.com/pkg/errors v0.9.1
-	github.com/portainer/docker-compose-wrapper v0.0.0-20220531190153-c597b853e410
-	github.com/portainer/libcrypto v0.0.0-20210422035235-c652195c5c3a
+	github.com/portainer/docker-compose-wrapper v0.0.0-20220407011010-3c7408969ad3
+	github.com/portainer/libcrypto v0.0.0-20220506221303-1f4fb3b30f9a
 	github.com/portainer/libhelm v0.0.0-20210929000907-825e93d62108
 	github.com/portainer/libhttp v0.0.0-20211208103139-07a5f798eb3f
 	github.com/rkl-/digest v0.0.0-20180419075440-8316caa4a777
--- a/api/go.sum
+++ b/api/go.sum
@@ -807,12 +807,12 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/portainer/docker-compose-wrapper v0.0.0-20220526210722-e1574867298e h1:gW1Ooaj7RZ9YkwHxesnNEyOB5nUD71FlZ7cdb5h63vw=
-github.com/portainer/docker-compose-wrapper v0.0.0-20220526210722-e1574867298e/go.mod h1:WxDlJWZxCnicdLCPnLNEv7/gRhjeIVuCGmsv+iOPH3c=
-github.com/portainer/docker-compose-wrapper v0.0.0-20220531190153-c597b853e410 h1:LjxLd8UGR8ae73ov/vLrt/0jedj/nh98XnONkr8DJj8=
-github.com/portainer/docker-compose-wrapper v0.0.0-20220531190153-c597b853e410/go.mod h1:WxDlJWZxCnicdLCPnLNEv7/gRhjeIVuCGmsv+iOPH3c=
+github.com/portainer/docker-compose-wrapper v0.0.0-20220407011010-3c7408969ad3 h1:dg/uvltrR++AVDjjVkXKrinZ/T8YlaKeUAOAmQ1i+dk=
+github.com/portainer/docker-compose-wrapper v0.0.0-20220407011010-3c7408969ad3/go.mod h1:WxDlJWZxCnicdLCPnLNEv7/gRhjeIVuCGmsv+iOPH3c=
 github.com/portainer/libcrypto v0.0.0-20210422035235-c652195c5c3a h1:qY8TbocN75n5PDl16o0uVr5MevtM5IhdwSelXEd4nFM=
 github.com/portainer/libcrypto v0.0.0-20210422035235-c652195c5c3a/go.mod h1:n54EEIq+MM0NNtqLeCby8ljL+l275VpolXO0ibHegLE=
+github.com/portainer/libcrypto v0.0.0-20220506221303-1f4fb3b30f9a h1:B0z3skIMT+OwVNJPQhKp52X+9OWW6A9n5UWig3lHBJk=
+github.com/portainer/libcrypto v0.0.0-20220506221303-1f4fb3b30f9a/go.mod h1:n54EEIq+MM0NNtqLeCby8ljL+l275VpolXO0ibHegLE=
 github.com/portainer/libhelm v0.0.0-20210929000907-825e93d62108 h1:5e8KAnDa2G3cEHK7aV/ue8lOaoQwBZUzoALslwWkR04=
 github.com/portainer/libhelm v0.0.0-20210929000907-825e93d62108/go.mod h1:YvYAk7krKTzB+rFwDr0jQ3sQu2BtiXK1AR0sZH7nhJA=
 github.com/portainer/libhttp v0.0.0-20211208103139-07a5f798eb3f h1:GMIjRVV2LADpJprPG2+8MdRH6XvrFgC7wHm7dFUdOpc=
--- a/api/http/errors/errors.go
+++ b/api/http/errors/errors.go
@@ -9,6 +9,4 @@ var (
 	ErrUnauthorized = errors.New("Unauthorized")
 	// ErrResourceAccessDenied Access denied to resource error
 	ErrResourceAccessDenied = errors.New("Access denied to resource")
-	// ErrNotAvailableInDemo feature is not allowed in demo
-	ErrNotAvailableInDemo = errors.New("This feature is not available in the demo version of Portainer")
 )
--- a/api/http/handler/auth/authenticate.go
+++ b/api/http/handler/auth/authenticate.go
@@ -13,6 +13,7 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	httperrors "github.com/portainer/portainer/api/http/errors"
 	"github.com/portainer/portainer/api/internal/authorization"
+	"github.com/portainer/portainer/api/internal/passwordutils"
 )

 type authenticatePayload struct {
@@ -100,7 +101,7 @@ func (handler *Handler) authenticateInternal(w http.ResponseWriter, user *portai
 		return &httperror.HandlerError{http.StatusUnprocessableEntity, "Invalid credentials", httperrors.ErrUnauthorized}
 	}

-	forceChangePassword := !handler.passwordStrengthChecker.Check(password)
+	forceChangePassword := !passwordutils.StrengthCheck(password)
 	return handler.writeToken(w, user, forceChangePassword)
 }

--- a/api/http/handler/auth/handler.go
+++ b/api/http/handler/auth/handler.go
@@ -22,14 +22,12 @@ type Handler struct {
 	OAuthService                portainer.OAuthService
 	ProxyManager                *proxy.Manager
 	KubernetesTokenCacheManager *kubernetes.TokenCacheManager
-	passwordStrengthChecker     security.PasswordStrengthChecker
 }

 // NewHandler creates a handler to manage authentication operations.
-func NewHandler(bouncer *security.RequestBouncer, rateLimiter *security.RateLimiter, passwordStrengthChecker security.PasswordStrengthChecker) *Handler {
+func NewHandler(bouncer *security.RequestBouncer, rateLimiter *security.RateLimiter) *Handler {
 	h := &Handler{
-		Router:                  mux.NewRouter(),
-		passwordStrengthChecker: passwordStrengthChecker,
+		Router: mux.NewRouter(),
 	}

 	h.Handle("/auth/oauth/validate",
--- a/api/http/handler/backup/backup_test.go
+++ b/api/http/handler/backup/backup_test.go
@@ -18,7 +18,6 @@ import (
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/portainer/portainer/api/adminmonitor"
 	"github.com/portainer/portainer/api/crypto"
-	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/offlinegate"
 	i "github.com/portainer/portainer/api/internal/testhelpers"
 	"github.com/stretchr/testify/assert"
@@ -50,7 +49,7 @@ func Test_backupHandlerWithoutPassword_shouldCreateATarballArchive(t *testing.T)
 	gate := offlinegate.NewOfflineGate()
 	adminMonitor := adminmonitor.New(time.Hour, nil, context.Background())

-	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor, &demo.Service{}).backup(w, r)
+	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor).backup(w, r)
 	assert.Nil(t, handlerErr, "Handler should not fail")

 	response := w.Result()
@@ -87,7 +86,7 @@ func Test_backupHandlerWithPassword_shouldCreateEncryptedATarballArchive(t *test
 	gate := offlinegate.NewOfflineGate()
 	adminMonitor := adminmonitor.New(time.Hour, nil, nil)

-	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor, &demo.Service{}).backup(w, r)
+	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor).backup(w, r)
 	assert.Nil(t, handlerErr, "Handler should not fail")

 	response := w.Result()
--- a/api/http/handler/backup/handler.go
+++ b/api/http/handler/backup/handler.go
@@ -9,8 +9,6 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/adminmonitor"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/demo"
-	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/offlinegate"
 	"github.com/portainer/portainer/api/http/security"
 )
@@ -27,17 +25,7 @@ type Handler struct {
 }

 // NewHandler creates an new instance of backup handler
-func NewHandler(
-	bouncer *security.RequestBouncer,
-	dataStore dataservices.DataStore,
-	gate *offlinegate.OfflineGate,
-	filestorePath string,
-	shutdownTrigger context.CancelFunc,
-	adminMonitor *adminmonitor.Monitor,
-	demoService *demo.Service,
-
-) *Handler {
-
+func NewHandler(bouncer *security.RequestBouncer, dataStore dataservices.DataStore, gate *offlinegate.OfflineGate, filestorePath string, shutdownTrigger context.CancelFunc, adminMonitor *adminmonitor.Monitor) *Handler {
 	h := &Handler{
 		Router:          mux.NewRouter(),
 		bouncer:         bouncer,
@@ -48,11 +36,8 @@ func NewHandler(
 		adminMonitor:    adminMonitor,
 	}

-	demoRestrictedRouter := h.NewRoute().Subrouter()
-	demoRestrictedRouter.Use(middlewares.RestrictDemoEnv(demoService.IsDemo))
-
-	demoRestrictedRouter.Handle("/backup", bouncer.RestrictedAccess(adminAccess(httperror.LoggerHandler(h.backup)))).Methods(http.MethodPost)
-	demoRestrictedRouter.Handle("/restore", bouncer.PublicAccess(httperror.LoggerHandler(h.restore))).Methods(http.MethodPost)
+	h.Handle("/backup", bouncer.RestrictedAccess(adminAccess(httperror.LoggerHandler(h.backup)))).Methods(http.MethodPost)
+	h.Handle("/restore", bouncer.PublicAccess(httperror.LoggerHandler(h.restore))).Methods(http.MethodPost)

 	return h
 }
@@ -65,7 +50,7 @@ func adminAccess(next http.Handler) http.Handler {
 		}

 		if !securityContext.IsAdmin {
-			httperror.WriteError(w, http.StatusUnauthorized, "User is not authorized to perform the action", nil)
+			httperror.WriteError(w, http.StatusUnauthorized, "User is not authorized to perfom the action", nil)
 		}

 		next.ServeHTTP(w, r)
--- a/api/http/handler/backup/restore_test.go
+++ b/api/http/handler/backup/restore_test.go
@@ -14,7 +14,6 @@ import (

 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/adminmonitor"
-	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/offlinegate"
 	i "github.com/portainer/portainer/api/internal/testhelpers"
 	"github.com/stretchr/testify/assert"
@@ -52,7 +51,7 @@ func Test_restoreArchive_usingCombinationOfPasswords(t *testing.T) {
 			datastore := i.NewDatastore(i.WithUsers([]portainer.User{}), i.WithEdgeJobs([]portainer.EdgeJob{}))
 			adminMonitor := adminmonitor.New(time.Hour, datastore, context.Background())

-			h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor, &demo.Service{})
+			h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor)

 			//backup
 			archive := backup(t, h, test.backupPassword)
@@ -75,7 +74,7 @@ func Test_restoreArchive_shouldFailIfSystemWasAlreadyInitialized(t *testing.T) {
 	datastore := i.NewDatastore(i.WithUsers([]portainer.User{admin}), i.WithEdgeJobs([]portainer.EdgeJob{}))
 	adminMonitor := adminmonitor.New(time.Hour, datastore, context.Background())

-	h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor, &demo.Service{})
+	h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor)

 	//backup
 	archive := backup(t, h, "password")
--- a/api/http/handler/customtemplates/customtemplate_create.go
+++ b/api/http/handler/customtemplates/customtemplate_create.go
@@ -1,7 +1,6 @@
 package customtemplates

 import (
-	"encoding/json"
 	"errors"
 	"log"
 	"net/http"
@@ -116,8 +115,6 @@ type customTemplateFromFileContentPayload struct {
 	Type portainer.StackType `example:"1" enums:"1,2,3" validate:"required"`
 	// Content of stack file
 	FileContent string `validate:"required"`
-	// Definitions of variables in the stack file
-	Variables []portainer.CustomTemplateVariableDefinition
 }

 func (payload *customTemplateFromFileContentPayload) Validate(r *http.Request) error {
@@ -139,12 +136,6 @@ func (payload *customTemplateFromFileContentPayload) Validate(r *http.Request) e
 	if !isValidNote(payload.Note) {
 		return errors.New("Invalid note. <img> tag is not supported")
 	}
-
-	err := validateVariablesDefinitions(payload.Variables)
-	if err != nil {
-		return err
-	}
-
 	return nil
 }

@@ -173,7 +164,6 @@ func (handler *Handler) createCustomTemplateFromFileContent(r *http.Request) (*p
 		Platform:    (payload.Platform),
 		Type:        (payload.Type),
 		Logo:        payload.Logo,
-		Variables:   payload.Variables,
 	}

 	templateFolder := strconv.Itoa(customTemplateID)
@@ -214,8 +204,6 @@ type customTemplateFromGitRepositoryPayload struct {
 	RepositoryPassword string `example:"myGitPassword"`
 	// Path to the Stack file inside the Git repository
 	ComposeFilePathInRepository string `example:"docker-compose.yml" default:"docker-compose.yml"`
-	// Definitions of variables in the stack file
-	Variables []portainer.CustomTemplateVariableDefinition
 }

 func (payload *customTemplateFromGitRepositoryPayload) Validate(r *http.Request) error {
@@ -248,12 +236,6 @@ func (payload *customTemplateFromGitRepositoryPayload) Validate(r *http.Request)
 	if !isValidNote(payload.Note) {
 		return errors.New("Invalid note. <img> tag is not supported")
 	}
-
-	err := validateVariablesDefinitions(payload.Variables)
-	if err != nil {
-		return err
-	}
-
 	return nil
 }

@@ -274,7 +256,6 @@ func (handler *Handler) createCustomTemplateFromGitRepository(r *http.Request) (
 		Platform:    payload.Platform,
 		Type:        payload.Type,
 		Logo:        payload.Logo,
-		Variables:   payload.Variables,
 	}

 	projectPath := handler.FileService.GetCustomTemplateProjectPath(strconv.Itoa(customTemplateID))
@@ -335,8 +316,6 @@ type customTemplateFromFileUploadPayload struct {
 	Platform    portainer.CustomTemplatePlatform
 	Type        portainer.StackType
 	FileContent []byte
-	// Definitions of variables in the stack file
-	Variables []portainer.CustomTemplateVariableDefinition
 }

 func (payload *customTemplateFromFileUploadPayload) Validate(r *http.Request) error {
@@ -382,17 +361,6 @@ func (payload *customTemplateFromFileUploadPayload) Validate(r *http.Request) er
 	}
 	payload.FileContent = composeFileContent

-	varsString, _ := request.RetrieveMultiPartFormValue(r, "Variables", true)
-	err = json.Unmarshal([]byte(varsString), &payload.Variables)
-	if err != nil {
-		return errors.New("Invalid variables. Ensure that the variables are valid JSON")
-	}
-
-	err = validateVariablesDefinitions(payload.Variables)
-	if err != nil {
-		return err
-	}
-
 	return nil
 }

@@ -413,7 +381,6 @@ func (handler *Handler) createCustomTemplateFromFileUpload(r *http.Request) (*po
 		Type:        payload.Type,
 		Logo:        payload.Logo,
 		EntryPoint:  filesystem.ComposeFileDefaultName,
-		Variables:   payload.Variables,
 	}

 	templateFolder := strconv.Itoa(customTemplateID)
--- a/api/http/handler/customtemplates/customtemplate_update.go
+++ b/api/http/handler/customtemplates/customtemplate_update.go
@@ -31,8 +31,6 @@ type customTemplateUpdatePayload struct {
 	Type portainer.StackType `example:"1" enums:"1,2,3" validate:"required"`
 	// Content of stack file
 	FileContent string `validate:"required"`
-	// Definitions of variables in the stack file
-	Variables []portainer.CustomTemplateVariableDefinition
 }

 func (payload *customTemplateUpdatePayload) Validate(r *http.Request) error {
@@ -54,12 +52,6 @@ func (payload *customTemplateUpdatePayload) Validate(r *http.Request) error {
 	if !isValidNote(payload.Note) {
 		return errors.New("Invalid note. <img> tag is not supported")
 	}
-
-	err := validateVariablesDefinitions(payload.Variables)
-	if err != nil {
-		return err
-	}
-
 	return nil
 }

@@ -132,7 +124,6 @@ func (handler *Handler) customTemplateUpdate(w http.ResponseWriter, r *http.Requ
 	customTemplate.Note = payload.Note
 	customTemplate.Platform = payload.Platform
 	customTemplate.Type = payload.Type
-	customTemplate.Variables = payload.Variables

 	err = handler.DataStore.CustomTemplate().UpdateCustomTemplate(customTemplate.ID, customTemplate)
 	if err != nil {
--- a/api/http/handler/customtemplates/utils.go
+++ b/api/http/handler/customtemplates/utils.go
@@ -1,19 +0,0 @@
-package customtemplates
-
-import (
-	"errors"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-func validateVariablesDefinitions(variables []portainer.CustomTemplateVariableDefinition) error {
-	for _, variable := range variables {
-		if variable.Name == "" {
-			return errors.New("variable name is required")
-		}
-		if variable.Label == "" {
-			return errors.New("variable label is required")
-		}
-	}
-	return nil
-}
--- a/api/http/handler/edgegroups/edgegroup_update.go
+++ b/api/http/handler/edgegroups/edgegroup_update.go
@@ -164,7 +164,9 @@ func (handler *Handler) updateEndpoint(endpointID portainer.EndpointID) error {
 		edgeStackSet[edgeStackID] = true
 	}

-	relation.EdgeStacks = edgeStackSet
+	for edgeStackID := range edgeStackSet {
+		relation.EdgeStacks[edgeStackID] = portainer.EdgeStackStatus{}
+	}

 	return handler.DataStore.EndpointRelation().UpdateEndpointRelation(endpoint.ID, relation)
 }
--- a/api/http/handler/edgestacks/edgestack_create.go
+++ b/api/http/handler/edgestacks/edgestack_create.go
@@ -105,7 +105,6 @@ func (handler *Handler) createSwarmStackFromFileContent(r *http.Request) (*porta
 		DeploymentType: payload.DeploymentType,
 		CreationDate:   time.Now().Unix(),
 		EdgeGroups:     payload.EdgeGroups,
-		Status:         make(map[portainer.EndpointID]portainer.EdgeStackStatus),
 		Version:        1,
 	}

@@ -228,7 +227,6 @@ func (handler *Handler) createSwarmStackFromGitRepository(r *http.Request) (*por
 		Name:           payload.Name,
 		CreationDate:   time.Now().Unix(),
 		EdgeGroups:     payload.EdgeGroups,
-		Status:         make(map[portainer.EndpointID]portainer.EdgeStackStatus),
 		DeploymentType: payload.DeploymentType,
 		Version:        1,
 	}
@@ -337,7 +335,6 @@ func (handler *Handler) createSwarmStackFromFileUpload(r *http.Request) (*portai
 		DeploymentType: payload.DeploymentType,
 		CreationDate:   time.Now().Unix(),
 		EdgeGroups:     payload.EdgeGroups,
-		Status:         make(map[portainer.EndpointID]portainer.EdgeStackStatus),
 		Version:        1,
 	}

@@ -411,7 +408,7 @@ func updateEndpointRelations(endpointRelationService dataservices.EndpointRelati
 			return fmt.Errorf("unable to find endpoint relation in database: %w", err)
 		}

-		relation.EdgeStacks[edgeStackID] = true
+		relation.EdgeStacks[edgeStackID] = portainer.EdgeStackStatus{}

 		err = endpointRelationService.UpdateEndpointRelation(endpointID, relation)
 		if err != nil {
--- a/api/http/handler/edgestacks/edgestack_create_test.go
+++ b/api/http/handler/edgestacks/edgestack_create_test.go
@@ -1,21 +1,14 @@
 package edgestacks

-import (
-	"testing"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/internal/testhelpers"
-	"github.com/stretchr/testify/assert"
-)
-
+/*
 func Test_updateEndpointRelation_successfulRuns(t *testing.T) {
 	edgeStackID := portainer.EdgeStackID(5)
 	endpointRelations := []portainer.EndpointRelation{
-		{EndpointID: 1, EdgeStacks: map[portainer.EdgeStackID]bool{}},
-		{EndpointID: 2, EdgeStacks: map[portainer.EdgeStackID]bool{}},
-		{EndpointID: 3, EdgeStacks: map[portainer.EdgeStackID]bool{}},
-		{EndpointID: 4, EdgeStacks: map[portainer.EdgeStackID]bool{}},
-		{EndpointID: 5, EdgeStacks: map[portainer.EdgeStackID]bool{}},
+		{EndpointID: 1, EdgeStacks: map[portainer.EdgeStackID]portainer.EdgeStackStatus{}},
+		{EndpointID: 2, EdgeStacks: map[portainer.EdgeStackID]portainer.EdgeStackStatus{}},
+		{EndpointID: 3, EdgeStacks: map[portainer.EdgeStackID]portainer.EdgeStackStatus{}},
+		{EndpointID: 4, EdgeStacks: map[portainer.EdgeStackID]portainer.EdgeStackStatus{}},
+		{EndpointID: 5, EdgeStacks: map[portainer.EdgeStackID]portainer.EdgeStackStatus{}},
 	}

 	relatedIds := []portainer.EndpointID{2, 3}
@@ -36,3 +29,4 @@ func Test_updateEndpointRelation_successfulRuns(t *testing.T) {
 		assert.Equal(t, shouldBeRelated, relation.EdgeStacks[edgeStackID])
 	}
 }
+*/
--- a/api/http/handler/edgestacks/edgestack_list.go
+++ b/api/http/handler/edgestacks/edgestack_list.go
@@ -5,6 +5,7 @@ import (

 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/response"
+	portainer "github.com/portainer/portainer/api"
 )

 // @id EdgeStackList
@@ -25,5 +26,35 @@ func (handler *Handler) edgeStackList(w http.ResponseWriter, r *http.Request) *h
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve edge stacks from the database", err}
 	}

-	return response.JSON(w, edgeStacks)
+	endpointRels, err := handler.DataStore.EndpointRelation().EndpointRelations()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve endpoint relations from the database", err}
+	}
+
+	m := make(map[portainer.EdgeStackID]map[portainer.EndpointID]portainer.EdgeStackStatus)
+
+	for _, r := range endpointRels {
+		for edgeStackID, status := range r.EdgeStacks {
+			if m[edgeStackID] == nil {
+				m[edgeStackID] = make(map[portainer.EndpointID]portainer.EdgeStackStatus)
+			}
+
+			m[edgeStackID][r.EndpointID] = status
+		}
+	}
+
+	type EdgeStackWithStatus struct {
+		portainer.EdgeStack
+		Status map[portainer.EndpointID]portainer.EdgeStackStatus
+	}
+
+	var edgeStacksWS []EdgeStackWithStatus
+	for _, s := range edgeStacks {
+		edgeStacksWS = append(edgeStacksWS, EdgeStackWithStatus{
+			EdgeStack: s,
+			Status:    m[s.ID],
+		})
+	}
+
+	return response.JSON(w, edgeStacksWS)
 }
--- a/api/http/handler/edgestacks/edgestack_status_delete.go
+++ b/api/http/handler/edgestacks/edgestack_status_delete.go
@@ -53,12 +53,5 @@ func (handler *Handler) edgeStackStatusDelete(w http.ResponseWriter, r *http.Req
 		return handler.handlerDBErr(err, "Unable to find a stack with the specified identifier inside the database")
 	}

-	delete(stack.Status, endpoint.ID)
-
-	err = handler.DataStore.EdgeStack().UpdateEdgeStack(stack.ID, stack)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the stack changes inside the database", err}
-	}
-
 	return response.JSON(w, stack)
 }
--- a/api/http/handler/edgestacks/edgestack_status_update.go
+++ b/api/http/handler/edgestacks/edgestack_status_update.go
@@ -49,13 +49,6 @@ func (handler *Handler) edgeStackStatusUpdate(w http.ResponseWriter, r *http.Req
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid stack identifier route variable", err}
 	}

-	stack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(stackID))
-	if handler.DataStore.IsErrObjectNotFound(err) {
-		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a stack with the specified identifier inside the database", err}
-	} else if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a stack with the specified identifier inside the database", err}
-	}
-
 	var payload updateStatusPayload
 	err = request.DecodeAndValidateJSONPayload(r, &payload)
 	if err != nil {
@@ -74,17 +67,28 @@ func (handler *Handler) edgeStackStatusUpdate(w http.ResponseWriter, r *http.Req
 		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to access environment", err}
 	}

-	stack.Status[*payload.EndpointID] = portainer.EdgeStackStatus{
-		Type:       *payload.Status,
-		Error:      payload.Error,
-		EndpointID: *payload.EndpointID,
+	endpointRelation, err := handler.DataStore.EndpointRelation().EndpointRelation(endpoint.ID)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find the environment relations", err}
 	}

-	err = handler.DataStore.EdgeStack().UpdateEdgeStack(stack.ID, stack)
+	endpointRelation.EdgeStacks[portainer.EdgeStackID(stackID)] = portainer.EdgeStackStatus{
+		Type:  *payload.Status,
+		Error: payload.Error,
+	}
+
+	err = handler.DataStore.EndpointRelation().UpdateEndpointRelation(endpoint.ID, endpointRelation)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the stack changes inside the database", err}
 	}

+	stack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(stackID))
+	if handler.DataStore.IsErrObjectNotFound(err) {
+		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a stack with the specified identifier inside the database", err}
+	} else if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a stack with the specified identifier inside the database", err}
+	}
+
 	return response.JSON(w, stack)

 }
--- a/api/http/handler/edgestacks/edgestack_test.go
+++ b/api/http/handler/edgestacks/edgestack_test.go
@@ -1,924 +0,0 @@
-package edgestacks
-
-import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"reflect"
-	"strconv"
-	"testing"
-	"time"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/apikey"
-	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/datastore"
-	"github.com/portainer/portainer/api/filesystem"
-	"github.com/portainer/portainer/api/http/security"
-	"github.com/portainer/portainer/api/jwt"
-)
-
-type gitService struct {
-	cloneErr error
-	id       string
-}
-
-func (g *gitService) CloneRepository(destination, repositoryURL, referenceName, username, password string) error {
-	return g.cloneErr
-}
-
-func (g *gitService) LatestCommitID(repositoryURL, referenceName, username, password string) (string, error) {
-	return g.id, nil
-}
-
-// Helpers
-func setupHandler(t *testing.T) (*Handler, string, func()) {
-	t.Helper()
-
-	_, store, storeTeardown := datastore.MustNewTestStore(true, true)
-
-	jwtService, err := jwt.NewService("1h", store)
-	if err != nil {
-		storeTeardown()
-		t.Fatal(err)
-	}
-
-	user := &portainer.User{ID: 2, Username: "admin", Role: portainer.AdministratorRole}
-	err = store.User().Create(user)
-	if err != nil {
-		storeTeardown()
-		t.Fatal(err)
-	}
-
-	apiKeyService := apikey.NewAPIKeyService(store.APIKeyRepository(), store.User())
-	rawAPIKey, _, err := apiKeyService.GenerateApiKey(*user, "test")
-	if err != nil {
-		storeTeardown()
-		t.Fatal(err)
-	}
-
-	handler := NewHandler(
-		security.NewRequestBouncer(store, jwtService, apiKeyService),
-		store,
-	)
-
-	tmpDir, err := os.MkdirTemp(os.TempDir(), "portainer-test")
-	if err != nil {
-		storeTeardown()
-		t.Fatal(err)
-	}
-
-	fs, err := filesystem.NewService(tmpDir, "")
-	if err != nil {
-		storeTeardown()
-		t.Fatal(err)
-	}
-	handler.FileService = fs
-
-	settings, err := handler.DataStore.Settings().Settings()
-	if err != nil {
-		t.Fatal(err)
-	}
-	settings.EnableEdgeComputeFeatures = true
-
-	err = handler.DataStore.Settings().UpdateSettings(settings)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	handler.GitService = &gitService{errors.New("Clone error"), "git-service-id"}
-
-	return handler, rawAPIKey, storeTeardown
-}
-
-func createEndpoint(t *testing.T, store dataservices.DataStore) portainer.Endpoint {
-	t.Helper()
-
-	endpointID := portainer.EndpointID(5)
-	endpoint := portainer.Endpoint{
-		ID:              endpointID,
-		Name:            "test-endpoint-" + strconv.Itoa(int(endpointID)),
-		Type:            portainer.EdgeAgentOnDockerEnvironment,
-		URL:             "https://portainer.io:9443",
-		EdgeID:          "edge-id",
-		LastCheckInDate: time.Now().Unix(),
-	}
-
-	err := store.Endpoint().Create(&endpoint)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	return endpoint
-}
-
-func createEdgeStack(t *testing.T, store dataservices.DataStore, endpointID portainer.EndpointID) portainer.EdgeStack {
-	t.Helper()
-
-	edgeGroup := portainer.EdgeGroup{
-		ID:           1,
-		Name:         "EdgeGroup 1",
-		Dynamic:      false,
-		TagIDs:       nil,
-		Endpoints:    []portainer.EndpointID{endpointID},
-		PartialMatch: false,
-	}
-
-	err := store.EdgeGroup().Create(&edgeGroup)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	edgeStackID := portainer.EdgeStackID(14)
-	edgeStack := portainer.EdgeStack{
-		ID:   edgeStackID,
-		Name: "test-edge-stack-" + strconv.Itoa(int(edgeStackID)),
-		Status: map[portainer.EndpointID]portainer.EdgeStackStatus{
-			endpointID: {Type: portainer.StatusOk, Error: "", EndpointID: endpointID},
-		},
-		CreationDate:   time.Now().Unix(),
-		EdgeGroups:     []portainer.EdgeGroupID{edgeGroup.ID},
-		ProjectPath:    "/project/path",
-		EntryPoint:     "entrypoint",
-		Version:        237,
-		ManifestPath:   "/manifest/path",
-		DeploymentType: portainer.EdgeStackDeploymentKubernetes,
-	}
-
-	endpointRelation := portainer.EndpointRelation{
-		EndpointID: endpointID,
-		EdgeStacks: map[portainer.EdgeStackID]bool{
-			edgeStack.ID: true,
-		},
-	}
-
-	err = store.EdgeStack().Create(edgeStack.ID, &edgeStack)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = store.EndpointRelation().Create(&endpointRelation)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	return edgeStack
-}
-
-// Inspect
-func TestInspectInvalidEdgeID(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	cases := []struct {
-		Name               string
-		EdgeStackID        string
-		ExpectedStatusCode int
-	}{
-		{"Invalid EdgeStackID", "x", 400},
-		{"Non-existing EdgeStackID", "5", 404},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.Name, func(t *testing.T) {
-			req, err := http.NewRequest(http.MethodGet, "/edge_stacks/"+tc.EdgeStackID, nil)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			req.Header.Add("x-api-key", rawAPIKey)
-			rec := httptest.NewRecorder()
-			handler.ServeHTTP(rec, req)
-
-			if rec.Code != tc.ExpectedStatusCode {
-				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
-			}
-		})
-	}
-}
-
-// Create
-func TestCreateAndInspect(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	// Create Endpoint, EdgeGroup and EndpointRelation
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeGroup := portainer.EdgeGroup{
-		ID:           1,
-		Name:         "EdgeGroup 1",
-		Dynamic:      false,
-		TagIDs:       nil,
-		Endpoints:    []portainer.EndpointID{endpoint.ID},
-		PartialMatch: false,
-	}
-
-	err := handler.DataStore.EdgeGroup().Create(&edgeGroup)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	endpointRelation := portainer.EndpointRelation{
-		EndpointID: endpoint.ID,
-		EdgeStacks: map[portainer.EdgeStackID]bool{},
-	}
-
-	err = handler.DataStore.EndpointRelation().Create(&endpointRelation)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	payload := swarmStackFromFileContentPayload{
-		Name:             "Test Stack",
-		StackFileContent: "stack content",
-		EdgeGroups:       []portainer.EdgeGroupID{1},
-		DeploymentType:   portainer.EdgeStackDeploymentCompose,
-	}
-
-	jsonPayload, err := json.Marshal(payload)
-	if err != nil {
-		t.Fatal("JSON marshal error:", err)
-	}
-	r := bytes.NewBuffer(jsonPayload)
-
-	// Create EdgeStack
-	req, err := http.NewRequest(http.MethodPost, "/edge_stacks?method=string", r)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	data := portainer.EdgeStack{}
-	err = json.NewDecoder(rec.Body).Decode(&data)
-	if err != nil {
-		t.Fatal("error decoding response:", err)
-	}
-
-	// Inspect
-	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", data.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec = httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	data = portainer.EdgeStack{}
-	err = json.NewDecoder(rec.Body).Decode(&data)
-	if err != nil {
-		t.Fatal("error decoding response:", err)
-	}
-
-	if payload.Name != data.Name {
-		t.Fatalf(fmt.Sprintf("expected EdgeStack Name %s, found %s", payload.Name, data.Name))
-	}
-}
-
-func TestCreateWithInvalidPayload(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	cases := []struct {
-		Name               string
-		Payload            interface{}
-		QueryString        string
-		ExpectedStatusCode int
-	}{
-		{
-			Name:               "Invalid query string parameter",
-			Payload:            swarmStackFromFileContentPayload{},
-			QueryString:        "invalid=query-string",
-			ExpectedStatusCode: 400,
-		},
-		{
-			Name:               "Invalid creation method",
-			Payload:            swarmStackFromFileContentPayload{},
-			QueryString:        "method=invalid-creation-method",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name:               "Empty swarmStackFromFileContentPayload with string method",
-			Payload:            swarmStackFromFileContentPayload{},
-			QueryString:        "method=string",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name:               "Empty swarmStackFromFileContentPayload with repository method",
-			Payload:            swarmStackFromFileContentPayload{},
-			QueryString:        "method=repository",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name:               "Empty swarmStackFromFileContentPayload with file method",
-			Payload:            swarmStackFromFileContentPayload{},
-			QueryString:        "method=file",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name: "Duplicated EdgeStack Name",
-			Payload: swarmStackFromFileContentPayload{
-				Name:             edgeStack.Name,
-				StackFileContent: "content",
-				EdgeGroups:       edgeStack.EdgeGroups,
-				DeploymentType:   edgeStack.DeploymentType,
-			},
-			QueryString:        "method=string",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name: "Empty EdgeStack Groups",
-			Payload: swarmStackFromFileContentPayload{
-				Name:             edgeStack.Name,
-				StackFileContent: "content",
-				EdgeGroups:       []portainer.EdgeGroupID{},
-				DeploymentType:   edgeStack.DeploymentType,
-			},
-			QueryString:        "method=string",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name: "EdgeStackDeploymentKubernetes with Docker endpoint",
-			Payload: swarmStackFromFileContentPayload{
-				Name:             "Stack name",
-				StackFileContent: "content",
-				EdgeGroups:       []portainer.EdgeGroupID{1},
-				DeploymentType:   portainer.EdgeStackDeploymentKubernetes,
-			},
-			QueryString:        "method=string",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name: "Empty Stack File Content",
-			Payload: swarmStackFromFileContentPayload{
-				Name:             "Stack name",
-				StackFileContent: "",
-				EdgeGroups:       []portainer.EdgeGroupID{1},
-				DeploymentType:   portainer.EdgeStackDeploymentCompose,
-			},
-			QueryString:        "method=string",
-			ExpectedStatusCode: 500,
-		},
-		{
-			Name: "Clone Git respository error",
-			Payload: swarmStackFromGitRepositoryPayload{
-				Name:                     "Stack name",
-				RepositoryURL:            "github.com/portainer/portainer",
-				RepositoryReferenceName:  "ref name",
-				RepositoryAuthentication: false,
-				RepositoryUsername:       "",
-				RepositoryPassword:       "",
-				FilePathInRepository:     "/file/path",
-				EdgeGroups:               []portainer.EdgeGroupID{1},
-				DeploymentType:           portainer.EdgeStackDeploymentCompose,
-			},
-			QueryString:        "method=repository",
-			ExpectedStatusCode: 500,
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.Name, func(t *testing.T) {
-			jsonPayload, err := json.Marshal(tc.Payload)
-			if err != nil {
-				t.Fatal("JSON marshal error:", err)
-			}
-			r := bytes.NewBuffer(jsonPayload)
-
-			// Create EdgeStack
-			req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("/edge_stacks?%s", tc.QueryString), r)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			req.Header.Add("x-api-key", rawAPIKey)
-			rec := httptest.NewRecorder()
-			handler.ServeHTTP(rec, req)
-
-			if rec.Code != tc.ExpectedStatusCode {
-				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
-			}
-		})
-	}
-}
-
-// Delete
-func TestDeleteAndInspect(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	// Create
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	// Inspect
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	data := portainer.EdgeStack{}
-	err = json.NewDecoder(rec.Body).Decode(&data)
-	if err != nil {
-		t.Fatal("error decoding response:", err)
-	}
-
-	if data.ID != edgeStack.ID {
-		t.Fatalf(fmt.Sprintf("expected EdgeStackID %d, found %d", int(edgeStack.ID), data.ID))
-	}
-
-	// Delete
-	req, err = http.NewRequest(http.MethodDelete, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec = httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusNoContent {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusNoContent, rec.Code))
-	}
-
-	// Inspect
-	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec = httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusNotFound {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusNotFound, rec.Code))
-	}
-}
-
-func TestDeleteInvalidEdgeStack(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	cases := []struct {
-		Name               string
-		URL                string
-		ExpectedStatusCode int
-	}{
-		{Name: "Non-existing EdgeStackID", URL: "/edge_stacks/-1", ExpectedStatusCode: http.StatusNotFound},
-		{Name: "Invalid EdgeStackID", URL: "/edge_stacks/aaaaaaa", ExpectedStatusCode: http.StatusBadRequest},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.Name, func(t *testing.T) {
-			req, err := http.NewRequest(http.MethodDelete, tc.URL, nil)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			req.Header.Add("x-api-key", rawAPIKey)
-			rec := httptest.NewRecorder()
-			handler.ServeHTTP(rec, req)
-
-			if rec.Code != tc.ExpectedStatusCode {
-				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
-			}
-		})
-	}
-}
-
-// Update
-func TestUpdateAndInspect(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	// Update edge stack: create new Endpoint, EndpointRelation and EdgeGroup
-	endpointID := portainer.EndpointID(6)
-	newEndpoint := portainer.Endpoint{
-		ID:              endpointID,
-		Name:            "test-endpoint-" + strconv.Itoa(int(endpointID)),
-		Type:            portainer.EdgeAgentOnDockerEnvironment,
-		URL:             "https://portainer.io:9443",
-		EdgeID:          "edge-id",
-		LastCheckInDate: time.Now().Unix(),
-	}
-
-	err := handler.DataStore.Endpoint().Create(&newEndpoint)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	endpointRelation := portainer.EndpointRelation{
-		EndpointID: endpointID,
-		EdgeStacks: map[portainer.EdgeStackID]bool{
-			edgeStack.ID: true,
-		},
-	}
-
-	err = handler.DataStore.EndpointRelation().Create(&endpointRelation)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	newEdgeGroup := portainer.EdgeGroup{
-		ID:           2,
-		Name:         "EdgeGroup 2",
-		Dynamic:      false,
-		TagIDs:       nil,
-		Endpoints:    []portainer.EndpointID{newEndpoint.ID},
-		PartialMatch: false,
-	}
-
-	err = handler.DataStore.EdgeGroup().Create(&newEdgeGroup)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	newVersion := 238
-	payload := updateEdgeStackPayload{
-		StackFileContent: "update-test",
-		Version:          &newVersion,
-		EdgeGroups:       append(edgeStack.EdgeGroups, newEdgeGroup.ID),
-		DeploymentType:   portainer.EdgeStackDeploymentCompose,
-	}
-
-	jsonPayload, err := json.Marshal(payload)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	r := bytes.NewBuffer(jsonPayload)
-	req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), r)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	// Get updated edge stack
-	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec = httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	data := portainer.EdgeStack{}
-	err = json.NewDecoder(rec.Body).Decode(&data)
-	if err != nil {
-		t.Fatal("error decoding response:", err)
-	}
-
-	if data.Version != *payload.Version {
-		t.Fatalf(fmt.Sprintf("expected EdgeStackID %d, found %d", edgeStack.Version, data.Version))
-	}
-
-	if data.DeploymentType != payload.DeploymentType {
-		t.Fatalf(fmt.Sprintf("expected DeploymentType %d, found %d", edgeStack.DeploymentType, data.DeploymentType))
-	}
-
-	if !reflect.DeepEqual(data.EdgeGroups, payload.EdgeGroups) {
-		t.Fatalf("expected EdgeGroups to be equal")
-	}
-}
-
-func TestUpdateWithInvalidEdgeGroups(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	//newEndpoint := createEndpoint(t, handler.DataStore)
-	newEdgeGroup := portainer.EdgeGroup{
-		ID:           2,
-		Name:         "EdgeGroup 2",
-		Dynamic:      false,
-		TagIDs:       nil,
-		Endpoints:    []portainer.EndpointID{8889},
-		PartialMatch: false,
-	}
-
-	handler.DataStore.EdgeGroup().Create(&newEdgeGroup)
-
-	newVersion := 238
-	cases := []struct {
-		Name               string
-		Payload            updateEdgeStackPayload
-		ExpectedStatusCode int
-	}{
-		{
-			"Update with non-existing EdgeGroupID",
-			updateEdgeStackPayload{
-				StackFileContent: "error-test",
-				Version:          &newVersion,
-				EdgeGroups:       []portainer.EdgeGroupID{9999},
-				DeploymentType:   edgeStack.DeploymentType,
-			},
-			http.StatusInternalServerError,
-		},
-		{
-			"Update with invalid EdgeGroup (non-existing Endpoint)",
-			updateEdgeStackPayload{
-				StackFileContent: "error-test",
-				Version:          &newVersion,
-				EdgeGroups:       []portainer.EdgeGroupID{2},
-				DeploymentType:   edgeStack.DeploymentType,
-			},
-			http.StatusInternalServerError,
-		},
-		{
-			"Update DeploymentType from Docker to Kubernetes",
-			updateEdgeStackPayload{
-				StackFileContent: "error-test",
-				Version:          &newVersion,
-				EdgeGroups:       []portainer.EdgeGroupID{1},
-				DeploymentType:   portainer.EdgeStackDeploymentKubernetes,
-			},
-			http.StatusBadRequest,
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.Name, func(t *testing.T) {
-			jsonPayload, err := json.Marshal(tc.Payload)
-			if err != nil {
-				t.Fatal("JSON marshal error:", err)
-			}
-
-			r := bytes.NewBuffer(jsonPayload)
-			req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), r)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			req.Header.Add("x-api-key", rawAPIKey)
-			rec := httptest.NewRecorder()
-			handler.ServeHTTP(rec, req)
-
-			if rec.Code != tc.ExpectedStatusCode {
-				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
-			}
-		})
-	}
-}
-
-func TestUpdateWithInvalidPayload(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	newVersion := 238
-	cases := []struct {
-		Name               string
-		Payload            updateEdgeStackPayload
-		ExpectedStatusCode int
-	}{
-		{
-			"Update with empty StackFileContent",
-			updateEdgeStackPayload{
-				StackFileContent: "",
-				Version:          &newVersion,
-				EdgeGroups:       edgeStack.EdgeGroups,
-				DeploymentType:   edgeStack.DeploymentType,
-			},
-			http.StatusBadRequest,
-		},
-		{
-			"Update with empty EdgeGroups",
-			updateEdgeStackPayload{
-				StackFileContent: "error-test",
-				Version:          &newVersion,
-				EdgeGroups:       []portainer.EdgeGroupID{},
-				DeploymentType:   edgeStack.DeploymentType,
-			},
-			http.StatusBadRequest,
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.Name, func(t *testing.T) {
-			jsonPayload, err := json.Marshal(tc.Payload)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			r := bytes.NewBuffer(jsonPayload)
-			req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), r)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			req.Header.Add("x-api-key", rawAPIKey)
-			rec := httptest.NewRecorder()
-			handler.ServeHTTP(rec, req)
-
-			if rec.Code != tc.ExpectedStatusCode {
-				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
-			}
-		})
-	}
-}
-
-// Update Status
-func TestUpdateStatusAndInspect(t *testing.T) {
-	handler, rawAPIKey, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	// Update edge stack status
-	newStatus := portainer.StatusError
-	payload := updateStatusPayload{
-		Error:      "test-error",
-		Status:     &newStatus,
-		EndpointID: &endpoint.ID,
-	}
-
-	jsonPayload, err := json.Marshal(payload)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	r := bytes.NewBuffer(jsonPayload)
-	req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d/status", edgeStack.ID), r)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, endpoint.EdgeID)
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	// Get updated edge stack
-	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec = httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-
-	data := portainer.EdgeStack{}
-	err = json.NewDecoder(rec.Body).Decode(&data)
-	if err != nil {
-		t.Fatal("error decoding response:", err)
-	}
-
-	if data.Status[endpoint.ID].Type != *payload.Status {
-		t.Fatalf(fmt.Sprintf("expected EdgeStackStatusType %d, found %d", payload.Status, data.Status[endpoint.ID].Type))
-	}
-
-	if data.Status[endpoint.ID].Error != payload.Error {
-		t.Fatalf(fmt.Sprintf("expected EdgeStackStatusError %s, found %s", payload.Error, data.Status[endpoint.ID].Error))
-	}
-
-	if data.Status[endpoint.ID].EndpointID != *payload.EndpointID {
-		t.Fatalf(fmt.Sprintf("expected EndpointID %d, found %d", payload.EndpointID, data.Status[endpoint.ID].EndpointID))
-	}
-}
-func TestUpdateStatusWithInvalidPayload(t *testing.T) {
-	handler, _, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	// Update edge stack status
-	statusError := portainer.StatusError
-	statusOk := portainer.StatusOk
-	cases := []struct {
-		Name                 string
-		Payload              updateStatusPayload
-		ExpectedErrorMessage string
-		ExpectedStatusCode   int
-	}{
-		{
-			"Update with nil Status",
-			updateStatusPayload{
-				Error:      "test-error",
-				Status:     nil,
-				EndpointID: &endpoint.ID,
-			},
-			"Invalid status",
-			400,
-		},
-		{
-			"Update with error status and empty error message",
-			updateStatusPayload{
-				Error:      "",
-				Status:     &statusError,
-				EndpointID: &endpoint.ID,
-			},
-			"Error message is mandatory when status is error",
-			400,
-		},
-		{
-			"Update with nil EndpointID",
-			updateStatusPayload{
-				Error:      "",
-				Status:     &statusOk,
-				EndpointID: nil,
-			},
-			"Invalid EnvironmentID",
-			400,
-		},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.Name, func(t *testing.T) {
-			jsonPayload, err := json.Marshal(tc.Payload)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			r := bytes.NewBuffer(jsonPayload)
-			req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d/status", edgeStack.ID), r)
-			if err != nil {
-				t.Fatal("request error:", err)
-			}
-
-			req.Header.Set(portainer.PortainerAgentEdgeIDHeader, endpoint.EdgeID)
-			rec := httptest.NewRecorder()
-			handler.ServeHTTP(rec, req)
-
-			if rec.Code != tc.ExpectedStatusCode {
-				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
-			}
-		})
-	}
-}
-
-// Delete Status
-func TestDeleteStatus(t *testing.T) {
-	handler, _, teardown := setupHandler(t)
-	defer teardown()
-
-	endpoint := createEndpoint(t, handler.DataStore)
-	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
-
-	req, err := http.NewRequest(http.MethodDelete, fmt.Sprintf("/edge_stacks/%d/status/%d", edgeStack.ID, endpoint.ID), nil)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, endpoint.EdgeID)
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
-	}
-}
--- a/api/http/handler/edgestacks/edgestack_update.go
+++ b/api/http/handler/edgestacks/edgestack_update.go
@@ -2,10 +2,11 @@ package edgestacks

 import (
 	"errors"
-	"github.com/portainer/portainer/api/internal/endpointutils"
 	"net/http"
 	"strconv"

+	"github.com/portainer/portainer/api/internal/endpointutils"
+
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
@@ -118,7 +119,7 @@ func (handler *Handler) edgeStackUpdate(w http.ResponseWriter, r *http.Request)
 				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find environment relation in database", err}
 			}

-			relation.EdgeStacks[stack.ID] = true
+			relation.EdgeStacks[stack.ID] = portainer.EdgeStackStatus{}

 			err = handler.DataStore.EndpointRelation().UpdateEndpointRelation(endpointID, relation)
 			if err != nil {
@@ -180,7 +181,6 @@ func (handler *Handler) edgeStackUpdate(w http.ResponseWriter, r *http.Request)

 	if payload.Version != nil && *payload.Version != stack.Version {
 		stack.Version = *payload.Version
-		stack.Status = map[portainer.EndpointID]portainer.EdgeStackStatus{}
 	}

 	err = handler.DataStore.EdgeStack().UpdateEdgeStack(stack.ID, stack)
--- a/api/http/handler/endpointedge/endpoint_edgestatus_inspect_test.go
+++ b/api/http/handler/endpointedge/endpoint_edgestatus_inspect_test.go
@@ -303,6 +303,7 @@ func TestEmptyEdgeIdWithAgentPlatformHeader(t *testing.T) {
 	assert.Equal(t, updatedEndpoint.EdgeID, edgeId)
 }

+/*
 func TestEdgeStackStatus(t *testing.T) {
 	handler, teardown, err := setupHandler()
 	defer teardown()
@@ -373,6 +374,7 @@ func TestEdgeStackStatus(t *testing.T) {
 	assert.Equal(t, edgeStack.ID, data.Stacks[0].ID)
 	assert.Equal(t, edgeStack.Version, data.Stacks[0].Version)
 }
+*/

 func TestEdgeJobsResponse(t *testing.T) {
 	handler, teardown, err := setupHandler()
--- a/api/http/handler/endpointgroups/endpoints.go
+++ b/api/http/handler/endpointgroups/endpoints.go
@@ -35,11 +35,12 @@ func (handler *Handler) updateEndpointRelations(endpoint *portainer.Endpoint, en
 	}

 	endpointStacks := edge.EndpointRelatedEdgeStacks(endpoint, endpointGroup, edgeGroups, edgeStacks)
-	stacksSet := map[portainer.EdgeStackID]bool{}
+	updatedStacks := make(map[portainer.EdgeStackID]portainer.EdgeStackStatus)
+
 	for _, edgeStackID := range endpointStacks {
-		stacksSet[edgeStackID] = true
+		updatedStacks[edgeStackID] = endpointRelation.EdgeStacks[edgeStackID]
 	}
-	endpointRelation.EdgeStacks = stacksSet
+	endpointRelation.EdgeStacks = updatedStacks

 	return handler.DataStore.EndpointRelation().UpdateEndpointRelation(endpoint.ID, endpointRelation)
 }
--- a/api/http/handler/endpoints/endpoint_association_delete.go
+++ b/api/http/handler/endpoints/endpoint_association_delete.go
@@ -23,7 +23,7 @@ import (
 // @tags endpoints
 // @produce json
 // @param id path int true "Environment(Endpoint) identifier"
-// @success 204 "Success"
+// @success 200 {object} portainer.Endpoint "Success"
 // @failure 400 "Invalid request"
 // @failure 404 "Environment(Endpoint) not found"
 // @failure 500 "Server error"
@@ -61,7 +61,7 @@ func (handler *Handler) endpointAssociationDelete(w http.ResponseWriter, r *http

 	handler.ReverseTunnelService.SetTunnelStatusToIdle(endpoint.ID)

-	return response.Empty(w)
+	return response.JSON(w, endpoint)
 }

 func (handler *Handler) updateEdgeKey(edgeKey string) (string, error) {
--- a/api/http/handler/endpoints/endpoint_create.go
+++ b/api/http/handler/endpoints/endpoint_create.go
@@ -187,15 +187,6 @@ func (handler *Handler) endpointCreate(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
 	}

-	isUnique, err := handler.isNameUnique(payload.Name, 0)
-	if err != nil {
-		return httperror.InternalServerError("Unable to check if name is unique", err)
-	}
-
-	if !isUnique {
-		return httperror.NewError(http.StatusConflict, "Name is not unique", nil)
-	}
-
 	endpoint, endpointCreationError := handler.createEndpoint(payload)
 	if endpointCreationError != nil {
 		return endpointCreationError
@@ -218,13 +209,15 @@ func (handler *Handler) endpointCreate(w http.ResponseWriter, r *http.Request) *

 	relationObject := &portainer.EndpointRelation{
 		EndpointID: endpoint.ID,
-		EdgeStacks: map[portainer.EdgeStackID]bool{},
+		EdgeStacks: map[portainer.EdgeStackID]portainer.EdgeStackStatus{},
 	}

 	if endpoint.Type == portainer.EdgeAgentOnDockerEnvironment || endpoint.Type == portainer.EdgeAgentOnKubernetesEnvironment {
 		relatedEdgeStacks := edge.EndpointRelatedEdgeStacks(endpoint, endpointGroup, edgeGroups, edgeStacks)
 		for _, stackID := range relatedEdgeStacks {
-			relationObject.EdgeStacks[stackID] = true
+			relationObject.EdgeStacks[stackID] = portainer.EdgeStackStatus{
+				Type: portainer.StatusAcknowledged,
+			}
 		}
 	}

@@ -308,17 +301,17 @@ func (handler *Handler) createAzureEndpoint(payload *endpointCreatePayload) (*po
 }

 func (handler *Handler) createEdgeAgentEndpoint(payload *endpointCreatePayload) (*portainer.Endpoint, *httperror.HandlerError) {
-	endpointID := handler.DataStore.Endpoint().GetNextIdentifier()
+	//endpointID := handler.DataStore.Endpoint().GetNextIdentifier()

 	portainerHost, err := edge.ParseHostForEdge(payload.URL)
 	if err != nil {
 		return nil, httperror.BadRequest("Unable to parse host", err)
 	}

-	edgeKey := handler.ReverseTunnelService.GenerateEdgeKey(payload.URL, portainerHost, endpointID)
+	//edgeKey := handler.ReverseTunnelService.GenerateEdgeKey(payload.URL, portainerHost, endpointID)

 	endpoint := &portainer.Endpoint{
-		ID:      portainer.EndpointID(endpointID),
+		//ID:      portainer.EndpointID(endpointID),
 		Name:    payload.Name,
 		URL:     portainerHost,
 		Type:    portainer.EdgeAgentOnDockerEnvironment,
@@ -326,12 +319,12 @@ func (handler *Handler) createEdgeAgentEndpoint(payload *endpointCreatePayload)
 		TLSConfig: portainer.TLSConfiguration{
 			TLS: false,
 		},
-		UserAccessPolicies:  portainer.UserAccessPolicies{},
-		TeamAccessPolicies:  portainer.TeamAccessPolicies{},
-		TagIDs:              payload.TagIDs,
-		Status:              portainer.EndpointStatusUp,
-		Snapshots:           []portainer.DockerSnapshot{},
-		EdgeKey:             edgeKey,
+		UserAccessPolicies: portainer.UserAccessPolicies{},
+		TeamAccessPolicies: portainer.TeamAccessPolicies{},
+		TagIDs:             payload.TagIDs,
+		Status:             portainer.EndpointStatusUp,
+		Snapshots:          []portainer.DockerSnapshot{},
+		//EdgeKey:             edgeKey,
 		EdgeCheckinInterval: payload.EdgeCheckinInterval,
 		Kubernetes:          portainer.KubernetesDefault(),
 		IsEdgeDevice:        payload.IsEdgeDevice,
@@ -352,7 +345,15 @@ func (handler *Handler) createEdgeAgentEndpoint(payload *endpointCreatePayload)
 		endpoint.EdgeID = edgeID.String()
 	}

-	err = handler.saveEndpointAndUpdateAuthorizations(endpoint)
+	err = handler.saveEndpointAndUpdateAuthorizationsWithCallback(endpoint, func(id uint64) (int, interface{}) {
+		endpoint.ID = portainer.EndpointID(id)
+
+		if endpoint.Type == portainer.EdgeAgentOnDockerEnvironment {
+			endpoint.EdgeKey = handler.ReverseTunnelService.GenerateEdgeKey(payload.URL, portainerHost, int(id))
+		}
+
+		return int(id), endpoint
+	})
 	if err != nil {
 		return nil, &httperror.HandlerError{http.StatusInternalServerError, "An error occured while trying to create the environment", err}
 	}
@@ -520,6 +521,42 @@ func (handler *Handler) saveEndpointAndUpdateAuthorizations(endpoint *portainer.
 	return nil
 }

+func (handler *Handler) saveEndpointAndUpdateAuthorizationsWithCallback(endpoint *portainer.Endpoint, fn func(id uint64) (int, interface{})) error {
+	endpoint.SecuritySettings = portainer.EndpointSecuritySettings{
+		AllowVolumeBrowserForRegularUsers: false,
+		EnableHostManagementFeatures:      false,
+
+		AllowSysctlSettingForRegularUsers:         true,
+		AllowBindMountsForRegularUsers:            true,
+		AllowPrivilegedModeForRegularUsers:        true,
+		AllowHostNamespaceForRegularUsers:         true,
+		AllowContainerCapabilitiesForRegularUsers: true,
+		AllowDeviceMappingForRegularUsers:         true,
+		AllowStackManagementForRegularUsers:       true,
+	}
+
+	err := handler.DataStore.Endpoint().CreateWithCallback(endpoint, fn)
+	if err != nil {
+		return err
+	}
+
+	for _, tagID := range endpoint.TagIDs {
+		tag, err := handler.DataStore.Tag().Tag(tagID)
+		if err != nil {
+			return err
+		}
+
+		tag.Endpoints[endpoint.ID] = true
+
+		err = handler.DataStore.Tag().UpdateTag(tagID, tag)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (handler *Handler) storeTLSFiles(endpoint *portainer.Endpoint, payload *endpointCreatePayload) *httperror.HandlerError {
 	folder := strconv.Itoa(int(endpoint.ID))

--- a/api/http/handler/endpoints/endpoint_create_global_key_test.go
+++ b/api/http/handler/endpoints/endpoint_create_global_key_test.go
@@ -12,7 +12,6 @@ import (
 func TestEmptyGlobalKey(t *testing.T) {
 	handler := NewHandler(
 		helper.NewTestRequestBouncer(),
-		nil,
 	)

 	req, err := http.NewRequest(http.MethodPost, "https://portainer.io:9443/endpoints/global-key", nil)
--- a/api/http/handler/endpoints/endpoint_delete.go
+++ b/api/http/handler/endpoints/endpoint_delete.go
@@ -8,7 +8,6 @@ import (
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
-	httperrors "github.com/portainer/portainer/api/http/errors"
 )

 // @id EndpointDelete
@@ -30,10 +29,6 @@ func (handler *Handler) endpointDelete(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid environment identifier route variable", err}
 	}

-	if handler.demoService.IsDemoEnvironment(portainer.EndpointID(endpointID)) {
-		return &httperror.HandlerError{http.StatusForbidden, httperrors.ErrNotAvailableInDemo.Error(), httperrors.ErrNotAvailableInDemo}
-	}
-
 	endpoint, err := handler.DataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
 	if handler.DataStore.IsErrObjectNotFound(err) {
 		return &httperror.HandlerError{http.StatusNotFound, "Unable to find an environment with the specified identifier inside the database", err}
@@ -92,22 +87,6 @@ func (handler *Handler) endpointDelete(w http.ResponseWriter, r *http.Request) *
 		}
 	}

-	edgeStacks, err := handler.DataStore.EdgeStack().EdgeStacks()
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve edge stacks from the database", err}
-	}
-
-	for idx := range edgeStacks {
-		edgeStack := &edgeStacks[idx]
-		if _, ok := edgeStack.Status[endpoint.ID]; ok {
-			delete(edgeStack.Status, endpoint.ID)
-			err = handler.DataStore.EdgeStack().UpdateEdgeStack(edgeStack.ID, edgeStack)
-			if err != nil {
-				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to update edge stack", err}
-			}
-		}
-	}
-
 	registries, err := handler.DataStore.Registry().Registries()
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve registries from the database", err}
--- a/api/http/handler/endpoints/endpoint_list.go
+++ b/api/http/handler/endpoints/endpoint_list.go
@@ -34,7 +34,7 @@ var endpointGroupNames map[portainer.EndpointGroupID]string
 // @id EndpointList
 // @summary List environments(endpoints)
 // @description List all environments(endpoints) based on the current user authorizations. Will
-// @description return all environments(endpoints) if using an administrator or team leader account otherwise it will
+// @description return all environments(endpoints) if using an administrator account otherwise it will
 // @description only return authorized environments(endpoints).
 // @description **Access policy**: restricted
 // @tags endpoints
@@ -50,7 +50,6 @@ var endpointGroupNames map[portainer.EndpointGroupID]string
 // @param tagsPartialMatch query bool false "If true, will return environment(endpoint) which has one of tagIds, if false (or missing) will return only environments(endpoints) that has all the tags"
 // @param endpointIds query []int false "will return only these environments(endpoints)"
 // @param edgeDeviceFilter query string false "will return only these edge environments, none will return only regular edge environments" Enum("all", "trusted", "untrusted", "none")
-// @param name query string false "will return only environments(endpoints) with this name"
 // @success 200 {array} portainer.Endpoint "Endpoints"
 // @failure 500 "Server error"
 // @router /endpoints [get]
@@ -92,6 +91,12 @@ func (handler *Handler) endpointList(w http.ResponseWriter, r *http.Request) *ht
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve environment groups from the database", err}
 	}

+	// create endpoint groups as a map for more convenient access
+	endpointGroupNames = make(map[portainer.EndpointGroupID]string, 0)
+	for _, group := range endpointGroups {
+		endpointGroupNames[group.ID] = group.Name
+	}
+
 	endpoints, err := handler.DataStore.Endpoint().Endpoints()
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve environments from the database", err}
@@ -122,11 +127,6 @@ func (handler *Handler) endpointList(w http.ResponseWriter, r *http.Request) *ht
 		filteredEndpoints = filterEndpointsByGroupIDs(filteredEndpoints, groupIDs)
 	}

-	name, _ := request.RetrieveQueryParameter(r, "name", true)
-	if name != "" {
-		filteredEndpoints = filterEndpointsByName(filteredEndpoints, name)
-	}
-
 	edgeDeviceFilter, _ := request.RetrieveQueryParameter(r, "edgeDeviceFilter", false)
 	if edgeDeviceFilter != "" {
 		filteredEndpoints = filterEndpointsByEdgeDevice(filteredEndpoints, edgeDeviceFilter)
@@ -157,7 +157,7 @@ func (handler *Handler) endpointList(w http.ResponseWriter, r *http.Request) *ht
 	}

 	// Sort endpoints by field
-	sortEndpointsByField(filteredEndpoints, endpointGroups, sortField, sortOrder == "desc")
+	sortEndpointsByField(filteredEndpoints, sortField, sortOrder == "desc")

 	filteredEndpointCount := len(filteredEndpoints)

@@ -254,7 +254,7 @@ func filterEndpointsByStatuses(endpoints []portainer.Endpoint, statuses []int, s
 	return filteredEndpoints
 }

-func sortEndpointsByField(endpoints []portainer.Endpoint, endpointGroups []portainer.EndpointGroup, sortField string, isSortDesc bool) {
+func sortEndpointsByField(endpoints []portainer.Endpoint, sortField string, isSortDesc bool) {

 	switch sortField {
 	case "Name":
@@ -265,20 +265,10 @@ func sortEndpointsByField(endpoints []portainer.Endpoint, endpointGroups []porta
 		}

 	case "Group":
-		endpointGroupNames = make(map[portainer.EndpointGroupID]string, 0)
-		for _, group := range endpointGroups {
-			endpointGroupNames[group.ID] = group.Name
-		}
-
-		endpointsByGroup := EndpointsByGroup{
-			endpointGroupNames: endpointGroupNames,
-			endpoints:          endpoints,
-		}
-
 		if isSortDesc {
-			sort.Stable(sort.Reverse(endpointsByGroup))
+			sort.Stable(sort.Reverse(EndpointsByGroup(endpoints)))
 		} else {
-			sort.Stable(endpointsByGroup)
+			sort.Stable(EndpointsByGroup(endpoints))
 		}

 	case "Status":
@@ -475,18 +465,3 @@ func filteredEndpointsByIds(endpoints []portainer.Endpoint, ids []portainer.Endp
 	return filteredEndpoints

 }
-
-func filterEndpointsByName(endpoints []portainer.Endpoint, name string) []portainer.Endpoint {
-	if name == "" {
-		return endpoints
-	}
-
-	filteredEndpoints := make([]portainer.Endpoint, 0)
-
-	for _, endpoint := range endpoints {
-		if endpoint.Name == name {
-			filteredEndpoints = append(filteredEndpoints, endpoint)
-		}
-	}
-	return filteredEndpoints
-}
--- a/api/http/handler/endpoints/endpoint_list_test.go
+++ b/api/http/handler/endpoints/endpoint_list_test.go
@@ -52,7 +52,7 @@ func Test_endpointList(t *testing.T) {
 	is.NoError(err, "error creating a user")

 	bouncer := helper.NewTestRequestBouncer()
-	h := NewHandler(bouncer, nil)
+	h := NewHandler(bouncer)
 	h.DataStore = store
 	h.ComposeStackManager = testhelpers.NewComposeStackManager()

--- a/api/http/handler/endpoints/endpoint_update.go
+++ b/api/http/handler/endpoints/endpoint_update.go
@@ -88,18 +88,7 @@ func (handler *Handler) endpointUpdate(w http.ResponseWriter, r *http.Request) *
 	}

 	if payload.Name != nil {
-		name := *payload.Name
-		isUnique, err := handler.isNameUnique(name, endpoint.ID)
-		if err != nil {
-			return httperror.InternalServerError("Unable to check if name is unique", err)
-		}
-
-		if !isUnique {
-			return httperror.NewError(http.StatusConflict, "Name is not unique", nil)
-		}
-
-		endpoint.Name = name
-
+		endpoint.Name = *payload.Name
 	}

 	if payload.URL != nil {
@@ -315,7 +304,9 @@ func (handler *Handler) endpointUpdate(w http.ResponseWriter, r *http.Request) *
 			currentEdgeStackSet[edgeStackID] = true
 		}

-		relation.EdgeStacks = currentEdgeStackSet
+		for edgeStackID := range currentEdgeStackSet {
+			relation.EdgeStacks[edgeStackID] = portainer.EdgeStackStatus{}
+		}

 		err = handler.DataStore.EndpointRelation().UpdateEndpointRelation(endpoint.ID, relation)
 		if err != nil {
--- a/api/http/handler/endpoints/handler.go
+++ b/api/http/handler/endpoints/handler.go
@@ -4,7 +4,6 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/proxy"
 	"github.com/portainer/portainer/api/internal/authorization"
 	"github.com/portainer/portainer/api/kubernetes/cli"
@@ -36,7 +35,6 @@ type requestBouncer interface {
 type Handler struct {
 	*mux.Router
 	requestBouncer       requestBouncer
-	demoService          *demo.Service
 	DataStore            dataservices.DataStore
 	FileService          portainer.FileService
 	ProxyManager         *proxy.Manager
@@ -50,11 +48,10 @@ type Handler struct {
 }

 // NewHandler creates a handler to manage environment(endpoint) operations.
-func NewHandler(bouncer requestBouncer, demoService *demo.Service) *Handler {
+func NewHandler(bouncer requestBouncer) *Handler {
 	h := &Handler{
 		Router:         mux.NewRouter(),
 		requestBouncer: bouncer,
-		demoService:    demoService,
 	}

 	h.Handle("/endpoints",
--- a/api/http/handler/endpoints/sort.go
+++ b/api/http/handler/endpoints/sort.go
@@ -21,26 +21,23 @@ func (e EndpointsByName) Less(i, j int) bool {
 	return sortorder.NaturalLess(strings.ToLower(e[i].Name), strings.ToLower(e[j].Name))
 }

-type EndpointsByGroup struct {
-	endpointGroupNames map[portainer.EndpointGroupID]string
-	endpoints          []portainer.Endpoint
-}
+type EndpointsByGroup []portainer.Endpoint

 func (e EndpointsByGroup) Len() int {
-	return len(e.endpoints)
+	return len(e)
 }

 func (e EndpointsByGroup) Swap(i, j int) {
-	e.endpoints[i], e.endpoints[j] = e.endpoints[j], e.endpoints[i]
+	e[i], e[j] = e[j], e[i]
 }

 func (e EndpointsByGroup) Less(i, j int) bool {
-	if e.endpoints[i].GroupID == e.endpoints[j].GroupID {
+	if e[i].GroupID == e[j].GroupID {
 		return false
 	}

-	groupA := endpointGroupNames[e.endpoints[i].GroupID]
-	groupB := endpointGroupNames[e.endpoints[j].GroupID]
+	groupA := endpointGroupNames[e[i].GroupID]
+	groupB := endpointGroupNames[e[j].GroupID]

 	return sortorder.NaturalLess(strings.ToLower(groupA), strings.ToLower(groupB))
 }
--- a/api/http/handler/endpoints/unique_name.go
+++ b/api/http/handler/endpoints/unique_name.go
@@ -1,18 +0,0 @@
-package endpoints
-
-import portainer "github.com/portainer/portainer/api"
-
-func (handler *Handler) isNameUnique(name string, endpointID portainer.EndpointID) (bool, error) {
-	endpoints, err := handler.DataStore.Endpoint().Endpoints()
-	if err != nil {
-		return false, err
-	}
-
-	for _, endpoint := range endpoints {
-		if endpoint.Name == name && (endpointID == 0 || endpoint.ID != endpointID) {
-			return false, nil
-		}
-	}
-
-	return true, nil
-}
--- a/api/http/handler/handler.go
+++ b/api/http/handler/handler.go
@@ -2,6 +2,8 @@ package handler

 import (
 	"net/http"
+	"net/http/pprof"
+	"runtime"
 	"strings"

 	"github.com/portainer/portainer/api/http/handler/auth"
@@ -80,7 +82,7 @@ type Handler struct {
 }

 // @title PortainerCE API
-// @version 2.14.0
+// @version 2.13.0
 // @description.markdown api-description.md
 // @termsOfService

@@ -154,9 +156,20 @@ type Handler struct {
 // @tag.name websocket
 // @tag.description Create exec sessions using websockets

+func init() {
+	runtime.SetBlockProfileRate(1)
+	runtime.SetMutexProfileFraction(1)
+}
+
 // ServeHTTP delegates a request to the appropriate subhandler.
 func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	switch {
+	case strings.HasPrefix(r.URL.Path, "/debug/pprof/profile"):
+		pprof.Profile(w, r)
+	case strings.HasPrefix(r.URL.Path, "/debug/pprof/trace"):
+		pprof.Trace(w, r)
+	case strings.HasPrefix(r.URL.Path, "/debug/pprof"):
+		pprof.Index(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/auth"):
 		http.StripPrefix("/api", h.AuthHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/backup"):
--- a/api/http/handler/settings/handler.go
+++ b/api/http/handler/settings/handler.go
@@ -7,7 +7,6 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/security"
 )

@@ -25,14 +24,12 @@ type Handler struct {
 	JWTService      dataservices.JWTService
 	LDAPService     portainer.LDAPService
 	SnapshotService portainer.SnapshotService
-	demoService     *demo.Service
 }

 // NewHandler creates a handler to manage settings operations.
-func NewHandler(bouncer *security.RequestBouncer, demoService *demo.Service) *Handler {
+func NewHandler(bouncer *security.RequestBouncer) *Handler {
 	h := &Handler{
-		Router:      mux.NewRouter(),
-		demoService: demoService,
+		Router: mux.NewRouter(),
 	}
 	h.Handle("/settings",
 		bouncer.AdminAccess(httperror.LoggerHandler(h.settingsInspect))).Methods(http.MethodGet)
--- a/api/http/handler/settings/settings_public.go
+++ b/api/http/handler/settings/settings_public.go
@@ -14,8 +14,6 @@ type publicSettingsResponse struct {
 	LogoURL string `json:"LogoURL" example:"https://mycompany.mydomain.tld/logo.png"`
 	// Active authentication method for the Portainer instance. Valid values are: 1 for internal, 2 for LDAP, or 3 for oauth
 	AuthenticationMethod portainer.AuthenticationMethod `json:"AuthenticationMethod" example:"1"`
-	// The minimum required length for a password of any user when using internal auth mode
-	RequiredPasswordLength int `json:"RequiredPasswordLength" example:"1"`
 	// Whether edge compute features are enabled
 	EnableEdgeComputeFeatures bool `json:"EnableEdgeComputeFeatures" example:"true"`
 	// Supported feature flags
@@ -28,21 +26,6 @@ type publicSettingsResponse struct {
 	EnableTelemetry bool `json:"EnableTelemetry" example:"true"`
 	// The expiry of a Kubeconfig
 	KubeconfigExpiry string `example:"24h" default:"0"`
-	// Whether team sync is enabled
-	TeamSync bool `json:"TeamSync" example:"true"`
-
-	Edge struct {
-		// Whether the device has been started in edge async mode
-		AsyncMode bool
-		// The ping interval for edge agent - used in edge async mode [seconds]
-		PingInterval int `json:"PingInterval" example:"60"`
-		// The snapshot interval for edge agent - used in edge async mode [seconds]
-		SnapshotInterval int `json:"SnapshotInterval" example:"60"`
-		// The command list interval for edge agent - used in edge async mode [seconds]
-		CommandInterval int `json:"CommandInterval" example:"60"`
-		// The check in interval for edge agent (in seconds) - used in non async mode [seconds]
-		CheckinInterval int `example:"60"`
-	}
 }

 // @id SettingsPublic
@@ -68,19 +51,11 @@ func generatePublicSettings(appSettings *portainer.Settings) *publicSettingsResp
 	publicSettings := &publicSettingsResponse{
 		LogoURL:                   appSettings.LogoURL,
 		AuthenticationMethod:      appSettings.AuthenticationMethod,
-		RequiredPasswordLength:    appSettings.InternalAuthSettings.RequiredPasswordLength,
 		EnableEdgeComputeFeatures: appSettings.EnableEdgeComputeFeatures,
 		EnableTelemetry:           appSettings.EnableTelemetry,
 		KubeconfigExpiry:          appSettings.KubeconfigExpiry,
 		Features:                  appSettings.FeatureFlagSettings,
 	}
-
-	publicSettings.Edge.AsyncMode = appSettings.Edge.AsyncMode
-	publicSettings.Edge.PingInterval = appSettings.Edge.PingInterval
-	publicSettings.Edge.SnapshotInterval = appSettings.Edge.SnapshotInterval
-	publicSettings.Edge.CommandInterval = appSettings.Edge.CommandInterval
-	publicSettings.Edge.CheckinInterval = appSettings.EdgeAgentCheckinInterval
-
 	//if OAuth authentication is on, compose the related fields from application settings
 	if publicSettings.AuthenticationMethod == portainer.AuthenticationOAuth {
 		publicSettings.OAuthLogoutURI = appSettings.OAuthSettings.LogoutURI
@@ -94,9 +69,5 @@ func generatePublicSettings(appSettings *portainer.Settings) *publicSettingsResp
 			publicSettings.OAuthLoginURI += "&prompt=login"
 		}
 	}
-	//if LDAP authentication is on, compose the related fields from application settings
-	if publicSettings.AuthenticationMethod == portainer.AuthenticationLDAP {
-		publicSettings.TeamSync = len(appSettings.LDAPSettings.GroupSearchSettings) > 0
-	}
 	return publicSettings
 }
--- a/api/http/handler/settings/settings_update.go
+++ b/api/http/handler/settings/settings_update.go
@@ -22,10 +22,9 @@ type settingsUpdatePayload struct {
 	// A list of label name & value that will be used to hide containers when querying containers
 	BlackListedLabels []portainer.Pair
 	// Active authentication method for the Portainer instance. Valid values are: 1 for internal, 2 for LDAP, or 3 for oauth
-	AuthenticationMethod *int                            `example:"1"`
-	InternalAuthSettings *portainer.InternalAuthSettings `example:""`
-	LDAPSettings         *portainer.LDAPSettings         `example:""`
-	OAuthSettings        *portainer.OAuthSettings        `example:""`
+	AuthenticationMethod *int                     `example:"1"`
+	LDAPSettings         *portainer.LDAPSettings  `example:""`
+	OAuthSettings        *portainer.OAuthSettings `example:""`
 	// The interval in which environment(endpoint) snapshots are created
 	SnapshotInterval *string `example:"5m"`
 	// URL to the templates that will be displayed in the UI when navigating to App Templates
@@ -114,11 +113,6 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve the settings from the database", err}
 	}

-	if handler.demoService.IsDemo() {
-		payload.EnableTelemetry = nil
-		payload.LogoURL = nil
-	}
-
 	if payload.AuthenticationMethod != nil {
 		settings.AuthenticationMethod = portainer.AuthenticationMethod(*payload.AuthenticationMethod)
 	}
@@ -154,10 +148,6 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 		settings.BlackListedLabels = payload.BlackListedLabels
 	}

-	if payload.InternalAuthSettings != nil {
-		settings.InternalAuthSettings.RequiredPasswordLength = payload.InternalAuthSettings.RequiredPasswordLength
-	}
-
 	if payload.LDAPSettings != nil {
 		ldapReaderDN := settings.LDAPSettings.ReaderDN
 		ldapPassword := settings.LDAPSettings.Password
--- a/api/http/handler/stacks/create_compose_stack.go
+++ b/api/http/handler/stacks/create_compose_stack.go
@@ -177,6 +177,9 @@ func (payload *composeStackFromGitRepositoryPayload) Validate(r *http.Request) e
 	if govalidator.IsNull(payload.RepositoryURL) || !govalidator.IsURL(payload.RepositoryURL) {
 		return errors.New("Invalid repository URL. Must correspond to a valid URL format")
 	}
+	if govalidator.IsNull(payload.RepositoryReferenceName) {
+		payload.RepositoryReferenceName = defaultGitReferenceName
+	}
 	if payload.RepositoryAuthentication && govalidator.IsNull(payload.RepositoryPassword) {
 		return errors.New("Invalid repository credentials. Password must be specified when authentication is enabled")
 	}
--- a/api/http/handler/stacks/create_kubernetes_stack.go
+++ b/api/http/handler/stacks/create_kubernetes_stack.go
@@ -70,6 +70,9 @@ func (payload *kubernetesGitDeploymentPayload) Validate(r *http.Request) error {
 	if govalidator.IsNull(payload.ManifestFile) {
 		return errors.New("Invalid manifest file in repository")
 	}
+	if govalidator.IsNull(payload.RepositoryReferenceName) {
+		payload.RepositoryReferenceName = defaultGitReferenceName
+	}
 	if err := validateStackAutoUpdate(payload.AutoUpdate); err != nil {
 		return err
 	}
--- a/api/http/handler/stacks/create_swarm_stack.go
+++ b/api/http/handler/stacks/create_swarm_stack.go
@@ -144,6 +144,9 @@ func (payload *swarmStackFromGitRepositoryPayload) Validate(r *http.Request) err
 	if govalidator.IsNull(payload.RepositoryURL) || !govalidator.IsURL(payload.RepositoryURL) {
 		return errors.New("Invalid repository URL. Must correspond to a valid URL format")
 	}
+	if govalidator.IsNull(payload.RepositoryReferenceName) {
+		payload.RepositoryReferenceName = defaultGitReferenceName
+	}
 	if payload.RepositoryAuthentication && govalidator.IsNull(payload.RepositoryPassword) {
 		return errors.New("Invalid repository credentials. Password must be specified when authentication is enabled")
 	}
--- a/api/http/handler/stacks/handler.go
+++ b/api/http/handler/stacks/handler.go
@@ -21,6 +21,8 @@ import (
 	"github.com/portainer/portainer/api/stacks"
 )

+const defaultGitReferenceName = "refs/heads/master"
+
 var (
 	errStackAlreadyExists     = errors.New("A stack already exists with this name")
 	errWebhookIDAlreadyExists = errors.New("A webhook ID already exists")
--- a/api/http/handler/stacks/stack_update_git.go
+++ b/api/http/handler/stacks/stack_update_git.go
@@ -4,6 +4,7 @@ import (
 	"net/http"
 	"time"

+	"github.com/asaskevich/govalidator"
 	"github.com/pkg/errors"
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
@@ -25,6 +26,10 @@ type stackGitUpdatePayload struct {
 }

 func (payload *stackGitUpdatePayload) Validate(r *http.Request) error {
+	if govalidator.IsNull(payload.RepositoryReferenceName) {
+		payload.RepositoryReferenceName = defaultGitReferenceName
+	}
+
 	if err := validateStackAutoUpdate(payload.AutoUpdate); err != nil {
 		return err
 	}
--- a/api/http/handler/stacks/stack_update_git_redeploy.go
+++ b/api/http/handler/stacks/stack_update_git_redeploy.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"time"

+	"github.com/asaskevich/govalidator"
 	"github.com/pkg/errors"
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
@@ -27,6 +28,9 @@ type stackGitRedployPayload struct {
 }

 func (payload *stackGitRedployPayload) Validate(r *http.Request) error {
+	if govalidator.IsNull(payload.RepositoryReferenceName) {
+		payload.RepositoryReferenceName = defaultGitReferenceName
+	}
 	return nil
 }

--- a/api/http/handler/stacks/update_kubernetes_stack.go
+++ b/api/http/handler/stacks/update_kubernetes_stack.go
@@ -38,6 +38,9 @@ func (payload *kubernetesFileStackUpdatePayload) Validate(r *http.Request) error
 }

 func (payload *kubernetesGitStackUpdatePayload) Validate(r *http.Request) error {
+	if govalidator.IsNull(payload.RepositoryReferenceName) {
+		payload.RepositoryReferenceName = defaultGitReferenceName
+	}
 	if err := validateStackAutoUpdate(payload.AutoUpdate); err != nil {
 		return err
 	}
--- a/api/http/handler/status/handler.go
+++ b/api/http/handler/status/handler.go
@@ -5,24 +5,21 @@ import (

 	"github.com/gorilla/mux"
 	httperror "github.com/portainer/libhttp/error"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/demo"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/security"
 )

 // Handler is the HTTP handler used to handle status operations.
 type Handler struct {
 	*mux.Router
-	Status      *portainer.Status
-	demoService *demo.Service
+	Status *portainer.Status
 }

 // NewHandler creates a handler to manage status operations.
-func NewHandler(bouncer *security.RequestBouncer, status *portainer.Status, demoService *demo.Service) *Handler {
+func NewHandler(bouncer *security.RequestBouncer, status *portainer.Status) *Handler {
 	h := &Handler{
-		Router:      mux.NewRouter(),
-		Status:      status,
-		demoService: demoService,
+		Router: mux.NewRouter(),
+		Status: status,
 	}
 	h.Handle("/status",
 		bouncer.PublicAccess(httperror.LoggerHandler(h.statusInspect))).Methods(http.MethodGet)
--- a/api/http/handler/status/status_inspect.go
+++ b/api/http/handler/status/status_inspect.go
@@ -5,26 +5,16 @@ import (

 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/response"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/demo"
 )

-type status struct {
-	*portainer.Status
-	DemoEnvironment demo.EnvironmentDetails
-}
-
 // @id StatusInspect
 // @summary Check Portainer status
 // @description Retrieve Portainer status
 // @description **Access policy**: public
 // @tags status
 // @produce json
-// @success 200 {object} status "Success"
+// @success 200 {object} portainer.Status "Success"
 // @router /status [get]
 func (handler *Handler) statusInspect(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	return response.JSON(w, &status{
-		Status:          handler.Status,
-		DemoEnvironment: handler.demoService.Details(),
-	})
+	return response.JSON(w, handler.Status)
 }
--- a/api/http/handler/tags/tag_delete.go
+++ b/api/http/handler/tags/tag_delete.go
@@ -126,11 +126,12 @@ func (handler *Handler) updateEndpointRelations(endpoint portainer.Endpoint, edg
 	}

 	endpointStacks := edge.EndpointRelatedEdgeStacks(&endpoint, endpointGroup, edgeGroups, edgeStacks)
-	stacksSet := map[portainer.EdgeStackID]bool{}
+	updatedStacks := make(map[portainer.EdgeStackID]portainer.EdgeStackStatus)
+
 	for _, edgeStackID := range endpointStacks {
-		stacksSet[edgeStackID] = true
+		updatedStacks[edgeStackID] = endpointRelation.EdgeStacks[edgeStackID]
 	}
-	endpointRelation.EdgeStacks = stacksSet
+	endpointRelation.EdgeStacks = updatedStacks

 	return handler.DataStore.EndpointRelation().UpdateEndpointRelation(endpoint.ID, endpointRelation)
 }
--- a/api/http/handler/teammemberships/handler.go
+++ b/api/http/handler/teammemberships/handler.go
@@ -21,13 +21,14 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
 	h := &Handler{
 		Router: mux.NewRouter(),
 	}
-
-	h.Use(bouncer.TeamLeaderAccess)
-
-	h.Handle("/team_memberships", httperror.LoggerHandler(h.teamMembershipCreate)).Methods(http.MethodPost)
-	h.Handle("/team_memberships", httperror.LoggerHandler(h.teamMembershipList)).Methods(http.MethodGet)
-	h.Handle("/team_memberships/{id}", httperror.LoggerHandler(h.teamMembershipUpdate)).Methods(http.MethodPut)
-	h.Handle("/team_memberships/{id}", httperror.LoggerHandler(h.teamMembershipDelete)).Methods(http.MethodDelete)
+	h.Handle("/team_memberships",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamMembershipCreate))).Methods(http.MethodPost)
+	h.Handle("/team_memberships",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamMembershipList))).Methods(http.MethodGet)
+	h.Handle("/team_memberships/{id}",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamMembershipUpdate))).Methods(http.MethodPut)
+	h.Handle("/team_memberships/{id}",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamMembershipDelete))).Methods(http.MethodDelete)

 	return h
 }
--- a/api/http/handler/teammemberships/teammembership_list.go
+++ b/api/http/handler/teammemberships/teammembership_list.go
@@ -5,6 +5,8 @@ import (

 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/response"
+	"github.com/portainer/portainer/api/http/errors"
+	"github.com/portainer/portainer/api/http/security"
 )

 // @id TeamMembershipList
@@ -21,6 +23,15 @@ import (
 // @failure 500 "Server error"
 // @router /team_memberships [get]
 func (handler *Handler) teamMembershipList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	securityContext, err := security.RetrieveRestrictedRequestContext(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
+	}
+
+	if !securityContext.IsAdmin && !securityContext.IsTeamLeader {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to list team memberships", errors.ErrResourceAccessDenied}
+	}
+
 	memberships, err := handler.DataStore.TeamMembership().TeamMemberships()
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve team memberships from the database", err}
--- a/api/http/handler/teammemberships/teammembership_update.go
+++ b/api/http/handler/teammemberships/teammembership_update.go
@@ -36,8 +36,8 @@ func (payload *teamMembershipUpdatePayload) Validate(r *http.Request) error {

 // @id TeamMembershipUpdate
 // @summary Update a team membership
-// @description Update a team membership. Access is only available to administrators or leaders of the associated team.
-// @description **Access policy**: administrator or leaders of the associated team
+// @description Update a team membership. Access is only available to administrators leaders of the associated team.
+// @description **Access policy**: administrator
 // @tags team_memberships
 // @security ApiKeyAuth
 // @security jwt
@@ -63,6 +63,15 @@ func (handler *Handler) teamMembershipUpdate(w http.ResponseWriter, r *http.Requ
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
 	}

+	securityContext, err := security.RetrieveRestrictedRequestContext(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
+	}
+
+	if !security.AuthorizedTeamManagement(portainer.TeamID(payload.TeamID), securityContext) {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to update the membership", httperrors.ErrResourceAccessDenied}
+	}
+
 	membership, err := handler.DataStore.TeamMembership().TeamMembership(portainer.TeamMembershipID(membershipID))
 	if handler.DataStore.IsErrObjectNotFound(err) {
 		return &httperror.HandlerError{http.StatusNotFound, "Unable to find a team membership with the specified identifier inside the database", err}
@@ -70,15 +79,8 @@ func (handler *Handler) teamMembershipUpdate(w http.ResponseWriter, r *http.Requ
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a team membership with the specified identifier inside the database", err}
 	}

-	securityContext, err := security.RetrieveRestrictedRequestContext(r)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
-	}
-
-	isLeadingBothTeam := security.AuthorizedTeamManagement(portainer.TeamID(payload.TeamID), securityContext) &&
-		security.AuthorizedTeamManagement(membership.TeamID, securityContext)
-	if !(securityContext.IsAdmin || isLeadingBothTeam) {
-		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to update the membership", httperrors.ErrResourceAccessDenied}
+	if securityContext.IsTeamLeader && membership.Role != portainer.MembershipRole(payload.Role) {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to update the role of membership", httperrors.ErrResourceAccessDenied}
 	}

 	membership.UserID = portainer.UserID(payload.UserID)
--- a/api/http/handler/teams/handler.go
+++ b/api/http/handler/teams/handler.go
@@ -20,22 +20,18 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
 	h := &Handler{
 		Router: mux.NewRouter(),
 	}
-
-	adminRouter := h.NewRoute().Subrouter()
-	adminRouter.Use(bouncer.AdminAccess)
-
-	restrictedRouter := h.NewRoute().Subrouter()
-	restrictedRouter.Use(bouncer.RestrictedAccess)
-
-	teamLeaderRouter := h.NewRoute().Subrouter()
-	teamLeaderRouter.Use(bouncer.TeamLeaderAccess)
-
-	adminRouter.Handle("/teams", httperror.LoggerHandler(h.teamCreate)).Methods(http.MethodPost)
-	restrictedRouter.Handle("/teams", httperror.LoggerHandler(h.teamList)).Methods(http.MethodGet)
-	teamLeaderRouter.Handle("/teams/{id}", httperror.LoggerHandler(h.teamInspect)).Methods(http.MethodGet)
-	adminRouter.Handle("/teams/{id}", httperror.LoggerHandler(h.teamUpdate)).Methods(http.MethodPut)
-	adminRouter.Handle("/teams/{id}", httperror.LoggerHandler(h.teamDelete)).Methods(http.MethodDelete)
-	teamLeaderRouter.Handle("/teams/{id}/memberships", httperror.LoggerHandler(h.teamMemberships)).Methods(http.MethodGet)
+	h.Handle("/teams",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamCreate))).Methods(http.MethodPost)
+	h.Handle("/teams",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.teamList))).Methods(http.MethodGet)
+	h.Handle("/teams/{id}",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamInspect))).Methods(http.MethodGet)
+	h.Handle("/teams/{id}",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamUpdate))).Methods(http.MethodPut)
+	h.Handle("/teams/{id}",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamDelete))).Methods(http.MethodDelete)
+	h.Handle("/teams/{id}/memberships",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.teamMemberships))).Methods(http.MethodGet)

 	return h
 }
--- a/api/http/handler/teams/team_create.go
+++ b/api/http/handler/teams/team_create.go
@@ -14,8 +14,6 @@ import (
 type teamCreatePayload struct {
 	// Name
 	Name string `example:"developers" validate:"required"`
-	// TeamLeaders
-	TeamLeaders []portainer.UserID `example:"3,5"`
 }

 func (payload *teamCreatePayload) Validate(r *http.Request) error {
@@ -64,18 +62,5 @@ func (handler *Handler) teamCreate(w http.ResponseWriter, r *http.Request) *http
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the team inside the database", err}
 	}

-	for _, teamLeader := range payload.TeamLeaders {
-		membership := &portainer.TeamMembership{
-			UserID: teamLeader,
-			TeamID: team.ID,
-			Role:   portainer.TeamLeader,
-		}
-
-		err = handler.DataStore.TeamMembership().Create(membership)
-		if err != nil {
-			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist team leadership inside the database", err}
-		}
-	}
-
 	return response.JSON(w, team)
 }
--- a/api/http/handler/users/admin_init.go
+++ b/api/http/handler/users/admin_init.go
@@ -9,6 +9,7 @@ import (
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/internal/passwordutils"
 )

 type adminInitPayload struct {
@@ -57,7 +58,7 @@ func (handler *Handler) adminInit(w http.ResponseWriter, r *http.Request) *httpe
 		return &httperror.HandlerError{http.StatusConflict, "Unable to create administrator user", errAdminAlreadyInitialized}
 	}

-	if !handler.passwordStrengthChecker.Check(payload.Password) {
+	if !passwordutils.StrengthCheck(payload.Password) {
 		return &httperror.HandlerError{http.StatusBadRequest, "Password does not meet the requirements", nil}
 	}

--- a/api/http/handler/users/handler.go
+++ b/api/http/handler/users/handler.go
@@ -8,7 +8,6 @@ import (

 	"github.com/portainer/portainer/api/apikey"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/security"

 	"net/http"
@@ -31,51 +30,43 @@ func hideFields(user *portainer.User) {
 // Handler is the HTTP handler used to handle user operations.
 type Handler struct {
 	*mux.Router
-	bouncer                 *security.RequestBouncer
-	apiKeyService           apikey.APIKeyService
-	demoService             *demo.Service
-	DataStore               dataservices.DataStore
-	CryptoService           portainer.CryptoService
-	passwordStrengthChecker security.PasswordStrengthChecker
+	bouncer       *security.RequestBouncer
+	apiKeyService apikey.APIKeyService
+	DataStore     dataservices.DataStore
+	CryptoService portainer.CryptoService
 }

 // NewHandler creates a handler to manage user operations.
-func NewHandler(bouncer *security.RequestBouncer, rateLimiter *security.RateLimiter, apiKeyService apikey.APIKeyService, demoService *demo.Service, passwordStrengthChecker security.PasswordStrengthChecker) *Handler {
+func NewHandler(bouncer *security.RequestBouncer, rateLimiter *security.RateLimiter, apiKeyService apikey.APIKeyService) *Handler {
 	h := &Handler{
-		Router:                  mux.NewRouter(),
-		bouncer:                 bouncer,
-		apiKeyService:           apiKeyService,
-		demoService:             demoService,
-		passwordStrengthChecker: passwordStrengthChecker,
+		Router:        mux.NewRouter(),
+		bouncer:       bouncer,
+		apiKeyService: apiKeyService,
 	}
-
-	adminRouter := h.NewRoute().Subrouter()
-	adminRouter.Use(bouncer.AdminAccess)
-
-	teamLeaderRouter := h.NewRoute().Subrouter()
-	teamLeaderRouter.Use(bouncer.TeamLeaderAccess)
-
-	restrictedRouter := h.NewRoute().Subrouter()
-	restrictedRouter.Use(bouncer.RestrictedAccess)
-
-	authenticatedRouter := h.NewRoute().Subrouter()
-	authenticatedRouter.Use(bouncer.AuthenticatedAccess)
-
-	publicRouter := h.NewRoute().Subrouter()
-	publicRouter.Use(bouncer.PublicAccess)
-
-	adminRouter.Handle("/users", httperror.LoggerHandler(h.userCreate)).Methods(http.MethodPost)
-	restrictedRouter.Handle("/users", httperror.LoggerHandler(h.userList)).Methods(http.MethodGet)
-	restrictedRouter.Handle("/users/{id}", httperror.LoggerHandler(h.userInspect)).Methods(http.MethodGet)
-	authenticatedRouter.Handle("/users/{id}", httperror.LoggerHandler(h.userUpdate)).Methods(http.MethodPut)
-	adminRouter.Handle("/users/{id}", httperror.LoggerHandler(h.userDelete)).Methods(http.MethodDelete)
-	restrictedRouter.Handle("/users/{id}/tokens", httperror.LoggerHandler(h.userGetAccessTokens)).Methods(http.MethodGet)
-	restrictedRouter.Handle("/users/{id}/tokens", rateLimiter.LimitAccess(httperror.LoggerHandler(h.userCreateAccessToken))).Methods(http.MethodPost)
-	restrictedRouter.Handle("/users/{id}/tokens/{keyID}", httperror.LoggerHandler(h.userRemoveAccessToken)).Methods(http.MethodDelete)
-	restrictedRouter.Handle("/users/{id}/memberships", httperror.LoggerHandler(h.userMemberships)).Methods(http.MethodGet)
-	authenticatedRouter.Handle("/users/{id}/passwd", rateLimiter.LimitAccess(httperror.LoggerHandler(h.userUpdatePassword))).Methods(http.MethodPut)
-	publicRouter.Handle("/users/admin/check", httperror.LoggerHandler(h.adminCheck)).Methods(http.MethodGet)
-	publicRouter.Handle("/users/admin/init", httperror.LoggerHandler(h.adminInit)).Methods(http.MethodPost)
+	h.Handle("/users",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.userCreate))).Methods(http.MethodPost)
+	h.Handle("/users",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.userList))).Methods(http.MethodGet)
+	h.Handle("/users/{id}",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.userInspect))).Methods(http.MethodGet)
+	h.Handle("/users/{id}",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.userUpdate))).Methods(http.MethodPut)
+	h.Handle("/users/{id}",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.userDelete))).Methods(http.MethodDelete)
+	h.Handle("/users/{id}/tokens",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.userGetAccessTokens))).Methods(http.MethodGet)
+	h.Handle("/users/{id}/tokens",
+		rateLimiter.LimitAccess(bouncer.RestrictedAccess(httperror.LoggerHandler(h.userCreateAccessToken)))).Methods(http.MethodPost)
+	h.Handle("/users/{id}/tokens/{keyID}",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.userRemoveAccessToken))).Methods(http.MethodDelete)
+	h.Handle("/users/{id}/memberships",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.userMemberships))).Methods(http.MethodGet)
+	h.Handle("/users/{id}/passwd",
+		rateLimiter.LimitAccess(bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.userUpdatePassword)))).Methods(http.MethodPut)
+	h.Handle("/users/admin/check",
+		bouncer.PublicAccess(httperror.LoggerHandler(h.adminCheck))).Methods(http.MethodGet)
+	h.Handle("/users/admin/init",
+		bouncer.PublicAccess(httperror.LoggerHandler(h.adminInit))).Methods(http.MethodPost)

 	return h
 }
--- a/api/http/handler/users/user_create.go
+++ b/api/http/handler/users/user_create.go
@@ -9,6 +9,9 @@ import (
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
+	httperrors "github.com/portainer/portainer/api/http/errors"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/passwordutils"
 )

 type userCreatePayload struct {
@@ -32,7 +35,8 @@ func (payload *userCreatePayload) Validate(r *http.Request) error {
 // @id UserCreate
 // @summary Create a new user
 // @description Create a new Portainer user.
-// @description Only administrators can create users.
+// @description Only team leaders and administrators can create users.
+// @description Only administrators can create an administrator user account.
 // @description **Access policy**: restricted
 // @tags users
 // @security ApiKeyAuth
@@ -53,6 +57,19 @@ func (handler *Handler) userCreate(w http.ResponseWriter, r *http.Request) *http
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
 	}

+	securityContext, err := security.RetrieveRestrictedRequestContext(r)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
+	}
+
+	if !securityContext.IsAdmin && !securityContext.IsTeamLeader {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to create user", httperrors.ErrResourceAccessDenied}
+	}
+
+	if securityContext.IsTeamLeader && payload.Role == 1 {
+		return &httperror.HandlerError{http.StatusForbidden, "Permission denied to create administrator user", httperrors.ErrResourceAccessDenied}
+	}
+
 	user, err := handler.DataStore.User().UserByUsername(payload.Username)
 	if err != nil && !handler.DataStore.IsErrObjectNotFound(err) {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve users from the database", err}
@@ -78,7 +95,7 @@ func (handler *Handler) userCreate(w http.ResponseWriter, r *http.Request) *http
 	}

 	if settings.AuthenticationMethod == portainer.AuthenticationInternal {
-		if !handler.passwordStrengthChecker.Check(payload.Password) {
+		if !passwordutils.StrengthCheck(payload.Password) {
 			return &httperror.HandlerError{http.StatusBadRequest, "Password does not meet the requirements", nil}
 		}

--- a/api/http/handler/users/user_create_access_token_test.go
+++ b/api/http/handler/users/user_create_access_token_test.go
@@ -39,9 +39,8 @@ func Test_userCreateAccessToken(t *testing.T) {
 	apiKeyService := apikey.NewAPIKeyService(store.APIKeyRepository(), store.User())
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)
-	passwordChecker := security.NewPasswordStrengthChecker(store.SettingsService)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil, passwordChecker)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
 	h.DataStore = store

 	// generate standard and admin user tokens
--- a/api/http/handler/users/user_delete_test.go
+++ b/api/http/handler/users/user_delete_test.go
@@ -31,9 +31,8 @@ func Test_deleteUserRemovesAccessTokens(t *testing.T) {
 	apiKeyService := apikey.NewAPIKeyService(store.APIKeyRepository(), store.User())
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)
-	passwordChecker := security.NewPasswordStrengthChecker(store.SettingsService)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil, passwordChecker)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
 	h.DataStore = store

 	t.Run("standard user deletion removes all associated access tokens", func(t *testing.T) {
--- a/api/http/handler/users/user_get_access_tokens_test.go
+++ b/api/http/handler/users/user_get_access_tokens_test.go
@@ -38,9 +38,8 @@ func Test_userGetAccessTokens(t *testing.T) {
 	apiKeyService := apikey.NewAPIKeyService(store.APIKeyRepository(), store.User())
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)
-	passwordChecker := security.NewPasswordStrengthChecker(store.SettingsService)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil, passwordChecker)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
 	h.DataStore = store

 	// generate standard and admin user tokens
--- a/api/http/handler/users/user_remove_access_token_test.go
+++ b/api/http/handler/users/user_remove_access_token_test.go
@@ -36,9 +36,8 @@ func Test_userRemoveAccessToken(t *testing.T) {
 	apiKeyService := apikey.NewAPIKeyService(store.APIKeyRepository(), store.User())
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)
-	passwordChecker := security.NewPasswordStrengthChecker(store.SettingsService)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil, passwordChecker)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
 	h.DataStore = store

 	// generate standard and admin user tokens
--- a/api/http/handler/users/user_update.go
+++ b/api/http/handler/users/user_update.go
@@ -57,10 +57,6 @@ func (handler *Handler) userUpdate(w http.ResponseWriter, r *http.Request) *http
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid user identifier route variable", err}
 	}

-	if handler.demoService.IsDemoUser(portainer.UserID(userID)) {
-		return &httperror.HandlerError{http.StatusForbidden, httperrors.ErrNotAvailableInDemo.Error(), httperrors.ErrNotAvailableInDemo}
-	}
-
 	tokenData, err := security.RetrieveTokenData(r)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user authentication token", err}
--- a/api/http/handler/users/user_update_password.go
+++ b/api/http/handler/users/user_update_password.go
@@ -12,6 +12,7 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	httperrors "github.com/portainer/portainer/api/http/errors"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/passwordutils"
 )

 type userUpdatePasswordPayload struct {
@@ -54,10 +55,6 @@ func (handler *Handler) userUpdatePassword(w http.ResponseWriter, r *http.Reques
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid user identifier route variable", err}
 	}

-	if handler.demoService.IsDemoUser(portainer.UserID(userID)) {
-		return &httperror.HandlerError{http.StatusForbidden, httperrors.ErrNotAvailableInDemo.Error(), httperrors.ErrNotAvailableInDemo}
-	}
-
 	tokenData, err := security.RetrieveTokenData(r)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user authentication token", err}
@@ -82,10 +79,10 @@ func (handler *Handler) userUpdatePassword(w http.ResponseWriter, r *http.Reques

 	err = handler.CryptoService.CompareHashAndData(user.Password, payload.Password)
 	if err != nil {
-		return &httperror.HandlerError{http.StatusForbidden, "Current password doesn't match", errors.New("Current password does not match the password provided. Please try again")}
+		return &httperror.HandlerError{http.StatusForbidden, "Specified password do not match actual password", httperrors.ErrUnauthorized}
 	}

-	if !handler.passwordStrengthChecker.Check(payload.NewPassword) {
+	if !passwordutils.StrengthCheck(payload.NewPassword) {
 		return &httperror.HandlerError{http.StatusBadRequest, "Password does not meet the requirements", nil}
 	}

--- a/api/http/handler/users/user_update_test.go
+++ b/api/http/handler/users/user_update_test.go
@@ -31,9 +31,8 @@ func Test_updateUserRemovesAccessTokens(t *testing.T) {
 	apiKeyService := apikey.NewAPIKeyService(store.APIKeyRepository(), store.User())
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)
-	passwordChecker := security.NewPasswordStrengthChecker(store.SettingsService)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil, passwordChecker)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
 	h.DataStore = store

 	t.Run("standard user deletion removes all associated access tokens", func(t *testing.T) {
--- a/api/http/middlewares/demo.go
+++ b/api/http/middlewares/demo.go
@@ -1,23 +0,0 @@
-package middlewares
-
-import (
-	"net/http"
-
-	"github.com/gorilla/mux"
-	httperror "github.com/portainer/libhttp/error"
-	"github.com/portainer/portainer/api/http/errors"
-)
-
-// restrict functionality on demo environments
-func RestrictDemoEnv(isDemo func() bool) mux.MiddlewareFunc {
-	return func(next http.Handler) http.Handler {
-		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			if !isDemo() {
-				next.ServeHTTP(w, r)
-				return
-			}
-
-			httperror.WriteError(w, http.StatusBadRequest, errors.ErrNotAvailableInDemo.Error(), errors.ErrNotAvailableInDemo)
-		})
-	}
-}
--- a/api/http/middlewares/demo_test.go
+++ b/api/http/middlewares/demo_test.go
@@ -1,41 +0,0 @@
-package middlewares
-
-import (
-	"io"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_demoEnvironment_shouldFail(t *testing.T) {
-	r := httptest.NewRequest(http.MethodPost, "/", strings.NewReader(`{}`))
-	w := httptest.NewRecorder()
-
-	h := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {})
-
-	RestrictDemoEnv(func() bool { return true }).Middleware(h).ServeHTTP(w, r)
-
-	response := w.Result()
-	defer response.Body.Close()
-
-	assert.Equal(t, http.StatusBadRequest, response.StatusCode)
-
-	body, _ := io.ReadAll(response.Body)
-	assert.Contains(t, string(body), "This feature is not available in the demo version of Portainer")
-}
-
-func Test_notDemoEnvironment_shouldSucceed(t *testing.T) {
-	r := httptest.NewRequest(http.MethodPost, "/", strings.NewReader(`{}`))
-	w := httptest.NewRecorder()
-
-	h := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {})
-
-	RestrictDemoEnv(func() bool { return false }).Middleware(h).ServeHTTP(w, r)
-
-	response := w.Result()
-	assert.Equal(t, http.StatusOK, response.StatusCode)
-
-}
--- a/api/http/proxy/factory/docker.go
+++ b/api/http/proxy/factory/docker.go
@@ -64,7 +64,7 @@ func (factory *ProxyFactory) newDockerHTTPProxy(endpoint *portainer.Endpoint) (h
 		DockerClientFactory:  factory.dockerClientFactory,
 	}

-	dockerTransport, err := docker.NewTransport(transportParameters, httpTransport, factory.gitService)
+	dockerTransport, err := docker.NewTransport(transportParameters, httpTransport)
 	if err != nil {
 		return nil, err
 	}
--- a/api/http/proxy/factory/docker/networks.go
+++ b/api/http/proxy/factory/docker/networks.go
@@ -86,7 +86,7 @@ func findSystemNetworkResourceControl(networkObject map[string]interface{}) *por
 	networkID := networkObject[networkObjectIdentifier].(string)
 	networkName := networkObject[networkObjectName].(string)

-	if networkName == "bridge" || networkName == "host" || networkName == "ingress" || networkName == "nat" || networkName == "none" {
+	if networkName == "bridge" || networkName == "host" || networkName == "none" {
 		return authorization.NewSystemResourceControl(networkID, portainer.NetworkResourceControl)
 	}

--- a/api/http/proxy/factory/docker/registry.go
+++ b/api/http/proxy/factory/docker/registry.go
@@ -23,7 +23,7 @@ type (
 	}

 	portainerRegistryAuthenticationHeader struct {
-		RegistryId *portainer.RegistryID `json:"registryId"`
+		RegistryId portainer.RegistryID `json:"registryId"`
 	}
 )

--- a/api/http/proxy/factory/docker/transport.go
+++ b/api/http/proxy/factory/docker/transport.go
@@ -35,7 +35,6 @@ type (
 		signatureService     portainer.DigitalSignatureService
 		reverseTunnelService portainer.ReverseTunnelService
 		dockerClientFactory  *docker.ClientFactory
-		gitService           portainer.GitService
 	}

 	// TransportParameters is used to create a new Transport
@@ -63,7 +62,7 @@ type (
 )

 // NewTransport returns a pointer to a new Transport instance.
-func NewTransport(parameters *TransportParameters, httpTransport *http.Transport, gitService portainer.GitService) (*Transport, error) {
+func NewTransport(parameters *TransportParameters, httpTransport *http.Transport) (*Transport, error) {
 	transport := &Transport{
 		endpoint:             parameters.Endpoint,
 		dataStore:            parameters.DataStore,
@@ -71,7 +70,6 @@ func NewTransport(parameters *TransportParameters, httpTransport *http.Transport
 		reverseTunnelService: parameters.ReverseTunnelService,
 		dockerClientFactory:  parameters.DockerClientFactory,
 		HTTPTransport:        httpTransport,
-		gitService:           gitService,
 	}

 	return transport, nil
@@ -383,31 +381,9 @@ func (transport *Transport) proxyTaskRequest(request *http.Request) (*http.Respo
 }

 func (transport *Transport) proxyBuildRequest(request *http.Request) (*http.Response, error) {
-	err := transport.updateDefaultGitBranch(request)
-	if err != nil {
-		return nil, err
-	}
 	return transport.interceptAndRewriteRequest(request, buildOperation)
 }

-func (transport *Transport) updateDefaultGitBranch(request *http.Request) error {
-	remote := request.URL.Query().Get("remote")
-	if strings.HasSuffix(remote, ".git") {
-		repositoryURL := remote[:len(remote)-4]
-		latestCommitID, err := transport.gitService.LatestCommitID(repositoryURL, "", "", "")
-		if err != nil {
-			return err
-		}
-		newRemote := fmt.Sprintf("%s#%s", remote, latestCommitID)
-
-		q := request.URL.Query()
-		q.Set("remote", newRemote)
-		request.URL.RawQuery = q.Encode()
-	}
-
-	return nil
-}
-
 func (transport *Transport) proxyImageRequest(request *http.Request) (*http.Response, error) {
 	switch requestPath := request.URL.Path; requestPath {
 	case "/images/create":
@@ -446,20 +422,7 @@ func (transport *Transport) decorateRegistryAuthenticationHeader(request *http.R
 			return err
 		}

-		// delete header and exist function without error if Front End
-		// passes empty json. This is to restore original behavior which
-		// never originally passed this header
-		if string(decodedHeaderData) == "{}" {
-			request.Header.Del("X-Registry-Auth")
-			return nil
-		}
-
-		// only set X-Registry-Auth if registryId is defined
-		if originalHeaderData.RegistryId == nil {
-			return nil
-		}
-
-		authenticationHeader, err := createRegistryAuthenticationHeader(transport.dataStore, *originalHeaderData.RegistryId, accessContext)
+		authenticationHeader, err := createRegistryAuthenticationHeader(transport.dataStore, originalHeaderData.RegistryId, accessContext)
 		if err != nil {
 			return err
 		}
--- a/api/http/proxy/factory/docker/transport_test.go
+++ b/api/http/proxy/factory/docker/transport_test.go
@@ -1,73 +0,0 @@
-package docker
-
-import (
-	portainer "github.com/portainer/portainer/api"
-	"github.com/stretchr/testify/assert"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-)
-
-type noopGitService struct{}
-
-func (s *noopGitService) CloneRepository(destination string, repositoryURL, referenceName, username, password string) error {
-	return nil
-}
-func (s *noopGitService) LatestCommitID(repositoryURL, referenceName, username, password string) (string, error) {
-	return "my-latest-commit-id", nil
-}
-
-func TestTransport_updateDefaultGitBranch(t *testing.T) {
-	type fields struct {
-		gitService portainer.GitService
-	}
-
-	type args struct {
-		request *http.Request
-	}
-
-	defaultFields := fields{
-		gitService: &noopGitService{},
-	}
-
-	tests := []struct {
-		name          string
-		fields        fields
-		args          args
-		wantErr       bool
-		expectedQuery string
-	}{
-		{
-			name:   "append commit ID",
-			fields: defaultFields,
-			args: args{
-				request: httptest.NewRequest(http.MethodPost, "http://unixsocket/build?dockerfile=Dockerfile&remote=https://my-host.com/my-user/my-repo.git&t=my-image", nil),
-			},
-			wantErr:       false,
-			expectedQuery: "dockerfile=Dockerfile&remote=https%3A%2F%2Fmy-host.com%2Fmy-user%2Fmy-repo.git%23my-latest-commit-id&t=my-image",
-		},
-		{
-			name:   "not append commit ID",
-			fields: defaultFields,
-			args: args{
-				request: httptest.NewRequest(http.MethodPost, "http://unixsocket/build?dockerfile=Dockerfile&remote=https://my-host.com/my-user/my-repo/my-file&t=my-image", nil),
-			},
-			wantErr:       false,
-			expectedQuery: "dockerfile=Dockerfile&remote=https://my-host.com/my-user/my-repo/my-file&t=my-image",
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			transport := &Transport{
-				gitService: tt.fields.gitService,
-			}
-			err := transport.updateDefaultGitBranch(tt.args.request)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("updateDefaultGitBranch() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-
-			assert.Equal(t, tt.expectedQuery, tt.args.request.URL.RawQuery)
-		})
-	}
-}
--- a/api/http/proxy/factory/docker_unix.go
+++ b/api/http/proxy/factory/docker_unix.go
@@ -22,7 +22,7 @@ func (factory ProxyFactory) newOSBasedLocalProxy(path string, endpoint *portaine

 	proxy := &dockerLocalProxy{}

-	dockerTransport, err := docker.NewTransport(transportParameters, newSocketTransport(path), factory.gitService)
+	dockerTransport, err := docker.NewTransport(transportParameters, newSocketTransport(path))
 	if err != nil {
 		return nil, err
 	}
--- a/api/http/proxy/factory/docker_windows.go
+++ b/api/http/proxy/factory/docker_windows.go
@@ -23,7 +23,7 @@ func (factory ProxyFactory) newOSBasedLocalProxy(path string, endpoint *portaine

 	proxy := &dockerLocalProxy{}

-	dockerTransport, err := docker.NewTransport(transportParameters, newNamedPipeTransport(path), factory.gitService)
+	dockerTransport, err := docker.NewTransport(transportParameters, newNamedPipeTransport(path))
 	if err != nil {
 		return nil, err
 	}
--- a/api/http/proxy/factory/factory.go
+++ b/api/http/proxy/factory/factory.go
@@ -23,12 +23,11 @@ type (
 		dockerClientFactory         *docker.ClientFactory
 		kubernetesClientFactory     *cli.ClientFactory
 		kubernetesTokenCacheManager *kubernetes.TokenCacheManager
-		gitService                  portainer.GitService
 	}
 )

 // NewProxyFactory returns a pointer to a new instance of a ProxyFactory
-func NewProxyFactory(dataStore dataservices.DataStore, signatureService portainer.DigitalSignatureService, tunnelService portainer.ReverseTunnelService, clientFactory *docker.ClientFactory, kubernetesClientFactory *cli.ClientFactory, kubernetesTokenCacheManager *kubernetes.TokenCacheManager, gitService portainer.GitService) *ProxyFactory {
+func NewProxyFactory(dataStore dataservices.DataStore, signatureService portainer.DigitalSignatureService, tunnelService portainer.ReverseTunnelService, clientFactory *docker.ClientFactory, kubernetesClientFactory *cli.ClientFactory, kubernetesTokenCacheManager *kubernetes.TokenCacheManager) *ProxyFactory {
 	return &ProxyFactory{
 		dataStore:                   dataStore,
 		signatureService:            signatureService,
@@ -36,7 +35,6 @@ func NewProxyFactory(dataStore dataservices.DataStore, signatureService portaine
 		dockerClientFactory:         clientFactory,
 		kubernetesClientFactory:     kubernetesClientFactory,
 		kubernetesTokenCacheManager: kubernetesTokenCacheManager,
-		gitService:                  gitService,
 	}
 }

--- a/api/http/proxy/manager.go
+++ b/api/http/proxy/manager.go
@@ -25,11 +25,11 @@ type (
 )

 // NewManager initializes a new proxy Service
-func NewManager(dataStore dataservices.DataStore, signatureService portainer.DigitalSignatureService, tunnelService portainer.ReverseTunnelService, clientFactory *docker.ClientFactory, kubernetesClientFactory *cli.ClientFactory, kubernetesTokenCacheManager *kubernetes.TokenCacheManager, gitService portainer.GitService) *Manager {
+func NewManager(dataStore dataservices.DataStore, signatureService portainer.DigitalSignatureService, tunnelService portainer.ReverseTunnelService, clientFactory *docker.ClientFactory, kubernetesClientFactory *cli.ClientFactory, kubernetesTokenCacheManager *kubernetes.TokenCacheManager) *Manager {
 	return &Manager{
 		endpointProxies:  cmap.New(),
 		k8sClientFactory: kubernetesClientFactory,
-		proxyFactory:     factory.NewProxyFactory(dataStore, signatureService, tunnelService, clientFactory, kubernetesClientFactory, kubernetesTokenCacheManager, gitService),
+		proxyFactory:     factory.NewProxyFactory(dataStore, signatureService, tunnelService, clientFactory, kubernetesClientFactory, kubernetesTokenCacheManager),
 	}
 }

--- a/api/http/security/authorization.go
+++ b/api/http/security/authorization.go
@@ -103,16 +103,6 @@ func AuthorizedTeamManagement(teamID portainer.TeamID, context *RestrictedReques
 	return false
 }

-// AuthorizedIsTeamLeader ensure that the user is an admin or a team leader
-func AuthorizedIsTeamLeader(context *RestrictedRequestContext) bool {
-	return context.IsAdmin || context.IsTeamLeader
-}
-
-// AuthorizedIsAdmin ensure that the user is an admin
-func AuthorizedIsAdmin(context *RestrictedRequestContext) bool {
-	return context.IsAdmin
-}
-
 // authorizedEndpointAccess ensure that the user can access the specified environment(endpoint).
 // It will check if the user is part of the authorized users or part of a team that is
 // listed in the authorized teams of the environment(endpoint) and the associated group.
--- a/api/http/security/bouncer.go
+++ b/api/http/security/bouncer.go
@@ -78,19 +78,6 @@ func (bouncer *RequestBouncer) RestrictedAccess(h http.Handler) http.Handler {
 	return h
 }

-// TeamLeaderAccess defines a security check for APIs require team leader privilege
-//
-// Bouncer operations are applied backwards:
-//  - Parse the JWT from the request and stored in context, user has to be authenticated
-//  - Upgrade to the restricted request
-//  - User is admin or team leader
-func (bouncer *RequestBouncer) TeamLeaderAccess(h http.Handler) http.Handler {
-	h = bouncer.mwIsTeamLeader(h)
-	h = bouncer.mwUpgradeToRestrictedRequest(h)
-	h = bouncer.mwAuthenticatedUser(h)
-	return h
-}
-
 // AuthenticatedAccess defines a security check for restricted API environments(endpoints).
 // Authentication is required to access these environments(endpoints).
 // The request context will be enhanced with a RestrictedRequestContext object
@@ -145,7 +132,7 @@ func (bouncer *RequestBouncer) AuthorizedEdgeEndpointOperation(r *http.Request,
 	}

 	if endpoint.EdgeID != "" && endpoint.EdgeID != edgeIdentifier {
-		return errors.New("invalid Edge identifier")
+		return errors.New(fmt.Sprintf("invalid Edge identifier for endpoint %d. Expecting: %s - Received: %s", endpoint.ID, endpoint.EdgeID, edgeIdentifier))
 	}

 	if endpoint.LastCheckInDate > 0 || endpoint.UserTrusted {
@@ -232,24 +219,6 @@ func (bouncer *RequestBouncer) mwUpgradeToRestrictedRequest(next http.Handler) h
 	})
 }

-// mwIsTeamLeader will verify that the user is an admin or a team leader
-func (bouncer *RequestBouncer) mwIsTeamLeader(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		securityContext, err := RetrieveRestrictedRequestContext(r)
-		if err != nil {
-			httperror.WriteError(w, http.StatusInternalServerError, "Unable to retrieve restricted request context ", err)
-			return
-		}
-
-		if !securityContext.IsAdmin && !securityContext.IsTeamLeader {
-			httperror.WriteError(w, http.StatusForbidden, "Access denied", httperrors.ErrUnauthorized)
-			return
-		}
-
-		next.ServeHTTP(w, r)
-	})
-}
-
 // mwAuthenticateFirst authenticates a request an auth token.
 // A result of a first succeded token lookup would be used for the authentication.
 func (bouncer *RequestBouncer) mwAuthenticateFirst(tokenLookups []tokenLookup, next http.Handler) http.Handler {
--- a/api/http/security/filter.go
+++ b/api/http/security/filter.go
@@ -81,11 +81,11 @@ func FilterRegistries(registries []portainer.Registry, user *portainer.User, tea
 }

 // FilterEndpoints filters environments(endpoints) based on user role and team memberships.
-// Non administrator and non-team-leader only have access to authorized environments(endpoints) (can be inherited via endpoint groups).
+// Non administrator users only have access to authorized environments(endpoints) (can be inherited via endpoint groups).
 func FilterEndpoints(endpoints []portainer.Endpoint, groups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.Endpoint {
 	filteredEndpoints := endpoints

-	if !context.IsAdmin && !context.IsTeamLeader {
+	if !context.IsAdmin {
 		filteredEndpoints = make([]portainer.Endpoint, 0)

 		for _, endpoint := range endpoints {
@@ -101,11 +101,11 @@ func FilterEndpoints(endpoints []portainer.Endpoint, groups []portainer.Endpoint
 }

 // FilterEndpointGroups filters environment(endpoint) groups based on user role and team memberships.
-// Non administrator users and Non-team-leaders only have access to authorized environment(endpoint) groups.
+// Non administrator users only have access to authorized environment(endpoint) groups.
 func FilterEndpointGroups(endpointGroups []portainer.EndpointGroup, context *RestrictedRequestContext) []portainer.EndpointGroup {
 	filteredEndpointGroups := endpointGroups

-	if !context.IsAdmin && !context.IsTeamLeader {
+	if !context.IsAdmin {
 		filteredEndpointGroups = make([]portainer.EndpointGroup, 0)

 		for _, group := range endpointGroups {
--- a/api/http/security/passwordStrengthCheck.go
+++ b/api/http/security/passwordStrengthCheck.go
@@ -1,35 +0,0 @@
-package security
-
-import (
-	portainer "github.com/portainer/portainer/api"
-	"github.com/sirupsen/logrus"
-)
-
-type PasswordStrengthChecker interface {
-	Check(password string) bool
-}
-
-type passwordStrengthChecker struct {
-	settings settingsService
-}
-
-func NewPasswordStrengthChecker(settings settingsService) *passwordStrengthChecker {
-	return &passwordStrengthChecker{
-		settings: settings,
-	}
-}
-
-// Check returns true if the password is strong enough
-func (c *passwordStrengthChecker) Check(password string) bool {
-	s, err := c.settings.Settings()
-	if err != nil {
-		logrus.WithError(err).Warn("failed to fetch Portainer settings to validate user password")
-		return true
-	}
-
-	return len(password) >= s.InternalAuthSettings.RequiredPasswordLength
-}
-
-type settingsService interface {
-	Settings() (*portainer.Settings, error)
-}
--- a/api/http/server.go
+++ b/api/http/server.go
@@ -15,7 +15,6 @@ import (
 	"github.com/portainer/portainer/api/apikey"
 	"github.com/portainer/portainer/api/crypto"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/docker"
 	"github.com/portainer/portainer/api/http/handler"
 	"github.com/portainer/portainer/api/http/handler/auth"
@@ -99,7 +98,6 @@ type Server struct {
 	ShutdownCtx                 context.Context
 	ShutdownTrigger             context.CancelFunc
 	StackDeployer               stackdeployer.StackDeployer
-	DemoService                 *demo.Service
 }

 // Start starts the HTTP server
@@ -111,9 +109,7 @@ func (server *Server) Start() error {
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)
 	offlineGate := offlinegate.NewOfflineGate()

-	passwordStrengthChecker := security.NewPasswordStrengthChecker(server.DataStore.Settings())
-
-	var authHandler = auth.NewHandler(requestBouncer, rateLimiter, passwordStrengthChecker)
+	var authHandler = auth.NewHandler(requestBouncer, rateLimiter)
 	authHandler.DataStore = server.DataStore
 	authHandler.CryptoService = server.CryptoService
 	authHandler.JWTService = server.JWTService
@@ -125,15 +121,7 @@ func (server *Server) Start() error {
 	adminMonitor := adminmonitor.New(5*time.Minute, server.DataStore, server.ShutdownCtx)
 	adminMonitor.Start()

-	var backupHandler = backup.NewHandler(
-		requestBouncer,
-		server.DataStore,
-		offlineGate,
-		server.FileService.GetDatastorePath(),
-		server.ShutdownTrigger,
-		adminMonitor,
-		server.DemoService,
-	)
+	var backupHandler = backup.NewHandler(requestBouncer, server.DataStore, offlineGate, server.FileService.GetDatastorePath(), server.ShutdownTrigger, adminMonitor)

 	var roleHandler = roles.NewHandler(requestBouncer)
 	roleHandler.DataStore = server.DataStore
@@ -159,7 +147,7 @@ func (server *Server) Start() error {
 	var edgeTemplatesHandler = edgetemplates.NewHandler(requestBouncer)
 	edgeTemplatesHandler.DataStore = server.DataStore

-	var endpointHandler = endpoints.NewHandler(requestBouncer, server.DemoService)
+	var endpointHandler = endpoints.NewHandler(requestBouncer)
 	endpointHandler.DataStore = server.DataStore
 	endpointHandler.FileService = server.FileService
 	endpointHandler.ProxyManager = server.ProxyManager
@@ -206,7 +194,7 @@ func (server *Server) Start() error {
 	var resourceControlHandler = resourcecontrols.NewHandler(requestBouncer)
 	resourceControlHandler.DataStore = server.DataStore

-	var settingsHandler = settings.NewHandler(requestBouncer, server.DemoService)
+	var settingsHandler = settings.NewHandler(requestBouncer)
 	settingsHandler.DataStore = server.DataStore
 	settingsHandler.FileService = server.FileService
 	settingsHandler.JWTService = server.JWTService
@@ -246,7 +234,7 @@ func (server *Server) Start() error {
 	var teamMembershipHandler = teammemberships.NewHandler(requestBouncer)
 	teamMembershipHandler.DataStore = server.DataStore

-	var statusHandler = status.NewHandler(requestBouncer, server.Status, server.DemoService)
+	var statusHandler = status.NewHandler(requestBouncer, server.Status)

 	var templatesHandler = templates.NewHandler(requestBouncer)
 	templatesHandler.DataStore = server.DataStore
@@ -256,7 +244,7 @@ func (server *Server) Start() error {
 	var uploadHandler = upload.NewHandler(requestBouncer)
 	uploadHandler.FileService = server.FileService

-	var userHandler = users.NewHandler(requestBouncer, rateLimiter, server.APIKeyService, server.DemoService, passwordStrengthChecker)
+	var userHandler = users.NewHandler(requestBouncer, rateLimiter, server.APIKeyService)
 	userHandler.DataStore = server.DataStore
 	userHandler.CryptoService = server.CryptoService

--- a/api/internal/passwordutils/strengthCheck.go
+++ b/api/internal/passwordutils/strengthCheck.go
@@ -0,0 +1,33 @@
+package passwordutils
+
+import (
+	"regexp"
+)
+
+const MinPasswordLen = 12
+
+func lengthCheck(password string) bool {
+	return len(password) >= MinPasswordLen
+}
+
+func comboCheck(password string) bool {
+	count := 0
+	regexps := [4]*regexp.Regexp{
+		regexp.MustCompile(`[a-z]`),
+		regexp.MustCompile(`[A-Z]`),
+		regexp.MustCompile(`[0-9]`),
+		regexp.MustCompile(`[\W_]`),
+	}
+
+	for _, re := range regexps {
+		if re.FindString(password) != "" {
+			count += 1
+		}
+	}
+
+	return count >= 3
+}
+
+func StrengthCheck(password string) bool {
+	return lengthCheck(password) && comboCheck(password)
+}
--- a/api/internal/passwordutils/strengthCheck_test.go
+++ b/api/internal/passwordutils/strengthCheck_test.go
@@ -1,14 +1,8 @@
-package security
+package passwordutils

-import (
-	"testing"
-
-	portainer "github.com/portainer/portainer/api"
-)
+import "testing"

 func TestStrengthCheck(t *testing.T) {
-	checker := NewPasswordStrengthChecker(settingsStub{minLength: 12})
-
 	type args struct {
 		password string
 	}
@@ -19,9 +13,9 @@ func TestStrengthCheck(t *testing.T) {
 	}{
 		{"Empty password", args{""}, false},
 		{"Short password", args{"portainer"}, false},
-		{"Short password", args{"portaienr!@#"}, true},
+		{"Short password", args{"portaienr!@#"}, false},
 		{"Week password", args{"12345678!@#"}, false},
-		{"Week password", args{"portaienr123"}, true},
+		{"Week password", args{"portaienr123"}, false},
 		{"Good password", args{"Portainer123"}, true},
 		{"Good password", args{"Portainer___"}, true},
 		{"Good password", args{"^portainer12"}, true},
@@ -29,21 +23,9 @@ func TestStrengthCheck(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if gotStrong := checker.Check(tt.args.password); gotStrong != tt.wantStrong {
+			if gotStrong := StrengthCheck(tt.args.password); gotStrong != tt.wantStrong {
 				t.Errorf("StrengthCheck() = %v, want %v", gotStrong, tt.wantStrong)
 			}
 		})
 	}
 }
-
-type settingsStub struct {
-	minLength int
-}
-
-func (s settingsStub) Settings() (*portainer.Settings, error) {
-	return &portainer.Settings{
-		InternalAuthSettings: portainer.InternalAuthSettings{
-			RequiredPasswordLength: s.minLength,
-		},
-	}, nil
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
andres-portainer	da3856503f	[WIP] Optimize buildEdgeStacks()	2022-05-11 19:38:55 -03:00
andres-portainer	0b6362a4bd	Merge branch 'develop' into debug-api-endpoint	2022-05-10 18:00:25 -03:00
andres-portainer	8bbb6e5a6e	Revert "Add caching to EdgeStack." This reverts commit `ea71ce44fa`.	2022-05-08 16:41:11 -03:00
andres-portainer	ea71ce44fa	Add caching to EdgeStack.	2022-05-06 21:45:06 -03:00
matias.spinarolli	a3f2b4b0af	feat(ssl): use ECDSA instead of RSA to generate the self-signed certificates EE-3097	2022-05-06 19:35:52 -03:00
andres-portainer	f4c7896046	Add cache invalidation to avoid breaking data migration.	2022-05-05 19:40:40 -03:00
andres-portainer	b1272b9da3	Merge branch 'develop' into debug-api-endpoint	2022-05-05 19:17:57 -03:00
andres-portainer	943c0a6256	Avoid allocating on nil values.	2022-05-05 19:12:06 -03:00
andres-portainer	d245e196c1	Merge branch 'debug-api-endpoint' of github.com:portainer/portainer into debug-api-endpoint	2022-05-05 18:45:47 -03:00
andres-portainer	d6abf03d42	Cache the Settings object.	2022-05-05 18:44:11 -03:00
andres-portainer	f98585d832	Avoid a call to Endpoint().GetNextIdentifier().	2022-05-05 18:43:16 -03:00
deviantony	bc3e973830	Merge branch 'develop' into debug-api-endpoint	2022-05-05 21:31:20 +00:00
deviantony	0292523855	refactor(edge): rollback to original error message	2022-05-04 18:30:05 +00:00
deviantony	044d756626	feat(edge): remove logrus calls	2022-05-04 18:28:31 +00:00
deviantony	a9c0c5f835	feat(edge): rollback go routine changes	2022-05-04 18:13:58 +00:00
deviantony	2b0a519c36	feat(edge): update edge status logic	2022-05-04 01:42:55 +00:00
yi-portainer	871da94da0	* remove endpoint update for testing	2022-05-04 12:07:27 +12:00
andres-portainer	81faf20f20	Add pprof handlers.	2022-05-03 19:42:26 -03:00
deviantony	b8757ac8eb	Merge branch 'develop' into debug-api-endpoint	2022-05-03 04:34:27 +00:00
deviantony	b927e08d5e	feat(http): add debug logs	2022-05-03 04:33:50 +00:00
deviantony	e2188edc9d	feat(http): update logging format	2022-04-30 20:05:16 +00:00
deviantony	97d2a3bdf3	feat(http): add debug logs in	2022-04-30 19:45:46 +00:00