refactor(ui/button): remove duplicate data-cy

refactor(kube/apps): migrate table to react [EE-4685] (#11028 )
refactor(rbac): migrate access table to react [EE-4710] (#10823 )
2024-04-14 13:49:21 +03:00 · 2024-04-11 10:11:17 +03:00 · 2024-04-11 09:49:38 +03:00 · 2024-04-11 09:29:30 +03:00 · 2024-04-11 12:11:38 +12:00 · 2024-04-10 08:56:02 +03:00
1393 changed files with 18534 additions and 18055 deletions
--- a/.eslintrc.yml
+++ b/.eslintrc.yml
@@ -140,9 +140,11 @@ overrides:
      'react/jsx-no-constructed-context-values': off
      '@typescript-eslint/no-restricted-imports': off
      no-restricted-imports: off
+      'react/jsx-props-no-spreading': off
  - files:
      - app/**/*.stories.*
    rules:
      'no-alert': off
      '@typescript-eslint/no-restricted-imports': off
      no-restricted-imports: off
+      'react/jsx-props-no-spreading': off
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -93,6 +93,8 @@ body:
      description: We only provide support for the most recent version of Portainer and the previous 3 versions. If you are on an older version of Portainer we recommend [upgrading first](https://docs.portainer.io/start/upgrade) in case your bug has already been fixed.
      multiple: false
      options:
+        - '2.20.1'
+        - '2.20.0'
        - '2.19.4'
        - '2.19.3'
        - '2.19.2'
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -22,7 +22,7 @@ on:
 env:
  DOCKER_HUB_REPO: portainerci/portainer-ce
  EXTENSION_HUB_REPO: portainerci/portainer-docker-extension
-  GO_VERSION: 1.21.11
+  GO_VERSION: 1.21.6
  NODE_VERSION: 18.x

 jobs:
@@ -34,6 +34,7 @@ jobs:
          - { platform: linux, arch: arm64, version: "" }
          - { platform: linux, arch: arm, version: "" }
          - { platform: linux, arch: ppc64le, version: "" }
+          - { platform: linux, arch: s390x, version: "" }
          - { platform: windows, arch: amd64, version: 1809 }
          - { platform: windows, arch: amd64, version: ltsc2022 }
    runs-on: ubuntu-latest
@@ -145,22 +146,31 @@ jobs:
            # for instance, feature/1.0.0 -> feature-1.0.0
            CONTAINER_IMAGE_TAG=$(echo $GITHUB_REF_NAME | sed 's/\//-/g')
          fi
+
          docker buildx imagetools create -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}" \
            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-amd64" \
            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm64" \
            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm" \
            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-ppc64le" \
+            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-s390x" \
            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-windows1809-amd64" \
            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-windowsltsc2022-amd64"
          
          docker buildx imagetools create -t "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-alpine" \
            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-amd64-alpine" \
            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm64-alpine" \
-            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm-alpine" \
-            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-ppc64le-alpine"
+            "${DOCKER_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm-alpine"
            
          if [[ "${GITHUB_REF_NAME}" =~ ^release/.*$ ]]; then
            docker buildx imagetools create -t "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}" \
              "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-amd64" \
-              "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm64"
+              "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm64" \
+              "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm" \
+              "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-ppc64le" \
+              "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-s390x"
+            
+            docker buildx imagetools create -t "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-alpine" \
+              "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-amd64-alpine" \
+              "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm64-alpine" \
+              "${EXTENSION_HUB_REPO}:${CONTAINER_IMAGE_TAG}-linux-arm-alpine"
          fi
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -18,7 +18,7 @@ on:
      - ready_for_review

 env:
-  GO_VERSION: 1.21.9
+  GO_VERSION: 1.21.6
  NODE_VERSION: 18.x

 jobs:
--- a/.github/workflows/nightly-security-scan.yml
+++ b/.github/workflows/nightly-security-scan.yml
@@ -6,7 +6,7 @@ on:
  workflow_dispatch:

 env:
-  GO_VERSION: 1.21.9
+  GO_VERSION: 1.21.6

 jobs:
  client-dependencies:
--- a/.github/workflows/pr-security.yml
+++ b/.github/workflows/pr-security.yml
@@ -14,7 +14,7 @@ on:
      - '.github/workflows/pr-security.yml'

 env:
-  GO_VERSION: 1.21.9
+  GO_VERSION: 1.21.6
  NODE_VERSION: 18.x

 jobs:
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -1,11 +1,10 @@
 name: Test

 env:
-  GO_VERSION: 1.21.9
+  GO_VERSION: 1.21.6
  NODE_VERSION: 18.x

 on:
-  workflow_dispatch:
  pull_request:
    branches:
      - master
@@ -28,22 +27,15 @@ jobs:
    if: github.event.pull_request.draft == false

    steps:
-      - name: 'checkout the current branch'
-        uses: actions/checkout@v4.1.1
-        with:
-          ref: ${{ github.event.inputs.branch }}
-
-      - name: 'set up node.js'
-        uses: actions/setup-node@v4.0.1
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'yarn'
-
      - run: yarn --frozen-lockfile

      - name: Run tests
        run: make test-client ARGS="--maxWorkers=2 --minWorkers=1"
-
  test-server:
    strategy:
      matrix:
@@ -56,21 +48,9 @@ jobs:
    if: github.event.pull_request.draft == false

    steps:
-      - name: 'checkout the current branch'
-        uses: actions/checkout@v4.1.1
-        with:
-          ref: ${{ github.event.inputs.branch }}
-
-      - name: 'set up golang'
-        uses: actions/setup-go@v5.0.0
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
        with:
          go-version: ${{ env.GO_VERSION }}
-
-      - name: 'install dependencies'
-        run: make test-deps PLATFORM=linux ARCH=amd64
-
-      - name: 'update $PATH'
-        run: echo "$(pwd)/dist" >> $GITHUB_PATH
-
-      - name: 'run tests'
+      - name: Run tests
        run: make test-server
--- a/.github/workflows/validate-openapi-spec.yaml
+++ b/.github/workflows/validate-openapi-spec.yaml
@@ -13,7 +13,7 @@ on:
      - ready_for_review

 env:
-  GO_VERSION: 1.21.9
+  GO_VERSION: 1.21.6
  NODE_VERSION: 18.x

 jobs:
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -1,4 +1,4 @@
 #!/usr/bin/env sh
 . "$(dirname -- "$0")/_/husky.sh"

-cd $(dirname -- "$0") && yarn lint-staged
+yarn lint-staged
--- a/.storybook/preview.tsx
+++ b/.storybook/preview.tsx
@@ -8,6 +8,7 @@ import { QueryClient, QueryClientProvider } from 'react-query';
 initMSW(
  {
    onUnhandledRequest: ({ method, url }) => {
+      console.log(method, url);
      if (url.startsWith('/api')) {
        console.error(`Unhandled ${method} request to ${url}.

--- a/3
+++ b/3
@@ -64,9 +64,6 @@ clean: ## Remove all build and download artifacts
 .PHONY: test test-client test-server
 test: test-server test-client ## Run all tests

-test-deps: init-dist
-	./build/download_docker_compose_binary.sh $(PLATFORM) $(ARCH) $(shell jq -r '.dockerCompose' < "./binary-version.json")
-
 test-client: ## Run client tests
 	yarn test $(ARGS)

--- a/api/backup/backup.go
+++ b/api/backup/backup.go
@@ -82,8 +82,7 @@ func CreateBackupArchive(password string, gate *offlinegate.OfflineGate, datasto
 }

 func backupDb(backupDirPath string, datastore dataservices.DataStore) error {
-	dbFileName := datastore.Connection().GetDatabaseFileName()
-	_, err := datastore.Backup(filepath.Join(backupDirPath, dbFileName))
+	_, err := datastore.Backup(filepath.Join(backupDirPath, "portainer.db"))
 	return err
 }

--- a/api/chisel/schedules.go
+++ b/api/chisel/schedules.go
@@ -5,17 +5,6 @@ import (
 	"github.com/portainer/portainer/api/internal/edge/cache"
 )

-// EdgeJobs retrieves the edge jobs for the given environment
-func (service *Service) EdgeJobs(endpointID portainer.EndpointID) []portainer.EdgeJob {
-	service.mu.RLock()
-	defer service.mu.RUnlock()
-
-	return append(
-		make([]portainer.EdgeJob, 0, len(service.edgeJobs[endpointID])),
-		service.edgeJobs[endpointID]...,
-	)
-}
-
 // AddEdgeJob register an EdgeJob inside the tunnel details associated to an environment(endpoint).
 func (service *Service) AddEdgeJob(endpoint *portainer.Endpoint, edgeJob *portainer.EdgeJob) {
 	if endpoint.Edge.AsyncMode {
@@ -23,10 +12,10 @@ func (service *Service) AddEdgeJob(endpoint *portainer.Endpoint, edgeJob *portai
 	}

 	service.mu.Lock()
-	defer service.mu.Unlock()
+	tunnel := service.getTunnelDetails(endpoint.ID)

 	existingJobIndex := -1
-	for idx, existingJob := range service.edgeJobs[endpoint.ID] {
+	for idx, existingJob := range tunnel.Jobs {
 		if existingJob.ID == edgeJob.ID {
 			existingJobIndex = idx

@@ -35,28 +24,30 @@ func (service *Service) AddEdgeJob(endpoint *portainer.Endpoint, edgeJob *portai
 	}

 	if existingJobIndex == -1 {
-		service.edgeJobs[endpoint.ID] = append(service.edgeJobs[endpoint.ID], *edgeJob)
+		tunnel.Jobs = append(tunnel.Jobs, *edgeJob)
 	} else {
-		service.edgeJobs[endpoint.ID][existingJobIndex] = *edgeJob
+		tunnel.Jobs[existingJobIndex] = *edgeJob
 	}

 	cache.Del(endpoint.ID)
+
+	service.mu.Unlock()
 }

 // RemoveEdgeJob will remove the specified Edge job from each tunnel it was registered with.
 func (service *Service) RemoveEdgeJob(edgeJobID portainer.EdgeJobID) {
 	service.mu.Lock()

-	for endpointID := range service.edgeJobs {
+	for endpointID, tunnel := range service.tunnelDetailsMap {
 		n := 0
-		for _, edgeJob := range service.edgeJobs[endpointID] {
+		for _, edgeJob := range tunnel.Jobs {
 			if edgeJob.ID != edgeJobID {
-				service.edgeJobs[endpointID][n] = edgeJob
+				tunnel.Jobs[n] = edgeJob
 				n++
 			}
 		}

-		service.edgeJobs[endpointID] = service.edgeJobs[endpointID][:n]
+		tunnel.Jobs = tunnel.Jobs[:n]

 		cache.Del(endpointID)
 	}
@@ -66,17 +57,19 @@ func (service *Service) RemoveEdgeJob(edgeJobID portainer.EdgeJobID) {

 func (service *Service) RemoveEdgeJobFromEndpoint(endpointID portainer.EndpointID, edgeJobID portainer.EdgeJobID) {
 	service.mu.Lock()
-	defer service.mu.Unlock()
+	tunnel := service.getTunnelDetails(endpointID)

 	n := 0
-	for _, edgeJob := range service.edgeJobs[endpointID] {
+	for _, edgeJob := range tunnel.Jobs {
 		if edgeJob.ID != edgeJobID {
-			service.edgeJobs[endpointID][n] = edgeJob
+			tunnel.Jobs[n] = edgeJob
 			n++
 		}
 	}

-	service.edgeJobs[endpointID] = service.edgeJobs[endpointID][:n]
+	tunnel.Jobs = tunnel.Jobs[:n]

 	cache.Del(endpointID)
+
+	service.mu.Unlock()
 }
--- a/api/chisel/service.go
+++ b/api/chisel/service.go
@@ -19,6 +19,7 @@ import (

 const (
 	tunnelCleanupInterval = 10 * time.Second
+	requiredTimeout       = 15 * time.Second
 	activeTimeout         = 4*time.Minute + 30*time.Second
 	pingTimeout           = 3 * time.Second
 )
@@ -27,54 +28,32 @@ const (
 // It is used to start a reverse tunnel server and to manage the connection status of each tunnel
 // connected to the tunnel server.
 type Service struct {
-	serverFingerprint      string
-	serverPort             string
-	activeTunnels          map[portainer.EndpointID]*portainer.TunnelDetails
-	edgeJobs               map[portainer.EndpointID][]portainer.EdgeJob
-	dataStore              dataservices.DataStore
-	snapshotService        portainer.SnapshotService
-	chiselServer           *chserver.Server
-	shutdownCtx            context.Context
-	ProxyManager           *proxy.Manager
-	mu                     sync.RWMutex
-	fileService            portainer.FileService
-	defaultCheckinInterval int
+	serverFingerprint string
+	serverPort        string
+	tunnelDetailsMap  map[portainer.EndpointID]*portainer.TunnelDetails
+	dataStore         dataservices.DataStore
+	snapshotService   portainer.SnapshotService
+	chiselServer      *chserver.Server
+	shutdownCtx       context.Context
+	ProxyManager      *proxy.Manager
+	mu                sync.Mutex
+	fileService       portainer.FileService
 }

 // NewService returns a pointer to a new instance of Service
 func NewService(dataStore dataservices.DataStore, shutdownCtx context.Context, fileService portainer.FileService) *Service {
-	defaultCheckinInterval := portainer.DefaultEdgeAgentCheckinIntervalInSeconds
-
-	settings, err := dataStore.Settings().Settings()
-	if err == nil {
-		defaultCheckinInterval = settings.EdgeAgentCheckinInterval
-	} else {
-		log.Error().Err(err).Msg("unable to retrieve the settings from the database")
-	}
-
 	return &Service{
-		activeTunnels:          make(map[portainer.EndpointID]*portainer.TunnelDetails),
-		edgeJobs:               make(map[portainer.EndpointID][]portainer.EdgeJob),
-		dataStore:              dataStore,
-		shutdownCtx:            shutdownCtx,
-		fileService:            fileService,
-		defaultCheckinInterval: defaultCheckinInterval,
+		tunnelDetailsMap: make(map[portainer.EndpointID]*portainer.TunnelDetails),
+		dataStore:        dataStore,
+		shutdownCtx:      shutdownCtx,
+		fileService:      fileService,
 	}
 }

 // pingAgent ping the given agent so that the agent can keep the tunnel alive
 func (service *Service) pingAgent(endpointID portainer.EndpointID) error {
-	endpoint, err := service.dataStore.Endpoint().Endpoint(endpointID)
-	if err != nil {
-		return err
-	}
-
-	tunnelAddr, err := service.TunnelAddr(endpoint)
-	if err != nil {
-		return err
-	}
-
-	requestURL := fmt.Sprintf("http://%s/ping", tunnelAddr)
+	tunnel := service.GetTunnelDetails(endpointID)
+	requestURL := fmt.Sprintf("http://127.0.0.1:%d/ping", tunnel.Port)
 	req, err := http.NewRequest(http.MethodHead, requestURL, nil)
 	if err != nil {
 		return err
@@ -97,49 +76,47 @@ func (service *Service) pingAgent(endpointID portainer.EndpointID) error {

 // KeepTunnelAlive keeps the tunnel of the given environment for maxAlive duration, or until ctx is done
 func (service *Service) KeepTunnelAlive(endpointID portainer.EndpointID, ctx context.Context, maxAlive time.Duration) {
-	go service.keepTunnelAlive(endpointID, ctx, maxAlive)
-}
+	go func() {
+		log.Debug().
+			Int("endpoint_id", int(endpointID)).
+			Float64("max_alive_minutes", maxAlive.Minutes()).
+			Msg("KeepTunnelAlive: start")

-func (service *Service) keepTunnelAlive(endpointID portainer.EndpointID, ctx context.Context, maxAlive time.Duration) {
-	log.Debug().
-		Int("endpoint_id", int(endpointID)).
-		Float64("max_alive_minutes", maxAlive.Minutes()).
-		Msg("KeepTunnelAlive: start")
+		maxAliveTicker := time.NewTicker(maxAlive)
+		defer maxAliveTicker.Stop()

-	maxAliveTicker := time.NewTicker(maxAlive)
-	defer maxAliveTicker.Stop()
+		pingTicker := time.NewTicker(tunnelCleanupInterval)
+		defer pingTicker.Stop()

-	pingTicker := time.NewTicker(tunnelCleanupInterval)
-	defer pingTicker.Stop()
+		for {
+			select {
+			case <-pingTicker.C:
+				service.SetTunnelStatusToActive(endpointID)
+				err := service.pingAgent(endpointID)
+				if err != nil {
+					log.Debug().
+						Int("endpoint_id", int(endpointID)).
+						Err(err).
+						Msg("KeepTunnelAlive: ping agent")
+				}
+			case <-maxAliveTicker.C:
+				log.Debug().
+					Int("endpoint_id", int(endpointID)).
+					Float64("timeout_minutes", maxAlive.Minutes()).
+					Msg("KeepTunnelAlive: tunnel keep alive timeout")

-	for {
-		select {
-		case <-pingTicker.C:
-			service.UpdateLastActivity(endpointID)
-
-			if err := service.pingAgent(endpointID); err != nil {
+				return
+			case <-ctx.Done():
+				err := ctx.Err()
 				log.Debug().
 					Int("endpoint_id", int(endpointID)).
 					Err(err).
-					Msg("KeepTunnelAlive: ping agent")
+					Msg("KeepTunnelAlive: tunnel stop")
+
+				return
 			}
-		case <-maxAliveTicker.C:
-			log.Debug().
-				Int("endpoint_id", int(endpointID)).
-				Float64("timeout_minutes", maxAlive.Minutes()).
-				Msg("KeepTunnelAlive: tunnel keep alive timeout")
-
-			return
-		case <-ctx.Done():
-			err := ctx.Err()
-			log.Debug().
-				Int("endpoint_id", int(endpointID)).
-				Err(err).
-				Msg("KeepTunnelAlive: tunnel stop")
-
-			return
 		}
-	}
+	}()
 }

 // StartTunnelServer starts a tunnel server on the specified addr and port.
@@ -149,6 +126,7 @@ func (service *Service) keepTunnelAlive(endpointID portainer.EndpointID, ctx con
 // The snapshotter is used in the tunnel status verification process.
 func (service *Service) StartTunnelServer(addr, port string, snapshotService portainer.SnapshotService) error {
 	privateKeyFile, err := service.retrievePrivateKeyFile()
+
 	if err != nil {
 		return err
 	}
@@ -166,21 +144,21 @@ func (service *Service) StartTunnelServer(addr, port string, snapshotService por
 	service.serverFingerprint = chiselServer.GetFingerprint()
 	service.serverPort = port

-	if err := chiselServer.Start(addr, port); err != nil {
+	err = chiselServer.Start(addr, port)
+	if err != nil {
 		return err
 	}
-
 	service.chiselServer = chiselServer

 	// TODO: work-around Chisel default behavior.
 	// By default, Chisel will allow anyone to connect if no user exists.
 	username, password := generateRandomCredentials()
-	if err = service.chiselServer.AddUser(username, password, "127.0.0.1"); err != nil {
+	err = service.chiselServer.AddUser(username, password, "127.0.0.1")
+	if err != nil {
 		return err
 	}

 	service.snapshotService = snapshotService
-
 	go service.startTunnelVerificationLoop()

 	return nil
@@ -194,39 +172,37 @@ func (service *Service) StopTunnelServer() error {
 func (service *Service) retrievePrivateKeyFile() (string, error) {
 	privateKeyFile := service.fileService.GetDefaultChiselPrivateKeyPath()

-	if exists, _ := service.fileService.FileExists(privateKeyFile); exists {
+	exist, _ := service.fileService.FileExists(privateKeyFile)
+	if !exist {
+		log.Debug().
+			Str("private-key", privateKeyFile).
+			Msg("Chisel private key file does not exist")
+
+		privateKey, err := ccrypto.GenerateKey("")
+		if err != nil {
+			log.Error().
+				Err(err).
+				Msg("Failed to generate chisel private key")
+			return "", err
+		}
+
+		err = service.fileService.StoreChiselPrivateKey(privateKey)
+		if err != nil {
+			log.Error().
+				Err(err).
+				Msg("Failed to save Chisel private key to disk")
+			return "", err
+		} else {
+			log.Info().
+				Str("private-key", privateKeyFile).
+				Msg("Generated a new Chisel private key file")
+		}
+	} else {
 		log.Info().
 			Str("private-key", privateKeyFile).
-			Msg("found Chisel private key file on disk")
-
-		return privateKeyFile, nil
+			Msg("Found Chisel private key file on disk")
 	}

-	log.Debug().
-		Str("private-key", privateKeyFile).
-		Msg("chisel private key file does not exist")
-
-	privateKey, err := ccrypto.GenerateKey("")
-	if err != nil {
-		log.Error().
-			Err(err).
-			Msg("failed to generate chisel private key")
-
-		return "", err
-	}
-
-	if err = service.fileService.StoreChiselPrivateKey(privateKey); err != nil {
-		log.Error().
-			Err(err).
-			Msg("failed to save Chisel private key to disk")
-
-		return "", err
-	}
-
-	log.Info().
-		Str("private-key", privateKeyFile).
-		Msg("generated a new Chisel private key file")
-
 	return privateKeyFile, nil
 }

@@ -254,45 +230,63 @@ func (service *Service) startTunnelVerificationLoop() {
 	}
 }

-// checkTunnels finds the first tunnel that has not had any activity recently
-// and attempts to take a snapshot, then closes it and returns
 func (service *Service) checkTunnels() {
-	service.mu.RLock()
+	tunnels := make(map[portainer.EndpointID]portainer.TunnelDetails)

-	for endpointID, tunnel := range service.activeTunnels {
-		elapsed := time.Since(tunnel.LastActivity)
-		log.Debug().
-			Int("endpoint_id", int(endpointID)).
-			Float64("last_activity_seconds", elapsed.Seconds()).
-			Msg("environment tunnel monitoring")
-
-		if tunnel.Status == portainer.EdgeAgentManagementRequired && elapsed < activeTimeout {
+	service.mu.Lock()
+	for key, tunnel := range service.tunnelDetailsMap {
+		if tunnel.LastActivity.IsZero() || tunnel.Status == portainer.EdgeAgentIdle {
 			continue
 		}

-		tunnelPort := tunnel.Port
-
-		service.mu.RUnlock()
-
-		log.Debug().
-			Int("endpoint_id", int(endpointID)).
-			Float64("last_activity_seconds", elapsed.Seconds()).
-			Float64("timeout_seconds", activeTimeout.Seconds()).
-			Msg("last activity timeout exceeded")
-
-		if err := service.snapshotEnvironment(endpointID, tunnelPort); err != nil {
-			log.Error().
-				Int("endpoint_id", int(endpointID)).
-				Err(err).
-				Msg("unable to snapshot Edge environment")
+		if tunnel.Status == portainer.EdgeAgentManagementRequired && time.Since(tunnel.LastActivity) < requiredTimeout {
+			continue
 		}

-		service.close(portainer.EndpointID(endpointID))
+		if tunnel.Status == portainer.EdgeAgentActive && time.Since(tunnel.LastActivity) < activeTimeout {
+			continue
+		}

-		return
+		tunnels[key] = *tunnel
 	}
+	service.mu.Unlock()

-	service.mu.RUnlock()
+	for endpointID, tunnel := range tunnels {
+		elapsed := time.Since(tunnel.LastActivity)
+		log.Debug().
+			Int("endpoint_id", int(endpointID)).
+			Str("status", tunnel.Status).
+			Float64("status_time_seconds", elapsed.Seconds()).
+			Msg("environment tunnel monitoring")
+
+		if tunnel.Status == portainer.EdgeAgentManagementRequired && elapsed > requiredTimeout {
+			log.Debug().
+				Int("endpoint_id", int(endpointID)).
+				Str("status", tunnel.Status).
+				Float64("status_time_seconds", elapsed.Seconds()).
+				Float64("timeout_seconds", requiredTimeout.Seconds()).
+				Msg("REQUIRED state timeout exceeded")
+		}
+
+		if tunnel.Status == portainer.EdgeAgentActive && elapsed > activeTimeout {
+			log.Debug().
+				Int("endpoint_id", int(endpointID)).
+				Str("status", tunnel.Status).
+				Float64("status_time_seconds", elapsed.Seconds()).
+				Float64("timeout_seconds", activeTimeout.Seconds()).
+				Msg("ACTIVE state timeout exceeded")
+
+			err := service.snapshotEnvironment(endpointID, tunnel.Port)
+			if err != nil {
+				log.Error().
+					Int("endpoint_id", int(endpointID)).
+					Err(err).
+					Msg("unable to snapshot Edge environment")
+			}
+		}
+
+		service.SetTunnelStatusToIdle(portainer.EndpointID(endpointID))
+	}
 }

 func (service *Service) snapshotEnvironment(endpointID portainer.EndpointID, tunnelPort int) error {
--- a/api/chisel/service_test.go
+++ b/api/chisel/service_test.go
@@ -1,28 +1,21 @@
 package chisel

 import (
+	"context"
 	"net"
 	"net/http"
 	"testing"
 	"time"

 	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/datastore"

 	"github.com/stretchr/testify/require"
 )

 func TestPingAgentPanic(t *testing.T) {
-	endpoint := &portainer.Endpoint{
-		ID:          1,
-		EdgeID:      "test-edge-id",
-		Type:        portainer.EdgeAgentOnDockerEnvironment,
-		UserTrusted: true,
-	}
+	endpointID := portainer.EndpointID(1)

-	_, store := datastore.MustNewTestStore(t, true, true)
-
-	s := NewService(store, nil, nil)
+	s := NewService(nil, nil, nil)

 	defer func() {
 		require.Nil(t, recover())
@@ -36,13 +29,17 @@ func TestPingAgentPanic(t *testing.T) {
 	ln, err := net.ListenTCP("tcp", &net.TCPAddr{IP: net.IPv4(127, 0, 0, 1), Port: 0})
 	require.NoError(t, err)

+	srv := &http.Server{Handler: mux}
+
+	errCh := make(chan error)
 	go func() {
-		require.NoError(t, http.Serve(ln, mux))
+		errCh <- srv.Serve(ln)
 	}()

-	err = s.Open(endpoint)
-	require.NoError(t, err)
-	s.activeTunnels[endpoint.ID].Port = ln.Addr().(*net.TCPAddr).Port
+	s.getTunnelDetails(endpointID)
+	s.tunnelDetailsMap[endpointID].Port = ln.Addr().(*net.TCPAddr).Port

-	require.Error(t, s.pingAgent(endpoint.ID))
+	require.Error(t, s.pingAgent(endpointID))
+	require.NoError(t, srv.Shutdown(context.Background()))
+	require.ErrorIs(t, <-errCh, http.ErrServerClosed)
 }
--- a/api/chisel/tunnel.go
+++ b/api/chisel/tunnel.go
@@ -5,18 +5,14 @@ import (
 	"errors"
 	"fmt"
 	"math/rand"
-	"net"
 	"strings"
 	"time"

 	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/internal/edge"
 	"github.com/portainer/portainer/api/internal/edge/cache"
-	"github.com/portainer/portainer/api/internal/endpointutils"
 	"github.com/portainer/portainer/pkg/libcrypto"

 	"github.com/dchest/uniuri"
-	"github.com/rs/zerolog/log"
 )

 const (
@@ -24,191 +20,18 @@ const (
 	maxAvailablePort = 65535
 )

-var (
-	ErrNonEdgeEnv = errors.New("cannot open a tunnel for non-edge environments")
-	ErrAsyncEnv   = errors.New("cannot open a tunnel for async edge environments")
-	ErrInvalidEnv = errors.New("cannot open a tunnel for an invalid environment")
-)
-
-// Open will mark the tunnel as REQUIRED so the agent opens it
-func (s *Service) Open(endpoint *portainer.Endpoint) error {
-	if !endpointutils.IsEdgeEndpoint(endpoint) {
-		return ErrNonEdgeEnv
-	}
-
-	if endpoint.Edge.AsyncMode {
-		return ErrAsyncEnv
-	}
-
-	if endpoint.ID == 0 || endpoint.EdgeID == "" || !endpoint.UserTrusted {
-		return ErrInvalidEnv
-	}
-
-	s.mu.Lock()
-	defer s.mu.Unlock()
-
-	if _, ok := s.activeTunnels[endpoint.ID]; ok {
-		return nil
-	}
-
-	defer cache.Del(endpoint.ID)
-
-	tun := &portainer.TunnelDetails{
-		Status:       portainer.EdgeAgentManagementRequired,
-		Port:         s.getUnusedPort(),
-		LastActivity: time.Now(),
-	}
-
-	username, password := generateRandomCredentials()
-
-	if s.chiselServer != nil {
-		authorizedRemote := fmt.Sprintf("^R:0.0.0.0:%d$", tun.Port)
-
-		if err := s.chiselServer.AddUser(username, password, authorizedRemote); err != nil {
-			return err
-		}
-	}
-
-	credentials, err := encryptCredentials(username, password, endpoint.EdgeID)
-	if err != nil {
-		return err
-	}
-
-	tun.Credentials = credentials
-
-	s.activeTunnels[endpoint.ID] = tun
-
-	return nil
-}
-
-// close removes the tunnel from the map so the agent will close it
-func (s *Service) close(endpointID portainer.EndpointID) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-
-	tun, ok := s.activeTunnels[endpointID]
-	if !ok {
-		return
-	}
-
-	if len(tun.Credentials) > 0 && s.chiselServer != nil {
-		user, _, _ := strings.Cut(tun.Credentials, ":")
-		s.chiselServer.DeleteUser(user)
-	}
-
-	if s.ProxyManager != nil {
-		s.ProxyManager.DeleteEndpointProxy(endpointID)
-	}
-
-	delete(s.activeTunnels, endpointID)
-
-	cache.Del(endpointID)
-}
-
-// Config returns the tunnel details needed for the agent to connect
-func (s *Service) Config(endpointID portainer.EndpointID) portainer.TunnelDetails {
-	s.mu.RLock()
-	defer s.mu.RUnlock()
-
-	if tun, ok := s.activeTunnels[endpointID]; ok {
-		return *tun
-	}
-
-	return portainer.TunnelDetails{Status: portainer.EdgeAgentIdle}
-}
-
-// TunnelAddr returns the address of the local tunnel, including the port, it
-// will block until the tunnel is ready
-func (s *Service) TunnelAddr(endpoint *portainer.Endpoint) (string, error) {
-	if err := s.Open(endpoint); err != nil {
-		return "", err
-	}
-
-	tun := s.Config(endpoint.ID)
-	checkinInterval := time.Duration(s.tryEffectiveCheckinInterval(endpoint)) * time.Second
-
-	for t0 := time.Now(); ; {
-		if time.Since(t0) > 2*checkinInterval {
-			s.close(endpoint.ID)
-
-			return "", errors.New("unable to open the tunnel")
-		}
-
-		// Check if the tunnel is established
-		conn, err := net.DialTCP("tcp", nil, &net.TCPAddr{IP: net.IPv4(127, 0, 0, 1), Port: tun.Port})
-		if err != nil {
-			time.Sleep(checkinInterval / 100)
-
-			continue
-		}
-
-		conn.Close()
-
-		break
-	}
-
-	s.UpdateLastActivity(endpoint.ID)
-
-	return fmt.Sprintf("127.0.0.1:%d", tun.Port), nil
-}
-
-// tryEffectiveCheckinInterval avoids a potential deadlock by returning a
-// previous known value after a timeout
-func (s *Service) tryEffectiveCheckinInterval(endpoint *portainer.Endpoint) int {
-	ch := make(chan int, 1)
-
-	go func() {
-		ch <- edge.EffectiveCheckinInterval(s.dataStore, endpoint)
-	}()
-
-	select {
-	case <-time.After(50 * time.Millisecond):
-		s.mu.RLock()
-		defer s.mu.RUnlock()
-
-		return s.defaultCheckinInterval
-	case i := <-ch:
-		s.mu.Lock()
-		s.defaultCheckinInterval = i
-		s.mu.Unlock()
-
-		return i
-	}
-}
-
-// UpdateLastActivity sets the current timestamp to avoid the tunnel timeout
-func (s *Service) UpdateLastActivity(endpointID portainer.EndpointID) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-
-	if tun, ok := s.activeTunnels[endpointID]; ok {
-		tun.LastActivity = time.Now()
-	}
-}
-
 // NOTE: it needs to be called with the lock acquired
 // getUnusedPort is used to generate an unused random port in the dynamic port range.
 // Dynamic ports (also called private ports) are 49152 to 65535.
 func (service *Service) getUnusedPort() int {
 	port := randomInt(minAvailablePort, maxAvailablePort)

-	for _, tunnel := range service.activeTunnels {
+	for _, tunnel := range service.tunnelDetailsMap {
 		if tunnel.Port == port {
 			return service.getUnusedPort()
 		}
 	}

-	conn, err := net.DialTCP("tcp", nil, &net.TCPAddr{IP: net.IPv4(127, 0, 0, 1), Port: port})
-	if err == nil {
-		conn.Close()
-
-		log.Debug().
-			Int("port", port).
-			Msg("selected port is in use, trying a different one")
-
-		return service.getUnusedPort()
-	}
-
 	return port
 }

@@ -216,10 +39,152 @@ func randomInt(min, max int) int {
 	return min + rand.Intn(max-min)
 }

+// NOTE: it needs to be called with the lock acquired
+func (service *Service) getTunnelDetails(endpointID portainer.EndpointID) *portainer.TunnelDetails {
+
+	if tunnel, ok := service.tunnelDetailsMap[endpointID]; ok {
+		return tunnel
+	}
+
+	tunnel := &portainer.TunnelDetails{
+		Status: portainer.EdgeAgentIdle,
+	}
+
+	service.tunnelDetailsMap[endpointID] = tunnel
+
+	cache.Del(endpointID)
+
+	return tunnel
+}
+
+// GetTunnelDetails returns information about the tunnel associated to an environment(endpoint).
+func (service *Service) GetTunnelDetails(endpointID portainer.EndpointID) portainer.TunnelDetails {
+	service.mu.Lock()
+	defer service.mu.Unlock()
+
+	return *service.getTunnelDetails(endpointID)
+}
+
+// GetActiveTunnel retrieves an active tunnel which allows communicating with edge agent
+func (service *Service) GetActiveTunnel(endpoint *portainer.Endpoint) (portainer.TunnelDetails, error) {
+	if endpoint.Edge.AsyncMode {
+		return portainer.TunnelDetails{}, errors.New("cannot open tunnel on async endpoint")
+	}
+
+	tunnel := service.GetTunnelDetails(endpoint.ID)
+
+	if tunnel.Status == portainer.EdgeAgentActive {
+		// update the LastActivity
+		service.SetTunnelStatusToActive(endpoint.ID)
+	}
+
+	if tunnel.Status == portainer.EdgeAgentIdle || tunnel.Status == portainer.EdgeAgentManagementRequired {
+		err := service.SetTunnelStatusToRequired(endpoint.ID)
+		if err != nil {
+			return portainer.TunnelDetails{}, fmt.Errorf("failed opening tunnel to endpoint: %w", err)
+		}
+
+		if endpoint.EdgeCheckinInterval == 0 {
+			settings, err := service.dataStore.Settings().Settings()
+			if err != nil {
+				return portainer.TunnelDetails{}, fmt.Errorf("failed fetching settings from db: %w", err)
+			}
+
+			endpoint.EdgeCheckinInterval = settings.EdgeAgentCheckinInterval
+		}
+
+		time.Sleep(2 * time.Duration(endpoint.EdgeCheckinInterval) * time.Second)
+	}
+
+	return service.GetTunnelDetails(endpoint.ID), nil
+}
+
+// SetTunnelStatusToActive update the status of the tunnel associated to the specified environment(endpoint).
+// It sets the status to ACTIVE.
+func (service *Service) SetTunnelStatusToActive(endpointID portainer.EndpointID) {
+	service.mu.Lock()
+	tunnel := service.getTunnelDetails(endpointID)
+	tunnel.Status = portainer.EdgeAgentActive
+	tunnel.Credentials = ""
+	tunnel.LastActivity = time.Now()
+	service.mu.Unlock()
+
+	cache.Del(endpointID)
+}
+
+// SetTunnelStatusToIdle update the status of the tunnel associated to the specified environment(endpoint).
+// It sets the status to IDLE.
+// It removes any existing credentials associated to the tunnel.
+func (service *Service) SetTunnelStatusToIdle(endpointID portainer.EndpointID) {
+	service.mu.Lock()
+
+	tunnel := service.getTunnelDetails(endpointID)
+	tunnel.Status = portainer.EdgeAgentIdle
+	tunnel.Port = 0
+	tunnel.LastActivity = time.Now()
+
+	credentials := tunnel.Credentials
+	if credentials != "" {
+		tunnel.Credentials = ""
+
+		if service.chiselServer != nil {
+			service.chiselServer.DeleteUser(strings.Split(credentials, ":")[0])
+		}
+	}
+
+	service.ProxyManager.DeleteEndpointProxy(endpointID)
+
+	service.mu.Unlock()
+
+	cache.Del(endpointID)
+}
+
+// SetTunnelStatusToRequired update the status of the tunnel associated to the specified environment(endpoint).
+// It sets the status to REQUIRED.
+// If no port is currently associated to the tunnel, it will associate a random unused port to the tunnel
+// and generate temporary credentials that can be used to establish a reverse tunnel on that port.
+// Credentials are encrypted using the Edge ID associated to the environment(endpoint).
+func (service *Service) SetTunnelStatusToRequired(endpointID portainer.EndpointID) error {
+	defer cache.Del(endpointID)
+
+	tunnel := service.getTunnelDetails(endpointID)
+
+	service.mu.Lock()
+	defer service.mu.Unlock()
+
+	if tunnel.Port == 0 {
+		endpoint, err := service.dataStore.Endpoint().Endpoint(endpointID)
+		if err != nil {
+			return err
+		}
+
+		tunnel.Status = portainer.EdgeAgentManagementRequired
+		tunnel.Port = service.getUnusedPort()
+		tunnel.LastActivity = time.Now()
+
+		username, password := generateRandomCredentials()
+		authorizedRemote := fmt.Sprintf("^R:0.0.0.0:%d$", tunnel.Port)
+
+		if service.chiselServer != nil {
+			err = service.chiselServer.AddUser(username, password, authorizedRemote)
+			if err != nil {
+				return err
+			}
+		}
+
+		credentials, err := encryptCredentials(username, password, endpoint.EdgeID)
+		if err != nil {
+			return err
+		}
+		tunnel.Credentials = credentials
+	}
+
+	return nil
+}
+
 func generateRandomCredentials() (string, string) {
 	username := uniuri.NewLen(8)
 	password := uniuri.NewLen(8)
-
 	return username, password
 }

--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@@ -19,7 +19,6 @@ import (
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/datastore"
 	"github.com/portainer/portainer/api/datastore/migrator"
-	"github.com/portainer/portainer/api/datastore/postinit"
 	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/docker"
 	dockerclient "github.com/portainer/portainer/api/docker/client"
@@ -458,11 +457,19 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 	authorizationService := authorization.NewService(dataStore)
 	authorizationService.K8sClientFactory = kubernetesClientFactory

+	pendingActionsService := pendingactions.NewService(dataStore, kubernetesClientFactory, authorizationService, shutdownCtx)
+
+	snapshotService, err := initSnapshotService(*flags.SnapshotInterval, dataStore, dockerClientFactory, kubernetesClientFactory, shutdownCtx, pendingActionsService)
+	if err != nil {
+		log.Fatal().Err(err).Msg("failed initializing snapshot service")
+	}
+	snapshotService.Start()
+
 	kubernetesTokenCacheManager := kubeproxy.NewTokenCacheManager()

 	kubeClusterAccessService := kubernetes.NewKubeClusterAccessService(*flags.BaseURL, *flags.AddrHTTPS, sslSettings.CertPath)

-	proxyManager := proxy.NewManager(kubernetesClientFactory)
+	proxyManager := proxy.NewManager(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager, gitService)

 	reverseTunnelService.ProxyManager = proxyManager

@@ -482,16 +489,6 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {

 	kubernetesDeployer := initKubernetesDeployer(kubernetesTokenCacheManager, kubernetesClientFactory, dataStore, reverseTunnelService, digitalSignatureService, proxyManager, *flags.Assets)

-	pendingActionsService := pendingactions.NewService(dataStore, kubernetesClientFactory, dockerClientFactory, authorizationService, shutdownCtx, *flags.Assets, kubernetesDeployer)
-
-	snapshotService, err := initSnapshotService(*flags.SnapshotInterval, dataStore, dockerClientFactory, kubernetesClientFactory, shutdownCtx, pendingActionsService)
-	if err != nil {
-		log.Fatal().Err(err).Msg("failed initializing snapshot service")
-	}
-	snapshotService.Start()
-
-	proxyManager.NewProxyFactory(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager, gitService, snapshotService)
-
 	helmPackageManager, err := initHelmPackageManager(*flags.Assets)
 	if err != nil {
 		log.Fatal().Err(err).Msg("failed initializing helm package manager")
@@ -581,12 +578,10 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 	// but some more complex migrations require access to a kubernetes or docker
 	// client. Therefore we run a separate migration process just before
 	// starting the server.
-	postInitMigrator := postinit.NewPostInitMigrator(
+	postInitMigrator := datastore.NewPostInitMigrator(
 		kubernetesClientFactory,
 		dockerClientFactory,
 		dataStore,
-		*flags.Assets,
-		kubernetesDeployer,
 	)
 	if err := postInitMigrator.PostInitMigrate(); err != nil {
 		log.Fatal().Err(err).Msg("failure during post init migrations")
@@ -655,7 +650,6 @@ func main() {
 			Msg("starting Portainer")

 		err := server.Start()
-
 		log.Info().Err(err).Msg("HTTP server exited")
 	}
 }
--- a/api/crypto/tls.go
+++ b/api/crypto/tls.go
@@ -22,12 +22,6 @@ func CreateTLSConfiguration() *tls.Config {
 			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 			tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
 			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 		},
 	}
 }
--- a/api/dataservices/interface.go
+++ b/api/dataservices/interface.go
@@ -36,7 +36,6 @@ type (
 	}

 	DataStore interface {
-		Connection() portainer.Connection
 		Open() (newStore bool, err error)
 		Init() error
 		Close() error
@@ -74,7 +73,6 @@ type (
 	PendingActionsService interface {
 		BaseCRUD[portainer.PendingActions, portainer.PendingActionsID]
 		GetNextIdentifier() int
-		DeleteByEndpointID(ID portainer.EndpointID) error
 	}

 	// EdgeStackService represents a service to manage Edge stacks
--- a/api/dataservices/pendingactions/pendingactions.go
+++ b/api/dataservices/pendingactions/pendingactions.go
@@ -1,12 +1,10 @@
 package pendingactions

 import (
-	"fmt"
 	"time"

 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/rs/zerolog/log"
 )

 const (
@@ -47,12 +45,6 @@ func (s Service) Update(ID portainer.PendingActionsID, config *portainer.Pending
 	})
 }

-func (s Service) DeleteByEndpointID(ID portainer.EndpointID) error {
-	return s.Connection.UpdateTx(func(tx portainer.Transaction) error {
-		return s.Tx(tx).DeleteByEndpointID(ID)
-	})
-}
-
 func (service *Service) Tx(tx portainer.Transaction) ServiceTx {
 	return ServiceTx{
 		BaseDataServiceTx: dataservices.BaseDataServiceTx[portainer.PendingActions, portainer.PendingActionsID]{
@@ -76,29 +68,6 @@ func (s ServiceTx) Update(ID portainer.PendingActionsID, config *portainer.Pendi
 	return s.BaseDataServiceTx.Update(ID, config)
 }

-func (s ServiceTx) DeleteByEndpointID(ID portainer.EndpointID) error {
-	log.Debug().Int("endpointId", int(ID)).Msg("deleting pending actions for endpoint")
-	pendingActions, err := s.BaseDataServiceTx.ReadAll()
-	if err != nil {
-		return fmt.Errorf("failed to retrieve pending-actions for endpoint (%d): %w", ID, err)
-	}
-
-	for _, pendingAction := range pendingActions {
-		if pendingAction.EndpointID == ID {
-			err := s.BaseDataServiceTx.Delete(pendingAction.ID)
-			if err != nil {
-				log.Debug().Int("endpointId", int(ID)).Msgf("failed to delete pending action: %v", err)
-			}
-		}
-	}
-	return nil
-}
-
-// GetNextIdentifier returns the next identifier for a custom template.
-func (service ServiceTx) GetNextIdentifier() int {
-	return service.Tx.GetNextIdentifier(BucketName)
-}
-
 // GetNextIdentifier returns the next identifier for a custom template.
 func (service *Service) GetNextIdentifier() int {
 	return service.Connection.GetNextIdentifier(BucketName)
--- a/api/dataservices/team/team.go
+++ b/api/dataservices/team/team.go
@@ -19,7 +19,8 @@ type Service struct {

 // NewService creates a new instance of a service.
 func NewService(connection portainer.Connection) (*Service, error) {
-	if err := connection.SetServiceName(BucketName); err != nil {
+	err := connection.SetServiceName(BucketName)
+	if err != nil {
 		return nil, err
 	}

@@ -31,16 +32,6 @@ func NewService(connection portainer.Connection) (*Service, error) {
 	}, nil
 }

-func (service *Service) Tx(tx portainer.Transaction) ServiceTx {
-	return ServiceTx{
-		BaseDataServiceTx: dataservices.BaseDataServiceTx[portainer.Team, portainer.TeamID]{
-			Bucket:     BucketName,
-			Connection: service.Connection,
-			Tx:         tx,
-		},
-	}
-}
-
 // TeamByName returns a team by name.
 func (service *Service) TeamByName(name string) (*portainer.Team, error) {
 	var t portainer.Team
--- a/api/dataservices/team/tx.go
+++ b/api/dataservices/team/tx.go
@@ -1,48 +0,0 @@
-package team
-
-import (
-	"errors"
-	"strings"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
-	dserrors "github.com/portainer/portainer/api/dataservices/errors"
-)
-
-type ServiceTx struct {
-	dataservices.BaseDataServiceTx[portainer.Team, portainer.TeamID]
-}
-
-// TeamByName returns a team by name.
-func (service ServiceTx) TeamByName(name string) (*portainer.Team, error) {
-	var t portainer.Team
-
-	err := service.Tx.GetAll(
-		BucketName,
-		&portainer.Team{},
-		dataservices.FirstFn(&t, func(e portainer.Team) bool {
-			return strings.EqualFold(e.Name, name)
-		}),
-	)
-
-	if errors.Is(err, dataservices.ErrStop) {
-		return &t, nil
-	}
-
-	if err == nil {
-		return nil, dserrors.ErrObjectNotFound
-	}
-
-	return nil, err
-}
-
-// CreateTeam creates a new Team.
-func (service ServiceTx) Create(team *portainer.Team) error {
-	return service.Tx.CreateObject(
-		BucketName,
-		func(id uint64) (int, any) {
-			team.ID = portainer.TeamID(id)
-			return int(team.ID), team
-		},
-	)
-}
--- a/api/datastore/migrate_data.go
+++ b/api/datastore/migrate_data.go
@@ -86,7 +86,6 @@ func (store *Store) newMigratorParameters(version *models.Version) *migrator.Mig
 		EdgeStackService:        store.EdgeStackService,
 		EdgeJobService:          store.EdgeJobService,
 		TunnelServerService:     store.TunnelServerService,
-		PendingActionsService:   store.PendingActionsService,
 	}
 }

--- a/api/datastore/migrate_post_init.go
+++ b/api/datastore/migrate_post_init.go
@@ -0,0 +1,117 @@
+package datastore
+
+import (
+	"context"
+
+	"github.com/docker/docker/api/types"
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/dataservices"
+	dockerclient "github.com/portainer/portainer/api/docker/client"
+	"github.com/portainer/portainer/api/kubernetes/cli"
+
+	"github.com/rs/zerolog/log"
+)
+
+type PostInitMigrator struct {
+	kubeFactory   *cli.ClientFactory
+	dockerFactory *dockerclient.ClientFactory
+	dataStore     dataservices.DataStore
+}
+
+func NewPostInitMigrator(kubeFactory *cli.ClientFactory, dockerFactory *dockerclient.ClientFactory, dataStore dataservices.DataStore) *PostInitMigrator {
+	return &PostInitMigrator{
+		kubeFactory:   kubeFactory,
+		dockerFactory: dockerFactory,
+		dataStore:     dataStore,
+	}
+}
+
+func (migrator *PostInitMigrator) PostInitMigrate() error {
+	if err := migrator.PostInitMigrateIngresses(); err != nil {
+		return err
+	}
+
+	migrator.PostInitMigrateGPUs()
+
+	return nil
+}
+
+func (migrator *PostInitMigrator) PostInitMigrateIngresses() error {
+	endpoints, err := migrator.dataStore.Endpoint().Endpoints()
+	if err != nil {
+		return err
+	}
+
+	for i := range endpoints {
+		// Early exit if we do not need to migrate!
+		if !endpoints[i].PostInitMigrations.MigrateIngresses {
+			return nil
+		}
+
+		err := migrator.kubeFactory.MigrateEndpointIngresses(&endpoints[i])
+		if err != nil {
+			log.Debug().Err(err).Msg("failure migrating endpoint ingresses")
+		}
+	}
+
+	return nil
+}
+
+// PostInitMigrateGPUs will check all docker endpoints for containers with GPUs and set EnableGPUManagement to true if any are found
+// If there's an error getting the containers, we'll log it and move on
+func (migrator *PostInitMigrator) PostInitMigrateGPUs() {
+	environments, err := migrator.dataStore.Endpoint().Endpoints()
+	if err != nil {
+		log.Err(err).Msg("failure getting endpoints")
+		return
+	}
+
+	for i := range environments {
+		if environments[i].Type == portainer.DockerEnvironment {
+			// // Early exit if we do not need to migrate!
+			if !environments[i].PostInitMigrations.MigrateGPUs {
+				return
+			}
+
+			// set the MigrateGPUs flag to false so we don't run this again
+			environments[i].PostInitMigrations.MigrateGPUs = false
+			migrator.dataStore.Endpoint().UpdateEndpoint(environments[i].ID, &environments[i])
+
+			// create a docker client
+			dockerClient, err := migrator.dockerFactory.CreateClient(&environments[i], "", nil)
+			if err != nil {
+				log.Err(err).Msg("failure creating docker client for environment: " + environments[i].Name)
+				return
+			}
+			defer dockerClient.Close()
+
+			// get all containers
+			containers, err := dockerClient.ContainerList(context.Background(), types.ContainerListOptions{All: true})
+			if err != nil {
+				log.Err(err).Msg("failed to list containers")
+				return
+			}
+
+			// check for a gpu on each container. If even one GPU is found, set EnableGPUManagement to true for the whole endpoint
+		containersLoop:
+			for _, container := range containers {
+				// https://www.sobyte.net/post/2022-10/go-docker/ has nice documentation on the docker client with GPUs
+				containerDetails, err := dockerClient.ContainerInspect(context.Background(), container.ID)
+				if err != nil {
+					log.Err(err).Msg("failed to inspect container")
+					return
+				}
+
+				deviceRequests := containerDetails.HostConfig.Resources.DeviceRequests
+				for _, deviceRequest := range deviceRequests {
+					if deviceRequest.Driver == "nvidia" {
+						environments[i].EnableGPUManagement = true
+						migrator.dataStore.Endpoint().UpdateEndpoint(environments[i].ID, &environments[i])
+
+						break containersLoop
+					}
+				}
+			}
+		}
+	}
+}
--- a/api/datastore/migrator/migrate_dbversion111.go
+++ b/api/datastore/migrator/migrate_dbversion111.go
@@ -1,32 +0,0 @@
-package migrator
-
-import (
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
-	"github.com/rs/zerolog/log"
-)
-
-func (migrator *Migrator) cleanPendingActionsForDeletedEndpointsForDB111() error {
-	log.Info().Msg("cleaning up pending actions for deleted endpoints")
-
-	pendingActions, err := migrator.pendingActionsService.ReadAll()
-	if err != nil {
-		return err
-	}
-
-	endpoints := make(map[portainer.EndpointID]struct{})
-	for _, action := range pendingActions {
-		endpoints[action.EndpointID] = struct{}{}
-	}
-
-	for endpointId := range endpoints {
-		_, err := migrator.endpointService.Endpoint(endpointId)
-		if dataservices.IsErrObjectNotFound(err) {
-			err := migrator.pendingActionsService.DeleteByEndpointID(endpointId)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
--- a/api/datastore/migrator/migrator.go
+++ b/api/datastore/migrator/migrator.go
@@ -14,7 +14,6 @@ import (
 	"github.com/portainer/portainer/api/dataservices/endpointrelation"
 	"github.com/portainer/portainer/api/dataservices/extension"
 	"github.com/portainer/portainer/api/dataservices/fdoprofile"
-	"github.com/portainer/portainer/api/dataservices/pendingactions"
 	"github.com/portainer/portainer/api/dataservices/registry"
 	"github.com/portainer/portainer/api/dataservices/resourcecontrol"
 	"github.com/portainer/portainer/api/dataservices/role"
@@ -59,7 +58,6 @@ type (
 		edgeStackService        *edgestack.Service
 		edgeJobService          *edgejob.Service
 		TunnelServerService     *tunnelserver.Service
-		pendingActionsService   *pendingactions.Service
 	}

 	// MigratorParameters represents the required parameters to create a new Migrator instance.
@@ -87,7 +85,6 @@ type (
 		EdgeStackService        *edgestack.Service
 		EdgeJobService          *edgejob.Service
 		TunnelServerService     *tunnelserver.Service
-		PendingActionsService   *pendingactions.Service
 	}
 )

@@ -117,7 +114,6 @@ func NewMigrator(parameters *MigratorParameters) *Migrator {
 		edgeStackService:        parameters.EdgeStackService,
 		edgeJobService:          parameters.EdgeJobService,
 		TunnelServerService:     parameters.TunnelServerService,
-		pendingActionsService:   parameters.PendingActionsService,
 	}

 	migrator.initMigrations()
@@ -236,9 +232,6 @@ func (m *Migrator) initMigrations() {
 		m.updateAppTemplatesVersionForDB110,
 		m.updateResourceOverCommitToDB110,
 	)
-	m.addMigrations("2.20.2",
-		m.cleanPendingActionsForDeletedEndpointsForDB111,
-	)

 	// Add new migrations below...
 	// One function per migration, each versions migration funcs in the same file.
--- a/api/datastore/pendingactions_test.go
+++ b/api/datastore/pendingactions_test.go
@@ -1,95 +0,0 @@
-package datastore
-
-import (
-	"testing"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/pendingactions/actions"
-)
-
-func Test_ConvertCleanNAPWithOverridePoliciesPayload(t *testing.T) {
-	t.Run("test ConvertCleanNAPWithOverridePoliciesPayload", func(t *testing.T) {
-
-		_, store := MustNewTestStore(t, true, false)
-		defer store.Close()
-
-		testData := []struct {
-			Name          string
-			PendingAction portainer.PendingActions
-			Expected      *actions.CleanNAPWithOverridePoliciesPayload
-			Err           bool
-		}{
-			{
-				Name: "test actiondata with EndpointGroupID 1",
-				PendingAction: portainer.PendingActions{
-					EndpointID: 1,
-					Action:     "CleanNAPWithOverridePolicies",
-					ActionData: &actions.CleanNAPWithOverridePoliciesPayload{
-						EndpointGroupID: 1,
-					},
-				},
-				Expected: &actions.CleanNAPWithOverridePoliciesPayload{
-					EndpointGroupID: 1,
-				},
-			},
-			{
-				Name: "test actionData nil",
-				PendingAction: portainer.PendingActions{
-					EndpointID: 2,
-					Action:     "CleanNAPWithOverridePolicies",
-					ActionData: nil,
-				},
-				Expected: nil,
-			},
-			{
-				Name: "test actionData empty and expected error",
-				PendingAction: portainer.PendingActions{
-					EndpointID: 2,
-					Action:     "CleanNAPWithOverridePolicies",
-					ActionData: "",
-				},
-				Expected: nil,
-				Err:      true,
-			},
-		}
-
-		for _, d := range testData {
-			err := store.PendingActions().Create(&d.PendingAction)
-			if err != nil {
-				t.Error(err)
-				return
-			}
-
-			pendingActions, err := store.PendingActions().ReadAll()
-			if err != nil {
-				t.Error(err)
-				return
-			}
-
-			for _, endpointPendingAction := range pendingActions {
-				t.Run(d.Name, func(t *testing.T) {
-					if endpointPendingAction.Action == "CleanNAPWithOverridePolicies" {
-						actionData, err := actions.ConvertCleanNAPWithOverridePoliciesPayload(endpointPendingAction.ActionData)
-						if d.Err && err == nil {
-							t.Error(err)
-						}
-
-						if d.Expected == nil && actionData != nil {
-							t.Errorf("expected nil , got %d", actionData)
-						}
-
-						if d.Expected != nil && actionData == nil {
-							t.Errorf("expected not nil , got %d", actionData)
-						}
-
-						if d.Expected != nil && actionData.EndpointGroupID != d.Expected.EndpointGroupID {
-							t.Errorf("expected EndpointGroupID %d , got %d", d.Expected.EndpointGroupID, actionData.EndpointGroupID)
-						}
-					}
-				})
-			}
-
-			store.PendingActions().Delete(d.PendingAction.ID)
-		}
-	})
-}
--- a/api/datastore/postinit/migrate_post_init.go
+++ b/api/datastore/postinit/migrate_post_init.go
@@ -1,203 +0,0 @@
-package postinit
-
-import (
-	"context"
-	"fmt"
-	"reflect"
-
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/client"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
-	dockerClient "github.com/portainer/portainer/api/docker/client"
-	"github.com/portainer/portainer/api/internal/endpointutils"
-	"github.com/portainer/portainer/api/kubernetes/cli"
-	"github.com/portainer/portainer/api/pendingactions/actions"
-
-	"github.com/rs/zerolog/log"
-)
-
-type PostInitMigrator struct {
-	kubeFactory        *cli.ClientFactory
-	dockerFactory      *dockerClient.ClientFactory
-	dataStore          dataservices.DataStore
-	assetsPath         string
-	kubernetesDeployer portainer.KubernetesDeployer
-}
-
-func NewPostInitMigrator(
-	kubeFactory *cli.ClientFactory,
-	dockerFactory *dockerClient.ClientFactory,
-	dataStore dataservices.DataStore,
-	assetsPath string,
-	kubernetesDeployer portainer.KubernetesDeployer,
-) *PostInitMigrator {
-	return &PostInitMigrator{
-		kubeFactory:        kubeFactory,
-		dockerFactory:      dockerFactory,
-		dataStore:          dataStore,
-		assetsPath:         assetsPath,
-		kubernetesDeployer: kubernetesDeployer,
-	}
-}
-
-// PostInitMigrate will run all post-init migrations, which require docker/kube clients for all edge or non-edge environments
-func (postInitMigrator *PostInitMigrator) PostInitMigrate() error {
-	environments, err := postInitMigrator.dataStore.Endpoint().Endpoints()
-	if err != nil {
-		log.Error().Err(err).Msg("Error getting environments")
-		return err
-	}
-
-	for _, environment := range environments {
-		// edge environments will run after the server starts, in pending actions
-		if endpointutils.IsEdgeEndpoint(&environment) {
-			log.Info().Msgf("Adding pending action 'PostInitMigrateEnvironment' for environment %d", environment.ID)
-			err = postInitMigrator.createPostInitMigrationPendingAction(environment.ID)
-			if err != nil {
-				log.Error().Err(err).Msgf("Error creating pending action for environment %d", environment.ID)
-			}
-		} else {
-			// non-edge environments will run before the server starts.
-			err = postInitMigrator.MigrateEnvironment(&environment)
-			if err != nil {
-				log.Error().Err(err).Msgf("Error running post-init migrations for non-edge environment %d", environment.ID)
-			}
-		}
-
-	}
-
-	return nil
-}
-
-// try to create a post init migration pending action. If it already exists, do nothing
-// this function exists for readability, not reusability
-// TODO: This should be moved into pending actions as part of the pending action migration
-func (postInitMigrator *PostInitMigrator) createPostInitMigrationPendingAction(environmentID portainer.EndpointID) error {
-	migrateEnvPendingAction := portainer.PendingActions{
-		EndpointID: environmentID,
-		Action:     actions.PostInitMigrateEnvironment,
-	}
-
-	// Get all pending actions and filter them by endpoint, action and action args that are equal to the migrateEnvPendingAction
-	pendingActions, err := postInitMigrator.dataStore.PendingActions().ReadAll()
-	if err != nil {
-		log.Error().Err(err).Msgf("Error retrieving pending actions")
-		return fmt.Errorf("failed to retrieve pending actions for environment %d: %w", environmentID, err)
-	}
-	for _, pendingAction := range pendingActions {
-		if pendingAction.EndpointID == environmentID &&
-			pendingAction.Action == migrateEnvPendingAction.Action &&
-			reflect.DeepEqual(pendingAction.ActionData, migrateEnvPendingAction.ActionData) {
-			log.Debug().Msgf("Migration pending action for environment %d already exists, skipping creating another", environmentID)
-			return nil
-		}
-	}
-
-	// If there are no pending actions for the given endpoint, create one
-	err = postInitMigrator.dataStore.PendingActions().Create(&migrateEnvPendingAction)
-	if err != nil {
-		log.Error().Err(err).Msgf("Error creating pending action for environment %d", environmentID)
-	}
-	return nil
-}
-
-// MigrateEnvironment runs migrations on a single environment
-func (migrator *PostInitMigrator) MigrateEnvironment(environment *portainer.Endpoint) error {
-	log.Info().Msgf("Executing post init migration for environment %d", environment.ID)
-
-	switch {
-	case endpointutils.IsKubernetesEndpoint(environment):
-		// get the kubeclient for the environment, and skip all kube migrations if there's an error
-		kubeclient, err := migrator.kubeFactory.GetKubeClient(environment)
-		if err != nil {
-			log.Error().Err(err).Msgf("Error creating kubeclient for environment: %d", environment.ID)
-			return err
-		}
-		// if one environment fails, it is logged and the next migration runs. The error is returned at the end and handled by pending actions
-		err = migrator.MigrateIngresses(*environment, kubeclient)
-		if err != nil {
-			return err
-		}
-		return nil
-	case endpointutils.IsDockerEndpoint(environment):
-		// get the docker client for the environment, and skip all docker migrations if there's an error
-		dockerClient, err := migrator.dockerFactory.CreateClient(environment, "", nil)
-		if err != nil {
-			log.Error().Err(err).Msgf("Error creating docker client for environment: %d", environment.ID)
-			return err
-		}
-		defer dockerClient.Close()
-		migrator.MigrateGPUs(*environment, dockerClient)
-	}
-
-	return nil
-}
-
-func (migrator *PostInitMigrator) MigrateIngresses(environment portainer.Endpoint, kubeclient *cli.KubeClient) error {
-	// Early exit if we do not need to migrate!
-	if !environment.PostInitMigrations.MigrateIngresses {
-		return nil
-	}
-	log.Debug().Msgf("Migrating ingresses for environment %d", environment.ID)
-
-	err := migrator.kubeFactory.MigrateEndpointIngresses(&environment, migrator.dataStore, kubeclient)
-	if err != nil {
-		log.Error().Err(err).Msgf("Error migrating ingresses for environment %d", environment.ID)
-		return err
-	}
-	return nil
-}
-
-// MigrateGPUs will check all docker endpoints for containers with GPUs and set EnableGPUManagement to true if any are found
-// If there's an error getting the containers, we'll log it and move on
-func (migrator *PostInitMigrator) MigrateGPUs(e portainer.Endpoint, dockerClient *client.Client) error {
-	return migrator.dataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
-		environment, err := tx.Endpoint().Endpoint(e.ID)
-		if err != nil {
-			log.Error().Err(err).Msgf("Error getting environment %d", environment.ID)
-			return err
-		}
-		// Early exit if we do not need to migrate!
-		if !environment.PostInitMigrations.MigrateGPUs {
-			return nil
-		}
-		log.Debug().Msgf("Migrating GPUs for environment %d", e.ID)
-
-		// get all containers
-		containers, err := dockerClient.ContainerList(context.Background(), container.ListOptions{All: true})
-		if err != nil {
-			log.Error().Err(err).Msgf("failed to list containers for environment %d", environment.ID)
-			return err
-		}
-
-		// check for a gpu on each container. If even one GPU is found, set EnableGPUManagement to true for the whole environment
-	containersLoop:
-		for _, container := range containers {
-			// https://www.sobyte.net/post/2022-10/go-docker/ has nice documentation on the docker client with GPUs
-			containerDetails, err := dockerClient.ContainerInspect(context.Background(), container.ID)
-			if err != nil {
-				log.Error().Err(err).Msg("failed to inspect container")
-				continue
-			}
-
-			deviceRequests := containerDetails.HostConfig.Resources.DeviceRequests
-			for _, deviceRequest := range deviceRequests {
-				if deviceRequest.Driver == "nvidia" {
-					environment.EnableGPUManagement = true
-					break containersLoop
-				}
-			}
-		}
-
-		// set the MigrateGPUs flag to false so we don't run this again
-		environment.PostInitMigrations.MigrateGPUs = false
-		err = tx.Endpoint().UpdateEndpoint(environment.ID, environment)
-		if err != nil {
-			log.Error().Err(err).Msgf("Error updating EnableGPUManagement flag for environment %d", environment.ID)
-			return err
-		}
-
-		return nil
-	})
-}
--- a/api/datastore/services.go
+++ b/api/datastore/services.go
@@ -402,6 +402,7 @@ type storeExport struct {
 }

 func (store *Store) Export(filename string) (err error) {
+
 	backup := storeExport{}

 	if c, err := store.CustomTemplate().ReadAll(); err != nil {
@@ -605,7 +606,6 @@ func (store *Store) Export(filename string) (err error) {
 	if err != nil {
 		return err
 	}
-
 	return os.WriteFile(filename, b, 0600)
 }

--- a/api/datastore/services_tx.go
+++ b/api/datastore/services_tx.go
@@ -16,9 +16,7 @@ func (tx *StoreTx) IsErrObjectNotFound(err error) bool {

 func (tx *StoreTx) CustomTemplate() dataservices.CustomTemplateService { return nil }

-func (tx *StoreTx) PendingActions() dataservices.PendingActionsService {
-	return tx.store.PendingActionsService.Tx(tx.tx)
-}
+func (tx *StoreTx) PendingActions() dataservices.PendingActionsService { return nil }

 func (tx *StoreTx) EdgeGroup() dataservices.EdgeGroupService {
 	return tx.store.EdgeGroupService.Tx(tx.tx)
@@ -80,10 +78,7 @@ func (tx *StoreTx) TeamMembership() dataservices.TeamMembershipService {
 	return tx.store.TeamMembershipService.Tx(tx.tx)
 }

-func (tx *StoreTx) Team() dataservices.TeamService {
-	return tx.store.TeamService.Tx(tx.tx)
-}
-
+func (tx *StoreTx) Team() dataservices.TeamService                 { return nil }
 func (tx *StoreTx) TunnelServer() dataservices.TunnelServerService { return nil }

 func (tx *StoreTx) User() dataservices.UserService {
--- a/api/datastore/test_data/output_24_to_latest.json
+++ b/api/datastore/test_data/output_24_to_latest.json
@@ -631,7 +631,6 @@
    "LogoURL": "",
    "OAuthSettings": {
      "AccessTokenURI": "",
-      "AuthStyle": 0,
      "AuthorizationURI": "",
      "ClientID": "",
      "DefaultTeamID": 0,
@@ -678,7 +677,6 @@
            "Architecture": "",
            "BridgeNfIp6tables": false,
            "BridgeNfIptables": false,
-            "CDISpecDirs": null,
            "CPUSet": false,
            "CPUShares": false,
            "CgroupDriver": "",
@@ -941,6 +939,6 @@
    }
  ],
  "version": {
-    "VERSION": "{\"SchemaVersion\":\"2.21.4\",\"MigratorCount\":0,\"Edition\":1,\"InstanceID\":\"463d5c47-0ea5-4aca-85b1-405ceefee254\"}"
+    "VERSION": "{\"SchemaVersion\":\"2.22.0\",\"MigratorCount\":0,\"Edition\":1,\"InstanceID\":\"463d5c47-0ea5-4aca-85b1-405ceefee254\"}"
  }
 }
--- a/api/docker/client/client.go
+++ b/api/docker/client/client.go
@@ -3,6 +3,7 @@ package client
 import (
 	"bytes"
 	"errors"
+	"fmt"
 	"io"
 	"maps"
 	"net/http"
@@ -12,7 +13,7 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/crypto"

-	"github.com/docker/docker/api/types/image"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
 	"github.com/segmentio/encoding/json"
 )
@@ -49,12 +50,12 @@ func (factory *ClientFactory) CreateClient(endpoint *portainer.Endpoint, nodeNam
 	case portainer.AgentOnDockerEnvironment:
 		return createAgentClient(endpoint, endpoint.URL, factory.signatureService, nodeName, timeout)
 	case portainer.EdgeAgentOnDockerEnvironment:
-		tunnelAddr, err := factory.reverseTunnelService.TunnelAddr(endpoint)
+		tunnel, err := factory.reverseTunnelService.GetActiveTunnel(endpoint)
 		if err != nil {
 			return nil, err
 		}

-		endpointURL := "http://" + tunnelAddr
+		endpointURL := fmt.Sprintf("http://127.0.0.1:%d", tunnel.Port)

 		return createAgentClient(endpoint, endpointURL, factory.signatureService, nodeName, timeout)
 	}
@@ -92,17 +93,11 @@ func createTCPClient(endpoint *portainer.Endpoint, timeout *time.Duration) (*cli
 		return nil, err
 	}

-	opts := []client.Opt{
+	return client.NewClientWithOpts(
 		client.WithHost(endpoint.URL),
 		client.WithAPIVersionNegotiation(),
 		client.WithHTTPClient(httpCli),
-	}
-
-	if nnTransport, ok := httpCli.Transport.(*NodeNameTransport); ok && nnTransport.TLSClientConfig != nil {
-		opts = append(opts, client.WithScheme("https"))
-	}
-
-	return client.NewClientWithOpts(opts...)
+	)
 }

 func createAgentClient(endpoint *portainer.Endpoint, endpointURL string, signatureService portainer.DigitalSignatureService, nodeName string, timeout *time.Duration) (*client.Client, error) {
@@ -164,7 +159,7 @@ func (t *NodeNameTransport) RoundTrip(req *http.Request) (*http.Response, error)
 	resp.Body = io.NopCloser(bytes.NewReader(body))

 	var rs []struct {
-		image.Summary
+		types.ImageSummary
 		Portainer struct {
 			Agent struct {
 				NodeName string
--- a/api/docker/container.go
+++ b/api/docker/container.go
@@ -4,17 +4,15 @@ import (
 	"context"
 	"strings"

-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
-	dockerclient "github.com/portainer/portainer/api/docker/client"
-	"github.com/portainer/portainer/api/docker/images"
-
-	"github.com/Masterminds/semver"
 	"github.com/docker/docker/api/types"
 	dockercontainer "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/client"
 	"github.com/pkg/errors"
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/dataservices"
+	dockerclient "github.com/portainer/portainer/api/docker/client"
+	"github.com/portainer/portainer/api/docker/images"
 	"github.com/rs/zerolog/log"
 )

@@ -32,44 +30,6 @@ func NewContainerService(factory *dockerclient.ClientFactory, dataStore dataserv
 	}
 }

-// applyVersionConstraint uses the version to apply a transformation function to
-// the value when the constraint is satisfied
-func applyVersionConstraint[T any](currentVersion, versionConstraint string, value T, transform func(T) T) (T, error) {
-	newValue := value
-
-	constraint, err := semver.NewConstraint(versionConstraint)
-	if err != nil {
-		return newValue, errors.New("invalid version constraint specified")
-	}
-
-	currentVer, err := semver.NewVersion(currentVersion)
-	if err != nil {
-		log.Warn().Err(err).Msg("Unable to parse the Docker client version")
-
-		return newValue, nil
-	}
-
-	if satisfiesConstraint, _ := constraint.Validate(currentVer); satisfiesConstraint {
-		newValue = transform(value)
-	}
-
-	return newValue, nil
-}
-
-func clearMacAddrs(n network.NetworkingConfig) network.NetworkingConfig {
-	netConfig := network.NetworkingConfig{
-		EndpointsConfig: make(map[string]*network.EndpointSettings),
-	}
-
-	for k := range n.EndpointsConfig {
-		endpointConfig := n.EndpointsConfig[k].Copy()
-		endpointConfig.MacAddress = ""
-		netConfig.EndpointsConfig[k] = endpointConfig
-	}
-
-	return netConfig
-}
-
 // Recreate a container
 func (c *ContainerService) Recreate(ctx context.Context, endpoint *portainer.Endpoint, containerId string, forcePullImage bool, imageTag, nodeName string) (*types.ContainerJSON, error) {
 	cli, err := c.factory.CreateClient(endpoint, nodeName, nil)
@@ -130,7 +90,7 @@ func (c *ContainerService) Recreate(ctx context.Context, endpoint *portainer.End
 		return nil, errors.Wrap(err, "rename container error")
 	}

-	initialNetwork := network.NetworkingConfig{
+	networkWithCreation := network.NetworkingConfig{
 		EndpointsConfig: make(map[string]*network.EndpointSettings),
 	}

@@ -143,10 +103,10 @@ func (c *ContainerService) Recreate(ctx context.Context, endpoint *portainer.End
 		}

 		// 5. get the first network attached to the current container
-		if len(initialNetwork.EndpointsConfig) == 0 {
+		if len(networkWithCreation.EndpointsConfig) == 0 {
 			// Retrieve the first network that is linked to the present container, which
 			// will be utilized when creating the container.
-			initialNetwork.EndpointsConfig[name] = network
+			networkWithCreation.EndpointsConfig[name] = network
 		}
 	}
 	c.sr.enable()
@@ -159,7 +119,7 @@ func (c *ContainerService) Recreate(ctx context.Context, endpoint *portainer.End
 		for _, network := range container.NetworkSettings.Networks {
 			cli.NetworkConnect(ctx, network.NetworkID, containerId, network)
 		}
-		cli.ContainerStart(ctx, containerId, dockercontainer.StartOptions{})
+		cli.ContainerStart(ctx, containerId, types.ContainerStartOptions{})
 	})

 	log.Debug().Str("container", strings.Split(container.Name, "/")[1]).Msg("starting to create a new container")
@@ -170,20 +130,12 @@ func (c *ContainerService) Recreate(ctx context.Context, endpoint *portainer.End
 	// to retain the same network settings we have to connect on creation to one of the old
 	// container's networks, and connect to the other networks after creation.
 	// see: https://portainer.atlassian.net/browse/EE-5448
-
-	// Docker API < 1.44 does not support specifying MAC addresses
-	// https://github.com/moby/moby/blob/6aea26b431ea152a8b085e453da06ea403f89886/client/container_create.go#L44-L46
-	initialNetwork, err = applyVersionConstraint(cli.ClientVersion(), "< 1.44", initialNetwork, clearMacAddrs)
-	if err != nil {
-		return nil, err
-	}
-
-	create, err := cli.ContainerCreate(ctx, container.Config, container.HostConfig, &initialNetwork, nil, container.Name)
+	create, err := cli.ContainerCreate(ctx, container.Config, container.HostConfig, &networkWithCreation, nil, container.Name)

 	c.sr.push(func() {
 		log.Debug().Str("container_id", create.ID).Msg("removing the new container")
 		cli.ContainerStop(ctx, create.ID, dockercontainer.StopOptions{})
-		cli.ContainerRemove(ctx, create.ID, dockercontainer.RemoveOptions{})
+		cli.ContainerRemove(ctx, create.ID, types.ContainerRemoveOptions{})
 	})

 	if err != nil {
@@ -198,7 +150,8 @@ func (c *ContainerService) Recreate(ctx context.Context, endpoint *portainer.End
 	log.Debug().Str("container_id", newContainerId).Msg("connecting networks to container")
 	networks := container.NetworkSettings.Networks
 	for key, network := range networks {
-		if _, ok := initialNetwork.EndpointsConfig[key]; ok {
+		_, ok := networkWithCreation.EndpointsConfig[key]
+		if ok {
 			// skip the network that is used during container creation
 			continue
 		}
@@ -211,14 +164,14 @@ func (c *ContainerService) Recreate(ctx context.Context, endpoint *portainer.End

 	// 8. start the new container
 	log.Debug().Str("container_id", newContainerId).Msg("starting the new container")
-	err = cli.ContainerStart(ctx, newContainerId, dockercontainer.StartOptions{})
+	err = cli.ContainerStart(ctx, newContainerId, types.ContainerStartOptions{})
 	if err != nil {
 		return nil, errors.Wrap(err, "start container error")
 	}

 	// 9. delete the old container
 	log.Debug().Str("container_id", containerId).Msg("starting to remove the old container")
-	_ = cli.ContainerRemove(ctx, containerId, dockercontainer.RemoveOptions{})
+	_ = cli.ContainerRemove(ctx, containerId, types.ContainerRemoveOptions{})

 	c.sr.disable()

--- a/api/docker/container_test.go
+++ b/api/docker/container_test.go
@@ -1,52 +0,0 @@
-package docker
-
-import (
-	"testing"
-
-	"github.com/docker/docker/api/types/network"
-	"github.com/stretchr/testify/require"
-)
-
-func TestApplyVersionConstraint(t *testing.T) {
-	initialNet := network.NetworkingConfig{
-		EndpointsConfig: map[string]*network.EndpointSettings{
-			"key1": {
-				MacAddress: "mac1",
-				EndpointID: "endpointID1",
-			},
-			"key2": {
-				MacAddress: "mac2",
-				EndpointID: "endpointID2",
-			},
-		},
-	}
-
-	f := func(currentVer string, constraint string, success, emptyMac bool) {
-		t.Helper()
-
-		transformedNet, err := applyVersionConstraint(currentVer, constraint, initialNet, clearMacAddrs)
-		if success {
-			require.NoError(t, err)
-		} else {
-			require.Error(t, err)
-		}
-
-		require.Len(t, transformedNet.EndpointsConfig, len(initialNet.EndpointsConfig))
-
-		for k := range initialNet.EndpointsConfig {
-			if emptyMac {
-				require.NotEqual(t, initialNet.EndpointsConfig[k], transformedNet.EndpointsConfig[k])
-				require.Empty(t, transformedNet.EndpointsConfig[k].MacAddress)
-
-				continue
-			}
-
-			require.Equal(t, initialNet.EndpointsConfig[k], transformedNet.EndpointsConfig[k])
-		}
-	}
-
-	f("1.45", "< 1.44", true, false)  // No transformation
-	f("1.43", "< 1.44", true, true)   // Transformation
-	f("a.b.", "< 1.44", true, false)  // Invalid current version
-	f("1.45", "z 1.44", false, false) // Invalid version constraint
-}
--- a/api/docker/images/status.go
+++ b/api/docker/images/status.go
@@ -7,7 +7,6 @@ import (
 	"time"

 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
 	portainer "github.com/portainer/portainer/api"
 	consts "github.com/portainer/portainer/api/docker/consts"
@@ -158,7 +157,7 @@ func (c *DigestClient) ServiceImageStatus(ctx context.Context, serviceID string,
 		return Error, nil
 	}

-	containers, err := cli.ContainerList(ctx, container.ListOptions{
+	containers, err := cli.ContainerList(ctx, types.ContainerListOptions{
 		All:     true,
 		Filters: filters.NewArgs(filters.Arg("label", consts.SwarmServiceIdLabel+"="+serviceID)),
 	})
--- a/api/docker/snapshot.go
+++ b/api/docker/snapshot.go
@@ -6,7 +6,6 @@ import (
 	"time"

 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
 	_container "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/volume"
 	"github.com/docker/docker/client"
@@ -148,7 +147,7 @@ func snapshotSwarmServices(snapshot *portainer.DockerSnapshot, cli *client.Clien
 }

 func snapshotContainers(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
-	containers, err := cli.ContainerList(context.Background(), container.ListOptions{All: true})
+	containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{All: true})
 	if err != nil {
 		return err
 	}
--- a/api/exec/swarm_stack.go
+++ b/api/exec/swarm_stack.go
@@ -3,6 +3,7 @@ package exec
 import (
 	"bytes"
 	"errors"
+	"fmt"
 	"os"
 	"os/exec"
 	"path"
@@ -185,11 +186,11 @@ func (manager *SwarmStackManager) prepareDockerCommandAndArgs(binaryPath, config

 	endpointURL := endpoint.URL
 	if endpoint.Type == portainer.EdgeAgentOnDockerEnvironment {
-		tunnelAddr, err := manager.reverseTunnelService.TunnelAddr(endpoint)
+		tunnel, err := manager.reverseTunnelService.GetActiveTunnel(endpoint)
 		if err != nil {
 			return "", nil, err
 		}
-		endpointURL = "tcp://" + tunnelAddr
+		endpointURL = fmt.Sprintf("tcp://127.0.0.1:%d", tunnel.Port)
 	}

 	args = append(args, "-H", endpointURL)
--- a/api/filesystem/filesystem.go
+++ b/api/filesystem/filesystem.go
@@ -934,7 +934,7 @@ func FileExists(filePath string) (bool, error) {
 func (service *Service) SafeMoveDirectory(originalPath, newPath string) error {
 	// 1. Backup the source directory to a different folder
 	backupDir := fmt.Sprintf("%s-%s", filepath.Dir(originalPath), "backup")
-	err := MoveDirectory(originalPath, backupDir, false)
+	err := MoveDirectory(originalPath, backupDir)
 	if err != nil {
 		return fmt.Errorf("failed to backup source directory: %w", err)
 	}
@@ -973,14 +973,14 @@ func restoreBackup(src, backupDir string) error {
 		return fmt.Errorf("failed to delete destination directory: %w", err)
 	}

-	err = MoveDirectory(backupDir, src, false)
+	err = MoveDirectory(backupDir, src)
 	if err != nil {
 		return fmt.Errorf("failed to restore backup directory: %w", err)
 	}
 	return nil
 }

-func MoveDirectory(originalPath, newPath string, overwriteTargetPath bool) error {
+func MoveDirectory(originalPath, newPath string) error {
 	if _, err := os.Stat(originalPath); err != nil {
 		return err
 	}
@@ -991,13 +991,7 @@ func MoveDirectory(originalPath, newPath string, overwriteTargetPath bool) error
 	}

 	if alreadyExists {
-		if !overwriteTargetPath {
-			return fmt.Errorf("Target path already exists")
-		}
-
-		if err = os.RemoveAll(newPath); err != nil {
-			return fmt.Errorf("failed to overwrite path %s: %s", newPath, err.Error())
-		}
+		return errors.New("Target path already exists")
 	}

 	return os.Rename(originalPath, newPath)
--- a/api/filesystem/filesystem_move_test.go
+++ b/api/filesystem/filesystem_move_test.go
@@ -16,7 +16,7 @@ func Test_movePath_shouldFailIfSourceDirDoesNotExist(t *testing.T) {
 	file1 := addFile(destinationDir, "dir", "file")
 	file2 := addFile(destinationDir, "file")

-	err := MoveDirectory(sourceDir, destinationDir, false)
+	err := MoveDirectory(sourceDir, destinationDir)
 	assert.Error(t, err, "move directory should fail when source path is missing")
 	assert.FileExists(t, file1, "destination dir contents should remain")
 	assert.FileExists(t, file2, "destination dir contents should remain")
@@ -30,7 +30,7 @@ func Test_movePath_shouldFailIfDestinationDirExists(t *testing.T) {
 	file3 := addFile(destinationDir, "dir", "file")
 	file4 := addFile(destinationDir, "file")

-	err := MoveDirectory(sourceDir, destinationDir, false)
+	err := MoveDirectory(sourceDir, destinationDir)
 	assert.Error(t, err, "move directory should fail when destination directory already exists")
 	assert.FileExists(t, file1, "source dir contents should remain")
 	assert.FileExists(t, file2, "source dir contents should remain")
@@ -38,22 +38,6 @@ func Test_movePath_shouldFailIfDestinationDirExists(t *testing.T) {
 	assert.FileExists(t, file4, "destination dir contents should remain")
 }

-func Test_movePath_succesIfOverwriteSetWhenDestinationDirExists(t *testing.T) {
-	sourceDir := t.TempDir()
-	file1 := addFile(sourceDir, "dir", "file")
-	file2 := addFile(sourceDir, "file")
-	destinationDir := t.TempDir()
-	file3 := addFile(destinationDir, "dir", "file")
-	file4 := addFile(destinationDir, "file")
-
-	err := MoveDirectory(sourceDir, destinationDir, true)
-	assert.NoError(t, err)
-	assert.NoFileExists(t, file1, "source dir contents should be moved")
-	assert.NoFileExists(t, file2, "source dir contents should be moved")
-	assert.FileExists(t, file3, "destination dir contents should remain")
-	assert.FileExists(t, file4, "destination dir contents should remain")
-}
-
 func Test_movePath_successWhenSourceExistsAndDestinationIsMissing(t *testing.T) {
 	tmp := t.TempDir()
 	sourceDir := path.Join(tmp, "source")
@@ -62,7 +46,7 @@ func Test_movePath_successWhenSourceExistsAndDestinationIsMissing(t *testing.T)
 	file2 := addFile(sourceDir, "file")
 	destinationDir := path.Join(tmp, "destination")

-	err := MoveDirectory(sourceDir, destinationDir, false)
+	err := MoveDirectory(sourceDir, destinationDir)
 	assert.NoError(t, err)
 	assert.NoFileExists(t, file1, "source dir contents should be moved")
 	assert.NoFileExists(t, file2, "source dir contents should be moved")
--- a/api/git/backup.go
+++ b/api/git/backup.go
@@ -38,7 +38,7 @@ func CloneWithBackup(gitService portainer.GitService, fileService portainer.File
 		}
 	}

-	err = filesystem.MoveDirectory(options.ProjectPath, backupProjectPath, true)
+	err = filesystem.MoveDirectory(options.ProjectPath, backupProjectPath)
 	if err != nil {
 		return cleanFn, errors.WithMessage(err, "Unable to move git repository directory")
 	}
@@ -48,7 +48,7 @@ func CloneWithBackup(gitService portainer.GitService, fileService portainer.File
 	err = gitService.CloneRepository(options.ProjectPath, options.URL, options.ReferenceName, options.Username, options.Password, options.TLSSkipVerify)
 	if err != nil {
 		cleanUp = false
-		restoreError := filesystem.MoveDirectory(backupProjectPath, options.ProjectPath, false)
+		restoreError := filesystem.MoveDirectory(backupProjectPath, options.ProjectPath)
 		if restoreError != nil {
 			log.Warn().Err(restoreError).Msg("failed restoring backup folder")
 		}
--- a/api/git/git.go
+++ b/api/git/git.go
@@ -143,7 +143,6 @@ func (c *gitClient) listFiles(ctx context.Context, opt fetchOption) ([]string, e
 		ReferenceName:   plumbing.ReferenceName(opt.referenceName),
 		Auth:            getAuth(opt.username, opt.password),
 		InsecureSkipTLS: opt.tlsSkipVerify,
-		Tags:            git.NoTags,
 	}

 	repo, err := git.Clone(memory.NewStorage(), nil, cloneOption)
@@ -167,10 +166,7 @@ func (c *gitClient) listFiles(ctx context.Context, opt fetchOption) ([]string, e
 	}

 	var allPaths []string
-
 	w := object.NewTreeWalker(tree, true, nil)
-	defer w.Close()
-
 	for {
 		name, entry, err := w.Next()
 		if err != nil {
--- a/api/git/git_test.go
+++ b/api/git/git_test.go
@@ -91,29 +91,6 @@ func Test_latestCommitID(t *testing.T) {
 	assert.Equal(t, "68dcaa7bd452494043c64252ab90db0f98ecf8d2", id)
 }

-func Test_ListRefs(t *testing.T) {
-	service := Service{git: NewGitClient(true)}
-
-	repositoryURL := setup(t)
-
-	fs, err := service.ListRefs(repositoryURL, "", "", false, false)
-
-	assert.NoError(t, err)
-	assert.Equal(t, []string{"refs/heads/main"}, fs)
-}
-
-func Test_ListFiles(t *testing.T) {
-	service := Service{git: NewGitClient(true)}
-
-	repositoryURL := setup(t)
-	referenceName := "refs/heads/main"
-
-	fs, err := service.ListFiles(repositoryURL, referenceName, "", "", false, false, []string{".yml"}, false)
-
-	assert.NoError(t, err)
-	assert.Equal(t, []string{"docker-compose.yml"}, fs)
-}
-
 func getCommitHistoryLength(t *testing.T, err error, dir string) int {
 	repo, err := git.PlainOpen(dir)
 	if err != nil {
--- a/api/git/service.go
+++ b/api/git/service.go
@@ -9,7 +9,6 @@ import (

 	lru "github.com/hashicorp/golang-lru"
 	"github.com/rs/zerolog/log"
-	"golang.org/x/sync/singleflight"
 )

 const (
@@ -224,23 +223,11 @@ func (service *Service) ListRefs(repositoryURL, username, password string, hardR
 	return refs, nil
 }

-var singleflightGroup = &singleflight.Group{}
-
 // ListFiles will list all the files of the target repository with specific extensions.
 // If extension is not provided, it will list all the files under the target repository
 func (service *Service) ListFiles(repositoryURL, referenceName, username, password string, dirOnly, hardRefresh bool, includedExts []string, tlsSkipVerify bool) ([]string, error) {
 	repoKey := generateCacheKey(repositoryURL, referenceName, username, password, strconv.FormatBool(tlsSkipVerify), strconv.FormatBool(dirOnly))

-	fs, err, _ := singleflightGroup.Do(repoKey, func() (any, error) {
-		return service.listFiles(repositoryURL, referenceName, username, password, dirOnly, hardRefresh, tlsSkipVerify)
-	})
-
-	return filterFiles(fs.([]string), includedExts), err
-}
-
-func (service *Service) listFiles(repositoryURL, referenceName, username, password string, dirOnly, hardRefresh bool, tlsSkipVerify bool) ([]string, error) {
-	repoKey := generateCacheKey(repositoryURL, referenceName, username, password, strconv.FormatBool(tlsSkipVerify), strconv.FormatBool(dirOnly))
-
 	if service.cacheEnabled && hardRefresh {
 		// Should remove the cache explicitly, so that the following normal list can show the correct result
 		service.repoFileCache.Remove(repoKey)
@@ -248,9 +235,14 @@ func (service *Service) listFiles(repositoryURL, referenceName, username, passwo

 	if service.repoFileCache != nil {
 		// lookup the files cache first
-		if cache, ok := service.repoFileCache.Get(repoKey); ok {
-			if files, ok := cache.([]string); ok {
-				return files, nil
+		cache, ok := service.repoFileCache.Get(repoKey)
+		if ok {
+			files, success := cache.([]string)
+			if success {
+				// For the case while searching files in a repository without include extensions for the first time,
+				// but with include extensions for the second time
+				includedFiles := filterFiles(files, includedExts)
+				return includedFiles, nil
 			}
 		}
 	}
@@ -282,11 +274,12 @@ func (service *Service) listFiles(repositoryURL, referenceName, username, passwo
 		}
 	}

+	includedFiles := filterFiles(files, includedExts)
 	if service.cacheEnabled && service.repoFileCache != nil {
-		service.repoFileCache.Add(repoKey, files)
+		service.repoFileCache.Add(repoKey, includedFiles)
+		return includedFiles, nil
 	}
-
-	return files, nil
+	return includedFiles, nil
 }

 func (service *Service) purgeCache() {
--- a/api/http/csrf/csrf.go
+++ b/api/http/csrf/csrf.go
@@ -4,7 +4,6 @@ import (
 	"crypto/rand"
 	"fmt"
 	"net/http"
-	"os"

 	httperror "github.com/portainer/portainer/pkg/libhttp/error"

@@ -14,13 +13,6 @@ import (
 )

 func WithProtect(handler http.Handler) (http.Handler, error) {
-	// IsDockerDesktopExtension is used to check if we should skip csrf checks in the request bouncer (ShouldSkipCSRFCheck)
-	// DOCKER_EXTENSION is set to '1' in build/docker-extension/docker-compose.yml
-	isDockerDesktopExtension := false
-	if val, ok := os.LookupEnv("DOCKER_EXTENSION"); ok && val == "1" {
-		isDockerDesktopExtension = true
-	}
-
 	handler = withSendCSRFToken(handler)

 	token := make([]byte, 32)
@@ -35,7 +27,7 @@ func WithProtect(handler http.Handler) (http.Handler, error) {
 		gorillacsrf.Secure(false),
 	)(handler)

-	return withSkipCSRF(handler, isDockerDesktopExtension), nil
+	return withSkipCSRF(handler), nil
 }

 func withSendCSRFToken(handler http.Handler) http.Handler {
@@ -56,10 +48,10 @@ func withSendCSRFToken(handler http.Handler) http.Handler {
 	})
 }

-func withSkipCSRF(handler http.Handler, isDockerDesktopExtension bool) http.Handler {
+func withSkipCSRF(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

-		skip, err := security.ShouldSkipCSRFCheck(r, isDockerDesktopExtension)
+		skip, err := security.ShouldSkipCSRFCheck(r)
 		if err != nil {
 			httperror.WriteError(w, http.StatusForbidden, err.Error(), err)
 			return
--- a/api/http/handler/auth/authenticate.go
+++ b/api/http/handler/auth/authenticate.go
@@ -75,12 +75,7 @@ func (handler *Handler) authenticate(rw http.ResponseWriter, r *http.Request) *h
 		if settings.AuthenticationMethod == portainer.AuthenticationInternal ||
 			settings.AuthenticationMethod == portainer.AuthenticationOAuth ||
 			(settings.AuthenticationMethod == portainer.AuthenticationLDAP && !settings.LDAPSettings.AutoCreateUsers) {
-			// avoid username enumeration timing attack by creating a fake user
-			// https://en.wikipedia.org/wiki/Timing_attack
-			user = &portainer.User{
-				Username: "portainer-fake-username",
-				Password: "$2a$10$abcdefghijklmnopqrstuvwx..ABCDEFGHIJKLMNOPQRSTUVWXYZ12", // fake but valid format bcrypt hash
-			}
+			return httperror.NewError(http.StatusUnprocessableEntity, "Invalid credentials", httperrors.ErrUnauthorized)
 		}
 	}

@@ -117,11 +112,7 @@ func (handler *Handler) authenticateInternal(w http.ResponseWriter, user *portai
 func (handler *Handler) authenticateLDAP(w http.ResponseWriter, user *portainer.User, username, password string, ldapSettings *portainer.LDAPSettings) *httperror.HandlerError {
 	err := handler.LDAPService.AuthenticateUser(username, password, ldapSettings)
 	if err != nil {
-		if errors.Is(err, httperrors.ErrUnauthorized) {
-			return httperror.NewError(http.StatusUnprocessableEntity, "Invalid credentials", httperrors.ErrUnauthorized)
-		}
-
-		return httperror.InternalServerError("Unable to authenticate user against LDAP", err)
+		return httperror.Forbidden("Only initial admin is allowed to login without oauth", err)
 	}

 	if user == nil {
--- a/api/http/handler/auth/logout.go
+++ b/api/http/handler/auth/logout.go
@@ -28,7 +28,5 @@ func (handler *Handler) logout(w http.ResponseWriter, r *http.Request) *httperro

 	security.RemoveAuthCookie(w)

-	handler.bouncer.RevokeJWT(tokenData.Token)
-
 	return response.Empty(w)
 }
--- a/api/http/handler/customtemplates/customtemplate_git_fetch.go
+++ b/api/http/handler/customtemplates/customtemplate_git_fetch.go
@@ -70,7 +70,8 @@ func (handler *Handler) customTemplateGitFetch(w http.ResponseWriter, r *http.Re
 	if err != nil {
 		log.Warn().Err(err).Msg("failed to download git repository")

-		if rbErr := rollbackCustomTemplate(backupPath, customTemplate.ProjectPath); rbErr != nil {
+		if err != nil {
+			rbErr := rollbackCustomTemplate(backupPath, customTemplate.ProjectPath)
 			return httperror.InternalServerError("Failed to rollback the custom template folder", rbErr)
 		}

--- a/api/http/handler/customtemplates/customtemplate_git_fetch_test.go
+++ b/api/http/handler/customtemplates/customtemplate_git_fetch_test.go
@@ -2,7 +2,6 @@ package customtemplates

 import (
 	"bytes"
-	"errors"
 	"io"
 	"io/fs"
 	"net/http"
@@ -20,7 +19,6 @@ import (
 	"github.com/portainer/portainer/api/internal/authorization"
 	"github.com/portainer/portainer/api/internal/testhelpers"
 	"github.com/portainer/portainer/api/jwt"
-	httperror "github.com/portainer/portainer/pkg/libhttp/error"

 	"github.com/segmentio/encoding/json"
 	"github.com/stretchr/testify/assert"
@@ -51,19 +49,6 @@ func (f *TestFileService) GetFileContent(projectPath, configFilePath string) ([]
 	return os.ReadFile(filepath.Join(projectPath, configFilePath))
 }

-type InvalidTestGitService struct {
-	portainer.GitService
-	targetFilePath string
-}
-
-func (g *InvalidTestGitService) CloneRepository(dest, repoUrl, refName, username, password string, tlsSkipVerify bool) error {
-	return errors.New("simulate network error")
-}
-
-func (g *InvalidTestGitService) LatestCommitID(repositoryURL, referenceName, username, password string, tlsSkipVerify bool) (string, error) {
-	return "", nil
-}
-
 func createTestFile(targetPath string) error {
 	f, err := os.Create(targetPath)
 	if err != nil {
@@ -189,28 +174,4 @@ func Test_customTemplateGitFetch(t *testing.T) {

 		singleAPIRequest(h, jwt2, is, "gfedcba")
 	})
-
-	t.Run("restore git repository if it is failed to download the new git repository", func(t *testing.T) {
-		invalidGitService := &InvalidTestGitService{
-			targetFilePath: filepath.Join(template1.ProjectPath, template1.GitConfig.ConfigFilePath),
-		}
-		h := NewHandler(requestBouncer, store, fileService, invalidGitService)
-
-		req := httptest.NewRequest(http.MethodPut, "/custom_templates/1/git_fetch", bytes.NewBuffer([]byte("{}")))
-		testhelpers.AddTestSecurityCookie(req, jwt1)
-
-		rr := httptest.NewRecorder()
-		h.ServeHTTP(rr, req)
-
-		is.Equal(http.StatusInternalServerError, rr.Code)
-
-		var errResp httperror.HandlerError
-		err = json.NewDecoder(rr.Body).Decode(&errResp)
-		assert.NoError(t, err, "failed to parse error body")
-
-		assert.FileExists(t, gitService.targetFilePath, "previous git repository is not restored")
-		fileContent, err := os.ReadFile(gitService.targetFilePath)
-		assert.NoError(t, err, "failed to read target file")
-		assert.Equal(t, "gfedcba", string(fileContent))
-	})
 }
--- a/api/http/handler/docker/containers/handler.go
+++ b/api/http/handler/docker/containers/handler.go
@@ -7,7 +7,6 @@ import (
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/docker"
 	dockerclient "github.com/portainer/portainer/api/docker/client"
-	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/security"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 )
@@ -31,7 +30,7 @@ func NewHandler(routePrefix string, bouncer security.BouncerService, dataStore d
 	}

 	router := h.PathPrefix(routePrefix).Subrouter()
-	router.Use(bouncer.AuthenticatedAccess, middlewares.CheckEndpointAuthorization(bouncer))
+	router.Use(bouncer.AuthenticatedAccess)

 	router.Handle("/{containerId}/gpus", httperror.LoggerHandler(h.containerGpusInspect)).Methods(http.MethodGet)
 	router.Handle("/{containerId}/recreate", httperror.LoggerHandler(h.recreate)).Methods(http.MethodPost)
--- a/api/http/handler/docker/handler.go
+++ b/api/http/handler/docker/handler.go
@@ -40,14 +40,14 @@ func NewHandler(bouncer security.BouncerService, authorizationService *authoriza
 	}

 	// endpoints
-	endpointRouter := h.PathPrefix("/docker/{id}").Subrouter()
+	endpointRouter := h.PathPrefix("/{id}").Subrouter()
 	endpointRouter.Use(middlewares.WithEndpoint(dataStore.Endpoint(), "id"))
 	endpointRouter.Use(dockerOnlyMiddleware)

-	containersHandler := containers.NewHandler("/docker/{id}/containers", bouncer, dataStore, dockerClientFactory, containerService)
+	containersHandler := containers.NewHandler("/{id}/containers", bouncer, dataStore, dockerClientFactory, containerService)
 	endpointRouter.PathPrefix("/containers").Handler(containersHandler)

-	imagesHandler := images.NewHandler("/docker/{id}/images", bouncer, dockerClientFactory)
+	imagesHandler := images.NewHandler("/{id}/images", bouncer, dockerClientFactory)
 	endpointRouter.PathPrefix("/images").Handler(imagesHandler)
 	return h
 }
--- a/api/http/handler/docker/images/handler.go
+++ b/api/http/handler/docker/images/handler.go
@@ -4,7 +4,6 @@ import (
 	"net/http"

 	"github.com/portainer/portainer/api/docker/client"
-	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/security"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"

@@ -26,7 +25,7 @@ func NewHandler(routePrefix string, bouncer security.BouncerService, dockerClien
 	}

 	router := h.PathPrefix(routePrefix).Subrouter()
-	router.Use(bouncer.AuthenticatedAccess, middlewares.CheckEndpointAuthorization(bouncer))
+	router.Use(bouncer.AuthenticatedAccess)

 	router.Handle("", httperror.LoggerHandler(h.imagesList)).Methods(http.MethodGet)
 	return h
--- a/api/http/handler/docker/images/images_list.go
+++ b/api/http/handler/docker/images/images_list.go
@@ -12,7 +12,6 @@ import (
 	"github.com/portainer/portainer/pkg/libhttp/response"

 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
 )

 type ImageResponse struct {
@@ -64,9 +63,7 @@ func (handler *Handler) imagesList(w http.ResponseWriter, r *http.Request) *http

 	imageUsageSet := set.Set[string]{}
 	if withUsage {
-		containers, err := cli.ContainerList(r.Context(), container.ListOptions{
-			All: true,
-		})
+		containers, err := cli.ContainerList(r.Context(), types.ContainerListOptions{})
 		if err != nil {
 			return httperror.InternalServerError("Unable to retrieve Docker containers", err)
 		}
@@ -78,7 +75,7 @@ func (handler *Handler) imagesList(w http.ResponseWriter, r *http.Request) *http

 	imagesList := make([]ImageResponse, len(images))
 	for i, image := range images {
-		if len(image.RepoTags) == 0 && len(image.RepoDigests) > 0 {
+		if (image.RepoTags == nil || len(image.RepoTags) == 0) && (image.RepoDigests != nil && len(image.RepoDigests) > 0) {
 			for _, repoDigest := range image.RepoDigests {
 				image.RepoTags = append(image.RepoTags, repoDigest[0:strings.Index(repoDigest, "@")]+":<none>")
 			}
--- a/api/http/handler/edgegroups/edgegroup_delete.go
+++ b/api/http/handler/edgegroups/edgegroup_delete.go
@@ -19,9 +19,8 @@ import (
 // @security jwt
 // @param id path int true "EdgeGroup Id"
 // @success 204
-// @failure 409 "Edge group is in use by an Edge stack or Edge job"
 // @failure 503 "Edge compute features are disabled"
-// @failure 500 "Server error"
+// @failure 500
 // @router /edge_groups/{id} [delete]
 func (handler *Handler) edgeGroupDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	edgeGroupID, err := request.RetrieveNumericRouteVariableValue(r, "id")
--- a/api/http/handler/edgestacks/edgestack_status_update.go
+++ b/api/http/handler/edgestacks/edgestack_status_update.go
@@ -2,7 +2,6 @@ package edgestacks

 import (
 	"errors"
-	"fmt"
 	"net/http"
 	"time"

@@ -64,8 +63,9 @@ func (handler *Handler) edgeStackStatusUpdate(w http.ResponseWriter, r *http.Req
 	}

 	var payload updateStatusPayload
-	if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
-		return httperror.BadRequest("Invalid request payload", fmt.Errorf("edge polling error: %w. Environment ID: %d", err, payload.EndpointID))
+	err = request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return httperror.BadRequest("Invalid request payload", err)
 	}

 	var stack *portainer.EdgeStack
@@ -98,16 +98,17 @@ func (handler *Handler) updateEdgeStackStatus(tx dataservices.DataStoreTx, r *ht
 			return nil, nil
 		}

-		return nil, fmt.Errorf("unable to retrieve Edge stack from the database: %w. Environment ID: %d", err, payload.EndpointID)
+		return nil, err
 	}

 	endpoint, err := tx.Endpoint().Endpoint(payload.EndpointID)
 	if err != nil {
-		return nil, handler.handlerDBErr(fmt.Errorf("unable to find the environment from the database: %w. Environment ID: %d", err, payload.EndpointID), "unable to find the environment")
+		return nil, handler.handlerDBErr(err, "Unable to find an environment with the specified identifier inside the database")
 	}

-	if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
-		return nil, httperror.Forbidden("Permission denied to access environment", fmt.Errorf("unauthorized edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
+	err = handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint)
+	if err != nil {
+		return nil, httperror.Forbidden("Permission denied to access environment", err)
 	}

 	status := *payload.Status
@@ -125,8 +126,9 @@ func (handler *Handler) updateEdgeStackStatus(tx dataservices.DataStoreTx, r *ht

 	updateEnvStatus(payload.EndpointID, stack, deploymentStatus)

-	if err := tx.EdgeStack().UpdateEdgeStack(stackID, stack); err != nil {
-		return nil, handler.handlerDBErr(fmt.Errorf("unable to update Edge stack to the database: %w. Environment name: %s", err, endpoint.Name), "unable to update Edge stack")
+	err = tx.EdgeStack().UpdateEdgeStack(stackID, stack)
+	if err != nil {
+		return nil, handler.handlerDBErr(err, "Unable to persist the stack changes inside the database")
 	}

 	return stack, nil
--- a/api/http/handler/endpointedge/endpointedge_job_logs.go
+++ b/api/http/handler/endpointedge/endpointedge_job_logs.go
@@ -2,7 +2,6 @@ package endpointedge

 import (
 	"errors"
-	"fmt"
 	"net/http"
 	"strconv"

@@ -40,30 +39,32 @@ func (handler *Handler) endpointEdgeJobsLogs(w http.ResponseWriter, r *http.Requ
 		return httperror.BadRequest("Unable to find an environment on request context", err)
 	}

-	if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
-		return httperror.Forbidden("Permission denied to access environment", fmt.Errorf("unauthorized edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
+	err = handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint)
+	if err != nil {
+		return httperror.Forbidden("Permission denied to access environment", err)
 	}

 	edgeJobID, err := request.RetrieveNumericRouteVariableValue(r, "jobID")
 	if err != nil {
-		return httperror.BadRequest("Invalid edge job identifier route variable", fmt.Errorf("invalid Edge job route variable: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.BadRequest("Invalid edge job identifier route variable", err)
 	}

 	var payload logsPayload
-	if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
-		return httperror.BadRequest("Invalid request payload", fmt.Errorf("invalid Edge job request payload: %w. Environment name: %s", err, endpoint.Name))
+	err = request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return httperror.BadRequest("Invalid request payload", err)
 	}

-	if err := handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
+	err = handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
 		return handler.getEdgeJobLobs(tx, endpoint.ID, portainer.EdgeJobID(edgeJobID), payload)
-	}); err != nil {
+	})
+	if err != nil {
 		var httpErr *httperror.HandlerError
 		if errors.As(err, &httpErr) {
-			httpErr.Err = fmt.Errorf("edge polling error: %w. Environment name: %s", httpErr.Err, endpoint.Name)
 			return httpErr
 		}

-		return httperror.InternalServerError("Unexpected error", fmt.Errorf("edge polling error: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.InternalServerError("Unexpected error", err)
 	}

 	return response.JSON(w, nil)
--- a/api/http/handler/endpointedge/endpointedge_stack_inspect.go
+++ b/api/http/handler/endpointedge/endpointedge_stack_inspect.go
@@ -1,7 +1,7 @@
 package endpointedge

 import (
-	"fmt"
+	"errors"
 	"net/http"

 	portainer "github.com/portainer/portainer/api"
@@ -33,26 +33,27 @@ func (handler *Handler) endpointEdgeStackInspect(w http.ResponseWriter, r *http.
 		return httperror.BadRequest("Unable to find an environment on request context", err)
 	}

-	if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
-		return httperror.Forbidden("Permission denied to access environment", fmt.Errorf("unauthorized edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
+	err = handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint)
+	if err != nil {
+		return httperror.Forbidden("Permission denied to access environment", err)
 	}

 	edgeStackID, err := request.RetrieveNumericRouteVariableValue(r, "stackId")
 	if err != nil {
-		return httperror.BadRequest("Invalid edge stack identifier route variable", fmt.Errorf("invalid Edge stack route variable: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.BadRequest("Invalid edge stack identifier route variable", err)
 	}

 	edgeStack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(edgeStackID))
 	if handler.DataStore.IsErrObjectNotFound(err) {
-		return httperror.NotFound("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("unable to find the Edge stack from database: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.NotFound("Unable to find an edge stack with the specified identifier inside the database", err)
 	} else if err != nil {
-		return httperror.InternalServerError("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("failed to find the Edge stack from database: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.InternalServerError("Unable to find an edge stack with the specified identifier inside the database", err)
 	}

 	fileName := edgeStack.EntryPoint
 	if endpointutils.IsDockerEndpoint(endpoint) {
 		if fileName == "" {
-			return httperror.BadRequest("Docker is not supported by this stack", fmt.Errorf("no filename is provided for the Docker endpoint. Environment name: %s", endpoint.Name))
+			return httperror.BadRequest("Docker is not supported by this stack", errors.New("Docker is not supported by this stack"))
 		}
 	}

@@ -65,18 +66,18 @@ func (handler *Handler) endpointEdgeStackInspect(w http.ResponseWriter, r *http.
 		fileName = edgeStack.ManifestPath

 		if fileName == "" {
-			return httperror.BadRequest("Kubernetes is not supported by this stack", fmt.Errorf("no filename is provided for the Kubernetes endpoint. Environment name: %s", endpoint.Name))
+			return httperror.BadRequest("Kubernetes is not supported by this stack", errors.New("Kubernetes is not supported by this stack"))
 		}
 	}

 	dirEntries, err := filesystem.LoadDir(edgeStack.ProjectPath)
 	if err != nil {
-		return httperror.InternalServerError("Unable to load repository", fmt.Errorf("failed to load project directory: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.InternalServerError("Unable to load repository", err)
 	}

 	fileContent, err := filesystem.FilterDirForCompatibility(dirEntries, fileName, endpoint.Agent.Version)
 	if err != nil {
-		return httperror.InternalServerError("File not found", fmt.Errorf("unable to find file: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.InternalServerError("File not found", err)
 	}

 	dirEntries = filesystem.FilterDirForEntryFile(dirEntries, fileName)
--- a/api/http/handler/endpointedge/endpointedge_status_inspect.go
+++ b/api/http/handler/endpointedge/endpointedge_status_inspect.go
@@ -15,13 +15,10 @@ import (

 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/internal/edge"
 	"github.com/portainer/portainer/api/internal/edge/cache"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
-
-	"github.com/rs/zerolog/log"
 )

 type stackStatusResponse struct {
@@ -86,48 +83,45 @@ func (handler *Handler) endpointEdgeStatusInspect(w http.ResponseWriter, r *http

 	if _, ok := handler.DataStore.Endpoint().Heartbeat(portainer.EndpointID(endpointID)); !ok {
 		// EE-5190
-		return httperror.Forbidden("Permission denied to access environment. The device has not been trusted yet", fmt.Errorf("unable to retrieve endpoint heartbeat. Environment ID: %d", endpointID))
+		return httperror.Forbidden("Permission denied to access environment", errors.New("the device has not been trusted yet"))
 	}

 	endpoint, err := handler.DataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
 	if err != nil {
 		// EE-5190
-		return httperror.Forbidden("Permission denied to access environment. The device has not been trusted yet", fmt.Errorf("unable to retrieve endpoint from database: %w. Environment ID: %d", err, endpointID))
+		return httperror.Forbidden("Permission denied to access environment", errors.New("the device has not been trusted yet"))
 	}

-	firstConn := endpoint.LastCheckInDate == 0
-
 	err = handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint)
 	if err != nil {
-		return httperror.Forbidden("Permission denied to access environment. The device has not been trusted yet", fmt.Errorf("unauthorized Edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.Forbidden("Permission denied to access environment", err)
 	}

 	handler.DataStore.Endpoint().UpdateHeartbeat(endpoint.ID)

 	err = handler.requestBouncer.TrustedEdgeEnvironmentAccess(handler.DataStore, endpoint)
 	if err != nil {
-		return httperror.Forbidden("Permission denied to access environment. The device has not been trusted yet", fmt.Errorf("untrusted Edge environment access: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.Forbidden("Permission denied to access environment", err)
 	}

 	var statusResponse *endpointEdgeStatusInspectResponse
 	err = handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
-		statusResponse, err = handler.inspectStatus(tx, r, portainer.EndpointID(endpointID), firstConn)
+		statusResponse, err = handler.inspectStatus(tx, r, portainer.EndpointID(endpointID))
 		return err
 	})
 	if err != nil {
 		var httpErr *httperror.HandlerError
 		if errors.As(err, &httpErr) {
-			httpErr.Err = fmt.Errorf("edge polling error: %w. Environment name: %s", httpErr.Err, endpoint.Name)
 			return httpErr
 		}

-		return httperror.InternalServerError("Unexpected error", fmt.Errorf("edge polling error: %w. Environment name: %s", err, endpoint.Name))
+		return httperror.InternalServerError("Unexpected error", err)
 	}

 	return cacheResponse(w, endpoint.ID, *statusResponse)
 }

-func (handler *Handler) inspectStatus(tx dataservices.DataStoreTx, r *http.Request, endpointID portainer.EndpointID, firstConn bool) (*endpointEdgeStatusInspectResponse, error) {
+func (handler *Handler) inspectStatus(tx dataservices.DataStoreTx, r *http.Request, endpointID portainer.EndpointID) (*endpointEdgeStatusInspectResponse, error) {
 	endpoint, err := tx.Endpoint().Endpoint(endpointID)
 	if err != nil {
 		return nil, err
@@ -139,10 +133,8 @@ func (handler *Handler) inspectStatus(tx dataservices.DataStoreTx, r *http.Reque
 	}

 	// Take an initial snapshot
-	if firstConn {
-		if err := handler.ReverseTunnelService.Open(endpoint); err != nil {
-			log.Error().Err(err).Msg("could not open the tunnel")
-		}
+	if endpoint.LastCheckInDate == 0 {
+		handler.ReverseTunnelService.SetTunnelStatusToRequired(endpoint.ID)
 	}

 	agentPlatform, agentPlatformErr := parseAgentPlatform(r)
@@ -161,21 +153,34 @@ func (handler *Handler) inspectStatus(tx dataservices.DataStoreTx, r *http.Reque
 		return nil, httperror.InternalServerError("Unable to persist environment changes inside the database", err)
 	}

-	tunnel := handler.ReverseTunnelService.Config(endpoint.ID)
+	checkinInterval := endpoint.EdgeCheckinInterval
+	if endpoint.EdgeCheckinInterval == 0 {
+		settings, err := tx.Settings().Settings()
+		if err != nil {
+			return nil, httperror.InternalServerError("Unable to retrieve settings from the database", err)
+		}
+		checkinInterval = settings.EdgeAgentCheckinInterval
+	}
+
+	tunnel := handler.ReverseTunnelService.GetTunnelDetails(endpoint.ID)

 	statusResponse := endpointEdgeStatusInspectResponse{
 		Status:          tunnel.Status,
 		Port:            tunnel.Port,
-		CheckinInterval: edge.EffectiveCheckinInterval(tx, endpoint),
+		CheckinInterval: checkinInterval,
 		Credentials:     tunnel.Credentials,
 	}

-	schedules, handlerErr := handler.buildSchedules(endpoint.ID)
+	schedules, handlerErr := handler.buildSchedules(endpoint.ID, tunnel)
 	if handlerErr != nil {
 		return nil, handlerErr
 	}
 	statusResponse.Schedules = schedules

+	if tunnel.Status == portainer.EdgeAgentManagementRequired {
+		handler.ReverseTunnelService.SetTunnelStatusToActive(endpoint.ID)
+	}
+
 	edgeStacksStatus, handlerErr := handler.buildEdgeStacks(tx, endpoint.ID)
 	if handlerErr != nil {
 		return nil, handlerErr
@@ -208,9 +213,9 @@ func parseAgentPlatform(r *http.Request) (portainer.EndpointType, error) {
 	}
 }

-func (handler *Handler) buildSchedules(endpointID portainer.EndpointID) ([]edgeJobResponse, *httperror.HandlerError) {
+func (handler *Handler) buildSchedules(endpointID portainer.EndpointID, tunnel portainer.TunnelDetails) ([]edgeJobResponse, *httperror.HandlerError) {
 	schedules := []edgeJobResponse{}
-	for _, job := range handler.ReverseTunnelService.EdgeJobs(endpointID) {
+	for _, job := range tunnel.Jobs {
 		var collectLogs bool
 		if _, ok := job.GroupLogsCollection[endpointID]; ok {
 			collectLogs = job.GroupLogsCollection[endpointID].CollectLogs
@@ -266,7 +271,6 @@ func cacheResponse(w http.ResponseWriter, endpointID portainer.EndpointID, statu

 	httpErr := response.JSON(rr, statusResponse)
 	if httpErr != nil {
-		httpErr.Err = fmt.Errorf("failed to cache response: %w. Environment ID: %d", httpErr.Err, endpointID)
 		return httpErr
 	}

--- a/api/http/handler/endpointedge/endpointedge_status_inspect_test.go
+++ b/api/http/handler/endpointedge/endpointedge_status_inspect_test.go
@@ -154,7 +154,7 @@ func TestMissingEdgeIdentifier(t *testing.T) {
 	handler.ServeHTTP(rec, req)

 	if rec.Code != http.StatusForbidden {
-		t.Fatalf("expected a %d response, found: %d without Edge identifier", http.StatusForbidden, rec.Code)
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d without Edge identifier", http.StatusForbidden, rec.Code))
 	}
 }

@@ -179,7 +179,7 @@ func TestWithEndpoints(t *testing.T) {
 		handler.ServeHTTP(rec, req)

 		if rec.Code != test.expectedStatusCode {
-			t.Fatalf("expected a %d response, found: %d for endpoint ID: %d", test.expectedStatusCode, rec.Code, test.endpoint.ID)
+			t.Fatalf(fmt.Sprintf("expected a %d response, found: %d for endpoint ID: %d", test.expectedStatusCode, rec.Code, test.endpoint.ID))
 		}
 	}
 }
@@ -219,7 +219,7 @@ func TestLastCheckInDateIncreases(t *testing.T) {
 	handler.ServeHTTP(rec, req)

 	if rec.Code != http.StatusOK {
-		t.Fatalf("expected a %d response, found: %d", http.StatusOK, rec.Code)
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
 	}

 	updatedEndpoint, err := handler.DataStore.Endpoint().Endpoint(endpoint.ID)
@@ -262,7 +262,7 @@ func TestEmptyEdgeIdWithAgentPlatformHeader(t *testing.T) {
 	handler.ServeHTTP(rec, req)

 	if rec.Code != http.StatusOK {
-		t.Fatalf("expected a %d response, found: %d with empty edge ID", http.StatusOK, rec.Code)
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d with empty edge ID", http.StatusOK, rec.Code))
 	}

 	updatedEndpoint, err := handler.DataStore.Endpoint().Endpoint(endpoint.ID)
@@ -326,7 +326,7 @@ func TestEdgeStackStatus(t *testing.T) {
 	handler.ServeHTTP(rec, req)

 	if rec.Code != http.StatusOK {
-		t.Fatalf("expected a %d response, found: %d", http.StatusOK, rec.Code)
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
 	}

 	var data endpointEdgeStatusInspectResponse
@@ -391,7 +391,7 @@ func TestEdgeJobsResponse(t *testing.T) {
 	handler.ServeHTTP(rec, req)

 	if rec.Code != http.StatusOK {
-		t.Fatalf("expected a %d response, found: %d", http.StatusOK, rec.Code)
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
 	}

 	var data endpointEdgeStatusInspectResponse
--- a/api/http/handler/endpointgroups/endpointgroup_update.go
+++ b/api/http/handler/endpointgroups/endpointgroup_update.go
@@ -8,7 +8,6 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/internal/tag"
-	pendingActionActions "github.com/portainer/portainer/api/pendingactions/actions"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
@@ -96,8 +95,8 @@ func (handler *Handler) updateEndpointGroup(tx dataservices.DataStoreTx, endpoin
 		payloadTagSet := tag.Set(payload.TagIDs)
 		endpointGroupTagSet := tag.Set((endpointGroup.TagIDs))
 		union := tag.Union(payloadTagSet, endpointGroupTagSet)
-		intersection := tag.IntersectionCount(payloadTagSet, endpointGroupTagSet)
-		tagsChanged = len(union) > intersection
+		intersection := tag.Intersection(payloadTagSet, endpointGroupTagSet)
+		tagsChanged = len(union) > len(intersection)

 		if tagsChanged {
 			removeTags := tag.Difference(endpointGroupTagSet, payloadTagSet)
@@ -160,9 +159,7 @@ func (handler *Handler) updateEndpointGroup(tx dataservices.DataStoreTx, endpoin
 							err := handler.PendingActionsService.Create(portainer.PendingActions{
 								EndpointID: endpointID,
 								Action:     "CleanNAPWithOverridePolicies",
-								ActionData: &pendingActionActions.CleanNAPWithOverridePoliciesPayload{
-									EndpointGroupID: endpointGroupID,
-								},
+								ActionData: endpointGroupID,
 							})
 							if err != nil {
 								log.Error().Err(err).Msgf("Unable to create pending action to clean NAP with override policies for endpoint (%d) and endpoint group (%d).", endpointID, endpointGroupID)
--- a/api/http/handler/endpointproxy/proxy_docker.go
+++ b/api/http/handler/endpointproxy/proxy_docker.go
@@ -34,7 +34,7 @@ func (handler *Handler) proxyRequestsToDockerAPI(w http.ResponseWriter, r *http.
 			return httperror.InternalServerError("No Edge agent registered with the environment", errors.New("No agent available"))
 		}

-		_, err := handler.ReverseTunnelService.TunnelAddr(endpoint)
+		_, err := handler.ReverseTunnelService.GetActiveTunnel(endpoint)
 		if err != nil {
 			return httperror.InternalServerError("Unable to get the active tunnel", err)
 		}
--- a/api/http/handler/endpointproxy/proxy_kubernetes.go
+++ b/api/http/handler/endpointproxy/proxy_kubernetes.go
@@ -34,7 +34,7 @@ func (handler *Handler) proxyRequestsToKubernetesAPI(w http.ResponseWriter, r *h
 			return httperror.InternalServerError("No Edge agent registered with the environment", errors.New("No agent available"))
 		}

-		_, err := handler.ReverseTunnelService.TunnelAddr(endpoint)
+		_, err := handler.ReverseTunnelService.GetActiveTunnel(endpoint)
 		if err != nil {
 			return httperror.InternalServerError("Unable to get the active tunnel", err)
 		}
--- a/api/http/handler/endpoints/endpoint_association_delete.go
+++ b/api/http/handler/endpoints/endpoint_association_delete.go
@@ -59,6 +59,8 @@ func (handler *Handler) endpointAssociationDelete(w http.ResponseWriter, r *http
 		return httperror.InternalServerError("Failed persisting environment in database", err)
 	}

+	handler.ReverseTunnelService.SetTunnelStatusToIdle(endpoint.ID)
+
 	return response.Empty(w)
 }

--- a/api/http/handler/endpoints/endpoint_create.go
+++ b/api/http/handler/endpoints/endpoint_create.go
@@ -201,7 +201,6 @@ func (payload *endpointCreatePayload) Validate(r *http.Request) error {
 // @param Gpus formData string false "List of GPUs - json stringified array of {name, value} structs"
 // @success 200 {object} portainer.Endpoint "Success"
 // @failure 400 "Invalid request"
-// @failure 409 "Name is not unique"
 // @failure 500 "Server error"
 // @router /endpoints [post]
 func (handler *Handler) endpointCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
--- a/api/http/handler/endpoints/endpoint_delete.go
+++ b/api/http/handler/endpoints/endpoint_delete.go
@@ -2,7 +2,6 @@ package endpoints

 import (
 	"errors"
-	"fmt"
 	"net/http"
 	"slices"
 	"strconv"
@@ -18,40 +17,19 @@ import (
 	"github.com/rs/zerolog/log"
 )

-type endpointDeleteRequest struct {
-	ID            int  `json:"id"`
-	DeleteCluster bool `json:"deleteCluster"`
-}
-
-type endpointDeleteBatchPayload struct {
-	Endpoints []endpointDeleteRequest `json:"endpoints"`
-}
-
-type endpointDeleteBatchPartialResponse struct {
-	Deleted []int `json:"deleted"`
-	Errors  []int `json:"errors"`
-}
-
-func (payload *endpointDeleteBatchPayload) Validate(r *http.Request) error {
-	if payload == nil || len(payload.Endpoints) == 0 {
-		return fmt.Errorf("invalid request payload. You must provide a list of environments to delete")
-	}
-
-	return nil
-}
-
 // @id EndpointDelete
-// @summary Remove an environment
-// @description Remove the environment associated to the specified identifier and optionally clean-up associated resources.
-// @description **Access policy**: Administrator only.
+// @summary Remove an environment(endpoint)
+// @description Remove an environment(endpoint).
+// @description **Access policy**: administrator
 // @tags endpoints
-// @security ApiKeyAuth || jwt
+// @security ApiKeyAuth
+// @security jwt
 // @param id path int true "Environment(Endpoint) identifier"
-// @success 204 "Environment successfully deleted."
-// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
-// @failure 403 "Unauthorized access or operation not allowed."
-// @failure 404 "Unable to find the environment with the specified identifier inside the database."
-// @failure 500 "Server error occurred while attempting to delete the environment."
+// @success 204 "Success"
+// @failure 400 "Invalid request"
+// @failure 403 "Permission denied"
+// @failure 404 "Environment(Endpoint) not found"
+// @failure 500 "Server error"
 // @router /endpoints/{id} [delete]
 func (handler *Handler) endpointDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
@@ -84,63 +62,6 @@ func (handler *Handler) endpointDelete(w http.ResponseWriter, r *http.Request) *
 	return response.Empty(w)
 }

-// @id EndpointDeleteBatch
-// @summary Remove multiple environments
-// @description Remove multiple environments and optionally clean-up associated resources.
-// @description **Access policy**: Administrator only.
-// @tags endpoints
-// @security ApiKeyAuth || jwt
-// @accept json
-// @produce json
-// @param body body endpointDeleteBatchPayload true "List of environments to delete, with optional deleteCluster flag to clean-up assocaited resources (cloud environments only)"
-// @success 204 "Environment(s) successfully deleted."
-// @failure 207 {object} endpointDeleteBatchPartialResponse "Partial success. Some environments were deleted successfully, while others failed."
-// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
-// @failure 403 "Unauthorized access or operation not allowed."
-// @failure 500 "Server error occurred while attempting to delete the specified environments."
-// @router /endpoints [delete]
-func (handler *Handler) endpointDeleteBatch(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	var p endpointDeleteBatchPayload
-	if err := request.DecodeAndValidateJSONPayload(r, &p); err != nil {
-		return httperror.BadRequest("Invalid request payload", err)
-	}
-
-	resp := endpointDeleteBatchPartialResponse{
-		Deleted: []int{},
-		Errors:  []int{},
-	}
-
-	if err := handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
-		for _, e := range p.Endpoints {
-			if handler.demoService.IsDemoEnvironment(portainer.EndpointID(e.ID)) {
-				resp.Errors = append(resp.Errors, e.ID)
-				log.Warn().Err(httperrors.ErrNotAvailableInDemo).Msgf("Unable to remove demo environment %d", e.ID)
-
-				continue
-			}
-
-			if err := handler.deleteEndpoint(tx, portainer.EndpointID(e.ID), e.DeleteCluster); err != nil {
-				resp.Errors = append(resp.Errors, e.ID)
-				log.Warn().Err(err).Int("environment_id", e.ID).Msg("Unable to remove environment")
-
-				continue
-			}
-
-			resp.Deleted = append(resp.Deleted, e.ID)
-		}
-
-		return nil
-	}); err != nil {
-		return httperror.InternalServerError("Unable to delete environments", err)
-	}
-
-	if len(resp.Errors) > 0 {
-		return response.JSONWithStatus(w, resp, http.StatusPartialContent)
-	}
-
-	return response.Empty(w)
-}
-
 func (handler *Handler) deleteEndpoint(tx dataservices.DataStoreTx, endpointID portainer.EndpointID, deleteCluster bool) error {
 	endpoint, err := tx.Endpoint().Endpoint(portainer.EndpointID(endpointID))
 	if tx.IsErrObjectNotFound(err) {
@@ -157,20 +78,23 @@ func (handler *Handler) deleteEndpoint(tx dataservices.DataStoreTx, endpointID p
 		}
 	}

-	if err := tx.Snapshot().Delete(endpointID); err != nil {
-		log.Warn().Err(err).Msg("Unable to remove the snapshot from the database")
+	err = tx.Snapshot().Delete(endpointID)
+	if err != nil {
+		log.Warn().Err(err).Msgf("Unable to remove the snapshot from the database")
 	}

 	handler.ProxyManager.DeleteEndpointProxy(endpoint.ID)

 	if len(endpoint.UserAccessPolicies) > 0 || len(endpoint.TeamAccessPolicies) > 0 {
-		if err := handler.AuthorizationService.UpdateUsersAuthorizationsTx(tx); err != nil {
-			log.Warn().Err(err).Msg("Unable to update user authorizations")
+		err = handler.AuthorizationService.UpdateUsersAuthorizationsTx(tx)
+		if err != nil {
+			log.Warn().Err(err).Msgf("Unable to update user authorizations")
 		}
 	}

-	if err := tx.EndpointRelation().DeleteEndpointRelation(endpoint.ID); err != nil {
-		log.Warn().Err(err).Msg("Unable to remove environment relation from the database")
+	err = tx.EndpointRelation().DeleteEndpointRelation(endpoint.ID)
+	if err != nil {
+		log.Warn().Err(err).Msgf("Unable to remove environment relation from the database")
 	}

 	for _, tagID := range endpoint.TagIDs {
@@ -182,9 +106,9 @@ func (handler *Handler) deleteEndpoint(tx dataservices.DataStoreTx, endpointID p
 		}

 		if handler.DataStore.IsErrObjectNotFound(err) {
-			log.Warn().Err(err).Msg("Unable to find tag inside the database")
+			log.Warn().Err(err).Msgf("Unable to find tag inside the database")
 		} else if err != nil {
-			log.Warn().Err(err).Msg("Unable to delete tag relation from the database")
+			log.Warn().Err(err).Msgf("Unable to delete tag relation from the database")
 		}
 	}

@@ -198,39 +122,40 @@ func (handler *Handler) deleteEndpoint(tx dataservices.DataStoreTx, endpointID p
 			return e == endpoint.ID
 		})

-		if err := tx.EdgeGroup().Update(edgeGroup.ID, &edgeGroup); err != nil {
-			log.Warn().Err(err).Msg("Unable to update edge group")
+		err = tx.EdgeGroup().Update(edgeGroup.ID, &edgeGroup)
+		if err != nil {
+			log.Warn().Err(err).Msgf("Unable to update edge group")
 		}
 	}

 	edgeStacks, err := tx.EdgeStack().EdgeStacks()
 	if err != nil {
-		log.Warn().Err(err).Msg("Unable to retrieve edge stacks from the database")
+		log.Warn().Err(err).Msgf("Unable to retrieve edge stacks from the database")
 	}

 	for idx := range edgeStacks {
 		edgeStack := &edgeStacks[idx]
 		if _, ok := edgeStack.Status[endpoint.ID]; ok {
 			delete(edgeStack.Status, endpoint.ID)
-
-			if err := tx.EdgeStack().UpdateEdgeStack(edgeStack.ID, edgeStack); err != nil {
-				log.Warn().Err(err).Msg("Unable to update edge stack")
+			err = tx.EdgeStack().UpdateEdgeStack(edgeStack.ID, edgeStack)
+			if err != nil {
+				log.Warn().Err(err).Msgf("Unable to update edge stack")
 			}
 		}
 	}

 	registries, err := tx.Registry().ReadAll()
 	if err != nil {
-		log.Warn().Err(err).Msg("Unable to retrieve registries from the database")
+		log.Warn().Err(err).Msgf("Unable to retrieve registries from the database")
 	}

 	for idx := range registries {
 		registry := &registries[idx]
 		if _, ok := registry.RegistryAccesses[endpoint.ID]; ok {
 			delete(registry.RegistryAccesses, endpoint.ID)
-
-			if err := tx.Registry().Update(registry.ID, registry); err != nil {
-				log.Warn().Err(err).Msg("Unable to update registry accesses")
+			err = tx.Registry().Update(registry.ID, registry)
+			if err != nil {
+				log.Warn().Err(err).Msgf("Unable to update registry accesses")
 			}
 		}
 	}
@@ -238,7 +163,7 @@ func (handler *Handler) deleteEndpoint(tx dataservices.DataStoreTx, endpointID p
 	if endpointutils.IsEdgeEndpoint(endpoint) {
 		edgeJobs, err := handler.DataStore.EdgeJob().ReadAll()
 		if err != nil {
-			log.Warn().Err(err).Msg("Unable to retrieve edge jobs from the database")
+			log.Warn().Err(err).Msgf("Unable to retrieve edge jobs from the database")
 		}

 		for idx := range edgeJobs {
@@ -246,18 +171,14 @@ func (handler *Handler) deleteEndpoint(tx dataservices.DataStoreTx, endpointID p
 			if _, ok := edgeJob.Endpoints[endpoint.ID]; ok {
 				delete(edgeJob.Endpoints, endpoint.ID)

-				if err := tx.EdgeJob().Update(edgeJob.ID, edgeJob); err != nil {
-					log.Warn().Err(err).Msg("Unable to update edge job")
+				err = tx.EdgeJob().Update(edgeJob.ID, edgeJob)
+				if err != nil {
+					log.Warn().Err(err).Msgf("Unable to update edge job")
 				}
 			}
 		}
 	}

-	// delete the pending actions
-	if err := tx.PendingActions().DeleteByEndpointID(endpoint.ID); err != nil {
-		log.Warn().Err(err).Int("endpointId", int(endpoint.ID)).Msg("Unable to delete pending actions")
-	}
-
 	err = tx.Endpoint().DeleteEndpoint(portainer.EndpointID(endpointID))
 	if err != nil {
 		return httperror.InternalServerError("Unable to delete the environment from the database", err)
--- a/api/http/handler/endpoints/endpoint_delete_test.go
+++ b/api/http/handler/endpoints/endpoint_delete_test.go
@@ -21,8 +21,7 @@ func TestEndpointDeleteEdgeGroupsConcurrently(t *testing.T) {

 	handler := NewHandler(testhelpers.NewTestRequestBouncer(), demo.NewService())
 	handler.DataStore = store
-	handler.ProxyManager = proxy.NewManager(nil)
-	handler.ProxyManager.NewProxyFactory(nil, nil, nil, nil, nil, nil, nil, nil)
+	handler.ProxyManager = proxy.NewManager(nil, nil, nil, nil, nil, nil, nil)

 	// Create all the environments and add them to the same edge group

--- a/api/http/handler/endpoints/endpoint_force_update_service.go
+++ b/api/http/handler/endpoints/endpoint_force_update_service.go
@@ -12,8 +12,8 @@ import (
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"

+	"github.com/docker/docker/api/types"
 	dockertypes "github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
 )

@@ -39,7 +39,7 @@ func (payload *forceUpdateServicePayload) Validate(r *http.Request) error {
 // @produce json
 // @param id path int true "endpoint identifier"
 // @param body body forceUpdateServicePayload true "details"
-// @success 200 {object} swarm.ServiceUpdateResponse "Success"
+// @success 200 {object} dockertypes.ServiceUpdateResponse "Success"
 // @failure 400 "Invalid request"
 // @failure 403 "Permission denied"
 // @failure 404 "endpoint not found"
@@ -94,7 +94,7 @@ func (handler *Handler) endpointForceUpdateService(w http.ResponseWriter, r *htt
 	go func() {
 		images.EvictImageStatus(payload.ServiceID)
 		images.EvictImageStatus(service.Spec.Labels[consts.SwarmStackNameLabel])
-		containers, _ := dockerClient.ContainerList(context.TODO(), container.ListOptions{
+		containers, _ := dockerClient.ContainerList(context.TODO(), types.ContainerListOptions{
 			All:     true,
 			Filters: filters.NewArgs(filters.Arg("label", consts.SwarmServiceIdLabel+"="+payload.ServiceID)),
 		})
--- a/api/http/handler/endpoints/endpoint_registries_list.go
+++ b/api/http/handler/endpoints/endpoint_registries_list.go
@@ -3,16 +3,15 @@ package endpoints
 import (
 	"net/http"

-	"github.com/pkg/errors"
-
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/http/security"
 	"github.com/portainer/portainer/api/internal/endpointutils"
-	"github.com/portainer/portainer/api/kubernetes"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
+
+	"github.com/pkg/errors"
 )

 // @id endpointRegistriesList
@@ -128,7 +127,7 @@ func (handler *Handler) isNamespaceAuthorized(endpoint *portainer.Endpoint, name
 		return true, nil
 	}

-	if !endpoint.Kubernetes.Configuration.RestrictDefaultNamespace && namespace == kubernetes.DefaultNamespace {
+	if namespace == "default" {
 		return true, nil
 	}

--- a/api/http/handler/endpoints/endpoint_update.go
+++ b/api/http/handler/endpoints/endpoint_update.go
@@ -69,7 +69,6 @@ func (payload *endpointUpdatePayload) Validate(r *http.Request) error {
 // @success 200 {object} portainer.Endpoint "Success"
 // @failure 400 "Invalid request"
 // @failure 404 "Environment(Endpoint) not found"
-// @failure 409 "Name is not unique"
 // @failure 500 "Server error"
 // @router /endpoints/{id} [put]
 func (handler *Handler) endpointUpdate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
--- a/api/http/handler/endpoints/filter.go
+++ b/api/http/handler/endpoints/filter.go
@@ -193,7 +193,7 @@ func (handler *Handler) filterEndpointsByQuery(
 			return nil, 0, errors.WithMessage(err, "Unable to retrieve tags from the database")
 		}

-		tagsMap := make(map[portainer.TagID]string, len(tags))
+		tagsMap := make(map[portainer.TagID]string)
 		for _, tag := range tags {
 			tagsMap[tag.ID] = tag.Name
 		}
@@ -302,7 +302,8 @@ func filterEndpointsBySearchCriteria(
 ) []portainer.Endpoint {
 	n := 0
 	for _, endpoint := range endpoints {
-		if endpointMatchSearchCriteria(&endpoint, tagsMap, searchCriteria) {
+		endpointTags := convertTagIDsToTags(tagsMap, endpoint.TagIDs)
+		if endpointMatchSearchCriteria(&endpoint, endpointTags, searchCriteria) {
 			endpoints[n] = endpoint
 			n++

@@ -316,7 +317,7 @@ func filterEndpointsBySearchCriteria(
 			continue
 		}

-		if edgeGroupMatchSearchCriteria(&endpoint, edgeGroups, searchCriteria, endpointGroups) {
+		if edgeGroupMatchSearchCriteria(&endpoint, edgeGroups, searchCriteria, endpoints, endpointGroups) {
 			endpoints[n] = endpoint
 			n++

@@ -333,16 +334,11 @@ func filterEndpointsByStatuses(endpoints []portainer.Endpoint, statuses []portai
 		status := endpoint.Status
 		if endpointutils.IsEdgeEndpoint(&endpoint) {
 			isCheckValid := false
-
 			edgeCheckinInterval := endpoint.EdgeCheckinInterval
-			if edgeCheckinInterval == 0 {
+			if endpoint.EdgeCheckinInterval == 0 {
 				edgeCheckinInterval = settings.EdgeAgentCheckinInterval
 			}

-			if endpoint.Edge.AsyncMode {
-				edgeCheckinInterval = getShortestAsyncInterval(&endpoint, settings)
-			}
-
 			if edgeCheckinInterval != 0 && endpoint.LastCheckInDate != 0 {
 				isCheckValid = time.Now().Unix()-endpoint.LastCheckInDate <= int64(edgeCheckinInterval*EdgeDeviceIntervalMultiplier+EdgeDeviceIntervalAdd)
 			}
@@ -362,7 +358,7 @@ func filterEndpointsByStatuses(endpoints []portainer.Endpoint, statuses []portai
 	return endpoints[:n]
 }

-func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tagsMap map[portainer.TagID]string, searchCriteria string) bool {
+func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tags []string, searchCriteria string) bool {
 	if strings.Contains(strings.ToLower(endpoint.Name), searchCriteria) {
 		return true
 	}
@@ -377,8 +373,8 @@ func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tagsMap map[porta
 		return true
 	}

-	for _, tagID := range endpoint.TagIDs {
-		if strings.Contains(strings.ToLower(tagsMap[tagID]), searchCriteria) {
+	for _, tag := range tags {
+		if strings.Contains(strings.ToLower(tag), searchCriteria) {
 			return true
 		}
 	}
@@ -388,18 +384,17 @@ func endpointMatchSearchCriteria(endpoint *portainer.Endpoint, tagsMap map[porta

 func endpointGroupMatchSearchCriteria(endpoint *portainer.Endpoint, endpointGroups []portainer.EndpointGroup, tagsMap map[portainer.TagID]string, searchCriteria string) bool {
 	for _, group := range endpointGroups {
-		if group.ID != endpoint.GroupID {
-			continue
-		}
-
-		if strings.Contains(strings.ToLower(group.Name), searchCriteria) {
-			return true
-		}
-
-		for _, tagID := range group.TagIDs {
-			if strings.Contains(strings.ToLower(tagsMap[tagID]), searchCriteria) {
+		if group.ID == endpoint.GroupID {
+			if strings.Contains(strings.ToLower(group.Name), searchCriteria) {
 				return true
 			}
+
+			tags := convertTagIDsToTags(tagsMap, group.TagIDs)
+			for _, tag := range tags {
+				if strings.Contains(strings.ToLower(tag), searchCriteria) {
+					return true
+				}
+			}
 		}
 	}

@@ -411,10 +406,11 @@ func edgeGroupMatchSearchCriteria(
 	endpoint *portainer.Endpoint,
 	edgeGroups []portainer.EdgeGroup,
 	searchCriteria string,
+	endpoints []portainer.Endpoint,
 	endpointGroups []portainer.EndpointGroup,
 ) bool {
 	for _, edgeGroup := range edgeGroups {
-		relatedEndpointIDs := edge.EdgeGroupRelatedEndpoints(&edgeGroup, []portainer.Endpoint{*endpoint}, endpointGroups)
+		relatedEndpointIDs := edge.EdgeGroupRelatedEndpoints(&edgeGroup, endpoints, endpointGroups)

 		for _, endpointID := range relatedEndpointIDs {
 			if endpointID == endpoint.ID {
@@ -445,6 +441,16 @@ func filterEndpointsByTypes(endpoints []portainer.Endpoint, endpointTypes []port
 	return endpoints[:n]
 }

+func convertTagIDsToTags(tagsMap map[portainer.TagID]string, tagIDs []portainer.TagID) []string {
+	tags := make([]string, 0, len(tagIDs))
+
+	for _, tagID := range tagIDs {
+		tags = append(tags, tagsMap[tagID])
+	}
+
+	return tags
+}
+
 func filteredEndpointsByTags(endpoints []portainer.Endpoint, tagIDs []portainer.TagID, endpointGroups []portainer.EndpointGroup, partialMatch bool) []portainer.Endpoint {
 	n := 0
 	for _, endpoint := range endpoints {
@@ -616,36 +622,9 @@ func getEdgeStackStatusParam(r *http.Request) (*portainer.EdgeStackStatusType, e
 		portainer.EdgeStackStatusRunning,
 		portainer.EdgeStackStatusDeploying,
 		portainer.EdgeStackStatusRemoving,
-		portainer.EdgeStackStatusCompleted,
 	}, edgeStackStatus) {
 		return nil, errors.New("invalid edgeStackStatus parameter")
 	}

 	return &edgeStackStatus, nil
 }
-
-func getShortestAsyncInterval(endpoint *portainer.Endpoint, settings *portainer.Settings) int {
-	var edgeIntervalUseDefault int = -1
-	pingInterval := endpoint.Edge.PingInterval
-	if pingInterval == edgeIntervalUseDefault {
-		pingInterval = settings.Edge.PingInterval
-	}
-	shortestAsyncInterval := pingInterval
-
-	snapshotInterval := endpoint.Edge.SnapshotInterval
-	if snapshotInterval == edgeIntervalUseDefault {
-		snapshotInterval = settings.Edge.SnapshotInterval
-	}
-	if shortestAsyncInterval > snapshotInterval {
-		shortestAsyncInterval = snapshotInterval
-	}
-
-	commandInterval := endpoint.Edge.CommandInterval
-	if commandInterval == edgeIntervalUseDefault {
-		commandInterval = settings.Edge.CommandInterval
-	}
-	if shortestAsyncInterval > commandInterval {
-		shortestAsyncInterval = commandInterval
-	}
-	return shortestAsyncInterval
-}
--- a/api/http/handler/endpoints/filter_test.go
+++ b/api/http/handler/endpoints/filter_test.go
@@ -1,7 +1,6 @@
 package endpoints

 import (
-	"strconv"
 	"testing"

 	portainer "github.com/portainer/portainer/api"
@@ -149,103 +148,6 @@ func Test_Filter_excludeIDs(t *testing.T) {
 	runTests(tests, t, handler, environments)
 }

-func BenchmarkFilterEndpointsBySearchCriteria_PartialMatch(b *testing.B) {
-	n := 10000
-
-	endpointIDs := []portainer.EndpointID{}
-
-	endpoints := []portainer.Endpoint{}
-	for i := 0; i < n; i++ {
-		endpoints = append(endpoints, portainer.Endpoint{
-			ID:      portainer.EndpointID(i + 1),
-			Name:    "endpoint-" + strconv.Itoa(i+1),
-			GroupID: 1,
-			TagIDs:  []portainer.TagID{1},
-			Type:    portainer.EdgeAgentOnDockerEnvironment,
-		})
-
-		endpointIDs = append(endpointIDs, portainer.EndpointID(i+1))
-	}
-
-	endpointGroups := []portainer.EndpointGroup{}
-
-	edgeGroups := []portainer.EdgeGroup{}
-	for i := 0; i < 1000; i++ {
-		edgeGroups = append(edgeGroups, portainer.EdgeGroup{
-			ID:           portainer.EdgeGroupID(i + 1),
-			Name:         "edge-group-" + strconv.Itoa(i+1),
-			Endpoints:    append([]portainer.EndpointID{}, endpointIDs...),
-			Dynamic:      true,
-			TagIDs:       []portainer.TagID{1, 2, 3},
-			PartialMatch: true,
-		})
-	}
-
-	tagsMap := map[portainer.TagID]string{}
-	for i := 0; i < 10; i++ {
-		tagsMap[portainer.TagID(i+1)] = "tag-" + strconv.Itoa(i+1)
-	}
-
-	searchString := "edge-group"
-
-	b.ResetTimer()
-
-	for i := 0; i < b.N; i++ {
-		e := filterEndpointsBySearchCriteria(endpoints, endpointGroups, edgeGroups, tagsMap, searchString)
-		if len(e) != n {
-			b.FailNow()
-		}
-	}
-}
-
-func BenchmarkFilterEndpointsBySearchCriteria_FullMatch(b *testing.B) {
-	n := 10000
-
-	endpointIDs := []portainer.EndpointID{}
-
-	endpoints := []portainer.Endpoint{}
-	for i := 0; i < n; i++ {
-		endpoints = append(endpoints, portainer.Endpoint{
-			ID:      portainer.EndpointID(i + 1),
-			Name:    "endpoint-" + strconv.Itoa(i+1),
-			GroupID: 1,
-			TagIDs:  []portainer.TagID{1, 2, 3},
-			Type:    portainer.EdgeAgentOnDockerEnvironment,
-		})
-
-		endpointIDs = append(endpointIDs, portainer.EndpointID(i+1))
-	}
-
-	endpointGroups := []portainer.EndpointGroup{}
-
-	edgeGroups := []portainer.EdgeGroup{}
-	for i := 0; i < 1000; i++ {
-		edgeGroups = append(edgeGroups, portainer.EdgeGroup{
-			ID:        portainer.EdgeGroupID(i + 1),
-			Name:      "edge-group-" + strconv.Itoa(i+1),
-			Endpoints: append([]portainer.EndpointID{}, endpointIDs...),
-			Dynamic:   true,
-			TagIDs:    []portainer.TagID{1},
-		})
-	}
-
-	tagsMap := map[portainer.TagID]string{}
-	for i := 0; i < 10; i++ {
-		tagsMap[portainer.TagID(i+1)] = "tag-" + strconv.Itoa(i+1)
-	}
-
-	searchString := "edge-group"
-
-	b.ResetTimer()
-
-	for i := 0; i < b.N; i++ {
-		e := filterEndpointsBySearchCriteria(endpoints, endpointGroups, edgeGroups, tagsMap, searchString)
-		if len(e) != n {
-			b.FailNow()
-		}
-	}
-}
-
 func runTests(tests []filterTest, t *testing.T, handler *Handler, endpoints []portainer.Endpoint) {
 	for _, test := range tests {
 		t.Run(test.title, func(t *testing.T) {
--- a/api/http/handler/endpoints/handler.go
+++ b/api/http/handler/endpoints/handler.go
@@ -71,8 +71,6 @@ func NewHandler(bouncer security.BouncerService, demoService *demo.Service) *Han
 		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointUpdate))).Methods(http.MethodPut)
 	h.Handle("/endpoints/{id}",
 		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointDelete))).Methods(http.MethodDelete)
-	h.Handle("/endpoints",
-		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointDeleteBatch))).Methods(http.MethodDelete)
 	h.Handle("/endpoints/{id}/dockerhub/{registryId}",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.endpointDockerhubStatus))).Methods(http.MethodGet)
 	h.Handle("/endpoints/{id}/snapshot",
--- a/api/http/handler/file/handler.go
+++ b/api/http/handler/file/handler.go
@@ -4,9 +4,6 @@ import (
 	"net/http"
 	"strings"

-	"github.com/portainer/portainer/api/http/security"
-	"github.com/portainer/portainer/pkg/featureflags"
-
 	"github.com/gorilla/handlers"
 )

@@ -19,10 +16,8 @@ type Handler struct {
 // NewHandler creates a handler to serve static files.
 func NewHandler(assetPublicPath string, wasInstanceDisabled func() bool) *Handler {
 	h := &Handler{
-		Handler: security.MWSecureHeaders(
-			handlers.CompressHandler(http.FileServer(http.Dir(assetPublicPath))),
-			featureflags.IsEnabled("hsts"),
-			featureflags.IsEnabled("csp"),
+		Handler: handlers.CompressHandler(
+			http.FileServer(http.Dir(assetPublicPath)),
 		),
 		wasInstanceDisabled: wasInstanceDisabled,
 	}
@@ -58,5 +53,7 @@ func (handler *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
 	}

+	w.Header().Add("X-XSS-Protection", "1; mode=block")
+	w.Header().Add("X-Content-Type-Options", "nosniff")
 	handler.Handler.ServeHTTP(w, r)
 }
--- a/api/http/handler/handler.go
+++ b/api/http/handler/handler.go
@@ -85,7 +85,7 @@ type Handler struct {
 }

 // @title PortainerCE API
-// @version 2.21.4
+// @version 2.22.0
 // @description.markdown api-description.md
 // @termsOfService

@@ -199,7 +199,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	case strings.HasPrefix(r.URL.Path, "/api/kubernetes"):
 		http.StripPrefix("/api", h.KubernetesHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/docker"):
-		http.StripPrefix("/api", h.DockerHandler).ServeHTTP(w, r)
+		http.StripPrefix("/api/docker", h.DockerHandler).ServeHTTP(w, r)

 	// Helm subpath under kubernetes -> /api/endpoints/{id}/kubernetes/helm
 	case strings.HasPrefix(r.URL.Path, "/api/endpoints/") && strings.Contains(r.URL.Path, "/kubernetes/helm"):
--- a/api/http/handler/helm/helm_install.go
+++ b/api/http/handler/helm/helm_install.go
@@ -61,7 +61,8 @@ func (handler *Handler) helmInstall(w http.ResponseWriter, r *http.Request) *htt
 		return httperror.InternalServerError("Unable to install a chart", err)
 	}

-	return response.JSONWithStatus(w, release, http.StatusCreated)
+	w.WriteHeader(http.StatusCreated)
+	return response.JSON(w, release)
 }

 func (p *installChartPayload) Validate(_ *http.Request) error {
--- a/api/http/handler/hostmanagement/openamt/amtrpc.go
+++ b/api/http/handler/hostmanagement/openamt/amtrpc.go
@@ -155,7 +155,7 @@ func pullImage(ctx context.Context, docker *client.Client, imageName string) err
 // runContainer should be used to run a short command that returns information to stdout
 // TODO: add k8s support
 func runContainer(ctx context.Context, docker *client.Client, imageName, containerName string, cmdLine []string) (output string, err error) {
-	opts := container.ListOptions{All: true}
+	opts := types.ContainerListOptions{All: true}
 	opts.Filters = filters.NewArgs()
 	opts.Filters.Add("name", containerName)
 	existingContainers, err := docker.ContainerList(ctx, opts)
@@ -170,7 +170,7 @@ func runContainer(ctx context.Context, docker *client.Client, imageName, contain
 	}

 	if len(existingContainers) > 0 {
-		err = docker.ContainerRemove(ctx, existingContainers[0].ID, container.RemoveOptions{Force: true})
+		err = docker.ContainerRemove(ctx, existingContainers[0].ID, types.ContainerRemoveOptions{Force: true})
 		if err != nil {
 			log.Error().
 				Str("image_name", imageName).
@@ -211,7 +211,7 @@ func runContainer(ctx context.Context, docker *client.Client, imageName, contain
 		return "", err
 	}

-	err = docker.ContainerStart(ctx, created.ID, container.StartOptions{})
+	err = docker.ContainerStart(ctx, created.ID, types.ContainerStartOptions{})
 	if err != nil {
 		log.Error().
 			Str("image_name", imageName).
@@ -243,14 +243,14 @@ func runContainer(ctx context.Context, docker *client.Client, imageName, contain

 	log.Debug().Int64("status", statusCode).Msg("container wait status")

-	out, err := docker.ContainerLogs(ctx, created.ID, container.LogsOptions{ShowStdout: true})
+	out, err := docker.ContainerLogs(ctx, created.ID, types.ContainerLogsOptions{ShowStdout: true})
 	if err != nil {
 		log.Error().Err(err).Str("image_name", imageName).Str("container_name", containerName).Msg("getting container log")

 		return "", err
 	}

-	err = docker.ContainerRemove(ctx, created.ID, container.RemoveOptions{})
+	err = docker.ContainerRemove(ctx, created.ID, types.ContainerRemoveOptions{})
 	if err != nil {
 		log.Error().
 			Str("image_name", imageName).
--- a/api/http/handler/registries/handler.go
+++ b/api/http/handler/registries/handler.go
@@ -7,16 +7,12 @@ import (
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/http/proxy"
 	"github.com/portainer/portainer/api/http/security"
-	"github.com/portainer/portainer/api/internal/endpointutils"
-	"github.com/portainer/portainer/api/kubernetes"
 	"github.com/portainer/portainer/api/kubernetes/cli"
 	"github.com/portainer/portainer/api/pendingactions"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"

 	"github.com/gorilla/mux"
-
-	"github.com/pkg/errors"
 )

 func hideFields(registry *portainer.Registry, hideAccesses bool) {
@@ -87,88 +83,29 @@ func (handler *Handler) registriesHaveSameURLAndCredentials(r1, r2 *portainer.Re
 	return hasSameUrl && hasSameCredentials && r1.Gitlab.ProjectPath == r2.Gitlab.ProjectPath
 }

-// this function validates that
-//
-// 1. user has the appropriate authorizations to perform the request
-//
-// 2. user has a direct or indirect access to the registry
-func (handler *Handler) userHasRegistryAccess(r *http.Request, registry *portainer.Registry) (hasAccess bool, isAdmin bool, err error) {
+func (handler *Handler) userHasRegistryAccess(r *http.Request) (hasAccess bool, isAdmin bool, err error) {
 	securityContext, err := security.RetrieveRestrictedRequestContext(r)
 	if err != nil {
 		return false, false, err
 	}

-	user, err := handler.DataStore.User().Read(securityContext.UserID)
-	if err != nil {
-		return false, false, err
-	}
-
-	// Portainer admins always have access to everything
 	if securityContext.IsAdmin {
 		return true, true, nil
 	}

-	// mandatory query param that should become a path param
-	endpointIdStr, err := request.RetrieveNumericQueryParameter(r, "endpointId", false)
+	endpointID, err := request.RetrieveNumericQueryParameter(r, "endpointId", false)
+	if err != nil {
+		return false, false, err
+	}
+	endpoint, err := handler.DataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
 	if err != nil {
 		return false, false, err
 	}

-	endpointId := portainer.EndpointID(endpointIdStr)
-
-	endpoint, err := handler.DataStore.Endpoint().Endpoint(endpointId)
+	err = handler.requestBouncer.AuthorizedEndpointOperation(r, endpoint)
 	if err != nil {
 		return false, false, err
 	}

-	// validate that the request is allowed for the user (READ/WRITE authorization on request path)
-	if err := handler.requestBouncer.AuthorizedEndpointOperation(r, endpoint); errors.Is(err, security.ErrAuthorizationRequired) {
-		return false, false, nil
-	} else if err != nil {
-		return false, false, err
-	}
-
-	memberships, err := handler.DataStore.TeamMembership().TeamMembershipsByUserID(user.ID)
-	if err != nil {
-		return false, false, nil
-	}
-
-	// validate access for kubernetes namespaces (leverage registry.RegistryAccesses[endpointId].Namespaces)
-	if endpointutils.IsKubernetesEndpoint(endpoint) {
-		kcl, err := handler.K8sClientFactory.GetKubeClient(endpoint)
-		if err != nil {
-			return false, false, errors.Wrap(err, "unable to retrieve kubernetes client to validate registry access")
-		}
-		accessPolicies, err := kcl.GetNamespaceAccessPolicies()
-		if err != nil {
-			return false, false, errors.Wrap(err, "unable to retrieve environment's namespaces policies to validate registry access")
-		}
-
-		authorizedNamespaces := registry.RegistryAccesses[endpointId].Namespaces
-
-		for _, namespace := range authorizedNamespaces {
-			// when the default namespace is authorized to use a registry, all users have the ability to use it
-			// unless the default namespace is restricted: in this case continue to search for other potential accesses authorizations
-			if namespace == kubernetes.DefaultNamespace && !endpoint.Kubernetes.Configuration.RestrictDefaultNamespace {
-				return true, false, nil
-			}
-
-			namespacePolicy := accessPolicies[namespace]
-			if security.AuthorizedAccess(user.ID, memberships, namespacePolicy.UserAccessPolicies, namespacePolicy.TeamAccessPolicies) {
-				return true, false, nil
-			}
-		}
-		return false, false, nil
-	}
-
-	// validate access for docker environments
-	// leverage registry.RegistryAccesses[endpointId].UserAccessPolicies (direct access)
-	// and registry.RegistryAccesses[endpointId].TeamAccessPolicies (indirect access via his teams)
-	if security.AuthorizedRegistryAccess(registry, user, memberships, endpoint.ID) {
-		return true, false, nil
-	}
-
-	// when user has no access via their role, direct grant or indirect grant
-	// then they don't have access to the registry
-	return false, false, nil
+	return true, false, nil
 }
--- a/api/http/handler/registries/registry_create.go
+++ b/api/http/handler/registries/registry_create.go
@@ -89,7 +89,6 @@ func (payload *registryCreatePayload) Validate(_ *http.Request) error {
 // @param body body registryCreatePayload true "Registry details"
 // @success 200 {object} portainer.Registry "Success"
 // @failure 400 "Invalid request"
-// @failure 409 "Another registry with the same name or same URL & credentials already exists"
 // @failure 500 "Server error"
 // @router /registries [post]
 func (handler *Handler) registryCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
--- a/api/http/handler/registries/registry_delete.go
+++ b/api/http/handler/registries/registry_delete.go
@@ -8,7 +8,6 @@ import (
 	httperrors "github.com/portainer/portainer/api/http/errors"
 	"github.com/portainer/portainer/api/http/security"
 	"github.com/portainer/portainer/api/pendingactions"
-	"github.com/portainer/portainer/api/pendingactions/actions"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
@@ -92,7 +91,7 @@ func (handler *Handler) deleteKubernetesSecrets(registry *portainer.Registry) er
 			if len(failedNamespaces) > 0 {
 				handler.PendingActionsService.Create(portainer.PendingActions{
 					EndpointID: endpointId,
-					Action:     actions.DeletePortainerK8sRegistrySecrets,
+					Action:     pendingactions.DeletePortainerK8sRegistrySecrets,

 					// When extracting the data, this is the type we need to pull out
 					// i.e. pendingactions.DeletePortainerK8sRegistrySecretsData
--- a/api/http/handler/registries/registry_inspect.go
+++ b/api/http/handler/registries/registry_inspect.go
@@ -26,6 +26,14 @@ import (
 // @failure 500 "Server error"
 // @router /registries/{id} [get]
 func (handler *Handler) registryInspect(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	hasAccess, isAdmin, err := handler.userHasRegistryAccess(r)
+	if err != nil {
+		return httperror.InternalServerError("Unable to retrieve info from request context", err)
+	}
+	if !hasAccess {
+		return httperror.Forbidden("Access denied to resource", httperrors.ErrResourceAccessDenied)
+	}
+
 	registryID, err := request.RetrieveNumericRouteVariableValue(r, "id")
 	if err != nil {
 		return httperror.BadRequest("Invalid registry identifier route variable", err)
@@ -38,14 +46,6 @@ func (handler *Handler) registryInspect(w http.ResponseWriter, r *http.Request)
 		return httperror.InternalServerError("Unable to find a registry with the specified identifier inside the database", err)
 	}

-	hasAccess, isAdmin, err := handler.userHasRegistryAccess(r, registry)
-	if err != nil {
-		return httperror.InternalServerError("Unable to retrieve info from request context", err)
-	}
-	if !hasAccess {
-		return httperror.Forbidden("Access denied to resource", httperrors.ErrResourceAccessDenied)
-	}
-
 	hideFields(registry, !isAdmin)
 	return response.JSON(w, registry)
 }
--- a/api/http/handler/registries/registry_update.go
+++ b/api/http/handler/registries/registry_update.go
@@ -52,7 +52,7 @@ func (payload *registryUpdatePayload) Validate(r *http.Request) error {
 // @success 200 {object} portainer.Registry "Success"
 // @failure 400 "Invalid request"
 // @failure 404 "Registry not found"
-// @failure 409 "Another registry with the same name or same URL & credentials already exists"
+// @failure 409 "Another registry with the same URL already exists"
 // @failure 500 "Server error"
 // @router /registries/{id} [put]
 func (handler *Handler) registryUpdate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
--- a/api/http/handler/resourcecontrols/resourcecontrol_create.go
+++ b/api/http/handler/resourcecontrols/resourcecontrol_create.go
@@ -63,7 +63,7 @@ func (payload *resourceControlCreatePayload) Validate(r *http.Request) error {
 // @param body body resourceControlCreatePayload true "Resource control details"
 // @success 200 {object} portainer.ResourceControl "Success"
 // @failure 400 "Invalid request"
-// @failure 409 "A resource control is already associated to this resource"
+// @failure 409 "Resource control already exists"
 // @failure 500 "Server error"
 // @router /resource_controls [post]
 func (handler *Handler) resourceControlCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
--- a/api/http/handler/settings/settings_update.go
+++ b/api/http/handler/settings/settings_update.go
@@ -13,7 +13,6 @@ import (
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
-	"golang.org/x/oauth2"

 	"github.com/asaskevich/govalidator"
 	"github.com/pkg/errors"
@@ -96,11 +95,6 @@ func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
 		}
 	}

-	if payload.OAuthSettings != nil {
-		if payload.OAuthSettings.AuthStyle < oauth2.AuthStyleAutoDetect || payload.OAuthSettings.AuthStyle > oauth2.AuthStyleInHeader {
-			return errors.New("Invalid OAuth AuthStyle")
-		}
-	}
 	return nil
 }

@@ -231,7 +225,6 @@ func (handler *Handler) updateSettings(tx dataservices.DataStoreTx, payload sett
 		settings.OAuthSettings = *payload.OAuthSettings
 		settings.OAuthSettings.ClientSecret = clientSecret
 		settings.OAuthSettings.KubeSecretKey = kubeSecret
-		settings.OAuthSettings.AuthStyle = payload.OAuthSettings.AuthStyle
 	}

 	if payload.EnableEdgeComputeFeatures != nil {
--- a/api/http/handler/stacks/create_compose_stack.go
+++ b/api/http/handler/stacks/create_compose_stack.go
@@ -229,7 +229,6 @@ func (payload *composeStackFromGitRepositoryPayload) Validate(r *http.Request) e
 // @param body body composeStackFromGitRepositoryPayload true "stack config"
 // @success 200 {object} portainer.Stack
 // @failure 400 "Invalid request"
-// @failure 409 "Stack name or webhook ID already exists"
 // @failure 500 "Server error"
 // @router /stacks/create/standalone/repository [post]
 func (handler *Handler) createComposeStackFromGitRepository(w http.ResponseWriter, r *http.Request, endpoint *portainer.Endpoint, userID portainer.UserID) *httperror.HandlerError {
--- a/api/http/handler/stacks/create_kubernetes_stack.go
+++ b/api/http/handler/stacks/create_kubernetes_stack.go
@@ -195,7 +195,6 @@ func (handler *Handler) createKubernetesStackFromFileContent(w http.ResponseWrit
 // @param endpointId query int true "Identifier of the environment that will be used to deploy the stack"
 // @success 200 {object} portainer.Stack
 // @failure 400 "Invalid request"
-// @failure 409 "Stack name or webhook ID already exists"
 // @failure 500 "Server error"
 // @router /stacks/create/kubernetes/repository [post]
 func (handler *Handler) createKubernetesStackFromGitRepository(w http.ResponseWriter, r *http.Request, endpoint *portainer.Endpoint, userID portainer.UserID) *httperror.HandlerError {
--- a/api/http/handler/stacks/create_swarm_stack.go
+++ b/api/http/handler/stacks/create_swarm_stack.go
@@ -188,7 +188,6 @@ func createStackPayloadFromSwarmGitPayload(name, swarmID, repoUrl, repoReference
 // @param body body swarmStackFromGitRepositoryPayload true "stack config"
 // @success 200 {object} portainer.Stack
 // @failure 400 "Invalid request"
-// @failure 409 "Stack name or webhook ID already exists"
 // @failure 500 "Server error"
 // @router /stacks/create/swarm/repository [post]
 func (handler *Handler) createSwarmStackFromGitRepository(w http.ResponseWriter, r *http.Request, endpoint *portainer.Endpoint, userID portainer.UserID) *httperror.HandlerError {
--- a/api/http/handler/stacks/handler.go
+++ b/api/http/handler/stacks/handler.go
@@ -21,7 +21,6 @@ import (
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"

 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
 	"github.com/gorilla/mux"
 	"github.com/pkg/errors"
 )
@@ -191,7 +190,7 @@ func (handler *Handler) checkUniqueStackNameInDocker(endpoint *portainer.Endpoin
 		}
 	}

-	containers, err := dockerClient.ContainerList(context.Background(), container.ListOptions{All: true})
+	containers, err := dockerClient.ContainerList(context.Background(), types.ContainerListOptions{All: true})
 	if err != nil {
 		return false, err
 	}
--- a/api/http/handler/stacks/stack_associate.go
+++ b/api/http/handler/stacks/stack_associate.go
@@ -1,7 +1,6 @@
 package stacks

 import (
-	"errors"
 	"fmt"
 	"net/http"
 	"time"
@@ -96,7 +95,7 @@ func (handler *Handler) stackAssociate(w http.ResponseWriter, r *http.Request) *
 	}
 	if !canManage {
 		errMsg := "Stack management is disabled for non-admin users"
-		return httperror.Forbidden(errMsg, errors.New(errMsg))
+		return httperror.Forbidden(errMsg, fmt.Errorf(errMsg))
 	}

 	stack.EndpointID = portainer.EndpointID(endpointID)
--- a/api/http/handler/stacks/stack_delete.go
+++ b/api/http/handler/stacks/stack_delete.go
@@ -111,7 +111,7 @@ func (handler *Handler) stackDelete(w http.ResponseWriter, r *http.Request) *htt
 	}
 	if !canManage {
 		errMsg := "stack deletion is disabled for non-admin users"
-		return httperror.Forbidden(errMsg, errors.New(errMsg))
+		return httperror.Forbidden(errMsg, fmt.Errorf(errMsg))
 	}

 	// stop scheduler updates of the stack before removal
@@ -338,7 +338,7 @@ func (handler *Handler) stackDeleteKubernetesByName(w http.ResponseWriter, r *ht
 		}
 		if !canManage {
 			errMsg := "stack deletion is disabled for non-admin users"
-			return httperror.Forbidden(errMsg, errors.New(errMsg))
+			return httperror.Forbidden(errMsg, fmt.Errorf(errMsg))
 		}

 		stacksToDelete = append(stacksToDelete, stack)
--- a/api/http/handler/stacks/stack_migrate.go
+++ b/api/http/handler/stacks/stack_migrate.go
@@ -46,7 +46,6 @@ func (payload *stackMigratePayload) Validate(r *http.Request) error {
 // @failure 400 "Invalid request"
 // @failure 403 "Permission denied"
 // @failure 404 "Stack not found"
-// @failure 409 "A stack with the same name is already running on the target environment(endpoint)"
 // @failure 500 "Server error"
 // @router /stacks/{id}/migrate [post]
 func (handler *Handler) stackMigrate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
--- a/api/http/handler/stacks/stack_start.go
+++ b/api/http/handler/stacks/stack_start.go
@@ -29,7 +29,6 @@ import (
 // @failure 400 "Invalid request"
 // @failure 403 "Permission denied"
 // @failure 404 "Not found"
-// @failure 409 "Stack name is not unique"
 // @failure 500 "Server error"
 // @router /stacks/{id}/start [post]
 func (handler *Handler) stackStart(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
--- a/api/http/handler/stacks/webhook_invoke.go
+++ b/api/http/handler/stacks/webhook_invoke.go
@@ -19,7 +19,7 @@ import (
 // @param webhookID path string true "Stack identifier"
 // @success 200 "Success"
 // @failure 400 "Invalid request"
-// @failure 409 "Autoupdate for the stack isn't available"
+// @failure 409 "Conflict"
 // @failure 500 "Server error"
 // @router /stacks/webhooks/{webhookID} [post]
 func (handler *Handler) webhookInvoke(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
--- a/api/http/handler/tags/tag_create.go
+++ b/api/http/handler/tags/tag_create.go
@@ -35,7 +35,7 @@ func (payload *tagCreatePayload) Validate(r *http.Request) error {
 // @produce json
 // @param body body tagCreatePayload true "Tag details"
 // @success 200 {object} portainer.Tag "Success"
-// @failure 409 "This name is already associated to a tag"
+// @failure 409 "Tag name exists"
 // @failure 500 "Server error"
 // @router /tags [post]
 func (handler *Handler) tagCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
--- a/api/http/handler/teams/team_create.go
+++ b/api/http/handler/teams/team_create.go
@@ -5,7 +5,6 @@ import (
 	"net/http"

 	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
@@ -24,7 +23,6 @@ func (payload *teamCreatePayload) Validate(r *http.Request) error {
 	if govalidator.IsNull(payload.Name) {
 		return errors.New("Invalid team name")
 	}
-
 	return nil
 }

@@ -40,47 +38,31 @@ func (payload *teamCreatePayload) Validate(r *http.Request) error {
 // @param body body teamCreatePayload true "details"
 // @success 200 {object} portainer.Team "Success"
 // @failure 400 "Invalid request"
-// @failure 409 "A team with the same name already exists"
+// @failure 409 "Team already exists"
 // @failure 500 "Server error"
 // @router /teams [post]
 func (handler *Handler) teamCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	var payload teamCreatePayload
-	if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
+	err := request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
 		return httperror.BadRequest("Invalid request payload", err)
 	}

-	var team *portainer.Team
-
-	if err := handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
-		var err error
-		team, err = createTeam(tx, payload)
-
-		return err
-	}); err != nil {
-		var httpErr *httperror.HandlerError
-		if errors.As(err, &httpErr) {
-			return httpErr
-		}
-
-		return httperror.InternalServerError("Unexpected error", err)
-	}
-
-	return response.JSON(w, team)
-}
-
-func createTeam(tx dataservices.DataStoreTx, payload teamCreatePayload) (*portainer.Team, error) {
-	team, err := tx.Team().TeamByName(payload.Name)
-	if err != nil && !tx.IsErrObjectNotFound(err) {
-		return nil, httperror.InternalServerError("Unable to retrieve teams from the database", err)
+	team, err := handler.DataStore.Team().TeamByName(payload.Name)
+	if err != nil && !handler.DataStore.IsErrObjectNotFound(err) {
+		return httperror.InternalServerError("Unable to retrieve teams from the database", err)
 	}
 	if team != nil {
-		return nil, httperror.Conflict("A team with the same name already exists", errors.New("Team already exists"))
+		return httperror.Conflict("A team with the same name already exists", errors.New("Team already exists"))
 	}

-	team = &portainer.Team{Name: payload.Name}
+	team = &portainer.Team{
+		Name: payload.Name,
+	}

-	if err := tx.Team().Create(team); err != nil {
-		return nil, httperror.InternalServerError("Unable to persist the team inside the database", err)
+	err = handler.DataStore.Team().Create(team)
+	if err != nil {
+		return httperror.InternalServerError("Unable to persist the team inside the database", err)
 	}

 	for _, teamLeader := range payload.TeamLeaders {
@@ -90,10 +72,11 @@ func createTeam(tx dataservices.DataStoreTx, payload teamCreatePayload) (*portai
 			Role:   portainer.TeamLeader,
 		}

-		if err := tx.TeamMembership().Create(membership); err != nil {
-			return nil, httperror.InternalServerError("Unable to persist team leadership inside the database", err)
+		err = handler.DataStore.TeamMembership().Create(membership)
+		if err != nil {
+			return httperror.InternalServerError("Unable to persist team leadership inside the database", err)
 		}
 	}

-	return team, nil
+	return response.JSON(w, team)
 }
--- a/api/http/handler/teams/team_create_test.go
+++ b/api/http/handler/teams/team_create_test.go
@@ -1,65 +0,0 @@
-package teams
-
-import (
-	"bytes"
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	"github.com/portainer/portainer/api/datastore"
-
-	"github.com/stretchr/testify/require"
-	"golang.org/x/sync/errgroup"
-)
-
-func TestConcurrentTeamCreation(t *testing.T) {
-	_, store := datastore.MustNewTestStore(t, true, false)
-
-	h := &Handler{
-		DataStore: store,
-	}
-
-	tcp := teamCreatePayload{
-		Name: "portainer",
-	}
-
-	m, err := json.Marshal(tcp)
-	require.NoError(t, err)
-
-	errGroup := &errgroup.Group{}
-
-	n := 100
-
-	for i := 0; i < n; i++ {
-		errGroup.Go(func() error {
-			req, err := http.NewRequest(http.MethodPost, "/teams", bytes.NewReader(m))
-			if err != nil {
-				return err
-			}
-
-			if err := h.teamCreate(httptest.NewRecorder(), req); err != nil {
-				return err
-			}
-
-			return nil
-		})
-	}
-
-	err = errGroup.Wait()
-	require.Error(t, err)
-
-	teams, err := store.Team().ReadAll()
-	require.NotEmpty(t, teams)
-	require.NoError(t, err)
-
-	teamCreated := false
-	for _, team := range teams {
-		if team.Name == tcp.Name {
-			require.False(t, teamCreated)
-			teamCreated = true
-		}
-	}
-
-	require.True(t, teamCreated)
-}
--- a/api/http/handler/users/user_create.go
+++ b/api/http/handler/users/user_create.go
@@ -5,7 +5,6 @@ import (
 	"net/http"

 	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
@@ -55,33 +54,12 @@ func (handler *Handler) userCreate(w http.ResponseWriter, r *http.Request) *http
 		return httperror.BadRequest("Invalid request payload", err)
 	}

-	var user *portainer.User
-
-	if err := handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
-		var err error
-		user, err = handler.createUser(tx, payload)
-
-		return err
-	}); err != nil {
-		var httpErr *httperror.HandlerError
-		if errors.As(err, &httpErr) {
-			return httpErr
-		}
-
-		return httperror.InternalServerError("Unexpected error", err)
+	user, err := handler.DataStore.User().UserByUsername(payload.Username)
+	if err != nil && !handler.DataStore.IsErrObjectNotFound(err) {
+		return httperror.InternalServerError("Unable to retrieve users from the database", err)
 	}
-
-	return response.JSON(w, user)
-}
-
-func (handler *Handler) createUser(tx dataservices.DataStoreTx, payload userCreatePayload) (*portainer.User, error) {
-	user, err := tx.User().UserByUsername(payload.Username)
-	if err != nil && !tx.IsErrObjectNotFound(err) {
-		return nil, httperror.InternalServerError("Unable to retrieve users from the database", err)
-	}
-
 	if user != nil {
-		return nil, httperror.Conflict("Another user with the same username already exists", errUserAlreadyExists)
+		return httperror.Conflict("Another user with the same username already exists", errUserAlreadyExists)
 	}

 	user = &portainer.User{
@@ -89,33 +67,33 @@ func (handler *Handler) createUser(tx dataservices.DataStoreTx, payload userCrea
 		Role:     portainer.UserRole(payload.Role),
 	}

-	settings, err := tx.Settings().Settings()
+	settings, err := handler.DataStore.Settings().Settings()
 	if err != nil {
-		return nil, httperror.InternalServerError("Unable to retrieve settings from the database", err)
+		return httperror.InternalServerError("Unable to retrieve settings from the database", err)
 	}

-	// When LDAP/OAuth is on, can only add users without password
+	// when ldap/oauth is on, can only add users without password
 	if (settings.AuthenticationMethod == portainer.AuthenticationLDAP || settings.AuthenticationMethod == portainer.AuthenticationOAuth) && payload.Password != "" {
-		errMsg := "a user with password can not be created when authentication method is Oauth or LDAP"
-		return nil, httperror.BadRequest(errMsg, errors.New(errMsg))
+		errMsg := "A user with password can not be created when authentication method is Oauth or LDAP"
+		return httperror.BadRequest(errMsg, errors.New(errMsg))
 	}

 	if settings.AuthenticationMethod == portainer.AuthenticationInternal {
 		if !handler.passwordStrengthChecker.Check(payload.Password) {
-			return nil, httperror.BadRequest("Password does not meet the requirements", nil)
+			return httperror.BadRequest("Password does not meet the requirements", nil)
 		}

 		user.Password, err = handler.CryptoService.Hash(payload.Password)
 		if err != nil {
-			return nil, httperror.InternalServerError("Unable to hash user password", errCryptoHashFailure)
+			return httperror.InternalServerError("Unable to hash user password", errCryptoHashFailure)
 		}
 	}

-	if err := tx.User().Create(user); err != nil {
-		return nil, httperror.InternalServerError("Unable to persist user inside the database", err)
+	err = handler.DataStore.User().Create(user)
+	if err != nil {
+		return httperror.InternalServerError("Unable to persist user inside the database", err)
 	}

 	hideFields(user)
-
-	return user, nil
+	return response.JSON(w, user)
 }
--- a/api/http/handler/users/user_create_access_token.go
+++ b/api/http/handler/users/user_create_access_token.go
@@ -50,7 +50,7 @@ type accessTokenResponse struct {
 // @produce json
 // @param id path int true "User identifier"
 // @param body body userAccessTokenCreatePayload true "details"
-// @success 200 {object} accessTokenResponse "Created"
+// @success 201 {object} accessTokenResponse "Created"
 // @failure 400 "Invalid request"
 // @failure 401 "Unauthorized"
 // @failure 403 "Permission denied"
@@ -115,12 +115,13 @@ func (handler *Handler) userCreateAccessToken(w http.ResponseWriter, r *http.Req
 		return httperror.InternalServerError("Internal Server Error", err)
 	}

-	return response.JSONWithStatus(w, accessTokenResponse{rawAPIKey, *apiKey}, http.StatusCreated)
+	w.WriteHeader(http.StatusCreated)
+	return response.JSON(w, accessTokenResponse{rawAPIKey, *apiKey})
 }

-func (handler *Handler) usesInternalAuthentication(userID portainer.UserID) (bool, error) {
-	// userID 1 is the admin user and always uses internal auth
-	if userID == 1 {
+func (handler *Handler) usesInternalAuthentication(userid portainer.UserID) (bool, error) {
+	// userid 1 is the admin user and always uses internal auth
+	if userid == 1 {
 		return true, nil
 	}

--- a/api/http/handler/users/user_create_test.go
+++ b/api/http/handler/users/user_create_test.go
@@ -1,77 +0,0 @@
-package users
-
-import (
-	"bytes"
-	"encoding/json"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/crypto"
-	"github.com/portainer/portainer/api/datastore"
-
-	"github.com/stretchr/testify/require"
-	"golang.org/x/sync/errgroup"
-)
-
-type mockPasswordStrengthChecker struct{}
-
-func (m *mockPasswordStrengthChecker) Check(string) bool {
-	return true
-}
-
-func TestConcurrentUserCreation(t *testing.T) {
-	_, store := datastore.MustNewTestStore(t, true, false)
-
-	h := &Handler{
-		passwordStrengthChecker: &mockPasswordStrengthChecker{},
-		CryptoService:           &crypto.Service{},
-		DataStore:               store,
-	}
-
-	ucp := userCreatePayload{
-		Username: "portainer",
-		Password: "password",
-		Role:     int(portainer.AdministratorRole),
-	}
-
-	m, err := json.Marshal(ucp)
-	require.NoError(t, err)
-
-	errGroup := &errgroup.Group{}
-
-	n := 100
-
-	for i := 0; i < n; i++ {
-		errGroup.Go(func() error {
-			req, err := http.NewRequest(http.MethodPost, "/users", bytes.NewReader(m))
-			if err != nil {
-				return err
-			}
-
-			if err := h.userCreate(httptest.NewRecorder(), req); err != nil {
-				return err
-			}
-
-			return nil
-		})
-	}
-
-	err = errGroup.Wait()
-	require.Error(t, err)
-
-	users, err := store.User().ReadAll()
-	require.NotEmpty(t, users)
-	require.NoError(t, err)
-
-	userCreated := false
-	for _, u := range users {
-		if u.Username == ucp.Username {
-			require.False(t, userCreated)
-			userCreated = true
-		}
-	}
-
-	require.True(t, userCreated)
-}
--- a/api/http/handler/webhooks/webhook_create.go
+++ b/api/http/handler/webhooks/webhook_create.go
@@ -45,9 +45,9 @@ func (payload *webhookCreatePayload) Validate(r *http.Request) error {
 // @produce json
 // @param body body webhookCreatePayload true "Webhook data"
 // @success 200 {object} portainer.Webhook
-// @failure 400 "Invalid request"
-// @failure 409 "A webhook for this resource already exists"
-// @failure 500 "Server error"
+// @failure 400
+// @failure 409
+// @failure 500
 // @router /webhooks [post]
 func (handler *Handler) webhookCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	var payload webhookCreatePayload
--- a/api/http/handler/webhooks/webhook_execute.go
+++ b/api/http/handler/webhooks/webhook_execute.go
@@ -122,7 +122,6 @@ func (handler *Handler) executeServiceWebhook(
 			_ = rc.Close()
 		}(rc)
 	}
-
 	_, err = dockerClient.ServiceUpdate(context.Background(), resourceID, service.Version, service.Spec, serviceUpdateOptions)

 	if err != nil {
--- a/api/http/handler/websocket/proxy.go
+++ b/api/http/handler/websocket/proxy.go
@@ -18,12 +18,12 @@ import (
 )

 func (handler *Handler) proxyEdgeAgentWebsocketRequest(w http.ResponseWriter, r *http.Request, params *webSocketRequestParams) error {
-	tunnelAddr, err := handler.ReverseTunnelService.TunnelAddr(params.endpoint)
+	tunnel, err := handler.ReverseTunnelService.GetActiveTunnel(params.endpoint)
 	if err != nil {
 		return err
 	}

-	agentURL, err := url.Parse("http://" + tunnelAddr)
+	agentURL, err := url.Parse(fmt.Sprintf("http://127.0.0.1:%d", tunnel.Port))
 	if err != nil {
 		return err
 	}
@@ -93,7 +93,7 @@ func (handler *Handler) doProxyWebsocketRequest(
 	}

 	if isEdge {
-		handler.ReverseTunnelService.UpdateLastActivity(params.endpoint.ID)
+		handler.ReverseTunnelService.SetTunnelStatusToActive(params.endpoint.ID)
 		handler.ReverseTunnelService.KeepTunnelAlive(params.endpoint.ID, r.Context(), portainer.WebSocketKeepAlive)
 	}

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Chaim Lev-Ari	b95bb06535	refactor(ui/button): remove duplicate data-cy	2024-04-14 13:49:21 +03:00
Chaim Lev-Ari	76e49ed9a8	refactor(kube/apps): migrate table to react [EE-4685] (#11028 )	2024-04-11 10:11:17 +03:00
Chaim Lev-Ari	e9ebef15a0	refactor(rbac): migrate access table to react [EE-4710] (#10823 )	2024-04-11 09:49:38 +03:00
Chaim Lev-Ari	6ff4fd3db2	refactor(templates): migrate list view to react [EE-2296] (#10999 )	2024-04-11 09:29:30 +03:00
Ali	d38085a560	chore(data-cy): require data-cy attributes [EE-6880] (#11453 )	2024-04-11 12:11:38 +12:00
Chaim Lev-Ari	3cad13388c	refactor(ui): use external/system badge where applicable [EE-6952] (#11475 )	2024-04-10 08:56:02 +03:00
Matt Hook	0b62456236	fix(backups): improved archive encryption [EE-6764] (#11489 )	2024-04-10 10:45:49 +12:00
Chaim Lev-Ari	c22d280491	refactor(activity-logs): migrate activity logs table to react [EE-4714] (#10891 )	2024-04-09 08:53:23 +03:00
Chaim Lev-Ari	960d18998f	refactor(registries): migrate gitlab projects table to react [EE-4709] (#10792 )	2024-04-09 08:52:44 +03:00
Chaim Lev-Ari	3f3db75d85	refactor(account): migrate access tokens table to react [EE-4701] (#10669 )	2024-04-09 08:17:43 +03:00
Chaim Lev-Ari	48aab77058	refactor(rbac): migrate roles table to react [EE-4711] (#10772 )	2024-04-09 08:11:29 +03:00
Chaim Lev-Ari	7e53d01d0f	refactor(activity-logs): migrate auth logs table to react [EE-4715] (#10890 )	2024-04-09 08:10:25 +03:00
Chaim Lev-Ari	bd271ec5a1	refactor(registries): migrate tags table to react [EE-6452] (#10990 )	2024-04-09 08:08:14 +03:00
Matt Hook	8913e75484	fix(services): speed up service count on the kubernetes dashboard [EE-6967] (#11526 )	2024-04-09 15:50:48 +12:00
Chaim Lev-Ari	c95ffa9e2d	refactor(rbac): migrate access viewer table to react [EE-6447] (#11498 )	2024-04-08 17:25:38 +03:00
Chaim Lev-Ari	ddb89f71b4	refactor(settings/auth): migrate ldap tables to react [EE-4712] (#10822 )	2024-04-08 17:24:45 +03:00
Chaim Lev-Ari	45be6c2b45	refactor(tags): migrate tags to react [EE-4707] (#10771 )	2024-04-08 17:23:49 +03:00
Chaim Lev-Ari	a00cb951bc	refactor(kube/registries): migrate access table to react [EE-4706] (#10688 )	2024-04-08 17:23:12 +03:00
Chaim Lev-Ari	f584bf3830	refactor(registries): migrate list view to react [EE-4704] (#10687 )	2024-04-08 17:22:43 +03:00
Chaim Lev-Ari	9600eb6fa1	refactor(tables): use add and delete buttons [EE-6297] (#10668 ) Co-authored-by: Chaim Lev-Ari <chaim.levi-ari@portaienr.io>	2024-04-08 17:21:41 +03:00
Chaim Lev-Ari	d88ef03ddb	refactor(edge/jobs): migrate results table to react [EE-4679] (#10663 )	2024-04-08 13:18:59 +03:00
Matt Hook	dc9d7ae3f1	fix(apikey): don't authenticate api key for external auth [EE-6932] (#11460 )	2024-04-08 11:03:52 +12:00
James Carppe	a3c7eb0ce0	Update bug report template for 2.20.1 (#11505 )	2024-04-05 14:56:19 +13:00
Chaim Lev-Ari	d1ba484be1	refactor(env/groups): migrate list view to react [EE-4703] (#10671 )	2024-04-04 18:54:57 +03:00
Chaim Lev-Ari	521eb5f114	refactor(edge): use native progress tag for deployment counter [EE-6075] (#10936 )	2024-04-04 18:12:27 +03:00
Chaim Lev-Ari	66770bebd4	refactor(edge/jobs): migrate view to react [EE-2236] (#10661 )	2024-04-04 16:25:32 +03:00
Matt Hook	86c4b3059e	fix(kube): use https when port is 443 in various tables [EE-6592] (#11443 )	2024-04-04 14:36:38 +13:00
Ali	e3a8853212	fix(app): port namespace limit refresh from EE to CE [EE-6835] (#11483 ) Co-authored-by: testa113 <testa113>	2024-04-04 08:19:04 +13:00
Ali	194b6e491d	fix(namespace): wait for system ns setting to load before selecting existing ns [EE-6917] (#11481 ) Co-authored-by: testa113 <testa113>	2024-04-04 08:18:13 +13:00
Chaim Lev-Ari	a439695248	refactor(users): migrate users table to react [EE-4708] (#10759 )	2024-04-03 17:38:32 +03:00
Chaim Lev-Ari	86f1b8df6e	refactor(kube/volumes): migrate storage table to react [EE-4697] (#11030 )	2024-04-02 23:27:20 +03:00
Chaim Lev-Ari	a5faddc56c	refactor(kube/cluster): migrate node apps table to react [EE-4691] (#11016 )	2024-04-02 23:12:34 +03:00
Chaim Lev-Ari	9c68c6c9f3	refactor(kube/namespaces): migrate item apps table to react [EE-4693] (#11012 )	2024-04-02 22:55:34 +03:00
Chaim Lev-Ari	d99486ee72	refactor(kube/namespaces): remove unused ingresses table [EE-6448] (#11029 )	2024-04-02 22:41:45 +03:00
Chaim Lev-Ari	946166319f	refactor(kube/apps): migrate integrated apps table to react [EE-4690] (#11025 )	2024-04-02 22:37:47 +03:00
Chaim Lev-Ari	26bb028ace	refactor(kube/namespaces): migrate table to react [EE-4694] (#10988 )	2024-04-02 22:26:22 +03:00
Chaim Lev-Ari	da615afc92	refactor(kube/volumes): migrate to react [EE-4695] (#10987 )	2024-04-02 22:10:22 +03:00
LP B	2b53bebcb3	fix(app): replace fields removed by Docker 25 and 26 (#11468 ) * fix(app/volume): make optional Container and ContainerConfig fields removed in docker 26 * fix(app/image): use image.Size instead of image.VirtualSize removed in Docker 25	2024-03-29 13:57:14 +01:00
Chaim Lev-Ari	d336a14e50	feat(docker/services): show port ranges [EE-4012] (#10657 )	2024-03-27 09:56:00 +02:00
cmeng	4ca6292805	fix(edge-stack): avoid reference of undefined EE-6914 (#11463 )	2024-03-27 16:08:08 +13:00
andres-portainer	44ef5bb12a	fix(kubernetes): avoid a deadlock EE-6901 (#11442 )	2024-03-25 14:19:38 -03:00
andres-portainer	bf600f8b11	fix(kubernetes): sync with EE EE-6906 (#11448 )	2024-03-22 16:14:00 -03:00
Prabhat Khera	d6d7afddbc	chore(version): version bump to 2.22.0 [EE-6897] (#11438 )	2024-03-22 14:37:27 +13:00
James Carppe	61642b8df6	Added 2.20.0 to bug report version option dropdown (#11430 )	2024-03-19 16:34:03 +13:00
Matt Hook	07de1b2c06	fix(doclinks): fix help link paths [EE-6861] (#11418 )	2024-03-19 11:46:41 +13:00
andres-portainer	bd3440bf3c	fix(tests): fix data races EE-6867 (#11387 )	2024-03-18 10:56:22 -03:00
Matt Hook	573f003226	fix(docs): fix all remaining webhook app links [EE-6861] (#11393 )	2024-03-18 16:28:58 +13:00
Matt Hook	6e169662c2	fix(kube): fix edit application webhook link [EE-6861] (#11391 )	2024-03-18 10:21:09 +13:00
cmeng	31658d4028	fix(stack): prepopulate when creating template from stack EE-6853 (#11380 )	2024-03-18 09:36:06 +13:00
Oscar Zhou	bb02c69d14	chore(template/git): sync frontend code from ee (#11344 )	2024-03-18 08:55:16 +13:00
Matt Hook	73307e164b	fix(docs): make all doc links versioned [EE-6861] (#11382 )	2024-03-15 16:57:51 +13:00
Matt Hook	9ea5efb6ba	fix(stacks): update swagger stacks doc description [EE-6860] (#11384 )	2024-03-15 16:47:14 +13:00
cmeng	3cd58cac54	fix(container): make blank string as valid value EE-6852 (#11373 )	2024-03-15 09:01:47 +13:00
Prabhat Khera	1303a08f5a	fix(auth): make createAccessToken api backward compatible [EE-6818] (#11326 ) * fix(auth): make createAccessToken api backward compatible [EE-6818] * fix(api): api error message [EE-6818] * fix messages	2024-03-14 09:02:28 +13:00
Ali	3b1d853090	fix(app): only show special message when limits change for existing app resource limit [EE-6837] (#11367 ) Co-authored-by: testa113 <testa113>	2024-03-14 08:45:48 +13:00
cmeng	a2a4c85f2d	fix(csrf): disable csrf secure cookie EE-6787 (#11300 )	2024-03-13 11:22:11 +13:00
LP B	506ee389e3	fix(app): views not loading when quickly navigating in app (#11278 )	2024-03-12 15:16:14 +01:00
Chaim Lev-Ari	8635bc9b9c	fix(docker): apply private uac to edge admin [EE-6788] (#11285 )	2024-03-12 09:59:36 +02:00
cmeng	447f497506	fix(edge-stack): deploy button is disabled EE-6819 (#11355 )	2024-03-12 17:19:42 +13:00
Prabhat Khera	71292a60b1	address review commets (#11360 )	2024-03-12 11:32:06 +13:00
Ali	51449490fa	fix(app): on create don't mention previous values [EE-6837] (#11350 ) Co-authored-by: testa113 <testa113>	2024-03-11 16:43:41 +13:00
Prabhat Khera	ae4970f0ed	fix(container): autocomplete off for create container form [EE-6761] (#11336 ) * autocomplete off doe create container form * address review commets * remove auto complete off from forms	2024-03-11 13:39:04 +13:00
Prabhat Khera	e96d5c245d	fix(kube): stackname in daemonsets and statefulsets app [EE-6670] (#11352 )	2024-03-11 10:04:51 +13:00
Chaim Lev-Ari	f8e3d75797	refactor(tests): wrap tests explicitly with provider [EE-6686] (#11090 )	2024-03-10 14:22:01 +02:00
Chaim Lev-Ari	27aaf322b2	fix(kube/config): validate change window start [EE-6830] (#11329 )	2024-03-10 09:42:33 +02:00
Matt Hook	b77132dbb1	fix(exec): improve alignment of help icon [EE-6816] (#11339 )	2024-03-08 14:03:09 +13:00
Prabhat Khera	c35473f308	fix(kube-stacks): change wordings [EE-6670] (#11334 )	2024-03-08 12:15:31 +13:00
Ali	a570073d12	fix(matomo): stop oauth link event [EE-6779] (#11332 )	2024-03-08 10:17:29 +13:00
Oscar Zhou	0ad4826fab	fix(stack): filter out orphan stacks that have same name as normal stacks [EE-6791] (#11291 )	2024-03-08 09:56:10 +13:00
Matt Hook	6db7d31554	fix(exec): fix alignment and text size and alignment [EE-6816] (#11325 )	2024-03-07 12:58:05 +13:00
cmeng	21d67a971d	fix(menu): edge compute menu not clickable EE-6804 (#11319 )	2024-03-07 12:11:58 +13:00
Prabhat Khera	8dfa5efa71	fix(stacks): make stackName kube stack specific field [EE-6670] (#11315 ) * fix(stacks): make stackName kube stack specific field [EE-6670] * fix wordings	2024-03-07 11:31:21 +13:00
Prabhat Khera	529750fa21	fix(UI): axios progress bar loading issue [EE-6781] (#11289 )	2024-03-07 11:30:27 +13:00
Ali	96b1d36280	fix(time window): show errors for component [EE-6800] (#11317 ) Co-authored-by: testa113 <testa113>	2024-03-07 09:03:22 +13:00
Chaim Lev-Ari	31c5a82749	fix(kube/setup): add a11y labels [EE-6747] (#11307 )	2024-03-06 14:57:00 +02:00
Matt Hook	82516620e7	fix(contexthelp): remove extra slash from contexthelp docs link [EE-6780] (#11311 )	2024-03-06 16:38:06 +13:00
Matt Hook	d26d5840f1	fix(helm): remove helm insights from the stack datatable [EE-6803] (#11314 )	2024-03-06 16:36:58 +13:00
Dakota Walsh	ebd26316bf	fix(datatable): title size EE-6774 (#11272 )	2024-03-06 08:01:51 +13:00
Chaim Lev-Ari	18dbad232e	fix(docker/images): export image [EE-6807] (#11306 )	2024-03-05 19:30:48 +02:00
matias-portainer	ebcc98d5c5	fix(edge/templates): get correct default value for selectType env vars EE-6796 (#11294 )	2024-03-04 10:35:24 -03:00
Matt Hook	e919da3771	fix(kube): update doc links to match new menu structure [EE-6759] (#11267 )	2024-03-01 15:37:21 +13:00
Matt Hook	eda2dd20ee	fix(help): add versioned doc links to support LTS/STS docs [EE-6780] (#11281 )	2024-03-01 15:36:09 +13:00
cmeng	385fd95779	fix(edge-stacks): take not-found stack as removed EE-6758 (#11248 )	2024-03-01 11:50:20 +13:00
cmeng	88185d7f6d	fix(container): get old container info correctly EE-6716 (#11216 )	2024-03-01 09:14:19 +13:00
cmeng	253cda8cef	fix(stack): more space for add button EE-6773 (#11259 )	2024-03-01 09:11:41 +13:00
Chaim Lev-Ari	b34afba7cd	fix(auth): prevent unauthorized redirect on page load [EE-6777] (#11264 )	2024-02-29 09:41:26 +02:00
Chaim Lev-Ari	6c70049ecc	feat(kube): add a11y props for smoke tests [EE-6747] (#11263 )	2024-02-29 09:26:13 +02:00
Chaim Lev-Ari	42c2a52a6b	fix(ci): prevent tests from running twice [EE-6728] (#11197 )	2024-02-29 08:11:49 +02:00
Chaim Lev-Ari	19a6a5c608	fix(docker): hide write buttons for non authorized [EE-6775] (#11260 )	2024-02-27 12:36:44 +02:00
Prabhat Khera	d8e374fb76	fix(ui): autocomplete on edge custom template and stacks [EE-6761] (#11268 )	2024-02-27 20:15:52 +13:00
Matt Hook	84ca6185dc	fix(kube): make app autorefresh and show system settings stay [EE-6771] (#11257 )	2024-02-27 11:18:44 +13:00
Prabhat Khera	5088634a41	fix(stack): auto complete dropdown in docker stacks [EE-6761] (#11253 )	2024-02-26 11:43:15 +13:00
Ali	f6beedf0d5	fix(app): parse nan in validation check [EE-6714] (#11246 )	2024-02-26 09:20:54 +13:00
Oscar Zhou	3caf1ddb7d	fix(edge/template): validate app template env vars [EE-6743] (#11235 )	2024-02-26 09:00:12 +13:00
Chaim Lev-Ari	c622f6da4e	fix(docker): prevent non admins from passing security settings [EE-6765] (#11240 )	2024-02-25 11:57:22 +02:00
cmeng	9ec7394124	fix(stack): make web editor readonly for git template EE-6706 (#11182 )	2024-02-23 13:28:27 +13:00
Matt Hook	af8fde66b0	fix(dependancies): update compose and runc [EE-6744] (#11245 )	2024-02-23 11:49:09 +13:00
Prabhat Khera	709315dde5	fix(ui): turn autocomplete off for git deployment [EE-6761] (#11242 )	2024-02-23 08:44:03 +13:00
Ali	8856bae5c6	fix(app): NaN validation for autoscaling [EE-6714] (#11237 )	2024-02-22 17:36:44 +13:00
Matt Hook	90451bfd47	fix(helm) tighten up helm requests [EE-6722] (#11236 )	2024-02-22 11:35:33 +13:00
Ali	0c05539dee	fix(input): allow clearing number inputs [EE-6714] (#11186 )	2024-02-21 10:43:35 +13:00
Ali	a2a2c6cf3e	fix(inputlist): update warning style [EE-6737] (#11221 )	2024-02-21 08:29:10 +13:00
Matt Hook	76aa086d79	fix(libhttp): capitalize http error responses for better display [EE-6698] (#11114 )	2024-02-21 07:51:46 +13:00
Chaim Lev-Ari	76fdfeaafc	fix(ui): check for authorization [EE-6733] (#11208 )	2024-02-20 11:06:09 +02:00
Chaim Lev-Ari	5932c78b88	fix(kube/apps): move namespace selector in apps view [EE-6612] (#11024 )	2024-02-20 10:14:11 +02:00
Ali	68f5ca249f	fix(app): remove insight from helm [EE-6693] (#11213 ) Co-authored-by: testa113 <testa113>	2024-02-20 17:25:19 +13:00
Ali	2d87a8d8c3	fix(app): set values in react autoscaling form section [EE-6740] (#11219 )	2024-02-20 09:35:27 +13:00
Prabhat Khera	988d4103d4	fix(git): update stack name for git stacks [EE-6670] (#11217 )	2024-02-20 09:23:46 +13:00
Chaim Lev-Ari	ce3a1b8ba5	feat(a11y): add labels and roles [EE-6717] (#11181 )	2024-02-19 16:37:26 +02:00
Oscar Zhou	6c89d3c0c9	fix(edge/template): custom template git fields not pre-filled [EE-6695] (#11112 )	2024-02-19 08:39:05 +13:00
Ali	6b91fbf7f4	fix(app): update app type when changing data access policy [EE-6719] (#11211 ) Co-authored-by: testa113 <testa113>	2024-02-19 08:08:22 +13:00
Ali	4f3f5e57b6	fix(app): avoid duplicate env requests [EE-6727] (#11194 ) Co-authored-by: testa113 <testa113>	2024-02-16 14:02:05 +13:00
Prabhat Khera	6b3f30e32f	fix(ui): update search placeholder [EE-6667] (#11190 ) * update search placeholder * remove box selector description	2024-02-16 12:34:06 +13:00
Matt Hook	bdeedb4018	fix(namespace): fix default namespace quota [EE-6700] (#11185 )	2024-02-16 08:20:24 +13:00
Chaim Lev-Ari	50946e087c	chore(eslint): add rule to check imports [EE-6730] (#11201 )	2024-02-15 17:46:03 +02:00
Chaim Lev-Ari	7b89b04667	fix(auth): export hasAuthorizations [EE-6595] (#11199 )	2024-02-15 14:05:52 +02:00
Chaim Lev-Ari	f5f84c5fa4	feat(ui): restrict views by role [EE-6595] (#11010 )	2024-02-15 13:29:55 +02:00
Chaim Lev-Ari	437831fa80	feat(edge/stacks): add app templates to deploy types [EE-6632] (#11040 )	2024-02-15 09:01:01 +02:00
Chaim Lev-Ari	31f5b42962	feat(auth): add useIsEdgeAdmin hook [EE-6627] (#11057 )	2024-02-14 19:50:20 -03:00
Ali	7a6c872948	fix(insight): split insight from input [EE-6693] (#11176 ) Co-authored-by: testa113 <testa113>	2024-02-15 10:45:59 +13:00
Chaim Lev-Ari	4bf18b1d65	feat(ui): write tests [EE-6685] (#11081 )	2024-02-14 17:25:37 +02:00
Ali	2d25bf4afa	fix(configs): correct 'external' display in tables [EE-6649] (#11110 ) Co-authored-by: testa113 <testa113>	2024-02-14 11:48:09 +13:00
Ali	56ae19c5ab	fix(stacks): add app form stacks input [EE-6693] (#11104 )	2024-02-14 09:00:51 +13:00
Matt Hook	cdf9197274	fix(logs): add NOCOLOR option for use when exporting to greylog etc [EE-6696] (#11106 )	2024-02-14 07:55:00 +13:00
Ali	901549e8dd	fix(kube-owner): owner labels from resources created via manifest [EE-6647] (#11102 ) Co-authored-by: testa113 <testa113>	2024-02-12 15:30:49 +13:00
Dakota Walsh	80b1cd19cb	fix(restore): add S3 teaser EE-6675 (#11095 )	2024-02-12 13:12:45 +13:00
Prabhat Khera	c4942de89b	fix(ui): stackname auto fill on create from manifest screen [EE-6688] (#11099 ) * fix(ui): stackname auto fill on create from manifest screen [EE-6688] * address review comment	2024-02-12 10:54:29 +13:00
Ali	80d02f9cd1	fix(auth): isAdmin redirect for wizard [EE-6669] (#11074 )	2024-02-12 08:04:39 +13:00
Prabhat Khera	671b22b5d6	fix(ui): scroll issue [EE-6667] (#11084 ) * Fix scroll issue * fix minorissue * address review comments * add comment	2024-02-09 15:35:34 +13:00
Steven Kang	43e56bf1c0	fix: pre-release build only after merging (#11097 )	2024-02-09 15:26:43 +13:00
Matt Hook	a175619623	fix(docs): fix swagger docs for webhook params [EE-6668] (#11088 )	2024-02-09 14:44:14 +13:00
Prabhat Khera	63c11d9310	fix(kube): ingress path duplication issue [EE-6649] (#11086 )	2024-02-09 07:49:48 +13:00
Prabhat Khera	4c00b72ae3	fix stack name update issue (#11064 )	2024-02-08 13:51:01 +13:00
Matt Hook	f4db09a534	fix(kube-apps): add helm insights, remove namespace insights panel [EE-6671] (#11077 )	2024-02-08 11:38:04 +13:00
Prabhat Khera	01cd64037f	fix(UI): some minor fixes [EE-6667] (#11061 ) * minor tweeks for kubernetes settings * address review comments	2024-02-06 12:17:38 +13:00
Steven Kang	a93344386c	Pre-release as part of the CI (#11066 ) * feat: add pre-release * feat: add extension * feat: fix typo	2024-02-05 18:24:16 +13:00
Prabhat Khera	a2195caa10	keep labels on edit ingress, configmaps and secrets (#11050 )	2024-02-05 16:30:36 +13:00
Ali	9ad78753bc	fix(r2a): don't set errors to undefined [EE-6665] (#11059 ) Co-authored-by: testa113 <testa113>	2024-02-05 14:24:11 +13:00
Prabhat Khera	517190e28b	chore(version): bump to 2.21.0 [EE-6652] (#11047 ) * chore(version): bump to 2.21.0 [EE-6652] * address review comments	2024-02-02 15:17:52 +13:00