fix(app): CE-478 removed comments

.github/ISSUE_TEMPLATE/Bug_report.md

@@ -4,6 +4,7 @@ about: Create a bug report
 title: ''
 labels: bug/need-confirmation, kind/bug
 assignees: ''
+
 ---
 
 <!--

.github/ISSUE_TEMPLATE/Custom.md

@@ -4,8 +4,8 @@ about: Ask us a question about Portainer usage or deployment
 title: ''
 labels: ''
 assignees: ''
----
 
+---
 Before you start, we need a little bit more information from you:
 
 Use Case (delete as appropriate): Using Portainer at Home, Using Portainer in a Commerical setup.

ATTRIBUTIONS.md

@@ -1,32 +0,0 @@
-# Open Source License Attribution
-
-This application uses Open Source components. You can find the source
-code of their open source projects along with license information below.
-We acknowledge and are grateful to these developers for their contributions
-to open source.
-
-### [angular-json-tree](https://github.com/awendland/angular-json-tree)
-
-by [Alex Wendland](https://github.com/awendland) is licensed under [CC BY 4.0 License](https://creativecommons.org/licenses/by/4.0/)
-
-### [caniuse-db](https://github.com/Fyrd/caniuse)
-
-by [caniuse.com](caniuse.com) is licensed under [CC BY 4.0 License](https://creativecommons.org/licenses/by/4.0/)
-
-### [caniuse-lite](https://github.com/ben-eb/caniuse-lite)
-
-by [caniuse.com](caniuse.com) is licensed under [CC BY 4.0 License](https://creativecommons.org/licenses/by/4.0/)
-
-### [spdx-exceptions](https://github.com/jslicense/spdx-exceptions.json)
-
-by Kyle Mitchell using [SPDX](https://spdx.dev/) from Linux Foundation licensed under [CC BY 3.0 License](https://creativecommons.org/licenses/by/3.0/)
-
-### [fontawesome-free](https://github.com/FortAwesome/Font-Awesome) Icons
-
-by [Fort Awesome](https://fortawesome.com/) is licensed under [CC BY 4.0 License](https://creativecommons.org/licenses/by/4.0/)
-
-Portainer also contains the following code, which is licensed under the [MIT license](https://opensource.org/licenses/MIT):
-
-UI For Docker: Copyright (c) 2013-2016 Michael Crosby (crosbymichael.com), Kevan Ahlquist (kevanahlquist.com), Anthony Lapenna (portainer.io)
-
-rdash-angular: Copyright (c) [2014][elliot hesp]

CONTRIBUTING.md

@@ -127,9 +127,3 @@ When adding a new route to an existing handler use the following as a template (
 ```
 
 explanation about each line can be found (here)[https://github.com/swaggo/swag#api-operation]
-
-## Licensing
-
-See the [LICENSE](https://github.com/portainer/portainer/blob/develop/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
-
-We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.

README.md

@@ -65,4 +65,8 @@ Portainer supports "Current - 2 docker versions only. Prior versions may operate
 
 Portainer is licensed under the zlib license. See [LICENSE](./LICENSE) for reference.
 
-Portainer also contains code from open source projects. See [ATTRIBUTIONS.md](./ATTRIBUTIONS.md) for a list.
+Portainer also contains the following code, which is licensed under the [MIT license](https://opensource.org/licenses/MIT):
+
+UI For Docker: Copyright (c) 2013-2016 Michael Crosby (crosbymichael.com), Kevan Ahlquist (kevanahlquist.com), Anthony Lapenna (portainer.io)
+
+rdash-angular: Copyright (c) [2014][elliot hesp]

api/adminmonitor/admin_monitor.go

@@ -1,69 +0,0 @@
-package adminmonitor
-
-import (
-	"context"
-	"log"
-	"time"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-var logFatalf = log.Fatalf
-
-type Monitor struct {
-	timeout          time.Duration
-	datastore        portainer.DataStore
-	shutdownCtx      context.Context
-	cancellationFunc context.CancelFunc
-}
-
-// New creates a monitor that when started will wait for the timeout duration and then shutdown the application unless it has been initialized.
-func New(timeout time.Duration, datastore portainer.DataStore, shutdownCtx context.Context) *Monitor {
-	return &Monitor{
-		timeout:     timeout,
-		datastore:   datastore,
-		shutdownCtx: shutdownCtx,
-	}
-}
-
-// Starts starts the monitor. Active monitor could be stopped or shuttted down by cancelling the shutdown context.
-func (m *Monitor) Start() {
-	cancellationCtx, cancellationFunc := context.WithCancel(context.Background())
-	m.cancellationFunc = cancellationFunc
-
-	go func() {
-		log.Println("[DEBUG] [internal,init] [message: start initialization monitor ]")
-		select {
-		case <-time.After(m.timeout):
-			initialized, err := m.WasInitialized()
-			if err != nil {
-				logFatalf("%s", err)
-			}
-			if !initialized {
-				logFatalf("[FATAL] [internal,init] No administrator account was created in %f mins. Shutting down the Portainer instance for security reasons", m.timeout.Minutes())
-			}
-		case <-cancellationCtx.Done():
-			log.Println("[DEBUG] [internal,init] [message: canceling initialization monitor]")
-		case <-m.shutdownCtx.Done():
-			log.Println("[DEBUG] [internal,init] [message: shutting down initialization monitor]")
-		}
-	}()
-}
-
-// Stop stops monitor. Safe to call even if monitor wasn't started.
-func (m *Monitor) Stop() {
-	if m.cancellationFunc == nil {
-		return
-	}
-	m.cancellationFunc()
-	m.cancellationFunc = nil
-}
-
-// WasInitialized is a system initialization check
-func (m *Monitor) WasInitialized() (bool, error) {
-	users, err := m.datastore.User().UsersByRole(portainer.AdministratorRole)
-	if err != nil {
-		return false, err
-	}
-	return len(users) > 0, nil
-}

api/adminmonitor/admin_monitor_test.go

@@ -1,50 +0,0 @@
-package adminmonitor
-
-import (
-	"context"
-	"testing"
-	"time"
-
-	portainer "github.com/portainer/portainer/api"
-	i "github.com/portainer/portainer/api/internal/testhelpers"
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_stopWithoutStarting(t *testing.T) {
-	monitor := New(1*time.Minute, nil, nil)
-	monitor.Stop()
-}
-
-func Test_stopCouldBeCalledMultipleTimes(t *testing.T) {
-	monitor := New(1*time.Minute, nil, nil)
-	monitor.Stop()
-	monitor.Stop()
-}
-
-func Test_canStopStartedMonitor(t *testing.T) {
-	monitor := New(1*time.Minute, nil, context.Background())
-	monitor.Start()
-	assert.NotNil(t, monitor.cancellationFunc, "cancellation function is missing in started monitor")
-
-	monitor.Stop()
-	assert.Nil(t, monitor.cancellationFunc, "cancellation function should absent in stopped monitor")
-}
-
-func Test_start_shouldFatalAfterTimeout_ifNotInitialized(t *testing.T) {
-	timeout := 10 * time.Millisecond
-
-	datastore := i.NewDatastore(i.WithUsers([]portainer.User{}))
-
-	var fataled bool
-	origLogFatalf := logFatalf
-	logFatalf = func(s string, v ...interface{}) { fataled = true }
-	defer func() {
-		logFatalf = origLogFatalf
-	}()
-
-	monitor := New(timeout, datastore, context.Background())
-	monitor.Start()
-	<-time.After(2 * timeout)
-
-	assert.True(t, fataled, "monitor should been timeout and fatal")
-}

api/archive/targz.go

@@ -1,119 +0,0 @@
-package archive
-
-import (
-	"archive/tar"
-	"compress/gzip"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"strings"
-)
-
-// TarGzDir creates a tar.gz archive and returns it's path.
-// abosolutePath should be an absolute path to a directory.
-// Archive name will be <directoryName>.tar.gz and will be placed next to the directory.
-func TarGzDir(absolutePath string) (string, error) {
-	targzPath := filepath.Join(absolutePath, fmt.Sprintf("%s.tar.gz", filepath.Base(absolutePath)))
-	outFile, err := os.Create(targzPath)
-	if err != nil {
-		return "", err
-	}
-	defer outFile.Close()
-
-	zipWriter := gzip.NewWriter(outFile)
-	defer zipWriter.Close()
-	tarWriter := tar.NewWriter(zipWriter)
-	defer tarWriter.Close()
-
-	err = filepath.Walk(absolutePath, func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-
-		if path == targzPath {
-			return nil // skip archive file
-		}
-
-		pathInArchive := filepath.Clean(strings.TrimPrefix(path, absolutePath))
-		if pathInArchive == "" {
-			return nil // skip root dir
-		}
-
-		return addToArchive(tarWriter, pathInArchive, path, info)
-	})
-
-	return targzPath, err
-}
-
-func addToArchive(tarWriter *tar.Writer, pathInArchive string, path string, info os.FileInfo) error {
-	header, err := tar.FileInfoHeader(info, info.Name())
-	if err != nil {
-		return err
-	}
-
-	header.Name = pathInArchive // use relative paths in archive
-
-	err = tarWriter.WriteHeader(header)
-	if err != nil {
-		return err
-	}
-
-	if info.IsDir() {
-		return nil
-	}
-
-	file, err := os.Open(path)
-	if err != nil {
-		return err
-	}
-	_, err = io.Copy(tarWriter, file)
-	return err
-}
-
-// ExtractTarGz reads a .tar.gz archive from the reader and extracts it into outputDirPath directory
-func ExtractTarGz(r io.Reader, outputDirPath string) error {
-	zipReader, err := gzip.NewReader(r)
-	if err != nil {
-		return err
-	}
-	defer zipReader.Close()
-
-	tarReader := tar.NewReader(zipReader)
-
-	for {
-		header, err := tarReader.Next()
-
-		if err == io.EOF {
-			break
-		}
-
-		if err != nil {
-			return err
-		}
-
-		switch header.Typeflag {
-		case tar.TypeDir:
-			// skip, dir will be created with a file
-		case tar.TypeReg:
-			p := filepath.Clean(filepath.Join(outputDirPath, header.Name))
-			if err := os.MkdirAll(filepath.Dir(p), 0744); err != nil {
-				return fmt.Errorf("Failed to extract dir %s", filepath.Dir(p))
-			}
-			outFile, err := os.Create(p)
-			if err != nil {
-				return fmt.Errorf("Failed to create file %s", header.Name)
-			}
-			if _, err := io.Copy(outFile, tarReader); err != nil {
-				return fmt.Errorf("Failed to extract file %s", header.Name)
-			}
-			outFile.Close()
-		default:
-			return fmt.Errorf("Tar: uknown type: %v in %s",
-				header.Typeflag,
-				header.Name)
-		}
-	}
-
-	return nil
-}

api/archive/targz_test.go

@@ -1,99 +0,0 @@
-package archive
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path"
-	"path/filepath"
-	"testing"
-
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/stretchr/testify/assert"
-)
-
-func listFiles(dir string) []string {
-	items := make([]string, 0)
-	filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
-		if path == dir {
-			return nil
-		}
-		items = append(items, path)
-		return nil
-	})
-
-	return items
-}
-
-func Test_shouldCreateArhive(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	content := []byte("content")
-	ioutil.WriteFile(path.Join(tmpdir, "outer"), content, 0600)
-	os.MkdirAll(path.Join(tmpdir, "dir"), 0700)
-	ioutil.WriteFile(path.Join(tmpdir, "dir", ".dotfile"), content, 0600)
-	ioutil.WriteFile(path.Join(tmpdir, "dir", "inner"), content, 0600)
-
-	gzPath, err := TarGzDir(tmpdir)
-	assert.Nil(t, err)
-	assert.Equal(t, filepath.Join(tmpdir, fmt.Sprintf("%s.tar.gz", filepath.Base(tmpdir))), gzPath)
-
-	extractionDir, _ := ioutils.TempDir("", "extract")
-	defer os.RemoveAll(extractionDir)
-
-	cmd := exec.Command("tar", "-xzf", gzPath, "-C", extractionDir)
-	err = cmd.Run()
-	if err != nil {
-		t.Fatal("Failed to extract archive: ", err)
-	}
-	extractedFiles := listFiles(extractionDir)
-
-	wasExtracted := func(p string) {
-		fullpath := path.Join(extractionDir, p)
-		assert.Contains(t, extractedFiles, fullpath)
-		copyContent, _ := ioutil.ReadFile(fullpath)
-		assert.Equal(t, content, copyContent)
-	}
-
-	wasExtracted("outer")
-	wasExtracted("dir/inner")
-	wasExtracted("dir/.dotfile")
-}
-
-func Test_shouldCreateArhiveXXXXX(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	content := []byte("content")
-	ioutil.WriteFile(path.Join(tmpdir, "outer"), content, 0600)
-	os.MkdirAll(path.Join(tmpdir, "dir"), 0700)
-	ioutil.WriteFile(path.Join(tmpdir, "dir", ".dotfile"), content, 0600)
-	ioutil.WriteFile(path.Join(tmpdir, "dir", "inner"), content, 0600)
-
-	gzPath, err := TarGzDir(tmpdir)
-	assert.Nil(t, err)
-	assert.Equal(t, filepath.Join(tmpdir, fmt.Sprintf("%s.tar.gz", filepath.Base(tmpdir))), gzPath)
-
-	extractionDir, _ := ioutils.TempDir("", "extract")
-	defer os.RemoveAll(extractionDir)
-
-	r, _ := os.Open(gzPath)
-	ExtractTarGz(r, extractionDir)
-	if err != nil {
-		t.Fatal("Failed to extract archive: ", err)
-	}
-	extractedFiles := listFiles(extractionDir)
-
-	wasExtracted := func(p string) {
-		fullpath := path.Join(extractionDir, p)
-		assert.Contains(t, extractedFiles, fullpath)
-		copyContent, _ := ioutil.ReadFile(fullpath)
-		assert.Equal(t, content, copyContent)
-	}
-
-	wasExtracted("outer")
-	wasExtracted("dir/inner")
-	wasExtracted("dir/.dotfile")
-}

api/backup/backup.go

@@ -1,83 +0,0 @@
-package backup
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"time"
-
-	"github.com/pkg/errors"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/archive"
-	"github.com/portainer/portainer/api/crypto"
-	"github.com/portainer/portainer/api/http/offlinegate"
-)
-
-const rwxr__r__ os.FileMode = 0744
-
-var filesToBackup = []string{"compose", "config.json", "custom_templates", "edge_jobs", "edge_stacks", "extensions", "portainer.key", "portainer.pub", "tls"}
-
-// Creates a tar.gz system archive and encrypts it if password is not empty. Returns a path to the archive file.
-func CreateBackupArchive(password string, gate *offlinegate.OfflineGate, datastore portainer.DataStore, filestorePath string) (string, error) {
-	unlock := gate.Lock()
-	defer unlock()
-
-	backupDirPath := filepath.Join(filestorePath, "backup", time.Now().Format("2006-01-02_15-04-05"))
-	if err := os.MkdirAll(backupDirPath, rwxr__r__); err != nil {
-		return "", errors.Wrap(err, "Failed to create backup dir")
-	}
-
-	if err := backupDb(backupDirPath, datastore); err != nil {
-		return "", errors.Wrap(err, "Failed to backup database")
-	}
-
-	for _, filename := range filesToBackup {
-		err := copyPath(filepath.Join(filestorePath, filename), backupDirPath)
-		if err != nil {
-			return "", errors.Wrap(err, "Failed to create backup file")
-		}
-	}
-
-	archivePath, err := archive.TarGzDir(backupDirPath)
-	if err != nil {
-		return "", errors.Wrap(err, "Failed to make an archive")
-	}
-
-	if password != "" {
-		archivePath, err = encrypt(archivePath, password)
-		if err != nil {
-			return "", errors.Wrap(err, "Failed to encrypt backup with the password")
-		}
-	}
-
-	return archivePath, nil
-}
-
-func backupDb(backupDirPath string, datastore portainer.DataStore) error {
-	backupWriter, err := os.Create(filepath.Join(backupDirPath, "portainer.db"))
-	if err != nil {
-		return err
-	}
-	if err = datastore.BackupTo(backupWriter); err != nil {
-		return err
-	}
-	return backupWriter.Close()
-}
-
-func encrypt(path string, passphrase string) (string, error) {
-	in, err := os.Open(path)
-	if err != nil {
-		return "", err
-	}
-	defer in.Close()
-
-	outFileName := fmt.Sprintf("%s.encrypted", path)
-	out, err := os.Create(outFileName)
-	if err != nil {
-		return "", err
-	}
-
-	err = crypto.AesEncrypt(in, out, []byte(passphrase))
-
-	return outFileName, err
-}

api/backup/copy.go

@@ -1,68 +0,0 @@
-package backup
-
-import (
-	"errors"
-	"io"
-	"os"
-	"path/filepath"
-	"strings"
-)
-
-func copyPath(path string, toDir string) error {
-	info, err := os.Stat(path)
-	if err != nil && errors.Is(err, os.ErrNotExist) {
-		// skip copy if file does not exist
-		return nil
-	}
-
-	if !info.IsDir() {
-		destination := filepath.Join(toDir, info.Name())
-		return copyFile(path, destination)
-	}
-
-	return copyDir(path, toDir)
-}
-
-func copyDir(fromDir, toDir string) error {
-	cleanedSourcePath := filepath.Clean(fromDir)
-	parentDirectory := filepath.Dir(cleanedSourcePath)
-	err := filepath.Walk(cleanedSourcePath, func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-		destination := filepath.Join(toDir, strings.TrimPrefix(path, parentDirectory))
-		if info.IsDir() {
-			return nil // skip directory creations
-		}
-
-		if info.Mode()&os.ModeSymlink != 0 { // entry is a symlink
-			return nil // don't copy symlinks
-		}
-
-		return copyFile(path, destination)
-	})
-
-	return err
-}
-
-// copies regular a file from src to dst
-func copyFile(src, dst string) error {
-	from, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer from.Close()
-
-	// has to include 'execute' bit, otherwise fails. MkdirAll follows `mkdir -m` restrictions
-	if err := os.MkdirAll(filepath.Dir(dst), 0744); err != nil {
-		return err
-	}
-	to, err := os.Create(dst)
-	if err != nil {
-		return err
-	}
-	defer to.Close()
-
-	_, err = io.Copy(to, from)
-	return err
-}

api/backup/copy_test.go

@@ -1,105 +0,0 @@
-package backup
-
-import (
-	"io/ioutil"
-	"os"
-	"path"
-	"path/filepath"
-	"testing"
-
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/stretchr/testify/assert"
-)
-
-func listFiles(dir string) []string {
-	items := make([]string, 0)
-	filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
-		if path == dir {
-			return nil
-		}
-		items = append(items, path)
-		return nil
-	})
-
-	return items
-}
-
-func contains(t *testing.T, list []string, path string) {
-	assert.Contains(t, list, path)
-	copyContent, _ := ioutil.ReadFile(path)
-	assert.Equal(t, "content\n", string(copyContent))
-}
-
-func Test_copyFile_returnsError_whenSourceDoesNotExist(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	err := copyFile("does-not-exist", tmpdir)
-	assert.NotNil(t, err)
-}
-
-func Test_copyFile_shouldMakeAbackup(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	content := []byte("content")
-	ioutil.WriteFile(path.Join(tmpdir, "origin"), content, 0600)
-
-	err := copyFile(path.Join(tmpdir, "origin"), path.Join(tmpdir, "copy"))
-	assert.Nil(t, err)
-
-	copyContent, _ := ioutil.ReadFile(path.Join(tmpdir, "copy"))
-	assert.Equal(t, content, copyContent)
-}
-
-func Test_copyDir_shouldCopyAllFilesAndDirectories(t *testing.T) {
-	destination, _ := ioutils.TempDir("", "destination")
-	defer os.RemoveAll(destination)
-	err := copyDir("./test_assets/copy_test", destination)
-	assert.Nil(t, err)
-
-	createdFiles := listFiles(destination)
-
-	contains(t, createdFiles, filepath.Join(destination, "copy_test", "outer"))
-	contains(t, createdFiles, filepath.Join(destination, "copy_test", "dir", ".dotfile"))
-	contains(t, createdFiles, filepath.Join(destination, "copy_test", "dir", "inner"))
-}
-
-func Test_backupPath_shouldSkipWhenNotExist(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	err := copyPath("does-not-exists", tmpdir)
-	assert.Nil(t, err)
-
-	assert.Empty(t, listFiles(tmpdir))
-}
-
-func Test_backupPath_shouldCopyFile(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	content := []byte("content")
-	ioutil.WriteFile(path.Join(tmpdir, "file"), content, 0600)
-
-	os.MkdirAll(path.Join(tmpdir, "backup"), 0700)
-	err := copyPath(path.Join(tmpdir, "file"), path.Join(tmpdir, "backup"))
-	assert.Nil(t, err)
-
-	copyContent, err := ioutil.ReadFile(path.Join(tmpdir, "backup", "file"))
-	assert.Nil(t, err)
-	assert.Equal(t, content, copyContent)
-}
-
-func Test_backupPath_shouldCopyDir(t *testing.T) {
-	destination, _ := ioutils.TempDir("", "destination")
-	defer os.RemoveAll(destination)
-	err := copyPath("./test_assets/copy_test", destination)
-	assert.Nil(t, err)
-
-	createdFiles := listFiles(destination)
-
-	contains(t, createdFiles, filepath.Join(destination, "copy_test", "outer"))
-	contains(t, createdFiles, filepath.Join(destination, "copy_test", "dir", ".dotfile"))
-	contains(t, createdFiles, filepath.Join(destination, "copy_test", "dir", "inner"))
-}

api/backup/restore.go

@@ -1,68 +0,0 @@
-package backup
-
-import (
-	"context"
-	"io"
-	"os"
-	"path/filepath"
-	"time"
-
-	"github.com/pkg/errors"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/archive"
-	"github.com/portainer/portainer/api/crypto"
-	"github.com/portainer/portainer/api/http/offlinegate"
-)
-
-var filesToRestore = append(filesToBackup, "portainer.db")
-
-// Restores system state from backup archive, will trigger system shutdown, when finished.
-func RestoreArchive(archive io.Reader, password string, filestorePath string, gate *offlinegate.OfflineGate, datastore portainer.DataStore, shutdownTrigger context.CancelFunc) error {
-	var err error
-	if password != "" {
-		archive, err = decrypt(archive, password)
-		if err != nil {
-			return errors.Wrap(err, "failed to decrypt the archive")
-		}
-	}
-
-	restorePath := filepath.Join(filestorePath, "restore", time.Now().Format("20060102150405"))
-	defer os.RemoveAll(filepath.Dir(restorePath))
-
-	err = extractArchive(archive, restorePath)
-	if err != nil {
-		return errors.Wrap(err, "cannot extract files from the archive. Please ensure the password is correct and try again")
-	}
-
-	unlock := gate.Lock()
-	defer unlock()
-
-	if err = datastore.Close(); err != nil {
-		return errors.Wrap(err, "Failed to stop db")
-	}
-
-	if err = restoreFiles(restorePath, filestorePath); err != nil {
-		return errors.Wrap(err, "failed to restore the system state")
-	}
-
-	shutdownTrigger()
-	return nil
-}
-
-func decrypt(r io.Reader, password string) (io.Reader, error) {
-	return crypto.AesDecrypt(r, []byte(password))
-}
-
-func extractArchive(r io.Reader, destinationDirPath string) error {
-	return archive.ExtractTarGz(r, destinationDirPath)
-}
-
-func restoreFiles(srcDir string, destinationDir string) error {
-	for _, filename := range filesToRestore {
-		err := copyPath(filepath.Join(srcDir, filename), destinationDir)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}

api/backup/test_assets/copy_test/dir/.dotfile

@@ -1 +0,0 @@
-content

api/backup/test_assets/copy_test/dir/inner

@@ -1 +0,0 @@
-content

api/backup/test_assets/copy_test/outer

@@ -1 +0,0 @@
-content

api/bolt/customtemplate/customtemplate.go

@@ -2,7 +2,7 @@ package customtemplate
 
 import (
 	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 )
 
@@ -13,18 +13,18 @@ const (
 
 // Service represents a service for managing custom template data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -32,7 +32,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) CustomTemplates() ([]portainer.CustomTemplate, error) {
 	var customTemplates = make([]portainer.CustomTemplate, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -56,7 +56,7 @@ func (service *Service) CustomTemplate(ID portainer.CustomTemplateID) (*portaine
 	var customTemplate portainer.CustomTemplate
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &customTemplate)
+	err := internal.GetObject(service.db, BucketName, identifier, &customTemplate)
 	if err != nil {
 		return nil, err
 	}
@@ -67,18 +67,18 @@ func (service *Service) CustomTemplate(ID portainer.CustomTemplateID) (*portaine
 // UpdateCustomTemplate updates an custom template.
 func (service *Service) UpdateCustomTemplate(ID portainer.CustomTemplateID, customTemplate *portainer.CustomTemplate) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, customTemplate)
+	return internal.UpdateObject(service.db, BucketName, identifier, customTemplate)
 }
 
 // DeleteCustomTemplate deletes an custom template.
 func (service *Service) DeleteCustomTemplate(ID portainer.CustomTemplateID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
 
 // CreateCustomTemplate assign an ID to a new custom template and saves it.
 func (service *Service) CreateCustomTemplate(customTemplate *portainer.CustomTemplate) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		data, err := internal.MarshalObject(customTemplate)
@@ -92,5 +92,5 @@ func (service *Service) CreateCustomTemplate(customTemplate *portainer.CustomTem
 
 // GetNextIdentifier returns the next identifier for a custom template.
 func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.connection, BucketName)
+	return internal.GetNextIdentifier(service.db, BucketName)
 }

api/bolt/datastore.go

@@ -1,7 +1,6 @@
 package bolt
 
 import (
-	"io"
 	"log"
 	"path"
 	"time"
@@ -18,7 +17,6 @@ import (
 	"github.com/portainer/portainer/api/bolt/endpointrelation"
 	"github.com/portainer/portainer/api/bolt/errors"
 	"github.com/portainer/portainer/api/bolt/extension"
-	"github.com/portainer/portainer/api/bolt/internal"
 	"github.com/portainer/portainer/api/bolt/migrator"
 	"github.com/portainer/portainer/api/bolt/registry"
 	"github.com/portainer/portainer/api/bolt/resourcecontrol"
@@ -44,7 +42,7 @@ const (
 // BoltDB as the storage system.
 type Store struct {
 	path                    string
-	connection              *internal.DbConnection
+	db                      *bolt.DB
 	isNew                   bool
 	fileService             portainer.FileService
 	CustomTemplateService   *customtemplate.Service
@@ -85,7 +83,6 @@ func NewStore(storePath string, fileService portainer.FileService) (*Store, erro
 		path:        storePath,
 		fileService: fileService,
 		isNew:       true,
-		connection:  &internal.DbConnection{},
 	}
 
 	databasePath := path.Join(storePath, databaseFileName)
@@ -108,15 +105,15 @@ func (store *Store) Open() error {
 	if err != nil {
 		return err
 	}
-	store.connection.DB = db
+	store.db = db
 
 	return store.initServices()
 }
 
 // Close closes the BoltDB database.
 func (store *Store) Close() error {
-	if store.connection.DB != nil {
-		return store.connection.Close()
+	if store.db != nil {
+		return store.db.Close()
 	}
 	return nil
 }
@@ -137,9 +134,8 @@ func (store *Store) CheckCurrentEdition() error {
 
 // MigrateData automatically migrate the data based on the DBVersion.
 // This process is only triggered on an existing database, not if the database was just created.
-// if force is true, then migrate regardless.
-func (store *Store) MigrateData(force bool) error {
-	if store.isNew && !force {
+func (store *Store) MigrateData() error {
+	if store.isNew {
 		return store.VersionService.StoreDBVersion(portainer.DBVersion)
 	}
 
@@ -152,7 +148,7 @@ func (store *Store) MigrateData(force bool) error {
 
 	if version < portainer.DBVersion {
 		migratorParams := &migrator.Parameters{
-			DB:                      store.connection.DB,
+			DB:                      store.db,
 			DatabaseVersion:         version,
 			EndpointGroupService:    store.EndpointGroupService,
 			EndpointService:         store.EndpointService,
@@ -184,11 +180,238 @@ func (store *Store) MigrateData(force bool) error {
 	return nil
 }
 
-// BackupTo backs up db to a provided writer.
-// It does hot backup and doesn't block other database reads and writes
-func (store *Store) BackupTo(w io.Writer) error {
-	return store.connection.View(func(tx *bolt.Tx) error {
-		_, err := tx.WriteTo(w)
+func (store *Store) initServices() error {
+	authorizationsetService, err := role.NewService(store.db)
+	if err != nil {
 		return err
-	})
+	}
+	store.RoleService = authorizationsetService
+
+	customTemplateService, err := customtemplate.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.CustomTemplateService = customTemplateService
+
+	dockerhubService, err := dockerhub.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.DockerHubService = dockerhubService
+
+	edgeStackService, err := edgestack.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.EdgeStackService = edgeStackService
+
+	edgeGroupService, err := edgegroup.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.EdgeGroupService = edgeGroupService
+
+	edgeJobService, err := edgejob.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.EdgeJobService = edgeJobService
+
+	endpointgroupService, err := endpointgroup.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.EndpointGroupService = endpointgroupService
+
+	endpointService, err := endpoint.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.EndpointService = endpointService
+
+	endpointRelationService, err := endpointrelation.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.EndpointRelationService = endpointRelationService
+
+	extensionService, err := extension.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.ExtensionService = extensionService
+
+	registryService, err := registry.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.RegistryService = registryService
+
+	resourcecontrolService, err := resourcecontrol.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.ResourceControlService = resourcecontrolService
+
+	settingsService, err := settings.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.SettingsService = settingsService
+
+	stackService, err := stack.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.StackService = stackService
+
+	tagService, err := tag.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.TagService = tagService
+
+	teammembershipService, err := teammembership.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.TeamMembershipService = teammembershipService
+
+	teamService, err := team.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.TeamService = teamService
+
+	tunnelServerService, err := tunnelserver.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.TunnelServerService = tunnelServerService
+
+	userService, err := user.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.UserService = userService
+
+	versionService, err := version.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.VersionService = versionService
+
+	webhookService, err := webhook.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.WebhookService = webhookService
+
+	scheduleService, err := schedule.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.ScheduleService = scheduleService
+
+	return nil
+}
+
+// CustomTemplate gives access to the CustomTemplate data management layer
+func (store *Store) CustomTemplate() portainer.CustomTemplateService {
+	return store.CustomTemplateService
+}
+
+// DockerHub gives access to the DockerHub data management layer
+func (store *Store) DockerHub() portainer.DockerHubService {
+	return store.DockerHubService
+}
+
+// EdgeGroup gives access to the EdgeGroup data management layer
+func (store *Store) EdgeGroup() portainer.EdgeGroupService {
+	return store.EdgeGroupService
+}
+
+// EdgeJob gives access to the EdgeJob data management layer
+func (store *Store) EdgeJob() portainer.EdgeJobService {
+	return store.EdgeJobService
+}
+
+// EdgeStack gives access to the EdgeStack data management layer
+func (store *Store) EdgeStack() portainer.EdgeStackService {
+	return store.EdgeStackService
+}
+
+// Endpoint gives access to the Endpoint data management layer
+func (store *Store) Endpoint() portainer.EndpointService {
+	return store.EndpointService
+}
+
+// EndpointGroup gives access to the EndpointGroup data management layer
+func (store *Store) EndpointGroup() portainer.EndpointGroupService {
+	return store.EndpointGroupService
+}
+
+// EndpointRelation gives access to the EndpointRelation data management layer
+func (store *Store) EndpointRelation() portainer.EndpointRelationService {
+	return store.EndpointRelationService
+}
+
+// Registry gives access to the Registry data management layer
+func (store *Store) Registry() portainer.RegistryService {
+	return store.RegistryService
+}
+
+// ResourceControl gives access to the ResourceControl data management layer
+func (store *Store) ResourceControl() portainer.ResourceControlService {
+	return store.ResourceControlService
+}
+
+// Role gives access to the Role data management layer
+func (store *Store) Role() portainer.RoleService {
+	return store.RoleService
+}
+
+// Settings gives access to the Settings data management layer
+func (store *Store) Settings() portainer.SettingsService {
+	return store.SettingsService
+}
+
+// Stack gives access to the Stack data management layer
+func (store *Store) Stack() portainer.StackService {
+	return store.StackService
+}
+
+// Tag gives access to the Tag data management layer
+func (store *Store) Tag() portainer.TagService {
+	return store.TagService
+}
+
+// TeamMembership gives access to the TeamMembership data management layer
+func (store *Store) TeamMembership() portainer.TeamMembershipService {
+	return store.TeamMembershipService
+}
+
+// Team gives access to the Team data management layer
+func (store *Store) Team() portainer.TeamService {
+	return store.TeamService
+}
+
+// TunnelServer gives access to the TunnelServer data management layer
+func (store *Store) TunnelServer() portainer.TunnelServerService {
+	return store.TunnelServerService
+}
+
+// User gives access to the User data management layer
+func (store *Store) User() portainer.UserService {
+	return store.UserService
+}
+
+// Version gives access to the Version data management layer
+func (store *Store) Version() portainer.VersionService {
+	return store.VersionService
+}
+
+// Webhook gives access to the Webhook data management layer
+func (store *Store) Webhook() portainer.WebhookService {
+	return store.WebhookService
 }

api/bolt/dockerhub/dockerhub.go

@@ -1,8 +1,10 @@
 package dockerhub
 
 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
+
+	"github.com/boltdb/bolt"
 )
 
 const (
@@ -13,18 +15,18 @@ const (
 
 // Service represents a service for managing Dockerhub data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -32,7 +34,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) DockerHub() (*portainer.DockerHub, error) {
 	var dockerhub portainer.DockerHub
 
-	err := internal.GetObject(service.connection, BucketName, []byte(dockerHubKey), &dockerhub)
+	err := internal.GetObject(service.db, BucketName, []byte(dockerHubKey), &dockerhub)
 	if err != nil {
 		return nil, err
 	}
@@ -42,5 +44,5 @@ func (service *Service) DockerHub() (*portainer.DockerHub, error) {
 
 // UpdateDockerHub updates a DockerHub object.
 func (service *Service) UpdateDockerHub(dockerhub *portainer.DockerHub) error {
-	return internal.UpdateObject(service.connection, BucketName, []byte(dockerHubKey), dockerhub)
+	return internal.UpdateObject(service.db, BucketName, []byte(dockerHubKey), dockerhub)
 }

api/bolt/edgegroup/edgegroup.go

@@ -2,7 +2,7 @@ package edgegroup
 
 import (
 	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 )
 
@@ -13,18 +13,18 @@ const (
 
 // Service represents a service for managing Edge group data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -32,7 +32,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) EdgeGroups() ([]portainer.EdgeGroup, error) {
 	var groups = make([]portainer.EdgeGroup, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -56,7 +56,7 @@ func (service *Service) EdgeGroup(ID portainer.EdgeGroupID) (*portainer.EdgeGrou
 	var group portainer.EdgeGroup
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &group)
+	err := internal.GetObject(service.db, BucketName, identifier, &group)
 	if err != nil {
 		return nil, err
 	}
@@ -67,18 +67,18 @@ func (service *Service) EdgeGroup(ID portainer.EdgeGroupID) (*portainer.EdgeGrou
 // UpdateEdgeGroup updates an Edge group.
 func (service *Service) UpdateEdgeGroup(ID portainer.EdgeGroupID, group *portainer.EdgeGroup) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, group)
+	return internal.UpdateObject(service.db, BucketName, identifier, group)
 }
 
 // DeleteEdgeGroup deletes an Edge group.
 func (service *Service) DeleteEdgeGroup(ID portainer.EdgeGroupID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
 
 // CreateEdgeGroup assign an ID to a new Edge group and saves it.
 func (service *Service) CreateEdgeGroup(group *portainer.EdgeGroup) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		id, _ := bucket.NextSequence()

api/bolt/edgejob/edgejob.go

@@ -2,7 +2,7 @@ package edgejob
 
 import (
 	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 )
 
@@ -13,18 +13,18 @@ const (
 
 // Service represents a service for managing edge jobs data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -32,7 +32,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) EdgeJobs() ([]portainer.EdgeJob, error) {
 	var edgeJobs = make([]portainer.EdgeJob, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -56,7 +56,7 @@ func (service *Service) EdgeJob(ID portainer.EdgeJobID) (*portainer.EdgeJob, err
 	var edgeJob portainer.EdgeJob
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &edgeJob)
+	err := internal.GetObject(service.db, BucketName, identifier, &edgeJob)
 	if err != nil {
 		return nil, err
 	}
@@ -66,7 +66,7 @@ func (service *Service) EdgeJob(ID portainer.EdgeJobID) (*portainer.EdgeJob, err
 
 // CreateEdgeJob creates a new Edge job
 func (service *Service) CreateEdgeJob(edgeJob *portainer.EdgeJob) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		if edgeJob.ID == 0 {
@@ -86,16 +86,16 @@ func (service *Service) CreateEdgeJob(edgeJob *portainer.EdgeJob) error {
 // UpdateEdgeJob updates an Edge job by ID
 func (service *Service) UpdateEdgeJob(ID portainer.EdgeJobID, edgeJob *portainer.EdgeJob) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, edgeJob)
+	return internal.UpdateObject(service.db, BucketName, identifier, edgeJob)
 }
 
 // DeleteEdgeJob deletes an Edge job
 func (service *Service) DeleteEdgeJob(ID portainer.EdgeJobID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
 
 // GetNextIdentifier returns the next identifier for an endpoint.
 func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.connection, BucketName)
+	return internal.GetNextIdentifier(service.db, BucketName)
 }

api/bolt/edgestack/edgestack.go

@@ -2,7 +2,7 @@ package edgestack
 
 import (
 	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 )
 
@@ -13,18 +13,18 @@ const (
 
 // Service represents a service for managing Edge stack data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -32,7 +32,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) EdgeStacks() ([]portainer.EdgeStack, error) {
 	var stacks = make([]portainer.EdgeStack, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -56,7 +56,7 @@ func (service *Service) EdgeStack(ID portainer.EdgeStackID) (*portainer.EdgeStac
 	var stack portainer.EdgeStack
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &stack)
+	err := internal.GetObject(service.db, BucketName, identifier, &stack)
 	if err != nil {
 		return nil, err
 	}
@@ -66,7 +66,7 @@ func (service *Service) EdgeStack(ID portainer.EdgeStackID) (*portainer.EdgeStac
 
 // CreateEdgeStack assign an ID to a new Edge stack and saves it.
 func (service *Service) CreateEdgeStack(edgeStack *portainer.EdgeStack) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		if edgeStack.ID == 0 {
@@ -86,16 +86,16 @@ func (service *Service) CreateEdgeStack(edgeStack *portainer.EdgeStack) error {
 // UpdateEdgeStack updates an Edge stack.
 func (service *Service) UpdateEdgeStack(ID portainer.EdgeStackID, edgeStack *portainer.EdgeStack) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, edgeStack)
+	return internal.UpdateObject(service.db, BucketName, identifier, edgeStack)
 }
 
 // DeleteEdgeStack deletes an Edge stack.
 func (service *Service) DeleteEdgeStack(ID portainer.EdgeStackID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
 
 // GetNextIdentifier returns the next identifier for an endpoint.
 func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.connection, BucketName)
+	return internal.GetNextIdentifier(service.db, BucketName)
 }

api/bolt/endpoint/endpoint.go

@@ -2,7 +2,7 @@ package endpoint
 
 import (
 	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 )
 
@@ -13,18 +13,18 @@ const (
 
 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -33,7 +33,7 @@ func (service *Service) Endpoint(ID portainer.EndpointID) (*portainer.Endpoint,
 	var endpoint portainer.Endpoint
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &endpoint)
+	err := internal.GetObject(service.db, BucketName, identifier, &endpoint)
 	if err != nil {
 		return nil, err
 	}
@@ -44,20 +44,20 @@ func (service *Service) Endpoint(ID portainer.EndpointID) (*portainer.Endpoint,
 // UpdateEndpoint updates an endpoint.
 func (service *Service) UpdateEndpoint(ID portainer.EndpointID, endpoint *portainer.Endpoint) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, endpoint)
+	return internal.UpdateObject(service.db, BucketName, identifier, endpoint)
 }
 
 // DeleteEndpoint deletes an endpoint.
 func (service *Service) DeleteEndpoint(ID portainer.EndpointID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
 
 // Endpoints return an array containing all the endpoints.
 func (service *Service) Endpoints() ([]portainer.Endpoint, error) {
 	var endpoints = make([]portainer.Endpoint, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -78,7 +78,7 @@ func (service *Service) Endpoints() ([]portainer.Endpoint, error) {
 
 // CreateEndpoint assign an ID to a new endpoint and saves it.
 func (service *Service) CreateEndpoint(endpoint *portainer.Endpoint) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		// We manually manage sequences for endpoints
@@ -98,12 +98,12 @@ func (service *Service) CreateEndpoint(endpoint *portainer.Endpoint) error {
 
 // GetNextIdentifier returns the next identifier for an endpoint.
 func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.connection, BucketName)
+	return internal.GetNextIdentifier(service.db, BucketName)
 }
 
 // Synchronize creates, updates and deletes endpoints inside a single transaction.
 func (service *Service) Synchronize(toCreate, toUpdate, toDelete []*portainer.Endpoint) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		for _, endpoint := range toCreate {

api/bolt/endpointgroup/endpointgroup.go

@@ -1,7 +1,7 @@
 package endpointgroup
 
 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 
 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (
 
 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -34,7 +34,7 @@ func (service *Service) EndpointGroup(ID portainer.EndpointGroupID) (*portainer.
 	var endpointGroup portainer.EndpointGroup
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &endpointGroup)
+	err := internal.GetObject(service.db, BucketName, identifier, &endpointGroup)
 	if err != nil {
 		return nil, err
 	}
@@ -45,20 +45,20 @@ func (service *Service) EndpointGroup(ID portainer.EndpointGroupID) (*portainer.
 // UpdateEndpointGroup updates an endpoint group.
 func (service *Service) UpdateEndpointGroup(ID portainer.EndpointGroupID, endpointGroup *portainer.EndpointGroup) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, endpointGroup)
+	return internal.UpdateObject(service.db, BucketName, identifier, endpointGroup)
 }
 
 // DeleteEndpointGroup deletes an endpoint group.
 func (service *Service) DeleteEndpointGroup(ID portainer.EndpointGroupID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
 
 // EndpointGroups return an array containing all the endpoint groups.
 func (service *Service) EndpointGroups() ([]portainer.EndpointGroup, error) {
 	var endpointGroups = make([]portainer.EndpointGroup, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -79,7 +79,7 @@ func (service *Service) EndpointGroups() ([]portainer.EndpointGroup, error) {
 
 // CreateEndpointGroup assign an ID to a new endpoint group and saves it.
 func (service *Service) CreateEndpointGroup(endpointGroup *portainer.EndpointGroup) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		id, _ := bucket.NextSequence()

api/bolt/endpointrelation/endpointrelation.go

@@ -13,18 +13,18 @@ const (
 
 // Service represents a service for managing endpoint relation data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -33,7 +33,7 @@ func (service *Service) EndpointRelation(endpointID portainer.EndpointID) (*port
 	var endpointRelation portainer.EndpointRelation
 	identifier := internal.Itob(int(endpointID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &endpointRelation)
+	err := internal.GetObject(service.db, BucketName, identifier, &endpointRelation)
 	if err != nil {
 		return nil, err
 	}
@@ -43,7 +43,7 @@ func (service *Service) EndpointRelation(endpointID portainer.EndpointID) (*port
 
 // CreateEndpointRelation saves endpointRelation
 func (service *Service) CreateEndpointRelation(endpointRelation *portainer.EndpointRelation) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		data, err := internal.MarshalObject(endpointRelation)
@@ -58,11 +58,11 @@ func (service *Service) CreateEndpointRelation(endpointRelation *portainer.Endpo
 // UpdateEndpointRelation updates an Endpoint relation object
 func (service *Service) UpdateEndpointRelation(EndpointID portainer.EndpointID, endpointRelation *portainer.EndpointRelation) error {
 	identifier := internal.Itob(int(EndpointID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, endpointRelation)
+	return internal.UpdateObject(service.db, BucketName, identifier, endpointRelation)
 }
 
 // DeleteEndpointRelation deletes an Endpoint relation object
 func (service *Service) DeleteEndpointRelation(EndpointID portainer.EndpointID) error {
 	identifier := internal.Itob(int(EndpointID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }

api/bolt/extension/extension.go

@@ -1,7 +1,7 @@
 package extension
 
 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 
 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (
 
 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -34,7 +34,7 @@ func (service *Service) Extension(ID portainer.ExtensionID) (*portainer.Extensio
 	var extension portainer.Extension
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &extension)
+	err := internal.GetObject(service.db, BucketName, identifier, &extension)
 	if err != nil {
 		return nil, err
 	}
@@ -46,7 +46,7 @@ func (service *Service) Extension(ID portainer.ExtensionID) (*portainer.Extensio
 func (service *Service) Extensions() ([]portainer.Extension, error) {
 	var extensions = make([]portainer.Extension, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -67,7 +67,7 @@ func (service *Service) Extensions() ([]portainer.Extension, error) {
 
 // Persist persists a extension inside the database.
 func (service *Service) Persist(extension *portainer.Extension) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		data, err := internal.MarshalObject(extension)
@@ -82,5 +82,5 @@ func (service *Service) Persist(extension *portainer.Extension) error {
 // DeleteExtension deletes a Extension.
 func (service *Service) DeleteExtension(ID portainer.ExtensionID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }

api/bolt/internal/db.go

@@ -7,10 +7,6 @@ import (
 	"github.com/portainer/portainer/api/bolt/errors"
 )
 
-type DbConnection struct {
-	*bolt.DB
-}
-
 // Itob returns an 8-byte big endian representation of v.
 // This function is typically used for encoding integer IDs to byte slices
 // so that they can be used as BoltDB keys.
@@ -21,8 +17,8 @@ func Itob(v int) []byte {
 }
 
 // CreateBucket is a generic function used to create a bucket inside a bolt database.
-func CreateBucket(connection *DbConnection, bucketName string) error {
-	return connection.Update(func(tx *bolt.Tx) error {
+func CreateBucket(db *bolt.DB, bucketName string) error {
+	return db.Update(func(tx *bolt.Tx) error {
 		_, err := tx.CreateBucketIfNotExists([]byte(bucketName))
 		if err != nil {
 			return err
@@ -32,10 +28,10 @@ func CreateBucket(connection *DbConnection, bucketName string) error {
 }
 
 // GetObject is a generic function used to retrieve an unmarshalled object from a bolt database.
-func GetObject(connection *DbConnection, bucketName string, key []byte, object interface{}) error {
+func GetObject(db *bolt.DB, bucketName string, key []byte, object interface{}) error {
 	var data []byte
 
-	err := connection.View(func(tx *bolt.Tx) error {
+	err := db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(bucketName))
 
 		value := bucket.Get(key)
@@ -56,8 +52,8 @@ func GetObject(connection *DbConnection, bucketName string, key []byte, object i
 }
 
 // UpdateObject is a generic function used to update an object inside a bolt database.
-func UpdateObject(connection *DbConnection, bucketName string, key []byte, object interface{}) error {
-	return connection.Update(func(tx *bolt.Tx) error {
+func UpdateObject(db *bolt.DB, bucketName string, key []byte, object interface{}) error {
+	return db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(bucketName))
 
 		data, err := MarshalObject(object)
@@ -75,18 +71,18 @@ func UpdateObject(connection *DbConnection, bucketName string, key []byte, objec
 }
 
 // DeleteObject is a generic function used to delete an object inside a bolt database.
-func DeleteObject(connection *DbConnection, bucketName string, key []byte) error {
-	return connection.Update(func(tx *bolt.Tx) error {
+func DeleteObject(db *bolt.DB, bucketName string, key []byte) error {
+	return db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(bucketName))
 		return bucket.Delete(key)
 	})
 }
 
 // GetNextIdentifier is a generic function that returns the specified bucket identifier incremented by 1.
-func GetNextIdentifier(connection *DbConnection, bucketName string) int {
+func GetNextIdentifier(db *bolt.DB, bucketName string) int {
 	var identifier int
 
-	connection.Update(func(tx *bolt.Tx) error {
+	db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(bucketName))
 		id, err := bucket.NextSequence()
 		if err != nil {

api/bolt/registry/registry.go

@@ -1,7 +1,7 @@
 package registry
 
 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 
 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (
 
 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -34,7 +34,7 @@ func (service *Service) Registry(ID portainer.RegistryID) (*portainer.Registry,
 	var registry portainer.Registry
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &registry)
+	err := internal.GetObject(service.db, BucketName, identifier, &registry)
 	if err != nil {
 		return nil, err
 	}
@@ -46,7 +46,7 @@ func (service *Service) Registry(ID portainer.RegistryID) (*portainer.Registry,
 func (service *Service) Registries() ([]portainer.Registry, error) {
 	var registries = make([]portainer.Registry, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -67,7 +67,7 @@ func (service *Service) Registries() ([]portainer.Registry, error) {
 
 // CreateRegistry creates a new registry.
 func (service *Service) CreateRegistry(registry *portainer.Registry) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		id, _ := bucket.NextSequence()
@@ -85,11 +85,11 @@ func (service *Service) CreateRegistry(registry *portainer.Registry) error {
 // UpdateRegistry updates an registry.
 func (service *Service) UpdateRegistry(ID portainer.RegistryID, registry *portainer.Registry) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, registry)
+	return internal.UpdateObject(service.db, BucketName, identifier, registry)
 }
 
 // DeleteRegistry deletes an registry.
 func (service *Service) DeleteRegistry(ID portainer.RegistryID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }

api/bolt/resourcecontrol/resourcecontrol.go

@@ -1,7 +1,7 @@
 package resourcecontrol
 
 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 
 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (
 
 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -34,7 +34,7 @@ func (service *Service) ResourceControl(ID portainer.ResourceControlID) (*portai
 	var resourceControl portainer.ResourceControl
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &resourceControl)
+	err := internal.GetObject(service.db, BucketName, identifier, &resourceControl)
 	if err != nil {
 		return nil, err
 	}
@@ -48,7 +48,7 @@ func (service *Service) ResourceControl(ID portainer.ResourceControlID) (*portai
 func (service *Service) ResourceControlByResourceIDAndType(resourceID string, resourceType portainer.ResourceControlType) (*portainer.ResourceControl, error) {
 	var resourceControl *portainer.ResourceControl
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 		cursor := bucket.Cursor()
 
@@ -82,7 +82,7 @@ func (service *Service) ResourceControlByResourceIDAndType(resourceID string, re
 func (service *Service) ResourceControls() ([]portainer.ResourceControl, error) {
 	var rcs = make([]portainer.ResourceControl, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -103,7 +103,7 @@ func (service *Service) ResourceControls() ([]portainer.ResourceControl, error)
 
 // CreateResourceControl creates a new ResourceControl object
 func (service *Service) CreateResourceControl(resourceControl *portainer.ResourceControl) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		id, _ := bucket.NextSequence()
@@ -121,11 +121,11 @@ func (service *Service) CreateResourceControl(resourceControl *portainer.Resourc
 // UpdateResourceControl saves a ResourceControl object.
 func (service *Service) UpdateResourceControl(ID portainer.ResourceControlID, resourceControl *portainer.ResourceControl) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, resourceControl)
+	return internal.UpdateObject(service.db, BucketName, identifier, resourceControl)
 }
 
 // DeleteResourceControl deletes a ResourceControl object by ID
 func (service *Service) DeleteResourceControl(ID portainer.ResourceControlID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }

api/bolt/role/role.go

@@ -1,7 +1,7 @@
 package role
 
 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 
 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (
 
 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -34,7 +34,7 @@ func (service *Service) Role(ID portainer.RoleID) (*portainer.Role, error) {
 	var set portainer.Role
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &set)
+	err := internal.GetObject(service.db, BucketName, identifier, &set)
 	if err != nil {
 		return nil, err
 	}
@@ -46,7 +46,7 @@ func (service *Service) Role(ID portainer.RoleID) (*portainer.Role, error) {
 func (service *Service) Roles() ([]portainer.Role, error) {
 	var sets = make([]portainer.Role, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -67,7 +67,7 @@ func (service *Service) Roles() ([]portainer.Role, error) {
 
 // CreateRole creates a new Role.
 func (service *Service) CreateRole(role *portainer.Role) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		id, _ := bucket.NextSequence()
@@ -85,5 +85,5 @@ func (service *Service) CreateRole(role *portainer.Role) error {
 // UpdateRole updates a role.
 func (service *Service) UpdateRole(ID portainer.RoleID, role *portainer.Role) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, role)
+	return internal.UpdateObject(service.db, BucketName, identifier, role)
 }

api/bolt/schedule/schedule.go

@@ -1,7 +1,7 @@
 package schedule
 
 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 
 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (
 
 // Service represents a service for managing schedule data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -34,7 +34,7 @@ func (service *Service) Schedule(ID portainer.ScheduleID) (*portainer.Schedule,
 	var schedule portainer.Schedule
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &schedule)
+	err := internal.GetObject(service.db, BucketName, identifier, &schedule)
 	if err != nil {
 		return nil, err
 	}
@@ -45,20 +45,20 @@ func (service *Service) Schedule(ID portainer.ScheduleID) (*portainer.Schedule,
 // UpdateSchedule updates a schedule.
 func (service *Service) UpdateSchedule(ID portainer.ScheduleID, schedule *portainer.Schedule) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, schedule)
+	return internal.UpdateObject(service.db, BucketName, identifier, schedule)
 }
 
 // DeleteSchedule deletes a schedule.
 func (service *Service) DeleteSchedule(ID portainer.ScheduleID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
 
 // Schedules return a array containing all the schedules.
 func (service *Service) Schedules() ([]portainer.Schedule, error) {
 	var schedules = make([]portainer.Schedule, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -82,7 +82,7 @@ func (service *Service) Schedules() ([]portainer.Schedule, error) {
 func (service *Service) SchedulesByJobType(jobType portainer.JobType) ([]portainer.Schedule, error) {
 	var schedules = make([]portainer.Schedule, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -105,7 +105,7 @@ func (service *Service) SchedulesByJobType(jobType portainer.JobType) ([]portain
 
 // CreateSchedule assign an ID to a new schedule and saves it.
 func (service *Service) CreateSchedule(schedule *portainer.Schedule) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		// We manually manage sequences for schedules
@@ -125,5 +125,5 @@ func (service *Service) CreateSchedule(schedule *portainer.Schedule) error {
 
 // GetNextIdentifier returns the next identifier for a schedule.
 func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.connection, BucketName)
+	return internal.GetNextIdentifier(service.db, BucketName)
 }

api/bolt/services.go

@@ -1,263 +0,0 @@
-package bolt
-
-import (
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/customtemplate"
-	"github.com/portainer/portainer/api/bolt/dockerhub"
-	"github.com/portainer/portainer/api/bolt/edgegroup"
-	"github.com/portainer/portainer/api/bolt/edgejob"
-	"github.com/portainer/portainer/api/bolt/edgestack"
-	"github.com/portainer/portainer/api/bolt/endpoint"
-	"github.com/portainer/portainer/api/bolt/endpointgroup"
-	"github.com/portainer/portainer/api/bolt/endpointrelation"
-	"github.com/portainer/portainer/api/bolt/extension"
-	"github.com/portainer/portainer/api/bolt/registry"
-	"github.com/portainer/portainer/api/bolt/resourcecontrol"
-	"github.com/portainer/portainer/api/bolt/role"
-	"github.com/portainer/portainer/api/bolt/schedule"
-	"github.com/portainer/portainer/api/bolt/settings"
-	"github.com/portainer/portainer/api/bolt/stack"
-	"github.com/portainer/portainer/api/bolt/tag"
-	"github.com/portainer/portainer/api/bolt/team"
-	"github.com/portainer/portainer/api/bolt/teammembership"
-	"github.com/portainer/portainer/api/bolt/tunnelserver"
-	"github.com/portainer/portainer/api/bolt/user"
-	"github.com/portainer/portainer/api/bolt/version"
-	"github.com/portainer/portainer/api/bolt/webhook"
-)
-
-func (store *Store) initServices() error {
-	authorizationsetService, err := role.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.RoleService = authorizationsetService
-
-	customTemplateService, err := customtemplate.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.CustomTemplateService = customTemplateService
-
-	dockerhubService, err := dockerhub.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.DockerHubService = dockerhubService
-
-	edgeStackService, err := edgestack.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.EdgeStackService = edgeStackService
-
-	edgeGroupService, err := edgegroup.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.EdgeGroupService = edgeGroupService
-
-	edgeJobService, err := edgejob.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.EdgeJobService = edgeJobService
-
-	endpointgroupService, err := endpointgroup.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.EndpointGroupService = endpointgroupService
-
-	endpointService, err := endpoint.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.EndpointService = endpointService
-
-	endpointRelationService, err := endpointrelation.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.EndpointRelationService = endpointRelationService
-
-	extensionService, err := extension.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.ExtensionService = extensionService
-
-	registryService, err := registry.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.RegistryService = registryService
-
-	resourcecontrolService, err := resourcecontrol.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.ResourceControlService = resourcecontrolService
-
-	settingsService, err := settings.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.SettingsService = settingsService
-
-	stackService, err := stack.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.StackService = stackService
-
-	tagService, err := tag.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.TagService = tagService
-
-	teammembershipService, err := teammembership.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.TeamMembershipService = teammembershipService
-
-	teamService, err := team.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.TeamService = teamService
-
-	tunnelServerService, err := tunnelserver.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.TunnelServerService = tunnelServerService
-
-	userService, err := user.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.UserService = userService
-
-	versionService, err := version.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.VersionService = versionService
-
-	webhookService, err := webhook.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.WebhookService = webhookService
-
-	scheduleService, err := schedule.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.ScheduleService = scheduleService
-
-	return nil
-}
-
-// CustomTemplate gives access to the CustomTemplate data management layer
-func (store *Store) CustomTemplate() portainer.CustomTemplateService {
-	return store.CustomTemplateService
-}
-
-// DockerHub gives access to the DockerHub data management layer
-func (store *Store) DockerHub() portainer.DockerHubService {
-	return store.DockerHubService
-}
-
-// EdgeGroup gives access to the EdgeGroup data management layer
-func (store *Store) EdgeGroup() portainer.EdgeGroupService {
-	return store.EdgeGroupService
-}
-
-// EdgeJob gives access to the EdgeJob data management layer
-func (store *Store) EdgeJob() portainer.EdgeJobService {
-	return store.EdgeJobService
-}
-
-// EdgeStack gives access to the EdgeStack data management layer
-func (store *Store) EdgeStack() portainer.EdgeStackService {
-	return store.EdgeStackService
-}
-
-// Endpoint gives access to the Endpoint data management layer
-func (store *Store) Endpoint() portainer.EndpointService {
-	return store.EndpointService
-}
-
-// EndpointGroup gives access to the EndpointGroup data management layer
-func (store *Store) EndpointGroup() portainer.EndpointGroupService {
-	return store.EndpointGroupService
-}
-
-// EndpointRelation gives access to the EndpointRelation data management layer
-func (store *Store) EndpointRelation() portainer.EndpointRelationService {
-	return store.EndpointRelationService
-}
-
-// Registry gives access to the Registry data management layer
-func (store *Store) Registry() portainer.RegistryService {
-	return store.RegistryService
-}
-
-// ResourceControl gives access to the ResourceControl data management layer
-func (store *Store) ResourceControl() portainer.ResourceControlService {
-	return store.ResourceControlService
-}
-
-// Role gives access to the Role data management layer
-func (store *Store) Role() portainer.RoleService {
-	return store.RoleService
-}
-
-// Settings gives access to the Settings data management layer
-func (store *Store) Settings() portainer.SettingsService {
-	return store.SettingsService
-}
-
-// Stack gives access to the Stack data management layer
-func (store *Store) Stack() portainer.StackService {
-	return store.StackService
-}
-
-// Tag gives access to the Tag data management layer
-func (store *Store) Tag() portainer.TagService {
-	return store.TagService
-}
-
-// TeamMembership gives access to the TeamMembership data management layer
-func (store *Store) TeamMembership() portainer.TeamMembershipService {
-	return store.TeamMembershipService
-}
-
-// Team gives access to the Team data management layer
-func (store *Store) Team() portainer.TeamService {
-	return store.TeamService
-}
-
-// TunnelServer gives access to the TunnelServer data management layer
-func (store *Store) TunnelServer() portainer.TunnelServerService {
-	return store.TunnelServerService
-}
-
-// User gives access to the User data management layer
-func (store *Store) User() portainer.UserService {
-	return store.UserService
-}
-
-// Version gives access to the Version data management layer
-func (store *Store) Version() portainer.VersionService {
-	return store.VersionService
-}
-
-// Webhook gives access to the Webhook data management layer
-func (store *Store) Webhook() portainer.WebhookService {
-	return store.WebhookService
-}

api/bolt/settings/settings.go

@@ -1,8 +1,10 @@
 package settings
 
 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
+
+	"github.com/boltdb/bolt"
 )
 
 const (
@@ -13,18 +15,18 @@ const (
 
 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -32,7 +34,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) Settings() (*portainer.Settings, error) {
 	var settings portainer.Settings
 
-	err := internal.GetObject(service.connection, BucketName, []byte(settingsKey), &settings)
+	err := internal.GetObject(service.db, BucketName, []byte(settingsKey), &settings)
 	if err != nil {
 		return nil, err
 	}
@@ -42,5 +44,5 @@ func (service *Service) Settings() (*portainer.Settings, error) {
 
 // UpdateSettings persists a Settings object.
 func (service *Service) UpdateSettings(settings *portainer.Settings) error {
-	return internal.UpdateObject(service.connection, BucketName, []byte(settingsKey), settings)
+	return internal.UpdateObject(service.db, BucketName, []byte(settingsKey), settings)
 }

api/bolt/stack/stack.go

@@ -1,7 +1,7 @@
 package stack
 
 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/errors"
 	"github.com/portainer/portainer/api/bolt/internal"
 
@@ -15,18 +15,18 @@ const (
 
 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -35,7 +35,7 @@ func (service *Service) Stack(ID portainer.StackID) (*portainer.Stack, error) {
 	var stack portainer.Stack
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &stack)
+	err := internal.GetObject(service.db, BucketName, identifier, &stack)
 	if err != nil {
 		return nil, err
 	}
@@ -47,7 +47,7 @@ func (service *Service) Stack(ID portainer.StackID) (*portainer.Stack, error) {
 func (service *Service) StackByName(name string) (*portainer.Stack, error) {
 	var stack *portainer.Stack
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 		cursor := bucket.Cursor()
 
@@ -78,7 +78,7 @@ func (service *Service) StackByName(name string) (*portainer.Stack, error) {
 func (service *Service) Stacks() ([]portainer.Stack, error) {
 	var stacks = make([]portainer.Stack, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -99,12 +99,12 @@ func (service *Service) Stacks() ([]portainer.Stack, error) {
 
 // GetNextIdentifier returns the next identifier for a stack.
 func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.connection, BucketName)
+	return internal.GetNextIdentifier(service.db, BucketName)
 }
 
 // CreateStack creates a new stack.
 func (service *Service) CreateStack(stack *portainer.Stack) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		// We manually manage sequences for stacks
@@ -125,11 +125,11 @@ func (service *Service) CreateStack(stack *portainer.Stack) error {
 // UpdateStack updates a stack.
 func (service *Service) UpdateStack(ID portainer.StackID, stack *portainer.Stack) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, stack)
+	return internal.UpdateObject(service.db, BucketName, identifier, stack)
 }
 
 // DeleteStack deletes a stack.
 func (service *Service) DeleteStack(ID portainer.StackID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }

api/bolt/tag/tag.go

@@ -1,7 +1,7 @@
 package tag
 
 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 
 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (
 
 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -33,7 +33,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) Tags() ([]portainer.Tag, error) {
 	var tags = make([]portainer.Tag, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -57,7 +57,7 @@ func (service *Service) Tag(ID portainer.TagID) (*portainer.Tag, error) {
 	var tag portainer.Tag
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &tag)
+	err := internal.GetObject(service.db, BucketName, identifier, &tag)
 	if err != nil {
 		return nil, err
 	}
@@ -67,7 +67,7 @@ func (service *Service) Tag(ID portainer.TagID) (*portainer.Tag, error) {
 
 // CreateTag creates a new tag.
 func (service *Service) CreateTag(tag *portainer.Tag) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		id, _ := bucket.NextSequence()
@@ -85,11 +85,11 @@ func (service *Service) CreateTag(tag *portainer.Tag) error {
 // UpdateTag updates a tag.
 func (service *Service) UpdateTag(ID portainer.TagID, tag *portainer.Tag) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, tag)
+	return internal.UpdateObject(service.db, BucketName, identifier, tag)
 }
 
 // DeleteTag deletes a tag.
 func (service *Service) DeleteTag(ID portainer.TagID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }

api/bolt/team/team.go

@@ -17,18 +17,18 @@ const (
 
 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -37,7 +37,7 @@ func (service *Service) Team(ID portainer.TeamID) (*portainer.Team, error) {
 	var team portainer.Team
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &team)
+	err := internal.GetObject(service.db, BucketName, identifier, &team)
 	if err != nil {
 		return nil, err
 	}
@@ -49,7 +49,7 @@ func (service *Service) Team(ID portainer.TeamID) (*portainer.Team, error) {
 func (service *Service) TeamByName(name string) (*portainer.Team, error) {
 	var team *portainer.Team
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -80,7 +80,7 @@ func (service *Service) TeamByName(name string) (*portainer.Team, error) {
 func (service *Service) Teams() ([]portainer.Team, error) {
 	var teams = make([]portainer.Team, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -102,12 +102,12 @@ func (service *Service) Teams() ([]portainer.Team, error) {
 // UpdateTeam saves a Team.
 func (service *Service) UpdateTeam(ID portainer.TeamID, team *portainer.Team) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, team)
+	return internal.UpdateObject(service.db, BucketName, identifier, team)
 }
 
 // CreateTeam creates a new Team.
 func (service *Service) CreateTeam(team *portainer.Team) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		id, _ := bucket.NextSequence()
@@ -125,5 +125,5 @@ func (service *Service) CreateTeam(team *portainer.Team) error {
 // DeleteTeam deletes a Team.
 func (service *Service) DeleteTeam(ID portainer.TeamID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }

api/bolt/teammembership/teammembership.go

@@ -1,7 +1,7 @@
 package teammembership
 
 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 
 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (
 
 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -34,7 +34,7 @@ func (service *Service) TeamMembership(ID portainer.TeamMembershipID) (*portaine
 	var membership portainer.TeamMembership
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &membership)
+	err := internal.GetObject(service.db, BucketName, identifier, &membership)
 	if err != nil {
 		return nil, err
 	}
@@ -46,7 +46,7 @@ func (service *Service) TeamMembership(ID portainer.TeamMembershipID) (*portaine
 func (service *Service) TeamMemberships() ([]portainer.TeamMembership, error) {
 	var memberships = make([]portainer.TeamMembership, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -69,7 +69,7 @@ func (service *Service) TeamMemberships() ([]portainer.TeamMembership, error) {
 func (service *Service) TeamMembershipsByUserID(userID portainer.UserID) ([]portainer.TeamMembership, error) {
 	var memberships = make([]portainer.TeamMembership, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -95,7 +95,7 @@ func (service *Service) TeamMembershipsByUserID(userID portainer.UserID) ([]port
 func (service *Service) TeamMembershipsByTeamID(teamID portainer.TeamID) ([]portainer.TeamMembership, error) {
 	var memberships = make([]portainer.TeamMembership, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -120,12 +120,12 @@ func (service *Service) TeamMembershipsByTeamID(teamID portainer.TeamID) ([]port
 // UpdateTeamMembership saves a TeamMembership object.
 func (service *Service) UpdateTeamMembership(ID portainer.TeamMembershipID, membership *portainer.TeamMembership) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, membership)
+	return internal.UpdateObject(service.db, BucketName, identifier, membership)
 }
 
 // CreateTeamMembership creates a new TeamMembership object.
 func (service *Service) CreateTeamMembership(membership *portainer.TeamMembership) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		id, _ := bucket.NextSequence()
@@ -143,12 +143,12 @@ func (service *Service) CreateTeamMembership(membership *portainer.TeamMembershi
 // DeleteTeamMembership deletes a TeamMembership object.
 func (service *Service) DeleteTeamMembership(ID portainer.TeamMembershipID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
 
 // DeleteTeamMembershipByUserID deletes all the TeamMembership object associated to a UserID.
 func (service *Service) DeleteTeamMembershipByUserID(userID portainer.UserID) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -173,7 +173,7 @@ func (service *Service) DeleteTeamMembershipByUserID(userID portainer.UserID) er
 
 // DeleteTeamMembershipByTeamID deletes all the TeamMembership object associated to a TeamID.
 func (service *Service) DeleteTeamMembershipByTeamID(teamID portainer.TeamID) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()

api/bolt/tunnelserver/tunnelserver.go

@@ -1,8 +1,10 @@
 package tunnelserver
 
 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
+
+	"github.com/boltdb/bolt"
 )
 
 const (
@@ -13,18 +15,18 @@ const (
 
 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -32,7 +34,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) Info() (*portainer.TunnelServerInfo, error) {
 	var info portainer.TunnelServerInfo
 
-	err := internal.GetObject(service.connection, BucketName, []byte(infoKey), &info)
+	err := internal.GetObject(service.db, BucketName, []byte(infoKey), &info)
 	if err != nil {
 		return nil, err
 	}
@@ -42,5 +44,5 @@ func (service *Service) Info() (*portainer.TunnelServerInfo, error) {
 
 // UpdateInfo persists a TunnelServerInfo object.
 func (service *Service) UpdateInfo(settings *portainer.TunnelServerInfo) error {
-	return internal.UpdateObject(service.connection, BucketName, []byte(infoKey), settings)
+	return internal.UpdateObject(service.db, BucketName, []byte(infoKey), settings)
 }

api/bolt/user/user.go

@@ -17,18 +17,18 @@ const (
 
 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -37,7 +37,7 @@ func (service *Service) User(ID portainer.UserID) (*portainer.User, error) {
 	var user portainer.User
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &user)
+	err := internal.GetObject(service.db, BucketName, identifier, &user)
 	if err != nil {
 		return nil, err
 	}
@@ -51,7 +51,7 @@ func (service *Service) UserByUsername(username string) (*portainer.User, error)
 
 	username = strings.ToLower(username)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 		cursor := bucket.Cursor()
 
@@ -81,7 +81,7 @@ func (service *Service) UserByUsername(username string) (*portainer.User, error)
 func (service *Service) Users() ([]portainer.User, error) {
 	var users = make([]portainer.User, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -103,7 +103,7 @@ func (service *Service) Users() ([]portainer.User, error) {
 // UsersByRole return an array containing all the users with the specified role.
 func (service *Service) UsersByRole(role portainer.UserRole) ([]portainer.User, error) {
 	var users = make([]portainer.User, 0)
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -128,12 +128,12 @@ func (service *Service) UsersByRole(role portainer.UserRole) ([]portainer.User,
 func (service *Service) UpdateUser(ID portainer.UserID, user *portainer.User) error {
 	identifier := internal.Itob(int(ID))
 	user.Username = strings.ToLower(user.Username)
-	return internal.UpdateObject(service.connection, BucketName, identifier, user)
+	return internal.UpdateObject(service.db, BucketName, identifier, user)
 }
 
 // CreateUser creates a new user.
 func (service *Service) CreateUser(user *portainer.User) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		id, _ := bucket.NextSequence()
@@ -152,5 +152,5 @@ func (service *Service) CreateUser(user *portainer.User) error {
 // DeleteUser deletes a user.
 func (service *Service) DeleteUser(ID portainer.UserID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }

api/bolt/version/version.go

@@ -19,18 +19,18 @@ const (
 
 // Service represents a service to manage stored versions.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -38,7 +38,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) DBVersion() (int, error) {
 	var data []byte
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		value := bucket.Get([]byte(versionKey))
@@ -75,7 +75,7 @@ func (service *Service) Edition() (portainer.SoftwareEdition, error) {
 
 // StoreDBVersion store the database version.
 func (service *Service) StoreDBVersion(version int) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		data := []byte(strconv.Itoa(version))
@@ -87,7 +87,7 @@ func (service *Service) StoreDBVersion(version int) error {
 func (service *Service) InstanceID() (string, error) {
 	var data []byte
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		value := bucket.Get([]byte(instanceKey))
@@ -109,7 +109,7 @@ func (service *Service) InstanceID() (string, error) {
 
 // StoreInstanceID store the instance ID.
 func (service *Service) StoreInstanceID(ID string) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		data := []byte(ID)
@@ -120,7 +120,7 @@ func (service *Service) StoreInstanceID(ID string) error {
 func (service *Service) getKey(key string) ([]byte, error) {
 	var data []byte
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		value := bucket.Get([]byte(key))
@@ -142,7 +142,7 @@ func (service *Service) getKey(key string) ([]byte, error) {
 }
 
 func (service *Service) setKey(key string, value string) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		data := []byte(value)

api/bolt/webhook/webhook.go

@@ -1,7 +1,7 @@
 package webhook
 
 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/errors"
 	"github.com/portainer/portainer/api/bolt/internal"
 
@@ -15,18 +15,18 @@ const (
 
 // Service represents a service for managing webhook data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}
 
 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }
 
@@ -34,7 +34,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) Webhooks() ([]portainer.Webhook, error) {
 	var webhooks = make([]portainer.Webhook, 0)
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		cursor := bucket.Cursor()
@@ -58,7 +58,7 @@ func (service *Service) Webhook(ID portainer.WebhookID) (*portainer.Webhook, err
 	var webhook portainer.Webhook
 	identifier := internal.Itob(int(ID))
 
-	err := internal.GetObject(service.connection, BucketName, identifier, &webhook)
+	err := internal.GetObject(service.db, BucketName, identifier, &webhook)
 	if err != nil {
 		return nil, err
 	}
@@ -70,7 +70,7 @@ func (service *Service) Webhook(ID portainer.WebhookID) (*portainer.Webhook, err
 func (service *Service) WebhookByResourceID(ID string) (*portainer.Webhook, error) {
 	var webhook *portainer.Webhook
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 		cursor := bucket.Cursor()
 
@@ -101,7 +101,7 @@ func (service *Service) WebhookByResourceID(ID string) (*portainer.Webhook, erro
 func (service *Service) WebhookByToken(token string) (*portainer.Webhook, error) {
 	var webhook *portainer.Webhook
 
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 		cursor := bucket.Cursor()
 
@@ -131,12 +131,12 @@ func (service *Service) WebhookByToken(token string) (*portainer.Webhook, error)
 // DeleteWebhook deletes a webhook.
 func (service *Service) DeleteWebhook(ID portainer.WebhookID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
 
 // CreateWebhook assign an ID to a new webhook and saves it.
 func (service *Service) CreateWebhook(webhook *portainer.Webhook) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 
 		id, _ := bucket.NextSequence()

api/chisel/service.go

@@ -1,7 +1,6 @@
 package chisel
 
 import (
-	"context"
 	"fmt"
 	"log"
 	"strconv"
@@ -10,7 +9,7 @@ import (
 	"github.com/dchest/uniuri"
 	chserver "github.com/jpillora/chisel/server"
 	cmap "github.com/orcaman/concurrent-map"
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/errors"
 )
 
@@ -30,15 +29,13 @@ type Service struct {
 	dataStore         portainer.DataStore
 	snapshotService   portainer.SnapshotService
 	chiselServer      *chserver.Server
-	shutdownCtx       context.Context
 }
 
 // NewService returns a pointer to a new instance of Service
-func NewService(dataStore portainer.DataStore, shutdownCtx context.Context) *Service {
+func NewService(dataStore portainer.DataStore) *Service {
 	return &Service{
 		tunnelDetailsMap: cmap.New(),
 		dataStore:        dataStore,
-		shutdownCtx:      shutdownCtx,
 	}
 }
 
@@ -86,11 +83,6 @@ func (service *Service) StartTunnelServer(addr, port string, snapshotService por
 	return nil
 }
 
-// StopTunnelServer stops tunnel http server
-func (service *Service) StopTunnelServer() error {
-	return service.chiselServer.Close()
-}
-
 func (service *Service) retrievePrivateKeySeed() (string, error) {
 	var serverInfo *portainer.TunnelServerInfo
 
@@ -116,16 +108,13 @@ func (service *Service) retrievePrivateKeySeed() (string, error) {
 func (service *Service) startTunnelVerificationLoop() {
 	log.Printf("[DEBUG] [chisel, monitoring] [check_interval_seconds: %f] [message: starting tunnel management process]", tunnelCleanupInterval.Seconds())
 	ticker := time.NewTicker(tunnelCleanupInterval)
+	stopSignal := make(chan struct{})
 
 	for {
 		select {
 		case <-ticker.C:
 			service.checkTunnels()
-		case <-service.shutdownCtx.Done():
-			log.Println("[DEBUG] Shutting down tunnel service")
-			if err := service.StopTunnelServer(); err != nil {
-				log.Printf("Stopped tunnel service: %s", err)
-			}
+		case <-stopSignal:
 			ticker.Stop()
 			return
 		}

api/cmd/portainer/main.go

@@ -1,10 +1,10 @@
 package main
 
 import (
-	"context"
 	"log"
 	"os"
 	"strings"
+	"time"
 
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt"
@@ -20,7 +20,6 @@ import (
 	"github.com/portainer/portainer/api/http/client"
 	"github.com/portainer/portainer/api/http/proxy"
 	kubeproxy "github.com/portainer/portainer/api/http/proxy/factory/kubernetes"
-	"github.com/portainer/portainer/api/internal/edge"
 	"github.com/portainer/portainer/api/internal/snapshot"
 	"github.com/portainer/portainer/api/jwt"
 	"github.com/portainer/portainer/api/kubernetes"
@@ -68,7 +67,7 @@ func initDataStore(dataStorePath string, fileService portainer.FileService) port
 		log.Fatalf("failed initializing data store: %v", err)
 	}
 
-	err = store.MigrateData(false)
+	err = store.MigrateData()
 	if err != nil {
 		log.Fatalf("failed migration: %v", err)
 	}
@@ -76,7 +75,7 @@ func initDataStore(dataStorePath string, fileService portainer.FileService) port
 }
 
 func initComposeStackManager(assetsPath string, dataStorePath string, reverseTunnelService portainer.ReverseTunnelService, proxyManager *proxy.Manager) portainer.ComposeStackManager {
-	composeWrapper := exec.NewComposeWrapper(assetsPath, dataStorePath, proxyManager)
+	composeWrapper := exec.NewComposeWrapper(assetsPath, proxyManager)
 	if composeWrapper != nil {
 		return composeWrapper
 	}
@@ -137,11 +136,11 @@ func initKubernetesClientFactory(signatureService portainer.DigitalSignatureServ
 	return kubecli.NewClientFactory(signatureService, reverseTunnelService, instanceID)
 }
 
-func initSnapshotService(snapshotInterval string, dataStore portainer.DataStore, dockerClientFactory *docker.ClientFactory, kubernetesClientFactory *kubecli.ClientFactory, shutdownCtx context.Context) (portainer.SnapshotService, error) {
+func initSnapshotService(snapshotInterval string, dataStore portainer.DataStore, dockerClientFactory *docker.ClientFactory, kubernetesClientFactory *kubecli.ClientFactory) (portainer.SnapshotService, error) {
 	dockerSnapshotter := docker.NewSnapshotter(dockerClientFactory)
 	kubernetesSnapshotter := kubernetes.NewSnapshotter(kubernetesClientFactory)
 
-	snapshotService, err := snapshot.NewService(snapshotInterval, dataStore, dockerSnapshotter, kubernetesSnapshotter, shutdownCtx)
+	snapshotService, err := snapshot.NewService(snapshotInterval, dataStore, dockerSnapshotter, kubernetesSnapshotter)
 	if err != nil {
 		return nil, err
 	}
@@ -149,6 +148,21 @@ func initSnapshotService(snapshotInterval string, dataStore portainer.DataStore,
 	return snapshotService, nil
 }
 
+func loadEdgeJobsFromDatabase(dataStore portainer.DataStore, reverseTunnelService portainer.ReverseTunnelService) error {
+	edgeJobs, err := dataStore.EdgeJob().EdgeJobs()
+	if err != nil {
+		return err
+	}
+
+	for _, edgeJob := range edgeJobs {
+		for endpointID := range edgeJob.Endpoints {
+			reverseTunnelService.AddEdgeJob(endpointID, &edgeJob)
+		}
+	}
+
+	return nil
+}
+
 func initStatus(flags *portainer.CLIFlags) *portainer.Status {
 	return &portainer.Status{
 		Version: portainer.APIVersion,
@@ -339,12 +353,28 @@ func initEndpoint(flags *portainer.CLIFlags, dataStore portainer.DataStore, snap
 	return createUnsecuredEndpoint(*flags.EndpointURL, dataStore, snapshotService)
 }
 
-func buildServer(flags *portainer.CLIFlags) portainer.Server {
-	shutdownCtx, shutdownTrigger := context.WithCancel(context.Background())
+func terminateIfNoAdminCreated(dataStore portainer.DataStore) {
+	timer1 := time.NewTimer(5 * time.Minute)
+	<-timer1.C
+
+	users, err := dataStore.User().UsersByRole(portainer.AdministratorRole)
+	if err != nil {
+		log.Fatalf("failed getting admin user: %v", err)
+	}
+
+	if len(users) == 0 {
+		log.Fatal("No administrator account was created after 5 min. Shutting down the Portainer instance for security reasons.")
+		return
+	}
+}
+
+func main() {
+	flags := initCLI()
 
 	fileService := initFileService(*flags.Data)
 
 	dataStore := initDataStore(*flags.Data, fileService)
+	defer dataStore.Close()
 
 	if err := dataStore.CheckCurrentEdition(); err != nil {
 		log.Fatal(err)
@@ -370,7 +400,7 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		log.Fatalf("failed initializing key pai: %v", err)
 	}
 
-	reverseTunnelService := chisel.NewService(dataStore, shutdownCtx)
+	reverseTunnelService := chisel.NewService(dataStore)
 
 	instanceID, err := dataStore.Version().InstanceID()
 	if err != nil {
@@ -380,7 +410,7 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 	dockerClientFactory := initDockerClientFactory(digitalSignatureService, reverseTunnelService)
 	kubernetesClientFactory := initKubernetesClientFactory(digitalSignatureService, reverseTunnelService, instanceID)
 
-	snapshotService, err := initSnapshotService(*flags.SnapshotInterval, dataStore, dockerClientFactory, kubernetesClientFactory, shutdownCtx)
+	snapshotService, err := initSnapshotService(*flags.SnapshotInterval, dataStore, dockerClientFactory, kubernetesClientFactory)
 	if err != nil {
 		log.Fatalf("failed initializing snapshot service: %v", err)
 	}
@@ -404,7 +434,7 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		}
 	}
 
-	err = edge.LoadEdgeJobs(dataStore, reverseTunnelService)
+	err = loadEdgeJobsFromDatabase(dataStore, reverseTunnelService)
 	if err != nil {
 		log.Fatalf("failed loading edge jobs from database: %v", err)
 	}
@@ -452,12 +482,14 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		}
 	}
 
+	go terminateIfNoAdminCreated(dataStore)
+
 	err = reverseTunnelService.StartTunnelServer(*flags.TunnelAddr, *flags.TunnelPort, snapshotService)
 	if err != nil {
-		log.Fatalf("failed starting license service: %s", err)
+		log.Fatalf("failed starting tunnel server: %v", err)
 	}
 
-	return &http.Server{
+	var server portainer.Server = &http.Server{
 		ReverseTunnelService:        reverseTunnelService,
 		Status:                      applicationStatus,
 		BindAddress:                 *flags.Addr,
@@ -481,18 +513,11 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		SSLKey:                      *flags.SSLKey,
 		DockerClientFactory:         dockerClientFactory,
 		KubernetesClientFactory:     kubernetesClientFactory,
-		ShutdownCtx:                 shutdownCtx,
-		ShutdownTrigger:             shutdownTrigger,
-	}
-}
-
-func main() {
-	flags := initCLI()
-
-	for {
-		server := buildServer(flags)
-		log.Printf("Starting Portainer %s on %s\n", portainer.APIVersion, *flags.Addr)
-		err := server.Start()
-		log.Printf("Http server exited: %s\n", err)
+	}
+
+	log.Printf("Starting Portainer %s on %s", portainer.APIVersion, *flags.Addr)
+	err = server.Start()
+	if err != nil {
+		log.Fatalf("failed starting server: %v", err)
 	}
 }

api/crypto/aes.go

@@ -1,70 +0,0 @@
-package crypto
-
-import (
-	"crypto/aes"
-	"crypto/cipher"
-	"io"
-
-	"golang.org/x/crypto/scrypt"
-)
-
-// NOTE: has to go with what is considered to be a simplistic in that it omits any
-// authentication of the encrypted data.
-// Person with better knowledge is welcomed to improve it.
-// sourced from https://golang.org/src/crypto/cipher/example_test.go
-
-var emptySalt []byte = make([]byte, 0, 0)
-
-// AesEncrypt reads from input, encrypts with AES-256 and writes to the output.
-// passphrase is used to generate an encryption key.
-func AesEncrypt(input io.Reader, output io.Writer, passphrase []byte) error {
-	// making a 32 bytes key that would correspond to AES-256
-	// don't necessarily need a salt, so just kept in empty
-	key, err := scrypt.Key(passphrase, emptySalt, 32768, 8, 1, 32)
-	if err != nil {
-		return err
-	}
-
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return err
-	}
-
-	// If the key is unique for each ciphertext, then it's ok to use a zero
-	// IV.
-	var iv [aes.BlockSize]byte
-	stream := cipher.NewOFB(block, iv[:])
-
-	writer := &cipher.StreamWriter{S: stream, W: output}
-	// Copy the input to the output, encrypting as we go.
-	if _, err := io.Copy(writer, input); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// AesDecrypt reads from input, decrypts with AES-256 and returns the reader to a read decrypted content from.
-// passphrase is used to generate an encryption key.
-func AesDecrypt(input io.Reader, passphrase []byte) (io.Reader, error) {
-	// making a 32 bytes key that would correspond to AES-256
-	// don't necessarily need a salt, so just kept in empty
-	key, err := scrypt.Key(passphrase, emptySalt, 32768, 8, 1, 32)
-	if err != nil {
-		return nil, err
-	}
-
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-
-	// If the key is unique for each ciphertext, then it's ok to use a zero
-	// IV.
-	var iv [aes.BlockSize]byte
-	stream := cipher.NewOFB(block, iv[:])
-
-	reader := &cipher.StreamReader{S: stream, R: input}
-
-	return reader, nil
-}

api/crypto/aes_test.go

@@ -1,132 +0,0 @@
-package crypto
-
-import (
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_encryptAndDecrypt_withTheSamePassword(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "encrypt")
-	defer os.RemoveAll(tmpdir)
-
-	var (
-		originFilePath    = filepath.Join(tmpdir, "origin")
-		encryptedFilePath = filepath.Join(tmpdir, "encrypted")
-		decryptedFilePath = filepath.Join(tmpdir, "decrypted")
-	)
-
-	content := []byte("content")
-	ioutil.WriteFile(originFilePath, content, 0600)
-
-	originFile, _ := os.Open(originFilePath)
-	defer originFile.Close()
-
-	encryptedFileWriter, _ := os.Create(encryptedFilePath)
-	defer encryptedFileWriter.Close()
-
-	err := AesEncrypt(originFile, encryptedFileWriter, []byte("passphrase"))
-	assert.Nil(t, err, "Failed to encrypt a file")
-	encryptedContent, err := ioutil.ReadFile(encryptedFilePath)
-	assert.Nil(t, err, "Couldn't read encrypted file")
-	assert.NotEqual(t, encryptedContent, content, "Content wasn't encrypted")
-
-	encryptedFileReader, _ := os.Open(encryptedFilePath)
-	defer encryptedFileReader.Close()
-
-	decryptedFileWriter, _ := os.Create(decryptedFilePath)
-	defer decryptedFileWriter.Close()
-
-	decryptedReader, err := AesDecrypt(encryptedFileReader, []byte("passphrase"))
-	assert.Nil(t, err, "Failed to decrypt file")
-
-	io.Copy(decryptedFileWriter, decryptedReader)
-
-	decryptedContent, _ := ioutil.ReadFile(decryptedFilePath)
-	assert.Equal(t, content, decryptedContent, "Original and decrypted content should match")
-}
-
-func Test_encryptAndDecrypt_withEmptyPassword(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "encrypt")
-	defer os.RemoveAll(tmpdir)
-
-	var (
-		originFilePath    = filepath.Join(tmpdir, "origin")
-		encryptedFilePath = filepath.Join(tmpdir, "encrypted")
-		decryptedFilePath = filepath.Join(tmpdir, "decrypted")
-	)
-
-	content := []byte("content")
-	ioutil.WriteFile(originFilePath, content, 0600)
-
-	originFile, _ := os.Open(originFilePath)
-	defer originFile.Close()
-
-	encryptedFileWriter, _ := os.Create(encryptedFilePath)
-	defer encryptedFileWriter.Close()
-
-	err := AesEncrypt(originFile, encryptedFileWriter, []byte(""))
-	assert.Nil(t, err, "Failed to encrypt a file")
-	encryptedContent, err := ioutil.ReadFile(encryptedFilePath)
-	assert.Nil(t, err, "Couldn't read encrypted file")
-	assert.NotEqual(t, encryptedContent, content, "Content wasn't encrypted")
-
-	encryptedFileReader, _ := os.Open(encryptedFilePath)
-	defer encryptedFileReader.Close()
-
-	decryptedFileWriter, _ := os.Create(decryptedFilePath)
-	defer decryptedFileWriter.Close()
-
-	decryptedReader, err := AesDecrypt(encryptedFileReader, []byte(""))
-	assert.Nil(t, err, "Failed to decrypt file")
-
-	io.Copy(decryptedFileWriter, decryptedReader)
-
-	decryptedContent, _ := ioutil.ReadFile(decryptedFilePath)
-	assert.Equal(t, content, decryptedContent, "Original and decrypted content should match")
-}
-
-func Test_decryptWithDifferentPassphrase_shouldProduceWrongResult(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "encrypt")
-	defer os.RemoveAll(tmpdir)
-
-	var (
-		originFilePath    = filepath.Join(tmpdir, "origin")
-		encryptedFilePath = filepath.Join(tmpdir, "encrypted")
-		decryptedFilePath = filepath.Join(tmpdir, "decrypted")
-	)
-
-	content := []byte("content")
-	ioutil.WriteFile(originFilePath, content, 0600)
-
-	originFile, _ := os.Open(originFilePath)
-	defer originFile.Close()
-
-	encryptedFileWriter, _ := os.Create(encryptedFilePath)
-	defer encryptedFileWriter.Close()
-
-	err := AesEncrypt(originFile, encryptedFileWriter, []byte("passphrase"))
-	assert.Nil(t, err, "Failed to encrypt a file")
-	encryptedContent, err := ioutil.ReadFile(encryptedFilePath)
-	assert.Nil(t, err, "Couldn't read encrypted file")
-	assert.NotEqual(t, encryptedContent, content, "Content wasn't encrypted")
-
-	encryptedFileReader, _ := os.Open(encryptedFilePath)
-	defer encryptedFileReader.Close()
-
-	decryptedFileWriter, _ := os.Create(decryptedFilePath)
-	defer decryptedFileWriter.Close()
-
-	decryptedReader, err := AesDecrypt(encryptedFileReader, []byte("garbage"))
-	assert.Nil(t, err, "Should allow to decrypt with wrong passphrase")
-
-	io.Copy(decryptedFileWriter, decryptedReader)
-
-	decryptedContent, _ := ioutil.ReadFile(decryptedFilePath)
-	assert.NotEqual(t, content, decryptedContent, "Original and decrypted content should NOT match")
-}

api/exec/compose_wrapper.go

@@ -16,19 +16,17 @@ import (
 // ComposeWrapper is a wrapper for docker-compose binary
 type ComposeWrapper struct {
 	binaryPath   string
-	dataPath     string
 	proxyManager *proxy.Manager
 }
 
 // NewComposeWrapper returns a docker-compose wrapper if corresponding binary present, otherwise nil
-func NewComposeWrapper(binaryPath, dataPath string, proxyManager *proxy.Manager) *ComposeWrapper {
+func NewComposeWrapper(binaryPath string, proxyManager *proxy.Manager) *ComposeWrapper {
 	if !IsBinaryPresent(programPath(binaryPath, "docker-compose")) {
 		return nil
 	}
 
 	return &ComposeWrapper{
 		binaryPath:   binaryPath,
-		dataPath:     dataPath,
 		proxyManager: proxyManager,
 	}
 }
@@ -38,11 +36,6 @@ func (w *ComposeWrapper) ComposeSyntaxMaxVersion() string {
 	return portainer.ComposeSyntaxMaxVersion
 }
 
-// NormalizeStackName returns a new stack name with unsupported characters replaced
-func (w *ComposeWrapper) NormalizeStackName(name string) string {
-	return name
-}
-
 // Up builds, (re)creates and starts containers in the background. Wraps `docker-compose up -d` command
 func (w *ComposeWrapper) Up(stack *portainer.Stack, endpoint *portainer.Endpoint) error {
 	_, err := w.command([]string{"up", "-d"}, stack, endpoint)
@@ -86,8 +79,6 @@ func (w *ComposeWrapper) command(command []string, stack *portainer.Stack, endpo
 
 	var stderr bytes.Buffer
 	cmd := exec.Command(program, args...)
-	cmd.Env = os.Environ()
-	cmd.Env = append(cmd.Env, fmt.Sprintf("DOCKER_CONFIG=%s", w.dataPath))
 	cmd.Stderr = &stderr
 
 	out, err := cmd.Output()

api/exec/compose_wrapper_integration_test.go

@@ -42,7 +42,7 @@ func Test_UpAndDown(t *testing.T) {
 
 	stack, endpoint := setup(t)
 
-	w := NewComposeWrapper("", "", nil)
+	w := NewComposeWrapper("", nil)
 
 	err := w.Up(stack, endpoint)
 	if err != nil {

api/filesystem/filesystem.go

@@ -9,7 +9,7 @@ import (
 	"io/ioutil"
 
 	"github.com/gofrs/uuid"
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 
 	"io"
 	"os"
@@ -505,8 +505,3 @@ func (service *Service) GetTemporaryPath() (string, error) {
 
 	return path.Join(service.fileStorePath, TempPath, uid.String()), nil
 }
-
-// GetDataStorePath returns path to data folder
-func (service *Service) GetDatastorePath() string {
-	return service.dataStorePath
-}

api/go.mod

@@ -25,7 +25,6 @@ require (
 	github.com/mattn/go-shellwords v1.0.6 // indirect
 	github.com/mitchellh/mapstructure v1.1.2 // indirect
 	github.com/orcaman/concurrent-map v0.0.0-20190826125027-8c72a8bb44f6
-	github.com/pkg/errors v0.9.1
 	github.com/portainer/libcompose v0.5.3
 	github.com/portainer/libcrypto v0.0.0-20190723020515-23ebe86ab2c2
 	github.com/portainer/libhttp v0.0.0-20190806161843-ba068f58be33

api/go.sum

@@ -223,8 +223,6 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

api/http/handler/backup/backup.go

@@ -1,53 +0,0 @@
-package backup
-
-import (
-	"fmt"
-	"net/http"
-	"os"
-	"path/filepath"
-
-	httperror "github.com/portainer/libhttp/error"
-	"github.com/portainer/libhttp/request"
-	operations "github.com/portainer/portainer/api/backup"
-)
-
-type (
-	backupPayload struct {
-		Password string
-	}
-)
-
-func (p *backupPayload) Validate(r *http.Request) error {
-	return nil
-}
-
-// @id Backup
-// @summary Creates an archive with a system data snapshot that could be used to restore the system.
-// @description  Creates an archive with a system data snapshot that could be used to restore the system.
-// @description **Access policy**: admin
-// @tags backup
-// @security jwt
-// @produce octet-stream
-// @param Password body string false "Password to encrypt the backup with"
-// @success 200 "Success"
-// @failure 400 "Invalid request"
-// @failure 500 "Server error"
-// @router /backup [post]
-func (h *Handler) backup(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	var payload backupPayload
-	err := request.DecodeAndValidateJSONPayload(r, &payload)
-	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid request payload", Err: err}
-	}
-
-	archivePath, err := operations.CreateBackupArchive(payload.Password, h.gate, h.dataStore, h.filestorePath)
-	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Failed to create backup", Err: err}
-	}
-	defer os.RemoveAll(filepath.Dir(archivePath))
-
-	w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s", fmt.Sprintf("portainer-backup_%s", filepath.Base(archivePath))))
-	http.ServeFile(w, r, archivePath)
-
-	return nil
-}

api/http/handler/backup/backup_test.go

@@ -1,122 +0,0 @@
-package backup
-
-import (
-	"bytes"
-	"context"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"os/exec"
-	"path"
-	"path/filepath"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/portainer/portainer/api/adminmonitor"
-	"github.com/portainer/portainer/api/crypto"
-	"github.com/portainer/portainer/api/http/offlinegate"
-	i "github.com/portainer/portainer/api/internal/testhelpers"
-	"github.com/stretchr/testify/assert"
-)
-
-func listFiles(dir string) []string {
-	items := make([]string, 0)
-	filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
-		if path == dir {
-			return nil
-		}
-		items = append(items, path)
-		return nil
-	})
-
-	return items
-}
-
-func contains(t *testing.T, list []string, path string) {
-	assert.Contains(t, list, path)
-	copyContent, _ := ioutil.ReadFile(path)
-	assert.Equal(t, "content\n", string(copyContent))
-}
-
-func Test_backupHandlerWithoutPassword_shouldCreateATarballArchive(t *testing.T) {
-	r := httptest.NewRequest(http.MethodPost, "/", strings.NewReader(`{"password":""}`))
-	w := httptest.NewRecorder()
-
-	gate := offlinegate.NewOfflineGate()
-	adminMonitor := adminmonitor.New(time.Hour, nil, context.Background())
-
-	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor).backup(w, r)
-	assert.Nil(t, handlerErr, "Handler should not fail")
-
-	response := w.Result()
-	body, _ := io.ReadAll(response.Body)
-
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	archivePath := filepath.Join(tmpdir, "archive.tar.gz")
-	err := ioutil.WriteFile(archivePath, body, 0600)
-	if err != nil {
-		t.Fatal("Failed to save downloaded .tar.gz archive: ", err)
-	}
-	cmd := exec.Command("tar", "-xzf", archivePath, "-C", tmpdir)
-	err = cmd.Run()
-	if err != nil {
-		t.Fatal("Failed to extract archive: ", err)
-	}
-
-	createdFiles := listFiles(tmpdir)
-
-	contains(t, createdFiles, path.Join(tmpdir, "portainer.key"))
-	contains(t, createdFiles, path.Join(tmpdir, "portainer.pub"))
-	contains(t, createdFiles, path.Join(tmpdir, "tls", "file1"))
-	contains(t, createdFiles, path.Join(tmpdir, "tls", "file2"))
-	assert.NotContains(t, createdFiles, path.Join(tmpdir, "extra_file"))
-	assert.NotContains(t, createdFiles, path.Join(tmpdir, "extra_folder", "file1"))
-}
-
-func Test_backupHandlerWithPassword_shouldCreateEncryptedATarballArchive(t *testing.T) {
-	r := httptest.NewRequest(http.MethodPost, "/", strings.NewReader(`{"password":"secret"}`))
-	w := httptest.NewRecorder()
-
-	gate := offlinegate.NewOfflineGate()
-	adminMonitor := adminmonitor.New(time.Hour, nil, nil)
-
-	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor).backup(w, r)
-	assert.Nil(t, handlerErr, "Handler should not fail")
-
-	response := w.Result()
-	body, _ := io.ReadAll(response.Body)
-
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	dr, err := crypto.AesDecrypt(bytes.NewReader(body), []byte("secret"))
-	if err != nil {
-		t.Fatal("Failed to decrypt archive")
-	}
-
-	archivePath := filepath.Join(tmpdir, "archive.tag.gz")
-	archive, _ := os.Create(archivePath)
-	defer archive.Close()
-	io.Copy(archive, dr)
-
-	cmd := exec.Command("tar", "-xzf", archivePath, "-C", tmpdir)
-	err = cmd.Run()
-	if err != nil {
-		t.Fatal("Failed to extract archive: ", err)
-	}
-
-	createdFiles := listFiles(tmpdir)
-
-	contains(t, createdFiles, path.Join(tmpdir, "portainer.key"))
-	contains(t, createdFiles, path.Join(tmpdir, "portainer.pub"))
-	contains(t, createdFiles, path.Join(tmpdir, "tls", "file1"))
-	contains(t, createdFiles, path.Join(tmpdir, "tls", "file2"))
-	assert.NotContains(t, createdFiles, path.Join(tmpdir, "extra_file"))
-	assert.NotContains(t, createdFiles, path.Join(tmpdir, "extra_folder", "file1"))
-}

api/http/handler/backup/handler.go

@@ -1,65 +0,0 @@
-package backup
-
-import (
-	"context"
-	"net/http"
-
-	"github.com/gorilla/mux"
-	httperror "github.com/portainer/libhttp/error"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/adminmonitor"
-	"github.com/portainer/portainer/api/http/offlinegate"
-	"github.com/portainer/portainer/api/http/security"
-)
-
-// Handler is an http handler responsible for backup and restore portainer state
-type Handler struct {
-	*mux.Router
-	bouncer         *security.RequestBouncer
-	dataStore       portainer.DataStore
-	gate            *offlinegate.OfflineGate
-	filestorePath   string
-	shutdownTrigger context.CancelFunc
-	adminMonitor    *adminmonitor.Monitor
-}
-
-// NewHandler creates an new instance of backup handler
-func NewHandler(bouncer *security.RequestBouncer, dataStore portainer.DataStore, gate *offlinegate.OfflineGate, filestorePath string, shutdownTrigger context.CancelFunc, adminMonitor *adminmonitor.Monitor) *Handler {
-	h := &Handler{
-		Router:          mux.NewRouter(),
-		bouncer:         bouncer,
-		dataStore:       dataStore,
-		gate:            gate,
-		filestorePath:   filestorePath,
-		shutdownTrigger: shutdownTrigger,
-		adminMonitor:    adminMonitor,
-	}
-
-	h.Handle("/backup", bouncer.RestrictedAccess(adminAccess(httperror.LoggerHandler(h.backup)))).Methods(http.MethodPost)
-	h.Handle("/restore", bouncer.PublicAccess(httperror.LoggerHandler(h.restore))).Methods(http.MethodPost)
-
-	return h
-}
-
-func adminAccess(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		securityContext, err := security.RetrieveRestrictedRequestContext(r)
-		if err != nil {
-			httperror.WriteError(w, http.StatusInternalServerError, "Unable to retrieve user info from request context", err)
-		}
-
-		if !securityContext.IsAdmin {
-			httperror.WriteError(w, http.StatusUnauthorized, "User is not authorized to perfom the action", nil)
-		}
-
-		next.ServeHTTP(w, r)
-	})
-}
-
-func systemWasInitialized(dataStore portainer.DataStore) (bool, error) {
-	users, err := dataStore.User().UsersByRole(portainer.AdministratorRole)
-	if err != nil {
-		return false, err
-	}
-	return len(users) > 0, nil
-}

api/http/handler/backup/restore.go

@@ -1,69 +0,0 @@
-package backup
-
-import (
-	"bytes"
-	"io"
-	"net/http"
-
-	"github.com/pkg/errors"
-	httperror "github.com/portainer/libhttp/error"
-	"github.com/portainer/libhttp/request"
-	operations "github.com/portainer/portainer/api/backup"
-)
-
-type restorePayload struct {
-	FileContent []byte
-	FileName    string
-	Password    string
-}
-
-// @id Restore
-// @summary Triggers a system restore using provided backup file
-// @description Triggers a system restore using provided backup file
-// @description **Access policy**: public
-// @tags backup
-// @param FileContent body []byte true "Content of the backup"
-// @param FileName body string true "File name"
-// @param Password body string false "Password to decrypt the backup with"
-// @success 200  "Success"
-// @failure 400 "Invalid request"
-// @failure 500 "Server error"
-// @router /restore [post]
-func (h *Handler) restore(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	initialized, err := h.adminMonitor.WasInitialized()
-	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Failed to check system initialization", Err: err}
-	}
-	if initialized {
-		return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Cannot restore already initialized instance", Err: errors.New("system already initialized")}
-	}
-	h.adminMonitor.Stop()
-	defer h.adminMonitor.Start()
-
-	var payload restorePayload
-	err = decodeForm(r, &payload)
-	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid request payload", Err: err}
-	}
-
-	var archiveReader io.Reader = bytes.NewReader(payload.FileContent)
-	err = operations.RestoreArchive(archiveReader, payload.Password, h.filestorePath, h.gate, h.dataStore, h.shutdownTrigger)
-	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Failed to restore the backup", Err: err}
-	}
-
-	return nil
-}
-
-func decodeForm(r *http.Request, p *restorePayload) error {
-	content, name, err := request.RetrieveMultiPartFormFile(r, "file")
-	if err != nil {
-		return err
-	}
-	p.FileContent = content
-	p.FileName = name
-
-	password, _ := request.RetrieveMultiPartFormValue(r, "password", true)
-	p.Password = password
-	return nil
-}

api/http/handler/backup/restore_test.go

@@ -1,123 +0,0 @@
-package backup
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"mime/multipart"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-	"time"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/adminmonitor"
-	"github.com/portainer/portainer/api/http/offlinegate"
-	i "github.com/portainer/portainer/api/internal/testhelpers"
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_restoreArchive_usingCombinationOfPasswords(t *testing.T) {
-	tests := []struct {
-		name            string
-		backupPassword  string
-		restorePassword string
-		fails           bool
-	}{
-		{
-			name:            "empty password to both encrypt and decrypt",
-			backupPassword:  "",
-			restorePassword: "",
-			fails:           false,
-		},
-		{
-			name:            "same password to encrypt and decrypt",
-			backupPassword:  "secret",
-			restorePassword: "secret",
-			fails:           false,
-		},
-		{
-			name:            "different passwords to encrypt and decrypt",
-			backupPassword:  "secret",
-			restorePassword: "terces",
-			fails:           true,
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			datastore := i.NewDatastore(i.WithUsers([]portainer.User{}), i.WithEdgeJobs([]portainer.EdgeJob{}))
-			adminMonitor := adminmonitor.New(time.Hour, datastore, context.Background())
-
-			h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor)
-
-			//backup
-			archive := backup(t, h, test.backupPassword)
-
-			//restore
-			w := httptest.NewRecorder()
-			r, err := prepareMultipartRequest(test.restorePassword, archive)
-			assert.Nil(t, err, "Shouldn't fail to write multipart form")
-
-			restoreErr := h.restore(w, r)
-			assert.Equal(t, test.fails, restoreErr != nil, "Didn't meet expectation of failing restore handler")
-		})
-	}
-}
-
-func Test_restoreArchive_shouldFailIfSystemWasAlreadyInitialized(t *testing.T) {
-	admin := portainer.User{
-		Role: portainer.AdministratorRole,
-	}
-	datastore := i.NewDatastore(i.WithUsers([]portainer.User{admin}), i.WithEdgeJobs([]portainer.EdgeJob{}))
-	adminMonitor := adminmonitor.New(time.Hour, datastore, context.Background())
-
-	h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor)
-
-	//backup
-	archive := backup(t, h, "password")
-
-	//restore
-	w := httptest.NewRecorder()
-	r, err := prepareMultipartRequest("password", archive)
-	assert.Nil(t, err, "Shouldn't fail to write multipart form")
-
-	restoreErr := h.restore(w, r)
-	assert.NotNil(t, restoreErr, "Should fail, because system it already initialized")
-	assert.Equal(t, "Cannot restore already initialized instance", restoreErr.Message, "Should fail with certain error")
-}
-
-func backup(t *testing.T, h *Handler, password string) []byte {
-	r := httptest.NewRequest(http.MethodPost, "/", strings.NewReader(fmt.Sprintf(`{"password":"%s"}`, password)))
-	w := httptest.NewRecorder()
-
-	backupErr := h.backup(w, r)
-	assert.Nil(t, backupErr, "Backup should not fail")
-
-	response := w.Result()
-	archive, _ := io.ReadAll(response.Body)
-	return archive
-}
-
-func prepareMultipartRequest(password string, file []byte) (*http.Request, error) {
-	var body bytes.Buffer
-	w := multipart.NewWriter(&body)
-	err := w.WriteField("password", password)
-	if err != nil {
-		return nil, err
-	}
-	fw, err := w.CreateFormFile("file", "filename")
-	if err != nil {
-		return nil, err
-	}
-	io.Copy(fw, bytes.NewReader(file))
-
-	r := httptest.NewRequest(http.MethodPost, "http://localhost/", &body)
-	r.Header.Set("Content-Type", w.FormDataContentType())
-
-	w.Close()
-
-	return r, nil
-}

api/http/handler/backup/test_assets/handler_test/extra_file

@@ -1 +0,0 @@
-content

api/http/handler/backup/test_assets/handler_test/extra_folder/file1

@@ -1 +0,0 @@
-content

api/http/handler/backup/test_assets/handler_test/portainer.key

@@ -1 +0,0 @@
-content

api/http/handler/backup/test_assets/handler_test/portainer.pub

@@ -1 +0,0 @@
-content

api/http/handler/backup/test_assets/handler_test/tls/file1

@@ -1 +0,0 @@
-content

api/http/handler/backup/test_assets/handler_test/tls/file2

@@ -1 +0,0 @@
-content

api/http/handler/endpointproxy/proxy_kubernetes.go

@@ -3,12 +3,11 @@ package endpointproxy
 import (
 	"errors"
 	"fmt"
-	"strings"
 	"time"
 
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	bolterrors "github.com/portainer/portainer/api/bolt/errors"
 
 	"net/http"
@@ -67,15 +66,9 @@ func (handler *Handler) proxyRequestsToKubernetesAPI(w http.ResponseWriter, r *h
 
 	requestPrefix := fmt.Sprintf("/%d/kubernetes", endpointID)
 	if endpoint.Type == portainer.AgentOnKubernetesEnvironment || endpoint.Type == portainer.EdgeAgentOnKubernetesEnvironment {
-		if isKubernetesRequest(strings.TrimPrefix(r.URL.String(), requestPrefix)) {
-			requestPrefix = fmt.Sprintf("/%d", endpointID)
-		}
+		requestPrefix = fmt.Sprintf("/%d", endpointID)
 	}
 
 	http.StripPrefix(requestPrefix, proxy).ServeHTTP(w, r)
 	return nil
 }
-
-func isKubernetesRequest(requestURL string) bool {
-	return strings.HasPrefix(requestURL, "/api") || strings.HasPrefix(requestURL, "/healthz")
-}

api/http/handler/endpoints/endpoint_dockerhub_status.go

@@ -1,140 +0,0 @@
-package endpoints
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"net/http"
-	"strconv"
-	"strings"
-
-	httperror "github.com/portainer/libhttp/error"
-	"github.com/portainer/libhttp/request"
-	"github.com/portainer/libhttp/response"
-	portainer "github.com/portainer/portainer/api"
-	bolterrors "github.com/portainer/portainer/api/bolt/errors"
-	"github.com/portainer/portainer/api/http/client"
-	"github.com/portainer/portainer/api/internal/endpointutils"
-)
-
-type dockerhubStatusResponse struct {
-	Remaining int `json:"remaining"`
-	Limit     int `json:"limit"`
-}
-
-// GET request on /api/endpoints/{id}/dockerhub/status
-func (handler *Handler) endpointDockerhubStatus(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
-	if err != nil {
-		return &httperror.HandlerError{http.StatusBadRequest, "Invalid endpoint identifier route variable", err}
-	}
-
-	endpoint, err := handler.DataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
-	if err == bolterrors.ErrObjectNotFound {
-		return &httperror.HandlerError{http.StatusNotFound, "Unable to find an endpoint with the specified identifier inside the database", err}
-	} else if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find an endpoint with the specified identifier inside the database", err}
-	}
-
-	if !endpointutils.IsLocalEndpoint(endpoint) {
-		return &httperror.HandlerError{http.StatusBadRequest, "Invalid environment type", errors.New("Invalid environment type")}
-	}
-
-	dockerhub, err := handler.DataStore.DockerHub().DockerHub()
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve DockerHub details from the database", err}
-	}
-
-	httpClient := client.NewHTTPClient()
-	token, err := getDockerHubToken(httpClient, dockerhub)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve DockerHub token from DockerHub", err}
-	}
-
-	resp, err := getDockerHubLimits(httpClient, token)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve DockerHub rate limits from DockerHub", err}
-	}
-
-	return response.JSON(w, resp)
-}
-
-func getDockerHubToken(httpClient *client.HTTPClient, dockerhub *portainer.DockerHub) (string, error) {
-	type dockerhubTokenResponse struct {
-		Token string `json:"token"`
-	}
-
-	requestURL := "https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull"
-
-	req, err := http.NewRequest(http.MethodGet, requestURL, nil)
-	if err != nil {
-		return "", err
-	}
-
-	if dockerhub.Authentication {
-		req.SetBasicAuth(dockerhub.Username, dockerhub.Password)
-	}
-
-	resp, err := httpClient.Do(req)
-	if err != nil {
-		return "", err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		return "", errors.New("failed fetching dockerhub token")
-	}
-
-	var data dockerhubTokenResponse
-	err = json.NewDecoder(resp.Body).Decode(&data)
-	if err != nil {
-		return "", err
-	}
-
-	return data.Token, nil
-}
-
-func getDockerHubLimits(httpClient *client.HTTPClient, token string) (*dockerhubStatusResponse, error) {
-
-	requestURL := "https://registry-1.docker.io/v2/ratelimitpreview/test/manifests/latest"
-
-	req, err := http.NewRequest(http.MethodHead, requestURL, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token))
-
-	resp, err := httpClient.Do(req)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		return nil, errors.New("failed fetching dockerhub limits")
-	}
-
-	rateLimit, err := parseRateLimitHeader(resp.Header, "RateLimit-Limit")
-	rateLimitRemaining, err := parseRateLimitHeader(resp.Header, "RateLimit-Remaining")
-
-	return &dockerhubStatusResponse{
-		Limit:     rateLimit,
-		Remaining: rateLimitRemaining,
-	}, nil
-}
-
-func parseRateLimitHeader(headers http.Header, headerKey string) (int, error) {
-	headerValue := headers.Get(headerKey)
-	if headerValue == "" {
-		return 0, fmt.Errorf("Missing %s header", headerKey)
-	}
-
-	matches := strings.Split(headerValue, ";")
-	value, err := strconv.Atoi(matches[0])
-	if err != nil {
-		return 0, err
-	}
-
-	return value, nil
-}

api/http/handler/endpoints/endpoint_list.go

@@ -66,11 +66,6 @@ func (handler *Handler) endpointList(w http.ResponseWriter, r *http.Request) *ht
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve endpoints from the database", err}
 	}
 
-	settings, err := handler.DataStore.Settings().Settings()
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
-	}
-
 	securityContext, err := security.RetrieveRestrictedRequestContext(r)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
@@ -113,9 +108,6 @@ func (handler *Handler) endpointList(w http.ResponseWriter, r *http.Request) *ht
 	for idx := range paginatedEndpoints {
 		hideFields(&paginatedEndpoints[idx])
 		paginatedEndpoints[idx].ComposeSyntaxMaxVersion = handler.ComposeStackManager.ComposeSyntaxMaxVersion()
-		if paginatedEndpoints[idx].EdgeCheckinInterval == 0 {
-			paginatedEndpoints[idx].EdgeCheckinInterval = settings.EdgeAgentCheckinInterval
-		}
 	}
 
 	w.Header().Set("X-Total-Count", strconv.Itoa(filteredEndpointCount))

api/http/handler/endpoints/endpoint_settings_update.go

@@ -25,8 +25,6 @@ type endpointSettingsUpdatePayload struct {
 	AllowStackManagementForRegularUsers *bool `json:"allowStackManagementForRegularUsers" example:"true"`
 	// Whether non-administrator should be able to use container capabilities
 	AllowContainerCapabilitiesForRegularUsers *bool `json:"allowContainerCapabilitiesForRegularUsers" example:"true"`
-	// Whether non-administrator should be able to use sysctl settings
-	AllowSysctlSettingForRegularUsers *bool `json:"allowSysctlSettingForRegularUsers" example:"true"`
 	// Whether host management features are enabled
 	EnableHostManagementFeatures *bool `json:"enableHostManagementFeatures" example:"true"`
 }
@@ -99,10 +97,6 @@ func (handler *Handler) endpointSettingsUpdate(w http.ResponseWriter, r *http.Re
 		securitySettings.AllowVolumeBrowserForRegularUsers = *payload.AllowVolumeBrowserForRegularUsers
 	}
 
-	if payload.AllowSysctlSettingForRegularUsers != nil {
-		securitySettings.AllowSysctlSettingForRegularUsers = *payload.AllowSysctlSettingForRegularUsers
-	}
-
 	if payload.EnableHostManagementFeatures != nil {
 		securitySettings.EnableHostManagementFeatures = *payload.EnableHostManagementFeatures
 	}

api/http/handler/endpoints/handler.go

@@ -51,8 +51,6 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
 		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointUpdate))).Methods(http.MethodPut)
 	h.Handle("/endpoints/{id}",
 		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointDelete))).Methods(http.MethodDelete)
-	h.Handle("/endpoints/{id}/dockerhub",
-		bouncer.RestrictedAccess(httperror.LoggerHandler(h.endpointDockerhubStatus))).Methods(http.MethodGet)
 	h.Handle("/endpoints/{id}/extensions",
 		bouncer.RestrictedAccess(httperror.LoggerHandler(h.endpointExtensionAdd))).Methods(http.MethodPost)
 	h.Handle("/endpoints/{id}/extensions/{extensionType}",

api/http/handler/handler.go

@@ -5,7 +5,6 @@ import (
 	"strings"
 
 	"github.com/portainer/portainer/api/http/handler/auth"
-	"github.com/portainer/portainer/api/http/handler/backup"
 	"github.com/portainer/portainer/api/http/handler/customtemplates"
 	"github.com/portainer/portainer/api/http/handler/dockerhub"
 	"github.com/portainer/portainer/api/http/handler/edgegroups"
@@ -37,7 +36,6 @@ import (
 // Handler is a collection of all the service handlers.
 type Handler struct {
 	AuthHandler            *auth.Handler
-	BackupHandler          *backup.Handler
 	CustomTemplatesHandler *customtemplates.Handler
 	DockerHubHandler       *dockerhub.Handler
 	EdgeGroupsHandler      *edgegroups.Handler
@@ -142,10 +140,6 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	switch {
 	case strings.HasPrefix(r.URL.Path, "/api/auth"):
 		http.StripPrefix("/api", h.AuthHandler).ServeHTTP(w, r)
-	case strings.HasPrefix(r.URL.Path, "/api/backup"):
-		http.StripPrefix("/api", h.BackupHandler).ServeHTTP(w, r)
-	case strings.HasPrefix(r.URL.Path, "/api/restore"):
-		http.StripPrefix("/api", h.BackupHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/dockerhub"):
 		http.StripPrefix("/api", h.DockerHubHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/custom_templates"):

api/http/handler/registries/registry_create.go

@@ -26,8 +26,6 @@ type registryCreatePayload struct {
 	Password string `example:"registry_password"`
 	// Gitlab specific details, required when type = 4
 	Gitlab portainer.GitlabRegistryData
-	// Quay specific details, required when type = 1
-	Quay portainer.QuayRegistryData
 }
 
 func (payload *registryCreatePayload) Validate(r *http.Request) error {
@@ -76,7 +74,6 @@ func (handler *Handler) registryCreate(w http.ResponseWriter, r *http.Request) *
 		UserAccessPolicies: portainer.UserAccessPolicies{},
 		TeamAccessPolicies: portainer.TeamAccessPolicies{},
 		Gitlab:             payload.Gitlab,
-		Quay:               payload.Quay,
 	}
 
 	err = handler.DataStore.Registry().CreateRegistry(registry)

api/http/handler/registries/registry_update.go

@@ -24,7 +24,6 @@ type registryUpdatePayload struct {
 	Password           *string `example:"registry_password"`
 	UserAccessPolicies portainer.UserAccessPolicies
 	TeamAccessPolicies portainer.TeamAccessPolicies
-	Quay               *portainer.QuayRegistryData
 }
 
 func (payload *registryUpdatePayload) Validate(r *http.Request) error {
@@ -111,10 +110,6 @@ func (handler *Handler) registryUpdate(w http.ResponseWriter, r *http.Request) *
 		registry.TeamAccessPolicies = payload.TeamAccessPolicies
 	}
 
-	if payload.Quay != nil {
-		registry.Quay = *payload.Quay
-	}
-
 	err = handler.DataStore.Registry().UpdateRegistry(registry.ID, registry)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist registry changes inside the database", err}

api/http/handler/resourcecontrols/resourcecontrol_create.go

@@ -78,8 +78,6 @@ func (handler *Handler) resourceControlCreate(w http.ResponseWriter, r *http.Req
 	switch payload.Type {
 	case "container":
 		resourceControlType = portainer.ContainerResourceControl
-	case "container-group":
-		resourceControlType = portainer.ContainerGroupResourceControl
 	case "service":
 		resourceControlType = portainer.ServiceResourceControl
 	case "volume":

api/http/handler/stacks/create_compose_stack.go

@@ -5,7 +5,9 @@ import (
 	"fmt"
 	"net/http"
 	"path"
+	"regexp"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/asaskevich/govalidator"
@@ -16,6 +18,13 @@ import (
 	"github.com/portainer/portainer/api/http/security"
 )
 
+// this is coming from libcompose
+// https://github.com/portainer/libcompose/blob/master/project/context.go#L117-L120
+func normalizeStackName(name string) string {
+	r := regexp.MustCompile("[^a-z0-9]+")
+	return r.ReplaceAllString(strings.ToLower(name), "")
+}
+
 type composeStackFromFileContentPayload struct {
 	// Name of the stack
 	Name string `example:"myStack" validate:"required"`
@@ -29,7 +38,7 @@ func (payload *composeStackFromFileContentPayload) Validate(r *http.Request) err
 	if govalidator.IsNull(payload.Name) {
 		return errors.New("Invalid stack name")
 	}
-
+	payload.Name = normalizeStackName(payload.Name)
 	if govalidator.IsNull(payload.StackFileContent) {
 		return errors.New("Invalid stack file content")
 	}
@@ -40,11 +49,9 @@ func (handler *Handler) createComposeStackFromFileContent(w http.ResponseWriter,
 	var payload composeStackFromFileContentPayload
 	err := request.DecodeAndValidateJSONPayload(r, &payload)
 	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid request payload", Err: err}
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
 	}
 
-	payload.Name = handler.ComposeStackManager.NormalizeStackName(payload.Name)
-
 	isUnique, err := handler.checkUniqueName(endpoint, payload.Name, 0, false)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to check for name collision", err}
@@ -69,7 +76,7 @@ func (handler *Handler) createComposeStackFromFileContent(w http.ResponseWriter,
 	stackFolder := strconv.Itoa(int(stack.ID))
 	projectPath, err := handler.FileService.StoreStackFileFromBytes(stackFolder, stack.EntryPoint, []byte(payload.StackFileContent))
 	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist Compose file on disk", Err: err}
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist Compose file on disk", err}
 	}
 	stack.ProjectPath = projectPath
 
@@ -83,14 +90,14 @@ func (handler *Handler) createComposeStackFromFileContent(w http.ResponseWriter,
 
 	err = handler.deployComposeStack(config)
 	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: err.Error(), Err: err}
+		return &httperror.HandlerError{http.StatusInternalServerError, err.Error(), err}
 	}
 
 	stack.CreatedBy = config.user.Username
 
 	err = handler.DataStore.Stack().CreateStack(stack)
 	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist the stack inside the database", Err: err}
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the stack inside the database", err}
 	}
 
 	doCleanUp = false
@@ -122,14 +129,16 @@ func (payload *composeStackFromGitRepositoryPayload) Validate(r *http.Request) e
 	if govalidator.IsNull(payload.Name) {
 		return errors.New("Invalid stack name")
 	}
-
+	payload.Name = normalizeStackName(payload.Name)
 	if govalidator.IsNull(payload.RepositoryURL) || !govalidator.IsURL(payload.RepositoryURL) {
 		return errors.New("Invalid repository URL. Must correspond to a valid URL format")
 	}
 	if payload.RepositoryAuthentication && (govalidator.IsNull(payload.RepositoryUsername) || govalidator.IsNull(payload.RepositoryPassword)) {
 		return errors.New("Invalid repository credentials. Username and password must be specified when authentication is enabled")
 	}
-
+	if govalidator.IsNull(payload.ComposeFilePathInRepository) {
+		payload.ComposeFilePathInRepository = filesystem.ComposeFileDefaultName
+	}
 	return nil
 }
 
@@ -137,12 +146,7 @@ func (handler *Handler) createComposeStackFromGitRepository(w http.ResponseWrite
 	var payload composeStackFromGitRepositoryPayload
 	err := request.DecodeAndValidateJSONPayload(r, &payload)
 	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid request payload", Err: err}
-	}
-
-	payload.Name = handler.ComposeStackManager.NormalizeStackName(payload.Name)
-	if payload.ComposeFilePathInRepository == "" {
-		payload.ComposeFilePathInRepository = filesystem.ComposeFileDefaultName
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
 	}
 
 	isUnique, err := handler.checkUniqueName(endpoint, payload.Name, 0, false)
@@ -150,7 +154,7 @@ func (handler *Handler) createComposeStackFromGitRepository(w http.ResponseWrite
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to check for name collision", err}
 	}
 	if !isUnique {
-		errorMessage := fmt.Sprintf("A stack with the name '%s' already exists", payload.Name)
+		errorMessage := fmt.Sprintf("A stack with the name '%s' is already running", payload.Name)
 		return &httperror.HandlerError{http.StatusConflict, errorMessage, errors.New(errorMessage)}
 	}
 
@@ -183,7 +187,7 @@ func (handler *Handler) createComposeStackFromGitRepository(w http.ResponseWrite
 
 	err = handler.cloneGitRepository(gitCloneParams)
 	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to clone git repository", Err: err}
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to clone git repository", err}
 	}
 
 	config, configErr := handler.createComposeDeployConfig(r, stack, endpoint)
@@ -193,14 +197,14 @@ func (handler *Handler) createComposeStackFromGitRepository(w http.ResponseWrite
 
 	err = handler.deployComposeStack(config)
 	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: err.Error(), Err: err}
+		return &httperror.HandlerError{http.StatusInternalServerError, err.Error(), err}
 	}
 
 	stack.CreatedBy = config.user.Username
 
 	err = handler.DataStore.Stack().CreateStack(stack)
 	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist the stack inside the database", Err: err}
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the stack inside the database", err}
 	}
 
 	doCleanUp = false
@@ -213,43 +217,41 @@ type composeStackFromFileUploadPayload struct {
 	Env              []portainer.Pair
 }
 
-func decodeRequestForm(r *http.Request) (*composeStackFromFileUploadPayload, error) {
-	payload := &composeStackFromFileUploadPayload{}
+func (payload *composeStackFromFileUploadPayload) Validate(r *http.Request) error {
 	name, err := request.RetrieveMultiPartFormValue(r, "Name", false)
 	if err != nil {
-		return nil, errors.New("Invalid stack name")
+		return errors.New("Invalid stack name")
 	}
-	payload.Name = name
+	payload.Name = normalizeStackName(name)
 
 	composeFileContent, _, err := request.RetrieveMultiPartFormFile(r, "file")
 	if err != nil {
-		return nil, errors.New("Invalid Compose file. Ensure that the Compose file is uploaded correctly")
+		return errors.New("Invalid Compose file. Ensure that the Compose file is uploaded correctly")
 	}
 	payload.StackFileContent = composeFileContent
 
 	var env []portainer.Pair
 	err = request.RetrieveMultiPartFormJSONValue(r, "Env", &env, true)
 	if err != nil {
-		return nil, errors.New("Invalid Env parameter")
+		return errors.New("Invalid Env parameter")
 	}
 	payload.Env = env
-	return payload, nil
+	return nil
 }
 
 func (handler *Handler) createComposeStackFromFileUpload(w http.ResponseWriter, r *http.Request, endpoint *portainer.Endpoint, userID portainer.UserID) *httperror.HandlerError {
-	payload, err := decodeRequestForm(r)
+	payload := &composeStackFromFileUploadPayload{}
+	err := payload.Validate(r)
 	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusBadRequest, Message: "Invalid request payload", Err: err}
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
 	}
 
-	payload.Name = handler.ComposeStackManager.NormalizeStackName(payload.Name)
-
 	isUnique, err := handler.checkUniqueName(endpoint, payload.Name, 0, false)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to check for name collision", err}
 	}
 	if !isUnique {
-		errorMessage := fmt.Sprintf("A stack with the name '%s' already exists", payload.Name)
+		errorMessage := fmt.Sprintf("A stack with the name '%s' is already running", payload.Name)
 		return &httperror.HandlerError{http.StatusConflict, errorMessage, errors.New(errorMessage)}
 	}
 
@@ -268,7 +270,7 @@ func (handler *Handler) createComposeStackFromFileUpload(w http.ResponseWriter,
 	stackFolder := strconv.Itoa(int(stack.ID))
 	projectPath, err := handler.FileService.StoreStackFileFromBytes(stackFolder, stack.EntryPoint, payload.StackFileContent)
 	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist Compose file on disk", Err: err}
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist Compose file on disk", err}
 	}
 	stack.ProjectPath = projectPath
 
@@ -282,14 +284,14 @@ func (handler *Handler) createComposeStackFromFileUpload(w http.ResponseWriter,
 
 	err = handler.deployComposeStack(config)
 	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: err.Error(), Err: err}
+		return &httperror.HandlerError{http.StatusInternalServerError, err.Error(), err}
 	}
 
 	stack.CreatedBy = config.user.Username
 
 	err = handler.DataStore.Stack().CreateStack(stack)
 	if err != nil {
-		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist the stack inside the database", Err: err}
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist the stack inside the database", err}
 	}
 
 	doCleanUp = false
@@ -308,23 +310,23 @@ type composeStackDeploymentConfig struct {
 func (handler *Handler) createComposeDeployConfig(r *http.Request, stack *portainer.Stack, endpoint *portainer.Endpoint) (*composeStackDeploymentConfig, *httperror.HandlerError) {
 	securityContext, err := security.RetrieveRestrictedRequestContext(r)
 	if err != nil {
-		return nil, &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to retrieve info from request context", Err: err}
+		return nil, &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve info from request context", err}
 	}
 
 	dockerhub, err := handler.DataStore.DockerHub().DockerHub()
 	if err != nil {
-		return nil, &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to retrieve DockerHub details from the database", Err: err}
+		return nil, &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve DockerHub details from the database", err}
 	}
 
 	registries, err := handler.DataStore.Registry().Registries()
 	if err != nil {
-		return nil, &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to retrieve registries from the database", Err: err}
+		return nil, &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve registries from the database", err}
 	}
 	filteredRegistries := security.FilterRegistries(registries, securityContext)
 
 	user, err := handler.DataStore.User().User(securityContext.UserID)
 	if err != nil {
-		return nil, &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to load user information from the database", Err: err}
+		return nil, &httperror.HandlerError{http.StatusInternalServerError, "Unable to load user information from the database", err}
 	}
 
 	config := &composeStackDeploymentConfig{
@@ -356,7 +358,6 @@ func (handler *Handler) deployComposeStack(config *composeStackDeploymentConfig)
 		!securitySettings.AllowPrivilegedModeForRegularUsers ||
 		!securitySettings.AllowHostNamespaceForRegularUsers ||
 		!securitySettings.AllowDeviceMappingForRegularUsers ||
-		!securitySettings.AllowSysctlSettingForRegularUsers ||
 		!securitySettings.AllowContainerCapabilitiesForRegularUsers) &&
 		!isAdminOrEndpointAdmin {
 

api/http/handler/stacks/stack_create.go

@@ -192,10 +192,6 @@ func (handler *Handler) isValidStackFile(stackFileContent []byte, securitySettin
 			return errors.New("device mapping disabled for non administrator users")
 		}
 
-		if !securitySettings.AllowSysctlSettingForRegularUsers && service.Sysctls != nil && len(service.Sysctls) > 0 {
-			return errors.New("sysctl setting disabled for non administrator users")
-		}
-
 		if !securitySettings.AllowContainerCapabilitiesForRegularUsers && (len(service.CapAdd) > 0 || len(service.CapDrop) > 0) {
 			return errors.New("container capabilities disabled for non administrator users")
 		}

api/http/offlinegate/offlinegate.go

@@ -1,71 +0,0 @@
-package offlinegate
-
-import (
-	"log"
-	"net/http"
-	"sync"
-	"time"
-
-	httperror "github.com/portainer/libhttp/error"
-)
-
-// OfflineGate is a entity that works similar to a mutex with a signaling
-// Only the caller that have Locked an gate can unlock it, otherw will be blocked with a call to Lock.
-// Gate provides a passthrough http middleware that will wait for a locked gate to be unlocked.
-// For a safety reasons, middleware will timeout
-type OfflineGate struct {
-	lock        *sync.Mutex
-	signalingCh chan interface{}
-}
-
-// NewOfflineGate creates a new gate
-func NewOfflineGate() *OfflineGate {
-	return &OfflineGate{
-		lock: &sync.Mutex{},
-	}
-}
-
-// Lock locks readonly gate and returns a function to unlock
-func (o *OfflineGate) Lock() func() {
-	o.lock.Lock()
-	o.signalingCh = make(chan interface{})
-	return o.unlock
-}
-
-func (o *OfflineGate) unlock() {
-	if o.signalingCh == nil {
-		return
-	}
-
-	close(o.signalingCh)
-	o.signalingCh = nil
-	o.lock.Unlock()
-}
-
-// Watch returns a signaling channel.
-// Unless channel is nil, client needs to watch for a signal on a channel to know when gate is unlocked.
-// Signal channel is disposable: onced signaled, has to be disposed and acquired again.
-func (o *OfflineGate) Watch() chan interface{} {
-	return o.signalingCh
-}
-
-// WaitingMiddleware returns an http handler that waits for the gate to be unlocked before continuing
-func (o *OfflineGate) WaitingMiddleware(timeout time.Duration, next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		signalingCh := o.Watch()
-
-		if signalingCh != nil {
-			if r.Method != "GET" && r.Method != "HEAD" && r.Method != "OPTIONS" {
-				select {
-				case <-signalingCh:
-				case <-time.After(timeout):
-					log.Println("error: Timeout waiting for the offline gate to signal")
-					httperror.WriteError(w, http.StatusRequestTimeout, "Timeout waiting for the offline gate to signal", http.ErrHandlerTimeout)
-				}
-			}
-		}
-
-		next.ServeHTTP(w, r)
-
-	})
-}

api/http/offlinegate/offlinegate_test.go

@@ -1,217 +0,0 @@
-package offlinegate
-
-import (
-	"io"
-	"net/http"
-	"net/http/httptest"
-	"sync"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_canLockAndUnlock(t *testing.T) {
-	o := NewOfflineGate()
-
-	unlock := o.Lock()
-	unlock()
-}
-
-func Test_hasToBeUnlockedToLockAgain(t *testing.T) {
-	// scenario:
-	// 1. first routine starts and locks the gate
-	// 2. first routine starts a second and wait for the second to start
-	// 3. second start but waits for the gate to be released
-	// 4. first continues and unlocks the gate, when done
-	// 5. second be able to continue
-	// 6. second lock the gate, does the job and unlocks it
-
-	o := NewOfflineGate()
-
-	wg := sync.WaitGroup{}
-	wg.Add(2)
-
-	result := make([]string, 0, 2)
-	go func() {
-		unlock := o.Lock()
-		defer unlock()
-		waitForSecondToStart := sync.WaitGroup{}
-		waitForSecondToStart.Add(1)
-		go func() {
-			waitForSecondToStart.Done()
-			unlock := o.Lock()
-			defer unlock()
-			result = append(result, "second")
-			wg.Done()
-		}()
-		waitForSecondToStart.Wait()
-		result = append(result, "first")
-		wg.Done()
-	}()
-
-	wg.Wait()
-
-	if len(result) != 2 || result[0] != "first" || result[1] != "second" {
-		t.Error("Second call have disresregarded a raised lock")
-	}
-
-}
-
-func Test_waitChannelWillBeEmpty_ifGateIsUnlocked(t *testing.T) {
-	o := NewOfflineGate()
-
-	signalingCh := o.Watch()
-	if signalingCh != nil {
-		t.Error("Signaling channel should be empty")
-	}
-}
-
-func Test_startWaitingForSignal_beforeGateGetsUnlocked(t *testing.T) {
-	// scenario:
-	// 1. main routing locks the gate and waits for a consumer to start up
-	// 2. consumer starts up, notifies main and begins waiting for the gate to be unlocked
-	// 3. main unlocks the gate
-	// 4. consumer be able to continue
-
-	o := NewOfflineGate()
-	unlock := o.Lock()
-
-	signalingCh := o.Watch()
-
-	wg := sync.WaitGroup{}
-	wg.Add(1)
-	readerIsReady := sync.WaitGroup{}
-	readerIsReady.Add(1)
-
-	go func(t *testing.T) {
-		readerIsReady.Done()
-
-		// either wait for a signal or timeout
-		select {
-		case <-signalingCh:
-		case <-time.After(10 * time.Second):
-			t.Error("Failed to wait for a signal, exit by timeout")
-		}
-		wg.Done()
-	}(t)
-
-	readerIsReady.Wait()
-	unlock()
-
-	wg.Wait()
-}
-
-func Test_startWaitingForSignal_afterGateGetsUnlocked(t *testing.T) {
-	// scenario:
-	// 1. main routing locks, gets waiting channel and unlocks
-	// 2. consumer starts up and begins waiting for the gate to be unlocked
-	// 3. consumer gets signal immediately and continues
-
-	o := NewOfflineGate()
-	unlock := o.Lock()
-	signalingCh := o.Watch()
-	unlock()
-
-	wg := sync.WaitGroup{}
-	wg.Add(1)
-
-	go func(t *testing.T) {
-		// either wait for a signal or timeout
-		select {
-		case <-signalingCh:
-		case <-time.After(10 * time.Second):
-			t.Error("Failed to wait for a signal, exit by timeout")
-		}
-		wg.Done()
-	}(t)
-
-	wg.Wait()
-}
-
-func Test_waitingMiddleware_executesImmediately_whenNotLocked(t *testing.T) {
-	// scenario:
-	// 1. create an gate
-	// 2. kick off a waiting middleware that will release immediately as gate wasn't locked
-	// 3. middleware shouldn't timeout
-
-	o := NewOfflineGate()
-
-	request := httptest.NewRequest(http.MethodPost, "/", nil)
-	response := httptest.NewRecorder()
-
-	timeout := 2 * time.Second
-	start := time.Now()
-	o.WaitingMiddleware(timeout, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		elapsed := time.Since(start)
-		if elapsed >= timeout {
-			t.Error("WaitingMiddleware had likely timeout, when it shouldn't")
-		}
-		w.Write([]byte("success"))
-	})).ServeHTTP(response, request)
-
-	body, _ := io.ReadAll(response.Body)
-	if string(body) != "success" {
-		t.Error("Didn't receive expected result from the hanlder")
-	}
-}
-
-func Test_waitingMiddleware_waitsForTheLockToBeReleased(t *testing.T) {
-	// scenario:
-	// 1. create an gate and lock it
-	// 2. kick off a routing that will unlock the gate after 1 second
-	// 3. kick off a waiting middleware that will wait for lock to be eventually released
-	// 4. middleware shouldn't timeout
-
-	o := NewOfflineGate()
-	unlock := o.Lock()
-
-	request := httptest.NewRequest(http.MethodPost, "/", nil)
-	response := httptest.NewRecorder()
-
-	go func() {
-		time.Sleep(1 * time.Second)
-		unlock()
-	}()
-
-	timeout := 10 * time.Second
-	start := time.Now()
-	o.WaitingMiddleware(timeout, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		elapsed := time.Since(start)
-		if elapsed >= timeout {
-			t.Error("WaitingMiddleware had likely timeout, when it shouldn't")
-		}
-		w.Write([]byte("success"))
-	})).ServeHTTP(response, request)
-
-	body, _ := io.ReadAll(response.Body)
-	if string(body) != "success" {
-		t.Error("Didn't receive expected result from the hanlder")
-	}
-}
-
-func Test_waitingMiddleware_mayTimeout_whenLockedForTooLong(t *testing.T) {
-	/*
-		scenario:
-		1. create an gate and lock it
-		2. kick off a waiting middleware that will wait for lock to be eventually released
-		3. because we never unlocked the gate, middleware suppose to timeout
-	*/
-	o := NewOfflineGate()
-	o.Lock()
-
-	request := httptest.NewRequest(http.MethodPost, "/", nil)
-	response := httptest.NewRecorder()
-
-	timeout := 1 * time.Second
-	start := time.Now()
-	o.WaitingMiddleware(timeout, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		elapsed := time.Since(start)
-		if elapsed < timeout {
-			t.Error("WaitingMiddleware suppose to timeout, but it didnt")
-		}
-		w.Write([]byte("success"))
-	})).ServeHTTP(response, request)
-
-	assert.Equal(t, http.StatusRequestTimeout, response.Result().StatusCode, "Request support to timeout waiting for the gate")
-}

api/http/proxy/factory/azure.go

@@ -8,13 +8,13 @@ import (
 	"github.com/portainer/portainer/api/http/proxy/factory/azure"
 )
 
-func newAzureProxy(endpoint *portainer.Endpoint, dataStore portainer.DataStore) (http.Handler, error) {
+func newAzureProxy(endpoint *portainer.Endpoint) (http.Handler, error) {
 	remoteURL, err := url.Parse(azureAPIBaseURL)
 	if err != nil {
 		return nil, err
 	}
 
 	proxy := newSingleHostReverseProxyWithHostHeader(remoteURL)
-	proxy.Transport = azure.NewTransport(&endpoint.AzureCredentials, dataStore, endpoint)
+	proxy.Transport = azure.NewTransport(&endpoint.AzureCredentials)
 	return proxy, nil
 }

api/http/proxy/factory/azure/access_control.go

@@ -1,149 +0,0 @@
-package azure
-
-import (
-	"log"
-	"net/http"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/http/security"
-	"github.com/portainer/portainer/api/internal/authorization"
-)
-
-func (transport *Transport) createAzureRequestContext(request *http.Request) (*azureRequestContext, error) {
-	var err error
-
-	tokenData, err := security.RetrieveTokenData(request)
-	if err != nil {
-		return nil, err
-	}
-
-	resourceControls, err := transport.dataStore.ResourceControl().ResourceControls()
-	if err != nil {
-		return nil, err
-	}
-
-	context := &azureRequestContext{
-		isAdmin:          true,
-		userID:           tokenData.ID,
-		resourceControls: resourceControls,
-	}
-
-	if tokenData.Role != portainer.AdministratorRole {
-		context.isAdmin = false
-
-		teamMemberships, err := transport.dataStore.TeamMembership().TeamMembershipsByUserID(tokenData.ID)
-		if err != nil {
-			return nil, err
-		}
-
-		userTeamIDs := make([]portainer.TeamID, 0)
-		for _, membership := range teamMemberships {
-			userTeamIDs = append(userTeamIDs, membership.TeamID)
-		}
-		context.userTeamIDs = userTeamIDs
-	}
-
-	return context, nil
-}
-
-func decorateObject(object map[string]interface{}, resourceControl *portainer.ResourceControl) map[string]interface{} {
-	if object["Portainer"] == nil {
-		object["Portainer"] = make(map[string]interface{})
-	}
-
-	portainerMetadata := object["Portainer"].(map[string]interface{})
-	portainerMetadata["ResourceControl"] = resourceControl
-	return object
-}
-
-func (transport *Transport) createPrivateResourceControl(
-	resourceIdentifier string,
-	resourceType portainer.ResourceControlType,
-	userID portainer.UserID) (*portainer.ResourceControl, error) {
-
-	resourceControl := authorization.NewPrivateResourceControl(resourceIdentifier, resourceType, userID)
-
-	err := transport.dataStore.ResourceControl().CreateResourceControl(resourceControl)
-	if err != nil {
-		log.Printf("[ERROR] [http,proxy,azure,transport] [message: unable to persist resource control] [resource: %s] [err: %s]", resourceIdentifier, err)
-		return nil, err
-	}
-
-	return resourceControl, nil
-}
-
-func (transport *Transport) userCanDeleteContainerGroup(request *http.Request, context *azureRequestContext) bool {
-	if context.isAdmin {
-		return true
-	}
-	resourceIdentifier := request.URL.Path
-	resourceControl := transport.findResourceControl(resourceIdentifier, context)
-	return authorization.UserCanAccessResource(context.userID, context.userTeamIDs, resourceControl)
-}
-
-func (transport *Transport) decorateContainerGroups(containerGroups []interface{}, context *azureRequestContext) []interface{} {
-	decoratedContainerGroups := make([]interface{}, 0)
-
-	for _, containerGroup := range containerGroups {
-		containerGroup = transport.decorateContainerGroup(containerGroup.(map[string]interface{}), context)
-		decoratedContainerGroups = append(decoratedContainerGroups, containerGroup)
-	}
-
-	return decoratedContainerGroups
-}
-
-func (transport *Transport) decorateContainerGroup(containerGroup map[string]interface{}, context *azureRequestContext) map[string]interface{} {
-	containerGroupId, ok := containerGroup["id"].(string)
-	if ok {
-		resourceControl := transport.findResourceControl(containerGroupId, context)
-		if resourceControl != nil {
-			containerGroup = decorateObject(containerGroup, resourceControl)
-		}
-	} else {
-		log.Printf("[WARN] [http,proxy,azure,decorate] [message: unable to find resource id property in container group]")
-	}
-
-	return containerGroup
-}
-
-func (transport *Transport) filterContainerGroups(containerGroups []interface{}, context *azureRequestContext) []interface{} {
-	filteredContainerGroups := make([]interface{}, 0)
-
-	for _, containerGroup := range containerGroups {
-		userCanAccessResource := false
-		containerGroup := containerGroup.(map[string]interface{})
-		portainerObject, ok := containerGroup["Portainer"].(map[string]interface{})
-		if ok {
-			resourceControl, ok := portainerObject["ResourceControl"].(*portainer.ResourceControl)
-			if ok {
-				userCanAccessResource = authorization.UserCanAccessResource(context.userID, context.userTeamIDs, resourceControl)
-			}
-		}
-
-		if context.isAdmin || userCanAccessResource {
-			filteredContainerGroups = append(filteredContainerGroups, containerGroup)
-		}
-	}
-
-	return filteredContainerGroups
-}
-
-func (transport *Transport) removeResourceControl(containerGroup map[string]interface{}, context *azureRequestContext) error {
-	containerGroupID, ok := containerGroup["id"].(string)
-	if ok {
-		resourceControl := transport.findResourceControl(containerGroupID, context)
-		if resourceControl != nil {
-			err := transport.dataStore.ResourceControl().DeleteResourceControl(resourceControl.ID)
-			return err
-		}
-	} else {
-		log.Printf("[WARN] [http,proxy,azure] [message: missign ID in container group]")
-	}
-
-	return nil
-}
-
-func (transport *Transport) findResourceControl(containerGroupId string, context *azureRequestContext) *portainer.ResourceControl {
-	resourceControl := authorization.GetResourceControlByResourceIDAndType(containerGroupId, portainer.ContainerGroupResourceControl, context.resourceControls)
-	return resourceControl
-}

api/http/proxy/factory/azure/containergroup.go

@@ -1,139 +0,0 @@
-package azure
-
-import (
-	"errors"
-	"net/http"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/http/proxy/factory/responseutils"
-)
-
-// proxy for /subscriptions/*/resourceGroups/*/providers/Microsoft.ContainerInstance/containerGroups/*
-func (transport *Transport) proxyContainerGroupRequest(request *http.Request) (*http.Response, error) {
-	switch request.Method {
-	case http.MethodPut:
-		return transport.proxyContainerGroupPutRequest(request)
-	case http.MethodGet:
-		return transport.proxyContainerGroupGetRequest(request)
-	case http.MethodDelete:
-		return transport.proxyContainerGroupDeleteRequest(request)
-	default:
-		return http.DefaultTransport.RoundTrip(request)
-	}
-}
-
-func (transport *Transport) proxyContainerGroupPutRequest(request *http.Request) (*http.Response, error) {
-	//add a lock before processing existense check
-	transport.mutex.Lock()
-	defer transport.mutex.Unlock()
-
-	//generate a temp http GET request based on the current PUT request
-	validationRequest := &http.Request{
-		Method: http.MethodGet,
-		URL:    request.URL,
-		Header: http.Header{
-			"Authorization": []string{request.Header.Get("Authorization")},
-		},
-	}
-
-	//fire the request to Azure API to validate if there is an existing container instance with the same name
-	//positive - reject the request
-	//negative - continue the process
-	validationResponse, err := http.DefaultTransport.RoundTrip(validationRequest)
-	if err != nil {
-		return validationResponse, err
-	}
-
-	if validationResponse.StatusCode >= 200 && validationResponse.StatusCode < 300 {
-		resp := &http.Response{}
-		errObj := map[string]string{
-			"message": "A container instance with the same name already exists inside the selected resource group",
-		}
-		err = responseutils.RewriteResponse(resp, errObj, http.StatusConflict)
-		return resp, err
-	}
-
-	response, err := http.DefaultTransport.RoundTrip(request)
-	if err != nil {
-		return response, err
-	}
-
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
-	if err != nil {
-		return response, err
-	}
-
-	containerGroupID, ok := responseObject["id"].(string)
-	if !ok {
-		return response, errors.New("Missing container group ID")
-	}
-
-	context, err := transport.createAzureRequestContext(request)
-	if err != nil {
-		return response, err
-	}
-
-	resourceControl, err := transport.createPrivateResourceControl(containerGroupID, portainer.ContainerGroupResourceControl, context.userID)
-	if err != nil {
-		return response, err
-	}
-
-	responseObject = decorateObject(responseObject, resourceControl)
-
-	err = responseutils.RewriteResponse(response, responseObject, http.StatusOK)
-	if err != nil {
-		return response, err
-	}
-
-	return response, nil
-}
-
-func (transport *Transport) proxyContainerGroupGetRequest(request *http.Request) (*http.Response, error) {
-	response, err := http.DefaultTransport.RoundTrip(request)
-	if err != nil {
-		return response, err
-	}
-
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
-	if err != nil {
-		return nil, err
-	}
-
-	context, err := transport.createAzureRequestContext(request)
-	if err != nil {
-		return nil, err
-	}
-
-	responseObject = transport.decorateContainerGroup(responseObject, context)
-
-	responseutils.RewriteResponse(response, responseObject, http.StatusOK)
-
-	return response, nil
-}
-
-func (transport *Transport) proxyContainerGroupDeleteRequest(request *http.Request) (*http.Response, error) {
-	context, err := transport.createAzureRequestContext(request)
-	if err != nil {
-		return nil, err
-	}
-
-	if !transport.userCanDeleteContainerGroup(request, context) {
-		return responseutils.WriteAccessDeniedResponse()
-	}
-
-	response, err := http.DefaultTransport.RoundTrip(request)
-	if err != nil {
-		return response, err
-	}
-
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
-	if err != nil {
-		return nil, err
-	}
-
-	transport.removeResourceControl(responseObject, context)
-
-	responseutils.RewriteResponse(response, responseObject, http.StatusOK)
-
-	return response, nil
-}

api/http/proxy/factory/azure/containergroups.go

@@ -1,48 +0,0 @@
-package azure
-
-import (
-	"fmt"
-	"net/http"
-
-	"github.com/portainer/portainer/api/http/proxy/factory/responseutils"
-)
-
-// proxy for /subscriptions/*/providers/Microsoft.ContainerInstance/containerGroups
-func (transport *Transport) proxyContainerGroupsRequest(request *http.Request) (*http.Response, error) {
-	switch request.Method {
-	case http.MethodGet:
-		return transport.proxyContainerGroupsGetRequest(request)
-	default:
-		return http.DefaultTransport.RoundTrip(request)
-	}
-}
-
-func (transport *Transport) proxyContainerGroupsGetRequest(request *http.Request) (*http.Response, error) {
-	response, err := http.DefaultTransport.RoundTrip(request)
-	if err != nil {
-		return nil, err
-	}
-
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
-	if err != nil {
-		return nil, err
-	}
-
-	value, ok := responseObject["value"].([]interface{})
-	if ok {
-		context, err := transport.createAzureRequestContext(request)
-		if err != nil {
-			return response, err
-		}
-
-		decoratedValue := transport.decorateContainerGroups(value, context)
-		filteredValue := transport.filterContainerGroups(decoratedValue, context)
-		responseObject["value"] = filteredValue
-
-		responseutils.RewriteResponse(response, responseObject, http.StatusOK)
-	} else {
-		return nil, fmt.Errorf("The container groups response has no value property")
-	}
-
-	return response, nil
-}

api/http/proxy/factory/azure/transport.go

@@ -5,7 +5,7 @@ import (
 	"strconv"
 	"sync"
 	"time"
-	"path"
+
 	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/client"
 )
@@ -21,50 +21,26 @@ type (
 		client      *client.HTTPClient
 		token       *azureAPIToken
 		mutex       sync.Mutex
-		dataStore   portainer.DataStore
-		endpoint    *portainer.Endpoint
-	}
-
-	azureRequestContext struct {
-		isAdmin          bool
-		userID           portainer.UserID
-		userTeamIDs      []portainer.TeamID
-		resourceControls []portainer.ResourceControl
 	}
 )
 
 // NewTransport returns a pointer to a new instance of Transport that implements the HTTP Transport
 // interface for proxying requests to the Azure API.
-func NewTransport(credentials *portainer.AzureCredentials, dataStore portainer.DataStore, endpoint *portainer.Endpoint) *Transport {
+func NewTransport(credentials *portainer.AzureCredentials) *Transport {
 	return &Transport{
 		credentials: credentials,
 		client:      client.NewHTTPClient(),
-		dataStore:   dataStore,
-		endpoint:    endpoint,
 	}
 }
 
 // RoundTrip is the implementation of the the http.RoundTripper interface
 func (transport *Transport) RoundTrip(request *http.Request) (*http.Response, error) {
-	return transport.proxyAzureRequest(request)
-}
-
-func (transport *Transport) proxyAzureRequest(request *http.Request) (*http.Response, error) {
-	requestPath := request.URL.Path
-
 	err := transport.retrieveAuthenticationToken()
 	if err != nil {
 		return nil, err
 	}
 
 	request.Header.Set("Authorization", "Bearer "+transport.token.value)
-
-	if match, _ := path.Match(portainer.AzurePathContainerGroups, requestPath); match {
-		return transport.proxyContainerGroupsRequest(request)
-	} else if match, _ := path.Match(portainer.AzurePathContainerGroup, requestPath); match {
-		return transport.proxyContainerGroupRequest(request)
-	}
-
 	return http.DefaultTransport.RoundTrip(request)
 }
 

api/http/proxy/factory/docker/configs.go

@@ -58,7 +58,7 @@ func (transport *Transport) configListOperation(response *http.Response, executo
 func (transport *Transport) configInspectOperation(response *http.Response, executor *operationExecutor) error {
 	// ConfigInspect response is a JSON object
 	// https://docs.docker.com/engine/api/v1.30/#operation/ConfigInspect
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
+	responseObject, err := responseutils.GetResponseAsJSONOBject(response)
 	if err != nil {
 		return err
 	}

api/http/proxy/factory/docker/containers.go

@@ -77,7 +77,7 @@ func (transport *Transport) containerListOperation(response *http.Response, exec
 func (transport *Transport) containerInspectOperation(response *http.Response, executor *operationExecutor) error {
 	//ContainerInspect response is a JSON object
 	// https://docs.docker.com/engine/api/v1.28/#operation/ContainerInspect
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
+	responseObject, err := responseutils.GetResponseAsJSONOBject(response)
 	if err != nil {
 		return err
 	}
@@ -152,13 +152,12 @@ func containerHasBlackListedLabel(containerLabels map[string]interface{}, labelB
 func (transport *Transport) decorateContainerCreationOperation(request *http.Request, resourceIdentifierAttribute string, resourceType portainer.ResourceControlType) (*http.Response, error) {
 	type PartialContainer struct {
 		HostConfig struct {
-			Privileged bool                   `json:"Privileged"`
-			PidMode    string                 `json:"PidMode"`
-			Devices    []interface{}          `json:"Devices"`
-			Sysctls    map[string]interface{} `json:"Sysctls"`
-			CapAdd     []string               `json:"CapAdd"`
-			CapDrop    []string               `json:"CapDrop"`
-			Binds      []string               `json:"Binds"`
+			Privileged bool          `json:"Privileged"`
+			PidMode    string        `json:"PidMode"`
+			Devices    []interface{} `json:"Devices"`
+			CapAdd     []string      `json:"CapAdd"`
+			CapDrop    []string      `json:"CapDrop"`
+			Binds      []string      `json:"Binds"`
 		} `json:"HostConfig"`
 	}
 
@@ -205,10 +204,6 @@ func (transport *Transport) decorateContainerCreationOperation(request *http.Req
 			return forbiddenResponse, errors.New("forbidden to use device mapping")
 		}
 
-		if !securitySettings.AllowSysctlSettingForRegularUsers && len(partialContainer.HostConfig.Sysctls) > 0 {
-			return forbiddenResponse, errors.New("forbidden to use sysctl settings")
-		}
-
 		if !securitySettings.AllowContainerCapabilitiesForRegularUsers && (len(partialContainer.HostConfig.CapAdd) > 0 || len(partialContainer.HostConfig.CapDrop) > 0) {
 			return nil, errors.New("forbidden to use container capabilities")
 		}

api/http/proxy/factory/docker/networks.go

@@ -62,7 +62,7 @@ func (transport *Transport) networkListOperation(response *http.Response, execut
 func (transport *Transport) networkInspectOperation(response *http.Response, executor *operationExecutor) error {
 	// NetworkInspect response is a JSON object
 	// https://docs.docker.com/engine/api/v1.28/#operation/NetworkInspect
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
+	responseObject, err := responseutils.GetResponseAsJSONOBject(response)
 	if err != nil {
 		return err
 	}

api/http/proxy/factory/docker/secrets.go

@@ -58,7 +58,7 @@ func (transport *Transport) secretListOperation(response *http.Response, executo
 func (transport *Transport) secretInspectOperation(response *http.Response, executor *operationExecutor) error {
 	// SecretInspect response is a JSON object
 	// https://docs.docker.com/engine/api/v1.28/#operation/SecretInspect
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
+	responseObject, err := responseutils.GetResponseAsJSONOBject(response)
 	if err != nil {
 		return err
 	}

api/http/proxy/factory/docker/services.go

@@ -63,7 +63,7 @@ func (transport *Transport) serviceListOperation(response *http.Response, execut
 func (transport *Transport) serviceInspectOperation(response *http.Response, executor *operationExecutor) error {
 	//ServiceInspect response is a JSON object
 	//https://docs.docker.com/engine/api/v1.28/#operation/ServiceInspect
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
+	responseObject, err := responseutils.GetResponseAsJSONOBject(response)
 	if err != nil {
 		return err
 	}

api/http/proxy/factory/docker/swarm.go

@@ -11,7 +11,7 @@ import (
 func swarmInspectOperation(response *http.Response, executor *operationExecutor) error {
 	// SwarmInspect response is a JSON object
 	// https://docs.docker.com/engine/api/v1.30/#operation/SwarmInspect
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
+	responseObject, err := responseutils.GetResponseAsJSONOBject(response)
 	if err != nil {
 		return err
 	}

api/http/proxy/factory/docker/transport.go

@@ -1,11 +1,9 @@
 package docker
 
 import (
-	"bytes"
 	"encoding/base64"
 	"encoding/json"
 	"errors"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"path"
@@ -165,21 +163,6 @@ func (transport *Transport) proxyAgentRequest(r *http.Request) (*http.Response,
 
 		// volume browser request
 		return transport.restrictedResourceOperation(r, resourceID, portainer.VolumeResourceControl, true)
-	case strings.HasPrefix(requestPath, "/dockerhub"):
-		dockerhub, err := transport.dataStore.DockerHub().DockerHub()
-		if err != nil {
-			return nil, err
-		}
-
-		newBody, err := json.Marshal(dockerhub)
-		if err != nil {
-			return nil, err
-		}
-
-		r.Method = http.MethodPost
-
-		r.Body = ioutil.NopCloser(bytes.NewReader(newBody))
-		r.ContentLength = int64(len(newBody))
 	}
 
 	return transport.executeDockerRequest(r)
@@ -530,7 +513,7 @@ func (transport *Transport) interceptAndRewriteRequest(request *http.Request, op
 // https://docs.docker.com/engine/api/v1.37/#operation/SecretCreate
 // https://docs.docker.com/engine/api/v1.37/#operation/ConfigCreate
 func (transport *Transport) decorateGenericResourceCreationResponse(response *http.Response, resourceIdentifierAttribute string, resourceType portainer.ResourceControlType, userID portainer.UserID) error {
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
+	responseObject, err := responseutils.GetResponseAsJSONOBject(response)
 	if err != nil {
 		return err
 	}

api/http/proxy/factory/docker/volumes.go

@@ -37,7 +37,7 @@ func getInheritedResourceControlFromVolumeLabels(dockerClient *client.Client, en
 func (transport *Transport) volumeListOperation(response *http.Response, executor *operationExecutor) error {
 	// VolumeList response is a JSON object
 	// https://docs.docker.com/engine/api/v1.28/#operation/VolumeList
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
+	responseObject, err := responseutils.GetResponseAsJSONOBject(response)
 	if err != nil {
 		return err
 	}
@@ -76,7 +76,7 @@ func (transport *Transport) volumeListOperation(response *http.Response, executo
 func (transport *Transport) volumeInspectOperation(response *http.Response, executor *operationExecutor) error {
 	// VolumeInspect response is a JSON object
 	// https://docs.docker.com/engine/api/v1.28/#operation/VolumeInspect
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
+	responseObject, err := responseutils.GetResponseAsJSONOBject(response)
 	if err != nil {
 		return err
 	}
@@ -142,7 +142,7 @@ func (transport *Transport) decorateVolumeResourceCreationOperation(request *htt
 }
 
 func (transport *Transport) decorateVolumeCreationResponse(response *http.Response, resourceIdentifierAttribute string, resourceType portainer.ResourceControlType, userID portainer.UserID) error {
-	responseObject, err := responseutils.GetResponseAsJSONObject(response)
+	responseObject, err := responseutils.GetResponseAsJSONOBject(response)
 	if err != nil {
 		return err
 	}

api/http/proxy/factory/factory.go

@@ -55,7 +55,7 @@ func (factory *ProxyFactory) NewLegacyExtensionProxy(extensionAPIURL string) (ht
 func (factory *ProxyFactory) NewEndpointProxy(endpoint *portainer.Endpoint) (http.Handler, error) {
 	switch endpoint.Type {
 	case portainer.AzureEnvironment:
-		return newAzureProxy(endpoint, factory.dataStore)
+		return newAzureProxy(endpoint)
 	case portainer.EdgeAgentOnKubernetesEnvironment, portainer.AgentOnKubernetesEnvironment, portainer.KubernetesLocalEnvironment:
 		return factory.newKubernetesProxy(endpoint)
 	}

api/http/proxy/factory/kubernetes.go

@@ -72,7 +72,7 @@ func (factory *ProxyFactory) newKubernetesEdgeHTTPProxy(endpoint *portainer.Endp
 
 	endpointURL.Scheme = "http"
 	proxy := newSingleHostReverseProxyWithHostHeader(endpointURL)
-	proxy.Transport = kubernetes.NewEdgeTransport(factory.dataStore, factory.reverseTunnelService, endpoint.ID, tokenManager)
+	proxy.Transport = kubernetes.NewEdgeTransport(factory.reverseTunnelService, endpoint.ID, tokenManager)
 
 	return proxy, nil
 }
@@ -103,7 +103,7 @@ func (factory *ProxyFactory) newKubernetesAgentHTTPSProxy(endpoint *portainer.En
 	}
 
 	proxy := newSingleHostReverseProxyWithHostHeader(remoteURL)
-	proxy.Transport = kubernetes.NewAgentTransport(factory.dataStore, factory.signatureService, tlsConfig, tokenManager)
+	proxy.Transport = kubernetes.NewAgentTransport(factory.signatureService, tlsConfig, tokenManager)
 
 	return proxy, nil
 }

api/http/proxy/factory/kubernetes/transport.go

@@ -1,14 +1,10 @@
 package kubernetes
 
 import (
-	"bytes"
 	"crypto/tls"
-	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"net/http"
-	"strings"
 
 	"github.com/portainer/portainer/api/http/security"
 
@@ -24,7 +20,6 @@ type (
 	}
 
 	agentTransport struct {
-		dataStore          portainer.DataStore
 		httpTransport      *http.Transport
 		tokenManager       *tokenManager
 		signatureService   portainer.DigitalSignatureService
@@ -32,7 +27,6 @@ type (
 	}
 
 	edgeTransport struct {
-		dataStore            portainer.DataStore
 		httpTransport        *http.Transport
 		tokenManager         *tokenManager
 		reverseTunnelService portainer.ReverseTunnelService
@@ -70,9 +64,8 @@ func (transport *localTransport) RoundTrip(request *http.Request) (*http.Respons
 }
 
 // NewAgentTransport returns a new transport that can be used to send signed requests to a Portainer agent
-func NewAgentTransport(datastore portainer.DataStore, signatureService portainer.DigitalSignatureService, tlsConfig *tls.Config, tokenManager *tokenManager) *agentTransport {
+func NewAgentTransport(signatureService portainer.DigitalSignatureService, tlsConfig *tls.Config, tokenManager *tokenManager) *agentTransport {
 	transport := &agentTransport{
-		dataStore: datastore,
 		httpTransport: &http.Transport{
 			TLSClientConfig: tlsConfig,
 		},
@@ -92,10 +85,6 @@ func (transport *agentTransport) RoundTrip(request *http.Request) (*http.Respons
 
 	request.Header.Set(portainer.PortainerAgentKubernetesSATokenHeader, token)
 
-	if strings.HasPrefix(request.URL.Path, "/v2") {
-		decorateAgentRequest(request, transport.dataStore)
-	}
-
 	signature, err := transport.signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
 	if err != nil {
 		return nil, err
@@ -107,10 +96,9 @@ func (transport *agentTransport) RoundTrip(request *http.Request) (*http.Respons
 	return transport.httpTransport.RoundTrip(request)
 }
 
-// NewEdgeTransport returns a new transport that can be used to send signed requests to a Portainer Edge agent
-func NewEdgeTransport(datastore portainer.DataStore, reverseTunnelService portainer.ReverseTunnelService, endpointIdentifier portainer.EndpointID, tokenManager *tokenManager) *edgeTransport {
+// NewAgentTransport returns a new transport that can be used to send signed requests to a Portainer Edge agent
+func NewEdgeTransport(reverseTunnelService portainer.ReverseTunnelService, endpointIdentifier portainer.EndpointID, tokenManager *tokenManager) *edgeTransport {
 	transport := &edgeTransport{
-		dataStore:            datastore,
 		httpTransport:        &http.Transport{},
 		tokenManager:         tokenManager,
 		reverseTunnelService: reverseTunnelService,
@@ -129,10 +117,6 @@ func (transport *edgeTransport) RoundTrip(request *http.Request) (*http.Response
 
 	request.Header.Set(portainer.PortainerAgentKubernetesSATokenHeader, token)
 
-	if strings.HasPrefix(request.URL.Path, "/v2") {
-		decorateAgentRequest(request, transport.dataStore)
-	}
-
 	response, err := transport.httpTransport.RoundTrip(request)
 
 	if err == nil {
@@ -167,33 +151,3 @@ func getRoundTripToken(
 
 	return token, nil
 }
-
-func decorateAgentRequest(r *http.Request, dataStore portainer.DataStore) error {
-	requestPath := strings.TrimPrefix(r.URL.Path, "/v2")
-
-	switch {
-	case strings.HasPrefix(requestPath, "/dockerhub"):
-		decorateAgentDockerHubRequest(r, dataStore)
-	}
-
-	return nil
-}
-
-func decorateAgentDockerHubRequest(r *http.Request, dataStore portainer.DataStore) error {
-	dockerhub, err := dataStore.DockerHub().DockerHub()
-	if err != nil {
-		return err
-	}
-
-	newBody, err := json.Marshal(dockerhub)
-	if err != nil {
-		return err
-	}
-
-	r.Method = http.MethodPost
-
-	r.Body = ioutil.NopCloser(bytes.NewReader(newBody))
-	r.ContentLength = int64(len(newBody))
-
-	return nil
-}

api/http/proxy/factory/responseutils/response.go

@@ -2,7 +2,6 @@ package responseutils
 
 import (
 	"bytes"
-	"compress/gzip"
 	"encoding/json"
 	"errors"
 	"io/ioutil"
@@ -11,8 +10,8 @@ import (
 	"strconv"
 )
 
-// GetResponseAsJSONObject returns the response content as a generic JSON object
-func GetResponseAsJSONObject(response *http.Response) (map[string]interface{}, error) {
+// GetResponseAsJSONOBject returns the response content as a generic JSON object
+func GetResponseAsJSONOBject(response *http.Response) (map[string]interface{}, error) {
 	responseData, err := getResponseBodyAsGenericJSON(response)
 	if err != nil {
 		return nil, err
@@ -49,21 +48,13 @@ func getResponseBodyAsGenericJSON(response *http.Response) (interface{}, error)
 		return nil, errors.New("unable to parse response: empty response body")
 	}
 
-	reader := response.Body
-
-	if response.Header.Get("Content-Encoding") == "gzip" {
-		response.Header.Del("Content-Encoding")
-		gzipReader, err := gzip.NewReader(response.Body)
-		if err != nil {
-			return nil, err
-		}
-		reader = gzipReader
+	var data interface{}
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return nil, err
 	}
 
-	defer reader.Close()
-
-	var data interface{}
-	body, err := ioutil.ReadAll(reader)
+	err = response.Body.Close()
 	if err != nil {
 		return nil, err
 	}

api/http/security/bouncer.go

@@ -6,7 +6,7 @@ import (
 	"strings"
 
 	httperror "github.com/portainer/libhttp/error"
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	bolterrors "github.com/portainer/portainer/api/bolt/errors"
 	httperrors "github.com/portainer/portainer/api/http/errors"
 )
@@ -153,9 +153,6 @@ func (bouncer *RequestBouncer) RegistryAccess(r *http.Request, registry *portain
 	return nil
 }
 
-// handlers are applied backwards to the incoming request:
-// - add secure handlers to the response
-// - parse the JWT token and put it into the http context.
 func (bouncer *RequestBouncer) mwAuthenticatedUser(h http.Handler) http.Handler {
 	h = bouncer.mwCheckAuthentication(h)
 	h = mwSecureHeaders(h)
@@ -219,8 +216,6 @@ func (bouncer *RequestBouncer) mwUpgradeToRestrictedRequest(next http.Handler) h
 }
 
 // mwCheckAuthentication provides Authentication middleware for handlers
-//
-// It parses the JWT token and adds the parsed token data to the http context
 func (bouncer *RequestBouncer) mwCheckAuthentication(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		var tokenData *portainer.TokenData
@@ -274,31 +269,30 @@ func mwSecureHeaders(next http.Handler) http.Handler {
 }
 
 func (bouncer *RequestBouncer) newRestrictedContextRequest(userID portainer.UserID, userRole portainer.UserRole) (*RestrictedRequestContext, error) {
-	if userRole == portainer.AdministratorRole {
-		return &RestrictedRequestContext{
-			IsAdmin: true,
-			UserID:  userID,
-		}, nil
+	requestContext := &RestrictedRequestContext{
+		IsAdmin: true,
+		UserID:  userID,
 	}
 
-	memberships, err := bouncer.dataStore.TeamMembership().TeamMembershipsByUserID(userID)
-	if err != nil {
-		return nil, err
-	}
-
-	isTeamLeader := false
-	for _, membership := range memberships {
-		if membership.Role == portainer.TeamLeader {
-			isTeamLeader = true
+	if userRole != portainer.AdministratorRole {
+		requestContext.IsAdmin = false
+		memberships, err := bouncer.dataStore.TeamMembership().TeamMembershipsByUserID(userID)
+		if err != nil {
+			return nil, err
 		}
+
+		isTeamLeader := false
+		for _, membership := range memberships {
+			if membership.Role == portainer.TeamLeader {
+				isTeamLeader = true
+			}
+		}
+
+		requestContext.IsTeamLeader = isTeamLeader
+		requestContext.UserMemberships = memberships
 	}
 
-	return &RestrictedRequestContext{
-		IsAdmin:         false,
-		UserID:          userID,
-		IsTeamLeader:    isTeamLeader,
-		UserMemberships: memberships,
-	}, nil
+	return requestContext, nil
 }
 
 // EdgeComputeOperation defines a restriced edge compute operation.

api/http/server.go

@@ -1,20 +1,15 @@
 package http
 
 import (
-	"context"
-	"fmt"
-	"log"
 	"net/http"
 	"path/filepath"
 	"time"
 
 	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/adminmonitor"
 	"github.com/portainer/portainer/api/crypto"
 	"github.com/portainer/portainer/api/docker"
 	"github.com/portainer/portainer/api/http/handler"
 	"github.com/portainer/portainer/api/http/handler/auth"
-	"github.com/portainer/portainer/api/http/handler/backup"
 	"github.com/portainer/portainer/api/http/handler/customtemplates"
 	"github.com/portainer/portainer/api/http/handler/dockerhub"
 	"github.com/portainer/portainer/api/http/handler/edgegroups"
@@ -41,10 +36,10 @@ import (
 	"github.com/portainer/portainer/api/http/handler/users"
 	"github.com/portainer/portainer/api/http/handler/webhooks"
 	"github.com/portainer/portainer/api/http/handler/websocket"
-	"github.com/portainer/portainer/api/http/offlinegate"
 	"github.com/portainer/portainer/api/http/proxy"
 	"github.com/portainer/portainer/api/http/proxy/factory/kubernetes"
 	"github.com/portainer/portainer/api/http/security"
+
 	"github.com/portainer/portainer/api/kubernetes/cli"
 )
 
@@ -74,8 +69,6 @@ type Server struct {
 	DockerClientFactory         *docker.ClientFactory
 	KubernetesClientFactory     *cli.ClientFactory
 	KubernetesDeployer          portainer.KubernetesDeployer
-	ShutdownCtx                 context.Context
-	ShutdownTrigger             context.CancelFunc
 }
 
 // Start starts the HTTP server
@@ -85,7 +78,6 @@ func (server *Server) Start() error {
 	requestBouncer := security.NewRequestBouncer(server.DataStore, server.JWTService)
 
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)
-	offlineGate := offlinegate.NewOfflineGate()
 
 	var authHandler = auth.NewHandler(requestBouncer, rateLimiter)
 	authHandler.DataStore = server.DataStore
@@ -96,11 +88,6 @@ func (server *Server) Start() error {
 	authHandler.KubernetesTokenCacheManager = kubernetesTokenCacheManager
 	authHandler.OAuthService = server.OAuthService
 
-	adminMonitor := adminmonitor.New(5*time.Minute, server.DataStore, server.ShutdownCtx)
-	adminMonitor.Start()
-
-	var backupHandler = backup.NewHandler(requestBouncer, server.DataStore, offlineGate, server.FileService.GetDatastorePath(), server.ShutdownTrigger, adminMonitor)
-
 	var roleHandler = roles.NewHandler(requestBouncer)
 	roleHandler.DataStore = server.DataStore
 
@@ -213,7 +200,6 @@ func (server *Server) Start() error {
 	server.Handler = &handler.Handler{
 		RoleHandler:            roleHandler,
 		AuthHandler:            authHandler,
-		BackupHandler:          backupHandler,
 		CustomTemplatesHandler: customTemplatesHandler,
 		DockerHubHandler:       dockerHubHandler,
 		EdgeGroupsHandler:      edgeGroupsHandler,
@@ -245,27 +231,10 @@ func (server *Server) Start() error {
 		Addr:    server.BindAddress,
 		Handler: server.Handler,
 	}
-	httpServer.Handler = offlineGate.WaitingMiddleware(time.Minute, httpServer.Handler)
 
 	if server.SSL {
 		httpServer.TLSConfig = crypto.CreateServerTLSConfiguration()
 		return httpServer.ListenAndServeTLS(server.SSLCert, server.SSLKey)
 	}
-
-	go server.shutdown(httpServer)
-
 	return httpServer.ListenAndServe()
 }
-
-func (server *Server) shutdown(httpServer *http.Server) {
-	<-server.ShutdownCtx.Done()
-
-	log.Println("[DEBUG] Shutting down http server")
-	shutdownTimeout, cancel := context.WithTimeout(context.Background(), 30*time.Second)
-	defer cancel()
-
-	err := httpServer.Shutdown(shutdownTimeout)
-	if err != nil {
-		fmt.Printf("Failed shutdown http server: %s \n", err)
-	}
-}

api/internal/authorization/access_control.go

@@ -160,13 +160,9 @@ func FilterAuthorizedCustomTemplates(customTemplates []portainer.CustomTemplate,
 	return authorizedTemplates
 }
 
-// UserCanAccessResource will valid that a user has permissions defined in the specified resource control
+// UserCanAccessResource will valide that a user has permissions defined in the specified resource control
 // based on its identifier and the team(s) he is part of.
 func UserCanAccessResource(userID portainer.UserID, userTeamIDs []portainer.TeamID, resourceControl *portainer.ResourceControl) bool {
-	if resourceControl == nil {
-		return false
-	}
-
 	for _, authorizedUserAccess := range resourceControl.UserAccesses {
 		if userID == authorizedUserAccess.UserID {
 			return true

api/internal/edge/edgejob.go

@@ -1,19 +0,0 @@
-package edge
-
-import portainer "github.com/portainer/portainer/api"
-
-// LoadEdgeJobs registers all edge jobs inside corresponding endpoint tunnel
-func LoadEdgeJobs(dataStore portainer.DataStore, reverseTunnelService portainer.ReverseTunnelService) error {
-	edgeJobs, err := dataStore.EdgeJob().EdgeJobs()
-	if err != nil {
-		return err
-	}
-
-	for _, edgeJob := range edgeJobs {
-		for endpointID := range edgeJob.Endpoints {
-			reverseTunnelService.AddEdgeJob(endpointID, &edgeJob)
-		}
-	}
-
-	return nil
-}

api/internal/endpointutils/endpointutils.go

@@ -1,11 +0,0 @@
-package endpointutils
-
-import (
-	"strings"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-func IsLocalEndpoint(endpoint *portainer.Endpoint) bool {
-	return strings.HasPrefix(endpoint.URL, "unix://") || strings.HasPrefix(endpoint.URL, "npipe://") || endpoint.Type == 5
-}

api/internal/snapshot/snapshot.go

@@ -1,7 +1,6 @@
 package snapshot
 
 import (
-	"context"
 	"log"
 	"time"
 
@@ -17,11 +16,10 @@ type Service struct {
 	snapshotIntervalInSeconds float64
 	dockerSnapshotter         portainer.DockerSnapshotter
 	kubernetesSnapshotter     portainer.KubernetesSnapshotter
-	shutdownCtx               context.Context
 }
 
 // NewService creates a new instance of a service
-func NewService(snapshotInterval string, dataStore portainer.DataStore, dockerSnapshotter portainer.DockerSnapshotter, kubernetesSnapshotter portainer.KubernetesSnapshotter, shutdownCtx context.Context) (*Service, error) {
+func NewService(snapshotInterval string, dataStore portainer.DataStore, dockerSnapshotter portainer.DockerSnapshotter, kubernetesSnapshotter portainer.KubernetesSnapshotter) (*Service, error) {
 	snapshotFrequency, err := time.ParseDuration(snapshotInterval)
 	if err != nil {
 		return nil, err
@@ -32,7 +30,6 @@ func NewService(snapshotInterval string, dataStore portainer.DataStore, dockerSn
 		snapshotIntervalInSeconds: snapshotFrequency.Seconds(),
 		dockerSnapshotter:         dockerSnapshotter,
 		kubernetesSnapshotter:     kubernetesSnapshotter,
-		shutdownCtx:               shutdownCtx,
 	}, nil
 }
 
@@ -46,7 +43,7 @@ func (service *Service) Start() {
 	service.startSnapshotLoop()
 }
 
-func (service *Service) Stop() {
+func (service *Service) stop() {
 	if service.refreshSignal == nil {
 		return
 	}
@@ -58,7 +55,7 @@ func (service *Service) Stop() {
 
 // SetSnapshotInterval sets the snapshot interval and resets the service
 func (service *Service) SetSnapshotInterval(snapshotInterval string) error {
-	service.Stop()
+	service.stop()
 
 	snapshotFrequency, err := time.ParseDuration(snapshotInterval)
 	if err != nil {
@@ -135,12 +132,9 @@ func (service *Service) startSnapshotLoop() error {
 				if err != nil {
 					log.Printf("[ERROR] [internal,snapshot] [message: background schedule error (endpoint snapshot).] [error: %s]", err)
 				}
-			case <-service.shutdownCtx.Done():
-				log.Println("[DEBUG] [internal,snapshot] [message: shutting down snapshotting]")
-				ticker.Stop()
-				return
+
 			case <-service.refreshSignal:
-				log.Println("[DEBUG] [internal,snapshot] [message: shutting down snapshotting]")
+				log.Println("[DEBUG] [internal,snapshot] [message: shutting down Snapshot service]")
 				ticker.Stop()
 				return
 			}

api/internal/testhelpers/datastore.go

@@ -1,114 +0,0 @@
-package testhelpers
-
-import (
-	"io"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-type datastore struct {
-	dockerHub        portainer.DockerHubService
-	customTemplate   portainer.CustomTemplateService
-	edgeGroup        portainer.EdgeGroupService
-	edgeJob          portainer.EdgeJobService
-	edgeStack        portainer.EdgeStackService
-	endpoint         portainer.EndpointService
-	endpointGroup    portainer.EndpointGroupService
-	endpointRelation portainer.EndpointRelationService
-	registry         portainer.RegistryService
-	resourceControl  portainer.ResourceControlService
-	role             portainer.RoleService
-	settings         portainer.SettingsService
-	stack            portainer.StackService
-	tag              portainer.TagService
-	teamMembership   portainer.TeamMembershipService
-	team             portainer.TeamService
-	tunnelServer     portainer.TunnelServerService
-	user             portainer.UserService
-	version          portainer.VersionService
-	webhook          portainer.WebhookService
-}
-
-func (d *datastore) BackupTo(io.Writer) error                            { return nil }
-func (d *datastore) Open() error                                         { return nil }
-func (d *datastore) Init() error                                         { return nil }
-func (d *datastore) Close() error                                        { return nil }
-func (d *datastore) CheckCurrentEdition() error                          { return nil }
-func (d *datastore) IsNew() bool                                         { return false }
-func (d *datastore) MigrateData(force bool) error                        { return nil }
-func (d *datastore) RollbackToCE() error                                 { return nil }
-func (d *datastore) DockerHub() portainer.DockerHubService               { return d.dockerHub }
-func (d *datastore) CustomTemplate() portainer.CustomTemplateService     { return d.customTemplate }
-func (d *datastore) EdgeGroup() portainer.EdgeGroupService               { return d.edgeGroup }
-func (d *datastore) EdgeJob() portainer.EdgeJobService                   { return d.edgeJob }
-func (d *datastore) EdgeStack() portainer.EdgeStackService               { return d.edgeStack }
-func (d *datastore) Endpoint() portainer.EndpointService                 { return d.endpoint }
-func (d *datastore) EndpointGroup() portainer.EndpointGroupService       { return d.endpointGroup }
-func (d *datastore) EndpointRelation() portainer.EndpointRelationService { return d.endpointRelation }
-func (d *datastore) Registry() portainer.RegistryService                 { return d.registry }
-func (d *datastore) ResourceControl() portainer.ResourceControlService   { return d.resourceControl }
-func (d *datastore) Role() portainer.RoleService                         { return d.role }
-func (d *datastore) Settings() portainer.SettingsService                 { return d.settings }
-func (d *datastore) Stack() portainer.StackService                       { return d.stack }
-func (d *datastore) Tag() portainer.TagService                           { return d.tag }
-func (d *datastore) TeamMembership() portainer.TeamMembershipService     { return d.teamMembership }
-func (d *datastore) Team() portainer.TeamService                         { return d.team }
-func (d *datastore) TunnelServer() portainer.TunnelServerService         { return d.tunnelServer }
-func (d *datastore) User() portainer.UserService                         { return d.user }
-func (d *datastore) Version() portainer.VersionService                   { return d.version }
-func (d *datastore) Webhook() portainer.WebhookService                   { return d.webhook }
-
-type datastoreOption = func(d *datastore)
-
-// NewDatastore creates new instance of datastore.
-// Will apply options before returning, opts will be applied from left to right.
-func NewDatastore(options ...datastoreOption) *datastore {
-	d := datastore{}
-	for _, o := range options {
-		o(&d)
-	}
-	return &d
-}
-
-type stubUserService struct {
-	users []portainer.User
-}
-
-func (s *stubUserService) User(ID portainer.UserID) (*portainer.User, error)       { return nil, nil }
-func (s *stubUserService) UserByUsername(username string) (*portainer.User, error) { return nil, nil }
-func (s *stubUserService) Users() ([]portainer.User, error)                        { return s.users, nil }
-func (s *stubUserService) UsersByRole(role portainer.UserRole) ([]portainer.User, error) {
-	return s.users, nil
-}
-func (s *stubUserService) CreateUser(user *portainer.User) error                      { return nil }
-func (s *stubUserService) UpdateUser(ID portainer.UserID, user *portainer.User) error { return nil }
-func (s *stubUserService) DeleteUser(ID portainer.UserID) error                       { return nil }
-
-// WithUsers datastore option that will instruct datastore to return provided users
-func WithUsers(us []portainer.User) datastoreOption {
-	return func(d *datastore) {
-		d.user = &stubUserService{users: us}
-	}
-}
-
-type stubEdgeJobService struct {
-	jobs []portainer.EdgeJob
-}
-
-func (s *stubEdgeJobService) EdgeJobs() ([]portainer.EdgeJob, error) { return s.jobs, nil }
-func (s *stubEdgeJobService) EdgeJob(ID portainer.EdgeJobID) (*portainer.EdgeJob, error) {
-	return nil, nil
-}
-func (s *stubEdgeJobService) CreateEdgeJob(edgeJob *portainer.EdgeJob) error { return nil }
-func (s *stubEdgeJobService) UpdateEdgeJob(ID portainer.EdgeJobID, edgeJob *portainer.EdgeJob) error {
-	return nil
-}
-func (s *stubEdgeJobService) DeleteEdgeJob(ID portainer.EdgeJobID) error { return nil }
-func (s *stubEdgeJobService) GetNextIdentifier() int                     { return 0 }
-
-// WithEdgeJobs option will instruct datastore to return provided jobs
-func WithEdgeJobs(js []portainer.EdgeJob) datastoreOption {
-	return func(d *datastore) {
-		d.edgeJob = &stubEdgeJobService{jobs: js}
-	}
-}

api/internal/testhelpers/reverse_tunnel_service.go

@@ -1,23 +0,0 @@
-package testhelpers
-
-import portainer "github.com/portainer/portainer/api"
-
-type ReverseTunnelService struct{}
-
-func (r ReverseTunnelService) StartTunnelServer(addr, port string, snapshotService portainer.SnapshotService) error {
-	return nil
-}
-func (r ReverseTunnelService) GenerateEdgeKey(url, host string, endpointIdentifier int) string {
-	return "nil"
-}
-func (r ReverseTunnelService) SetTunnelStatusToActive(endpointID portainer.EndpointID) {}
-func (r ReverseTunnelService) SetTunnelStatusToRequired(endpointID portainer.EndpointID) error {
-	return nil
-}
-func (r ReverseTunnelService) SetTunnelStatusToIdle(endpointID portainer.EndpointID) {}
-func (r ReverseTunnelService) GetTunnelDetails(endpointID portainer.EndpointID) *portainer.TunnelDetails {
-	return nil
-}
-func (r ReverseTunnelService) AddEdgeJob(endpointID portainer.EndpointID, edgeJob *portainer.EdgeJob) {
-}
-func (r ReverseTunnelService) RemoveEdgeJob(edgeJobID portainer.EdgeJobID) {}