feat(edge): update deployment instructions

feat(edge): refactor key creation
feat(edge): wip edge
2019-06-17 11:37:09 +12:00 · 2019-06-17 09:18:17 +12:00 · 2019-06-12 12:06:59 +12:00 · 2019-06-05 09:24:22 +12:00 · 2019-05-27 11:29:35 +12:00 · 2019-05-24 18:01:50 +12:00
1729 changed files with 48962 additions and 102943 deletions
--- a/.babelrc
+++ b/.babelrc
@@ -5,8 +5,7 @@
      "@babel/preset-env",
      {
        "modules": false,
-        "useBuiltIns": "entry",
-        "corejs": "2"
+        "useBuiltIns": "usage"
      }
    ]
  ]
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@@ -1,44 +1,62 @@
 version: "2"
 checks:
  argument-count:
-    enabled: false
+    enabled: true
+    config:
+      threshold: 4
  complex-logic:
-    enabled: false
+    enabled: true
+    config:
+      threshold: 4
  file-lines:
-    enabled: false
+    enabled: true
+    config:
+      threshold: 300
  method-complexity:
    enabled: false
  method-count:
-    enabled: false
+    enabled: true
+    config:
+      threshold: 20
  method-lines:
-    enabled: false
+    enabled: true
+    config:
+      threshold: 50
  nested-control-flow:
-    enabled: false
+    enabled: true
+    config:
+      threshold: 4
  return-statements:
    enabled: false
  similar-code:
-    enabled: false
+    enabled: true
+    config:
+      threshold: #language-specific defaults. overrides affect all languages.
  identical-code:
-    enabled: false
+    enabled: true
+    config:
+      threshold: #language-specific defaults. overrides affect all languages.
 plugins:
  gofmt:
    enabled: true
+  golint:
+    enabled: true
+  govet:
+    enabled: true
+  csslint:
+    enabled: true
+  duplication:
+    enabled: true
+    config:
+      languages:
+        javascript:
+          mass_threshold: 80
  eslint:
    enabled: true
    channel: "eslint-5"
    config:
      config: .eslintrc.yml
+  fixme:
+    enabled: true
 exclude_patterns:
- assets/
- build/
- dist/
- distribution/
- node_modules
 - test/
- webpack/
- gruntfile.js
- webpack.config.js
- api/
- "!app/kubernetes/**"
- .github/
- .tmp/
--- a/.eslintrc.yml
+++ b/.eslintrc.yml
@@ -6,13 +6,10 @@ env:

 globals:
  angular: true
+  __CONFIG_GA_ID: true

 extends:
  - 'eslint:recommended'
-  - prettier
-
-plugins:
-  - import

 parserOptions:
  ecmaVersion: 2018
@@ -20,9 +17,276 @@ parserOptions:
  ecmaFeatures:
    modules: true

+# # http://eslint.org/docs/rules/
 rules:
-  no-control-regex: off
+#   # Possible Errors
+#   no-await-in-loop: off
+#   no-cond-assign: error
+#   no-console: off
+#   no-constant-condition: error
+#   no-control-regex: error
+#   no-debugger: error
+#   no-dupe-args: error
+#   no-dupe-keys: error
+#   no-duplicate-case: error
+#   no-empty-character-class: error
  no-empty: warn
+#   no-ex-assign: error
+#   no-extra-boolean-cast: error
+#   no-extra-parens: off
+#   no-extra-semi: error
+#   no-func-assign: error
+#   no-inner-declarations:
+#     - error
+#     - functions
+#   no-invalid-regexp: error
+#   no-irregular-whitespace: error
+#   no-negated-in-lhs: error
+#   no-obj-calls: error
+#   no-prototype-builtins: off
+#   no-regex-spaces: error
+#   no-sparse-arrays: error
+#   no-template-curly-in-string: off
+#   no-unexpected-multiline: error
+#   no-unreachable: error
+#   no-unsafe-finally: off
+#   no-unsafe-negation: off
+#   use-isnan: error
+#   valid-jsdoc: off
+#   valid-typeof: error
+
+#   # Best Practices
+#   accessor-pairs: error
+#   array-callback-return: off
+#   block-scoped-var: off
+#   class-methods-use-this: off
+#   complexity:
+#     - error
+#     - 6
+#   consistent-return: off
+#   curly: off
+#   default-case: off
+#   dot-location: off
+#   dot-notation: off
+#   eqeqeq: error
+#   guard-for-in: error
+#   no-alert: error
+#   no-caller: error
+#   no-case-declarations: error
+#   no-div-regex: error
+#   no-else-return: off
  no-empty-function: warn
+#   no-empty-pattern: error
+#   no-eq-null: error
+#   no-eval: error
+#   no-extend-native: error
+#   no-extra-bind: error
+#   no-extra-label: off
+#   no-fallthrough: error
+#   no-floating-decimal: off
+#   no-global-assign: off
+#   no-implicit-coercion: off
+#   no-implied-eval: error
+#   no-invalid-this: off
+#   no-iterator: error
+#   no-labels:
+#     - error
+#     - allowLoop: true
+#       allowSwitch: true
+#   no-lone-blocks: error
+#   no-loop-func: error
+#   no-magic-number: off
+#   no-multi-spaces: off
+#   no-multi-str: off
+#   no-native-reassign: error
+#   no-new-func: error
+#   no-new-wrappers: error
+#   no-new: error
+#   no-octal-escape: error
+#   no-octal: error
+#   no-param-reassign: off
+#   no-proto: error
+#   no-redeclare: error
+#   no-restricted-properties: off
+#   no-return-assign: error
+#   no-return-await: off
+#   no-script-url: error
+#   no-self-assign: off
+#   no-self-compare: error
+#   no-sequences: off
+#   no-throw-literal: off
+#   no-unmodified-loop-condition: off
+#   no-unused-expressions: error
+#   no-unused-labels: off
+#   no-useless-call: error
+#   no-useless-concat: error
  no-useless-escape: off
-  import/order: error
+#   no-useless-return: off
+#   no-void: error
+#   no-warning-comments: off
+#   no-with: error
+#   prefer-promise-reject-errors: off
+#   radix: error
+#   require-await: off
+#   vars-on-top: off
+#   wrap-iife: error
+#   yoda: off
+
+#   # Strict
+#   strict: off
+
+#   # Variables
+#   init-declarations: off
+#   no-catch-shadow: error
+#   no-delete-var: error
+#   no-label-var: error
+#   no-restricted-globals: off
+#   no-shadow-restricted-names: error
+#   no-shadow: off
+#   no-undef-init: error
+#   no-undef: off
+#   no-undefined: off
+#   no-unused-vars:
+#     - warn
+#     -
+#       vars: local
+#   no-use-before-define: off
+
+#   # Node.js and CommonJS
+#   callback-return: error
+#   global-require: error
+#   handle-callback-err: error
+#   no-mixed-requires: off
+#   no-new-require: off
+#   no-path-concat: error
+#   no-process-env: off
+#   no-process-exit: error
+#   no-restricted-modules: off
+#   no-sync: off
+
+#   # Stylistic Issues
+#   array-bracket-spacing: off
+#   block-spacing: off
+#   brace-style: off
+#   camelcase: off
+#   capitalized-comments: off
+#   comma-dangle:
+#     - error
+#     - never
+#   comma-spacing: off
+#   comma-style: off
+#   computed-property-spacing: off
+#   consistent-this: off
+#   eol-last: off
+#   func-call-spacing: off
+#   func-name-matching: off
+#   func-names: off
+#   func-style: off
+#   id-length: off
+#   id-match: off
+#   indent: off
+#   jsx-quotes: off
+#   key-spacing: off
+#   keyword-spacing: off
+#   line-comment-position: off
+#   linebreak-style:
+#     - error
+#     - unix
+#   lines-around-comment: off
+#   lines-around-directive: off
+#   max-depth: off
+#   max-len: off
+#   max-nested-callbacks: off
+#   max-params: off
+#   max-statements-per-line: off
+#   max-statements:
+#     - error
+#     - 30
+#   multiline-ternary: off
+#   new-cap: off
+#   new-parens: off
+#   newline-after-var: off
+#   newline-before-return: off
+#   newline-per-chained-call: off
+#   no-array-constructor: off
+#   no-bitwise: off
+#   no-continue: off
+#   no-inline-comments: off
+#   no-lonely-if: off
+#   no-mixed-operators: off
+#   no-mixed-spaces-and-tabs: off
+#   no-multi-assign: off
+#   no-multiple-empty-lines: off
+#   no-negated-condition: off
+#   no-nested-ternary: off
+#   no-new-object: off
+#   no-plusplus: off
+#   no-restricted-syntax: off
+#   no-spaced-func: off
+#   no-tabs: off
+#   no-ternary: off
+#   no-trailing-spaces: off
+#   no-underscore-dangle: off
+#   no-unneeded-ternary: off
+#   object-curly-newline: off
+#   object-curly-spacing: off
+#   object-property-newline: off
+#   one-var-declaration-per-line: off
+#   one-var: off
+#   operator-assignment: off
+#   operator-linebreak: off
+#   padded-blocks: off
+#   quote-props: off
+#   quotes:
+#     - error
+#     - single
+#   require-jsdoc: off
+#   semi-spacing: off
+#   semi:
+#     - error
+#     - always
+#   sort-keys: off
+#   sort-vars: off
+#   space-before-blocks: off
+#   space-before-function-paren: off
+#   space-in-parens: off
+#   space-infix-ops: off
+#   space-unary-ops: off
+#   spaced-comment: off
+#   template-tag-spacing: off
+#   unicode-bom: off
+#   wrap-regex: off
+
+#   # ECMAScript 6
+#   arrow-body-style: off
+#   arrow-parens: off
+#   arrow-spacing: off
+#   constructor-super: off
+#   generator-star-spacing: off
+#   no-class-assign: off
+#   no-confusing-arrow: off
+#   no-const-assign: off
+#   no-dupe-class-members: off
+#   no-duplicate-imports: off
+#   no-new-symbol: off
+#   no-restricted-imports: off
+#   no-this-before-super: off
+#   no-useless-computed-key: off
+#   no-useless-constructor: off
+#   no-useless-rename: off
+#   no-var: off
+#   object-shorthand: off
+#   prefer-arrow-callback: off
+#   prefer-const: off
+#   prefer-destructuring: off
+#   prefer-numeric-literals: off
+#   prefer-rest-params: off
+#   prefer-reflect: off
+#   prefer-spread: off
+#   prefer-template: off
+#   require-yield: off
+#   rest-spread-spacing: off
+#   sort-imports: off
+#   symbol-description: off
+#   template-curly-spacing: off
+#   yield-star-spacing: off
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -1,55 +1,49 @@
---
-name: Bug report
-about: Create a bug report
-title: ''
-labels: bug/need-confirmation, kind/bug
-assignees: ''
-
---
-
-<!--
-
-Thanks for reporting a bug for Portainer !
-
-You can find more information about Portainer support framework policy here: https://www.portainer.io/2019/04/portainer-support-policy/
-
-Do you need help or have a question? Come chat with us on Slack http://portainer.slack.com/
-
-Before opening a new issue, make sure that we do not have any duplicates
-already open. You can ensure this by searching the issue list for this
-repository. If there is a duplicate, please close your issue and add a comment
-to the existing issue instead.
-
-Also, be sure to check our FAQ and documentation first: https://documentation.portainer.io/
-->
-
-**Bug description**
-A clear and concise description of what the bug is.
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Portainer Logs**
-Provide the logs of your Portainer container or Service.
-You can see how [here](https://documentation.portainer.io/archive/1.23.2/faq/#how-do-i-get-the-logs-from-portainer)
-
-**Steps to reproduce the issue:**
-
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
-
-**Technical details:**
-
- Portainer version:
- Docker version (managed by Portainer):
- Kubernetes version (managed by Portainer):
- Platform (windows/linux):
- Command used to start Portainer (`docker run -p 9000:9000 portainer/portainer`):
- Browser:
- Use Case (delete as appropriate): Using Portainer at Home, Using Portainer in a Commerical setup.
- Have you reviewed our technical documentation and knowledge base? Yes/No
-
-**Additional context**
-Add any other context about the problem here.
+---
+name: Bug report
+about: Create a bug report
+
+---
+
+<!--
+
+Thanks for reporting a bug for Portainer !
+
+You can find more information about Portainer support framework policy here: https://www.portainer.io/2019/04/portainer-support-policy/
+
+Do you need help or have a question? Come chat with us on Slack http://portainer.io/slack/.
+
+Before opening a new issue, make sure that we do not have any duplicates
+already open. You can ensure this by searching the issue list for this
+repository. If there is a duplicate, please close your issue and add a comment
+to the existing issue instead.
+
+Also, be sure to check our FAQ and documentation first: https://portainer.readthedocs.io
+-->
+
+**Bug description**
+
+A clear and concise description of what the bug is.
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+Briefly describe what you were expecting.
+
+**Steps to reproduce the issue:**
+
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Technical details:**
+
+* Portainer version:
+* Docker version (managed by Portainer):
+* Platform (windows/linux):
+* Command used to start Portainer (`docker run -p 9000:9000 portainer/portainer`):
+* Browser:
+
+**Additional context**
+Add any other context about the problem here.
--- a/.github/ISSUE_TEMPLATE/Custom.md
+++ b/.github/ISSUE_TEMPLATE/Custom.md
@@ -1,25 +1,17 @@
---
-name: Question
-about: Ask us a question about Portainer usage or deployment
-title: ''
-labels: ''
-assignees: ''
-
---
-Before you start, we need a little bit more information from you:
-
-Use Case (delete as appropriate): Using Portainer at Home, Using Portainer in a Commerical setup.
-
-Have you reviewed our technical documentation and knowledge base? Yes/No
-
-<!--
-
-You can find more information about Portainer support framework policy here: https://old.portainer.io/2019/04/portainer-support-policy/
-
-Do you need help or have a question? Come chat with us on Slack http://portainer.slack.com/
-
-Also, be sure to check our FAQ and documentation first: https://documentation.portainer.io/
-->
-
-**Question**:
-How can I deploy Portainer on... ?
+---
+name: Question
+about: Ask us a question about Portainer usage or deployment
+
+---
+
+<!--
+
+You can find more information about Portainer support framework policy here: https://www.portainer.io/2019/04/portainer-support-policy/
+
+Do you need help or have a question? Come chat with us on Slack http://portainer.io/slack/
+
+Also, be sure to check our FAQ and documentation first: https://portainer.readthedocs.io
+-->
+
+**Question**:
+How can I deploy Portainer on... ?
--- a/.github/ISSUE_TEMPLATE/Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_request.md
@@ -1,34 +1,31 @@
---
-name: Feature request
-about: Suggest a feature/enhancement that should be added in Portainer
-title: ''
-labels: ''
-assignees: ''
-
---
-
-<!--
-
-Thanks for opening a feature request for Portainer !
-
-Do you need help or have a question? Come chat with us on Slack http://portainer.slack.com/
-
-Before opening a new issue, make sure that we do not have any duplicates
-already open. You can ensure this by searching the issue list for this
-repository. If there is a duplicate, please close your issue and add a comment
-to the existing issue instead.
-
-Also, be sure to check our FAQ and documentation first: https://documentation.portainer.io/
-->
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.
+---
+name: Feature request
+about: Suggest a feature/enhancement that should be added in Portainer
+
+---
+
+<!--
+
+Thanks for opening a feature request for Portainer !
+
+Do you need help or have a question? Come chat with us on Slack http://portainer.io/slack/
+
+Before opening a new issue, make sure that we do not have any duplicates
+already open. You can ensure this by searching the issue list for this
+repository. If there is a duplicate, please close your issue and add a comment
+to the existing issue instead.
+
+Also, be sure to check our FAQ and documentation first: https://portainer.readthedocs.io
+-->
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -1,54 +0,0 @@
-# Config for Stalebot, limited to only `issues`
-only: issues
-
-# Issues config
-issues:
-  daysUntilStale: 60
-  daysUntilClose: 7
-
-  # Limit the number of actions per hour, from 1-30. Default is 30
-  limitPerRun: 30
-
-  # Issues with these labels will never be considered stale
-  exemptLabels:
-    - kind/enhancement
-    - kind/question
-    - kind/style
-    - kind/workaround
-    - kind/refactor
-    - bug/need-confirmation
-    - bug/confirmed
-    - status/discuss
-
-  # Only issues with all of these labels are checked if stale. Defaults to `[]` (disabled)
-  onlyLabels: []
-
-  # Set to true to ignore issues in a project (defaults to false)
-  exemptProjects: true
-  # Set to true to ignore issues in a milestone (defaults to false)
-  exemptMilestones: true
-  # Set to true to ignore issues with an assignee (defaults to false)
-  exemptAssignees: true
-
-  # Label to use when marking an issue as stale
-  staleLabel: status/stale
-
-  # Comment to post when marking an issue as stale. Set to `false` to disable
-  markComment: >
-    This issue has been marked as stale as it has not had recent activity,
-    it will be closed if no further activity occurs in the next 7 days.
-    If you believe that it has been incorrectly labelled as stale,
-    leave a comment and the label will be removed.
-
-  # Comment to post when removing the stale label.
-  # unmarkComment: >
-  #   Your comment here.
-
-  # Comment to post when closing a stale issue. Set to `false` to disable
-  closeComment: >
-    Since no further activity has appeared on this issue it will be closed.
-    If you believe that it has been incorrectly closed, leave a comment
-    mentioning `ametdoohan`, `balasu` or `keverv` and one of our staff will then review the issue.
-
-    Note - If it is an old bug report, make sure that it is reproduceable in the
-    latest version of Portainer as it may have already been fixed.
--- a/.github/workflows/rebase.yml
+++ b/.github/workflows/rebase.yml
@@ -1,19 +0,0 @@
-name: Automatic Rebase
-on:
-  issue_comment:
-    types: [created]
-jobs:
-  rebase:
-    name: Rebase
-    if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout the latest code
-        uses: actions/checkout@v2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
-      - name: Automatic Rebase
-        uses: cirrus-actions/rebase@1.4
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -4,12 +4,4 @@ dist
 portainer-checksum.txt
 api/cmd/portainer/portainer*
 .tmp
-**/.vscode/settings.json
-**/.vscode/tasks.json
-
-.eslintcache
-__debug_bin
-
-api/docs
-.idea
-.env
+.vscode
--- a/.prettierrc
+++ b/.prettierrc
@@ -1,13 +0,0 @@
-{
-  "printWidth": 180,
-  "singleQuote": true,
-  "htmlWhitespaceSensitivity": "strict",
-  "overrides": [
-    {
-      "files": ["*.html"],
-      "options": {
-        "parser": "angular"
-      }
-    }
-  ]
-}
--- a/.vscode.example/launch.json
+++ b/.vscode.example/launch.json
@@ -1,19 +0,0 @@
-{
-  // Use IntelliSense to learn about possible attributes.
-  // Hover to view descriptions of existing attributes.
-  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
-  "version": "0.2.0",
-  "configurations": [
-    {
-      "name": "Launch",
-      "type": "go",
-      "request": "launch",
-      "mode": "debug",
-      "program": "${workspaceRoot}/api/cmd/portainer/main.go",
-      "cwd": "${workspaceRoot}",
-      "env": {},
-      "showLog": true,
-      "args": ["--data", "${env:HOME}/portainer-data", "--assets", "${workspaceRoot}/dist"]
-    }
-  ]
-}
--- a/.vscode.example/portainer.code-snippets
+++ b/.vscode.example/portainer.code-snippets
@@ -1,167 +0,0 @@
-{
-  // Place your portainer workspace snippets here. Each snippet is defined under a snippet name and has a scope, prefix, body and
-  // description. Add comma separated ids of the languages where the snippet is applicable in the scope field. If scope
-  // is left empty or omitted, the snippet gets applied to all languages. The prefix is what is
-  // used to trigger the snippet and the body will be expanded and inserted. Possible variables are:
-  // $1, $2 for tab stops, $0 for the final cursor position, and ${1:label}, ${2:another} for placeholders.
-  // Placeholders with the same ids are connected.
-  // Example:
-  // "Print to console": {
-  // 	"scope": "javascript,typescript",
-  // 	"prefix": "log",
-  // 	"body": [
-  // 		"console.log('$1');",
-  // 		"$2"
-  // 	],
-  // 	"description": "Log output to console"
-  // }
-  "Component": {
-    "scope": "javascript",
-    "prefix": "mycomponent",
-    "description": "Dummy Angularjs Component",
-    "body": [
-      "import angular from 'angular';",
-      "import controller from './${TM_FILENAME_BASE}Controller'",
-      "",
-      "angular.module('portainer.${TM_DIRECTORY/.*\\/app\\/([^\\/]*)(\\/.*)?$/$1/}').component('$TM_FILENAME_BASE', {",
-      "  templateUrl: './$TM_FILENAME_BASE.html',",
-      "  controller,",
-      "});",
-      ""
-    ]
-  },
-  "Controller": {
-    "scope": "javascript",
-    "prefix": "mycontroller",
-    "body": [
-      "class ${TM_FILENAME_BASE/(.*)/${1:/capitalize}/} {",
-      "\t/* @ngInject */",
-      "\tconstructor($0) {",
-      "\t}",
-      "}",
-      "",
-      "export default ${TM_FILENAME_BASE/(.*)/${1:/capitalize}/};"
-    ],
-    "description": "Dummy ES6+ controller"
-  },
-  "Service": {
-    "scope": "javascript",
-    "prefix": "myservice",
-    "description": "Dummy ES6+ service",
-    "body": [
-      "import angular from 'angular';",
-      "import PortainerError from 'Portainer/error';",
-      "",
-      "class $1 {",
-      "  /* @ngInject */",
-      "  constructor(\\$async, $0) {",
-      "    this.\\$async = \\$async;",
-      "",
-      "    this.getAsync = this.getAsync.bind(this);",
-      "    this.getAllAsync = this.getAllAsync.bind(this);",
-      "    this.createAsync = this.createAsync.bind(this);",
-      "    this.updateAsync = this.updateAsync.bind(this);",
-      "    this.deleteAsync = this.deleteAsync.bind(this);",
-      "  }",
-      "",
-      "  /**",
-      "   * GET",
-      "   */",
-      "  async getAsync() {",
-      "    try {",
-      "",
-      "    } catch (err) {",
-      "      throw new PortainerError('', err);",
-      "    }",
-      "  }",
-      "",
-      "  async getAllAsync() {",
-      "    try {",
-      "",
-      "    } catch (err) {",
-      "      throw new PortainerError('', err);",
-      "    }",
-      "  }",
-      "",
-      "  get() {",
-      "    if () {",
-      "      return this.\\$async(this.getAsync);",
-      "    }",
-      "    return this.\\$async(this.getAllAsync);",
-      "  }",
-      "",
-      "  /**",
-      "   * CREATE",
-      "   */",
-      "  async createAsync() {",
-      "    try {",
-      "",
-      "    } catch (err) {",
-      "      throw new PortainerError('', err);",
-      "    }",
-      "  }",
-      "",
-      "  create() {",
-      "    return this.\\$async(this.createAsync);",
-      "  }",
-      "",
-      "  /**",
-      "   * UPDATE",
-      "   */",
-      "  async updateAsync() {",
-      "    try {",
-      "",
-      "    } catch (err) {",
-      "      throw new PortainerError('', err);",
-      "    }",
-      "  }",
-      "",
-      "  update() {",
-      "    return this.\\$async(this.updateAsync);",
-      "  }",
-      "",
-      "  /**",
-      "   * DELETE",
-      "   */",
-      "  async deleteAsync() {",
-      "    try {",
-      "",
-      "    } catch (err) {",
-      "      throw new PortainerError('', err);",
-      "    }",
-      "  }",
-      "",
-      "  delete() {",
-      "    return this.\\$async(this.deleteAsync);",
-      "  }",
-      "}",
-      "",
-      "export default $1;",
-      "angular.module('portainer.${TM_DIRECTORY/.*\\/app\\/([^\\/]*)(\\/.*)?$/$1/}').service('$1', $1);"
-    ]
-  },
-  "swagger-api-doc": {
-    "prefix": "swapi",
-    "scope": "go",
-    "description": "Snippet for a api doc",
-    "body": [
-      "// @id ",
-      "// @summary ",
-      "// @description ",
-      "// @description **Access policy**: ",
-      "// @tags ",
-      "// @security jwt",
-      "// @accept json",
-      "// @produce json",
-      "// @param id path int true \"identifier\"",
-      "// @param body body Object true \"details\"",
-      "// @success 200 {object} portainer. \"Success\"",
-      "// @success 204 \"Success\"",
-      "// @failure 400 \"Invalid request\"",
-      "// @failure 403 \"Permission denied\"",
-      "// @failure 404 \" not found\"",
-      "// @failure 500 \"Server error\"",
-      "// @router /{id} [get]"
-    ]
-  }
-}
--- a/ATTRIBUTIONS.md
+++ b/ATTRIBUTIONS.md
@@ -1,32 +0,0 @@
-# Open Source License Attribution
-
-This application uses Open Source components. You can find the source
-code of their open source projects along with license information below.
-We acknowledge and are grateful to these developers for their contributions
-to open source.
-
-### [angular-json-tree](https://github.com/awendland/angular-json-tree)
-
-by [Alex Wendland](https://github.com/awendland) is licensed under [CC BY 4.0 License](https://creativecommons.org/licenses/by/4.0/)
-
-### [caniuse-db](https://github.com/Fyrd/caniuse)
-
-by [caniuse.com](caniuse.com) is licensed under [CC BY 4.0 License](https://creativecommons.org/licenses/by/4.0/)
-
-### [caniuse-lite](https://github.com/ben-eb/caniuse-lite)
-
-by [caniuse.com](caniuse.com) is licensed under [CC BY 4.0 License](https://creativecommons.org/licenses/by/4.0/)
-
-### [spdx-exceptions](https://github.com/jslicense/spdx-exceptions.json)
-
-by Kyle Mitchell using [SPDX](https://spdx.dev/) from Linux Foundation licensed under [CC BY 3.0 License](https://creativecommons.org/licenses/by/3.0/)
-
-### [fontawesome-free](https://github.com/FortAwesome/Font-Awesome) Icons
-
-by [Fort Awesome](https://fortawesome.com/) is licensed under [CC BY 4.0 License](https://creativecommons.org/licenses/by/4.0/)
-
-Portainer also contains the following code, which is licensed under the [MIT license](https://opensource.org/licenses/MIT):
-
-UI For Docker: Copyright (c) 2013-2016 Michael Crosby (crosbymichael.com), Kevan Ahlquist (kevanahlquist.com), Anthony Lapenna (portainer.io)
-
-rdash-angular: Copyright (c) [2014][elliot hesp]
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -6,16 +6,30 @@ Some basic conventions for contributing to this project.

 Please make sure that there aren't existing pull requests attempting to address the issue mentioned. Likewise, please check for issues related to update, as someone else may be working on the issue in a branch or fork.

- Please open a discussion in a new issue / existing issue to talk about the changes you'd like to bring
- Develop in a topic branch, not master/develop
+* Please open a discussion in a new issue / existing issue to talk about the changes you'd like to bring
+* Develop in a topic branch, not master/develop

-When creating a new branch, prefix it with the _type_ of the change (see section **Commit Message Format** below), the associated opened issue number, a dash and some text describing the issue (using dash as a separator).
+When creating a new branch, prefix it with the *type* of the change (see section **Commit Message Format** below), the associated opened issue number, a dash and some text describing the issue (using dash as a separator).

 For example, if you work on a bugfix for the issue #361, you could name the branch `fix361-template-selection`.

 ## Issues open to contribution

-Want to contribute but don't know where to start? Have a look at the issues labeled with the `good first issue` label: https://github.com/portainer/portainer/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22
+Want to contribute but don't know where to start?
+
+Some of the open issues are labeled with prefix `exp/`, this is used to mark them as available for contributors to work on. All of these have an attributed difficulty level:
+
+* **beginner**: a task that should be accessible with users not familiar with the codebase
+* **intermediate**: a task that require some understanding of the project codebase or some experience in
+either AngularJS or Golang
+* **advanced**: a task that require a deep understanding of the project codebase
+
+You can use Github filters to list these issues:
+
+* beginner labeled issues: https://github.com/portainer/portainer/labels/exp%2Fbeginner
+* intermediate labeled issues: https://github.com/portainer/portainer/labels/exp%2Fintermediate
+* advanced labeled issues: https://github.com/portainer/portainer/labels/exp%2Fadvanced
+

 ## Commit Message Format

@@ -37,14 +51,14 @@ Lines should not exceed 100 characters. This allows the message to be easier to

 Must be one of the following:

- **feat**: A new feature
- **fix**: A bug fix
- **docs**: Documentation only changes
- **style**: Changes that do not affect the meaning of the code (white-space, formatting, missing
+* **feat**: A new feature
+* **fix**: A bug fix
+* **docs**: Documentation only changes
+* **style**: Changes that do not affect the meaning of the code (white-space, formatting, missing
  semi-colons, etc)
- **refactor**: A code change that neither fixes a bug or adds a feature
- **test**: Adding missing tests
- **chore**: Changes to the build process or auxiliary tools and libraries such as documentation
+* **refactor**: A code change that neither fixes a bug or adds a feature
+* **test**: Adding missing tests
+* **chore**: Changes to the build process or auxiliary tools and libraries such as documentation
  generation

 ### Scope
@@ -57,9 +71,9 @@ You can use the **area** label tag associated on the issue here (for `area/conta

 The subject contains succinct description of the change:

- use the imperative, present tense: "change" not "changed" nor "changes"
- don't capitalize first letter
- no dot (.) at the end
+* use the imperative, present tense: "change" not "changed" nor "changes"
+* don't capitalize first letter
+* no dot (.) at the end

 ## Contribution process

@@ -74,62 +88,3 @@ Our contribution process is described below. Some of the steps can be visualized
 The feature request process is similar to the bug report process but has an extra functional validation before the technical validation as well as a documentation validation before the testing phase.

 ![portainer_featurerequest_workflow](https://user-images.githubusercontent.com/5485061/45727229-5ad39f00-bbf5-11e8-9550-16ba66c50615.png)
-
-## Build Portainer locally
-
-Ensure you have Docker, Node.js, yarn, and Golang installed in the correct versions.
-
-Install dependencies with yarn:
-
-```sh
-$ yarn
-```
-
-Then build and run the project:
-
-```sh
-$ yarn start
-```
-
-Portainer can now be accessed at <http://localhost:9000>.
-
-Find more detailed steps at <https://documentation.portainer.io/contributing/instructions/>.
-
-## Adding api docs
-
-When adding a new resource (or a route handler), we should add a new tag to api/http/handler/handler.go#L136 like this:
-
-```
-// @tag.name <Name of resource>
-// @tag.description a short description
-```
-
-When adding a new route to an existing handler use the following as a template (you can use `swapi` snippet if you're using vscode):
-
-```
-// @id
-// @summary
-// @description
-// @description **Access policy**:
-// @tags
-// @security jwt
-// @accept json
-// @produce json
-// @param id path int true "identifier"
-// @param body body Object true "details"
-// @success 200 {object} portainer. "Success"
-// @success 204 "Success"
-// @failure 400 "Invalid request"
-// @failure 403 "Permission denied"
-// @failure 404 " not found"
-// @failure 500 "Server error"
-// @router /{id} [get]
-```
-
-explanation about each line can be found (here)[https://github.com/swaggo/swag#api-operation]
-
-## Licensing
-
-See the [LICENSE](https://github.com/portainer/portainer/blob/develop/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
-
-We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
--- a/README.md
+++ b/README.md
@@ -1,16 +1,17 @@
 <p align="center">
-  <img title="portainer" src='https://github.com/portainer/portainer/blob/develop/app/assets/images/logo_alt.png?raw=true' />
+  <img title="portainer" src='https://github.com/portainer/portainer/blob/develop/assets/images/logo_alt.png?raw=true' />
 </p>

 [![Docker Pulls](https://img.shields.io/docker/pulls/portainer/portainer.svg)](https://hub.docker.com/r/portainer/portainer/)
-[![Microbadger](https://images.microbadger.com/badges/image/portainer/portainer.svg)](http://microbadger.com/images/portainer/portainer 'Image size')
+[![Microbadger](https://images.microbadger.com/badges/image/portainer/portainer.svg)](http://microbadger.com/images/portainer/portainer "Image size")
+[![Documentation Status](https://readthedocs.org/projects/portainer/badge/?version=stable)](http://portainer.readthedocs.io/en/stable/?badge=stable)
 [![Build Status](https://portainer.visualstudio.com/Portainer%20CI/_apis/build/status/Portainer%20CI?branchName=develop)](https://portainer.visualstudio.com/Portainer%20CI/_build/latest?definitionId=3&branchName=develop)
 [![Code Climate](https://codeclimate.com/github/portainer/portainer/badges/gpa.svg)](https://codeclimate.com/github/portainer/portainer)
 [![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=YHXZJQNJQ36H6)

 **_Portainer_** is a lightweight management UI which allows you to **easily** manage your different Docker environments (Docker hosts or Swarm clusters).
 **_Portainer_** is meant to be as **simple** to deploy as it is to use. It consists of a single container that can run on any Docker engine (can be deployed as Linux container or a Windows native container, supports other platforms too).
-**_Portainer_** allows you to manage all your Docker resources (containers, images, volumes, networks and more!) It is compatible with the _standalone Docker_ engine and with _Docker Swarm mode_.
+**_Portainer_** allows you to manage your all your Docker resources (containers, images, volumes, networks and more) ! It is compatible with the *standalone Docker* engine and with *Docker Swarm mode*.

 ## Demo

@@ -24,45 +25,43 @@ Alternatively, you can deploy a copy of the demo stack inside a [play-with-docke
 - Sign in with your [Docker ID](https://docs.docker.com/docker-id)
 - Follow [these](https://github.com/portainer/portainer-demo/blob/master/play-with-docker/docker-stack.yml#L5-L8) steps.

-Unlike the public demo, the playground sessions are deleted after 4 hours. Apart from that, all the settings are the same, including default credentials.
+Unlike the public demo, the playground sessions are deleted after 4 hours. Apart from that, all the settings are same, including default credentials.

 ## Getting started

- [Deploy Portainer](https://documentation.portainer.io/quickstart/)
- [Documentation](https://documentation.portainer.io)
- [Building Portainer](https://documentation.portainer.io/contributing/instructions/)
+* [Deploy Portainer](https://portainer.readthedocs.io/en/latest/deployment.html)
+* [Documentation](https://portainer.readthedocs.io)

 ## Getting help

-For FORMAL Support, please purchase a support subscription from here: https://www.portainer.io/products/portainer-business
+**NOTE**: You can find more information about Portainer support framework policy here: https://www.portainer.io/2019/04/portainer-support-policy/

-For community support: You can find more information about Portainer's community support framework policy here: https://www.portainer.io/products/community-edition/customer-success
-
- Issues: https://github.com/portainer/portainer/issues
- FAQ: https://documentation.portainer.io
- Slack (chat): https://portainer.io/slack/
+* Issues: https://github.com/portainer/portainer/issues
+* FAQ: https://portainer.readthedocs.io/en/latest/faq.html
+* Slack (chat): https://portainer.io/slack/

 ## Reporting bugs and contributing

- Want to report a bug or request a feature? Please open [an issue](https://github.com/portainer/portainer/issues/new).
- Want to help us build **_portainer_**? Follow our [contribution guidelines](https://documentation.portainer.io/contributing/instructions/) to build it locally and make a pull request. We need all the help we can get!
-
-## Security
-
- Here at Portainer, we believe in [responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure) of security issues. If you have found a security issue, please report it to <security@portainer.io>.
-
-## Privacy
-
-**To make sure we focus our development effort in the right places we need to know which features get used most often. To give us this information we use [Matomo Analytics](https://matomo.org/), which is hosted in Germany and is fully GDPR compliant.**
-
-When Portainer first starts, you are given the option to DISABLE analytics. If you **don't** choose to disable it, we collect anonymous usage as per [our privacy policy](https://www.portainer.io/documentation/in-app-analytics-and-privacy-policy/). **Please note**, there is no personally identifiable information sent or stored at any time and we only use the data to help us improve Portainer.
+* Want to report a bug or request a feature? Please open [an issue](https://github.com/portainer/portainer/issues/new).
+* Want to help us build **_portainer_**? Follow our [contribution guidelines](https://portainer.readthedocs.io/en/latest/contribute.html) to build it  locally and make a pull request. We need all the help we can get!

 ## Limitations

-Portainer supports "Current - 2 docker versions only. Prior versions may operate, however these are not supported.
+**_Portainer_** has full support for the following Docker versions:
+
+* Docker 1.10 to the latest version
+* Standalone Docker Swarm >= 1.2.3 _(**NOTE:** Use of Standalone Docker Swarm is being discouraged since the introduction of built-in Swarm Mode in Docker. While older versions of Portainer had support for Standalone Docker Swarm, Portainer 1.17.0 and newer **do not** support it. However, the built-in Swarm Mode of Docker is fully supported.)_
+
+Partial support for the following Docker versions (some features may not be available):
+
+* Docker 1.9

 ## Licensing

 Portainer is licensed under the zlib license. See [LICENSE](./LICENSE) for reference.

-Portainer also contains code from open source projects. See [ATTRIBUTIONS.md](./ATTRIBUTIONS.md) for a list.
+Portainer also contains the following code, which is licensed under the [MIT license](https://opensource.org/licenses/MIT):
+
+UI For Docker: Copyright (c) 2013-2016 Michael Crosby (crosbymichael.com), Kevan Ahlquist (kevanahlquist.com), Anthony Lapenna (portainer.io)
+
+rdash-angular: Copyright (c) [2014] [Elliot Hesp]
--- a/api/adminmonitor/admin_monitor.go
+++ b/api/adminmonitor/admin_monitor.go
@@ -1,69 +0,0 @@
-package adminmonitor
-
-import (
-	"context"
-	"log"
-	"time"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-var logFatalf = log.Fatalf
-
-type Monitor struct {
-	timeout          time.Duration
-	datastore        portainer.DataStore
-	shutdownCtx      context.Context
-	cancellationFunc context.CancelFunc
-}
-
-// New creates a monitor that when started will wait for the timeout duration and then shutdown the application unless it has been initialized.
-func New(timeout time.Duration, datastore portainer.DataStore, shutdownCtx context.Context) *Monitor {
-	return &Monitor{
-		timeout:     timeout,
-		datastore:   datastore,
-		shutdownCtx: shutdownCtx,
-	}
-}
-
-// Starts starts the monitor. Active monitor could be stopped or shuttted down by cancelling the shutdown context.
-func (m *Monitor) Start() {
-	cancellationCtx, cancellationFunc := context.WithCancel(context.Background())
-	m.cancellationFunc = cancellationFunc
-
-	go func() {
-		log.Println("[DEBUG] [internal,init] [message: start initialization monitor ]")
-		select {
-		case <-time.After(m.timeout):
-			initialized, err := m.WasInitialized()
-			if err != nil {
-				logFatalf("%s", err)
-			}
-			if !initialized {
-				logFatalf("[FATAL] [internal,init] No administrator account was created in %f mins. Shutting down the Portainer instance for security reasons", m.timeout.Minutes())
-			}
-		case <-cancellationCtx.Done():
-			log.Println("[DEBUG] [internal,init] [message: canceling initialization monitor]")
-		case <-m.shutdownCtx.Done():
-			log.Println("[DEBUG] [internal,init] [message: shutting down initialization monitor]")
-		}
-	}()
-}
-
-// Stop stops monitor. Safe to call even if monitor wasn't started.
-func (m *Monitor) Stop() {
-	if m.cancellationFunc == nil {
-		return
-	}
-	m.cancellationFunc()
-	m.cancellationFunc = nil
-}
-
-// WasInitialized is a system initialization check
-func (m *Monitor) WasInitialized() (bool, error) {
-	users, err := m.datastore.User().UsersByRole(portainer.AdministratorRole)
-	if err != nil {
-		return false, err
-	}
-	return len(users) > 0, nil
-}
--- a/api/adminmonitor/admin_monitor_test.go
+++ b/api/adminmonitor/admin_monitor_test.go
@@ -1,50 +0,0 @@
-package adminmonitor
-
-import (
-	"context"
-	"testing"
-	"time"
-
-	portainer "github.com/portainer/portainer/api"
-	i "github.com/portainer/portainer/api/internal/testhelpers"
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_stopWithoutStarting(t *testing.T) {
-	monitor := New(1*time.Minute, nil, nil)
-	monitor.Stop()
-}
-
-func Test_stopCouldBeCalledMultipleTimes(t *testing.T) {
-	monitor := New(1*time.Minute, nil, nil)
-	monitor.Stop()
-	monitor.Stop()
-}
-
-func Test_canStopStartedMonitor(t *testing.T) {
-	monitor := New(1*time.Minute, nil, context.Background())
-	monitor.Start()
-	assert.NotNil(t, monitor.cancellationFunc, "cancellation function is missing in started monitor")
-
-	monitor.Stop()
-	assert.Nil(t, monitor.cancellationFunc, "cancellation function should absent in stopped monitor")
-}
-
-func Test_start_shouldFatalAfterTimeout_ifNotInitialized(t *testing.T) {
-	timeout := 10 * time.Millisecond
-
-	datastore := i.NewDatastore(i.WithUsers([]portainer.User{}))
-
-	var fataled bool
-	origLogFatalf := logFatalf
-	logFatalf = func(s string, v ...interface{}) { fataled = true }
-	defer func() {
-		logFatalf = origLogFatalf
-	}()
-
-	monitor := New(timeout, datastore, context.Background())
-	monitor.Start()
-	<-time.After(2 * timeout)
-
-	assert.True(t, fataled, "monitor should been timeout and fatal")
-}
--- a/api/api-description.md
+++ b/api/api-description.md
@@ -1,53 +0,0 @@
-Portainer API is an HTTP API served by Portainer. It is used by the Portainer UI and everything you can do with the UI can be done using the HTTP API.
-Examples are available at https://gist.github.com/deviantony/77026d402366b4b43fa5918d41bc42f8
-You can find out more about Portainer at [http://portainer.io](http://portainer.io) and get some support on [Slack](http://portainer.io/slack/).
-
-# Authentication
-
-Most of the API endpoints require to be authenticated as well as some level of authorization to be used.
-Portainer API uses JSON Web Token to manage authentication and thus requires you to provide a token in the **Authorization** header of each request
-with the **Bearer** authentication mechanism.
-
-Example:
-
-```
-Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE
-```
-
-# Security
-
-Each API endpoint has an associated access policy, it is documented in the description of each endpoint.
-
-Different access policies are available:
-
- Public access
- Authenticated access
- Restricted access
- Administrator access
-
-### Public access
-
-No authentication is required to access the endpoints with this access policy.
-
-### Authenticated access
-
-Authentication is required to access the endpoints with this access policy.
-
-### Restricted access
-
-Authentication is required to access the endpoints with this access policy.
-Extra-checks might be added to ensure access to the resource is granted. Returned data might also be filtered.
-
-### Administrator access
-
-Authentication as well as an administrator role are required to access the endpoints with this access policy.
-
-# Execute Docker requests
-
-Portainer **DO NOT** expose specific endpoints to manage your Docker resources (create a container, remove a volume, etc...).
-
-Instead, it acts as a reverse-proxy to the Docker HTTP API. This means that you can execute Docker requests **via** the Portainer HTTP API.
-
-To do so, you can use the `/endpoints/{id}/docker` Portainer API endpoint (which is not documented below due to Swagger limitations). This endpoint has a restricted access policy so you still need to be authenticated to be able to query this endpoint. Any query on this endpoint will be proxied to the Docker API of the associated endpoint (requests and responses objects are the same as documented in the Docker API).
-
-**NOTE**: You can find more information on how to query the Docker API in the [Docker official documentation](https://docs.docker.com/engine/api/v1.30/) as well as in [this Portainer example](https://gist.github.com/deviantony/77026d402366b4b43fa5918d41bc42f8).
--- a/api/archive/targz.go
+++ b/api/archive/targz.go
@@ -1,119 +0,0 @@
-package archive
-
-import (
-	"archive/tar"
-	"compress/gzip"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"strings"
-)
-
-// TarGzDir creates a tar.gz archive and returns it's path.
-// abosolutePath should be an absolute path to a directory.
-// Archive name will be <directoryName>.tar.gz and will be placed next to the directory.
-func TarGzDir(absolutePath string) (string, error) {
-	targzPath := filepath.Join(absolutePath, fmt.Sprintf("%s.tar.gz", filepath.Base(absolutePath)))
-	outFile, err := os.Create(targzPath)
-	if err != nil {
-		return "", err
-	}
-	defer outFile.Close()
-
-	zipWriter := gzip.NewWriter(outFile)
-	defer zipWriter.Close()
-	tarWriter := tar.NewWriter(zipWriter)
-	defer tarWriter.Close()
-
-	err = filepath.Walk(absolutePath, func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-
-		if path == targzPath {
-			return nil // skip archive file
-		}
-
-		pathInArchive := filepath.Clean(strings.TrimPrefix(path, absolutePath))
-		if pathInArchive == "" {
-			return nil // skip root dir
-		}
-
-		return addToArchive(tarWriter, pathInArchive, path, info)
-	})
-
-	return targzPath, err
-}
-
-func addToArchive(tarWriter *tar.Writer, pathInArchive string, path string, info os.FileInfo) error {
-	header, err := tar.FileInfoHeader(info, info.Name())
-	if err != nil {
-		return err
-	}
-
-	header.Name = pathInArchive // use relative paths in archive
-
-	err = tarWriter.WriteHeader(header)
-	if err != nil {
-		return err
-	}
-
-	if info.IsDir() {
-		return nil
-	}
-
-	file, err := os.Open(path)
-	if err != nil {
-		return err
-	}
-	_, err = io.Copy(tarWriter, file)
-	return err
-}
-
-// ExtractTarGz reads a .tar.gz archive from the reader and extracts it into outputDirPath directory
-func ExtractTarGz(r io.Reader, outputDirPath string) error {
-	zipReader, err := gzip.NewReader(r)
-	if err != nil {
-		return err
-	}
-	defer zipReader.Close()
-
-	tarReader := tar.NewReader(zipReader)
-
-	for {
-		header, err := tarReader.Next()
-
-		if err == io.EOF {
-			break
-		}
-
-		if err != nil {
-			return err
-		}
-
-		switch header.Typeflag {
-		case tar.TypeDir:
-			// skip, dir will be created with a file
-		case tar.TypeReg:
-			p := filepath.Clean(filepath.Join(outputDirPath, header.Name))
-			if err := os.MkdirAll(filepath.Dir(p), 0744); err != nil {
-				return fmt.Errorf("Failed to extract dir %s", filepath.Dir(p))
-			}
-			outFile, err := os.Create(p)
-			if err != nil {
-				return fmt.Errorf("Failed to create file %s", header.Name)
-			}
-			if _, err := io.Copy(outFile, tarReader); err != nil {
-				return fmt.Errorf("Failed to extract file %s", header.Name)
-			}
-			outFile.Close()
-		default:
-			return fmt.Errorf("Tar: uknown type: %v in %s",
-				header.Typeflag,
-				header.Name)
-		}
-	}
-
-	return nil
-}
--- a/api/archive/targz_test.go
+++ b/api/archive/targz_test.go
@@ -1,99 +0,0 @@
-package archive
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path"
-	"path/filepath"
-	"testing"
-
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/stretchr/testify/assert"
-)
-
-func listFiles(dir string) []string {
-	items := make([]string, 0)
-	filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
-		if path == dir {
-			return nil
-		}
-		items = append(items, path)
-		return nil
-	})
-
-	return items
-}
-
-func Test_shouldCreateArhive(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	content := []byte("content")
-	ioutil.WriteFile(path.Join(tmpdir, "outer"), content, 0600)
-	os.MkdirAll(path.Join(tmpdir, "dir"), 0700)
-	ioutil.WriteFile(path.Join(tmpdir, "dir", ".dotfile"), content, 0600)
-	ioutil.WriteFile(path.Join(tmpdir, "dir", "inner"), content, 0600)
-
-	gzPath, err := TarGzDir(tmpdir)
-	assert.Nil(t, err)
-	assert.Equal(t, filepath.Join(tmpdir, fmt.Sprintf("%s.tar.gz", filepath.Base(tmpdir))), gzPath)
-
-	extractionDir, _ := ioutils.TempDir("", "extract")
-	defer os.RemoveAll(extractionDir)
-
-	cmd := exec.Command("tar", "-xzf", gzPath, "-C", extractionDir)
-	err = cmd.Run()
-	if err != nil {
-		t.Fatal("Failed to extract archive: ", err)
-	}
-	extractedFiles := listFiles(extractionDir)
-
-	wasExtracted := func(p string) {
-		fullpath := path.Join(extractionDir, p)
-		assert.Contains(t, extractedFiles, fullpath)
-		copyContent, _ := ioutil.ReadFile(fullpath)
-		assert.Equal(t, content, copyContent)
-	}
-
-	wasExtracted("outer")
-	wasExtracted("dir/inner")
-	wasExtracted("dir/.dotfile")
-}
-
-func Test_shouldCreateArhiveXXXXX(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	content := []byte("content")
-	ioutil.WriteFile(path.Join(tmpdir, "outer"), content, 0600)
-	os.MkdirAll(path.Join(tmpdir, "dir"), 0700)
-	ioutil.WriteFile(path.Join(tmpdir, "dir", ".dotfile"), content, 0600)
-	ioutil.WriteFile(path.Join(tmpdir, "dir", "inner"), content, 0600)
-
-	gzPath, err := TarGzDir(tmpdir)
-	assert.Nil(t, err)
-	assert.Equal(t, filepath.Join(tmpdir, fmt.Sprintf("%s.tar.gz", filepath.Base(tmpdir))), gzPath)
-
-	extractionDir, _ := ioutils.TempDir("", "extract")
-	defer os.RemoveAll(extractionDir)
-
-	r, _ := os.Open(gzPath)
-	ExtractTarGz(r, extractionDir)
-	if err != nil {
-		t.Fatal("Failed to extract archive: ", err)
-	}
-	extractedFiles := listFiles(extractionDir)
-
-	wasExtracted := func(p string) {
-		fullpath := path.Join(extractionDir, p)
-		assert.Contains(t, extractedFiles, fullpath)
-		copyContent, _ := ioutil.ReadFile(fullpath)
-		assert.Equal(t, content, copyContent)
-	}
-
-	wasExtracted("outer")
-	wasExtracted("dir/inner")
-	wasExtracted("dir/.dotfile")
-}
--- a/api/archive/testdata/sample_archive.zip
+++ b/api/archive/testdata/sample_archive.zip
--- a/api/archive/zip.go
+++ b/api/archive/zip.go
@@ -3,13 +3,10 @@ package archive
 import (
 	"archive/zip"
 	"bytes"
-	"fmt"
-	"github.com/pkg/errors"
 	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
-	"strings"
 )

 // UnzipArchive will unzip an archive from bytes into the dest destination folder on disk
@@ -20,94 +17,31 @@ func UnzipArchive(archiveData []byte, dest string) error {
 	}

 	for _, zipFile := range zipReader.File {
-		err := extractFileFromArchive(zipFile, dest)
+
+		f, err := zipFile.Open()
 		if err != nil {
 			return err
 		}
-	}
+		defer f.Close()

-	return nil
-}
-
-func extractFileFromArchive(file *zip.File, dest string) error {
-	f, err := file.Open()
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	data, err := ioutil.ReadAll(f)
-	if err != nil {
-		return err
-	}
-
-	fpath := filepath.Join(dest, file.Name)
-
-	outFile, err := os.OpenFile(fpath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, file.Mode())
-	if err != nil {
-		return err
-	}
-
-	_, err = io.Copy(outFile, bytes.NewReader(data))
-	if err != nil {
-		return err
-	}
-
-	return outFile.Close()
-}
-
-// UnzipFile will decompress a zip archive, moving all files and folders
-// within the zip file (parameter 1) to an output directory (parameter 2).
-func UnzipFile(src string, dest string) error {
-	r, err := zip.OpenReader(src)
-	if err != nil {
-		return err
-	}
-	defer r.Close()
-
-	for _, f := range r.File {
-		p := filepath.Join(dest, f.Name)
-
-		// Check for ZipSlip. More Info: http://bit.ly/2MsjAWE
-		if !strings.HasPrefix(p, filepath.Clean(dest)+string(os.PathSeparator)) {
-			return fmt.Errorf("%s: illegal file path", p)
-		}
-
-		if f.FileInfo().IsDir() {
-			// Make Folder
-			os.MkdirAll(p, os.ModePerm)
-			continue
-		}
-
-		err = unzipFile(f, p)
+		data, err := ioutil.ReadAll(f)
 		if err != nil {
 			return err
 		}
-	}
-
-	return nil
-}
-
-func unzipFile(f *zip.File, p string) error {
-	// Make File
-	if err := os.MkdirAll(filepath.Dir(p), os.ModePerm); err != nil {
-		return errors.Wrapf(err, "unzipFile: can't make a path %s", p)
-	}
-	outFile, err := os.OpenFile(p, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
-	if err != nil {
-		return errors.Wrapf(err, "unzipFile: can't create file %s", p)
-	}
-	defer outFile.Close()
-	rc, err := f.Open()
-	if err != nil {
-		return errors.Wrapf(err, "unzipFile: can't open zip file %s in the archive", f.Name)
-	}
-	defer rc.Close()
-
-	_, err = io.Copy(outFile, rc)
-
-	if err != nil {
-		return errors.Wrapf(err, "unzipFile: can't copy an archived file content")
+
+		fpath := filepath.Join(dest, zipFile.Name)
+
+		outFile, err := os.OpenFile(fpath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, zipFile.Mode())
+		if err != nil {
+			return err
+		}
+
+		_, err = io.Copy(outFile, bytes.NewReader(data))
+		if err != nil {
+			return err
+		}
+
+		outFile.Close()
 	}

 	return nil
--- a/api/archive/zip_test.go
+++ b/api/archive/zip_test.go
@@ -1,32 +0,0 @@
-package archive
-
-import (
-	"github.com/stretchr/testify/assert"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-func TestUnzipFile(t *testing.T) {
-	dir, err := ioutil.TempDir("", "unzip-test-")
-	assert.NoError(t, err)
-	defer os.RemoveAll(dir)
-	/*
-		Archive structure.
-		├── 0
-		│	├── 1
-		│	│	└── 2.txt
-		│	└── 1.txt
-		└── 0.txt
-	*/
-
-	err = UnzipFile("./testdata/sample_archive.zip", dir)
-
-	assert.NoError(t, err)
-	archiveDir := dir + "/sample_archive"
-	assert.FileExists(t, filepath.Join(archiveDir, "0.txt"))
-	assert.FileExists(t, filepath.Join(archiveDir, "0", "1.txt"))
-	assert.FileExists(t, filepath.Join(archiveDir, "0", "1", "2.txt"))
-
-}
--- a/api/backup/backup.go
+++ b/api/backup/backup.go
@@ -1,83 +0,0 @@
-package backup
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-	"time"
-
-	"github.com/pkg/errors"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/archive"
-	"github.com/portainer/portainer/api/crypto"
-	"github.com/portainer/portainer/api/http/offlinegate"
-)
-
-const rwxr__r__ os.FileMode = 0744
-
-var filesToBackup = []string{"compose", "config.json", "custom_templates", "edge_jobs", "edge_stacks", "extensions", "portainer.key", "portainer.pub", "tls"}
-
-// Creates a tar.gz system archive and encrypts it if password is not empty. Returns a path to the archive file.
-func CreateBackupArchive(password string, gate *offlinegate.OfflineGate, datastore portainer.DataStore, filestorePath string) (string, error) {
-	unlock := gate.Lock()
-	defer unlock()
-
-	backupDirPath := filepath.Join(filestorePath, "backup", time.Now().Format("2006-01-02_15-04-05"))
-	if err := os.MkdirAll(backupDirPath, rwxr__r__); err != nil {
-		return "", errors.Wrap(err, "Failed to create backup dir")
-	}
-
-	if err := backupDb(backupDirPath, datastore); err != nil {
-		return "", errors.Wrap(err, "Failed to backup database")
-	}
-
-	for _, filename := range filesToBackup {
-		err := copyPath(filepath.Join(filestorePath, filename), backupDirPath)
-		if err != nil {
-			return "", errors.Wrap(err, "Failed to create backup file")
-		}
-	}
-
-	archivePath, err := archive.TarGzDir(backupDirPath)
-	if err != nil {
-		return "", errors.Wrap(err, "Failed to make an archive")
-	}
-
-	if password != "" {
-		archivePath, err = encrypt(archivePath, password)
-		if err != nil {
-			return "", errors.Wrap(err, "Failed to encrypt backup with the password")
-		}
-	}
-
-	return archivePath, nil
-}
-
-func backupDb(backupDirPath string, datastore portainer.DataStore) error {
-	backupWriter, err := os.Create(filepath.Join(backupDirPath, "portainer.db"))
-	if err != nil {
-		return err
-	}
-	if err = datastore.BackupTo(backupWriter); err != nil {
-		return err
-	}
-	return backupWriter.Close()
-}
-
-func encrypt(path string, passphrase string) (string, error) {
-	in, err := os.Open(path)
-	if err != nil {
-		return "", err
-	}
-	defer in.Close()
-
-	outFileName := fmt.Sprintf("%s.encrypted", path)
-	out, err := os.Create(outFileName)
-	if err != nil {
-		return "", err
-	}
-
-	err = crypto.AesEncrypt(in, out, []byte(passphrase))
-
-	return outFileName, err
-}
--- a/api/backup/copy.go
+++ b/api/backup/copy.go
@@ -1,68 +0,0 @@
-package backup
-
-import (
-	"errors"
-	"io"
-	"os"
-	"path/filepath"
-	"strings"
-)
-
-func copyPath(path string, toDir string) error {
-	info, err := os.Stat(path)
-	if err != nil && errors.Is(err, os.ErrNotExist) {
-		// skip copy if file does not exist
-		return nil
-	}
-
-	if !info.IsDir() {
-		destination := filepath.Join(toDir, info.Name())
-		return copyFile(path, destination)
-	}
-
-	return copyDir(path, toDir)
-}
-
-func copyDir(fromDir, toDir string) error {
-	cleanedSourcePath := filepath.Clean(fromDir)
-	parentDirectory := filepath.Dir(cleanedSourcePath)
-	err := filepath.Walk(cleanedSourcePath, func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-		destination := filepath.Join(toDir, strings.TrimPrefix(path, parentDirectory))
-		if info.IsDir() {
-			return nil // skip directory creations
-		}
-
-		if info.Mode()&os.ModeSymlink != 0 { // entry is a symlink
-			return nil // don't copy symlinks
-		}
-
-		return copyFile(path, destination)
-	})
-
-	return err
-}
-
-// copies regular a file from src to dst
-func copyFile(src, dst string) error {
-	from, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer from.Close()
-
-	// has to include 'execute' bit, otherwise fails. MkdirAll follows `mkdir -m` restrictions
-	if err := os.MkdirAll(filepath.Dir(dst), 0744); err != nil {
-		return err
-	}
-	to, err := os.Create(dst)
-	if err != nil {
-		return err
-	}
-	defer to.Close()
-
-	_, err = io.Copy(to, from)
-	return err
-}
--- a/api/backup/copy_test.go
+++ b/api/backup/copy_test.go
@@ -1,105 +0,0 @@
-package backup
-
-import (
-	"io/ioutil"
-	"os"
-	"path"
-	"path/filepath"
-	"testing"
-
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/stretchr/testify/assert"
-)
-
-func listFiles(dir string) []string {
-	items := make([]string, 0)
-	filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
-		if path == dir {
-			return nil
-		}
-		items = append(items, path)
-		return nil
-	})
-
-	return items
-}
-
-func contains(t *testing.T, list []string, path string) {
-	assert.Contains(t, list, path)
-	copyContent, _ := ioutil.ReadFile(path)
-	assert.Equal(t, "content\n", string(copyContent))
-}
-
-func Test_copyFile_returnsError_whenSourceDoesNotExist(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	err := copyFile("does-not-exist", tmpdir)
-	assert.NotNil(t, err)
-}
-
-func Test_copyFile_shouldMakeAbackup(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	content := []byte("content")
-	ioutil.WriteFile(path.Join(tmpdir, "origin"), content, 0600)
-
-	err := copyFile(path.Join(tmpdir, "origin"), path.Join(tmpdir, "copy"))
-	assert.Nil(t, err)
-
-	copyContent, _ := ioutil.ReadFile(path.Join(tmpdir, "copy"))
-	assert.Equal(t, content, copyContent)
-}
-
-func Test_copyDir_shouldCopyAllFilesAndDirectories(t *testing.T) {
-	destination, _ := ioutils.TempDir("", "destination")
-	defer os.RemoveAll(destination)
-	err := copyDir("./test_assets/copy_test", destination)
-	assert.Nil(t, err)
-
-	createdFiles := listFiles(destination)
-
-	contains(t, createdFiles, filepath.Join(destination, "copy_test", "outer"))
-	contains(t, createdFiles, filepath.Join(destination, "copy_test", "dir", ".dotfile"))
-	contains(t, createdFiles, filepath.Join(destination, "copy_test", "dir", "inner"))
-}
-
-func Test_backupPath_shouldSkipWhenNotExist(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	err := copyPath("does-not-exists", tmpdir)
-	assert.Nil(t, err)
-
-	assert.Empty(t, listFiles(tmpdir))
-}
-
-func Test_backupPath_shouldCopyFile(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "backup")
-	defer os.RemoveAll(tmpdir)
-
-	content := []byte("content")
-	ioutil.WriteFile(path.Join(tmpdir, "file"), content, 0600)
-
-	os.MkdirAll(path.Join(tmpdir, "backup"), 0700)
-	err := copyPath(path.Join(tmpdir, "file"), path.Join(tmpdir, "backup"))
-	assert.Nil(t, err)
-
-	copyContent, err := ioutil.ReadFile(path.Join(tmpdir, "backup", "file"))
-	assert.Nil(t, err)
-	assert.Equal(t, content, copyContent)
-}
-
-func Test_backupPath_shouldCopyDir(t *testing.T) {
-	destination, _ := ioutils.TempDir("", "destination")
-	defer os.RemoveAll(destination)
-	err := copyPath("./test_assets/copy_test", destination)
-	assert.Nil(t, err)
-
-	createdFiles := listFiles(destination)
-
-	contains(t, createdFiles, filepath.Join(destination, "copy_test", "outer"))
-	contains(t, createdFiles, filepath.Join(destination, "copy_test", "dir", ".dotfile"))
-	contains(t, createdFiles, filepath.Join(destination, "copy_test", "dir", "inner"))
-}
--- a/api/backup/restore.go
+++ b/api/backup/restore.go
@@ -1,68 +0,0 @@
-package backup
-
-import (
-	"context"
-	"io"
-	"os"
-	"path/filepath"
-	"time"
-
-	"github.com/pkg/errors"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/archive"
-	"github.com/portainer/portainer/api/crypto"
-	"github.com/portainer/portainer/api/http/offlinegate"
-)
-
-var filesToRestore = append(filesToBackup, "portainer.db")
-
-// Restores system state from backup archive, will trigger system shutdown, when finished.
-func RestoreArchive(archive io.Reader, password string, filestorePath string, gate *offlinegate.OfflineGate, datastore portainer.DataStore, shutdownTrigger context.CancelFunc) error {
-	var err error
-	if password != "" {
-		archive, err = decrypt(archive, password)
-		if err != nil {
-			return errors.Wrap(err, "failed to decrypt the archive")
-		}
-	}
-
-	restorePath := filepath.Join(filestorePath, "restore", time.Now().Format("20060102150405"))
-	defer os.RemoveAll(filepath.Dir(restorePath))
-
-	err = extractArchive(archive, restorePath)
-	if err != nil {
-		return errors.Wrap(err, "cannot extract files from the archive. Please ensure the password is correct and try again")
-	}
-
-	unlock := gate.Lock()
-	defer unlock()
-
-	if err = datastore.Close(); err != nil {
-		return errors.Wrap(err, "Failed to stop db")
-	}
-
-	if err = restoreFiles(restorePath, filestorePath); err != nil {
-		return errors.Wrap(err, "failed to restore the system state")
-	}
-
-	shutdownTrigger()
-	return nil
-}
-
-func decrypt(r io.Reader, password string) (io.Reader, error) {
-	return crypto.AesDecrypt(r, []byte(password))
-}
-
-func extractArchive(r io.Reader, destinationDirPath string) error {
-	return archive.ExtractTarGz(r, destinationDirPath)
-}
-
-func restoreFiles(srcDir string, destinationDir string) error {
-	for _, filename := range filesToRestore {
-		err := copyPath(filepath.Join(srcDir, filename), destinationDir)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
--- a/api/backup/test_assets/copy_test/dir/.dotfile
+++ b/api/backup/test_assets/copy_test/dir/.dotfile
@@ -1 +0,0 @@
-content
--- a/api/backup/test_assets/copy_test/dir/inner
+++ b/api/backup/test_assets/copy_test/dir/inner
@@ -1 +0,0 @@
-content
--- a/api/backup/test_assets/copy_test/outer
+++ b/api/backup/test_assets/copy_test/outer
@@ -1 +0,0 @@
-content
--- a/api/bolt/bolttest/datastore.go
+++ b/api/bolt/bolttest/datastore.go
@@ -1,73 +0,0 @@
-package bolttest
-
-import (
-	"io/ioutil"
-	"log"
-	"os"
-
-	"github.com/pkg/errors"
-	"github.com/portainer/portainer/api/bolt"
-	"github.com/portainer/portainer/api/filesystem"
-)
-
-var errTempDir = errors.New("can't create a temp dir")
-
-func MustNewTestStore(init bool) (*bolt.Store, func()) {
-	store, teardown, err := NewTestStore(init)
-	if err != nil {
-		if !errors.Is(err, errTempDir) {
-			teardown()
-		}
-		log.Fatal(err)
-	}
-
-	return store, teardown
-}
-
-func NewTestStore(init bool) (*bolt.Store, func(), error) {
-	// Creates unique temp directory in a concurrency friendly manner.
-	dataStorePath, err := ioutil.TempDir("", "boltdb")
-	if err != nil {
-		return nil, nil, errors.Wrap(errTempDir, err.Error())
-	}
-
-	fileService, err := filesystem.NewService(dataStorePath, "")
-	if err != nil {
-		return nil, nil, err
-	}
-
-	store, err := bolt.NewStore(dataStorePath, fileService)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	err = store.Open()
-	if err != nil {
-		return nil, nil, err
-	}
-
-	if init {
-		err = store.Init()
-		if err != nil {
-			return nil, nil, err
-		}
-	}
-
-	teardown := func() {
-		teardown(store, dataStorePath)
-	}
-
-	return store, teardown, nil
-}
-
-func teardown(store *bolt.Store, dataStorePath string) {
-	err := store.Close()
-	if err != nil {
-		log.Fatalln(err)
-	}
-
-	err = os.RemoveAll(dataStorePath)
-	if err != nil {
-		log.Fatalln(err)
-	}
-}
--- a/api/bolt/customtemplate/customtemplate.go
+++ b/api/bolt/customtemplate/customtemplate.go
@@ -1,96 +0,0 @@
-package customtemplate
-
-import (
-	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "customtemplates"
-)
-
-// Service represents a service for managing custom template data.
-type Service struct {
-	connection *internal.DbConnection
-}
-
-// NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		connection: connection,
-	}, nil
-}
-
-// CustomTemplates return an array containing all the custom templates.
-func (service *Service) CustomTemplates() ([]portainer.CustomTemplate, error) {
-	var customTemplates = make([]portainer.CustomTemplate, 0)
-
-	err := service.connection.View(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		cursor := bucket.Cursor()
-		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
-			var customTemplate portainer.CustomTemplate
-			err := internal.UnmarshalObjectWithJsoniter(v, &customTemplate)
-			if err != nil {
-				return err
-			}
-			customTemplates = append(customTemplates, customTemplate)
-		}
-
-		return nil
-	})
-
-	return customTemplates, err
-}
-
-// CustomTemplate returns an custom template by ID.
-func (service *Service) CustomTemplate(ID portainer.CustomTemplateID) (*portainer.CustomTemplate, error) {
-	var customTemplate portainer.CustomTemplate
-	identifier := internal.Itob(int(ID))
-
-	err := internal.GetObject(service.connection, BucketName, identifier, &customTemplate)
-	if err != nil {
-		return nil, err
-	}
-
-	return &customTemplate, nil
-}
-
-// UpdateCustomTemplate updates an custom template.
-func (service *Service) UpdateCustomTemplate(ID portainer.CustomTemplateID, customTemplate *portainer.CustomTemplate) error {
-	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, customTemplate)
-}
-
-// DeleteCustomTemplate deletes an custom template.
-func (service *Service) DeleteCustomTemplate(ID portainer.CustomTemplateID) error {
-	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
-}
-
-// CreateCustomTemplate assign an ID to a new custom template and saves it.
-func (service *Service) CreateCustomTemplate(customTemplate *portainer.CustomTemplate) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		data, err := internal.MarshalObject(customTemplate)
-		if err != nil {
-			return err
-		}
-
-		return bucket.Put(internal.Itob(int(customTemplate.ID)), data)
-	})
-}
-
-// GetNextIdentifier returns the next identifier for a custom template.
-func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.connection, BucketName)
-}
--- a/api/bolt/datastore.go
+++ b/api/bolt/datastore.go
@@ -1,24 +1,16 @@
 package bolt

 import (
-	"io"
 	"log"
 	"path"
 	"time"

 	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/customtemplate"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/dockerhub"
-	"github.com/portainer/portainer/api/bolt/edgegroup"
-	"github.com/portainer/portainer/api/bolt/edgejob"
-	"github.com/portainer/portainer/api/bolt/edgestack"
 	"github.com/portainer/portainer/api/bolt/endpoint"
 	"github.com/portainer/portainer/api/bolt/endpointgroup"
-	"github.com/portainer/portainer/api/bolt/endpointrelation"
-	"github.com/portainer/portainer/api/bolt/errors"
 	"github.com/portainer/portainer/api/bolt/extension"
-	"github.com/portainer/portainer/api/bolt/internal"
 	"github.com/portainer/portainer/api/bolt/migrator"
 	"github.com/portainer/portainer/api/bolt/registry"
 	"github.com/portainer/portainer/api/bolt/resourcecontrol"
@@ -29,11 +21,10 @@ import (
 	"github.com/portainer/portainer/api/bolt/tag"
 	"github.com/portainer/portainer/api/bolt/team"
 	"github.com/portainer/portainer/api/bolt/teammembership"
-	"github.com/portainer/portainer/api/bolt/tunnelserver"
+	"github.com/portainer/portainer/api/bolt/template"
 	"github.com/portainer/portainer/api/bolt/user"
 	"github.com/portainer/portainer/api/bolt/version"
 	"github.com/portainer/portainer/api/bolt/webhook"
-	"github.com/portainer/portainer/api/internal/authorization"
 )

 const (
@@ -43,40 +34,27 @@ const (
 // Store defines the implementation of portainer.DataStore using
 // BoltDB as the storage system.
 type Store struct {
-	path                    string
-	connection              *internal.DbConnection
-	isNew                   bool
-	fileService             portainer.FileService
-	CustomTemplateService   *customtemplate.Service
-	DockerHubService        *dockerhub.Service
-	EdgeGroupService        *edgegroup.Service
-	EdgeJobService          *edgejob.Service
-	EdgeStackService        *edgestack.Service
-	EndpointGroupService    *endpointgroup.Service
-	EndpointService         *endpoint.Service
-	EndpointRelationService *endpointrelation.Service
-	ExtensionService        *extension.Service
-	RegistryService         *registry.Service
-	ResourceControlService  *resourcecontrol.Service
-	RoleService             *role.Service
-	ScheduleService         *schedule.Service
-	SettingsService         *settings.Service
-	StackService            *stack.Service
-	TagService              *tag.Service
-	TeamMembershipService   *teammembership.Service
-	TeamService             *team.Service
-	TunnelServerService     *tunnelserver.Service
-	UserService             *user.Service
-	VersionService          *version.Service
-	WebhookService          *webhook.Service
-}
-
-func (store *Store) edition() portainer.SoftwareEdition {
-	edition, err := store.VersionService.Edition()
-	if err == errors.ErrObjectNotFound {
-		edition = portainer.PortainerCE
-	}
-	return edition
+	path                   string
+	db                     *bolt.DB
+	checkForDataMigration  bool
+	fileService            portainer.FileService
+	RoleService            *role.Service
+	DockerHubService       *dockerhub.Service
+	EndpointGroupService   *endpointgroup.Service
+	EndpointService        *endpoint.Service
+	ExtensionService       *extension.Service
+	RegistryService        *registry.Service
+	ResourceControlService *resourcecontrol.Service
+	SettingsService        *settings.Service
+	StackService           *stack.Service
+	TagService             *tag.Service
+	TeamMembershipService  *teammembership.Service
+	TeamService            *team.Service
+	TemplateService        *template.Service
+	UserService            *user.Service
+	VersionService         *version.Service
+	WebhookService         *webhook.Service
+	ScheduleService        *schedule.Service
 }

 // NewStore initializes a new Store and the associated services
@@ -84,8 +62,6 @@ func NewStore(storePath string, fileService portainer.FileService) (*Store, erro
 	store := &Store{
 		path:        storePath,
 		fileService: fileService,
-		isNew:       true,
-		connection:  &internal.DbConnection{},
 	}

 	databasePath := path.Join(storePath, databaseFileName)
@@ -94,8 +70,10 @@ func NewStore(storePath string, fileService portainer.FileService) (*Store, erro
 		return nil, err
 	}

-	if databaseFileExists {
-		store.isNew = false
+	if !databaseFileExists {
+		store.checkForDataMigration = false
+	} else {
+		store.checkForDataMigration = true
 	}

 	return store, nil
@@ -108,43 +86,27 @@ func (store *Store) Open() error {
 	if err != nil {
 		return err
 	}
-	store.connection.DB = db
+	store.db = db

 	return store.initServices()
 }

 // Close closes the BoltDB database.
 func (store *Store) Close() error {
-	if store.connection.DB != nil {
-		return store.connection.Close()
-	}
-	return nil
-}
-
-// IsNew returns true if the database was just created and false if it is re-using
-// existing data.
-func (store *Store) IsNew() bool {
-	return store.isNew
-}
-
-// CheckCurrentEdition checks if current edition is community edition
-func (store *Store) CheckCurrentEdition() error {
-	if store.edition() != portainer.PortainerCE {
-		return errors.ErrWrongDBEdition
+	if store.db != nil {
+		return store.db.Close()
 	}
 	return nil
 }

 // MigrateData automatically migrate the data based on the DBVersion.
-// This process is only triggered on an existing database, not if the database was just created.
-// if force is true, then migrate regardless.
-func (store *Store) MigrateData(force bool) error {
-	if store.isNew && !force {
+func (store *Store) MigrateData() error {
+	if !store.checkForDataMigration {
 		return store.VersionService.StoreDBVersion(portainer.DBVersion)
 	}

 	version, err := store.VersionService.DBVersion()
-	if err == errors.ErrObjectNotFound {
+	if err == portainer.ErrObjectNotFound {
 		version = 0
 	} else if err != nil {
 		return err
@@ -152,25 +114,19 @@ func (store *Store) MigrateData(force bool) error {

 	if version < portainer.DBVersion {
 		migratorParams := &migrator.Parameters{
-			DB:                      store.connection.DB,
-			DatabaseVersion:         version,
-			EndpointGroupService:    store.EndpointGroupService,
-			EndpointService:         store.EndpointService,
-			EndpointRelationService: store.EndpointRelationService,
-			ExtensionService:        store.ExtensionService,
-			RegistryService:         store.RegistryService,
-			ResourceControlService:  store.ResourceControlService,
-			RoleService:             store.RoleService,
-			ScheduleService:         store.ScheduleService,
-			SettingsService:         store.SettingsService,
-			StackService:            store.StackService,
-			TagService:              store.TagService,
-			TeamMembershipService:   store.TeamMembershipService,
-			UserService:             store.UserService,
-			VersionService:          store.VersionService,
-			FileService:             store.fileService,
-			DockerhubService:        store.DockerHubService,
-			AuthorizationService:    authorization.NewService(store),
+			DB:                     store.db,
+			DatabaseVersion:        version,
+			EndpointGroupService:   store.EndpointGroupService,
+			EndpointService:        store.EndpointService,
+			ExtensionService:       store.ExtensionService,
+			RegistryService:        store.RegistryService,
+			ResourceControlService: store.ResourceControlService,
+			SettingsService:        store.SettingsService,
+			StackService:           store.StackService,
+			TemplateService:        store.TemplateService,
+			UserService:            store.UserService,
+			VersionService:         store.VersionService,
+			FileService:            store.fileService,
 		}
 		migrator := migrator.NewMigrator(migratorParams)

@@ -185,11 +141,108 @@ func (store *Store) MigrateData(force bool) error {
 	return nil
 }

-// BackupTo backs up db to a provided writer.
-// It does hot backup and doesn't block other database reads and writes
-func (store *Store) BackupTo(w io.Writer) error {
-	return store.connection.View(func(tx *bolt.Tx) error {
-		_, err := tx.WriteTo(w)
+func (store *Store) initServices() error {
+	authorizationsetService, err := role.NewService(store.db)
+	if err != nil {
 		return err
-	})
+	}
+	store.RoleService = authorizationsetService
+
+	dockerhubService, err := dockerhub.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.DockerHubService = dockerhubService
+
+	endpointgroupService, err := endpointgroup.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.EndpointGroupService = endpointgroupService
+
+	endpointService, err := endpoint.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.EndpointService = endpointService
+
+	extensionService, err := extension.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.ExtensionService = extensionService
+
+	registryService, err := registry.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.RegistryService = registryService
+
+	resourcecontrolService, err := resourcecontrol.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.ResourceControlService = resourcecontrolService
+
+	settingsService, err := settings.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.SettingsService = settingsService
+
+	stackService, err := stack.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.StackService = stackService
+
+	tagService, err := tag.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.TagService = tagService
+
+	teammembershipService, err := teammembership.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.TeamMembershipService = teammembershipService
+
+	teamService, err := team.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.TeamService = teamService
+
+	templateService, err := template.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.TemplateService = templateService
+
+	userService, err := user.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.UserService = userService
+
+	versionService, err := version.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.VersionService = versionService
+
+	webhookService, err := webhook.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.WebhookService = webhookService
+
+	scheduleService, err := schedule.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.ScheduleService = scheduleService
+
+	return nil
 }
--- a/api/bolt/dockerhub/dockerhub.go
+++ b/api/bolt/dockerhub/dockerhub.go
@@ -1,8 +1,10 @@
 package dockerhub

 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
+
+	"github.com/boltdb/bolt"
 )

 const (
@@ -13,18 +15,18 @@ const (

 // Service represents a service for managing Dockerhub data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -32,7 +34,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) DockerHub() (*portainer.DockerHub, error) {
 	var dockerhub portainer.DockerHub

-	err := internal.GetObject(service.connection, BucketName, []byte(dockerHubKey), &dockerhub)
+	err := internal.GetObject(service.db, BucketName, []byte(dockerHubKey), &dockerhub)
 	if err != nil {
 		return nil, err
 	}
@@ -42,5 +44,5 @@ func (service *Service) DockerHub() (*portainer.DockerHub, error) {

 // UpdateDockerHub updates a DockerHub object.
 func (service *Service) UpdateDockerHub(dockerhub *portainer.DockerHub) error {
-	return internal.UpdateObject(service.connection, BucketName, []byte(dockerHubKey), dockerhub)
+	return internal.UpdateObject(service.db, BucketName, []byte(dockerHubKey), dockerhub)
 }
--- a/api/bolt/edgegroup/edgegroup.go
+++ b/api/bolt/edgegroup/edgegroup.go
@@ -1,94 +0,0 @@
-package edgegroup
-
-import (
-	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "edgegroups"
-)
-
-// Service represents a service for managing Edge group data.
-type Service struct {
-	connection *internal.DbConnection
-}
-
-// NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		connection: connection,
-	}, nil
-}
-
-// EdgeGroups return an array containing all the Edge groups.
-func (service *Service) EdgeGroups() ([]portainer.EdgeGroup, error) {
-	var groups = make([]portainer.EdgeGroup, 0)
-
-	err := service.connection.View(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		cursor := bucket.Cursor()
-		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
-			var group portainer.EdgeGroup
-			err := internal.UnmarshalObjectWithJsoniter(v, &group)
-			if err != nil {
-				return err
-			}
-			groups = append(groups, group)
-		}
-
-		return nil
-	})
-
-	return groups, err
-}
-
-// EdgeGroup returns an Edge group by ID.
-func (service *Service) EdgeGroup(ID portainer.EdgeGroupID) (*portainer.EdgeGroup, error) {
-	var group portainer.EdgeGroup
-	identifier := internal.Itob(int(ID))
-
-	err := internal.GetObject(service.connection, BucketName, identifier, &group)
-	if err != nil {
-		return nil, err
-	}
-
-	return &group, nil
-}
-
-// UpdateEdgeGroup updates an Edge group.
-func (service *Service) UpdateEdgeGroup(ID portainer.EdgeGroupID, group *portainer.EdgeGroup) error {
-	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, group)
-}
-
-// DeleteEdgeGroup deletes an Edge group.
-func (service *Service) DeleteEdgeGroup(ID portainer.EdgeGroupID) error {
-	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
-}
-
-// CreateEdgeGroup assign an ID to a new Edge group and saves it.
-func (service *Service) CreateEdgeGroup(group *portainer.EdgeGroup) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		id, _ := bucket.NextSequence()
-		group.ID = portainer.EdgeGroupID(id)
-
-		data, err := internal.MarshalObject(group)
-		if err != nil {
-			return err
-		}
-
-		return bucket.Put(internal.Itob(int(group.ID)), data)
-	})
-}
--- a/api/bolt/edgejob/edgejob.go
+++ b/api/bolt/edgejob/edgejob.go
@@ -1,101 +0,0 @@
-package edgejob
-
-import (
-	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "edgejobs"
-)
-
-// Service represents a service for managing edge jobs data.
-type Service struct {
-	connection *internal.DbConnection
-}
-
-// NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		connection: connection,
-	}, nil
-}
-
-// EdgeJobs returns a list of Edge jobs
-func (service *Service) EdgeJobs() ([]portainer.EdgeJob, error) {
-	var edgeJobs = make([]portainer.EdgeJob, 0)
-
-	err := service.connection.View(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		cursor := bucket.Cursor()
-		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
-			var edgeJob portainer.EdgeJob
-			err := internal.UnmarshalObject(v, &edgeJob)
-			if err != nil {
-				return err
-			}
-			edgeJobs = append(edgeJobs, edgeJob)
-		}
-
-		return nil
-	})
-
-	return edgeJobs, err
-}
-
-// EdgeJob returns an Edge job by ID
-func (service *Service) EdgeJob(ID portainer.EdgeJobID) (*portainer.EdgeJob, error) {
-	var edgeJob portainer.EdgeJob
-	identifier := internal.Itob(int(ID))
-
-	err := internal.GetObject(service.connection, BucketName, identifier, &edgeJob)
-	if err != nil {
-		return nil, err
-	}
-
-	return &edgeJob, nil
-}
-
-// CreateEdgeJob creates a new Edge job
-func (service *Service) CreateEdgeJob(edgeJob *portainer.EdgeJob) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		if edgeJob.ID == 0 {
-			id, _ := bucket.NextSequence()
-			edgeJob.ID = portainer.EdgeJobID(id)
-		}
-
-		data, err := internal.MarshalObject(edgeJob)
-		if err != nil {
-			return err
-		}
-
-		return bucket.Put(internal.Itob(int(edgeJob.ID)), data)
-	})
-}
-
-// UpdateEdgeJob updates an Edge job by ID
-func (service *Service) UpdateEdgeJob(ID portainer.EdgeJobID, edgeJob *portainer.EdgeJob) error {
-	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, edgeJob)
-}
-
-// DeleteEdgeJob deletes an Edge job
-func (service *Service) DeleteEdgeJob(ID portainer.EdgeJobID) error {
-	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
-}
-
-// GetNextIdentifier returns the next identifier for an endpoint.
-func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.connection, BucketName)
-}
--- a/api/bolt/edgestack/edgestack.go
+++ b/api/bolt/edgestack/edgestack.go
@@ -1,101 +0,0 @@
-package edgestack
-
-import (
-	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "edge_stack"
-)
-
-// Service represents a service for managing Edge stack data.
-type Service struct {
-	connection *internal.DbConnection
-}
-
-// NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		connection: connection,
-	}, nil
-}
-
-// EdgeStacks returns an array containing all edge stacks
-func (service *Service) EdgeStacks() ([]portainer.EdgeStack, error) {
-	var stacks = make([]portainer.EdgeStack, 0)
-
-	err := service.connection.View(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		cursor := bucket.Cursor()
-		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
-			var stack portainer.EdgeStack
-			err := internal.UnmarshalObject(v, &stack)
-			if err != nil {
-				return err
-			}
-			stacks = append(stacks, stack)
-		}
-
-		return nil
-	})
-
-	return stacks, err
-}
-
-// EdgeStack returns an Edge stack by ID.
-func (service *Service) EdgeStack(ID portainer.EdgeStackID) (*portainer.EdgeStack, error) {
-	var stack portainer.EdgeStack
-	identifier := internal.Itob(int(ID))
-
-	err := internal.GetObject(service.connection, BucketName, identifier, &stack)
-	if err != nil {
-		return nil, err
-	}
-
-	return &stack, nil
-}
-
-// CreateEdgeStack assign an ID to a new Edge stack and saves it.
-func (service *Service) CreateEdgeStack(edgeStack *portainer.EdgeStack) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		if edgeStack.ID == 0 {
-			id, _ := bucket.NextSequence()
-			edgeStack.ID = portainer.EdgeStackID(id)
-		}
-
-		data, err := internal.MarshalObject(edgeStack)
-		if err != nil {
-			return err
-		}
-
-		return bucket.Put(internal.Itob(int(edgeStack.ID)), data)
-	})
-}
-
-// UpdateEdgeStack updates an Edge stack.
-func (service *Service) UpdateEdgeStack(ID portainer.EdgeStackID, edgeStack *portainer.EdgeStack) error {
-	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, edgeStack)
-}
-
-// DeleteEdgeStack deletes an Edge stack.
-func (service *Service) DeleteEdgeStack(ID portainer.EdgeStackID) error {
-	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
-}
-
-// GetNextIdentifier returns the next identifier for an endpoint.
-func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.connection, BucketName)
-}
--- a/api/bolt/endpoint/endpoint.go
+++ b/api/bolt/endpoint/endpoint.go
@@ -1,9 +1,10 @@
 package endpoint

 import (
-	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
+
+	"github.com/boltdb/bolt"
 )

 const (
@@ -13,18 +14,18 @@ const (

 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -33,7 +34,7 @@ func (service *Service) Endpoint(ID portainer.EndpointID) (*portainer.Endpoint,
 	var endpoint portainer.Endpoint
 	identifier := internal.Itob(int(ID))

-	err := internal.GetObject(service.connection, BucketName, identifier, &endpoint)
+	err := internal.GetObject(service.db, BucketName, identifier, &endpoint)
 	if err != nil {
 		return nil, err
 	}
@@ -44,26 +45,26 @@ func (service *Service) Endpoint(ID portainer.EndpointID) (*portainer.Endpoint,
 // UpdateEndpoint updates an endpoint.
 func (service *Service) UpdateEndpoint(ID portainer.EndpointID, endpoint *portainer.Endpoint) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, endpoint)
+	return internal.UpdateObject(service.db, BucketName, identifier, endpoint)
 }

 // DeleteEndpoint deletes an endpoint.
 func (service *Service) DeleteEndpoint(ID portainer.EndpointID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }

 // Endpoints return an array containing all the endpoints.
 func (service *Service) Endpoints() ([]portainer.Endpoint, error) {
 	var endpoints = make([]portainer.Endpoint, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
 		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
 			var endpoint portainer.Endpoint
-			err := internal.UnmarshalObjectWithJsoniter(v, &endpoint)
+			err := internal.UnmarshalObject(v, &endpoint)
 			if err != nil {
 				return err
 			}
@@ -78,7 +79,7 @@ func (service *Service) Endpoints() ([]portainer.Endpoint, error) {

 // CreateEndpoint assign an ID to a new endpoint and saves it.
 func (service *Service) CreateEndpoint(endpoint *portainer.Endpoint) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		// We manually manage sequences for endpoints
@@ -98,12 +99,12 @@ func (service *Service) CreateEndpoint(endpoint *portainer.Endpoint) error {

 // GetNextIdentifier returns the next identifier for an endpoint.
 func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.connection, BucketName)
+	return internal.GetNextIdentifier(service.db, BucketName)
 }

 // Synchronize creates, updates and deletes endpoints inside a single transaction.
 func (service *Service) Synchronize(toCreate, toUpdate, toDelete []*portainer.Endpoint) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		for _, endpoint := range toCreate {
--- a/api/bolt/endpointgroup/endpointgroup.go
+++ b/api/bolt/endpointgroup/endpointgroup.go
@@ -1,7 +1,7 @@
 package endpointgroup

 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"

 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (

 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -34,7 +34,7 @@ func (service *Service) EndpointGroup(ID portainer.EndpointGroupID) (*portainer.
 	var endpointGroup portainer.EndpointGroup
 	identifier := internal.Itob(int(ID))

-	err := internal.GetObject(service.connection, BucketName, identifier, &endpointGroup)
+	err := internal.GetObject(service.db, BucketName, identifier, &endpointGroup)
 	if err != nil {
 		return nil, err
 	}
@@ -45,20 +45,20 @@ func (service *Service) EndpointGroup(ID portainer.EndpointGroupID) (*portainer.
 // UpdateEndpointGroup updates an endpoint group.
 func (service *Service) UpdateEndpointGroup(ID portainer.EndpointGroupID, endpointGroup *portainer.EndpointGroup) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, endpointGroup)
+	return internal.UpdateObject(service.db, BucketName, identifier, endpointGroup)
 }

 // DeleteEndpointGroup deletes an endpoint group.
 func (service *Service) DeleteEndpointGroup(ID portainer.EndpointGroupID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }

 // EndpointGroups return an array containing all the endpoint groups.
 func (service *Service) EndpointGroups() ([]portainer.EndpointGroup, error) {
 	var endpointGroups = make([]portainer.EndpointGroup, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -79,7 +79,7 @@ func (service *Service) EndpointGroups() ([]portainer.EndpointGroup, error) {

 // CreateEndpointGroup assign an ID to a new endpoint group and saves it.
 func (service *Service) CreateEndpointGroup(endpointGroup *portainer.EndpointGroup) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		id, _ := bucket.NextSequence()
--- a/api/bolt/endpointrelation/endpointrelation.go
+++ b/api/bolt/endpointrelation/endpointrelation.go
@@ -1,68 +0,0 @@
-package endpointrelation
-
-import (
-	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "endpoint_relations"
-)
-
-// Service represents a service for managing endpoint relation data.
-type Service struct {
-	connection *internal.DbConnection
-}
-
-// NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		connection: connection,
-	}, nil
-}
-
-// EndpointRelation returns a Endpoint relation object by EndpointID
-func (service *Service) EndpointRelation(endpointID portainer.EndpointID) (*portainer.EndpointRelation, error) {
-	var endpointRelation portainer.EndpointRelation
-	identifier := internal.Itob(int(endpointID))
-
-	err := internal.GetObject(service.connection, BucketName, identifier, &endpointRelation)
-	if err != nil {
-		return nil, err
-	}
-
-	return &endpointRelation, nil
-}
-
-// CreateEndpointRelation saves endpointRelation
-func (service *Service) CreateEndpointRelation(endpointRelation *portainer.EndpointRelation) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		data, err := internal.MarshalObject(endpointRelation)
-		if err != nil {
-			return err
-		}
-
-		return bucket.Put(internal.Itob(int(endpointRelation.EndpointID)), data)
-	})
-}
-
-// UpdateEndpointRelation updates an Endpoint relation object
-func (service *Service) UpdateEndpointRelation(EndpointID portainer.EndpointID, endpointRelation *portainer.EndpointRelation) error {
-	identifier := internal.Itob(int(EndpointID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, endpointRelation)
-}
-
-// DeleteEndpointRelation deletes an Endpoint relation object
-func (service *Service) DeleteEndpointRelation(EndpointID portainer.EndpointID) error {
-	identifier := internal.Itob(int(EndpointID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
-}
--- a/api/bolt/errors/errors.go
+++ b/api/bolt/errors/errors.go
@@ -1,8 +0,0 @@
-package errors
-
-import "errors"
-
-var (
-	ErrObjectNotFound = errors.New("Object not found inside the database")
-	ErrWrongDBEdition = errors.New("The Portainer database is set for Portainer Business Edition, please follow the instructions in our documentation to downgrade it: https://documentation.portainer.io/v2.0-be/downgrade/be-to-ce/")
-)
--- a/api/bolt/extension/extension.go
+++ b/api/bolt/extension/extension.go
@@ -1,7 +1,7 @@
 package extension

 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"

 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (

 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -34,7 +34,7 @@ func (service *Service) Extension(ID portainer.ExtensionID) (*portainer.Extensio
 	var extension portainer.Extension
 	identifier := internal.Itob(int(ID))

-	err := internal.GetObject(service.connection, BucketName, identifier, &extension)
+	err := internal.GetObject(service.db, BucketName, identifier, &extension)
 	if err != nil {
 		return nil, err
 	}
@@ -46,7 +46,7 @@ func (service *Service) Extension(ID portainer.ExtensionID) (*portainer.Extensio
 func (service *Service) Extensions() ([]portainer.Extension, error) {
 	var extensions = make([]portainer.Extension, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -67,7 +67,7 @@ func (service *Service) Extensions() ([]portainer.Extension, error) {

 // Persist persists a extension inside the database.
 func (service *Service) Persist(extension *portainer.Extension) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		data, err := internal.MarshalObject(extension)
@@ -82,5 +82,5 @@ func (service *Service) Persist(extension *portainer.Extension) error {
 // DeleteExtension deletes a Extension.
 func (service *Service) DeleteExtension(ID portainer.ExtensionID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
--- a/api/bolt/init.go
+++ b/api/bolt/init.go
@@ -1,60 +1,9 @@
 package bolt

-import (
-	"github.com/gofrs/uuid"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/errors"
-)
+import portainer "github.com/portainer/portainer/api"

 // Init creates the default data set.
 func (store *Store) Init() error {
-	instanceID, err := store.VersionService.InstanceID()
-	if err == errors.ErrObjectNotFound {
-		uid, err := uuid.NewV4()
-		if err != nil {
-			return err
-		}
-
-		instanceID = uid.String()
-		err = store.VersionService.StoreInstanceID(instanceID)
-		if err != nil {
-			return err
-		}
-	} else if err != nil {
-		return err
-	}
-
-	_, err = store.SettingsService.Settings()
-	if err == errors.ErrObjectNotFound {
-		defaultSettings := &portainer.Settings{
-			AuthenticationMethod: portainer.AuthenticationInternal,
-			BlackListedLabels:    make([]portainer.Pair, 0),
-			LDAPSettings: portainer.LDAPSettings{
-				AnonymousMode:   true,
-				AutoCreateUsers: true,
-				TLSConfig:       portainer.TLSConfiguration{},
-				SearchSettings: []portainer.LDAPSearchSettings{
-					portainer.LDAPSearchSettings{},
-				},
-				GroupSearchSettings: []portainer.LDAPGroupSearchSettings{
-					portainer.LDAPGroupSearchSettings{},
-				},
-			},
-			OAuthSettings: portainer.OAuthSettings{},
-
-			EdgeAgentCheckinInterval: portainer.DefaultEdgeAgentCheckinIntervalInSeconds,
-			TemplatesURL:             portainer.DefaultTemplatesURL,
-			UserSessionTimeout:       portainer.DefaultUserSessionTimeout,
-		}
-
-		err = store.SettingsService.UpdateSettings(defaultSettings)
-		if err != nil {
-			return err
-		}
-	} else if err != nil {
-		return err
-	}
-
 	groups, err := store.EndpointGroupService.EndpointGroups()
 	if err != nil {
 		return err
@@ -67,7 +16,7 @@ func (store *Store) Init() error {
 			Labels:             []portainer.Pair{},
 			UserAccessPolicies: portainer.UserAccessPolicies{},
 			TeamAccessPolicies: portainer.TeamAccessPolicies{},
-			TagIDs:             []portainer.TagID{},
+			Tags:               []string{},
 		}

 		err = store.EndpointGroupService.CreateEndpointGroup(unassignedGroup)
@@ -76,5 +25,408 @@ func (store *Store) Init() error {
 		}
 	}

+	roles, err := store.RoleService.Roles()
+	if err != nil {
+		return err
+	}
+
+	if len(roles) == 0 {
+		environmentAdministratorRole := &portainer.Role{
+			Name:        "Endpoint administrator",
+			Description: "Full control of all resources in an endpoint",
+			Authorizations: map[portainer.Authorization]bool{
+				portainer.OperationDockerContainerArchiveInfo:         true,
+				portainer.OperationDockerContainerList:                true,
+				portainer.OperationDockerContainerExport:              true,
+				portainer.OperationDockerContainerChanges:             true,
+				portainer.OperationDockerContainerInspect:             true,
+				portainer.OperationDockerContainerTop:                 true,
+				portainer.OperationDockerContainerLogs:                true,
+				portainer.OperationDockerContainerStats:               true,
+				portainer.OperationDockerContainerAttachWebsocket:     true,
+				portainer.OperationDockerContainerArchive:             true,
+				portainer.OperationDockerContainerCreate:              true,
+				portainer.OperationDockerContainerPrune:               true,
+				portainer.OperationDockerContainerKill:                true,
+				portainer.OperationDockerContainerPause:               true,
+				portainer.OperationDockerContainerUnpause:             true,
+				portainer.OperationDockerContainerRestart:             true,
+				portainer.OperationDockerContainerStart:               true,
+				portainer.OperationDockerContainerStop:                true,
+				portainer.OperationDockerContainerWait:                true,
+				portainer.OperationDockerContainerResize:              true,
+				portainer.OperationDockerContainerAttach:              true,
+				portainer.OperationDockerContainerExec:                true,
+				portainer.OperationDockerContainerRename:              true,
+				portainer.OperationDockerContainerUpdate:              true,
+				portainer.OperationDockerContainerPutContainerArchive: true,
+				portainer.OperationDockerContainerDelete:              true,
+				portainer.OperationDockerImageList:                    true,
+				portainer.OperationDockerImageSearch:                  true,
+				portainer.OperationDockerImageGetAll:                  true,
+				portainer.OperationDockerImageGet:                     true,
+				portainer.OperationDockerImageHistory:                 true,
+				portainer.OperationDockerImageInspect:                 true,
+				portainer.OperationDockerImageLoad:                    true,
+				portainer.OperationDockerImageCreate:                  true,
+				portainer.OperationDockerImagePrune:                   true,
+				portainer.OperationDockerImagePush:                    true,
+				portainer.OperationDockerImageTag:                     true,
+				portainer.OperationDockerImageDelete:                  true,
+				portainer.OperationDockerImageCommit:                  true,
+				portainer.OperationDockerImageBuild:                   true,
+				portainer.OperationDockerNetworkList:                  true,
+				portainer.OperationDockerNetworkInspect:               true,
+				portainer.OperationDockerNetworkCreate:                true,
+				portainer.OperationDockerNetworkConnect:               true,
+				portainer.OperationDockerNetworkDisconnect:            true,
+				portainer.OperationDockerNetworkPrune:                 true,
+				portainer.OperationDockerNetworkDelete:                true,
+				portainer.OperationDockerVolumeList:                   true,
+				portainer.OperationDockerVolumeInspect:                true,
+				portainer.OperationDockerVolumeCreate:                 true,
+				portainer.OperationDockerVolumePrune:                  true,
+				portainer.OperationDockerVolumeDelete:                 true,
+				portainer.OperationDockerExecInspect:                  true,
+				portainer.OperationDockerExecStart:                    true,
+				portainer.OperationDockerExecResize:                   true,
+				portainer.OperationDockerSwarmInspect:                 true,
+				portainer.OperationDockerSwarmUnlockKey:               true,
+				portainer.OperationDockerSwarmInit:                    true,
+				portainer.OperationDockerSwarmJoin:                    true,
+				portainer.OperationDockerSwarmLeave:                   true,
+				portainer.OperationDockerSwarmUpdate:                  true,
+				portainer.OperationDockerSwarmUnlock:                  true,
+				portainer.OperationDockerNodeList:                     true,
+				portainer.OperationDockerNodeInspect:                  true,
+				portainer.OperationDockerNodeUpdate:                   true,
+				portainer.OperationDockerNodeDelete:                   true,
+				portainer.OperationDockerServiceList:                  true,
+				portainer.OperationDockerServiceInspect:               true,
+				portainer.OperationDockerServiceLogs:                  true,
+				portainer.OperationDockerServiceCreate:                true,
+				portainer.OperationDockerServiceUpdate:                true,
+				portainer.OperationDockerServiceDelete:                true,
+				portainer.OperationDockerSecretList:                   true,
+				portainer.OperationDockerSecretInspect:                true,
+				portainer.OperationDockerSecretCreate:                 true,
+				portainer.OperationDockerSecretUpdate:                 true,
+				portainer.OperationDockerSecretDelete:                 true,
+				portainer.OperationDockerConfigList:                   true,
+				portainer.OperationDockerConfigInspect:                true,
+				portainer.OperationDockerConfigCreate:                 true,
+				portainer.OperationDockerConfigUpdate:                 true,
+				portainer.OperationDockerConfigDelete:                 true,
+				portainer.OperationDockerTaskList:                     true,
+				portainer.OperationDockerTaskInspect:                  true,
+				portainer.OperationDockerTaskLogs:                     true,
+				portainer.OperationDockerPluginList:                   true,
+				portainer.OperationDockerPluginPrivileges:             true,
+				portainer.OperationDockerPluginInspect:                true,
+				portainer.OperationDockerPluginPull:                   true,
+				portainer.OperationDockerPluginCreate:                 true,
+				portainer.OperationDockerPluginEnable:                 true,
+				portainer.OperationDockerPluginDisable:                true,
+				portainer.OperationDockerPluginPush:                   true,
+				portainer.OperationDockerPluginUpgrade:                true,
+				portainer.OperationDockerPluginSet:                    true,
+				portainer.OperationDockerPluginDelete:                 true,
+				portainer.OperationDockerSessionStart:                 true,
+				portainer.OperationDockerDistributionInspect:          true,
+				portainer.OperationDockerBuildPrune:                   true,
+				portainer.OperationDockerBuildCancel:                  true,
+				portainer.OperationDockerPing:                         true,
+				portainer.OperationDockerInfo:                         true,
+				portainer.OperationDockerVersion:                      true,
+				portainer.OperationDockerEvents:                       true,
+				portainer.OperationDockerSystem:                       true,
+				portainer.OperationDockerUndefined:                    true,
+				portainer.OperationDockerAgentPing:                    true,
+				portainer.OperationDockerAgentList:                    true,
+				portainer.OperationDockerAgentHostInfo:                true,
+				portainer.OperationDockerAgentBrowseDelete:            true,
+				portainer.OperationDockerAgentBrowseGet:               true,
+				portainer.OperationDockerAgentBrowseList:              true,
+				portainer.OperationDockerAgentBrowsePut:               true,
+				portainer.OperationDockerAgentBrowseRename:            true,
+				portainer.OperationDockerAgentUndefined:               true,
+				portainer.OperationPortainerResourceControlCreate:     true,
+				portainer.OperationPortainerResourceControlUpdate:     true,
+				portainer.OperationPortainerResourceControlDelete:     true,
+				portainer.OperationPortainerStackList:                 true,
+				portainer.OperationPortainerStackInspect:              true,
+				portainer.OperationPortainerStackFile:                 true,
+				portainer.OperationPortainerStackCreate:               true,
+				portainer.OperationPortainerStackMigrate:              true,
+				portainer.OperationPortainerStackUpdate:               true,
+				portainer.OperationPortainerStackDelete:               true,
+				portainer.OperationPortainerWebsocketExec:             true,
+				portainer.OperationPortainerWebhookList:               true,
+				portainer.OperationPortainerWebhookCreate:             true,
+				portainer.OperationPortainerWebhookDelete:             true,
+				portainer.OperationIntegrationStoridgeAdmin:           true,
+				portainer.EndpointResourcesAccess:                     true,
+			},
+		}
+
+		err = store.RoleService.CreateRole(environmentAdministratorRole)
+		if err != nil {
+			return err
+		}
+
+		environmentReadOnlyUserRole := &portainer.Role{
+			Name:        "Helpdesk",
+			Description: "Read-only access of all resources in an endpoint",
+			Authorizations: map[portainer.Authorization]bool{
+				portainer.OperationDockerContainerArchiveInfo: true,
+				portainer.OperationDockerContainerList:        true,
+				portainer.OperationDockerContainerChanges:     true,
+				portainer.OperationDockerContainerInspect:     true,
+				portainer.OperationDockerContainerTop:         true,
+				portainer.OperationDockerContainerLogs:        true,
+				portainer.OperationDockerContainerStats:       true,
+				portainer.OperationDockerImageList:            true,
+				portainer.OperationDockerImageSearch:          true,
+				portainer.OperationDockerImageGetAll:          true,
+				portainer.OperationDockerImageGet:             true,
+				portainer.OperationDockerImageHistory:         true,
+				portainer.OperationDockerImageInspect:         true,
+				portainer.OperationDockerNetworkList:          true,
+				portainer.OperationDockerNetworkInspect:       true,
+				portainer.OperationDockerVolumeList:           true,
+				portainer.OperationDockerVolumeInspect:        true,
+				portainer.OperationDockerSwarmInspect:         true,
+				portainer.OperationDockerNodeList:             true,
+				portainer.OperationDockerNodeInspect:          true,
+				portainer.OperationDockerServiceList:          true,
+				portainer.OperationDockerServiceInspect:       true,
+				portainer.OperationDockerServiceLogs:          true,
+				portainer.OperationDockerSecretList:           true,
+				portainer.OperationDockerSecretInspect:        true,
+				portainer.OperationDockerConfigList:           true,
+				portainer.OperationDockerConfigInspect:        true,
+				portainer.OperationDockerTaskList:             true,
+				portainer.OperationDockerTaskInspect:          true,
+				portainer.OperationDockerTaskLogs:             true,
+				portainer.OperationDockerPluginList:           true,
+				portainer.OperationDockerDistributionInspect:  true,
+				portainer.OperationDockerPing:                 true,
+				portainer.OperationDockerInfo:                 true,
+				portainer.OperationDockerVersion:              true,
+				portainer.OperationDockerEvents:               true,
+				portainer.OperationDockerSystem:               true,
+				portainer.OperationDockerAgentPing:            true,
+				portainer.OperationDockerAgentList:            true,
+				portainer.OperationDockerAgentHostInfo:        true,
+				portainer.OperationDockerAgentBrowseGet:       true,
+				portainer.OperationDockerAgentBrowseList:      true,
+				portainer.OperationPortainerStackList:         true,
+				portainer.OperationPortainerStackInspect:      true,
+				portainer.OperationPortainerStackFile:         true,
+				portainer.OperationPortainerWebhookList:       true,
+				portainer.EndpointResourcesAccess:             true,
+			},
+		}
+
+		err = store.RoleService.CreateRole(environmentReadOnlyUserRole)
+		if err != nil {
+			return err
+		}
+
+		standardUserRole := &portainer.Role{
+			Name:        "Standard user",
+			Description: "Full control of assigned resources in an endpoint",
+			Authorizations: map[portainer.Authorization]bool{
+				portainer.OperationDockerContainerArchiveInfo:         true,
+				portainer.OperationDockerContainerList:                true,
+				portainer.OperationDockerContainerExport:              true,
+				portainer.OperationDockerContainerChanges:             true,
+				portainer.OperationDockerContainerInspect:             true,
+				portainer.OperationDockerContainerTop:                 true,
+				portainer.OperationDockerContainerLogs:                true,
+				portainer.OperationDockerContainerStats:               true,
+				portainer.OperationDockerContainerAttachWebsocket:     true,
+				portainer.OperationDockerContainerArchive:             true,
+				portainer.OperationDockerContainerCreate:              true,
+				portainer.OperationDockerContainerKill:                true,
+				portainer.OperationDockerContainerPause:               true,
+				portainer.OperationDockerContainerUnpause:             true,
+				portainer.OperationDockerContainerRestart:             true,
+				portainer.OperationDockerContainerStart:               true,
+				portainer.OperationDockerContainerStop:                true,
+				portainer.OperationDockerContainerWait:                true,
+				portainer.OperationDockerContainerResize:              true,
+				portainer.OperationDockerContainerAttach:              true,
+				portainer.OperationDockerContainerExec:                true,
+				portainer.OperationDockerContainerRename:              true,
+				portainer.OperationDockerContainerUpdate:              true,
+				portainer.OperationDockerContainerPutContainerArchive: true,
+				portainer.OperationDockerContainerDelete:              true,
+				portainer.OperationDockerImageList:                    true,
+				portainer.OperationDockerImageSearch:                  true,
+				portainer.OperationDockerImageGetAll:                  true,
+				portainer.OperationDockerImageGet:                     true,
+				portainer.OperationDockerImageHistory:                 true,
+				portainer.OperationDockerImageInspect:                 true,
+				portainer.OperationDockerImageLoad:                    true,
+				portainer.OperationDockerImageCreate:                  true,
+				portainer.OperationDockerImagePush:                    true,
+				portainer.OperationDockerImageTag:                     true,
+				portainer.OperationDockerImageDelete:                  true,
+				portainer.OperationDockerImageCommit:                  true,
+				portainer.OperationDockerImageBuild:                   true,
+				portainer.OperationDockerNetworkList:                  true,
+				portainer.OperationDockerNetworkInspect:               true,
+				portainer.OperationDockerNetworkCreate:                true,
+				portainer.OperationDockerNetworkConnect:               true,
+				portainer.OperationDockerNetworkDisconnect:            true,
+				portainer.OperationDockerNetworkDelete:                true,
+				portainer.OperationDockerVolumeList:                   true,
+				portainer.OperationDockerVolumeInspect:                true,
+				portainer.OperationDockerVolumeCreate:                 true,
+				portainer.OperationDockerVolumeDelete:                 true,
+				portainer.OperationDockerExecInspect:                  true,
+				portainer.OperationDockerExecStart:                    true,
+				portainer.OperationDockerExecResize:                   true,
+				portainer.OperationDockerSwarmInspect:                 true,
+				portainer.OperationDockerSwarmUnlockKey:               true,
+				portainer.OperationDockerSwarmInit:                    true,
+				portainer.OperationDockerSwarmJoin:                    true,
+				portainer.OperationDockerSwarmLeave:                   true,
+				portainer.OperationDockerSwarmUpdate:                  true,
+				portainer.OperationDockerSwarmUnlock:                  true,
+				portainer.OperationDockerNodeList:                     true,
+				portainer.OperationDockerNodeInspect:                  true,
+				portainer.OperationDockerNodeUpdate:                   true,
+				portainer.OperationDockerNodeDelete:                   true,
+				portainer.OperationDockerServiceList:                  true,
+				portainer.OperationDockerServiceInspect:               true,
+				portainer.OperationDockerServiceLogs:                  true,
+				portainer.OperationDockerServiceCreate:                true,
+				portainer.OperationDockerServiceUpdate:                true,
+				portainer.OperationDockerServiceDelete:                true,
+				portainer.OperationDockerSecretList:                   true,
+				portainer.OperationDockerSecretInspect:                true,
+				portainer.OperationDockerSecretCreate:                 true,
+				portainer.OperationDockerSecretUpdate:                 true,
+				portainer.OperationDockerSecretDelete:                 true,
+				portainer.OperationDockerConfigList:                   true,
+				portainer.OperationDockerConfigInspect:                true,
+				portainer.OperationDockerConfigCreate:                 true,
+				portainer.OperationDockerConfigUpdate:                 true,
+				portainer.OperationDockerConfigDelete:                 true,
+				portainer.OperationDockerTaskList:                     true,
+				portainer.OperationDockerTaskInspect:                  true,
+				portainer.OperationDockerTaskLogs:                     true,
+				portainer.OperationDockerPluginList:                   true,
+				portainer.OperationDockerPluginPrivileges:             true,
+				portainer.OperationDockerPluginInspect:                true,
+				portainer.OperationDockerPluginPull:                   true,
+				portainer.OperationDockerPluginCreate:                 true,
+				portainer.OperationDockerPluginEnable:                 true,
+				portainer.OperationDockerPluginDisable:                true,
+				portainer.OperationDockerPluginPush:                   true,
+				portainer.OperationDockerPluginUpgrade:                true,
+				portainer.OperationDockerPluginSet:                    true,
+				portainer.OperationDockerPluginDelete:                 true,
+				portainer.OperationDockerSessionStart:                 true,
+				portainer.OperationDockerDistributionInspect:          true,
+				portainer.OperationDockerBuildPrune:                   true,
+				portainer.OperationDockerBuildCancel:                  true,
+				portainer.OperationDockerPing:                         true,
+				portainer.OperationDockerInfo:                         true,
+				portainer.OperationDockerVersion:                      true,
+				portainer.OperationDockerEvents:                       true,
+				portainer.OperationDockerSystem:                       true,
+				portainer.OperationDockerUndefined:                    true,
+				portainer.OperationDockerAgentPing:                    true,
+				portainer.OperationDockerAgentList:                    true,
+				portainer.OperationDockerAgentHostInfo:                true,
+				portainer.OperationDockerAgentBrowseDelete:            true,
+				portainer.OperationDockerAgentBrowseGet:               true,
+				portainer.OperationDockerAgentBrowseList:              true,
+				portainer.OperationDockerAgentBrowsePut:               true,
+				portainer.OperationDockerAgentBrowseRename:            true,
+				portainer.OperationDockerAgentUndefined:               true,
+				portainer.OperationPortainerResourceControlCreate:     true,
+				portainer.OperationPortainerResourceControlUpdate:     true,
+				portainer.OperationPortainerResourceControlDelete:     true,
+				portainer.OperationPortainerStackList:                 true,
+				portainer.OperationPortainerStackInspect:              true,
+				portainer.OperationPortainerStackFile:                 true,
+				portainer.OperationPortainerStackCreate:               true,
+				portainer.OperationPortainerStackMigrate:              true,
+				portainer.OperationPortainerStackUpdate:               true,
+				portainer.OperationPortainerStackDelete:               true,
+				portainer.OperationPortainerWebsocketExec:             true,
+				portainer.OperationPortainerWebhookList:               true,
+				portainer.OperationPortainerWebhookCreate:             true,
+			},
+		}
+
+		err = store.RoleService.CreateRole(standardUserRole)
+		if err != nil {
+			return err
+		}
+
+		readOnlyUserRole := &portainer.Role{
+			Name:        "Read-only user",
+			Description: "Read-only access of assigned resources in an endpoint",
+			Authorizations: map[portainer.Authorization]bool{
+				portainer.OperationDockerContainerArchiveInfo: true,
+				portainer.OperationDockerContainerList:        true,
+				portainer.OperationDockerContainerChanges:     true,
+				portainer.OperationDockerContainerInspect:     true,
+				portainer.OperationDockerContainerTop:         true,
+				portainer.OperationDockerContainerLogs:        true,
+				portainer.OperationDockerContainerStats:       true,
+				portainer.OperationDockerImageList:            true,
+				portainer.OperationDockerImageSearch:          true,
+				portainer.OperationDockerImageGetAll:          true,
+				portainer.OperationDockerImageGet:             true,
+				portainer.OperationDockerImageHistory:         true,
+				portainer.OperationDockerImageInspect:         true,
+				portainer.OperationDockerNetworkList:          true,
+				portainer.OperationDockerNetworkInspect:       true,
+				portainer.OperationDockerVolumeList:           true,
+				portainer.OperationDockerVolumeInspect:        true,
+				portainer.OperationDockerSwarmInspect:         true,
+				portainer.OperationDockerNodeList:             true,
+				portainer.OperationDockerNodeInspect:          true,
+				portainer.OperationDockerServiceList:          true,
+				portainer.OperationDockerServiceInspect:       true,
+				portainer.OperationDockerServiceLogs:          true,
+				portainer.OperationDockerSecretList:           true,
+				portainer.OperationDockerSecretInspect:        true,
+				portainer.OperationDockerConfigList:           true,
+				portainer.OperationDockerConfigInspect:        true,
+				portainer.OperationDockerTaskList:             true,
+				portainer.OperationDockerTaskInspect:          true,
+				portainer.OperationDockerTaskLogs:             true,
+				portainer.OperationDockerPluginList:           true,
+				portainer.OperationDockerDistributionInspect:  true,
+				portainer.OperationDockerPing:                 true,
+				portainer.OperationDockerInfo:                 true,
+				portainer.OperationDockerVersion:              true,
+				portainer.OperationDockerEvents:               true,
+				portainer.OperationDockerSystem:               true,
+				portainer.OperationDockerAgentPing:            true,
+				portainer.OperationDockerAgentList:            true,
+				portainer.OperationDockerAgentHostInfo:        true,
+				portainer.OperationDockerAgentBrowseGet:       true,
+				portainer.OperationDockerAgentBrowseList:      true,
+				portainer.OperationPortainerStackList:         true,
+				portainer.OperationPortainerStackInspect:      true,
+				portainer.OperationPortainerStackFile:         true,
+				portainer.OperationPortainerWebhookList:       true,
+			},
+		}
+
+		err = store.RoleService.CreateRole(readOnlyUserRole)
+		if err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
--- a/api/bolt/internal/db.go
+++ b/api/bolt/internal/db.go
@@ -4,13 +4,9 @@ import (
 	"encoding/binary"

 	"github.com/boltdb/bolt"
-	"github.com/portainer/portainer/api/bolt/errors"
+	"github.com/portainer/portainer/api"
 )

-type DbConnection struct {
-	*bolt.DB
-}
-
 // Itob returns an 8-byte big endian representation of v.
 // This function is typically used for encoding integer IDs to byte slices
 // so that they can be used as BoltDB keys.
@@ -21,8 +17,8 @@ func Itob(v int) []byte {
 }

 // CreateBucket is a generic function used to create a bucket inside a bolt database.
-func CreateBucket(connection *DbConnection, bucketName string) error {
-	return connection.Update(func(tx *bolt.Tx) error {
+func CreateBucket(db *bolt.DB, bucketName string) error {
+	return db.Update(func(tx *bolt.Tx) error {
 		_, err := tx.CreateBucketIfNotExists([]byte(bucketName))
 		if err != nil {
 			return err
@@ -32,15 +28,15 @@ func CreateBucket(connection *DbConnection, bucketName string) error {
 }

 // GetObject is a generic function used to retrieve an unmarshalled object from a bolt database.
-func GetObject(connection *DbConnection, bucketName string, key []byte, object interface{}) error {
+func GetObject(db *bolt.DB, bucketName string, key []byte, object interface{}) error {
 	var data []byte

-	err := connection.View(func(tx *bolt.Tx) error {
+	err := db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(bucketName))

 		value := bucket.Get(key)
 		if value == nil {
-			return errors.ErrObjectNotFound
+			return portainer.ErrObjectNotFound
 		}

 		data = make([]byte, len(value))
@@ -56,8 +52,8 @@ func GetObject(connection *DbConnection, bucketName string, key []byte, object i
 }

 // UpdateObject is a generic function used to update an object inside a bolt database.
-func UpdateObject(connection *DbConnection, bucketName string, key []byte, object interface{}) error {
-	return connection.Update(func(tx *bolt.Tx) error {
+func UpdateObject(db *bolt.DB, bucketName string, key []byte, object interface{}) error {
+	return db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(bucketName))

 		data, err := MarshalObject(object)
@@ -75,26 +71,24 @@ func UpdateObject(connection *DbConnection, bucketName string, key []byte, objec
 }

 // DeleteObject is a generic function used to delete an object inside a bolt database.
-func DeleteObject(connection *DbConnection, bucketName string, key []byte) error {
-	return connection.Update(func(tx *bolt.Tx) error {
+func DeleteObject(db *bolt.DB, bucketName string, key []byte) error {
+	return db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(bucketName))
 		return bucket.Delete(key)
 	})
 }

 // GetNextIdentifier is a generic function that returns the specified bucket identifier incremented by 1.
-func GetNextIdentifier(connection *DbConnection, bucketName string) int {
+func GetNextIdentifier(db *bolt.DB, bucketName string) int {
 	var identifier int

-	connection.Update(func(tx *bolt.Tx) error {
+	db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(bucketName))
-		id, err := bucket.NextSequence()
-		if err != nil {
-			return err
-		}
+		id := bucket.Sequence()
 		identifier = int(id)
 		return nil
 	})

+	identifier++
 	return identifier
 }
--- a/api/bolt/internal/json.go
+++ b/api/bolt/internal/json.go
@@ -2,8 +2,6 @@ package internal

 import (
 	"encoding/json"
-
-	jsoniter "github.com/json-iterator/go"
 )

 // MarshalObject encodes an object to binary format
@@ -15,11 +13,3 @@ func MarshalObject(object interface{}) ([]byte, error) {
 func UnmarshalObject(data []byte, object interface{}) error {
 	return json.Unmarshal(data, object)
 }
-
-// UnmarshalObjectWithJsoniter decodes an object from binary data
-// using the jsoniter library. It is mainly used to accelerate endpoint
-// decoding at the moment.
-func UnmarshalObjectWithJsoniter(data []byte, object interface{}) error {
-	var jsoni = jsoniter.ConfigCompatibleWithStandardLibrary
-	return jsoni.Unmarshal(data, &object)
-}
--- a/api/bolt/log/log.go
+++ b/api/bolt/log/log.go
@@ -1,41 +0,0 @@
-package log
-
-import (
-	"fmt"
-	"log"
-)
-
-const (
-	INFO  = "INFO"
-	ERROR = "ERROR"
-	DEBUG = "DEBUG"
-	FATAL = "FATAL"
-)
-
-type ScopedLog struct {
-	scope string
-}
-
-func NewScopedLog(scope string) *ScopedLog {
-	return &ScopedLog{scope: scope}
-}
-
-func (slog *ScopedLog) print(kind string, message string) {
-	log.Printf("[%s] [%s] %s", kind, slog.scope, message)
-}
-
-func (slog *ScopedLog) Debug(message string) {
-	slog.print(DEBUG, fmt.Sprintf("[message: %s]", message))
-}
-
-func (slog *ScopedLog) Info(message string) {
-	slog.print(INFO, fmt.Sprintf("[message: %s]", message))
-}
-
-func (slog *ScopedLog) Error(message string, err error) {
-	slog.print(ERROR, fmt.Sprintf("[message: %s] [error: %s]", message, err))
-}
-
-func (slog *ScopedLog) NotImplemented(method string) {
-	log.Fatalf("[%s] [%s] [%s]", FATAL, slog.scope, fmt.Sprintf("%s is not yet implemented", method))
-}
--- a/api/bolt/log/log.test.go
+++ b/api/bolt/log/log.test.go
@@ -1 +0,0 @@
-package log
--- a/api/bolt/migrator/migrate_dbversion0.go
+++ b/api/bolt/migrator/migrate_dbversion0.go
@@ -3,7 +3,6 @@ package migrator
 import (
 	"github.com/boltdb/bolt"
 	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/errors"
 	"github.com/portainer/portainer/api/bolt/user"
 )

@@ -23,7 +22,7 @@ func (m *Migrator) updateAdminUserToDBVersion1() error {
 		if err != nil {
 			return err
 		}
-	} else if err != nil && err != errors.ErrObjectNotFound {
+	} else if err != nil && err != portainer.ErrObjectNotFound {
 		return err
 	}
 	return nil
--- a/api/bolt/migrator/migrate_dbversion14.go
+++ b/api/bolt/migrator/migrate_dbversion14.go
@@ -1,5 +1,11 @@
 package migrator

+import (
+	"strings"
+
+	"github.com/portainer/portainer/api"
+)
+
 func (m *Migrator) updateSettingsToDBVersion15() error {
 	legacySettings, err := m.settingsService.Settings()
 	if err != nil {
@@ -11,6 +17,19 @@ func (m *Migrator) updateSettingsToDBVersion15() error {
 }

 func (m *Migrator) updateTemplatesToVersion15() error {
-	// Removed with the entire template management layer, part of https://github.com/portainer/portainer/issues/3707
+	legacyTemplates, err := m.templateService.Templates()
+	if err != nil {
+		return err
+	}
+
+	for _, template := range legacyTemplates {
+		template.Logo = strings.Replace(template.Logo, "https://portainer.io/images", portainer.AssetsServerURL, -1)
+
+		err = m.templateService.UpdateTemplate(template.ID, &template)
+		if err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
--- a/api/bolt/migrator/migrate_dbversion18.go
+++ b/api/bolt/migrator/migrate_dbversion18.go
@@ -1,16 +0,0 @@
-package migrator
-
-import portainer "github.com/portainer/portainer/api"
-
-func (m *Migrator) updateSettingsToDBVersion19() error {
-	legacySettings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	if legacySettings.EdgeAgentCheckinInterval == 0 {
-		legacySettings.EdgeAgentCheckinInterval = portainer.DefaultEdgeAgentCheckinIntervalInSeconds
-	}
-
-	return m.settingsService.UpdateSettings(legacySettings)
-}
--- a/api/bolt/migrator/migrate_dbversion19.go
+++ b/api/bolt/migrator/migrate_dbversion19.go
@@ -1,57 +0,0 @@
-package migrator
-
-import (
-	"strings"
-)
-
-const scheduleScriptExecutionJobType = 1
-
-func (m *Migrator) updateUsersToDBVersion20() error {
-	return m.authorizationService.UpdateUsersAuthorizations()
-}
-
-func (m *Migrator) updateSettingsToDBVersion20() error {
-	legacySettings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	legacySettings.AllowVolumeBrowserForRegularUsers = false
-
-	return m.settingsService.UpdateSettings(legacySettings)
-}
-
-func (m *Migrator) updateSchedulesToDBVersion20() error {
-	legacySchedules, err := m.scheduleService.Schedules()
-	if err != nil {
-		return err
-	}
-
-	for _, schedule := range legacySchedules {
-		if schedule.JobType == scheduleScriptExecutionJobType {
-			if schedule.CronExpression == "0 0 * * *" {
-				schedule.CronExpression = "0 * * * *"
-			} else if schedule.CronExpression == "0 0 0/2 * *" {
-				schedule.CronExpression = "0 */2 * * *"
-			} else if schedule.CronExpression == "0 0 0 * *" {
-				schedule.CronExpression = "0 0 * * *"
-			} else {
-				revisedCronExpression := strings.Split(schedule.CronExpression, " ")
-				if len(revisedCronExpression) == 5 {
-					continue
-				}
-
-				revisedCronExpression = revisedCronExpression[1:]
-				schedule.CronExpression = strings.Join(revisedCronExpression, " ")
-			}
-
-			err := m.scheduleService.UpdateSchedule(schedule.ID, &schedule)
-			if err != nil {
-				return err
-			}
-		}
-
-	}
-
-	return nil
-}
--- a/api/bolt/migrator/migrate_dbversion20.go
+++ b/api/bolt/migrator/migrate_dbversion20.go
@@ -1,85 +0,0 @@
-package migrator
-
-import (
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/internal/authorization"
-)
-
-func (m *Migrator) updateResourceControlsToDBVersion22() error {
-	legacyResourceControls, err := m.resourceControlService.ResourceControls()
-	if err != nil {
-		return err
-	}
-
-	for _, resourceControl := range legacyResourceControls {
-		resourceControl.AdministratorsOnly = false
-
-		err := m.resourceControlService.UpdateResourceControl(resourceControl.ID, &resourceControl)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (m *Migrator) updateUsersAndRolesToDBVersion22() error {
-	legacyUsers, err := m.userService.Users()
-	if err != nil {
-		return err
-	}
-
-	settings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	for _, user := range legacyUsers {
-		user.PortainerAuthorizations = authorization.DefaultPortainerAuthorizations()
-		err = m.userService.UpdateUser(user.ID, &user)
-		if err != nil {
-			return err
-		}
-	}
-
-	endpointAdministratorRole, err := m.roleService.Role(portainer.RoleID(1))
-	if err != nil {
-		return err
-	}
-	endpointAdministratorRole.Priority = 1
-	endpointAdministratorRole.Authorizations = authorization.DefaultEndpointAuthorizationsForEndpointAdministratorRole()
-
-	err = m.roleService.UpdateRole(endpointAdministratorRole.ID, endpointAdministratorRole)
-
-	helpDeskRole, err := m.roleService.Role(portainer.RoleID(2))
-	if err != nil {
-		return err
-	}
-	helpDeskRole.Priority = 2
-	helpDeskRole.Authorizations = authorization.DefaultEndpointAuthorizationsForHelpDeskRole(settings.AllowVolumeBrowserForRegularUsers)
-
-	err = m.roleService.UpdateRole(helpDeskRole.ID, helpDeskRole)
-
-	standardUserRole, err := m.roleService.Role(portainer.RoleID(3))
-	if err != nil {
-		return err
-	}
-	standardUserRole.Priority = 3
-	standardUserRole.Authorizations = authorization.DefaultEndpointAuthorizationsForStandardUserRole(settings.AllowVolumeBrowserForRegularUsers)
-
-	err = m.roleService.UpdateRole(standardUserRole.ID, standardUserRole)
-
-	readOnlyUserRole, err := m.roleService.Role(portainer.RoleID(4))
-	if err != nil {
-		return err
-	}
-	readOnlyUserRole.Priority = 4
-	readOnlyUserRole.Authorizations = authorization.DefaultEndpointAuthorizationsForReadOnlyUserRole(settings.AllowVolumeBrowserForRegularUsers)
-
-	err = m.roleService.UpdateRole(readOnlyUserRole.ID, readOnlyUserRole)
-	if err != nil {
-		return err
-	}
-
-	return m.authorizationService.UpdateUsersAuthorizations()
-}
--- a/api/bolt/migrator/migrate_dbversion22.go
+++ b/api/bolt/migrator/migrate_dbversion22.go
@@ -1,92 +0,0 @@
-package migrator
-
-import "github.com/portainer/portainer/api"
-
-func (m *Migrator) updateTagsToDBVersion23() error {
-	tags, err := m.tagService.Tags()
-	if err != nil {
-		return err
-	}
-
-	for _, tag := range tags {
-		tag.EndpointGroups = make(map[portainer.EndpointGroupID]bool)
-		tag.Endpoints = make(map[portainer.EndpointID]bool)
-		err = m.tagService.UpdateTag(tag.ID, &tag)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (m *Migrator) updateEndpointsAndEndpointGroupsToDBVersion23() error {
-	tags, err := m.tagService.Tags()
-	if err != nil {
-		return err
-	}
-
-	tagsNameMap := make(map[string]portainer.Tag)
-	for _, tag := range tags {
-		tagsNameMap[tag.Name] = tag
-	}
-
-	endpoints, err := m.endpointService.Endpoints()
-	if err != nil {
-		return err
-	}
-
-	for _, endpoint := range endpoints {
-		endpointTags := make([]portainer.TagID, 0)
-		for _, tagName := range endpoint.Tags {
-			tag, ok := tagsNameMap[tagName]
-			if ok {
-				endpointTags = append(endpointTags, tag.ID)
-				tag.Endpoints[endpoint.ID] = true
-			}
-		}
-		endpoint.TagIDs = endpointTags
-		err = m.endpointService.UpdateEndpoint(endpoint.ID, &endpoint)
-		if err != nil {
-			return err
-		}
-
-		relation := &portainer.EndpointRelation{
-			EndpointID: endpoint.ID,
-			EdgeStacks: map[portainer.EdgeStackID]bool{},
-		}
-
-		err = m.endpointRelationService.CreateEndpointRelation(relation)
-		if err != nil {
-			return err
-		}
-	}
-
-	endpointGroups, err := m.endpointGroupService.EndpointGroups()
-	if err != nil {
-		return err
-	}
-
-	for _, endpointGroup := range endpointGroups {
-		endpointGroupTags := make([]portainer.TagID, 0)
-		for _, tagName := range endpointGroup.Tags {
-			tag, ok := tagsNameMap[tagName]
-			if ok {
-				endpointGroupTags = append(endpointGroupTags, tag.ID)
-				tag.EndpointGroups[endpointGroup.ID] = true
-			}
-		}
-		endpointGroup.TagIDs = endpointGroupTags
-		err = m.endpointGroupService.UpdateEndpointGroup(endpointGroup.ID, &endpointGroup)
-		if err != nil {
-			return err
-		}
-	}
-
-	for _, tag := range tagsNameMap {
-		err = m.tagService.UpdateTag(tag.ID, &tag)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
--- a/api/bolt/migrator/migrate_dbversion23.go
+++ b/api/bolt/migrator/migrate_dbversion23.go
@@ -1,34 +0,0 @@
-package migrator
-
-import portainer "github.com/portainer/portainer/api"
-
-func (m *Migrator) updateSettingsToDB24() error {
-	legacySettings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	legacySettings.AllowHostNamespaceForRegularUsers = true
-	legacySettings.AllowDeviceMappingForRegularUsers = true
-	legacySettings.AllowStackManagementForRegularUsers = true
-
-	return m.settingsService.UpdateSettings(legacySettings)
-}
-
-func (m *Migrator) updateStacksToDB24() error {
-	stacks, err := m.stackService.Stacks()
-	if err != nil {
-		return err
-	}
-
-	for idx := range stacks {
-		stack := &stacks[idx]
-		stack.Status = portainer.StackStatusActive
-		err := m.stackService.UpdateStack(stack.ID, stack)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
--- a/api/bolt/migrator/migrate_dbversion24.go
+++ b/api/bolt/migrator/migrate_dbversion24.go
@@ -1,23 +0,0 @@
-package migrator
-
-import (
-	"github.com/portainer/portainer/api"
-)
-
-func (m *Migrator) updateSettingsToDB25() error {
-	legacySettings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	if legacySettings.TemplatesURL == "" {
-		legacySettings.TemplatesURL = portainer.DefaultTemplatesURL
-	}
-
-	legacySettings.UserSessionTimeout = portainer.DefaultUserSessionTimeout
-	legacySettings.EnableTelemetry = true
-
-	legacySettings.AllowContainerCapabilitiesForRegularUsers = true
-
-	return m.settingsService.UpdateSettings(legacySettings)
-}
--- a/api/bolt/migrator/migrate_dbversion25.go
+++ b/api/bolt/migrator/migrate_dbversion25.go
@@ -1,51 +0,0 @@
-package migrator
-
-import (
-	portainer "github.com/portainer/portainer/api"
-)
-
-func (m *Migrator) updateEndpointSettingsToDB25() error {
-	settings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	endpoints, err := m.endpointService.Endpoints()
-	if err != nil {
-		return err
-	}
-
-	for i := range endpoints {
-		endpoint := endpoints[i]
-
-		securitySettings := portainer.EndpointSecuritySettings{}
-
-		if endpoint.Type == portainer.EdgeAgentOnDockerEnvironment ||
-			endpoint.Type == portainer.AgentOnDockerEnvironment ||
-			endpoint.Type == portainer.DockerEnvironment {
-
-			securitySettings = portainer.EndpointSecuritySettings{
-				AllowBindMountsForRegularUsers:            settings.AllowBindMountsForRegularUsers,
-				AllowContainerCapabilitiesForRegularUsers: settings.AllowContainerCapabilitiesForRegularUsers,
-				AllowDeviceMappingForRegularUsers:         settings.AllowDeviceMappingForRegularUsers,
-				AllowHostNamespaceForRegularUsers:         settings.AllowHostNamespaceForRegularUsers,
-				AllowPrivilegedModeForRegularUsers:        settings.AllowPrivilegedModeForRegularUsers,
-				AllowStackManagementForRegularUsers:       settings.AllowStackManagementForRegularUsers,
-			}
-
-			if endpoint.Type == portainer.AgentOnDockerEnvironment || endpoint.Type == portainer.EdgeAgentOnDockerEnvironment {
-				securitySettings.AllowVolumeBrowserForRegularUsers = settings.AllowVolumeBrowserForRegularUsers
-				securitySettings.EnableHostManagementFeatures = settings.EnableHostManagementFeatures
-			}
-		}
-
-		endpoint.SecuritySettings = securitySettings
-
-		err = m.endpointService.UpdateEndpoint(endpoint.ID, &endpoint)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
--- a/api/bolt/migrator/migrate_dbversion26.go
+++ b/api/bolt/migrator/migrate_dbversion26.go
@@ -1,40 +0,0 @@
-package migrator
-
-import (
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/errors"
-	"github.com/portainer/portainer/api/internal/stackutils"
-)
-
-func (m *Migrator) updateStackResourceControlToDB27() error {
-	resourceControls, err := m.resourceControlService.ResourceControls()
-	if err != nil {
-		return err
-	}
-
-	for _, resource := range resourceControls {
-		if resource.Type != portainer.StackResourceControl {
-			continue
-		}
-
-		stackName := resource.ResourceID
-
-		stack, err := m.stackService.StackByName(stackName)
-		if err != nil {
-			if err == errors.ErrObjectNotFound {
-				continue
-			}
-
-			return err
-		}
-
-		resource.ResourceID = stackutils.ResourceControlID(stack.EndpointID, stack.Name)
-
-		err = m.resourceControlService.UpdateResourceControl(resource.ID, &resource)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
--- a/api/bolt/migrator/migrate_dbversion30.go
+++ b/api/bolt/migrator/migrate_dbversion30.go
@@ -1,18 +0,0 @@
-package migrator
-
-func (m *Migrator) migrateDBVersionTo30() error {
-	if err := m.migrateSettings(); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (m *Migrator) migrateSettings() error {
-	legacySettings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-	legacySettings.OAuthSettings.SSO = false
-	legacySettings.OAuthSettings.LogoutURI = ""
-	return m.settingsService.UpdateSettings(legacySettings)
-}
--- a/api/bolt/migrator/migrate_dbversion30_test.go
+++ b/api/bolt/migrator/migrate_dbversion30_test.go
@@ -1,95 +0,0 @@
-package migrator
-
-import (
-	"os"
-	"path"
-	"testing"
-	"time"
-
-	"github.com/boltdb/bolt"
-	"github.com/portainer/portainer/api/bolt/internal"
-	"github.com/portainer/portainer/api/bolt/settings"
-)
-
-var (
-	testingDBStorePath string
-	testingDBFileName  string
-	dummyLogoURL       string
-	dbConn             *bolt.DB
-	settingsService    *settings.Service
-)
-
-// initTestingDBConn creates a raw bolt DB connection
-// for unit testing usage only since using NewStore will cause cycle import inside migrator pkg
-func initTestingDBConn(storePath, fileName string) (*bolt.DB, error) {
-	databasePath := path.Join(storePath, fileName)
-	dbConn, err := bolt.Open(databasePath, 0600, &bolt.Options{Timeout: 1 * time.Second})
-	if err != nil {
-		return nil, err
-	}
-	return dbConn, nil
-}
-
-// initTestingDBConn creates a settings service with raw bolt DB connection
-// for unit testing usage only since using NewStore will cause cycle import inside migrator pkg
-func initTestingSettingsService(dbConn *bolt.DB, preSetObj map[string]interface{}) (*settings.Service, error) {
-	internalDBConn := &internal.DbConnection{
-		DB: dbConn,
-	}
-	settingsService, err := settings.NewService(internalDBConn)
-	if err != nil {
-		return nil, err
-	}
-	//insert a obj
-	if err := internal.UpdateObject(internalDBConn, "settings", []byte("SETTINGS"), preSetObj); err != nil {
-		return nil, err
-	}
-	return settingsService, nil
-}
-
-func setup() error {
-	testingDBStorePath, _ = os.Getwd()
-	testingDBFileName = "portainer-ee-mig-30.db"
-	dummyLogoURL = "example.com"
-	var err error
-	dbConn, err = initTestingDBConn(testingDBStorePath, testingDBFileName)
-	if err != nil {
-		return err
-	}
-	dummySettingsObj := map[string]interface{}{
-		"LogoURL": dummyLogoURL,
-	}
-	settingsService, err = initTestingSettingsService(dbConn, dummySettingsObj)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func TestMigrateSettings(t *testing.T) {
-	if err := setup(); err != nil {
-		t.Errorf("failed to complete testing setups, err: %v", err)
-	}
-	defer dbConn.Close()
-	defer os.Remove(testingDBFileName)
-	m := &Migrator{
-		db:              dbConn,
-		settingsService: settingsService,
-	}
-	if err := m.migrateSettings(); err != nil {
-		t.Errorf("failed to update settings: %v", err)
-	}
-	updatedSettings, err := m.settingsService.Settings()
-	if err != nil {
-		t.Errorf("failed to retrieve the updated settings: %v", err)
-	}
-	if updatedSettings.LogoURL != dummyLogoURL {
-		t.Errorf("unexpected value changes in the updated settings, want LogoURL value: %s, got LogoURL value: %s", dummyLogoURL, updatedSettings.LogoURL)
-	}
-	if updatedSettings.OAuthSettings.SSO != false {
-		t.Errorf("unexpected default OAuth SSO setting, want: false, got: %t", updatedSettings.OAuthSettings.SSO)
-	}
-	if updatedSettings.OAuthSettings.LogoutURI != "" {
-		t.Errorf("unexpected default OAuth HideInternalAuth setting, want:, got: %s", updatedSettings.OAuthSettings.LogoutURI)
-	}
-}
--- a/api/bolt/migrator/migrate_dbversion32.go
+++ b/api/bolt/migrator/migrate_dbversion32.go
@@ -1,124 +0,0 @@
-package migrator
-
-import (
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/errors"
-)
-
-func (m *Migrator) migrateDBVersionTo32() error {
-	err := m.updateRegistriesToDB32()
-	if err != nil {
-		return err
-	}
-
-	err = m.updateDockerhubToDB32()
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (m *Migrator) updateRegistriesToDB32() error {
-	registries, err := m.registryService.Registries()
-	if err != nil {
-		return err
-	}
-
-	endpoints, err := m.endpointService.Endpoints()
-	if err != nil {
-		return err
-	}
-
-	for _, registry := range registries {
-
-		registry.RegistryAccesses = portainer.RegistryAccesses{}
-
-		for _, endpoint := range endpoints {
-
-			filteredUserAccessPolicies := portainer.UserAccessPolicies{}
-			for userId, registryPolicy := range registry.UserAccessPolicies {
-				if _, found := endpoint.UserAccessPolicies[userId]; found {
-					filteredUserAccessPolicies[userId] = registryPolicy
-				}
-			}
-
-			filteredTeamAccessPolicies := portainer.TeamAccessPolicies{}
-			for teamId, registryPolicy := range registry.TeamAccessPolicies {
-				if _, found := endpoint.TeamAccessPolicies[teamId]; found {
-					filteredTeamAccessPolicies[teamId] = registryPolicy
-				}
-			}
-
-			registry.RegistryAccesses[endpoint.ID] = portainer.RegistryAccessPolicies{
-				UserAccessPolicies: filteredUserAccessPolicies,
-				TeamAccessPolicies: filteredTeamAccessPolicies,
-				Namespaces:         []string{},
-			}
-		}
-		m.registryService.UpdateRegistry(registry.ID, &registry)
-	}
-	return nil
-}
-
-func (m *Migrator) updateDockerhubToDB32() error {
-	dockerhub, err := m.dockerhubService.DockerHub()
-	if err == errors.ErrObjectNotFound {
-		return nil
-	} else if err != nil {
-		return err
-	}
-
-	if !dockerhub.Authentication {
-		return nil
-	}
-
-	registry := &portainer.Registry{
-		Type:             portainer.DockerHubRegistry,
-		Name:             "Dockerhub (authenticated - migrated)",
-		URL:              "docker.io",
-		Authentication:   true,
-		Username:         dockerhub.Username,
-		Password:         dockerhub.Password,
-		RegistryAccesses: portainer.RegistryAccesses{},
-	}
-
-	endpoints, err := m.endpointService.Endpoints()
-	if err != nil {
-		return err
-	}
-
-	for _, endpoint := range endpoints {
-
-		if endpoint.Type != portainer.KubernetesLocalEnvironment &&
-			endpoint.Type != portainer.AgentOnKubernetesEnvironment &&
-			endpoint.Type != portainer.EdgeAgentOnKubernetesEnvironment {
-
-			userAccessPolicies := portainer.UserAccessPolicies{}
-			for userId := range endpoint.UserAccessPolicies {
-				if _, found := endpoint.UserAccessPolicies[userId]; found {
-					userAccessPolicies[userId] = portainer.AccessPolicy{
-						RoleID: 0,
-					}
-				}
-			}
-
-			teamAccessPolicies := portainer.TeamAccessPolicies{}
-			for teamId := range endpoint.TeamAccessPolicies {
-				if _, found := endpoint.TeamAccessPolicies[teamId]; found {
-					teamAccessPolicies[teamId] = portainer.AccessPolicy{
-						RoleID: 0,
-					}
-				}
-			}
-
-			registry.RegistryAccesses[endpoint.ID] = portainer.RegistryAccessPolicies{
-				UserAccessPolicies: userAccessPolicies,
-				TeamAccessPolicies: teamAccessPolicies,
-				Namespaces:         []string{},
-			}
-		}
-	}
-
-	return m.registryService.CreateRegistry(registry)
-}
--- a/api/bolt/migrator/migrator.go
+++ b/api/bolt/migrator/migrator.go
@@ -2,103 +2,77 @@ package migrator

 import (
 	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/dockerhub"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/endpoint"
 	"github.com/portainer/portainer/api/bolt/endpointgroup"
-	"github.com/portainer/portainer/api/bolt/endpointrelation"
 	"github.com/portainer/portainer/api/bolt/extension"
-	plog "github.com/portainer/portainer/api/bolt/log"
 	"github.com/portainer/portainer/api/bolt/registry"
 	"github.com/portainer/portainer/api/bolt/resourcecontrol"
-	"github.com/portainer/portainer/api/bolt/role"
-	"github.com/portainer/portainer/api/bolt/schedule"
 	"github.com/portainer/portainer/api/bolt/settings"
 	"github.com/portainer/portainer/api/bolt/stack"
-	"github.com/portainer/portainer/api/bolt/tag"
-	"github.com/portainer/portainer/api/bolt/teammembership"
+	"github.com/portainer/portainer/api/bolt/template"
 	"github.com/portainer/portainer/api/bolt/user"
 	"github.com/portainer/portainer/api/bolt/version"
-	"github.com/portainer/portainer/api/internal/authorization"
 )

-var migrateLog = plog.NewScopedLog("bolt, migrate")
-
 type (
 	// Migrator defines a service to migrate data after a Portainer version update.
 	Migrator struct {
-		currentDBVersion        int
-		db                      *bolt.DB
-		endpointGroupService    *endpointgroup.Service
-		endpointService         *endpoint.Service
-		endpointRelationService *endpointrelation.Service
-		extensionService        *extension.Service
-		registryService         *registry.Service
-		resourceControlService  *resourcecontrol.Service
-		roleService             *role.Service
-		scheduleService         *schedule.Service
-		settingsService         *settings.Service
-		stackService            *stack.Service
-		tagService              *tag.Service
-		teamMembershipService   *teammembership.Service
-		userService             *user.Service
-		versionService          *version.Service
-		fileService             portainer.FileService
-		authorizationService    *authorization.Service
-		dockerhubService        *dockerhub.Service
+		currentDBVersion       int
+		db                     *bolt.DB
+		endpointGroupService   *endpointgroup.Service
+		endpointService        *endpoint.Service
+		extensionService       *extension.Service
+		registryService        *registry.Service
+		resourceControlService *resourcecontrol.Service
+		settingsService        *settings.Service
+		stackService           *stack.Service
+		templateService        *template.Service
+		userService            *user.Service
+		versionService         *version.Service
+		fileService            portainer.FileService
 	}

 	// Parameters represents the required parameters to create a new Migrator instance.
 	Parameters struct {
-		DB                      *bolt.DB
-		DatabaseVersion         int
-		EndpointGroupService    *endpointgroup.Service
-		EndpointService         *endpoint.Service
-		EndpointRelationService *endpointrelation.Service
-		ExtensionService        *extension.Service
-		RegistryService         *registry.Service
-		ResourceControlService  *resourcecontrol.Service
-		RoleService             *role.Service
-		ScheduleService         *schedule.Service
-		SettingsService         *settings.Service
-		StackService            *stack.Service
-		TagService              *tag.Service
-		TeamMembershipService   *teammembership.Service
-		UserService             *user.Service
-		VersionService          *version.Service
-		FileService             portainer.FileService
-		AuthorizationService    *authorization.Service
-		DockerhubService        *dockerhub.Service
+		DB                     *bolt.DB
+		DatabaseVersion        int
+		EndpointGroupService   *endpointgroup.Service
+		EndpointService        *endpoint.Service
+		ExtensionService       *extension.Service
+		RegistryService        *registry.Service
+		ResourceControlService *resourcecontrol.Service
+		SettingsService        *settings.Service
+		StackService           *stack.Service
+		TemplateService        *template.Service
+		UserService            *user.Service
+		VersionService         *version.Service
+		FileService            portainer.FileService
 	}
 )

 // NewMigrator creates a new Migrator.
 func NewMigrator(parameters *Parameters) *Migrator {
 	return &Migrator{
-		db:                      parameters.DB,
-		currentDBVersion:        parameters.DatabaseVersion,
-		endpointGroupService:    parameters.EndpointGroupService,
-		endpointService:         parameters.EndpointService,
-		endpointRelationService: parameters.EndpointRelationService,
-		extensionService:        parameters.ExtensionService,
-		registryService:         parameters.RegistryService,
-		resourceControlService:  parameters.ResourceControlService,
-		roleService:             parameters.RoleService,
-		scheduleService:         parameters.ScheduleService,
-		settingsService:         parameters.SettingsService,
-		tagService:              parameters.TagService,
-		teamMembershipService:   parameters.TeamMembershipService,
-		stackService:            parameters.StackService,
-		userService:             parameters.UserService,
-		versionService:          parameters.VersionService,
-		fileService:             parameters.FileService,
-		authorizationService:    parameters.AuthorizationService,
-		dockerhubService:        parameters.DockerhubService,
+		db:                     parameters.DB,
+		currentDBVersion:       parameters.DatabaseVersion,
+		endpointGroupService:   parameters.EndpointGroupService,
+		endpointService:        parameters.EndpointService,
+		extensionService:       parameters.ExtensionService,
+		registryService:        parameters.RegistryService,
+		resourceControlService: parameters.ResourceControlService,
+		settingsService:        parameters.SettingsService,
+		templateService:        parameters.TemplateService,
+		stackService:           parameters.StackService,
+		userService:            parameters.UserService,
+		versionService:         parameters.VersionService,
+		fileService:            parameters.FileService,
 	}
 }

 // Migrate checks the database version and migrate the existing data to the most recent data model.
 func (m *Migrator) Migrate() error {
+
 	// Portainer < 1.12
 	if m.currentDBVersion < 1 {
 		err := m.updateAdminUserToDBVersion1()
@@ -275,111 +249,5 @@ func (m *Migrator) Migrate() error {
 		}
 	}

-	// Portainer 1.22.0
-	if m.currentDBVersion < 19 {
-		err := m.updateSettingsToDBVersion19()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 1.22.1
-	if m.currentDBVersion < 20 {
-		err := m.updateUsersToDBVersion20()
-		if err != nil {
-			return err
-		}
-
-		err = m.updateSettingsToDBVersion20()
-		if err != nil {
-			return err
-		}
-
-		err = m.updateSchedulesToDBVersion20()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 1.23.0
-	// DBVersion 21 is missing as it was shipped as via hotfix 1.22.2
-	if m.currentDBVersion < 22 {
-		err := m.updateResourceControlsToDBVersion22()
-		if err != nil {
-			return err
-		}
-
-		err = m.updateUsersAndRolesToDBVersion22()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 1.24.0
-	if m.currentDBVersion < 23 {
-		err := m.updateTagsToDBVersion23()
-		if err != nil {
-			return err
-		}
-
-		err = m.updateEndpointsAndEndpointGroupsToDBVersion23()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 1.24.1
-	if m.currentDBVersion < 24 {
-		err := m.updateSettingsToDB24()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 2.0.0
-	if m.currentDBVersion < 25 {
-		err := m.updateSettingsToDB25()
-		if err != nil {
-			return err
-		}
-
-		err = m.updateStacksToDB24()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 2.1.0
-	if m.currentDBVersion < 26 {
-		err := m.updateEndpointSettingsToDB25()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 2.2.0
-	if m.currentDBVersion < 27 {
-		err := m.updateStackResourceControlToDB27()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 2.6.0
-	if m.currentDBVersion < 30 {
-		err := m.migrateDBVersionTo30()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 2.9.0
-	if m.currentDBVersion < 32 {
-		err := m.migrateDBVersionTo32()
-		if err != nil {
-			return err
-		}
-	}
-
 	return m.versionService.StoreDBVersion(portainer.DBVersion)
 }
--- a/api/bolt/registry/registry.go
+++ b/api/bolt/registry/registry.go
@@ -1,7 +1,7 @@
 package registry

 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"

 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (

 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -34,7 +34,7 @@ func (service *Service) Registry(ID portainer.RegistryID) (*portainer.Registry,
 	var registry portainer.Registry
 	identifier := internal.Itob(int(ID))

-	err := internal.GetObject(service.connection, BucketName, identifier, &registry)
+	err := internal.GetObject(service.db, BucketName, identifier, &registry)
 	if err != nil {
 		return nil, err
 	}
@@ -46,7 +46,7 @@ func (service *Service) Registry(ID portainer.RegistryID) (*portainer.Registry,
 func (service *Service) Registries() ([]portainer.Registry, error) {
 	var registries = make([]portainer.Registry, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -67,7 +67,7 @@ func (service *Service) Registries() ([]portainer.Registry, error) {

 // CreateRegistry creates a new registry.
 func (service *Service) CreateRegistry(registry *portainer.Registry) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		id, _ := bucket.NextSequence()
@@ -85,11 +85,11 @@ func (service *Service) CreateRegistry(registry *portainer.Registry) error {
 // UpdateRegistry updates an registry.
 func (service *Service) UpdateRegistry(ID portainer.RegistryID, registry *portainer.Registry) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, registry)
+	return internal.UpdateObject(service.db, BucketName, identifier, registry)
 }

 // DeleteRegistry deletes an registry.
 func (service *Service) DeleteRegistry(ID portainer.RegistryID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
--- a/api/bolt/resourcecontrol/resourcecontrol.go
+++ b/api/bolt/resourcecontrol/resourcecontrol.go
@@ -1,7 +1,7 @@
 package resourcecontrol

 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"

 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (

 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -34,7 +34,7 @@ func (service *Service) ResourceControl(ID portainer.ResourceControlID) (*portai
 	var resourceControl portainer.ResourceControl
 	identifier := internal.Itob(int(ID))

-	err := internal.GetObject(service.connection, BucketName, identifier, &resourceControl)
+	err := internal.GetObject(service.db, BucketName, identifier, &resourceControl)
 	if err != nil {
 		return nil, err
 	}
@@ -42,13 +42,12 @@ func (service *Service) ResourceControl(ID portainer.ResourceControlID) (*portai
 	return &resourceControl, nil
 }

-// ResourceControlByResourceIDAndType returns a ResourceControl object by checking if the resourceID is equal
-// to the main ResourceID or in SubResourceIDs. It also performs a check on the resource type. Return nil
-// if no ResourceControl was found.
-func (service *Service) ResourceControlByResourceIDAndType(resourceID string, resourceType portainer.ResourceControlType) (*portainer.ResourceControl, error) {
+// ResourceControlByResourceID returns a ResourceControl object by checking if the resourceID is equal
+// to the main ResourceID or in SubResourceIDs
+func (service *Service) ResourceControlByResourceID(resourceID string) (*portainer.ResourceControl, error) {
 	var resourceControl *portainer.ResourceControl

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 		cursor := bucket.Cursor()

@@ -59,7 +58,7 @@ func (service *Service) ResourceControlByResourceIDAndType(resourceID string, re
 				return err
 			}

-			if rc.ResourceID == resourceID && rc.Type == resourceType {
+			if rc.ResourceID == resourceID {
 				resourceControl = &rc
 				break
 			}
@@ -72,6 +71,10 @@ func (service *Service) ResourceControlByResourceIDAndType(resourceID string, re
 			}
 		}

+		if resourceControl == nil {
+			return portainer.ErrObjectNotFound
+		}
+
 		return nil
 	})

@@ -82,7 +85,7 @@ func (service *Service) ResourceControlByResourceIDAndType(resourceID string, re
 func (service *Service) ResourceControls() ([]portainer.ResourceControl, error) {
 	var rcs = make([]portainer.ResourceControl, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -103,7 +106,7 @@ func (service *Service) ResourceControls() ([]portainer.ResourceControl, error)

 // CreateResourceControl creates a new ResourceControl object
 func (service *Service) CreateResourceControl(resourceControl *portainer.ResourceControl) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		id, _ := bucket.NextSequence()
@@ -121,11 +124,11 @@ func (service *Service) CreateResourceControl(resourceControl *portainer.Resourc
 // UpdateResourceControl saves a ResourceControl object.
 func (service *Service) UpdateResourceControl(ID portainer.ResourceControlID, resourceControl *portainer.ResourceControl) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, resourceControl)
+	return internal.UpdateObject(service.db, BucketName, identifier, resourceControl)
 }

 // DeleteResourceControl deletes a ResourceControl object by ID
 func (service *Service) DeleteResourceControl(ID portainer.ResourceControlID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
--- a/api/bolt/role/role.go
+++ b/api/bolt/role/role.go
@@ -1,7 +1,7 @@
 package role

 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"

 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (

 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -34,7 +34,7 @@ func (service *Service) Role(ID portainer.RoleID) (*portainer.Role, error) {
 	var set portainer.Role
 	identifier := internal.Itob(int(ID))

-	err := internal.GetObject(service.connection, BucketName, identifier, &set)
+	err := internal.GetObject(service.db, BucketName, identifier, &set)
 	if err != nil {
 		return nil, err
 	}
@@ -46,7 +46,7 @@ func (service *Service) Role(ID portainer.RoleID) (*portainer.Role, error) {
 func (service *Service) Roles() ([]portainer.Role, error) {
 	var sets = make([]portainer.Role, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -66,24 +66,18 @@ func (service *Service) Roles() ([]portainer.Role, error) {
 }

 // CreateRole creates a new Role.
-func (service *Service) CreateRole(role *portainer.Role) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+func (service *Service) CreateRole(set *portainer.Role) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		id, _ := bucket.NextSequence()
-		role.ID = portainer.RoleID(id)
+		set.ID = portainer.RoleID(id)

-		data, err := internal.MarshalObject(role)
+		data, err := internal.MarshalObject(set)
 		if err != nil {
 			return err
 		}

-		return bucket.Put(internal.Itob(int(role.ID)), data)
+		return bucket.Put(internal.Itob(int(set.ID)), data)
 	})
 }
-
-// UpdateRole updates a role.
-func (service *Service) UpdateRole(ID portainer.RoleID, role *portainer.Role) error {
-	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, role)
-}
--- a/api/bolt/schedule/schedule.go
+++ b/api/bolt/schedule/schedule.go
@@ -1,7 +1,7 @@
 package schedule

 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"

 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (

 // Service represents a service for managing schedule data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -34,7 +34,7 @@ func (service *Service) Schedule(ID portainer.ScheduleID) (*portainer.Schedule,
 	var schedule portainer.Schedule
 	identifier := internal.Itob(int(ID))

-	err := internal.GetObject(service.connection, BucketName, identifier, &schedule)
+	err := internal.GetObject(service.db, BucketName, identifier, &schedule)
 	if err != nil {
 		return nil, err
 	}
@@ -45,20 +45,20 @@ func (service *Service) Schedule(ID portainer.ScheduleID) (*portainer.Schedule,
 // UpdateSchedule updates a schedule.
 func (service *Service) UpdateSchedule(ID portainer.ScheduleID, schedule *portainer.Schedule) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, schedule)
+	return internal.UpdateObject(service.db, BucketName, identifier, schedule)
 }

 // DeleteSchedule deletes a schedule.
 func (service *Service) DeleteSchedule(ID portainer.ScheduleID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }

 // Schedules return a array containing all the schedules.
 func (service *Service) Schedules() ([]portainer.Schedule, error) {
 	var schedules = make([]portainer.Schedule, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -82,7 +82,7 @@ func (service *Service) Schedules() ([]portainer.Schedule, error) {
 func (service *Service) SchedulesByJobType(jobType portainer.JobType) ([]portainer.Schedule, error) {
 	var schedules = make([]portainer.Schedule, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -105,7 +105,7 @@ func (service *Service) SchedulesByJobType(jobType portainer.JobType) ([]portain

 // CreateSchedule assign an ID to a new schedule and saves it.
 func (service *Service) CreateSchedule(schedule *portainer.Schedule) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		// We manually manage sequences for schedules
@@ -125,5 +125,5 @@ func (service *Service) CreateSchedule(schedule *portainer.Schedule) error {

 // GetNextIdentifier returns the next identifier for a schedule.
 func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.connection, BucketName)
+	return internal.GetNextIdentifier(service.db, BucketName)
 }
--- a/api/bolt/services.go
+++ b/api/bolt/services.go
@@ -1,258 +0,0 @@
-package bolt
-
-import (
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/customtemplate"
-	"github.com/portainer/portainer/api/bolt/dockerhub"
-	"github.com/portainer/portainer/api/bolt/edgegroup"
-	"github.com/portainer/portainer/api/bolt/edgejob"
-	"github.com/portainer/portainer/api/bolt/edgestack"
-	"github.com/portainer/portainer/api/bolt/endpoint"
-	"github.com/portainer/portainer/api/bolt/endpointgroup"
-	"github.com/portainer/portainer/api/bolt/endpointrelation"
-	"github.com/portainer/portainer/api/bolt/extension"
-	"github.com/portainer/portainer/api/bolt/registry"
-	"github.com/portainer/portainer/api/bolt/resourcecontrol"
-	"github.com/portainer/portainer/api/bolt/role"
-	"github.com/portainer/portainer/api/bolt/schedule"
-	"github.com/portainer/portainer/api/bolt/settings"
-	"github.com/portainer/portainer/api/bolt/stack"
-	"github.com/portainer/portainer/api/bolt/tag"
-	"github.com/portainer/portainer/api/bolt/team"
-	"github.com/portainer/portainer/api/bolt/teammembership"
-	"github.com/portainer/portainer/api/bolt/tunnelserver"
-	"github.com/portainer/portainer/api/bolt/user"
-	"github.com/portainer/portainer/api/bolt/version"
-	"github.com/portainer/portainer/api/bolt/webhook"
-)
-
-func (store *Store) initServices() error {
-	authorizationsetService, err := role.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.RoleService = authorizationsetService
-
-	customTemplateService, err := customtemplate.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.CustomTemplateService = customTemplateService
-
-	dockerhubService, err := dockerhub.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.DockerHubService = dockerhubService
-
-	edgeStackService, err := edgestack.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.EdgeStackService = edgeStackService
-
-	edgeGroupService, err := edgegroup.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.EdgeGroupService = edgeGroupService
-
-	edgeJobService, err := edgejob.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.EdgeJobService = edgeJobService
-
-	endpointgroupService, err := endpointgroup.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.EndpointGroupService = endpointgroupService
-
-	endpointService, err := endpoint.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.EndpointService = endpointService
-
-	endpointRelationService, err := endpointrelation.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.EndpointRelationService = endpointRelationService
-
-	extensionService, err := extension.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.ExtensionService = extensionService
-
-	registryService, err := registry.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.RegistryService = registryService
-
-	resourcecontrolService, err := resourcecontrol.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.ResourceControlService = resourcecontrolService
-
-	settingsService, err := settings.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.SettingsService = settingsService
-
-	stackService, err := stack.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.StackService = stackService
-
-	tagService, err := tag.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.TagService = tagService
-
-	teammembershipService, err := teammembership.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.TeamMembershipService = teammembershipService
-
-	teamService, err := team.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.TeamService = teamService
-
-	tunnelServerService, err := tunnelserver.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.TunnelServerService = tunnelServerService
-
-	userService, err := user.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.UserService = userService
-
-	versionService, err := version.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.VersionService = versionService
-
-	webhookService, err := webhook.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.WebhookService = webhookService
-
-	scheduleService, err := schedule.NewService(store.connection)
-	if err != nil {
-		return err
-	}
-	store.ScheduleService = scheduleService
-
-	return nil
-}
-
-// CustomTemplate gives access to the CustomTemplate data management layer
-func (store *Store) CustomTemplate() portainer.CustomTemplateService {
-	return store.CustomTemplateService
-}
-
-// EdgeGroup gives access to the EdgeGroup data management layer
-func (store *Store) EdgeGroup() portainer.EdgeGroupService {
-	return store.EdgeGroupService
-}
-
-// EdgeJob gives access to the EdgeJob data management layer
-func (store *Store) EdgeJob() portainer.EdgeJobService {
-	return store.EdgeJobService
-}
-
-// EdgeStack gives access to the EdgeStack data management layer
-func (store *Store) EdgeStack() portainer.EdgeStackService {
-	return store.EdgeStackService
-}
-
-// Endpoint gives access to the Endpoint data management layer
-func (store *Store) Endpoint() portainer.EndpointService {
-	return store.EndpointService
-}
-
-// EndpointGroup gives access to the EndpointGroup data management layer
-func (store *Store) EndpointGroup() portainer.EndpointGroupService {
-	return store.EndpointGroupService
-}
-
-// EndpointRelation gives access to the EndpointRelation data management layer
-func (store *Store) EndpointRelation() portainer.EndpointRelationService {
-	return store.EndpointRelationService
-}
-
-// Registry gives access to the Registry data management layer
-func (store *Store) Registry() portainer.RegistryService {
-	return store.RegistryService
-}
-
-// ResourceControl gives access to the ResourceControl data management layer
-func (store *Store) ResourceControl() portainer.ResourceControlService {
-	return store.ResourceControlService
-}
-
-// Role gives access to the Role data management layer
-func (store *Store) Role() portainer.RoleService {
-	return store.RoleService
-}
-
-// Settings gives access to the Settings data management layer
-func (store *Store) Settings() portainer.SettingsService {
-	return store.SettingsService
-}
-
-// Stack gives access to the Stack data management layer
-func (store *Store) Stack() portainer.StackService {
-	return store.StackService
-}
-
-// Tag gives access to the Tag data management layer
-func (store *Store) Tag() portainer.TagService {
-	return store.TagService
-}
-
-// TeamMembership gives access to the TeamMembership data management layer
-func (store *Store) TeamMembership() portainer.TeamMembershipService {
-	return store.TeamMembershipService
-}
-
-// Team gives access to the Team data management layer
-func (store *Store) Team() portainer.TeamService {
-	return store.TeamService
-}
-
-// TunnelServer gives access to the TunnelServer data management layer
-func (store *Store) TunnelServer() portainer.TunnelServerService {
-	return store.TunnelServerService
-}
-
-// User gives access to the User data management layer
-func (store *Store) User() portainer.UserService {
-	return store.UserService
-}
-
-// Version gives access to the Version data management layer
-func (store *Store) Version() portainer.VersionService {
-	return store.VersionService
-}
-
-// Webhook gives access to the Webhook data management layer
-func (store *Store) Webhook() portainer.WebhookService {
-	return store.WebhookService
-}
--- a/api/bolt/settings/settings.go
+++ b/api/bolt/settings/settings.go
@@ -1,8 +1,10 @@
 package settings

 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
+
+	"github.com/boltdb/bolt"
 )

 const (
@@ -13,18 +15,18 @@ const (

 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -32,7 +34,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) Settings() (*portainer.Settings, error) {
 	var settings portainer.Settings

-	err := internal.GetObject(service.connection, BucketName, []byte(settingsKey), &settings)
+	err := internal.GetObject(service.db, BucketName, []byte(settingsKey), &settings)
 	if err != nil {
 		return nil, err
 	}
@@ -42,5 +44,5 @@ func (service *Service) Settings() (*portainer.Settings, error) {

 // UpdateSettings persists a Settings object.
 func (service *Service) UpdateSettings(settings *portainer.Settings) error {
-	return internal.UpdateObject(service.connection, BucketName, []byte(settingsKey), settings)
+	return internal.UpdateObject(service.db, BucketName, []byte(settingsKey), settings)
 }
--- a/api/bolt/stack/stack.go
+++ b/api/bolt/stack/stack.go
@@ -1,8 +1,7 @@
 package stack

 import (
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/errors"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"

 	"github.com/boltdb/bolt"
@@ -15,18 +14,18 @@ const (

 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -35,7 +34,7 @@ func (service *Service) Stack(ID portainer.StackID) (*portainer.Stack, error) {
 	var stack portainer.Stack
 	identifier := internal.Itob(int(ID))

-	err := internal.GetObject(service.connection, BucketName, identifier, &stack)
+	err := internal.GetObject(service.db, BucketName, identifier, &stack)
 	if err != nil {
 		return nil, err
 	}
@@ -47,7 +46,7 @@ func (service *Service) Stack(ID portainer.StackID) (*portainer.Stack, error) {
 func (service *Service) StackByName(name string) (*portainer.Stack, error) {
 	var stack *portainer.Stack

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 		cursor := bucket.Cursor()

@@ -65,7 +64,7 @@ func (service *Service) StackByName(name string) (*portainer.Stack, error) {
 		}

 		if stack == nil {
-			return errors.ErrObjectNotFound
+			return portainer.ErrObjectNotFound
 		}

 		return nil
@@ -78,7 +77,7 @@ func (service *Service) StackByName(name string) (*portainer.Stack, error) {
 func (service *Service) Stacks() ([]portainer.Stack, error) {
 	var stacks = make([]portainer.Stack, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -99,12 +98,12 @@ func (service *Service) Stacks() ([]portainer.Stack, error) {

 // GetNextIdentifier returns the next identifier for a stack.
 func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.connection, BucketName)
+	return internal.GetNextIdentifier(service.db, BucketName)
 }

 // CreateStack creates a new stack.
 func (service *Service) CreateStack(stack *portainer.Stack) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		// We manually manage sequences for stacks
@@ -125,11 +124,11 @@ func (service *Service) CreateStack(stack *portainer.Stack) error {
 // UpdateStack updates a stack.
 func (service *Service) UpdateStack(ID portainer.StackID, stack *portainer.Stack) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, stack)
+	return internal.UpdateObject(service.db, BucketName, identifier, stack)
 }

 // DeleteStack deletes a stack.
 func (service *Service) DeleteStack(ID portainer.StackID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
--- a/api/bolt/tag/tag.go
+++ b/api/bolt/tag/tag.go
@@ -1,7 +1,7 @@
 package tag

 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"

 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (

 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -33,7 +33,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) Tags() ([]portainer.Tag, error) {
 	var tags = make([]portainer.Tag, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -52,22 +52,9 @@ func (service *Service) Tags() ([]portainer.Tag, error) {
 	return tags, err
 }

-// Tag returns a tag by ID.
-func (service *Service) Tag(ID portainer.TagID) (*portainer.Tag, error) {
-	var tag portainer.Tag
-	identifier := internal.Itob(int(ID))
-
-	err := internal.GetObject(service.connection, BucketName, identifier, &tag)
-	if err != nil {
-		return nil, err
-	}
-
-	return &tag, nil
-}
-
 // CreateTag creates a new tag.
 func (service *Service) CreateTag(tag *portainer.Tag) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		id, _ := bucket.NextSequence()
@@ -82,14 +69,8 @@ func (service *Service) CreateTag(tag *portainer.Tag) error {
 	})
 }

-// UpdateTag updates a tag.
-func (service *Service) UpdateTag(ID portainer.TagID, tag *portainer.Tag) error {
-	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, tag)
-}
-
 // DeleteTag deletes a tag.
 func (service *Service) DeleteTag(ID portainer.TagID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
--- a/api/bolt/team/team.go
+++ b/api/bolt/team/team.go
@@ -1,10 +1,7 @@
 package team

 import (
-	"strings"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/errors"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"

 	"github.com/boltdb/bolt"
@@ -17,18 +14,18 @@ const (

 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -37,7 +34,7 @@ func (service *Service) Team(ID portainer.TeamID) (*portainer.Team, error) {
 	var team portainer.Team
 	identifier := internal.Itob(int(ID))

-	err := internal.GetObject(service.connection, BucketName, identifier, &team)
+	err := internal.GetObject(service.db, BucketName, identifier, &team)
 	if err != nil {
 		return nil, err
 	}
@@ -49,7 +46,7 @@ func (service *Service) Team(ID portainer.TeamID) (*portainer.Team, error) {
 func (service *Service) TeamByName(name string) (*portainer.Team, error) {
 	var team *portainer.Team

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -60,14 +57,14 @@ func (service *Service) TeamByName(name string) (*portainer.Team, error) {
 				return err
 			}

-			if strings.EqualFold(t.Name, name) {
+			if t.Name == name {
 				team = &t
 				break
 			}
 		}

 		if team == nil {
-			return errors.ErrObjectNotFound
+			return portainer.ErrObjectNotFound
 		}

 		return nil
@@ -80,7 +77,7 @@ func (service *Service) TeamByName(name string) (*portainer.Team, error) {
 func (service *Service) Teams() ([]portainer.Team, error) {
 	var teams = make([]portainer.Team, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -102,12 +99,12 @@ func (service *Service) Teams() ([]portainer.Team, error) {
 // UpdateTeam saves a Team.
 func (service *Service) UpdateTeam(ID portainer.TeamID, team *portainer.Team) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, team)
+	return internal.UpdateObject(service.db, BucketName, identifier, team)
 }

 // CreateTeam creates a new Team.
 func (service *Service) CreateTeam(team *portainer.Team) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		id, _ := bucket.NextSequence()
@@ -125,5 +122,5 @@ func (service *Service) CreateTeam(team *portainer.Team) error {
 // DeleteTeam deletes a Team.
 func (service *Service) DeleteTeam(ID portainer.TeamID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
--- a/api/bolt/teammembership/teammembership.go
+++ b/api/bolt/teammembership/teammembership.go
@@ -1,7 +1,7 @@
 package teammembership

 import (
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"

 	"github.com/boltdb/bolt"
@@ -14,18 +14,18 @@ const (

 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -34,7 +34,7 @@ func (service *Service) TeamMembership(ID portainer.TeamMembershipID) (*portaine
 	var membership portainer.TeamMembership
 	identifier := internal.Itob(int(ID))

-	err := internal.GetObject(service.connection, BucketName, identifier, &membership)
+	err := internal.GetObject(service.db, BucketName, identifier, &membership)
 	if err != nil {
 		return nil, err
 	}
@@ -46,7 +46,7 @@ func (service *Service) TeamMembership(ID portainer.TeamMembershipID) (*portaine
 func (service *Service) TeamMemberships() ([]portainer.TeamMembership, error) {
 	var memberships = make([]portainer.TeamMembership, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -69,7 +69,7 @@ func (service *Service) TeamMemberships() ([]portainer.TeamMembership, error) {
 func (service *Service) TeamMembershipsByUserID(userID portainer.UserID) ([]portainer.TeamMembership, error) {
 	var memberships = make([]portainer.TeamMembership, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -95,7 +95,7 @@ func (service *Service) TeamMembershipsByUserID(userID portainer.UserID) ([]port
 func (service *Service) TeamMembershipsByTeamID(teamID portainer.TeamID) ([]portainer.TeamMembership, error) {
 	var memberships = make([]portainer.TeamMembership, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -120,12 +120,12 @@ func (service *Service) TeamMembershipsByTeamID(teamID portainer.TeamID) ([]port
 // UpdateTeamMembership saves a TeamMembership object.
 func (service *Service) UpdateTeamMembership(ID portainer.TeamMembershipID, membership *portainer.TeamMembership) error {
 	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.connection, BucketName, identifier, membership)
+	return internal.UpdateObject(service.db, BucketName, identifier, membership)
 }

 // CreateTeamMembership creates a new TeamMembership object.
 func (service *Service) CreateTeamMembership(membership *portainer.TeamMembership) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		id, _ := bucket.NextSequence()
@@ -143,12 +143,12 @@ func (service *Service) CreateTeamMembership(membership *portainer.TeamMembershi
 // DeleteTeamMembership deletes a TeamMembership object.
 func (service *Service) DeleteTeamMembership(ID portainer.TeamMembershipID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }

 // DeleteTeamMembershipByUserID deletes all the TeamMembership object associated to a UserID.
 func (service *Service) DeleteTeamMembershipByUserID(userID portainer.UserID) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -173,7 +173,7 @@ func (service *Service) DeleteTeamMembershipByUserID(userID portainer.UserID) er

 // DeleteTeamMembershipByTeamID deletes all the TeamMembership object associated to a TeamID.
 func (service *Service) DeleteTeamMembershipByTeamID(teamID portainer.TeamID) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
--- a/api/bolt/template/template.go
+++ b/api/bolt/template/template.go
@@ -0,0 +1,95 @@
+package template
+
+import (
+	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/bolt/internal"
+
+	"github.com/boltdb/bolt"
+)
+
+const (
+	// BucketName represents the name of the bucket where this service stores data.
+	BucketName = "templates"
+)
+
+// Service represents a service for managing endpoint data.
+type Service struct {
+	db *bolt.DB
+}
+
+// NewService creates a new instance of a service.
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Service{
+		db: db,
+	}, nil
+}
+
+// Templates return an array containing all the templates.
+func (service *Service) Templates() ([]portainer.Template, error) {
+	var templates = make([]portainer.Template, 0)
+
+	err := service.db.View(func(tx *bolt.Tx) error {
+		bucket := tx.Bucket([]byte(BucketName))
+
+		cursor := bucket.Cursor()
+		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
+			var template portainer.Template
+			err := internal.UnmarshalObject(v, &template)
+			if err != nil {
+				return err
+			}
+			templates = append(templates, template)
+		}
+
+		return nil
+	})
+
+	return templates, err
+}
+
+// Template returns a template by ID.
+func (service *Service) Template(ID portainer.TemplateID) (*portainer.Template, error) {
+	var template portainer.Template
+	identifier := internal.Itob(int(ID))
+
+	err := internal.GetObject(service.db, BucketName, identifier, &template)
+	if err != nil {
+		return nil, err
+	}
+
+	return &template, nil
+}
+
+// CreateTemplate creates a new template.
+func (service *Service) CreateTemplate(template *portainer.Template) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
+		bucket := tx.Bucket([]byte(BucketName))
+
+		id, _ := bucket.NextSequence()
+		template.ID = portainer.TemplateID(id)
+
+		data, err := internal.MarshalObject(template)
+		if err != nil {
+			return err
+		}
+
+		return bucket.Put(internal.Itob(int(template.ID)), data)
+	})
+}
+
+// UpdateTemplate saves a template.
+func (service *Service) UpdateTemplate(ID portainer.TemplateID, template *portainer.Template) error {
+	identifier := internal.Itob(int(ID))
+	return internal.UpdateObject(service.db, BucketName, identifier, template)
+}
+
+// DeleteTemplate deletes a template.
+func (service *Service) DeleteTemplate(ID portainer.TemplateID) error {
+	identifier := internal.Itob(int(ID))
+	return internal.DeleteObject(service.db, BucketName, identifier)
+}
--- a/api/bolt/tunnelserver/tunnelserver.go
+++ b/api/bolt/tunnelserver/tunnelserver.go
@@ -1,46 +0,0 @@
-package tunnelserver
-
-import (
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "tunnel_server"
-	infoKey    = "INFO"
-)
-
-// Service represents a service for managing endpoint data.
-type Service struct {
-	connection *internal.DbConnection
-}
-
-// NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		connection: connection,
-	}, nil
-}
-
-// Info retrieve the TunnelServerInfo object.
-func (service *Service) Info() (*portainer.TunnelServerInfo, error) {
-	var info portainer.TunnelServerInfo
-
-	err := internal.GetObject(service.connection, BucketName, []byte(infoKey), &info)
-	if err != nil {
-		return nil, err
-	}
-
-	return &info, nil
-}
-
-// UpdateInfo persists a TunnelServerInfo object.
-func (service *Service) UpdateInfo(settings *portainer.TunnelServerInfo) error {
-	return internal.UpdateObject(service.connection, BucketName, []byte(infoKey), settings)
-}
--- a/api/bolt/user/user.go
+++ b/api/bolt/user/user.go
@@ -1,10 +1,7 @@
 package user

 import (
-	"strings"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/errors"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"

 	"github.com/boltdb/bolt"
@@ -17,18 +14,18 @@ const (

 // Service represents a service for managing endpoint data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -37,7 +34,7 @@ func (service *Service) User(ID portainer.UserID) (*portainer.User, error) {
 	var user portainer.User
 	identifier := internal.Itob(int(ID))

-	err := internal.GetObject(service.connection, BucketName, identifier, &user)
+	err := internal.GetObject(service.db, BucketName, identifier, &user)
 	if err != nil {
 		return nil, err
 	}
@@ -49,9 +46,7 @@ func (service *Service) User(ID portainer.UserID) (*portainer.User, error) {
 func (service *Service) UserByUsername(username string) (*portainer.User, error) {
 	var user *portainer.User

-	username = strings.ToLower(username)
-
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 		cursor := bucket.Cursor()

@@ -62,14 +57,14 @@ func (service *Service) UserByUsername(username string) (*portainer.User, error)
 				return err
 			}

-			if strings.EqualFold(u.Username, username) {
+			if u.Username == username {
 				user = &u
 				break
 			}
 		}

 		if user == nil {
-			return errors.ErrObjectNotFound
+			return portainer.ErrObjectNotFound
 		}
 		return nil
 	})
@@ -81,7 +76,7 @@ func (service *Service) UserByUsername(username string) (*portainer.User, error)
 func (service *Service) Users() ([]portainer.User, error) {
 	var users = make([]portainer.User, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -103,7 +98,7 @@ func (service *Service) Users() ([]portainer.User, error) {
 // UsersByRole return an array containing all the users with the specified role.
 func (service *Service) UsersByRole(role portainer.UserRole) ([]portainer.User, error) {
 	var users = make([]portainer.User, 0)
-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -127,18 +122,16 @@ func (service *Service) UsersByRole(role portainer.UserRole) ([]portainer.User,
 // UpdateUser saves a user.
 func (service *Service) UpdateUser(ID portainer.UserID, user *portainer.User) error {
 	identifier := internal.Itob(int(ID))
-	user.Username = strings.ToLower(user.Username)
-	return internal.UpdateObject(service.connection, BucketName, identifier, user)
+	return internal.UpdateObject(service.db, BucketName, identifier, user)
 }

 // CreateUser creates a new user.
 func (service *Service) CreateUser(user *portainer.User) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		id, _ := bucket.NextSequence()
 		user.ID = portainer.UserID(id)
-		user.Username = strings.ToLower(user.Username)

 		data, err := internal.MarshalObject(user)
 		if err != nil {
@@ -152,5 +145,5 @@ func (service *Service) CreateUser(user *portainer.User) error {
 // DeleteUser deletes a user.
 func (service *Service) DeleteUser(ID portainer.UserID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }
--- a/api/bolt/version/version.go
+++ b/api/bolt/version/version.go
@@ -4,33 +4,30 @@ import (
 	"strconv"

 	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/errors"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"
 )

 const (
 	// BucketName represents the name of the bucket where this service stores data.
-	BucketName  = "version"
-	versionKey  = "DB_VERSION"
-	instanceKey = "INSTANCE_ID"
-	editionKey  = "EDITION"
+	BucketName = "version"
+	versionKey = "DB_VERSION"
 )

 // Service represents a service to manage stored versions.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -38,12 +35,12 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) DBVersion() (int, error) {
 	var data []byte

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		value := bucket.Get([]byte(versionKey))
 		if value == nil {
-			return errors.ErrObjectNotFound
+			return portainer.ErrObjectNotFound
 		}

 		data = make([]byte, len(value))
@@ -58,94 +55,12 @@ func (service *Service) DBVersion() (int, error) {
 	return strconv.Atoi(string(data))
 }

-// Edition retrieves the stored portainer edition.
-func (service *Service) Edition() (portainer.SoftwareEdition, error) {
-	editionData, err := service.getKey(editionKey)
-	if err != nil {
-		return 0, err
-	}
-
-	edition, err := strconv.Atoi(string(editionData))
-	if err != nil {
-		return 0, err
-	}
-
-	return portainer.SoftwareEdition(edition), nil
-}
-
 // StoreDBVersion store the database version.
 func (service *Service) StoreDBVersion(version int) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		data := []byte(strconv.Itoa(version))
 		return bucket.Put([]byte(versionKey), data)
 	})
 }
-
-// InstanceID retrieves the stored instance ID.
-func (service *Service) InstanceID() (string, error) {
-	var data []byte
-
-	err := service.connection.View(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		value := bucket.Get([]byte(instanceKey))
-		if value == nil {
-			return errors.ErrObjectNotFound
-		}
-
-		data = make([]byte, len(value))
-		copy(data, value)
-
-		return nil
-	})
-	if err != nil {
-		return "", err
-	}
-
-	return string(data), nil
-}
-
-// StoreInstanceID store the instance ID.
-func (service *Service) StoreInstanceID(ID string) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		data := []byte(ID)
-		return bucket.Put([]byte(instanceKey), data)
-	})
-}
-
-func (service *Service) getKey(key string) ([]byte, error) {
-	var data []byte
-
-	err := service.connection.View(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		value := bucket.Get([]byte(key))
-		if value == nil {
-			return errors.ErrObjectNotFound
-		}
-
-		data = make([]byte, len(value))
-		copy(data, value)
-
-		return nil
-	})
-
-	if err != nil {
-		return nil, err
-	}
-
-	return data, nil
-}
-
-func (service *Service) setKey(key string, value string) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		data := []byte(value)
-		return bucket.Put([]byte(key), data)
-	})
-}
--- a/api/bolt/webhook/webhook.go
+++ b/api/bolt/webhook/webhook.go
@@ -1,8 +1,7 @@
 package webhook

 import (
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/errors"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt/internal"

 	"github.com/boltdb/bolt"
@@ -15,18 +14,18 @@ const (

 // Service represents a service for managing webhook data.
 type Service struct {
-	connection *internal.DbConnection
+	db *bolt.DB
 }

 // NewService creates a new instance of a service.
-func NewService(connection *internal.DbConnection) (*Service, error) {
-	err := internal.CreateBucket(connection, BucketName)
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
 	if err != nil {
 		return nil, err
 	}

 	return &Service{
-		connection: connection,
+		db: db,
 	}, nil
 }

@@ -34,7 +33,7 @@ func NewService(connection *internal.DbConnection) (*Service, error) {
 func (service *Service) Webhooks() ([]portainer.Webhook, error) {
 	var webhooks = make([]portainer.Webhook, 0)

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		cursor := bucket.Cursor()
@@ -58,7 +57,7 @@ func (service *Service) Webhook(ID portainer.WebhookID) (*portainer.Webhook, err
 	var webhook portainer.Webhook
 	identifier := internal.Itob(int(ID))

-	err := internal.GetObject(service.connection, BucketName, identifier, &webhook)
+	err := internal.GetObject(service.db, BucketName, identifier, &webhook)
 	if err != nil {
 		return nil, err
 	}
@@ -70,7 +69,7 @@ func (service *Service) Webhook(ID portainer.WebhookID) (*portainer.Webhook, err
 func (service *Service) WebhookByResourceID(ID string) (*portainer.Webhook, error) {
 	var webhook *portainer.Webhook

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 		cursor := bucket.Cursor()

@@ -88,7 +87,7 @@ func (service *Service) WebhookByResourceID(ID string) (*portainer.Webhook, erro
 		}

 		if webhook == nil {
-			return errors.ErrObjectNotFound
+			return portainer.ErrObjectNotFound
 		}

 		return nil
@@ -101,7 +100,7 @@ func (service *Service) WebhookByResourceID(ID string) (*portainer.Webhook, erro
 func (service *Service) WebhookByToken(token string) (*portainer.Webhook, error) {
 	var webhook *portainer.Webhook

-	err := service.connection.View(func(tx *bolt.Tx) error {
+	err := service.db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))
 		cursor := bucket.Cursor()

@@ -119,7 +118,7 @@ func (service *Service) WebhookByToken(token string) (*portainer.Webhook, error)
 		}

 		if webhook == nil {
-			return errors.ErrObjectNotFound
+			return portainer.ErrObjectNotFound
 		}

 		return nil
@@ -131,12 +130,12 @@ func (service *Service) WebhookByToken(token string) (*portainer.Webhook, error)
 // DeleteWebhook deletes a webhook.
 func (service *Service) DeleteWebhook(ID portainer.WebhookID) error {
 	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.connection, BucketName, identifier)
+	return internal.DeleteObject(service.db, BucketName, identifier)
 }

 // CreateWebhook assign an ID to a new webhook and saves it.
 func (service *Service) CreateWebhook(webhook *portainer.Webhook) error {
-	return service.connection.Update(func(tx *bolt.Tx) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(BucketName))

 		id, _ := bucket.NextSequence()
--- a/api/chisel/key.go
+++ b/api/chisel/key.go
@@ -1,24 +0,0 @@
-package chisel
-
-import (
-	"encoding/base64"
-	"fmt"
-	"strconv"
-	"strings"
-)
-
-// GenerateEdgeKey will generate a key that can be used by an Edge agent to register with a Portainer instance.
-// The key represents the following data in this particular format:
-// portainer_instance_url|tunnel_server_addr|tunnel_server_fingerprint|endpoint_ID
-// The key returned by this function is a base64 encoded version of the data.
-func (service *Service) GenerateEdgeKey(url, host string, endpointIdentifier int) string {
-	keyInformation := []string{
-		url,
-		fmt.Sprintf("%s:%s", host, service.serverPort),
-		service.serverFingerprint,
-		strconv.Itoa(endpointIdentifier),
-	}
-
-	key := strings.Join(keyInformation, "|")
-	return base64.RawStdEncoding.EncodeToString([]byte(key))
-}
--- a/api/chisel/schedules.go
+++ b/api/chisel/schedules.go
@@ -1,47 +0,0 @@
-package chisel
-
-import (
-	"strconv"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-// AddEdgeJob register an EdgeJob inside the tunnel details associated to an endpoint.
-func (service *Service) AddEdgeJob(endpointID portainer.EndpointID, edgeJob *portainer.EdgeJob) {
-	tunnel := service.GetTunnelDetails(endpointID)
-
-	existingJobIndex := -1
-	for idx, existingJob := range tunnel.Jobs {
-		if existingJob.ID == edgeJob.ID {
-			existingJobIndex = idx
-			break
-		}
-	}
-
-	if existingJobIndex == -1 {
-		tunnel.Jobs = append(tunnel.Jobs, *edgeJob)
-	} else {
-		tunnel.Jobs[existingJobIndex] = *edgeJob
-	}
-
-	key := strconv.Itoa(int(endpointID))
-	service.tunnelDetailsMap.Set(key, tunnel)
-}
-
-// RemoveEdgeJob will remove the specified Edge job from each tunnel it was registered with.
-func (service *Service) RemoveEdgeJob(edgeJobID portainer.EdgeJobID) {
-	for item := range service.tunnelDetailsMap.IterBuffered() {
-		tunnelDetails := item.Val.(*portainer.TunnelDetails)
-
-		updatedJobs := make([]portainer.EdgeJob, 0)
-		for _, edgeJob := range tunnelDetails.Jobs {
-			if edgeJob.ID == edgeJobID {
-				continue
-			}
-			updatedJobs = append(updatedJobs, edgeJob)
-		}
-
-		tunnelDetails.Jobs = updatedJobs
-		service.tunnelDetailsMap.Set(item.Key, tunnelDetails)
-	}
-}
--- a/api/chisel/server.go
+++ b/api/chisel/server.go
@@ -0,0 +1,43 @@
+package chisel
+
+import (
+	chserver "github.com/jpillora/chisel/server"
+)
+
+type Server struct {
+	address     string
+	port        string
+	fingerprint string
+}
+
+func NewServer(address string, port string) *Server {
+	return &Server{
+		address: address,
+		port:    port,
+	}
+}
+
+// Start starts the reverse tunnel server
+func (server *Server) Start() error {
+
+	// TODO: keyseed management (persistence)
+	// + auth management
+	// Consider multiple users for auth?
+	config := &chserver.Config{
+		Reverse: true,
+		KeySeed: "keyseedexample",
+		Auth:    "agent@randomstring",
+	}
+
+	chiselServer, err := chserver.NewServer(config)
+	if err != nil {
+		return err
+	}
+
+	server.fingerprint = chiselServer.GetFingerprint()
+	return chiselServer.Start(server.address, server.port)
+}
+
+func (server *Server) GetFingerprint() string {
+	return server.fingerprint
+}
--- a/api/chisel/service.go
+++ b/api/chisel/service.go
@@ -1,199 +0,0 @@
-package chisel
-
-import (
-	"context"
-	"fmt"
-	"log"
-	"strconv"
-	"time"
-
-	"github.com/dchest/uniuri"
-	chserver "github.com/jpillora/chisel/server"
-	cmap "github.com/orcaman/concurrent-map"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/errors"
-)
-
-const (
-	tunnelCleanupInterval = 10 * time.Second
-	requiredTimeout       = 15 * time.Second
-	activeTimeout         = 4*time.Minute + 30*time.Second
-)
-
-// Service represents a service to manage the state of multiple reverse tunnels.
-// It is used to start a reverse tunnel server and to manage the connection status of each tunnel
-// connected to the tunnel server.
-type Service struct {
-	serverFingerprint string
-	serverPort        string
-	tunnelDetailsMap  cmap.ConcurrentMap
-	dataStore         portainer.DataStore
-	snapshotService   portainer.SnapshotService
-	chiselServer      *chserver.Server
-	shutdownCtx       context.Context
-}
-
-// NewService returns a pointer to a new instance of Service
-func NewService(dataStore portainer.DataStore, shutdownCtx context.Context) *Service {
-	return &Service{
-		tunnelDetailsMap: cmap.New(),
-		dataStore:        dataStore,
-		shutdownCtx:      shutdownCtx,
-	}
-}
-
-// StartTunnelServer starts a tunnel server on the specified addr and port.
-// It uses a seed to generate a new private/public key pair. If the seed cannot
-// be found inside the database, it will generate a new one randomly and persist it.
-// It starts the tunnel status verification process in the background.
-// The snapshotter is used in the tunnel status verification process.
-func (service *Service) StartTunnelServer(addr, port string, snapshotService portainer.SnapshotService) error {
-	keySeed, err := service.retrievePrivateKeySeed()
-	if err != nil {
-		return err
-	}
-
-	config := &chserver.Config{
-		Reverse: true,
-		KeySeed: keySeed,
-	}
-
-	chiselServer, err := chserver.NewServer(config)
-	if err != nil {
-		return err
-	}
-
-	service.serverFingerprint = chiselServer.GetFingerprint()
-	service.serverPort = port
-
-	err = chiselServer.Start(addr, port)
-	if err != nil {
-		return err
-	}
-	service.chiselServer = chiselServer
-
-	// TODO: work-around Chisel default behavior.
-	// By default, Chisel will allow anyone to connect if no user exists.
-	username, password := generateRandomCredentials()
-	err = service.chiselServer.AddUser(username, password, "127.0.0.1")
-	if err != nil {
-		return err
-	}
-
-	service.snapshotService = snapshotService
-	go service.startTunnelVerificationLoop()
-
-	return nil
-}
-
-// StopTunnelServer stops tunnel http server
-func (service *Service) StopTunnelServer() error {
-	return service.chiselServer.Close()
-}
-
-func (service *Service) retrievePrivateKeySeed() (string, error) {
-	var serverInfo *portainer.TunnelServerInfo
-
-	serverInfo, err := service.dataStore.TunnelServer().Info()
-	if err == errors.ErrObjectNotFound {
-		keySeed := uniuri.NewLen(16)
-
-		serverInfo = &portainer.TunnelServerInfo{
-			PrivateKeySeed: keySeed,
-		}
-
-		err := service.dataStore.TunnelServer().UpdateInfo(serverInfo)
-		if err != nil {
-			return "", err
-		}
-	} else if err != nil {
-		return "", err
-	}
-
-	return serverInfo.PrivateKeySeed, nil
-}
-
-func (service *Service) startTunnelVerificationLoop() {
-	log.Printf("[DEBUG] [chisel, monitoring] [check_interval_seconds: %f] [message: starting tunnel management process]", tunnelCleanupInterval.Seconds())
-	ticker := time.NewTicker(tunnelCleanupInterval)
-
-	for {
-		select {
-		case <-ticker.C:
-			service.checkTunnels()
-		case <-service.shutdownCtx.Done():
-			log.Println("[DEBUG] Shutting down tunnel service")
-			if err := service.StopTunnelServer(); err != nil {
-				log.Printf("Stopped tunnel service: %s", err)
-			}
-			ticker.Stop()
-			return
-		}
-	}
-}
-
-func (service *Service) checkTunnels() {
-	for item := range service.tunnelDetailsMap.IterBuffered() {
-		tunnel := item.Val.(*portainer.TunnelDetails)
-
-		if tunnel.LastActivity.IsZero() || tunnel.Status == portainer.EdgeAgentIdle {
-			continue
-		}
-
-		elapsed := time.Since(tunnel.LastActivity)
-		log.Printf("[DEBUG] [chisel,monitoring] [endpoint_id: %s] [status: %s] [status_time_seconds: %f] [message: endpoint tunnel monitoring]", item.Key, tunnel.Status, elapsed.Seconds())
-
-		if tunnel.Status == portainer.EdgeAgentManagementRequired && elapsed.Seconds() < requiredTimeout.Seconds() {
-			continue
-		} else if tunnel.Status == portainer.EdgeAgentManagementRequired && elapsed.Seconds() > requiredTimeout.Seconds() {
-			log.Printf("[DEBUG] [chisel,monitoring] [endpoint_id: %s] [status: %s] [status_time_seconds: %f] [timeout_seconds: %f] [message: REQUIRED state timeout exceeded]", item.Key, tunnel.Status, elapsed.Seconds(), requiredTimeout.Seconds())
-		}
-
-		if tunnel.Status == portainer.EdgeAgentActive && elapsed.Seconds() < activeTimeout.Seconds() {
-			continue
-		} else if tunnel.Status == portainer.EdgeAgentActive && elapsed.Seconds() > activeTimeout.Seconds() {
-			log.Printf("[DEBUG] [chisel,monitoring] [endpoint_id: %s] [status: %s] [status_time_seconds: %f] [timeout_seconds: %f] [message: ACTIVE state timeout exceeded]", item.Key, tunnel.Status, elapsed.Seconds(), activeTimeout.Seconds())
-
-			endpointID, err := strconv.Atoi(item.Key)
-			if err != nil {
-				log.Printf("[ERROR] [chisel,snapshot,conversion] Invalid endpoint identifier (id: %s): %s", item.Key, err)
-			}
-
-			err = service.snapshotEnvironment(portainer.EndpointID(endpointID), tunnel.Port)
-			if err != nil {
-				log.Printf("[ERROR] [snapshot] Unable to snapshot Edge endpoint (id: %s): %s", item.Key, err)
-			}
-		}
-
-		if len(tunnel.Jobs) > 0 {
-			endpointID, err := strconv.Atoi(item.Key)
-			if err != nil {
-				log.Printf("[ERROR] [chisel,conversion] Invalid endpoint identifier (id: %s): %s", item.Key, err)
-				continue
-			}
-
-			service.SetTunnelStatusToIdle(portainer.EndpointID(endpointID))
-		} else {
-			service.tunnelDetailsMap.Remove(item.Key)
-		}
-
-	}
-}
-
-func (service *Service) snapshotEnvironment(endpointID portainer.EndpointID, tunnelPort int) error {
-	endpoint, err := service.dataStore.Endpoint().Endpoint(endpointID)
-	if err != nil {
-		return err
-	}
-
-	endpointURL := endpoint.URL
-
-	endpoint.URL = fmt.Sprintf("tcp://127.0.0.1:%d", tunnelPort)
-	err = service.snapshotService.SnapshotEndpoint(endpoint)
-	if err != nil {
-		return err
-	}
-
-	endpoint.URL = endpointURL
-	return service.dataStore.Endpoint().UpdateEndpoint(endpoint.ID, endpoint)
-}
--- a/api/chisel/tunnel.go
+++ b/api/chisel/tunnel.go
@@ -1,144 +0,0 @@
-package chisel
-
-import (
-	"encoding/base64"
-	"fmt"
-	"math/rand"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/portainer/libcrypto"
-
-	"github.com/dchest/uniuri"
-	portainer "github.com/portainer/portainer/api"
-)
-
-const (
-	minAvailablePort = 49152
-	maxAvailablePort = 65535
-)
-
-// getUnusedPort is used to generate an unused random port in the dynamic port range.
-// Dynamic ports (also called private ports) are 49152 to 65535.
-func (service *Service) getUnusedPort() int {
-	port := randomInt(minAvailablePort, maxAvailablePort)
-
-	for item := range service.tunnelDetailsMap.IterBuffered() {
-		tunnel := item.Val.(*portainer.TunnelDetails)
-		if tunnel.Port == port {
-			return service.getUnusedPort()
-		}
-	}
-
-	return port
-}
-
-func randomInt(min, max int) int {
-	return min + rand.Intn(max-min)
-}
-
-// GetTunnelDetails returns information about the tunnel associated to an endpoint.
-func (service *Service) GetTunnelDetails(endpointID portainer.EndpointID) *portainer.TunnelDetails {
-	key := strconv.Itoa(int(endpointID))
-
-	if item, ok := service.tunnelDetailsMap.Get(key); ok {
-		tunnelDetails := item.(*portainer.TunnelDetails)
-		return tunnelDetails
-	}
-
-	jobs := make([]portainer.EdgeJob, 0)
-	return &portainer.TunnelDetails{
-		Status:      portainer.EdgeAgentIdle,
-		Port:        0,
-		Jobs:        jobs,
-		Credentials: "",
-	}
-}
-
-// SetTunnelStatusToActive update the status of the tunnel associated to the specified endpoint.
-// It sets the status to ACTIVE.
-func (service *Service) SetTunnelStatusToActive(endpointID portainer.EndpointID) {
-	tunnel := service.GetTunnelDetails(endpointID)
-	tunnel.Status = portainer.EdgeAgentActive
-	tunnel.Credentials = ""
-	tunnel.LastActivity = time.Now()
-
-	key := strconv.Itoa(int(endpointID))
-	service.tunnelDetailsMap.Set(key, tunnel)
-}
-
-// SetTunnelStatusToIdle update the status of the tunnel associated to the specified endpoint.
-// It sets the status to IDLE.
-// It removes any existing credentials associated to the tunnel.
-func (service *Service) SetTunnelStatusToIdle(endpointID portainer.EndpointID) {
-	tunnel := service.GetTunnelDetails(endpointID)
-
-	tunnel.Status = portainer.EdgeAgentIdle
-	tunnel.Port = 0
-	tunnel.LastActivity = time.Now()
-
-	credentials := tunnel.Credentials
-	if credentials != "" {
-		tunnel.Credentials = ""
-		service.chiselServer.DeleteUser(strings.Split(credentials, ":")[0])
-	}
-
-	key := strconv.Itoa(int(endpointID))
-	service.tunnelDetailsMap.Set(key, tunnel)
-}
-
-// SetTunnelStatusToRequired update the status of the tunnel associated to the specified endpoint.
-// It sets the status to REQUIRED.
-// If no port is currently associated to the tunnel, it will associate a random unused port to the tunnel
-// and generate temporary credentials that can be used to establish a reverse tunnel on that port.
-// Credentials are encrypted using the Edge ID associated to the endpoint.
-func (service *Service) SetTunnelStatusToRequired(endpointID portainer.EndpointID) error {
-	tunnel := service.GetTunnelDetails(endpointID)
-
-	if tunnel.Port == 0 {
-		endpoint, err := service.dataStore.Endpoint().Endpoint(endpointID)
-		if err != nil {
-			return err
-		}
-
-		tunnel.Status = portainer.EdgeAgentManagementRequired
-		tunnel.Port = service.getUnusedPort()
-		tunnel.LastActivity = time.Now()
-
-		username, password := generateRandomCredentials()
-		authorizedRemote := fmt.Sprintf("^R:0.0.0.0:%d$", tunnel.Port)
-		err = service.chiselServer.AddUser(username, password, authorizedRemote)
-		if err != nil {
-			return err
-		}
-
-		credentials, err := encryptCredentials(username, password, endpoint.EdgeID)
-		if err != nil {
-			return err
-		}
-		tunnel.Credentials = credentials
-
-		key := strconv.Itoa(int(endpointID))
-		service.tunnelDetailsMap.Set(key, tunnel)
-	}
-
-	return nil
-}
-
-func generateRandomCredentials() (string, string) {
-	username := uniuri.NewLen(8)
-	password := uniuri.NewLen(8)
-	return username, password
-}
-
-func encryptCredentials(username, password, key string) (string, error) {
-	credentials := fmt.Sprintf("%s:%s", username, password)
-
-	encryptedCredentials, err := libcrypto.Encrypt([]byte(credentials), []byte(key))
-	if err != nil {
-		return "", err
-	}
-
-	return base64.RawStdEncoding.EncodeToString(encryptedCredentials), nil
-}
--- a/api/cli/cli.go
+++ b/api/cli/cli.go
@@ -1,8 +1,6 @@
 package cli

 import (
-	"errors"
-	"log"
 	"time"

 	"github.com/portainer/portainer/api"
@@ -17,11 +15,16 @@ import (
 // Service implements the CLIService interface
 type Service struct{}

-var (
-	errInvalidEndpointProtocol       = errors.New("Invalid endpoint protocol: Portainer only supports unix://, npipe:// or tcp://")
-	errSocketOrNamedPipeNotFound     = errors.New("Unable to locate Unix socket or named pipe")
-	errInvalidSnapshotInterval       = errors.New("Invalid snapshot interval")
-	errAdminPassExcludeAdminPassFile = errors.New("Cannot use --admin-password with --admin-password-file")
+const (
+	errInvalidEndpointProtocol       = portainer.Error("Invalid endpoint protocol: Portainer only supports unix://, npipe:// or tcp://")
+	errSocketOrNamedPipeNotFound     = portainer.Error("Unable to locate Unix socket or named pipe")
+	errEndpointsFileNotFound         = portainer.Error("Unable to locate external endpoints file")
+	errTemplateFileNotFound          = portainer.Error("Unable to locate template file on disk")
+	errInvalidSyncInterval           = portainer.Error("Invalid synchronization interval")
+	errInvalidSnapshotInterval       = portainer.Error("Invalid snapshot interval")
+	errEndpointExcludeExternal       = portainer.Error("Cannot use the -H flag mutually with --external-endpoints")
+	errNoAuthExcludeAdminPassword    = portainer.Error("Cannot use --no-auth with --admin-password or --admin-password-file")
+	errAdminPassExcludeAdminPassFile = portainer.Error("Cannot use --admin-password with --admin-password-file")
 )

 // ParseFlags parse the CLI flags and return a portainer.Flags struct
@@ -29,28 +32,32 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 	kingpin.Version(version)

 	flags := &portainer.CLIFlags{
-		Addr:                      kingpin.Flag("bind", "Address and port to serve Portainer").Default(defaultBindAddress).Short('p').String(),
-		TunnelAddr:                kingpin.Flag("tunnel-addr", "Address to serve the tunnel server").Default(defaultTunnelServerAddress).String(),
-		TunnelPort:                kingpin.Flag("tunnel-port", "Port to serve the tunnel server").Default(defaultTunnelServerPort).String(),
-		Assets:                    kingpin.Flag("assets", "Path to the assets").Default(defaultAssetsDirectory).Short('a').String(),
-		Data:                      kingpin.Flag("data", "Path to the folder where the data is stored").Default(defaultDataDirectory).Short('d').String(),
-		EndpointURL:               kingpin.Flag("host", "Endpoint URL").Short('H').String(),
-		EnableEdgeComputeFeatures: kingpin.Flag("edge-compute", "Enable Edge Compute features").Bool(),
-		NoAnalytics:               kingpin.Flag("no-analytics", "Disable Analytics in app (deprecated)").Bool(),
-		TLS:                       kingpin.Flag("tlsverify", "TLS support").Default(defaultTLS).Bool(),
-		TLSSkipVerify:             kingpin.Flag("tlsskipverify", "Disable TLS server verification").Default(defaultTLSSkipVerify).Bool(),
-		TLSCacert:                 kingpin.Flag("tlscacert", "Path to the CA").Default(defaultTLSCACertPath).String(),
-		TLSCert:                   kingpin.Flag("tlscert", "Path to the TLS certificate file").Default(defaultTLSCertPath).String(),
-		TLSKey:                    kingpin.Flag("tlskey", "Path to the TLS key").Default(defaultTLSKeyPath).String(),
-		SSL:                       kingpin.Flag("ssl", "Secure Portainer instance using SSL").Default(defaultSSL).Bool(),
-		SSLCert:                   kingpin.Flag("sslcert", "Path to the SSL certificate used to secure the Portainer instance").Default(defaultSSLCertPath).String(),
-		SSLKey:                    kingpin.Flag("sslkey", "Path to the SSL key used to secure the Portainer instance").Default(defaultSSLKeyPath).String(),
-		SnapshotInterval:          kingpin.Flag("snapshot-interval", "Duration between each endpoint snapshot job").Default(defaultSnapshotInterval).String(),
-		AdminPassword:             kingpin.Flag("admin-password", "Hashed admin password").String(),
-		AdminPasswordFile:         kingpin.Flag("admin-password-file", "Path to the file containing the password for the admin user").String(),
-		Labels:                    pairs(kingpin.Flag("hide-label", "Hide containers with a specific label in the UI").Short('l')),
-		Logo:                      kingpin.Flag("logo", "URL for the logo displayed in the UI").String(),
-		Templates:                 kingpin.Flag("templates", "URL to the templates definitions.").Short('t').String(),
+		Addr:              kingpin.Flag("bind", "Address and port to serve Portainer").Default(defaultBindAddress).Short('p').String(),
+		TunnelAddr:        kingpin.Flag("tunnel-addr", "Address to serve the tunnel server").Default(defaultTunnelServerAddress).String(),
+		TunnelPort:        kingpin.Flag("tunnel-port", "Port to serve the tunnel server").Default(defaultTunnelServerPort).String(),
+		Assets:            kingpin.Flag("assets", "Path to the assets").Default(defaultAssetsDirectory).Short('a').String(),
+		Data:              kingpin.Flag("data", "Path to the folder where the data is stored").Default(defaultDataDirectory).Short('d').String(),
+		EndpointURL:       kingpin.Flag("host", "Endpoint URL").Short('H').String(),
+		ExternalEndpoints: kingpin.Flag("external-endpoints", "Path to a file defining available endpoints").String(),
+		NoAuth:            kingpin.Flag("no-auth", "Disable authentication").Default(defaultNoAuth).Bool(),
+		NoAnalytics:       kingpin.Flag("no-analytics", "Disable Analytics in app").Default(defaultNoAnalytics).Bool(),
+		TLS:               kingpin.Flag("tlsverify", "TLS support").Default(defaultTLS).Bool(),
+		TLSSkipVerify:     kingpin.Flag("tlsskipverify", "Disable TLS server verification").Default(defaultTLSSkipVerify).Bool(),
+		TLSCacert:         kingpin.Flag("tlscacert", "Path to the CA").Default(defaultTLSCACertPath).String(),
+		TLSCert:           kingpin.Flag("tlscert", "Path to the TLS certificate file").Default(defaultTLSCertPath).String(),
+		TLSKey:            kingpin.Flag("tlskey", "Path to the TLS key").Default(defaultTLSKeyPath).String(),
+		SSL:               kingpin.Flag("ssl", "Secure Portainer instance using SSL").Default(defaultSSL).Bool(),
+		SSLCert:           kingpin.Flag("sslcert", "Path to the SSL certificate used to secure the Portainer instance").Default(defaultSSLCertPath).String(),
+		SSLKey:            kingpin.Flag("sslkey", "Path to the SSL key used to secure the Portainer instance").Default(defaultSSLKeyPath).String(),
+		SyncInterval:      kingpin.Flag("sync-interval", "Duration between each synchronization via the external endpoints source").Default(defaultSyncInterval).String(),
+		Snapshot:          kingpin.Flag("snapshot", "Start a background job to create endpoint snapshots").Default(defaultSnapshot).Bool(),
+		SnapshotInterval:  kingpin.Flag("snapshot-interval", "Duration between each endpoint snapshot job").Default(defaultSnapshotInterval).String(),
+		AdminPassword:     kingpin.Flag("admin-password", "Hashed admin password").String(),
+		AdminPasswordFile: kingpin.Flag("admin-password-file", "Path to the file containing the password for the admin user").String(),
+		Labels:            pairs(kingpin.Flag("hide-label", "Hide containers with a specific label in the UI").Short('l')),
+		Logo:              kingpin.Flag("logo", "URL for the logo displayed in the UI").String(),
+		Templates:         kingpin.Flag("templates", "URL to the templates definitions.").Short('t').String(),
+		TemplateFile:      kingpin.Flag("template-file", "Path to the templates (app) definitions on the filesystem").Default(defaultTemplateFile).String(),
 	}

 	kingpin.Parse()
@@ -69,9 +76,26 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 // ValidateFlags validates the values of the flags.
 func (*Service) ValidateFlags(flags *portainer.CLIFlags) error {

-	displayDeprecationWarnings(flags)
+	if *flags.EndpointURL != "" && *flags.ExternalEndpoints != "" {
+		return errEndpointExcludeExternal
+	}

-	err := validateEndpointURL(*flags.EndpointURL)
+	err := validateTemplateFile(*flags.TemplateFile)
+	if err != nil {
+		return err
+	}
+
+	err = validateEndpointURL(*flags.EndpointURL)
+	if err != nil {
+		return err
+	}
+
+	err = validateExternalEndpoints(*flags.ExternalEndpoints)
+	if err != nil {
+		return err
+	}
+
+	err = validateSyncInterval(*flags.SyncInterval)
 	if err != nil {
 		return err
 	}
@@ -81,6 +105,10 @@ func (*Service) ValidateFlags(flags *portainer.CLIFlags) error {
 		return err
 	}

+	if *flags.NoAuth && (*flags.AdminPassword != "" || *flags.AdminPasswordFile != "") {
+		return errNoAuthExcludeAdminPassword
+	}
+
 	if *flags.AdminPassword != "" && *flags.AdminPasswordFile != "" {
 		return errAdminPassExcludeAdminPassFile
 	}
@@ -88,12 +116,6 @@ func (*Service) ValidateFlags(flags *portainer.CLIFlags) error {
 	return nil
 }

-func displayDeprecationWarnings(flags *portainer.CLIFlags) {
-	if *flags.NoAnalytics {
-		log.Println("Warning: The --no-analytics flag has been kept to allow migration of instances running a previous version of Portainer with this flag enabled, to version 2.0 where enabling this flag will have no effect.")
-	}
-}
-
 func validateEndpointURL(endpointURL string) error {
 	if endpointURL != "" {
 		if !strings.HasPrefix(endpointURL, "unix://") && !strings.HasPrefix(endpointURL, "tcp://") && !strings.HasPrefix(endpointURL, "npipe://") {
@@ -114,6 +136,38 @@ func validateEndpointURL(endpointURL string) error {
 	return nil
 }

+func validateExternalEndpoints(externalEndpoints string) error {
+	if externalEndpoints != "" {
+		if _, err := os.Stat(externalEndpoints); err != nil {
+			if os.IsNotExist(err) {
+				return errEndpointsFileNotFound
+			}
+			return err
+		}
+	}
+	return nil
+}
+
+func validateTemplateFile(templateFile string) error {
+	if _, err := os.Stat(templateFile); err != nil {
+		if os.IsNotExist(err) {
+			return errTemplateFileNotFound
+		}
+		return err
+	}
+	return nil
+}
+
+func validateSyncInterval(syncInterval string) error {
+	if syncInterval != defaultSyncInterval {
+		_, err := time.ParseDuration(syncInterval)
+		if err != nil {
+			return errInvalidSyncInterval
+		}
+	}
+	return nil
+}
+
 func validateSnapshotInterval(snapshotInterval string) error {
 	if snapshotInterval != defaultSnapshotInterval {
 		_, err := time.ParseDuration(snapshotInterval)
--- a/api/cli/defaults.go
+++ b/api/cli/defaults.go
@@ -8,6 +8,8 @@ const (
 	defaultTunnelServerPort    = "8000"
 	defaultDataDirectory       = "/data"
 	defaultAssetsDirectory     = "./"
+	defaultNoAuth              = "false"
+	defaultNoAnalytics         = "false"
 	defaultTLS                 = "false"
 	defaultTLSSkipVerify       = "false"
 	defaultTLSCACertPath       = "/certs/ca.pem"
@@ -16,5 +18,8 @@ const (
 	defaultSSL                 = "false"
 	defaultSSLCertPath         = "/certs/portainer.crt"
 	defaultSSLKeyPath          = "/certs/portainer.key"
+	defaultSyncInterval        = "60s"
+	defaultSnapshot            = "true"
 	defaultSnapshotInterval    = "5m"
+	defaultTemplateFile        = "/templates.json"
 )
--- a/api/cli/defaults_windows.go
+++ b/api/cli/defaults_windows.go
@@ -6,6 +6,8 @@ const (
 	defaultTunnelServerPort    = "8000"
 	defaultDataDirectory       = "C:\\data"
 	defaultAssetsDirectory     = "./"
+	defaultNoAuth              = "false"
+	defaultNoAnalytics         = "false"
 	defaultTLS                 = "false"
 	defaultTLSSkipVerify       = "false"
 	defaultTLSCACertPath       = "C:\\certs\\ca.pem"
@@ -14,5 +16,8 @@ const (
 	defaultSSL                 = "false"
 	defaultSSLCertPath         = "C:\\certs\\portainer.crt"
 	defaultSSLKeyPath          = "C:\\certs\\portainer.key"
+	defaultSyncInterval        = "60s"
+	defaultSnapshot            = "true"
 	defaultSnapshotInterval    = "5m"
+	defaultTemplateFile        = "/templates.json"
 )
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@@ -1,46 +1,39 @@
 package main

 import (
-	"context"
+	"encoding/json"
 	"log"
 	"os"
 	"strings"
+	"time"

-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/bolt"
 	"github.com/portainer/portainer/api/chisel"
 	"github.com/portainer/portainer/api/cli"
+	"github.com/portainer/portainer/api/cron"
 	"github.com/portainer/portainer/api/crypto"
 	"github.com/portainer/portainer/api/docker"
-
 	"github.com/portainer/portainer/api/exec"
 	"github.com/portainer/portainer/api/filesystem"
 	"github.com/portainer/portainer/api/git"
 	"github.com/portainer/portainer/api/http"
 	"github.com/portainer/portainer/api/http/client"
-	"github.com/portainer/portainer/api/http/proxy"
-	kubeproxy "github.com/portainer/portainer/api/http/proxy/factory/kubernetes"
-	"github.com/portainer/portainer/api/internal/authorization"
-	"github.com/portainer/portainer/api/internal/edge"
-	"github.com/portainer/portainer/api/internal/snapshot"
 	"github.com/portainer/portainer/api/jwt"
-	"github.com/portainer/portainer/api/kubernetes"
-	kubecli "github.com/portainer/portainer/api/kubernetes/cli"
 	"github.com/portainer/portainer/api/ldap"
 	"github.com/portainer/portainer/api/libcompose"
-	"github.com/portainer/portainer/api/oauth"
 )

 func initCLI() *portainer.CLIFlags {
-	var cliService portainer.CLIService = &cli.Service{}
-	flags, err := cliService.ParseFlags(portainer.APIVersion)
+	var cli portainer.CLIService = &cli.Service{}
+	flags, err := cli.ParseFlags(portainer.APIVersion)
 	if err != nil {
-		log.Fatalf("failed parsing flags: %v", err)
+		log.Fatal(err)
 	}

-	err = cliService.ValidateFlags(flags)
+	err = cli.ValidateFlags(flags)
 	if err != nil {
-		log.Fatalf("failed validating flags:%v", err)
+		log.Fatal(err)
 	}
 	return flags
 }
@@ -48,66 +41,51 @@ func initCLI() *portainer.CLIFlags {
 func initFileService(dataStorePath string) portainer.FileService {
 	fileService, err := filesystem.NewService(dataStorePath, "")
 	if err != nil {
-		log.Fatalf("failed creating file service: %v", err)
+		log.Fatal(err)
 	}
 	return fileService
 }

-func initDataStore(dataStorePath string, fileService portainer.FileService) portainer.DataStore {
+func initStore(dataStorePath string, fileService portainer.FileService) *bolt.Store {
 	store, err := bolt.NewStore(dataStorePath, fileService)
 	if err != nil {
-		log.Fatalf("failed creating data store: %v", err)
+		log.Fatal(err)
 	}

 	err = store.Open()
 	if err != nil {
-		log.Fatalf("failed opening store: %v", err)
+		log.Fatal(err)
 	}

 	err = store.Init()
 	if err != nil {
-		log.Fatalf("failed initializing data store: %v", err)
+		log.Fatal(err)
 	}

-	err = store.MigrateData(false)
+	err = store.MigrateData()
 	if err != nil {
-		log.Fatalf("failed migration: %v", err)
+		log.Fatal(err)
 	}
 	return store
 }

-func initComposeStackManager(assetsPath string, dataStorePath string, reverseTunnelService portainer.ReverseTunnelService, proxyManager *proxy.Manager) portainer.ComposeStackManager {
-	composeWrapper := exec.NewComposeWrapper(assetsPath, dataStorePath, proxyManager)
-	if composeWrapper != nil {
-		return composeWrapper
-	}
-
-	return libcompose.NewComposeStackManager(dataStorePath, reverseTunnelService)
+func initComposeStackManager(dataStorePath string) portainer.ComposeStackManager {
+	return libcompose.NewComposeStackManager(dataStorePath)
 }

-func initSwarmStackManager(assetsPath string, dataStorePath string, signatureService portainer.DigitalSignatureService, fileService portainer.FileService, reverseTunnelService portainer.ReverseTunnelService) (portainer.SwarmStackManager, error) {
-	return exec.NewSwarmStackManager(assetsPath, dataStorePath, signatureService, fileService, reverseTunnelService)
+func initSwarmStackManager(assetsPath string, dataStorePath string, signatureService portainer.DigitalSignatureService, fileService portainer.FileService) (portainer.SwarmStackManager, error) {
+	return exec.NewSwarmStackManager(assetsPath, dataStorePath, signatureService, fileService)
 }

-func initKubernetesDeployer(dataStore portainer.DataStore, reverseTunnelService portainer.ReverseTunnelService, signatureService portainer.DigitalSignatureService, assetsPath string) portainer.KubernetesDeployer {
-	return exec.NewKubernetesDeployer(dataStore, reverseTunnelService, signatureService, assetsPath)
-}
-
-func initJWTService(dataStore portainer.DataStore) (portainer.JWTService, error) {
-	settings, err := dataStore.Settings().Settings()
-	if err != nil {
-		return nil, err
+func initJWTService(authenticationEnabled bool) portainer.JWTService {
+	if authenticationEnabled {
+		jwtService, err := jwt.NewService()
+		if err != nil {
+			log.Fatal(err)
+		}
+		return jwtService
 	}
-
-	if settings.UserSessionTimeout == "" {
-		settings.UserSessionTimeout = portainer.DefaultUserSessionTimeout
-		dataStore.Settings().UpdateSettings(settings)
-	}
-	jwtService, err := jwt.NewService(settings.UserSessionTimeout)
-	if err != nil {
-		return nil, err
-	}
-	return jwtService, nil
+	return nil
 }

 func initDigitalSignatureService() portainer.DigitalSignatureService {
@@ -122,61 +100,236 @@ func initLDAPService() portainer.LDAPService {
 	return &ldap.Service{}
 }

-func initOAuthService() portainer.OAuthService {
-	return oauth.NewService()
-}
-
 func initGitService() portainer.GitService {
-	return git.NewService()
+	return &git.Service{}
 }

-func initDockerClientFactory(signatureService portainer.DigitalSignatureService, reverseTunnelService portainer.ReverseTunnelService) *docker.ClientFactory {
-	return docker.NewClientFactory(signatureService, reverseTunnelService)
+func initClientFactory(signatureService portainer.DigitalSignatureService) *docker.ClientFactory {
+	return docker.NewClientFactory(signatureService)
 }

-func initKubernetesClientFactory(signatureService portainer.DigitalSignatureService, reverseTunnelService portainer.ReverseTunnelService, instanceID string, dataStore portainer.DataStore) *kubecli.ClientFactory {
-	return kubecli.NewClientFactory(signatureService, reverseTunnelService, instanceID, dataStore)
+func initSnapshotter(clientFactory *docker.ClientFactory) portainer.Snapshotter {
+	return docker.NewSnapshotter(clientFactory)
 }

-func initSnapshotService(snapshotInterval string, dataStore portainer.DataStore, dockerClientFactory *docker.ClientFactory, kubernetesClientFactory *kubecli.ClientFactory, shutdownCtx context.Context) (portainer.SnapshotService, error) {
-	dockerSnapshotter := docker.NewSnapshotter(dockerClientFactory)
-	kubernetesSnapshotter := kubernetes.NewSnapshotter(kubernetesClientFactory)
-
-	snapshotService, err := snapshot.NewService(snapshotInterval, dataStore, dockerSnapshotter, kubernetesSnapshotter, shutdownCtx)
-	if err != nil {
-		return nil, err
-	}
-
-	return snapshotService, nil
+func initJobScheduler() portainer.JobScheduler {
+	return cron.NewJobScheduler()
 }

-func initStatus(flags *portainer.CLIFlags) *portainer.Status {
-	return &portainer.Status{
-		Version: portainer.APIVersion,
-	}
-}
-
-func updateSettingsFromFlags(dataStore portainer.DataStore, flags *portainer.CLIFlags) error {
-	settings, err := dataStore.Settings().Settings()
+func loadSnapshotSystemSchedule(jobScheduler portainer.JobScheduler, snapshotter portainer.Snapshotter, scheduleService portainer.ScheduleService, endpointService portainer.EndpointService, settingsService portainer.SettingsService) error {
+	settings, err := settingsService.Settings()
 	if err != nil {
 		return err
 	}

-	settings.LogoURL = *flags.Logo
-	settings.SnapshotInterval = *flags.SnapshotInterval
-	settings.EnableEdgeComputeFeatures = *flags.EnableEdgeComputeFeatures
-	settings.EnableTelemetry = true
-	settings.OAuthSettings.SSO = true
-
-	if *flags.Templates != "" {
-		settings.TemplatesURL = *flags.Templates
+	schedules, err := scheduleService.SchedulesByJobType(portainer.SnapshotJobType)
+	if err != nil {
+		return err
 	}

-	if *flags.Labels != nil {
-		settings.BlackListedLabels = *flags.Labels
+	var snapshotSchedule *portainer.Schedule
+	if len(schedules) == 0 {
+		snapshotJob := &portainer.SnapshotJob{}
+		snapshotSchedule = &portainer.Schedule{
+			ID:             portainer.ScheduleID(scheduleService.GetNextIdentifier()),
+			Name:           "system_snapshot",
+			CronExpression: "@every " + settings.SnapshotInterval,
+			Recurring:      true,
+			JobType:        portainer.SnapshotJobType,
+			SnapshotJob:    snapshotJob,
+			Created:        time.Now().Unix(),
+		}
+	} else {
+		snapshotSchedule = &schedules[0]
 	}

-	return dataStore.Settings().UpdateSettings(settings)
+	snapshotJobContext := cron.NewSnapshotJobContext(endpointService, snapshotter)
+	snapshotJobRunner := cron.NewSnapshotJobRunner(snapshotSchedule, snapshotJobContext)
+
+	err = jobScheduler.ScheduleJob(snapshotJobRunner)
+	if err != nil {
+		return err
+	}
+
+	if len(schedules) == 0 {
+		return scheduleService.CreateSchedule(snapshotSchedule)
+	}
+	return nil
+}
+
+func loadEndpointSyncSystemSchedule(jobScheduler portainer.JobScheduler, scheduleService portainer.ScheduleService, endpointService portainer.EndpointService, flags *portainer.CLIFlags) error {
+	if *flags.ExternalEndpoints == "" {
+		return nil
+	}
+
+	log.Println("Using external endpoint definition. Endpoint management via the API will be disabled.")
+
+	schedules, err := scheduleService.SchedulesByJobType(portainer.EndpointSyncJobType)
+	if err != nil {
+		return err
+	}
+
+	if len(schedules) != 0 {
+		return nil
+	}
+
+	endpointSyncJob := &portainer.EndpointSyncJob{}
+
+	endpointSyncSchedule := &portainer.Schedule{
+		ID:              portainer.ScheduleID(scheduleService.GetNextIdentifier()),
+		Name:            "system_endpointsync",
+		CronExpression:  "@every " + *flags.SyncInterval,
+		Recurring:       true,
+		JobType:         portainer.EndpointSyncJobType,
+		EndpointSyncJob: endpointSyncJob,
+		Created:         time.Now().Unix(),
+	}
+
+	endpointSyncJobContext := cron.NewEndpointSyncJobContext(endpointService, *flags.ExternalEndpoints)
+	endpointSyncJobRunner := cron.NewEndpointSyncJobRunner(endpointSyncSchedule, endpointSyncJobContext)
+
+	err = jobScheduler.ScheduleJob(endpointSyncJobRunner)
+	if err != nil {
+		return err
+	}
+
+	return scheduleService.CreateSchedule(endpointSyncSchedule)
+}
+
+func loadSchedulesFromDatabase(jobScheduler portainer.JobScheduler, jobService portainer.JobService, scheduleService portainer.ScheduleService, endpointService portainer.EndpointService, fileService portainer.FileService) error {
+	schedules, err := scheduleService.Schedules()
+	if err != nil {
+		return err
+	}
+
+	for _, schedule := range schedules {
+
+		if schedule.JobType == portainer.ScriptExecutionJobType {
+			jobContext := cron.NewScriptExecutionJobContext(jobService, endpointService, fileService)
+			jobRunner := cron.NewScriptExecutionJobRunner(&schedule, jobContext)
+
+			err = jobScheduler.ScheduleJob(jobRunner)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+func initStatus(endpointManagement, snapshot bool, flags *portainer.CLIFlags) *portainer.Status {
+	return &portainer.Status{
+		Analytics:          !*flags.NoAnalytics,
+		Authentication:     !*flags.NoAuth,
+		EndpointManagement: endpointManagement,
+		Snapshot:           snapshot,
+		Version:            portainer.APIVersion,
+	}
+}
+
+func initDockerHub(dockerHubService portainer.DockerHubService) error {
+	_, err := dockerHubService.DockerHub()
+	if err == portainer.ErrObjectNotFound {
+		dockerhub := &portainer.DockerHub{
+			Authentication: false,
+			Username:       "",
+			Password:       "",
+		}
+		return dockerHubService.UpdateDockerHub(dockerhub)
+	} else if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func initSettings(settingsService portainer.SettingsService, flags *portainer.CLIFlags) error {
+	_, err := settingsService.Settings()
+	if err == portainer.ErrObjectNotFound {
+		settings := &portainer.Settings{
+			LogoURL:              *flags.Logo,
+			AuthenticationMethod: portainer.AuthenticationInternal,
+			LDAPSettings: portainer.LDAPSettings{
+				AutoCreateUsers: true,
+				TLSConfig:       portainer.TLSConfiguration{},
+				SearchSettings: []portainer.LDAPSearchSettings{
+					portainer.LDAPSearchSettings{},
+				},
+				GroupSearchSettings: []portainer.LDAPGroupSearchSettings{
+					portainer.LDAPGroupSearchSettings{},
+				},
+			},
+			OAuthSettings:                      portainer.OAuthSettings{},
+			AllowBindMountsForRegularUsers:     true,
+			AllowPrivilegedModeForRegularUsers: true,
+			EnableHostManagementFeatures:       false,
+			SnapshotInterval:                   *flags.SnapshotInterval,
+		}
+
+		if *flags.Templates != "" {
+			settings.TemplatesURL = *flags.Templates
+		}
+
+		if *flags.Labels != nil {
+			settings.BlackListedLabels = *flags.Labels
+		} else {
+			settings.BlackListedLabels = make([]portainer.Pair, 0)
+		}
+
+		return settingsService.UpdateSettings(settings)
+	} else if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func initTemplates(templateService portainer.TemplateService, fileService portainer.FileService, templateURL, templateFile string) error {
+	if templateURL != "" {
+		log.Printf("Portainer started with the --templates flag. Using external templates, template management will be disabled.")
+		return nil
+	}
+
+	existingTemplates, err := templateService.Templates()
+	if err != nil {
+		return err
+	}
+
+	if len(existingTemplates) != 0 {
+		log.Printf("Templates already registered inside the database. Skipping template import.")
+		return nil
+	}
+
+	templatesJSON, err := fileService.GetFileContent(templateFile)
+	if err != nil {
+		log.Println("Unable to retrieve template definitions via filesystem")
+		return err
+	}
+
+	var templates []portainer.Template
+	err = json.Unmarshal(templatesJSON, &templates)
+	if err != nil {
+		log.Println("Unable to parse templates file. Please review your template definition file.")
+		return err
+	}
+
+	for _, template := range templates {
+		err := templateService.CreateTemplate(&template)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func retrieveFirstEndpointFromDatabase(endpointService portainer.EndpointService) *portainer.Endpoint {
+	endpoints, err := endpointService.Endpoints()
+	if err != nil {
+		log.Fatal(err)
+	}
+	return &endpoints[0]
 }

 func loadAndParseKeyPair(fileService portainer.FileService, signatureService portainer.DigitalSignatureService) error {
@@ -199,7 +352,7 @@ func generateAndStoreKeyPair(fileService portainer.FileService, signatureService
 func initKeyPair(fileService portainer.FileService, signatureService portainer.DigitalSignatureService) error {
 	existingKeyPair, err := fileService.KeyPairFilesExist()
 	if err != nil {
-		log.Fatalf("failed checking for existing key pair: %v", err)
+		log.Fatal(err)
 	}

 	if existingKeyPair {
@@ -208,7 +361,7 @@ func initKeyPair(fileService portainer.FileService, signatureService portainer.D
 	return generateAndStoreKeyPair(fileService, signatureService)
 }

-func createTLSSecuredEndpoint(flags *portainer.CLIFlags, dataStore portainer.DataStore, snapshotService portainer.SnapshotService) error {
+func createTLSSecuredEndpoint(flags *portainer.CLIFlags, endpointService portainer.EndpointService, snapshotter portainer.Snapshotter) error {
 	tlsConfiguration := portainer.TLSConfiguration{
 		TLS:           *flags.TLS,
 		TLSSkipVerify: *flags.TLSSkipVerify,
@@ -222,7 +375,7 @@ func createTLSSecuredEndpoint(flags *portainer.CLIFlags, dataStore portainer.Dat
 		tlsConfiguration.TLS = true
 	}

-	endpointID := dataStore.Endpoint().GetNextIdentifier()
+	endpointID := endpointService.GetNextIdentifier()
 	endpoint := &portainer.Endpoint{
 		ID:                 portainer.EndpointID(endpointID),
 		Name:               "primary",
@@ -233,23 +386,9 @@ func createTLSSecuredEndpoint(flags *portainer.CLIFlags, dataStore portainer.Dat
 		UserAccessPolicies: portainer.UserAccessPolicies{},
 		TeamAccessPolicies: portainer.TeamAccessPolicies{},
 		Extensions:         []portainer.EndpointExtension{},
-		TagIDs:             []portainer.TagID{},
+		Tags:               []string{},
 		Status:             portainer.EndpointStatusUp,
-		Snapshots:          []portainer.DockerSnapshot{},
-		Kubernetes:         portainer.KubernetesDefault(),
-
-		SecuritySettings: portainer.EndpointSecuritySettings{
-			AllowVolumeBrowserForRegularUsers: false,
-			EnableHostManagementFeatures:      false,
-
-			AllowSysctlSettingForRegularUsers:         true,
-			AllowBindMountsForRegularUsers:            true,
-			AllowPrivilegedModeForRegularUsers:        true,
-			AllowHostNamespaceForRegularUsers:         true,
-			AllowContainerCapabilitiesForRegularUsers: true,
-			AllowDeviceMappingForRegularUsers:         true,
-			AllowStackManagementForRegularUsers:       true,
-		},
+		Snapshots:          []portainer.Snapshot{},
 	}

 	if strings.HasPrefix(endpoint.URL, "tcp://") {
@@ -268,15 +407,10 @@ func createTLSSecuredEndpoint(flags *portainer.CLIFlags, dataStore portainer.Dat
 		}
 	}

-	err := snapshotService.SnapshotEndpoint(endpoint)
-	if err != nil {
-		log.Printf("http error: endpoint snapshot error (endpoint=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, err)
-	}
-
-	return dataStore.Endpoint().CreateEndpoint(endpoint)
+	return snapshotAndPersistEndpoint(endpoint, endpointService, snapshotter)
 }

-func createUnsecuredEndpoint(endpointURL string, dataStore portainer.DataStore, snapshotService portainer.SnapshotService) error {
+func createUnsecuredEndpoint(endpointURL string, endpointService portainer.EndpointService, snapshotter portainer.Snapshotter) error {
 	if strings.HasPrefix(endpointURL, "tcp://") {
 		_, err := client.ExecutePingOperation(endpointURL, nil)
 		if err != nil {
@@ -284,7 +418,7 @@ func createUnsecuredEndpoint(endpointURL string, dataStore portainer.DataStore,
 		}
 	}

-	endpointID := dataStore.Endpoint().GetNextIdentifier()
+	endpointID := endpointService.GetNextIdentifier()
 	endpoint := &portainer.Endpoint{
 		ID:                 portainer.EndpointID(endpointID),
 		Name:               "primary",
@@ -295,39 +429,34 @@ func createUnsecuredEndpoint(endpointURL string, dataStore portainer.DataStore,
 		UserAccessPolicies: portainer.UserAccessPolicies{},
 		TeamAccessPolicies: portainer.TeamAccessPolicies{},
 		Extensions:         []portainer.EndpointExtension{},
-		TagIDs:             []portainer.TagID{},
+		Tags:               []string{},
 		Status:             portainer.EndpointStatusUp,
-		Snapshots:          []portainer.DockerSnapshot{},
-		Kubernetes:         portainer.KubernetesDefault(),
-
-		SecuritySettings: portainer.EndpointSecuritySettings{
-			AllowVolumeBrowserForRegularUsers: false,
-			EnableHostManagementFeatures:      false,
-
-			AllowSysctlSettingForRegularUsers:         true,
-			AllowBindMountsForRegularUsers:            true,
-			AllowPrivilegedModeForRegularUsers:        true,
-			AllowHostNamespaceForRegularUsers:         true,
-			AllowContainerCapabilitiesForRegularUsers: true,
-			AllowDeviceMappingForRegularUsers:         true,
-			AllowStackManagementForRegularUsers:       true,
-		},
+		Snapshots:          []portainer.Snapshot{},
 	}

-	err := snapshotService.SnapshotEndpoint(endpoint)
+	return snapshotAndPersistEndpoint(endpoint, endpointService, snapshotter)
+}
+
+func snapshotAndPersistEndpoint(endpoint *portainer.Endpoint, endpointService portainer.EndpointService, snapshotter portainer.Snapshotter) error {
+	snapshot, err := snapshotter.CreateSnapshot(endpoint)
+	endpoint.Status = portainer.EndpointStatusUp
 	if err != nil {
 		log.Printf("http error: endpoint snapshot error (endpoint=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, err)
 	}

-	return dataStore.Endpoint().CreateEndpoint(endpoint)
+	if snapshot != nil {
+		endpoint.Snapshots = []portainer.Snapshot{*snapshot}
+	}
+
+	return endpointService.CreateEndpoint(endpoint)
 }

-func initEndpoint(flags *portainer.CLIFlags, dataStore portainer.DataStore, snapshotService portainer.SnapshotService) error {
+func initEndpoint(flags *portainer.CLIFlags, endpointService portainer.EndpointService, snapshotter portainer.Snapshotter) error {
 	if *flags.EndpointURL == "" {
 		return nil
 	}

-	endpoints, err := dataStore.Endpoint().Endpoints()
+	endpoints, err := endpointService.Endpoints()
 	if err != nil {
 		return err
 	}
@@ -338,169 +467,247 @@ func initEndpoint(flags *portainer.CLIFlags, dataStore portainer.DataStore, snap
 	}

 	if *flags.TLS || *flags.TLSSkipVerify {
-		return createTLSSecuredEndpoint(flags, dataStore, snapshotService)
+		return createTLSSecuredEndpoint(flags, endpointService, snapshotter)
 	}
-	return createUnsecuredEndpoint(*flags.EndpointURL, dataStore, snapshotService)
+	return createUnsecuredEndpoint(*flags.EndpointURL, endpointService, snapshotter)
 }

-func buildServer(flags *portainer.CLIFlags) portainer.Server {
-	shutdownCtx, shutdownTrigger := context.WithCancel(context.Background())
+func initJobService(dockerClientFactory *docker.ClientFactory) portainer.JobService {
+	return docker.NewJobService(dockerClientFactory)
+}

-	fileService := initFileService(*flags.Data)
+func initExtensionManager(fileService portainer.FileService, extensionService portainer.ExtensionService) (portainer.ExtensionManager, error) {
+	extensionManager := exec.NewExtensionManager(fileService, extensionService)

-	dataStore := initDataStore(*flags.Data, fileService)
+	extensions, err := extensionService.Extensions()
+	if err != nil {
+		return nil, err
+	}

-	if err := dataStore.CheckCurrentEdition(); err != nil {
+	for _, extension := range extensions {
+		err := extensionManager.EnableExtension(&extension, extension.License.LicenseKey)
+		if err != nil {
+			log.Printf("Unable to enable extension: %s [extension: %s]", err.Error(), extension.Name)
+			extension.Enabled = false
+			extension.License.Valid = false
+			extensionService.Persist(&extension)
+		}
+	}
+
+	return extensionManager, nil
+}
+
+func terminateIfNoAdminCreated(userService portainer.UserService) {
+	timer1 := time.NewTimer(5 * time.Minute)
+	<-timer1.C
+
+	users, err := userService.UsersByRole(portainer.AdministratorRole)
+	if err != nil {
 		log.Fatal(err)
 	}

-	jwtService, err := initJWTService(dataStore)
-	if err != nil {
-		log.Fatalf("failed initializing JWT service: %v", err)
+	if len(users) == 0 {
+		log.Fatal("No administrator account was created after 5 min. Shutting down the Portainer instance for security reasons.")
+		return
 	}
+}
+
+func main() {
+	flags := initCLI()
+
+	fileService := initFileService(*flags.Data)
+
+	store := initStore(*flags.Data, fileService)
+	defer store.Close()
+
+	jwtService := initJWTService(!*flags.NoAuth)

 	ldapService := initLDAPService()

-	oauthService := initOAuthService()
-
 	gitService := initGitService()

 	cryptoService := initCryptoService()

 	digitalSignatureService := initDigitalSignatureService()

-	err = initKeyPair(fileService, digitalSignatureService)
+	err := initKeyPair(fileService, digitalSignatureService)
 	if err != nil {
-		log.Fatalf("failed initializing key pai: %v", err)
+		log.Fatal(err)
 	}

-	reverseTunnelService := chisel.NewService(dataStore, shutdownCtx)
-
-	instanceID, err := dataStore.Version().InstanceID()
+	extensionManager, err := initExtensionManager(fileService, store.ExtensionService)
 	if err != nil {
-		log.Fatalf("failed getting instance id: %v", err)
+		log.Fatal(err)
 	}

-	dockerClientFactory := initDockerClientFactory(digitalSignatureService, reverseTunnelService)
-	kubernetesClientFactory := initKubernetesClientFactory(digitalSignatureService, reverseTunnelService, instanceID, dataStore)
+	clientFactory := initClientFactory(digitalSignatureService)

-	snapshotService, err := initSnapshotService(*flags.SnapshotInterval, dataStore, dockerClientFactory, kubernetesClientFactory, shutdownCtx)
-	if err != nil {
-		log.Fatalf("failed initializing snapshot service: %v", err)
+	jobService := initJobService(clientFactory)
+
+	snapshotter := initSnapshotter(clientFactory)
+
+	endpointManagement := true
+	if *flags.ExternalEndpoints != "" {
+		endpointManagement = false
 	}
-	snapshotService.Start()

-	authorizationService := authorization.NewService(dataStore)
-	authorizationService.K8sClientFactory = kubernetesClientFactory
-
-	swarmStackManager, err := initSwarmStackManager(*flags.Assets, *flags.Data, digitalSignatureService, fileService, reverseTunnelService)
+	swarmStackManager, err := initSwarmStackManager(*flags.Assets, *flags.Data, digitalSignatureService, fileService)
 	if err != nil {
-		log.Fatalf("failed initializing swarm stack manager: %v", err)
+		log.Fatal(err)
 	}
-	kubernetesTokenCacheManager := kubeproxy.NewTokenCacheManager()
-	proxyManager := proxy.NewManager(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager)

-	composeStackManager := initComposeStackManager(*flags.Assets, *flags.Data, reverseTunnelService, proxyManager)
+	composeStackManager := initComposeStackManager(*flags.Data)

-	kubernetesDeployer := initKubernetesDeployer(dataStore, reverseTunnelService, digitalSignatureService, *flags.Assets)
+	err = initTemplates(store.TemplateService, fileService, *flags.Templates, *flags.TemplateFile)
+	if err != nil {
+		log.Fatal(err)
+	}

-	if dataStore.IsNew() {
-		err = updateSettingsFromFlags(dataStore, flags)
+	err = initSettings(store.SettingsService, flags)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	jobScheduler := initJobScheduler()
+
+	err = loadSchedulesFromDatabase(jobScheduler, jobService, store.ScheduleService, store.EndpointService, fileService)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	err = loadEndpointSyncSystemSchedule(jobScheduler, store.ScheduleService, store.EndpointService, flags)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if *flags.Snapshot {
+		err = loadSnapshotSystemSchedule(jobScheduler, snapshotter, store.ScheduleService, store.EndpointService, store.SettingsService)
 		if err != nil {
-			log.Fatalf("failed updating settings from flags: %v", err)
+			log.Fatal(err)
 		}
 	}

-	err = edge.LoadEdgeJobs(dataStore, reverseTunnelService)
+	jobScheduler.Start()
+
+	err = initDockerHub(store.DockerHubService)
 	if err != nil {
-		log.Fatalf("failed loading edge jobs from database: %v", err)
+		log.Fatal(err)
 	}

-	applicationStatus := initStatus(flags)
+	applicationStatus := initStatus(endpointManagement, *flags.Snapshot, flags)

-	err = initEndpoint(flags, dataStore, snapshotService)
+	err = initEndpoint(flags, store.EndpointService, snapshotter)
 	if err != nil {
-		log.Fatalf("failed initializing endpoint: %v", err)
+		log.Fatal(err)
 	}

 	adminPasswordHash := ""
 	if *flags.AdminPasswordFile != "" {
 		content, err := fileService.GetFileContent(*flags.AdminPasswordFile)
 		if err != nil {
-			log.Fatalf("failed getting admin password file: %v", err)
+			log.Fatal(err)
 		}
-		adminPasswordHash, err = cryptoService.Hash(strings.TrimSuffix(string(content), "\n"))
+		adminPasswordHash, err = cryptoService.Hash(string(content))
 		if err != nil {
-			log.Fatalf("failed hashing admin password: %v", err)
+			log.Fatal(err)
 		}
 	} else if *flags.AdminPassword != "" {
 		adminPasswordHash = *flags.AdminPassword
 	}

 	if adminPasswordHash != "" {
-		users, err := dataStore.User().UsersByRole(portainer.AdministratorRole)
+		users, err := store.UserService.UsersByRole(portainer.AdministratorRole)
 		if err != nil {
-			log.Fatalf("failed getting admin user: %v", err)
+			log.Fatal(err)
 		}

 		if len(users) == 0 {
-			log.Println("Created admin user with the given password.")
+			log.Printf("Creating admin user with password hash %s", adminPasswordHash)
 			user := &portainer.User{
 				Username: "admin",
 				Role:     portainer.AdministratorRole,
 				Password: adminPasswordHash,
+				PortainerAuthorizations: map[portainer.Authorization]bool{
+					portainer.OperationPortainerDockerHubInspect:        true,
+					portainer.OperationPortainerEndpointGroupList:       true,
+					portainer.OperationPortainerEndpointList:            true,
+					portainer.OperationPortainerEndpointInspect:         true,
+					portainer.OperationPortainerEndpointExtensionAdd:    true,
+					portainer.OperationPortainerEndpointExtensionRemove: true,
+					portainer.OperationPortainerExtensionList:           true,
+					portainer.OperationPortainerMOTD:                    true,
+					portainer.OperationPortainerRegistryList:            true,
+					portainer.OperationPortainerRegistryInspect:         true,
+					portainer.OperationPortainerTeamList:                true,
+					portainer.OperationPortainerTemplateList:            true,
+					portainer.OperationPortainerTemplateInspect:         true,
+					portainer.OperationPortainerUserList:                true,
+					portainer.OperationPortainerUserMemberships:         true,
+				},
 			}
-			err := dataStore.User().CreateUser(user)
+			err := store.UserService.CreateUser(user)
 			if err != nil {
-				log.Fatalf("failed creating admin user: %v", err)
+				log.Fatal(err)
 			}
 		} else {
 			log.Println("Instance already has an administrator user defined. Skipping admin password related flags.")
 		}
 	}

-	err = reverseTunnelService.StartTunnelServer(*flags.TunnelAddr, *flags.TunnelPort, snapshotService)
+	if !*flags.NoAuth {
+		go terminateIfNoAdminCreated(store.UserService)
+	}
+
+	var tunnelServer portainer.TunnelServer = chisel.NewServer(*flags.TunnelAddr, *flags.TunnelPort)
+	err = tunnelServer.Start()
 	if err != nil {
-		log.Fatalf("failed starting license service: %s", err)
+		log.Fatal(err)
 	}

-	return &http.Server{
-		AuthorizationService:        authorizationService,
-		ReverseTunnelService:        reverseTunnelService,
-		Status:                      applicationStatus,
-		BindAddress:                 *flags.Addr,
-		AssetsPath:                  *flags.Assets,
-		DataStore:                   dataStore,
-		SwarmStackManager:           swarmStackManager,
-		ComposeStackManager:         composeStackManager,
-		KubernetesDeployer:          kubernetesDeployer,
-		CryptoService:               cryptoService,
-		JWTService:                  jwtService,
-		FileService:                 fileService,
-		LDAPService:                 ldapService,
-		OAuthService:                oauthService,
-		GitService:                  gitService,
-		ProxyManager:                proxyManager,
-		KubernetesTokenCacheManager: kubernetesTokenCacheManager,
-		SignatureService:            digitalSignatureService,
-		SnapshotService:             snapshotService,
-		SSL:                         *flags.SSL,
-		SSLCert:                     *flags.SSLCert,
-		SSLKey:                      *flags.SSLKey,
-		DockerClientFactory:         dockerClientFactory,
-		KubernetesClientFactory:     kubernetesClientFactory,
-		ShutdownCtx:                 shutdownCtx,
-		ShutdownTrigger:             shutdownTrigger,
-	}
-}
-
-func main() {
-	flags := initCLI()
-
-	for {
-		server := buildServer(flags)
-		log.Printf("Starting Portainer %s on %s\n", portainer.APIVersion, *flags.Addr)
-		err := server.Start()
-		log.Printf("Http server exited: %s\n", err)
+	var server portainer.Server = &http.Server{
+		TunnelServerFingerprint: tunnelServer.GetFingerprint(),
+		Status:                  applicationStatus,
+		BindAddress:             *flags.Addr,
+		AssetsPath:              *flags.Assets,
+		AuthDisabled:            *flags.NoAuth,
+		EndpointManagement:      endpointManagement,
+		RoleService:             store.RoleService,
+		UserService:             store.UserService,
+		TeamService:             store.TeamService,
+		TeamMembershipService:   store.TeamMembershipService,
+		EndpointService:         store.EndpointService,
+		EndpointGroupService:    store.EndpointGroupService,
+		ExtensionService:        store.ExtensionService,
+		ResourceControlService:  store.ResourceControlService,
+		SettingsService:         store.SettingsService,
+		RegistryService:         store.RegistryService,
+		DockerHubService:        store.DockerHubService,
+		StackService:            store.StackService,
+		ScheduleService:         store.ScheduleService,
+		TagService:              store.TagService,
+		TemplateService:         store.TemplateService,
+		WebhookService:          store.WebhookService,
+		SwarmStackManager:       swarmStackManager,
+		ComposeStackManager:     composeStackManager,
+		ExtensionManager:        extensionManager,
+		CryptoService:           cryptoService,
+		JWTService:              jwtService,
+		FileService:             fileService,
+		LDAPService:             ldapService,
+		GitService:              gitService,
+		SignatureService:        digitalSignatureService,
+		JobScheduler:            jobScheduler,
+		Snapshotter:             snapshotter,
+		SSL:                     *flags.SSL,
+		SSLCert:                 *flags.SSLCert,
+		SSLKey:                  *flags.SSLKey,
+		DockerClientFactory:     clientFactory,
+		JobService:              jobService,
+	}
+
+	log.Printf("Starting Portainer %s on %s", portainer.APIVersion, *flags.Addr)
+	err = server.Start()
+	if err != nil {
+		log.Fatal(err)
 	}
 }
--- a/api/cron/job_endpoint_sync.go
+++ b/api/cron/job_endpoint_sync.go
@@ -0,0 +1,214 @@
+package cron
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"log"
+	"strings"
+
+	"github.com/portainer/portainer/api"
+)
+
+// EndpointSyncJobRunner is used to run a EndpointSyncJob
+type EndpointSyncJobRunner struct {
+	schedule *portainer.Schedule
+	context  *EndpointSyncJobContext
+}
+
+// EndpointSyncJobContext represents the context of execution of a EndpointSyncJob
+type EndpointSyncJobContext struct {
+	endpointService  portainer.EndpointService
+	endpointFilePath string
+}
+
+// NewEndpointSyncJobContext returns a new context that can be used to execute a EndpointSyncJob
+func NewEndpointSyncJobContext(endpointService portainer.EndpointService, endpointFilePath string) *EndpointSyncJobContext {
+	return &EndpointSyncJobContext{
+		endpointService:  endpointService,
+		endpointFilePath: endpointFilePath,
+	}
+}
+
+// NewEndpointSyncJobRunner returns a new runner that can be scheduled
+func NewEndpointSyncJobRunner(schedule *portainer.Schedule, context *EndpointSyncJobContext) *EndpointSyncJobRunner {
+	return &EndpointSyncJobRunner{
+		schedule: schedule,
+		context:  context,
+	}
+}
+
+type synchronization struct {
+	endpointsToCreate []*portainer.Endpoint
+	endpointsToUpdate []*portainer.Endpoint
+	endpointsToDelete []*portainer.Endpoint
+}
+
+type fileEndpoint struct {
+	Name          string `json:"Name"`
+	URL           string `json:"URL"`
+	TLS           bool   `json:"TLS,omitempty"`
+	TLSSkipVerify bool   `json:"TLSSkipVerify,omitempty"`
+	TLSCACert     string `json:"TLSCACert,omitempty"`
+	TLSCert       string `json:"TLSCert,omitempty"`
+	TLSKey        string `json:"TLSKey,omitempty"`
+}
+
+// GetSchedule returns the schedule associated to the runner
+func (runner *EndpointSyncJobRunner) GetSchedule() *portainer.Schedule {
+	return runner.schedule
+}
+
+// Run triggers the execution of the endpoint synchronization process.
+func (runner *EndpointSyncJobRunner) Run() {
+	data, err := ioutil.ReadFile(runner.context.endpointFilePath)
+	if endpointSyncError(err) {
+		return
+	}
+
+	var fileEndpoints []fileEndpoint
+	err = json.Unmarshal(data, &fileEndpoints)
+	if endpointSyncError(err) {
+		return
+	}
+
+	if len(fileEndpoints) == 0 {
+		log.Println("background job error (endpoint synchronization). External endpoint source is empty")
+		return
+	}
+
+	storedEndpoints, err := runner.context.endpointService.Endpoints()
+	if endpointSyncError(err) {
+		return
+	}
+
+	convertedFileEndpoints := convertFileEndpoints(fileEndpoints)
+
+	sync := prepareSyncData(storedEndpoints, convertedFileEndpoints)
+	if sync.requireSync() {
+		err = runner.context.endpointService.Synchronize(sync.endpointsToCreate, sync.endpointsToUpdate, sync.endpointsToDelete)
+		if endpointSyncError(err) {
+			return
+		}
+		log.Printf("Endpoint synchronization ended. [created: %v] [updated: %v] [deleted: %v]", len(sync.endpointsToCreate), len(sync.endpointsToUpdate), len(sync.endpointsToDelete))
+	}
+}
+
+func endpointSyncError(err error) bool {
+	if err != nil {
+		log.Printf("background job error (endpoint synchronization). Unable to synchronize endpoints (err=%s)\n", err)
+		return true
+	}
+	return false
+}
+
+func isValidEndpoint(endpoint *portainer.Endpoint) bool {
+	if endpoint.Name != "" && endpoint.URL != "" {
+		if !strings.HasPrefix(endpoint.URL, "unix://") && !strings.HasPrefix(endpoint.URL, "tcp://") {
+			return false
+		}
+		return true
+	}
+	return false
+}
+
+func convertFileEndpoints(fileEndpoints []fileEndpoint) []portainer.Endpoint {
+	convertedEndpoints := make([]portainer.Endpoint, 0)
+
+	for _, e := range fileEndpoints {
+		endpoint := portainer.Endpoint{
+			Name:      e.Name,
+			URL:       e.URL,
+			TLSConfig: portainer.TLSConfiguration{},
+		}
+		if e.TLS {
+			endpoint.TLSConfig.TLS = true
+			endpoint.TLSConfig.TLSSkipVerify = e.TLSSkipVerify
+			endpoint.TLSConfig.TLSCACertPath = e.TLSCACert
+			endpoint.TLSConfig.TLSCertPath = e.TLSCert
+			endpoint.TLSConfig.TLSKeyPath = e.TLSKey
+		}
+		convertedEndpoints = append(convertedEndpoints, endpoint)
+	}
+
+	return convertedEndpoints
+}
+
+func endpointExists(endpoint *portainer.Endpoint, endpoints []portainer.Endpoint) int {
+	for idx, v := range endpoints {
+		if endpoint.Name == v.Name && isValidEndpoint(&v) {
+			return idx
+		}
+	}
+	return -1
+}
+
+func mergeEndpointIfRequired(original, updated *portainer.Endpoint) *portainer.Endpoint {
+	var endpoint *portainer.Endpoint
+	if original.URL != updated.URL || original.TLSConfig.TLS != updated.TLSConfig.TLS ||
+		(updated.TLSConfig.TLS && original.TLSConfig.TLSSkipVerify != updated.TLSConfig.TLSSkipVerify) ||
+		(updated.TLSConfig.TLS && original.TLSConfig.TLSCACertPath != updated.TLSConfig.TLSCACertPath) ||
+		(updated.TLSConfig.TLS && original.TLSConfig.TLSCertPath != updated.TLSConfig.TLSCertPath) ||
+		(updated.TLSConfig.TLS && original.TLSConfig.TLSKeyPath != updated.TLSConfig.TLSKeyPath) {
+		endpoint = original
+		endpoint.URL = updated.URL
+		if updated.TLSConfig.TLS {
+			endpoint.TLSConfig.TLS = true
+			endpoint.TLSConfig.TLSSkipVerify = updated.TLSConfig.TLSSkipVerify
+			endpoint.TLSConfig.TLSCACertPath = updated.TLSConfig.TLSCACertPath
+			endpoint.TLSConfig.TLSCertPath = updated.TLSConfig.TLSCertPath
+			endpoint.TLSConfig.TLSKeyPath = updated.TLSConfig.TLSKeyPath
+		} else {
+			endpoint.TLSConfig.TLS = false
+			endpoint.TLSConfig.TLSSkipVerify = false
+			endpoint.TLSConfig.TLSCACertPath = ""
+			endpoint.TLSConfig.TLSCertPath = ""
+			endpoint.TLSConfig.TLSKeyPath = ""
+		}
+	}
+	return endpoint
+}
+
+func (sync synchronization) requireSync() bool {
+	if len(sync.endpointsToCreate) != 0 || len(sync.endpointsToUpdate) != 0 || len(sync.endpointsToDelete) != 0 {
+		return true
+	}
+	return false
+}
+
+func prepareSyncData(storedEndpoints, fileEndpoints []portainer.Endpoint) *synchronization {
+	endpointsToCreate := make([]*portainer.Endpoint, 0)
+	endpointsToUpdate := make([]*portainer.Endpoint, 0)
+	endpointsToDelete := make([]*portainer.Endpoint, 0)
+
+	for idx := range storedEndpoints {
+		fidx := endpointExists(&storedEndpoints[idx], fileEndpoints)
+		if fidx != -1 {
+			endpoint := mergeEndpointIfRequired(&storedEndpoints[idx], &fileEndpoints[fidx])
+			if endpoint != nil {
+				log.Printf("New definition for a stored endpoint found in file, updating database. [name: %v] [url: %v]\n", endpoint.Name, endpoint.URL)
+				endpointsToUpdate = append(endpointsToUpdate, endpoint)
+			}
+		} else {
+			log.Printf("Stored endpoint not found in file (definition might be invalid), removing from database. [name: %v] [url: %v]", storedEndpoints[idx].Name, storedEndpoints[idx].URL)
+			endpointsToDelete = append(endpointsToDelete, &storedEndpoints[idx])
+		}
+	}
+
+	for idx, endpoint := range fileEndpoints {
+		if !isValidEndpoint(&endpoint) {
+			log.Printf("Invalid file endpoint definition, skipping. [name: %v] [url: %v]", endpoint.Name, endpoint.URL)
+			continue
+		}
+		sidx := endpointExists(&fileEndpoints[idx], storedEndpoints)
+		if sidx == -1 {
+			log.Printf("File endpoint not found in database, adding to database. [name: %v] [url: %v]", fileEndpoints[idx].Name, fileEndpoints[idx].URL)
+			endpointsToCreate = append(endpointsToCreate, &fileEndpoints[idx])
+		}
+	}
+
+	return &synchronization{
+		endpointsToCreate: endpointsToCreate,
+		endpointsToUpdate: endpointsToUpdate,
+		endpointsToDelete: endpointsToDelete,
+	}
+}
--- a/api/cron/job_script_execution.go
+++ b/api/cron/job_script_execution.go
@@ -0,0 +1,96 @@
+package cron
+
+import (
+	"log"
+	"time"
+
+	"github.com/portainer/portainer/api"
+)
+
+// ScriptExecutionJobRunner is used to run a ScriptExecutionJob
+type ScriptExecutionJobRunner struct {
+	schedule     *portainer.Schedule
+	context      *ScriptExecutionJobContext
+	executedOnce bool
+}
+
+// ScriptExecutionJobContext represents the context of execution of a ScriptExecutionJob
+type ScriptExecutionJobContext struct {
+	jobService      portainer.JobService
+	endpointService portainer.EndpointService
+	fileService     portainer.FileService
+}
+
+// NewScriptExecutionJobContext returns a new context that can be used to execute a ScriptExecutionJob
+func NewScriptExecutionJobContext(jobService portainer.JobService, endpointService portainer.EndpointService, fileService portainer.FileService) *ScriptExecutionJobContext {
+	return &ScriptExecutionJobContext{
+		jobService:      jobService,
+		endpointService: endpointService,
+		fileService:     fileService,
+	}
+}
+
+// NewScriptExecutionJobRunner returns a new runner that can be scheduled
+func NewScriptExecutionJobRunner(schedule *portainer.Schedule, context *ScriptExecutionJobContext) *ScriptExecutionJobRunner {
+	return &ScriptExecutionJobRunner{
+		schedule:     schedule,
+		context:      context,
+		executedOnce: false,
+	}
+}
+
+// Run triggers the execution of the job.
+// It will iterate through all the endpoints specified in the context to
+// execute the script associated to the job.
+func (runner *ScriptExecutionJobRunner) Run() {
+	if !runner.schedule.Recurring && runner.executedOnce {
+		return
+	}
+	runner.executedOnce = true
+
+	scriptFile, err := runner.context.fileService.GetFileContent(runner.schedule.ScriptExecutionJob.ScriptPath)
+	if err != nil {
+		log.Printf("scheduled job error (script execution). Unable to retrieve script file (err=%s)\n", err)
+		return
+	}
+
+	targets := make([]*portainer.Endpoint, 0)
+	for _, endpointID := range runner.schedule.ScriptExecutionJob.Endpoints {
+		endpoint, err := runner.context.endpointService.Endpoint(endpointID)
+		if err != nil {
+			log.Printf("scheduled job error (script execution). Unable to retrieve information about endpoint (id=%d) (err=%s)\n", endpointID, err)
+			return
+		}
+
+		targets = append(targets, endpoint)
+	}
+
+	runner.executeAndRetry(targets, scriptFile, 0)
+}
+
+func (runner *ScriptExecutionJobRunner) executeAndRetry(endpoints []*portainer.Endpoint, script []byte, retryCount int) {
+	retryTargets := make([]*portainer.Endpoint, 0)
+
+	for _, endpoint := range endpoints {
+		err := runner.context.jobService.ExecuteScript(endpoint, "", runner.schedule.ScriptExecutionJob.Image, script, runner.schedule)
+		if err == portainer.ErrUnableToPingEndpoint {
+			retryTargets = append(retryTargets, endpoint)
+		} else if err != nil {
+			log.Printf("scheduled job error (script execution). Unable to execute script (endpoint=%s) (err=%s)\n", endpoint.Name, err)
+		}
+	}
+
+	retryCount++
+	if retryCount >= runner.schedule.ScriptExecutionJob.RetryCount {
+		return
+	}
+
+	time.Sleep(time.Duration(runner.schedule.ScriptExecutionJob.RetryInterval) * time.Second)
+
+	runner.executeAndRetry(retryTargets, script, retryCount)
+}
+
+// GetSchedule returns the schedule associated to the runner
+func (runner *ScriptExecutionJobRunner) GetSchedule() *portainer.Schedule {
+	return runner.schedule
+}
--- a/api/cron/job_snapshot.go
+++ b/api/cron/job_snapshot.go
@@ -0,0 +1,85 @@
+package cron
+
+import (
+	"log"
+
+	"github.com/portainer/portainer/api"
+)
+
+// SnapshotJobRunner is used to run a SnapshotJob
+type SnapshotJobRunner struct {
+	schedule *portainer.Schedule
+	context  *SnapshotJobContext
+}
+
+// SnapshotJobContext represents the context of execution of a SnapshotJob
+type SnapshotJobContext struct {
+	endpointService portainer.EndpointService
+	snapshotter     portainer.Snapshotter
+}
+
+// NewSnapshotJobContext returns a new context that can be used to execute a SnapshotJob
+func NewSnapshotJobContext(endpointService portainer.EndpointService, snapshotter portainer.Snapshotter) *SnapshotJobContext {
+	return &SnapshotJobContext{
+		endpointService: endpointService,
+		snapshotter:     snapshotter,
+	}
+}
+
+// NewSnapshotJobRunner returns a new runner that can be scheduled
+func NewSnapshotJobRunner(schedule *portainer.Schedule, context *SnapshotJobContext) *SnapshotJobRunner {
+	return &SnapshotJobRunner{
+		schedule: schedule,
+		context:  context,
+	}
+}
+
+// GetSchedule returns the schedule associated to the runner
+func (runner *SnapshotJobRunner) GetSchedule() *portainer.Schedule {
+	return runner.schedule
+}
+
+// Run triggers the execution of the schedule.
+// It will iterate through all the endpoints available in the database to
+// create a snapshot of each one of them.
+// As a snapshot can be a long process, to avoid any concurrency issue we
+// retrieve the latest version of the endpoint right after a snapshot.
+func (runner *SnapshotJobRunner) Run() {
+	go func() {
+		endpoints, err := runner.context.endpointService.Endpoints()
+		if err != nil {
+			log.Printf("background schedule error (endpoint snapshot). Unable to retrieve endpoint list (err=%s)\n", err)
+			return
+		}
+
+		for _, endpoint := range endpoints {
+			if endpoint.Type == portainer.AzureEnvironment {
+				continue
+			}
+
+			snapshot, snapshotError := runner.context.snapshotter.CreateSnapshot(&endpoint)
+
+			latestEndpointReference, err := runner.context.endpointService.Endpoint(endpoint.ID)
+			if latestEndpointReference == nil {
+				log.Printf("background schedule error (endpoint snapshot). Endpoint not found inside the database anymore (endpoint=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, err)
+				continue
+			}
+
+			latestEndpointReference.Status = portainer.EndpointStatusUp
+			if snapshotError != nil {
+				log.Printf("background schedule error (endpoint snapshot). Unable to create snapshot (endpoint=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, snapshotError)
+				latestEndpointReference.Status = portainer.EndpointStatusDown
+			}
+
+			if snapshot != nil {
+				latestEndpointReference.Snapshots = []portainer.Snapshot{*snapshot}
+			}
+
+			err = runner.context.endpointService.UpdateEndpoint(latestEndpointReference.ID, latestEndpointReference)
+			if err != nil {
+				log.Printf("background schedule error (endpoint snapshot). Unable to update endpoint (endpoint=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, err)
+				return
+			}
+		}
+	}()
+}
--- a/api/cron/scheduler.go
+++ b/api/cron/scheduler.go
@@ -0,0 +1,115 @@
+package cron
+
+import (
+	"github.com/portainer/portainer/api"
+	"github.com/robfig/cron"
+)
+
+// JobScheduler represents a service for managing crons
+type JobScheduler struct {
+	cron *cron.Cron
+}
+
+// NewJobScheduler initializes a new service
+func NewJobScheduler() *JobScheduler {
+	return &JobScheduler{
+		cron: cron.New(),
+	}
+}
+
+// ScheduleJob schedules the execution of a job via a runner
+func (scheduler *JobScheduler) ScheduleJob(runner portainer.JobRunner) error {
+	return scheduler.cron.AddJob(runner.GetSchedule().CronExpression, runner)
+}
+
+// UpdateSystemJobSchedule updates the first occurence of the specified
+// scheduled job based on the specified job type.
+// It does so by re-creating a new cron
+// and adding all the existing jobs. It will then re-schedule the new job
+// with the update cron expression passed in parameter.
+// NOTE: the cron library do not support updating schedules directly
+// hence the work-around
+func (scheduler *JobScheduler) UpdateSystemJobSchedule(jobType portainer.JobType, newCronExpression string) error {
+	cronEntries := scheduler.cron.Entries()
+	newCron := cron.New()
+
+	for _, entry := range cronEntries {
+		if entry.Job.(portainer.JobRunner).GetSchedule().JobType == jobType {
+			err := newCron.AddJob(newCronExpression, entry.Job)
+			if err != nil {
+				return err
+			}
+			continue
+		}
+
+		newCron.Schedule(entry.Schedule, entry.Job)
+	}
+
+	scheduler.cron.Stop()
+	scheduler.cron = newCron
+	scheduler.cron.Start()
+	return nil
+}
+
+// UpdateJobSchedule updates a specific scheduled job by re-creating a new cron
+// and adding all the existing jobs. It will then re-schedule the new job
+// via the specified JobRunner parameter.
+// NOTE: the cron library do not support updating schedules directly
+// hence the work-around
+func (scheduler *JobScheduler) UpdateJobSchedule(runner portainer.JobRunner) error {
+	cronEntries := scheduler.cron.Entries()
+	newCron := cron.New()
+
+	for _, entry := range cronEntries {
+
+		if entry.Job.(portainer.JobRunner).GetSchedule().ID == runner.GetSchedule().ID {
+
+			var jobRunner cron.Job = runner
+			if entry.Job.(portainer.JobRunner).GetSchedule().JobType == portainer.SnapshotJobType {
+				jobRunner = entry.Job
+			}
+
+			err := newCron.AddJob(runner.GetSchedule().CronExpression, jobRunner)
+			if err != nil {
+				return err
+			}
+			continue
+		}
+
+		newCron.Schedule(entry.Schedule, entry.Job)
+	}
+
+	scheduler.cron.Stop()
+	scheduler.cron = newCron
+	scheduler.cron.Start()
+	return nil
+}
+
+// UnscheduleJob remove a scheduled job by re-creating a new cron
+// and adding all the existing jobs except for the one specified via scheduleID.
+// NOTE: the cron library do not support removing schedules directly
+// hence the work-around
+func (scheduler *JobScheduler) UnscheduleJob(scheduleID portainer.ScheduleID) {
+	cronEntries := scheduler.cron.Entries()
+	newCron := cron.New()
+
+	for _, entry := range cronEntries {
+
+		if entry.Job.(portainer.JobRunner).GetSchedule().ID == scheduleID {
+			continue
+		}
+
+		newCron.Schedule(entry.Schedule, entry.Job)
+	}
+
+	scheduler.cron.Stop()
+	scheduler.cron = newCron
+	scheduler.cron.Start()
+}
+
+// Start starts the scheduled jobs
+func (scheduler *JobScheduler) Start() {
+	if len(scheduler.cron.Entries()) > 0 {
+		scheduler.cron.Start()
+	}
+}
--- a/api/crypto/aes.go
+++ b/api/crypto/aes.go
@@ -1,70 +0,0 @@
-package crypto
-
-import (
-	"crypto/aes"
-	"crypto/cipher"
-	"io"
-
-	"golang.org/x/crypto/scrypt"
-)
-
-// NOTE: has to go with what is considered to be a simplistic in that it omits any
-// authentication of the encrypted data.
-// Person with better knowledge is welcomed to improve it.
-// sourced from https://golang.org/src/crypto/cipher/example_test.go
-
-var emptySalt []byte = make([]byte, 0, 0)
-
-// AesEncrypt reads from input, encrypts with AES-256 and writes to the output.
-// passphrase is used to generate an encryption key.
-func AesEncrypt(input io.Reader, output io.Writer, passphrase []byte) error {
-	// making a 32 bytes key that would correspond to AES-256
-	// don't necessarily need a salt, so just kept in empty
-	key, err := scrypt.Key(passphrase, emptySalt, 32768, 8, 1, 32)
-	if err != nil {
-		return err
-	}
-
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return err
-	}
-
-	// If the key is unique for each ciphertext, then it's ok to use a zero
-	// IV.
-	var iv [aes.BlockSize]byte
-	stream := cipher.NewOFB(block, iv[:])
-
-	writer := &cipher.StreamWriter{S: stream, W: output}
-	// Copy the input to the output, encrypting as we go.
-	if _, err := io.Copy(writer, input); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// AesDecrypt reads from input, decrypts with AES-256 and returns the reader to a read decrypted content from.
-// passphrase is used to generate an encryption key.
-func AesDecrypt(input io.Reader, passphrase []byte) (io.Reader, error) {
-	// making a 32 bytes key that would correspond to AES-256
-	// don't necessarily need a salt, so just kept in empty
-	key, err := scrypt.Key(passphrase, emptySalt, 32768, 8, 1, 32)
-	if err != nil {
-		return nil, err
-	}
-
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-
-	// If the key is unique for each ciphertext, then it's ok to use a zero
-	// IV.
-	var iv [aes.BlockSize]byte
-	stream := cipher.NewOFB(block, iv[:])
-
-	reader := &cipher.StreamReader{S: stream, R: input}
-
-	return reader, nil
-}
--- a/api/crypto/aes_test.go
+++ b/api/crypto/aes_test.go
@@ -1,132 +0,0 @@
-package crypto
-
-import (
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/docker/docker/pkg/ioutils"
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_encryptAndDecrypt_withTheSamePassword(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "encrypt")
-	defer os.RemoveAll(tmpdir)
-
-	var (
-		originFilePath    = filepath.Join(tmpdir, "origin")
-		encryptedFilePath = filepath.Join(tmpdir, "encrypted")
-		decryptedFilePath = filepath.Join(tmpdir, "decrypted")
-	)
-
-	content := []byte("content")
-	ioutil.WriteFile(originFilePath, content, 0600)
-
-	originFile, _ := os.Open(originFilePath)
-	defer originFile.Close()
-
-	encryptedFileWriter, _ := os.Create(encryptedFilePath)
-	defer encryptedFileWriter.Close()
-
-	err := AesEncrypt(originFile, encryptedFileWriter, []byte("passphrase"))
-	assert.Nil(t, err, "Failed to encrypt a file")
-	encryptedContent, err := ioutil.ReadFile(encryptedFilePath)
-	assert.Nil(t, err, "Couldn't read encrypted file")
-	assert.NotEqual(t, encryptedContent, content, "Content wasn't encrypted")
-
-	encryptedFileReader, _ := os.Open(encryptedFilePath)
-	defer encryptedFileReader.Close()
-
-	decryptedFileWriter, _ := os.Create(decryptedFilePath)
-	defer decryptedFileWriter.Close()
-
-	decryptedReader, err := AesDecrypt(encryptedFileReader, []byte("passphrase"))
-	assert.Nil(t, err, "Failed to decrypt file")
-
-	io.Copy(decryptedFileWriter, decryptedReader)
-
-	decryptedContent, _ := ioutil.ReadFile(decryptedFilePath)
-	assert.Equal(t, content, decryptedContent, "Original and decrypted content should match")
-}
-
-func Test_encryptAndDecrypt_withEmptyPassword(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "encrypt")
-	defer os.RemoveAll(tmpdir)
-
-	var (
-		originFilePath    = filepath.Join(tmpdir, "origin")
-		encryptedFilePath = filepath.Join(tmpdir, "encrypted")
-		decryptedFilePath = filepath.Join(tmpdir, "decrypted")
-	)
-
-	content := []byte("content")
-	ioutil.WriteFile(originFilePath, content, 0600)
-
-	originFile, _ := os.Open(originFilePath)
-	defer originFile.Close()
-
-	encryptedFileWriter, _ := os.Create(encryptedFilePath)
-	defer encryptedFileWriter.Close()
-
-	err := AesEncrypt(originFile, encryptedFileWriter, []byte(""))
-	assert.Nil(t, err, "Failed to encrypt a file")
-	encryptedContent, err := ioutil.ReadFile(encryptedFilePath)
-	assert.Nil(t, err, "Couldn't read encrypted file")
-	assert.NotEqual(t, encryptedContent, content, "Content wasn't encrypted")
-
-	encryptedFileReader, _ := os.Open(encryptedFilePath)
-	defer encryptedFileReader.Close()
-
-	decryptedFileWriter, _ := os.Create(decryptedFilePath)
-	defer decryptedFileWriter.Close()
-
-	decryptedReader, err := AesDecrypt(encryptedFileReader, []byte(""))
-	assert.Nil(t, err, "Failed to decrypt file")
-
-	io.Copy(decryptedFileWriter, decryptedReader)
-
-	decryptedContent, _ := ioutil.ReadFile(decryptedFilePath)
-	assert.Equal(t, content, decryptedContent, "Original and decrypted content should match")
-}
-
-func Test_decryptWithDifferentPassphrase_shouldProduceWrongResult(t *testing.T) {
-	tmpdir, _ := ioutils.TempDir("", "encrypt")
-	defer os.RemoveAll(tmpdir)
-
-	var (
-		originFilePath    = filepath.Join(tmpdir, "origin")
-		encryptedFilePath = filepath.Join(tmpdir, "encrypted")
-		decryptedFilePath = filepath.Join(tmpdir, "decrypted")
-	)
-
-	content := []byte("content")
-	ioutil.WriteFile(originFilePath, content, 0600)
-
-	originFile, _ := os.Open(originFilePath)
-	defer originFile.Close()
-
-	encryptedFileWriter, _ := os.Create(encryptedFilePath)
-	defer encryptedFileWriter.Close()
-
-	err := AesEncrypt(originFile, encryptedFileWriter, []byte("passphrase"))
-	assert.Nil(t, err, "Failed to encrypt a file")
-	encryptedContent, err := ioutil.ReadFile(encryptedFilePath)
-	assert.Nil(t, err, "Couldn't read encrypted file")
-	assert.NotEqual(t, encryptedContent, content, "Content wasn't encrypted")
-
-	encryptedFileReader, _ := os.Open(encryptedFilePath)
-	defer encryptedFileReader.Close()
-
-	decryptedFileWriter, _ := os.Create(decryptedFilePath)
-	defer decryptedFileWriter.Close()
-
-	decryptedReader, err := AesDecrypt(encryptedFileReader, []byte("garbage"))
-	assert.Nil(t, err, "Should allow to decrypt with wrong passphrase")
-
-	io.Copy(decryptedFileWriter, decryptedReader)
-
-	decryptedContent, _ := ioutil.ReadFile(decryptedFilePath)
-	assert.NotEqual(t, content, decryptedContent, "Original and decrypted content should NOT match")
-}
--- a/api/crypto/crypto.go
+++ b/api/crypto/crypto.go
--- a/api/crypto/ecdsa.go
+++ b/api/crypto/ecdsa.go
@@ -8,8 +8,6 @@ import (
 	"encoding/base64"
 	"encoding/hex"
 	"math/big"
-
-	"github.com/portainer/libcrypto"
 )

 const (
@@ -113,7 +111,7 @@ func (service *ECDSAService) CreateSignature(message string) (string, error) {
 		message = service.secret
 	}

-	hash := libcrypto.HashFromBytes([]byte(message))
+	hash := HashFromBytes([]byte(message))

 	r := big.NewInt(0)
 	s := big.NewInt(0)
--- a/api/crypto/md5.go
+++ b/api/crypto/md5.go
@@ -0,0 +1,10 @@
+package crypto
+
+import "crypto/md5"
+
+// HashFromBytes returns the hash of the specified data
+func HashFromBytes(data []byte) []byte {
+	digest := md5.New()
+	digest.Write(data)
+	return digest.Sum(nil)
+}
--- a/api/crypto/tls.go
+++ b/api/crypto/tls.go
@@ -6,24 +6,6 @@ import (
 	"io/ioutil"
 )

-// CreateServerTLSConfiguration creates a basic tls.Config to be used by servers with recommended TLS settings
-func CreateServerTLSConfiguration() *tls.Config {
-	return &tls.Config{
-		MinVersion: tls.VersionTLS12,
-		CipherSuites: []uint16{
-			tls.TLS_AES_128_GCM_SHA256,
-			tls.TLS_AES_256_GCM_SHA384,
-			tls.TLS_CHACHA20_POLY1305_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-		},
-	}
-}
-
 // CreateTLSConfigurationFromBytes initializes a tls.Config using a CA certificate, a certificate and a key
 // loaded from memory.
 func CreateTLSConfigurationFromBytes(caCert, cert, key []byte, skipClientVerification, skipServerVerification bool) (*tls.Config, error) {
--- a/api/docker/client.go
+++ b/api/docker/client.go
@@ -1,48 +1,39 @@
 package docker

 import (
-	"errors"
-	"fmt"
 	"net/http"
 	"strings"
 	"time"

 	"github.com/docker/docker/client"
-	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/crypto"
 )

-var errUnsupportedEnvironmentType = errors.New("Environment not supported")
-
 const (
-	defaultDockerRequestTimeout = 60
-	dockerClientVersion         = "1.37"
+	unsupportedEnvironmentType = portainer.Error("Environment not supported")
 )

 // ClientFactory is used to create Docker clients
 type ClientFactory struct {
-	signatureService     portainer.DigitalSignatureService
-	reverseTunnelService portainer.ReverseTunnelService
+	signatureService portainer.DigitalSignatureService
 }

 // NewClientFactory returns a new instance of a ClientFactory
-func NewClientFactory(signatureService portainer.DigitalSignatureService, reverseTunnelService portainer.ReverseTunnelService) *ClientFactory {
+func NewClientFactory(signatureService portainer.DigitalSignatureService) *ClientFactory {
 	return &ClientFactory{
-		signatureService:     signatureService,
-		reverseTunnelService: reverseTunnelService,
+		signatureService: signatureService,
 	}
 }

-// createClient is a generic function to create a Docker client based on
+// CreateClient is a generic function to create a Docker client based on
 // a specific endpoint configuration. The nodeName parameter can be used
 // with an agent enabled endpoint to target a specific node in an agent cluster.
 func (factory *ClientFactory) CreateClient(endpoint *portainer.Endpoint, nodeName string) (*client.Client, error) {
 	if endpoint.Type == portainer.AzureEnvironment {
-		return nil, errUnsupportedEnvironmentType
+		return nil, unsupportedEnvironmentType
 	} else if endpoint.Type == portainer.AgentOnDockerEnvironment {
 		return createAgentClient(endpoint, factory.signatureService, nodeName)
-	} else if endpoint.Type == portainer.EdgeAgentOnDockerEnvironment {
-		return createEdgeClient(endpoint, factory.reverseTunnelService, nodeName)
 	}

 	if strings.HasPrefix(endpoint.URL, "unix://") || strings.HasPrefix(endpoint.URL, "npipe://") {
@@ -54,7 +45,7 @@ func (factory *ClientFactory) CreateClient(endpoint *portainer.Endpoint, nodeNam
 func createLocalClient(endpoint *portainer.Endpoint) (*client.Client, error) {
 	return client.NewClientWithOpts(
 		client.WithHost(endpoint.URL),
-		client.WithVersion(dockerClientVersion),
+		client.WithVersion(portainer.SupportedDockerAPIVersion),
 	)
 }

@@ -66,33 +57,11 @@ func createTCPClient(endpoint *portainer.Endpoint) (*client.Client, error) {

 	return client.NewClientWithOpts(
 		client.WithHost(endpoint.URL),
-		client.WithVersion(dockerClientVersion),
+		client.WithVersion(portainer.SupportedDockerAPIVersion),
 		client.WithHTTPClient(httpCli),
 	)
 }

-func createEdgeClient(endpoint *portainer.Endpoint, reverseTunnelService portainer.ReverseTunnelService, nodeName string) (*client.Client, error) {
-	httpCli, err := httpClient(endpoint)
-	if err != nil {
-		return nil, err
-	}
-
-	headers := map[string]string{}
-	if nodeName != "" {
-		headers[portainer.PortainerAgentTargetHeader] = nodeName
-	}
-
-	tunnel := reverseTunnelService.GetTunnelDetails(endpoint.ID)
-	endpointURL := fmt.Sprintf("http://127.0.0.1:%d", tunnel.Port)
-
-	return client.NewClientWithOpts(
-		client.WithHost(endpointURL),
-		client.WithVersion(dockerClientVersion),
-		client.WithHTTPClient(httpCli),
-		client.WithHTTPHeaders(headers),
-	)
-}
-
 func createAgentClient(endpoint *portainer.Endpoint, signatureService portainer.DigitalSignatureService, nodeName string) (*client.Client, error) {
 	httpCli, err := httpClient(endpoint)
 	if err != nil {
@@ -115,7 +84,7 @@ func createAgentClient(endpoint *portainer.Endpoint, signatureService portainer.

 	return client.NewClientWithOpts(
 		client.WithHost(endpoint.URL),
-		client.WithVersion(dockerClientVersion),
+		client.WithVersion(portainer.SupportedDockerAPIVersion),
 		client.WithHTTPClient(httpCli),
 		client.WithHTTPHeaders(headers),
 	)
@@ -134,6 +103,6 @@ func httpClient(endpoint *portainer.Endpoint) (*http.Client, error) {

 	return &http.Client{
 		Transport: transport,
-		Timeout:   defaultDockerRequestTimeout * time.Second,
+		Timeout:   30 * time.Second,
 	}, nil
 }
--- a/api/docker/errors.go
+++ b/api/docker/errors.go
@@ -1,8 +0,0 @@
-package docker
-
-import "errors"
-
-// Docker errors
-var (
-	ErrUnableToPingEndpoint = errors.New("Unable to communicate with the endpoint")
-)
--- a/api/docker/job.go
+++ b/api/docker/job.go
@@ -0,0 +1,115 @@
+package docker
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"io/ioutil"
+	"strconv"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/network"
+	"github.com/docker/docker/api/types/strslice"
+	"github.com/docker/docker/client"
+	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/archive"
+)
+
+// JobService represents a service that handles the execution of jobs
+type JobService struct {
+	dockerClientFactory *ClientFactory
+}
+
+// NewJobService returns a pointer to a new job service
+func NewJobService(dockerClientFactory *ClientFactory) *JobService {
+	return &JobService{
+		dockerClientFactory: dockerClientFactory,
+	}
+}
+
+// ExecuteScript will leverage a privileged container to execute a script against the specified endpoint/nodename.
+// It will copy the script content specified as a parameter inside a container based on the specified image and execute it.
+func (service *JobService) ExecuteScript(endpoint *portainer.Endpoint, nodeName, image string, script []byte, schedule *portainer.Schedule) error {
+	buffer, err := archive.TarFileInBuffer(script, "script.sh", 0700)
+	if err != nil {
+		return err
+	}
+
+	cli, err := service.dockerClientFactory.CreateClient(endpoint, nodeName)
+	if err != nil {
+		return err
+	}
+	defer cli.Close()
+
+	_, err = cli.Ping(context.Background())
+	if err != nil {
+		return portainer.ErrUnableToPingEndpoint
+	}
+
+	err = pullImage(cli, image)
+	if err != nil {
+		return err
+	}
+
+	containerConfig := &container.Config{
+		AttachStdin:  true,
+		AttachStdout: true,
+		AttachStderr: true,
+		Tty:          true,
+		WorkingDir:   "/tmp",
+		Image:        image,
+		Labels: map[string]string{
+			"io.portainer.job.endpoint": strconv.Itoa(int(endpoint.ID)),
+		},
+		Cmd: strslice.StrSlice([]string{"sh", "/tmp/script.sh"}),
+	}
+
+	if schedule != nil {
+		containerConfig.Labels["io.portainer.schedule.id"] = strconv.Itoa(int(schedule.ID))
+	}
+
+	hostConfig := &container.HostConfig{
+		Binds:       []string{"/:/host", "/etc:/etc:ro", "/usr:/usr:ro", "/run:/run:ro", "/sbin:/sbin:ro", "/var:/var:ro"},
+		NetworkMode: "host",
+		Privileged:  true,
+	}
+
+	networkConfig := &network.NetworkingConfig{}
+
+	body, err := cli.ContainerCreate(context.Background(), containerConfig, hostConfig, networkConfig, "")
+	if err != nil {
+		return err
+	}
+
+	if schedule != nil {
+		err = cli.ContainerRename(context.Background(), body.ID, schedule.Name+"_"+body.ID)
+		if err != nil {
+			return err
+		}
+	}
+
+	copyOptions := types.CopyToContainerOptions{}
+	err = cli.CopyToContainer(context.Background(), body.ID, "/tmp", bytes.NewReader(buffer), copyOptions)
+	if err != nil {
+		return err
+	}
+
+	startOptions := types.ContainerStartOptions{}
+	return cli.ContainerStart(context.Background(), body.ID, startOptions)
+}
+
+func pullImage(cli *client.Client, image string) error {
+	imageReadCloser, err := cli.ImagePull(context.Background(), image, types.ImagePullOptions{})
+	if err != nil {
+		return err
+	}
+	defer imageReadCloser.Close()
+
+	_, err = io.Copy(ioutil.Discard, imageReadCloser)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
--- a/api/docker/snapshot.go
+++ b/api/docker/snapshot.go
@@ -2,8 +2,6 @@ package docker

 import (
 	"context"
-	"log"
-	"strings"
 	"time"

 	"github.com/docker/docker/api/types"
@@ -12,86 +10,63 @@ import (
 	"github.com/portainer/portainer/api"
 )

-// Snapshotter represents a service used to create endpoint snapshots
-type Snapshotter struct {
-	clientFactory *ClientFactory
-}
-
-// NewSnapshotter returns a new Snapshotter instance
-func NewSnapshotter(clientFactory *ClientFactory) *Snapshotter {
-	return &Snapshotter{
-		clientFactory: clientFactory,
-	}
-}
-
-// CreateSnapshot creates a snapshot of a specific Docker endpoint
-func (snapshotter *Snapshotter) CreateSnapshot(endpoint *portainer.Endpoint) (*portainer.DockerSnapshot, error) {
-	cli, err := snapshotter.clientFactory.CreateClient(endpoint, "")
-	if err != nil {
-		return nil, err
-	}
-	defer cli.Close()
-
-	return snapshot(cli, endpoint)
-}
-
-func snapshot(cli *client.Client, endpoint *portainer.Endpoint) (*portainer.DockerSnapshot, error) {
+func snapshot(cli *client.Client) (*portainer.Snapshot, error) {
 	_, err := cli.Ping(context.Background())
 	if err != nil {
 		return nil, err
 	}

-	snapshot := &portainer.DockerSnapshot{
+	snapshot := &portainer.Snapshot{
 		StackCount: 0,
 	}

 	err = snapshotInfo(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot engine information] [endpoint: %s] [err: %s]", endpoint.Name, err)
+		return nil, err
 	}

 	if snapshot.Swarm {
 		err = snapshotSwarmServices(snapshot, cli)
 		if err != nil {
-			log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot Swarm services] [endpoint: %s] [err: %s]", endpoint.Name, err)
+			return nil, err
 		}

 		err = snapshotNodes(snapshot, cli)
 		if err != nil {
-			log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot Swarm nodes] [endpoint: %s] [err: %s]", endpoint.Name, err)
+			return nil, err
 		}
 	}

 	err = snapshotContainers(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot containers] [endpoint: %s] [err: %s]", endpoint.Name, err)
+		return nil, err
 	}

 	err = snapshotImages(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot images] [endpoint: %s] [err: %s]", endpoint.Name, err)
+		return nil, err
 	}

 	err = snapshotVolumes(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot volumes] [endpoint: %s] [err: %s]", endpoint.Name, err)
+		return nil, err
 	}

 	err = snapshotNetworks(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot networks] [endpoint: %s] [err: %s]", endpoint.Name, err)
+		return nil, err
 	}

 	err = snapshotVersion(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot engine version] [endpoint: %s] [err: %s]", endpoint.Name, err)
+		return nil, err
 	}

 	snapshot.Time = time.Now().Unix()
 	return snapshot, nil
 }

-func snapshotInfo(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+func snapshotInfo(snapshot *portainer.Snapshot, cli *client.Client) error {
 	info, err := cli.Info(context.Background())
 	if err != nil {
 		return err
@@ -105,7 +80,7 @@ func snapshotInfo(snapshot *portainer.DockerSnapshot, cli *client.Client) error
 	return nil
 }

-func snapshotNodes(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+func snapshotNodes(snapshot *portainer.Snapshot, cli *client.Client) error {
 	nodes, err := cli.NodeList(context.Background(), types.NodeListOptions{})
 	if err != nil {
 		return err
@@ -118,11 +93,10 @@ func snapshotNodes(snapshot *portainer.DockerSnapshot, cli *client.Client) error
 	}
 	snapshot.TotalCPU = int(nanoCpus / 1e9)
 	snapshot.TotalMemory = totalMem
-	snapshot.NodeCount = len(nodes)
 	return nil
 }

-func snapshotSwarmServices(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+func snapshotSwarmServices(snapshot *portainer.Snapshot, cli *client.Client) error {
 	stacks := make(map[string]struct{})

 	services, err := cli.ServiceList(context.Background(), types.ServiceListOptions{})
@@ -143,7 +117,7 @@ func snapshotSwarmServices(snapshot *portainer.DockerSnapshot, cli *client.Clien
 	return nil
 }

-func snapshotContainers(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+func snapshotContainers(snapshot *portainer.Snapshot, cli *client.Client) error {
 	containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{All: true})
 	if err != nil {
 		return err
@@ -151,8 +125,6 @@ func snapshotContainers(snapshot *portainer.DockerSnapshot, cli *client.Client)

 	runningContainers := 0
 	stoppedContainers := 0
-	healthyContainers := 0
-	unhealthyContainers := 0
 	stacks := make(map[string]struct{})
 	for _, container := range containers {
 		if container.State == "exited" {
@@ -161,12 +133,6 @@ func snapshotContainers(snapshot *portainer.DockerSnapshot, cli *client.Client)
 			runningContainers++
 		}

-		if strings.Contains(container.Status, "(healthy)") {
-			healthyContainers++
-		} else if strings.Contains(container.Status, "(unhealthy)") {
-			unhealthyContainers++
-		}
-
 		for k, v := range container.Labels {
 			if k == "com.docker.compose.project" {
 				stacks[v] = struct{}{}
@@ -176,14 +142,12 @@ func snapshotContainers(snapshot *portainer.DockerSnapshot, cli *client.Client)

 	snapshot.RunningContainerCount = runningContainers
 	snapshot.StoppedContainerCount = stoppedContainers
-	snapshot.HealthyContainerCount = healthyContainers
-	snapshot.UnhealthyContainerCount = unhealthyContainers
 	snapshot.StackCount += len(stacks)
 	snapshot.SnapshotRaw.Containers = containers
 	return nil
 }

-func snapshotImages(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+func snapshotImages(snapshot *portainer.Snapshot, cli *client.Client) error {
 	images, err := cli.ImageList(context.Background(), types.ImageListOptions{})
 	if err != nil {
 		return err
@@ -194,7 +158,7 @@ func snapshotImages(snapshot *portainer.DockerSnapshot, cli *client.Client) erro
 	return nil
 }

-func snapshotVolumes(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+func snapshotVolumes(snapshot *portainer.Snapshot, cli *client.Client) error {
 	volumes, err := cli.VolumeList(context.Background(), filters.Args{})
 	if err != nil {
 		return err
@@ -205,7 +169,7 @@ func snapshotVolumes(snapshot *portainer.DockerSnapshot, cli *client.Client) err
 	return nil
 }

-func snapshotNetworks(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+func snapshotNetworks(snapshot *portainer.Snapshot, cli *client.Client) error {
 	networks, err := cli.NetworkList(context.Background(), types.NetworkListOptions{})
 	if err != nil {
 		return err
@@ -214,7 +178,7 @@ func snapshotNetworks(snapshot *portainer.DockerSnapshot, cli *client.Client) er
 	return nil
 }

-func snapshotVersion(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+func snapshotVersion(snapshot *portainer.Snapshot, cli *client.Client) error {
 	version, err := cli.ServerVersion(context.Background())
 	if err != nil {
 		return err
--- a/api/docker/snapshotter.go
+++ b/api/docker/snapshotter.go
@@ -0,0 +1,28 @@
+package docker
+
+import (
+	"github.com/portainer/portainer/api"
+)
+
+// Snapshotter represents a service used to create endpoint snapshots
+type Snapshotter struct {
+	clientFactory *ClientFactory
+}
+
+// NewSnapshotter returns a new Snapshotter instance
+func NewSnapshotter(clientFactory *ClientFactory) *Snapshotter {
+	return &Snapshotter{
+		clientFactory: clientFactory,
+	}
+}
+
+// CreateSnapshot creates a snapshot of a specific endpoint
+func (snapshotter *Snapshotter) CreateSnapshot(endpoint *portainer.Endpoint) (*portainer.Snapshot, error) {
+	cli, err := snapshotter.clientFactory.CreateClient(endpoint, "")
+	if err != nil {
+		return nil, err
+	}
+	defer cli.Close()
+
+	return snapshot(cli)
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Anthony Lapenna	ecf52616e2	feat(edge): update deployment instructions	2019-06-17 11:37:09 +12:00
Anthony Lapenna	69bc599b5b	feat(edge): refactor key creation	2019-06-17 09:18:17 +12:00
Anthony Lapenna	e58b019ffa	feat(edge): wip edge	2019-06-12 12:06:59 +12:00
Anthony Lapenna	1fc4e7bddb	Merge branch 'develop' into edge	2019-06-05 09:24:22 +12:00
Anthony Lapenna	2cabfd574c	Merge branch 'develop' into edge # Conflicts: # api/portainer.go	2019-05-27 11:29:35 +12:00
Anthony Lapenna	3b946d84ac	feat(endpoint-creation): update Edge agent deployment instructions	2019-05-24 18:01:50 +12:00
Anthony Lapenna	28abe55179	refactor(api): rename AgentIoTEnvironment to AgentEdgeEnvironment	2019-05-24 12:02:46 +12:00
Anthony Lapenna	e31365c6a5	refactor(api): rename AgentIoTEnvironment to AgentEdgeEnvironment	2019-05-24 11:46:18 +12:00
Anthony Lapenna	bedb4fc7f4	style(endpoint-creation): refactor IoT agent to Edge agent	2019-05-24 11:26:59 +12:00
Anthony Lapenna	8f05ba77b4	Merge branch 'develop' into edge	2019-05-24 11:11:57 +12:00
Anthony Lapenna	d03e22e26e	feat(intel): add -v /:/host and --name portainer_agent_iot to agent command	2019-04-24 20:15:05 +12:00
Anthony Lapenna	ec667a19a0	feat(intel): add -e CAP_HOST_MANAGEMENT=1 to agent command	2019-04-24 20:05:28 +12:00
Anthony Lapenna	8afe1ac37b	feat(intel): display agent features when connected to IoT endpoint	2019-04-24 19:35:26 +12:00
Anthony Lapenna	9dc3188cc0	feat(intel): fix webconsole and agent deployment command	2019-04-24 19:31:22 +12:00
Anthony Lapenna	9cf014adab	feat(intel): POC Intel	2019-04-24 14:59:15 +12:00