Merge branch 'deploy-sshKey' of github.com:rushirajsilvertouch/portainer into rushirajsilvertouch-deploy-sshKey

.babelrc

@@ -1,12 +0,0 @@
-{
-  "plugins": ["lodash", "angularjs-annotate"],
-  "presets": [
-    [
-      "@babel/preset-env",
-      {
-        "modules": false,
-        "useBuiltIns": "entry"
-      }
-    ]
-  ]
-}

.codeclimate.yml

@@ -53,7 +53,6 @@ plugins:
           mass_threshold: 80
   eslint:
     enabled: true
-    channel: "eslint-5"
     config:
       config: .eslintrc.yml
   fixme:

.eslintignore

@@ -1,3 +0,0 @@
-node_modules/
-dist/
-test/

.eslintrc.yml

@@ -1,29 +1,287 @@
 env:
   browser: true
   jquery: true
-  node: true
-  es6: true
-
-globals:
-  angular: true
-  __CONFIG_GA_ID: true
 
+# globals:
+#   angular: true
+#   $: true
+#   _: true
+#   moment: true
+#   filesize: true
+#   splitargs: true
 extends:
   - 'eslint:recommended'
-  - prettier
-
-plugins:
-  - import
-
-parserOptions:
-  ecmaVersion: 2018
-  sourceType: module
-  ecmaFeatures:
-    modules: true
 
+# http://eslint.org/docs/rules/
 rules:
-  no-control-regex: off
-  no-empty: warn
-  no-empty-function: warn
+  # Possible Errors
+  no-await-in-loop: off
+  no-cond-assign: error
+  no-console: off
+  no-constant-condition: error
+  no-control-regex: error
+  no-debugger: error
+  no-dupe-args: error
+  no-dupe-keys: error
+  no-duplicate-case: error
+  no-empty-character-class: error
+  no-empty: error
+  no-ex-assign: error
+  no-extra-boolean-cast: error
+  no-extra-parens: off
+  no-extra-semi: error
+  no-func-assign: error
+  no-inner-declarations:
+    - error
+    - functions
+  no-invalid-regexp: error
+  no-irregular-whitespace: error
+  no-negated-in-lhs: error
+  no-obj-calls: error
+  no-prototype-builtins: off
+  no-regex-spaces: error
+  no-sparse-arrays: error
+  no-template-curly-in-string: off
+  no-unexpected-multiline: error
+  no-unreachable: error
+  no-unsafe-finally: off
+  no-unsafe-negation: off
+  use-isnan: error
+  valid-jsdoc: off
+  valid-typeof: error
+
+  # Best Practices
+  accessor-pairs: error
+  array-callback-return: off
+  block-scoped-var: off
+  class-methods-use-this: off
+  complexity:
+    - error
+    - 6
+  consistent-return: off
+  curly: off
+  default-case: off
+  dot-location: off
+  dot-notation: off
+  eqeqeq: error
+  guard-for-in: error
+  no-alert: error
+  no-caller: error
+  no-case-declarations: error
+  no-div-regex: error
+  no-else-return: off
+  no-empty-function: off
+  no-empty-pattern: error
+  no-eq-null: error
+  no-eval: error
+  no-extend-native: error
+  no-extra-bind: error
+  no-extra-label: off
+  no-fallthrough: error
+  no-floating-decimal: off
+  no-global-assign: off
+  no-implicit-coercion: off
+  no-implied-eval: error
+  no-invalid-this: off
+  no-iterator: error
+  no-labels:
+    - error
+    - allowLoop: true
+      allowSwitch: true
+  no-lone-blocks: error
+  no-loop-func: error
+  no-magic-number: off
+  no-multi-spaces: off
+  no-multi-str: off
+  no-native-reassign: error
+  no-new-func: error
+  no-new-wrappers: error
+  no-new: error
+  no-octal-escape: error
+  no-octal: error
+  no-param-reassign: off
+  no-proto: error
+  no-redeclare: error
+  no-restricted-properties: off
+  no-return-assign: error
+  no-return-await: off
+  no-script-url: error
+  no-self-assign: off
+  no-self-compare: error
+  no-sequences: off
+  no-throw-literal: off
+  no-unmodified-loop-condition: off
+  no-unused-expressions: error
+  no-unused-labels: off
+  no-useless-call: error
+  no-useless-concat: error
   no-useless-escape: off
-  import/order: error
+  no-useless-return: off
+  no-void: error
+  no-warning-comments: off
+  no-with: error
+  prefer-promise-reject-errors: off
+  radix: error
+  require-await: off
+  vars-on-top: off
+  wrap-iife: error
+  yoda: off
+
+  # Strict
+  strict: off
+
+  # Variables
+  init-declarations: off
+  no-catch-shadow: error
+  no-delete-var: error
+  no-label-var: error
+  no-restricted-globals: off
+  no-shadow-restricted-names: error
+  no-shadow: off
+  no-undef-init: error
+  no-undef: off
+  no-undefined: off
+  no-unused-vars: 
+    - warn
+    -
+      vars: local
+  no-use-before-define: off
+
+  # Node.js and CommonJS
+  callback-return: error
+  global-require: error
+  handle-callback-err: error
+  no-mixed-requires: off
+  no-new-require: off
+  no-path-concat: error
+  no-process-env: off
+  no-process-exit: error
+  no-restricted-modules: off
+  no-sync: off
+
+  # Stylistic Issues
+  array-bracket-spacing: off
+  block-spacing: off
+  brace-style: off
+  camelcase: off
+  capitalized-comments: off
+  comma-dangle:
+    - error
+    - never
+  comma-spacing: off
+  comma-style: off
+  computed-property-spacing: off
+  consistent-this: off
+  eol-last: off
+  func-call-spacing: off
+  func-name-matching: off
+  func-names: off
+  func-style: off
+  id-length: off
+  id-match: off
+  indent: off
+  jsx-quotes: off
+  key-spacing: off
+  keyword-spacing: off
+  line-comment-position: off
+  linebreak-style:
+    - error
+    - unix
+  lines-around-comment: off
+  lines-around-directive: off
+  max-depth: off
+  max-len: off
+  max-nested-callbacks: off
+  max-params: off
+  max-statements-per-line: off
+  max-statements:
+    - error
+    - 30
+  multiline-ternary: off
+  new-cap: off
+  new-parens: off
+  newline-after-var: off
+  newline-before-return: off
+  newline-per-chained-call: off
+  no-array-constructor: off
+  no-bitwise: off
+  no-continue: off
+  no-inline-comments: off
+  no-lonely-if: off
+  no-mixed-operators: off
+  no-mixed-spaces-and-tabs: off
+  no-multi-assign: off
+  no-multiple-empty-lines: off
+  no-negated-condition: off
+  no-nested-ternary: off
+  no-new-object: off
+  no-plusplus: off
+  no-restricted-syntax: off
+  no-spaced-func: off
+  no-tabs: off
+  no-ternary: off
+  no-trailing-spaces: off
+  no-underscore-dangle: off
+  no-unneeded-ternary: off
+  object-curly-newline: off
+  object-curly-spacing: off
+  object-property-newline: off
+  one-var-declaration-per-line: off
+  one-var: off
+  operator-assignment: off
+  operator-linebreak: off
+  padded-blocks: off
+  quote-props: off
+  quotes:
+    - error
+    - single
+  require-jsdoc: off
+  semi-spacing: off
+  semi:
+    - error
+    - always
+  sort-keys: off
+  sort-vars: off
+  space-before-blocks: off
+  space-before-function-paren: off
+  space-in-parens: off
+  space-infix-ops: off
+  space-unary-ops: off
+  spaced-comment: off
+  template-tag-spacing: off
+  unicode-bom: off
+  wrap-regex: off
+
+  # ECMAScript 6
+  arrow-body-style: off
+  arrow-parens: off
+  arrow-spacing: off
+  constructor-super: off
+  generator-star-spacing: off
+  no-class-assign: off
+  no-confusing-arrow: off
+  no-const-assign: off
+  no-dupe-class-members: off
+  no-duplicate-imports: off
+  no-new-symbol: off
+  no-restricted-imports: off
+  no-this-before-super: off
+  no-useless-computed-key: off
+  no-useless-constructor: off
+  no-useless-rename: off
+  no-var: off
+  object-shorthand: off
+  prefer-arrow-callback: off
+  prefer-const: off
+  prefer-destructuring: off
+  prefer-numeric-literals: off
+  prefer-rest-params: off
+  prefer-reflect: off
+  prefer-spread: off
+  prefer-template: off
+  require-yield: off
+  rest-spread-spacing: off
+  sort-imports: off
+  symbol-description: off
+  template-curly-spacing: off
+  yield-star-spacing: off

.github/ISSUE_TEMPLATE/Bug_report.md

@@ -8,9 +8,7 @@ about: Create a bug report
 
 Thanks for reporting a bug for Portainer !
 
-You can find more information about Portainer support framework policy here: https://www.portainer.io/2019/04/portainer-support-policy/
-
-Do you need help or have a question? Come chat with us on Slack http://portainer.io/slack/.
+Do you need help or have a question? Come chat with us on Slack http://portainer.io/slack/ or gitter https://gitter.im/portainer/Lobby.
 
 Before opening a new issue, make sure that we do not have any duplicates
 already open. You can ensure this by searching the issue list for this
@@ -21,22 +19,24 @@ Also, be sure to check our FAQ and documentation first: https://portainer.readth
 -->
 
 **Bug description**
+
 A clear and concise description of what the bug is.
 
 **Expected behavior**
 A clear and concise description of what you expected to happen.
 
-**Portainer Logs**
-Provide the logs of your Portainer container or Service.
-You can see how [here](https://portainer.readthedocs.io/en/stable/faq.html#how-do-i-get-the-logs-from-portainer)
+Briefly describe what you were expecting.
 
 **Steps to reproduce the issue:**
+
+Steps to reproduce the behavior:
 1. Go to '...'
 2. Click on '....'
 3. Scroll down to '....'
 4. See error
 
 **Technical details:**
+
 * Portainer version:
 * Docker version (managed by Portainer):
 * Platform (windows/linux):

.github/ISSUE_TEMPLATE/Custom.md

@@ -6,9 +6,7 @@ about: Ask us a question about Portainer usage or deployment
 
 <!--
 
-You can find more information about Portainer support framework policy here: https://www.portainer.io/2019/04/portainer-support-policy/
-
-Do you need help or have a question? Come chat with us on Slack http://portainer.io/slack/
+Do you need help or have a question? Come chat with us on Slack http://portainer.io/slack/ or gitter https://gitter.im/portainer/Lobby.
 
 Also, be sure to check our FAQ and documentation first: https://portainer.readthedocs.io
 -->

.github/ISSUE_TEMPLATE/Feature_request.md

@@ -8,7 +8,7 @@ about: Suggest a feature/enhancement that should be added in Portainer
 
 Thanks for opening a feature request for Portainer !
 
-Do you need help or have a question? Come chat with us on Slack http://portainer.io/slack/
+Do you need help or have a question? Come chat with us on Slack http://portainer.io/slack/ or gitter https://gitter.im/portainer/Lobby.
 
 Before opening a new issue, make sure that we do not have any duplicates
 already open. You can ensure this by searching the issue list for this

.github/stale.yml

@@ -1,55 +0,0 @@
-# Config for Stalebot, limited to only `issues`
-only: issues
-
-# Issues config
-issues:
-  daysUntilStale: 60
-  daysUntilClose: 7
-
-  # Limit the number of actions per hour, from 1-30. Default is 30
-  limitPerRun: 30
-
-  # Issues with these labels will never be considered stale
-  exemptLabels:
-    - kind/enhancement
-    - kind/feature
-    - kind/question
-    - kind/style
-    - kind/workaround
-    - bug/need-confirmation
-    - bug/confirmed
-    - status/discuss
-  
-  # Only issues with all of these labels are checked if stale. Defaults to `[]` (disabled)
-  onlyLabels: []
-
-  # Set to true to ignore issues in a project (defaults to false)
-  exemptProjects: true
-  # Set to true to ignore issues in a milestone (defaults to false)
-  exemptMilestones: true
-  # Set to true to ignore issues with an assignee (defaults to false)
-  exemptAssignees: true
-
-  # Label to use when marking an issue as stale
-  staleLabel: status/stale
-
-  # Comment to post when marking an issue as stale. Set to `false` to disable
-  markComment: >
-    This issue has been marked as stale as it has not had recent activity, 
-    it will be closed if no further activity occurs in the next 7 days.
-    If you believe that it has been incorrectly labelled as stale, 
-    leave a comment and the label will be removed.
-
-  # Comment to post when removing the stale label.
-  # unmarkComment: >
-  #   Your comment here.
-
-  # Comment to post when closing a stale issue. Set to `false` to disable
-  closeComment: >
-    Since no further activity has appeared on this issue it will be closed.
-    If you believe that it has been incorrectly closed, leave a comment
-    and mention @itsconquest. One of our staff will then review the issue.
-    
-    Note - If it is an old bug report, make sure that it is reproduceable in the
-    latest version of Portainer as it may have already been fixed.
-    

.gitignore

@@ -4,5 +4,4 @@ dist
 portainer-checksum.txt
 api/cmd/portainer/portainer*
 .tmp
-.vscode
-.eslintcache
+.vscode

.prettierrc

@@ -1,13 +0,0 @@
-{
-  "printWidth": 180,
-  "singleQuote": true,
-  "htmlWhitespaceSensitivity": "strict",
-  "overrides": [
-    {
-      "files": ["*.html"],
-      "options": {
-        "parser": "angular"
-      }
-    }
-  ]
-}

CONTRIBUTING.md

@@ -6,16 +6,30 @@ Some basic conventions for contributing to this project.
 
 Please make sure that there aren't existing pull requests attempting to address the issue mentioned. Likewise, please check for issues related to update, as someone else may be working on the issue in a branch or fork.
 
-- Please open a discussion in a new issue / existing issue to talk about the changes you'd like to bring
-- Develop in a topic branch, not master/develop
+* Please open a discussion in a new issue / existing issue to talk about the changes you'd like to bring
+* Develop in a topic branch, not master/develop
 
-When creating a new branch, prefix it with the _type_ of the change (see section **Commit Message Format** below), the associated opened issue number, a dash and some text describing the issue (using dash as a separator).
+When creating a new branch, prefix it with the *type* of the change (see section **Commit Message Format** below), the associated opened issue number, a dash and some text describing the issue (using dash as a separator).
 
 For example, if you work on a bugfix for the issue #361, you could name the branch `fix361-template-selection`.
 
 ## Issues open to contribution
 
-Want to contribute but don't know where to start? Have a look at the issues labeled with the `good first issue` label: https://github.com/portainer/portainer/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22
+Want to contribute but don't know where to start?
+
+Some of the open issues are labeled with prefix `exp/`, this is used to mark them as available for contributors to work on. All of these have an attributed difficulty level:
+
+* **beginner**: a task that should be accessible with users not familiar with the codebase
+* **intermediate**: a task that require some understanding of the project codebase or some experience in
+either AngularJS or Golang
+* **advanced**: a task that require a deep understanding of the project codebase
+
+You can use Github filters to list these issues:
+
+* beginner labeled issues: https://github.com/portainer/portainer/labels/exp%2Fbeginner
+* intermediate labeled issues: https://github.com/portainer/portainer/labels/exp%2Fintermediate
+* advanced labeled issues: https://github.com/portainer/portainer/labels/exp%2Fadvanced
+
 
 ## Commit Message Format
 
@@ -37,14 +51,14 @@ Lines should not exceed 100 characters. This allows the message to be easier to
 
 Must be one of the following:
 
-- **feat**: A new feature
-- **fix**: A bug fix
-- **docs**: Documentation only changes
-- **style**: Changes that do not affect the meaning of the code (white-space, formatting, missing
+* **feat**: A new feature
+* **fix**: A bug fix
+* **docs**: Documentation only changes
+* **style**: Changes that do not affect the meaning of the code (white-space, formatting, missing
   semi-colons, etc)
-- **refactor**: A code change that neither fixes a bug or adds a feature
-- **test**: Adding missing tests
-- **chore**: Changes to the build process or auxiliary tools and libraries such as documentation
+* **refactor**: A code change that neither fixes a bug or adds a feature
+* **test**: Adding missing tests
+* **chore**: Changes to the build process or auxiliary tools and libraries such as documentation
   generation
 
 ### Scope
@@ -57,9 +71,9 @@ You can use the **area** label tag associated on the issue here (for `area/conta
 
 The subject contains succinct description of the change:
 
-- use the imperative, present tense: "change" not "changed" nor "changes"
-- don't capitalize first letter
-- no dot (.) at the end
+* use the imperative, present tense: "change" not "changed" nor "changes"
+* don't capitalize first letter
+* no dot (.) at the end
 
 ## Contribution process
 

README.md

@@ -1,19 +1,27 @@
+
 <p align="center">
-  <img title="portainer" src='https://github.com/portainer/portainer/blob/develop/assets/images/logo_alt.png?raw=true' />
+  <img title="portainer" src='https://portainer.io/images/logo_alt.png' />
 </p>
 
 [![Docker Pulls](https://img.shields.io/docker/pulls/portainer/portainer.svg)](https://hub.docker.com/r/portainer/portainer/)
-[![Microbadger](https://images.microbadger.com/badges/image/portainer/portainer.svg)](http://microbadger.com/images/portainer/portainer 'Image size')
-[![Build Status](https://portainer.visualstudio.com/Portainer%20CI/_apis/build/status/Portainer%20CI?branchName=develop)](https://portainer.visualstudio.com/Portainer%20CI/_build/latest?definitionId=3&branchName=develop)
+[![Microbadger](https://images.microbadger.com/badges/image/portainer/portainer.svg)](http://microbadger.com/images/portainer/portainer "Image size")
+[![Documentation Status](https://readthedocs.org/projects/portainer/badge/?version=stable)](http://portainer.readthedocs.io/en/stable/?badge=stable)
+[![Build Status](https://semaphoreci.com/api/v1/portainer/portainer/branches/develop/badge.svg)](https://semaphoreci.com/portainer/portainer)
 [![Code Climate](https://codeclimate.com/github/portainer/portainer/badges/gpa.svg)](https://codeclimate.com/github/portainer/portainer)
+[![Slack](https://portainer.io/slack/badge.svg)](https://portainer.io/slack/)
+[![Gitter](https://badges.gitter.im/portainer/Lobby.svg)](https://gitter.im/portainer/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 [![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=YHXZJQNJQ36H6)
 
 **_Portainer_** is a lightweight management UI which allows you to **easily** manage your different Docker environments (Docker hosts or Swarm clusters).
-**_Portainer_** is meant to be as **simple** to deploy as it is to use. It consists of a single container that can run on any Docker engine (can be deployed as Linux container or a Windows native container, supports other platforms too).
-**_Portainer_** allows you to manage all your Docker resources (containers, images, volumes, networks and more) ! It is compatible with the _standalone Docker_ engine and with _Docker Swarm mode_.
+
+**_Portainer_** is meant to be as **simple** to deploy as it is to use. It consists of a single container that can run on any Docker engine (can be deployed as Linux container or a Windows native container).
+
+**_Portainer_** allows you to manage your Docker containers, images, volumes, networks and more ! It is compatible with the *standalone Docker* engine and with *Docker Swarm mode*.
 
 ## Demo
 
+<img src="https://portainer.io/images/screenshots/portainer.gif" width="77%"/>
+
 You can try out the public demo instance: http://demo.portainer.io/ (login with the username **admin** and the password **tryportainer**).
 
 Please note that the public demo cluster is **reset every 15min**.
@@ -28,31 +36,31 @@ Unlike the public demo, the playground sessions are deleted after 4 hours. Apart
 
 ## Getting started
 
-- [Deploy Portainer](https://www.portainer.io/installation/)
-- [Documentation](https://www.portainer.io/documentation/)
+* [Deploy Portainer](https://portainer.readthedocs.io/en/latest/deployment.html)
+* [Documentation](https://portainer.readthedocs.io)
 
 ## Getting help
 
-For FORMAL Support, please purchase a support subscription from here: https://www.portainer.io/products-services/portainer-business-support/
-
-For community support: You can find more information about Portainer's community support framework policy here: https://www.portainer.io/2019/04/portainer-support-policy/
-
-- Issues: https://github.com/portainer/portainer/issues
-- FAQ: https://www.portainer.io/documentation/faqs/
-- Slack (chat): https://portainer.io/slack/
+* Issues: https://github.com/portainer/portainer/issues
+* FAQ: https://portainer.readthedocs.io/en/latest/faq.html
+* Slack (chat): https://portainer.io/slack/
+* Gitter (chat): https://gitter.im/portainer/Lobby
 
 ## Reporting bugs and contributing
 
-- Want to report a bug or request a feature? Please open [an issue](https://github.com/portainer/portainer/issues/new).
-- Want to help us build **_portainer_**? Follow our [contribution guidelines](https://www.portainer.io/documentation/how-to-contribute/) to build it locally and make a pull request. We need all the help we can get!
-
-## Security
-
-- Here at Portainer, we believe in [responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure) of security issues. If you have found a security issue, please report it to <security@portainer.io>.
+* Want to report a bug or request a feature? Please open [an issue](https://github.com/portainer/portainer/issues/new).
+* Want to help us build **_portainer_**? Follow our [contribution guidelines](https://portainer.readthedocs.io/en/latest/contribute.html) to build it  locally and make a pull request. We need all the help we can get!
 
 ## Limitations
 
-Portainer supports "Current - 2 docker versions only. Prior versions may operate, however these are not supported.
+**_Portainer_** has full support for the following Docker versions:
+
+* Docker 1.10 to the latest version
+* Standalone Docker Swarm >= 1.2.3 _(**NOTE:** Use of Standalone Docker Swarm is being discouraged since the introduction of built-in Swarm Mode in Docker. While older versions of Portainer had support for Standalone Docker Swarm, Portainer 1.17.0 and newer **do not** support it. However, the built-in Swarm Mode of Docker is fully supported.)_
+
+Partial support for the following Docker versions (some features may not be available):
+
+* Docker 1.9
 
 ## Licensing
 
@@ -62,4 +70,4 @@ Portainer also contains the following code, which is licensed under the [MIT lic
 
 UI For Docker: Copyright (c) 2013-2016 Michael Crosby (crosbymichael.com), Kevan Ahlquist (kevanahlquist.com), Anthony Lapenna (portainer.io)
 
-rdash-angular: Copyright (c) [2014][elliot hesp]
+rdash-angular: Copyright (c) [2014] [Elliot Hesp]

api/access_control.go

@@ -1,154 +0,0 @@
-package portainer
-
-// NewPrivateResourceControl will create a new private resource control associated to the resource specified by the
-// identifier and type parameters. It automatically assigns it to the user specified by the userID parameter.
-func NewPrivateResourceControl(resourceIdentifier string, resourceType ResourceControlType, userID UserID) *ResourceControl {
-	return &ResourceControl{
-		Type:           resourceType,
-		ResourceID:     resourceIdentifier,
-		SubResourceIDs: []string{},
-		UserAccesses: []UserResourceAccess{
-			{
-				UserID:      userID,
-				AccessLevel: ReadWriteAccessLevel,
-			},
-		},
-		TeamAccesses:       []TeamResourceAccess{},
-		AdministratorsOnly: false,
-		Public:             false,
-		System:             false,
-	}
-}
-
-// NewSystemResourceControl will create a new public resource control with the System flag set to true.
-// These kind of resource control are not persisted and are created on the fly by the Portainer API.
-func NewSystemResourceControl(resourceIdentifier string, resourceType ResourceControlType) *ResourceControl {
-	return &ResourceControl{
-		Type:               resourceType,
-		ResourceID:         resourceIdentifier,
-		SubResourceIDs:     []string{},
-		UserAccesses:       []UserResourceAccess{},
-		TeamAccesses:       []TeamResourceAccess{},
-		AdministratorsOnly: false,
-		Public:             true,
-		System:             true,
-	}
-}
-
-// NewPublicResourceControl will create a new public resource control.
-func NewPublicResourceControl(resourceIdentifier string, resourceType ResourceControlType) *ResourceControl {
-	return &ResourceControl{
-		Type:               resourceType,
-		ResourceID:         resourceIdentifier,
-		SubResourceIDs:     []string{},
-		UserAccesses:       []UserResourceAccess{},
-		TeamAccesses:       []TeamResourceAccess{},
-		AdministratorsOnly: false,
-		Public:             true,
-		System:             false,
-	}
-}
-
-// NewRestrictedResourceControl will create a new resource control with user and team accesses restrictions.
-func NewRestrictedResourceControl(resourceIdentifier string, resourceType ResourceControlType, userIDs []UserID, teamIDs []TeamID) *ResourceControl {
-	userAccesses := make([]UserResourceAccess, 0)
-	teamAccesses := make([]TeamResourceAccess, 0)
-
-	for _, id := range userIDs {
-		access := UserResourceAccess{
-			UserID:      id,
-			AccessLevel: ReadWriteAccessLevel,
-		}
-
-		userAccesses = append(userAccesses, access)
-	}
-
-	for _, id := range teamIDs {
-		access := TeamResourceAccess{
-			TeamID:      id,
-			AccessLevel: ReadWriteAccessLevel,
-		}
-
-		teamAccesses = append(teamAccesses, access)
-	}
-
-	return &ResourceControl{
-		Type:               resourceType,
-		ResourceID:         resourceIdentifier,
-		SubResourceIDs:     []string{},
-		UserAccesses:       userAccesses,
-		TeamAccesses:       teamAccesses,
-		AdministratorsOnly: false,
-		Public:             false,
-		System:             false,
-	}
-}
-
-// DecorateStacks will iterate through a list of stacks, check for an associated resource control for each
-// stack and decorate the stack element if a resource control is found.
-func DecorateStacks(stacks []Stack, resourceControls []ResourceControl) []Stack {
-	for idx, stack := range stacks {
-
-		resourceControl := GetResourceControlByResourceIDAndType(stack.Name, StackResourceControl, resourceControls)
-		if resourceControl != nil {
-			stacks[idx].ResourceControl = resourceControl
-		}
-	}
-
-	return stacks
-}
-
-// FilterAuthorizedStacks returns a list of decorated stacks filtered through resource control access checks.
-func FilterAuthorizedStacks(stacks []Stack, user *User, userTeamIDs []TeamID, rbacEnabled bool) []Stack {
-	authorizedStacks := make([]Stack, 0)
-
-	for _, stack := range stacks {
-		_, ok := user.EndpointAuthorizations[stack.EndpointID][EndpointResourcesAccess]
-		if rbacEnabled && ok {
-			authorizedStacks = append(authorizedStacks, stack)
-			continue
-		}
-
-		if stack.ResourceControl != nil && UserCanAccessResource(user.ID, userTeamIDs, stack.ResourceControl) {
-			authorizedStacks = append(authorizedStacks, stack)
-		}
-	}
-
-	return authorizedStacks
-}
-
-// UserCanAccessResource will valide that a user has permissions defined in the specified resource control
-// based on its identifier and the team(s) he is part of.
-func UserCanAccessResource(userID UserID, userTeamIDs []TeamID, resourceControl *ResourceControl) bool {
-	for _, authorizedUserAccess := range resourceControl.UserAccesses {
-		if userID == authorizedUserAccess.UserID {
-			return true
-		}
-	}
-
-	for _, authorizedTeamAccess := range resourceControl.TeamAccesses {
-		for _, userTeamID := range userTeamIDs {
-			if userTeamID == authorizedTeamAccess.TeamID {
-				return true
-			}
-		}
-	}
-
-	return resourceControl.Public
-}
-
-// GetResourceControlByResourceIDAndType retrieves the first matching resource control in a set of resource controls
-// based on the specified id and resource type parameters.
-func GetResourceControlByResourceIDAndType(resourceID string, resourceType ResourceControlType, resourceControls []ResourceControl) *ResourceControl {
-	for _, resourceControl := range resourceControls {
-		if resourceID == resourceControl.ResourceID && resourceType == resourceControl.Type {
-			return &resourceControl
-		}
-		for _, subResourceID := range resourceControl.SubResourceIDs {
-			if resourceID == subResourceID {
-				return &resourceControl
-			}
-		}
-	}
-	return nil
-}

api/archive/tar.go

@@ -7,13 +7,13 @@ import (
 
 // TarFileInBuffer will create a tar archive containing a single file named via fileName and using the content
 // specified in fileContent. Returns the archive as a byte array.
-func TarFileInBuffer(fileContent []byte, fileName string, mode int64) ([]byte, error) {
+func TarFileInBuffer(fileContent []byte, fileName string) ([]byte, error) {
 	var buffer bytes.Buffer
 	tarWriter := tar.NewWriter(&buffer)
 
 	header := &tar.Header{
 		Name: fileName,
-		Mode: mode,
+		Mode: 0600,
 		Size: int64(len(fileContent)),
 	}
 

api/archive/zip.go

@@ -1,54 +0,0 @@
-package archive
-
-import (
-	"archive/zip"
-	"bytes"
-	"io"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-)
-
-// UnzipArchive will unzip an archive from bytes into the dest destination folder on disk
-func UnzipArchive(archiveData []byte, dest string) error {
-	zipReader, err := zip.NewReader(bytes.NewReader(archiveData), int64(len(archiveData)))
-	if err != nil {
-		return err
-	}
-
-	for _, zipFile := range zipReader.File {
-		err := extractFileFromArchive(zipFile, dest)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func extractFileFromArchive(file *zip.File, dest string) error {
-	f, err := file.Open()
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	data, err := ioutil.ReadAll(f)
-	if err != nil {
-		return err
-	}
-
-	fpath := filepath.Join(dest, file.Name)
-
-	outFile, err := os.OpenFile(fpath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, file.Mode())
-	if err != nil {
-		return err
-	}
-
-	_, err = io.Copy(outFile, bytes.NewReader(data))
-	if err != nil {
-		return err
-	}
-
-	return outFile.Close()
-}

api/authorizations.go

@@ -1,795 +0,0 @@
-package portainer
-
-// AuthorizationService represents a service used to
-// update authorizations associated to a user or team.
-type AuthorizationService struct {
-	endpointService       EndpointService
-	endpointGroupService  EndpointGroupService
-	registryService       RegistryService
-	roleService           RoleService
-	teamMembershipService TeamMembershipService
-	userService           UserService
-}
-
-// AuthorizationServiceParameters are the required parameters
-// used to create a new AuthorizationService.
-type AuthorizationServiceParameters struct {
-	EndpointService       EndpointService
-	EndpointGroupService  EndpointGroupService
-	RegistryService       RegistryService
-	RoleService           RoleService
-	TeamMembershipService TeamMembershipService
-	UserService           UserService
-}
-
-// NewAuthorizationService returns a point to a new AuthorizationService instance.
-func NewAuthorizationService(parameters *AuthorizationServiceParameters) *AuthorizationService {
-	return &AuthorizationService{
-		endpointService:       parameters.EndpointService,
-		endpointGroupService:  parameters.EndpointGroupService,
-		registryService:       parameters.RegistryService,
-		roleService:           parameters.RoleService,
-		teamMembershipService: parameters.TeamMembershipService,
-		userService:           parameters.UserService,
-	}
-}
-
-// DefaultEndpointAuthorizationsForEndpointAdministratorRole returns the default endpoint authorizations
-// associated to the endpoint administrator role.
-func DefaultEndpointAuthorizationsForEndpointAdministratorRole() Authorizations {
-	return map[Authorization]bool{
-		OperationDockerContainerArchiveInfo:         true,
-		OperationDockerContainerList:                true,
-		OperationDockerContainerExport:              true,
-		OperationDockerContainerChanges:             true,
-		OperationDockerContainerInspect:             true,
-		OperationDockerContainerTop:                 true,
-		OperationDockerContainerLogs:                true,
-		OperationDockerContainerStats:               true,
-		OperationDockerContainerAttachWebsocket:     true,
-		OperationDockerContainerArchive:             true,
-		OperationDockerContainerCreate:              true,
-		OperationDockerContainerPrune:               true,
-		OperationDockerContainerKill:                true,
-		OperationDockerContainerPause:               true,
-		OperationDockerContainerUnpause:             true,
-		OperationDockerContainerRestart:             true,
-		OperationDockerContainerStart:               true,
-		OperationDockerContainerStop:                true,
-		OperationDockerContainerWait:                true,
-		OperationDockerContainerResize:              true,
-		OperationDockerContainerAttach:              true,
-		OperationDockerContainerExec:                true,
-		OperationDockerContainerRename:              true,
-		OperationDockerContainerUpdate:              true,
-		OperationDockerContainerPutContainerArchive: true,
-		OperationDockerContainerDelete:              true,
-		OperationDockerImageList:                    true,
-		OperationDockerImageSearch:                  true,
-		OperationDockerImageGetAll:                  true,
-		OperationDockerImageGet:                     true,
-		OperationDockerImageHistory:                 true,
-		OperationDockerImageInspect:                 true,
-		OperationDockerImageLoad:                    true,
-		OperationDockerImageCreate:                  true,
-		OperationDockerImagePrune:                   true,
-		OperationDockerImagePush:                    true,
-		OperationDockerImageTag:                     true,
-		OperationDockerImageDelete:                  true,
-		OperationDockerImageCommit:                  true,
-		OperationDockerImageBuild:                   true,
-		OperationDockerNetworkList:                  true,
-		OperationDockerNetworkInspect:               true,
-		OperationDockerNetworkCreate:                true,
-		OperationDockerNetworkConnect:               true,
-		OperationDockerNetworkDisconnect:            true,
-		OperationDockerNetworkPrune:                 true,
-		OperationDockerNetworkDelete:                true,
-		OperationDockerVolumeList:                   true,
-		OperationDockerVolumeInspect:                true,
-		OperationDockerVolumeCreate:                 true,
-		OperationDockerVolumePrune:                  true,
-		OperationDockerVolumeDelete:                 true,
-		OperationDockerExecInspect:                  true,
-		OperationDockerExecStart:                    true,
-		OperationDockerExecResize:                   true,
-		OperationDockerSwarmInspect:                 true,
-		OperationDockerSwarmUnlockKey:               true,
-		OperationDockerSwarmInit:                    true,
-		OperationDockerSwarmJoin:                    true,
-		OperationDockerSwarmLeave:                   true,
-		OperationDockerSwarmUpdate:                  true,
-		OperationDockerSwarmUnlock:                  true,
-		OperationDockerNodeList:                     true,
-		OperationDockerNodeInspect:                  true,
-		OperationDockerNodeUpdate:                   true,
-		OperationDockerNodeDelete:                   true,
-		OperationDockerServiceList:                  true,
-		OperationDockerServiceInspect:               true,
-		OperationDockerServiceLogs:                  true,
-		OperationDockerServiceCreate:                true,
-		OperationDockerServiceUpdate:                true,
-		OperationDockerServiceDelete:                true,
-		OperationDockerSecretList:                   true,
-		OperationDockerSecretInspect:                true,
-		OperationDockerSecretCreate:                 true,
-		OperationDockerSecretUpdate:                 true,
-		OperationDockerSecretDelete:                 true,
-		OperationDockerConfigList:                   true,
-		OperationDockerConfigInspect:                true,
-		OperationDockerConfigCreate:                 true,
-		OperationDockerConfigUpdate:                 true,
-		OperationDockerConfigDelete:                 true,
-		OperationDockerTaskList:                     true,
-		OperationDockerTaskInspect:                  true,
-		OperationDockerTaskLogs:                     true,
-		OperationDockerPluginList:                   true,
-		OperationDockerPluginPrivileges:             true,
-		OperationDockerPluginInspect:                true,
-		OperationDockerPluginPull:                   true,
-		OperationDockerPluginCreate:                 true,
-		OperationDockerPluginEnable:                 true,
-		OperationDockerPluginDisable:                true,
-		OperationDockerPluginPush:                   true,
-		OperationDockerPluginUpgrade:                true,
-		OperationDockerPluginSet:                    true,
-		OperationDockerPluginDelete:                 true,
-		OperationDockerSessionStart:                 true,
-		OperationDockerDistributionInspect:          true,
-		OperationDockerBuildPrune:                   true,
-		OperationDockerBuildCancel:                  true,
-		OperationDockerPing:                         true,
-		OperationDockerInfo:                         true,
-		OperationDockerVersion:                      true,
-		OperationDockerEvents:                       true,
-		OperationDockerSystem:                       true,
-		OperationDockerUndefined:                    true,
-		OperationDockerAgentPing:                    true,
-		OperationDockerAgentList:                    true,
-		OperationDockerAgentHostInfo:                true,
-		OperationDockerAgentBrowseDelete:            true,
-		OperationDockerAgentBrowseGet:               true,
-		OperationDockerAgentBrowseList:              true,
-		OperationDockerAgentBrowsePut:               true,
-		OperationDockerAgentBrowseRename:            true,
-		OperationDockerAgentUndefined:               true,
-		OperationPortainerResourceControlCreate:     true,
-		OperationPortainerResourceControlUpdate:     true,
-		OperationPortainerStackList:                 true,
-		OperationPortainerStackInspect:              true,
-		OperationPortainerStackFile:                 true,
-		OperationPortainerStackCreate:               true,
-		OperationPortainerStackMigrate:              true,
-		OperationPortainerStackUpdate:               true,
-		OperationPortainerStackDelete:               true,
-		OperationPortainerWebsocketExec:             true,
-		OperationPortainerWebhookList:               true,
-		OperationPortainerWebhookCreate:             true,
-		OperationPortainerWebhookDelete:             true,
-		OperationIntegrationStoridgeAdmin:           true,
-		EndpointResourcesAccess:                     true,
-	}
-}
-
-// DefaultEndpointAuthorizationsForHelpDeskRole returns the default endpoint authorizations
-// associated to the helpdesk role.
-func DefaultEndpointAuthorizationsForHelpDeskRole(volumeBrowsingAuthorizations bool) Authorizations {
-	authorizations := map[Authorization]bool{
-		OperationDockerContainerArchiveInfo: true,
-		OperationDockerContainerList:        true,
-		OperationDockerContainerChanges:     true,
-		OperationDockerContainerInspect:     true,
-		OperationDockerContainerTop:         true,
-		OperationDockerContainerLogs:        true,
-		OperationDockerContainerStats:       true,
-		OperationDockerImageList:            true,
-		OperationDockerImageSearch:          true,
-		OperationDockerImageGetAll:          true,
-		OperationDockerImageGet:             true,
-		OperationDockerImageHistory:         true,
-		OperationDockerImageInspect:         true,
-		OperationDockerNetworkList:          true,
-		OperationDockerNetworkInspect:       true,
-		OperationDockerVolumeList:           true,
-		OperationDockerVolumeInspect:        true,
-		OperationDockerSwarmInspect:         true,
-		OperationDockerNodeList:             true,
-		OperationDockerNodeInspect:          true,
-		OperationDockerServiceList:          true,
-		OperationDockerServiceInspect:       true,
-		OperationDockerServiceLogs:          true,
-		OperationDockerSecretList:           true,
-		OperationDockerSecretInspect:        true,
-		OperationDockerConfigList:           true,
-		OperationDockerConfigInspect:        true,
-		OperationDockerTaskList:             true,
-		OperationDockerTaskInspect:          true,
-		OperationDockerTaskLogs:             true,
-		OperationDockerPluginList:           true,
-		OperationDockerDistributionInspect:  true,
-		OperationDockerPing:                 true,
-		OperationDockerInfo:                 true,
-		OperationDockerVersion:              true,
-		OperationDockerEvents:               true,
-		OperationDockerSystem:               true,
-		OperationDockerAgentPing:            true,
-		OperationDockerAgentList:            true,
-		OperationDockerAgentHostInfo:        true,
-		OperationPortainerStackList:         true,
-		OperationPortainerStackInspect:      true,
-		OperationPortainerStackFile:         true,
-		OperationPortainerWebhookList:       true,
-		EndpointResourcesAccess:             true,
-	}
-
-	if volumeBrowsingAuthorizations {
-		authorizations[OperationDockerAgentBrowseGet] = true
-		authorizations[OperationDockerAgentBrowseList] = true
-	}
-
-	return authorizations
-}
-
-// DefaultEndpointAuthorizationsForStandardUserRole returns the default endpoint authorizations
-// associated to the standard user role.
-func DefaultEndpointAuthorizationsForStandardUserRole(volumeBrowsingAuthorizations bool) Authorizations {
-	authorizations := map[Authorization]bool{
-		OperationDockerContainerArchiveInfo:         true,
-		OperationDockerContainerList:                true,
-		OperationDockerContainerExport:              true,
-		OperationDockerContainerChanges:             true,
-		OperationDockerContainerInspect:             true,
-		OperationDockerContainerTop:                 true,
-		OperationDockerContainerLogs:                true,
-		OperationDockerContainerStats:               true,
-		OperationDockerContainerAttachWebsocket:     true,
-		OperationDockerContainerArchive:             true,
-		OperationDockerContainerCreate:              true,
-		OperationDockerContainerKill:                true,
-		OperationDockerContainerPause:               true,
-		OperationDockerContainerUnpause:             true,
-		OperationDockerContainerRestart:             true,
-		OperationDockerContainerStart:               true,
-		OperationDockerContainerStop:                true,
-		OperationDockerContainerWait:                true,
-		OperationDockerContainerResize:              true,
-		OperationDockerContainerAttach:              true,
-		OperationDockerContainerExec:                true,
-		OperationDockerContainerRename:              true,
-		OperationDockerContainerUpdate:              true,
-		OperationDockerContainerPutContainerArchive: true,
-		OperationDockerContainerDelete:              true,
-		OperationDockerImageList:                    true,
-		OperationDockerImageSearch:                  true,
-		OperationDockerImageGetAll:                  true,
-		OperationDockerImageGet:                     true,
-		OperationDockerImageHistory:                 true,
-		OperationDockerImageInspect:                 true,
-		OperationDockerImageLoad:                    true,
-		OperationDockerImageCreate:                  true,
-		OperationDockerImagePush:                    true,
-		OperationDockerImageTag:                     true,
-		OperationDockerImageDelete:                  true,
-		OperationDockerImageCommit:                  true,
-		OperationDockerImageBuild:                   true,
-		OperationDockerNetworkList:                  true,
-		OperationDockerNetworkInspect:               true,
-		OperationDockerNetworkCreate:                true,
-		OperationDockerNetworkConnect:               true,
-		OperationDockerNetworkDisconnect:            true,
-		OperationDockerNetworkDelete:                true,
-		OperationDockerVolumeList:                   true,
-		OperationDockerVolumeInspect:                true,
-		OperationDockerVolumeCreate:                 true,
-		OperationDockerVolumeDelete:                 true,
-		OperationDockerExecInspect:                  true,
-		OperationDockerExecStart:                    true,
-		OperationDockerExecResize:                   true,
-		OperationDockerSwarmInspect:                 true,
-		OperationDockerSwarmUnlockKey:               true,
-		OperationDockerSwarmInit:                    true,
-		OperationDockerSwarmJoin:                    true,
-		OperationDockerSwarmLeave:                   true,
-		OperationDockerSwarmUpdate:                  true,
-		OperationDockerSwarmUnlock:                  true,
-		OperationDockerNodeList:                     true,
-		OperationDockerNodeInspect:                  true,
-		OperationDockerNodeUpdate:                   true,
-		OperationDockerNodeDelete:                   true,
-		OperationDockerServiceList:                  true,
-		OperationDockerServiceInspect:               true,
-		OperationDockerServiceLogs:                  true,
-		OperationDockerServiceCreate:                true,
-		OperationDockerServiceUpdate:                true,
-		OperationDockerServiceDelete:                true,
-		OperationDockerSecretList:                   true,
-		OperationDockerSecretInspect:                true,
-		OperationDockerSecretCreate:                 true,
-		OperationDockerSecretUpdate:                 true,
-		OperationDockerSecretDelete:                 true,
-		OperationDockerConfigList:                   true,
-		OperationDockerConfigInspect:                true,
-		OperationDockerConfigCreate:                 true,
-		OperationDockerConfigUpdate:                 true,
-		OperationDockerConfigDelete:                 true,
-		OperationDockerTaskList:                     true,
-		OperationDockerTaskInspect:                  true,
-		OperationDockerTaskLogs:                     true,
-		OperationDockerPluginList:                   true,
-		OperationDockerPluginPrivileges:             true,
-		OperationDockerPluginInspect:                true,
-		OperationDockerPluginPull:                   true,
-		OperationDockerPluginCreate:                 true,
-		OperationDockerPluginEnable:                 true,
-		OperationDockerPluginDisable:                true,
-		OperationDockerPluginPush:                   true,
-		OperationDockerPluginUpgrade:                true,
-		OperationDockerPluginSet:                    true,
-		OperationDockerPluginDelete:                 true,
-		OperationDockerSessionStart:                 true,
-		OperationDockerDistributionInspect:          true,
-		OperationDockerBuildPrune:                   true,
-		OperationDockerBuildCancel:                  true,
-		OperationDockerPing:                         true,
-		OperationDockerInfo:                         true,
-		OperationDockerVersion:                      true,
-		OperationDockerEvents:                       true,
-		OperationDockerSystem:                       true,
-		OperationDockerUndefined:                    true,
-		OperationDockerAgentPing:                    true,
-		OperationDockerAgentList:                    true,
-		OperationDockerAgentHostInfo:                true,
-		OperationDockerAgentUndefined:               true,
-		OperationPortainerResourceControlUpdate:     true,
-		OperationPortainerStackList:                 true,
-		OperationPortainerStackInspect:              true,
-		OperationPortainerStackFile:                 true,
-		OperationPortainerStackCreate:               true,
-		OperationPortainerStackMigrate:              true,
-		OperationPortainerStackUpdate:               true,
-		OperationPortainerStackDelete:               true,
-		OperationPortainerWebsocketExec:             true,
-		OperationPortainerWebhookList:               true,
-		OperationPortainerWebhookCreate:             true,
-	}
-
-	if volumeBrowsingAuthorizations {
-		authorizations[OperationDockerAgentBrowseGet] = true
-		authorizations[OperationDockerAgentBrowseList] = true
-		authorizations[OperationDockerAgentBrowseDelete] = true
-		authorizations[OperationDockerAgentBrowsePut] = true
-		authorizations[OperationDockerAgentBrowseRename] = true
-	}
-
-	return authorizations
-}
-
-// DefaultEndpointAuthorizationsForReadOnlyUserRole returns the default endpoint authorizations
-// associated to the readonly user role.
-func DefaultEndpointAuthorizationsForReadOnlyUserRole(volumeBrowsingAuthorizations bool) Authorizations {
-	authorizations := map[Authorization]bool{
-		OperationDockerContainerArchiveInfo: true,
-		OperationDockerContainerList:        true,
-		OperationDockerContainerChanges:     true,
-		OperationDockerContainerInspect:     true,
-		OperationDockerContainerTop:         true,
-		OperationDockerContainerLogs:        true,
-		OperationDockerContainerStats:       true,
-		OperationDockerImageList:            true,
-		OperationDockerImageSearch:          true,
-		OperationDockerImageGetAll:          true,
-		OperationDockerImageGet:             true,
-		OperationDockerImageHistory:         true,
-		OperationDockerImageInspect:         true,
-		OperationDockerNetworkList:          true,
-		OperationDockerNetworkInspect:       true,
-		OperationDockerVolumeList:           true,
-		OperationDockerVolumeInspect:        true,
-		OperationDockerSwarmInspect:         true,
-		OperationDockerNodeList:             true,
-		OperationDockerNodeInspect:          true,
-		OperationDockerServiceList:          true,
-		OperationDockerServiceInspect:       true,
-		OperationDockerServiceLogs:          true,
-		OperationDockerSecretList:           true,
-		OperationDockerSecretInspect:        true,
-		OperationDockerConfigList:           true,
-		OperationDockerConfigInspect:        true,
-		OperationDockerTaskList:             true,
-		OperationDockerTaskInspect:          true,
-		OperationDockerTaskLogs:             true,
-		OperationDockerPluginList:           true,
-		OperationDockerDistributionInspect:  true,
-		OperationDockerPing:                 true,
-		OperationDockerInfo:                 true,
-		OperationDockerVersion:              true,
-		OperationDockerEvents:               true,
-		OperationDockerSystem:               true,
-		OperationDockerAgentPing:            true,
-		OperationDockerAgentList:            true,
-		OperationDockerAgentHostInfo:        true,
-		OperationPortainerStackList:         true,
-		OperationPortainerStackInspect:      true,
-		OperationPortainerStackFile:         true,
-		OperationPortainerWebhookList:       true,
-	}
-
-	if volumeBrowsingAuthorizations {
-		authorizations[OperationDockerAgentBrowseGet] = true
-		authorizations[OperationDockerAgentBrowseList] = true
-	}
-
-	return authorizations
-}
-
-// DefaultPortainerAuthorizations returns the default Portainer authorizations used by non-admin users.
-func DefaultPortainerAuthorizations() Authorizations {
-	return map[Authorization]bool{
-		OperationPortainerDockerHubInspect:        true,
-		OperationPortainerEndpointGroupList:       true,
-		OperationPortainerEndpointList:            true,
-		OperationPortainerEndpointInspect:         true,
-		OperationPortainerEndpointExtensionAdd:    true,
-		OperationPortainerEndpointExtensionRemove: true,
-		OperationPortainerExtensionList:           true,
-		OperationPortainerMOTD:                    true,
-		OperationPortainerRegistryList:            true,
-		OperationPortainerRegistryInspect:         true,
-		OperationPortainerTeamList:                true,
-		OperationPortainerTemplateList:            true,
-		OperationPortainerTemplateInspect:         true,
-		OperationPortainerUserList:                true,
-		OperationPortainerUserInspect:             true,
-		OperationPortainerUserMemberships:         true,
-	}
-}
-
-// UpdateVolumeBrowsingAuthorizations will update all the volume browsing authorizations for each role (except endpoint administrator)
-// based on the specified removeAuthorizations parameter. If removeAuthorizations is set to true, all
-// the authorizations will be dropped for the each role. If removeAuthorizations is set to false, the authorizations
-// will be reset based for each role.
-func (service AuthorizationService) UpdateVolumeBrowsingAuthorizations(remove bool) error {
-	roles, err := service.roleService.Roles()
-	if err != nil {
-		return err
-	}
-
-	for _, role := range roles {
-		// all roles except endpoint administrator
-		if role.ID != RoleID(1) {
-			updateRoleVolumeBrowsingAuthorizations(&role, remove)
-
-			err := service.roleService.UpdateRole(role.ID, &role)
-			if err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
-
-func updateRoleVolumeBrowsingAuthorizations(role *Role, removeAuthorizations bool) {
-	if !removeAuthorizations {
-		delete(role.Authorizations, OperationDockerAgentBrowseDelete)
-		delete(role.Authorizations, OperationDockerAgentBrowseGet)
-		delete(role.Authorizations, OperationDockerAgentBrowseList)
-		delete(role.Authorizations, OperationDockerAgentBrowsePut)
-		delete(role.Authorizations, OperationDockerAgentBrowseRename)
-		return
-	}
-
-	role.Authorizations[OperationDockerAgentBrowseGet] = true
-	role.Authorizations[OperationDockerAgentBrowseList] = true
-
-	// Standard-user
-	if role.ID == RoleID(3) {
-		role.Authorizations[OperationDockerAgentBrowseDelete] = true
-		role.Authorizations[OperationDockerAgentBrowsePut] = true
-		role.Authorizations[OperationDockerAgentBrowseRename] = true
-	}
-}
-
-// RemoveTeamAccessPolicies will remove all existing access policies associated to the specified team
-func (service *AuthorizationService) RemoveTeamAccessPolicies(teamID TeamID) error {
-	endpoints, err := service.endpointService.Endpoints()
-	if err != nil {
-		return err
-	}
-
-	for _, endpoint := range endpoints {
-		for policyTeamID := range endpoint.TeamAccessPolicies {
-			if policyTeamID == teamID {
-				delete(endpoint.TeamAccessPolicies, policyTeamID)
-
-				err := service.endpointService.UpdateEndpoint(endpoint.ID, &endpoint)
-				if err != nil {
-					return err
-				}
-
-				break
-			}
-		}
-	}
-
-	endpointGroups, err := service.endpointGroupService.EndpointGroups()
-	if err != nil {
-		return err
-	}
-
-	for _, endpointGroup := range endpointGroups {
-		for policyTeamID := range endpointGroup.TeamAccessPolicies {
-			if policyTeamID == teamID {
-				delete(endpointGroup.TeamAccessPolicies, policyTeamID)
-
-				err := service.endpointGroupService.UpdateEndpointGroup(endpointGroup.ID, &endpointGroup)
-				if err != nil {
-					return err
-				}
-
-				break
-			}
-		}
-	}
-
-	registries, err := service.registryService.Registries()
-	if err != nil {
-		return err
-	}
-
-	for _, registry := range registries {
-		for policyTeamID := range registry.TeamAccessPolicies {
-			if policyTeamID == teamID {
-				delete(registry.TeamAccessPolicies, policyTeamID)
-
-				err := service.registryService.UpdateRegistry(registry.ID, &registry)
-				if err != nil {
-					return err
-				}
-
-				break
-			}
-		}
-	}
-
-	return service.UpdateUsersAuthorizations()
-}
-
-// RemoveUserAccessPolicies will remove all existing access policies associated to the specified user
-func (service *AuthorizationService) RemoveUserAccessPolicies(userID UserID) error {
-	endpoints, err := service.endpointService.Endpoints()
-	if err != nil {
-		return err
-	}
-
-	for _, endpoint := range endpoints {
-		for policyUserID := range endpoint.UserAccessPolicies {
-			if policyUserID == userID {
-				delete(endpoint.UserAccessPolicies, policyUserID)
-
-				err := service.endpointService.UpdateEndpoint(endpoint.ID, &endpoint)
-				if err != nil {
-					return err
-				}
-
-				break
-			}
-		}
-	}
-
-	endpointGroups, err := service.endpointGroupService.EndpointGroups()
-	if err != nil {
-		return err
-	}
-
-	for _, endpointGroup := range endpointGroups {
-		for policyUserID := range endpointGroup.UserAccessPolicies {
-			if policyUserID == userID {
-				delete(endpointGroup.UserAccessPolicies, policyUserID)
-
-				err := service.endpointGroupService.UpdateEndpointGroup(endpointGroup.ID, &endpointGroup)
-				if err != nil {
-					return err
-				}
-
-				break
-			}
-		}
-	}
-
-	registries, err := service.registryService.Registries()
-	if err != nil {
-		return err
-	}
-
-	for _, registry := range registries {
-		for policyUserID := range registry.UserAccessPolicies {
-			if policyUserID == userID {
-				delete(registry.UserAccessPolicies, policyUserID)
-
-				err := service.registryService.UpdateRegistry(registry.ID, &registry)
-				if err != nil {
-					return err
-				}
-
-				break
-			}
-		}
-	}
-
-	return nil
-}
-
-// UpdateUsersAuthorizations will trigger an update of the authorizations for all the users.
-func (service *AuthorizationService) UpdateUsersAuthorizations() error {
-	users, err := service.userService.Users()
-	if err != nil {
-		return err
-	}
-
-	for _, user := range users {
-		err := service.updateUserAuthorizations(user.ID)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (service *AuthorizationService) updateUserAuthorizations(userID UserID) error {
-	user, err := service.userService.User(userID)
-	if err != nil {
-		return err
-	}
-
-	endpointAuthorizations, err := service.getAuthorizations(user)
-	if err != nil {
-		return err
-	}
-
-	user.EndpointAuthorizations = endpointAuthorizations
-
-	return service.userService.UpdateUser(userID, user)
-}
-
-func (service *AuthorizationService) getAuthorizations(user *User) (EndpointAuthorizations, error) {
-	endpointAuthorizations := EndpointAuthorizations{}
-	if user.Role == AdministratorRole {
-		return endpointAuthorizations, nil
-	}
-
-	userMemberships, err := service.teamMembershipService.TeamMembershipsByUserID(user.ID)
-	if err != nil {
-		return endpointAuthorizations, err
-	}
-
-	endpoints, err := service.endpointService.Endpoints()
-	if err != nil {
-		return endpointAuthorizations, err
-	}
-
-	endpointGroups, err := service.endpointGroupService.EndpointGroups()
-	if err != nil {
-		return endpointAuthorizations, err
-	}
-
-	roles, err := service.roleService.Roles()
-	if err != nil {
-		return endpointAuthorizations, err
-	}
-
-	endpointAuthorizations = getUserEndpointAuthorizations(user, endpoints, endpointGroups, roles, userMemberships)
-
-	return endpointAuthorizations, nil
-}
-
-func getUserEndpointAuthorizations(user *User, endpoints []Endpoint, endpointGroups []EndpointGroup, roles []Role, userMemberships []TeamMembership) EndpointAuthorizations {
-	endpointAuthorizations := make(EndpointAuthorizations)
-
-	groupUserAccessPolicies := map[EndpointGroupID]UserAccessPolicies{}
-	groupTeamAccessPolicies := map[EndpointGroupID]TeamAccessPolicies{}
-	for _, endpointGroup := range endpointGroups {
-		groupUserAccessPolicies[endpointGroup.ID] = endpointGroup.UserAccessPolicies
-		groupTeamAccessPolicies[endpointGroup.ID] = endpointGroup.TeamAccessPolicies
-	}
-
-	for _, endpoint := range endpoints {
-		authorizations := getAuthorizationsFromUserEndpointPolicy(user, &endpoint, roles)
-		if len(authorizations) > 0 {
-			endpointAuthorizations[endpoint.ID] = authorizations
-			continue
-		}
-
-		authorizations = getAuthorizationsFromUserEndpointGroupPolicy(user, &endpoint, roles, groupUserAccessPolicies)
-		if len(authorizations) > 0 {
-			endpointAuthorizations[endpoint.ID] = authorizations
-			continue
-		}
-
-		authorizations = getAuthorizationsFromTeamEndpointPolicies(userMemberships, &endpoint, roles)
-		if len(authorizations) > 0 {
-			endpointAuthorizations[endpoint.ID] = authorizations
-			continue
-		}
-
-		authorizations = getAuthorizationsFromTeamEndpointGroupPolicies(userMemberships, &endpoint, roles, groupTeamAccessPolicies)
-		if len(authorizations) > 0 {
-			endpointAuthorizations[endpoint.ID] = authorizations
-		}
-	}
-
-	return endpointAuthorizations
-}
-
-func getAuthorizationsFromUserEndpointPolicy(user *User, endpoint *Endpoint, roles []Role) Authorizations {
-	policyRoles := make([]RoleID, 0)
-
-	policy, ok := endpoint.UserAccessPolicies[user.ID]
-	if ok {
-		policyRoles = append(policyRoles, policy.RoleID)
-	}
-
-	return getAuthorizationsFromRoles(policyRoles, roles)
-}
-
-func getAuthorizationsFromUserEndpointGroupPolicy(user *User, endpoint *Endpoint, roles []Role, groupAccessPolicies map[EndpointGroupID]UserAccessPolicies) Authorizations {
-	policyRoles := make([]RoleID, 0)
-
-	policy, ok := groupAccessPolicies[endpoint.GroupID][user.ID]
-	if ok {
-		policyRoles = append(policyRoles, policy.RoleID)
-	}
-
-	return getAuthorizationsFromRoles(policyRoles, roles)
-}
-
-func getAuthorizationsFromTeamEndpointPolicies(memberships []TeamMembership, endpoint *Endpoint, roles []Role) Authorizations {
-	policyRoles := make([]RoleID, 0)
-
-	for _, membership := range memberships {
-		policy, ok := endpoint.TeamAccessPolicies[membership.TeamID]
-		if ok {
-			policyRoles = append(policyRoles, policy.RoleID)
-		}
-	}
-
-	return getAuthorizationsFromRoles(policyRoles, roles)
-}
-
-func getAuthorizationsFromTeamEndpointGroupPolicies(memberships []TeamMembership, endpoint *Endpoint, roles []Role, groupAccessPolicies map[EndpointGroupID]TeamAccessPolicies) Authorizations {
-	policyRoles := make([]RoleID, 0)
-
-	for _, membership := range memberships {
-		policy, ok := groupAccessPolicies[endpoint.GroupID][membership.TeamID]
-		if ok {
-			policyRoles = append(policyRoles, policy.RoleID)
-		}
-	}
-
-	return getAuthorizationsFromRoles(policyRoles, roles)
-}
-
-func getAuthorizationsFromRoles(roleIdentifiers []RoleID, roles []Role) Authorizations {
-	var associatedRoles []Role
-
-	for _, id := range roleIdentifiers {
-		for _, role := range roles {
-			if role.ID == id {
-				associatedRoles = append(associatedRoles, role)
-				break
-			}
-		}
-	}
-
-	var authorizations Authorizations
-	highestPriority := 0
-	for _, role := range associatedRoles {
-		if role.Priority > highestPriority {
-			highestPriority = role.Priority
-			authorizations = role.Authorizations
-		}
-	}
-
-	return authorizations
-}

api/bolt/datastore.go

@@ -5,31 +5,24 @@ import (
 	"path"
 	"time"
 
-	"github.com/portainer/portainer/api/bolt/edgegroup"
-	"github.com/portainer/portainer/api/bolt/edgestack"
-	"github.com/portainer/portainer/api/bolt/endpointrelation"
-	"github.com/portainer/portainer/api/bolt/tunnelserver"
-
 	"github.com/boltdb/bolt"
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/dockerhub"
-	"github.com/portainer/portainer/api/bolt/endpoint"
-	"github.com/portainer/portainer/api/bolt/endpointgroup"
-	"github.com/portainer/portainer/api/bolt/extension"
-	"github.com/portainer/portainer/api/bolt/migrator"
-	"github.com/portainer/portainer/api/bolt/registry"
-	"github.com/portainer/portainer/api/bolt/resourcecontrol"
-	"github.com/portainer/portainer/api/bolt/role"
-	"github.com/portainer/portainer/api/bolt/schedule"
-	"github.com/portainer/portainer/api/bolt/settings"
-	"github.com/portainer/portainer/api/bolt/stack"
-	"github.com/portainer/portainer/api/bolt/tag"
-	"github.com/portainer/portainer/api/bolt/team"
-	"github.com/portainer/portainer/api/bolt/teammembership"
-	"github.com/portainer/portainer/api/bolt/template"
-	"github.com/portainer/portainer/api/bolt/user"
-	"github.com/portainer/portainer/api/bolt/version"
-	"github.com/portainer/portainer/api/bolt/webhook"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/deploykey"
+	"github.com/portainer/portainer/bolt/dockerhub"
+	"github.com/portainer/portainer/bolt/endpoint"
+	"github.com/portainer/portainer/bolt/endpointgroup"
+	"github.com/portainer/portainer/bolt/migrator"
+	"github.com/portainer/portainer/bolt/registry"
+	"github.com/portainer/portainer/bolt/resourcecontrol"
+	"github.com/portainer/portainer/bolt/settings"
+	"github.com/portainer/portainer/bolt/stack"
+	"github.com/portainer/portainer/bolt/tag"
+	"github.com/portainer/portainer/bolt/team"
+	"github.com/portainer/portainer/bolt/teammembership"
+	"github.com/portainer/portainer/bolt/template"
+	"github.com/portainer/portainer/bolt/user"
+	"github.com/portainer/portainer/bolt/version"
+	"github.com/portainer/portainer/bolt/webhook"
 )
 
 const (
@@ -39,31 +32,25 @@ const (
 // Store defines the implementation of portainer.DataStore using
 // BoltDB as the storage system.
 type Store struct {
-	path                    string
-	db                      *bolt.DB
-	checkForDataMigration   bool
-	fileService             portainer.FileService
-	RoleService             *role.Service
-	DockerHubService        *dockerhub.Service
-	EdgeGroupService        *edgegroup.Service
-	EdgeStackService        *edgestack.Service
-	EndpointGroupService    *endpointgroup.Service
-	EndpointService         *endpoint.Service
-	EndpointRelationService *endpointrelation.Service
-	ExtensionService        *extension.Service
-	RegistryService         *registry.Service
-	ResourceControlService  *resourcecontrol.Service
-	SettingsService         *settings.Service
-	StackService            *stack.Service
-	TagService              *tag.Service
-	TeamMembershipService   *teammembership.Service
-	TeamService             *team.Service
-	TemplateService         *template.Service
-	TunnelServerService     *tunnelserver.Service
-	UserService             *user.Service
-	VersionService          *version.Service
-	WebhookService          *webhook.Service
-	ScheduleService         *schedule.Service
+	path                   string
+	db                     *bolt.DB
+	checkForDataMigration  bool
+	fileService            portainer.FileService
+	DockerHubService       *dockerhub.Service
+	EndpointGroupService   *endpointgroup.Service
+	EndpointService        *endpoint.Service
+	RegistryService        *registry.Service
+	ResourceControlService *resourcecontrol.Service
+	SettingsService        *settings.Service
+	StackService           *stack.Service
+	TagService             *tag.Service
+	TeamMembershipService  *teammembership.Service
+	TeamService            *team.Service
+	TemplateService        *template.Service
+	UserService            *user.Service
+	VersionService         *version.Service
+	WebhookService         *webhook.Service
+	DeploykeyService       *deploykey.Service
 }
 
 // NewStore initializes a new Store and the associated services
@@ -100,6 +87,29 @@ func (store *Store) Open() error {
 	return store.initServices()
 }
 
+// Init creates the default data set.
+func (store *Store) Init() error {
+	groups, err := store.EndpointGroupService.EndpointGroups()
+	if err != nil {
+		return err
+	}
+
+	if len(groups) == 0 {
+		unassignedGroup := &portainer.EndpointGroup{
+			Name:            "Unassigned",
+			Description:     "Unassigned endpoints",
+			Labels:          []portainer.Pair{},
+			AuthorizedUsers: []portainer.UserID{},
+			AuthorizedTeams: []portainer.TeamID{},
+			Tags:            []string{},
+		}
+
+		return store.EndpointGroupService.CreateEndpointGroup(unassignedGroup)
+	}
+
+	return nil
+}
+
 // Close closes the BoltDB database.
 func (store *Store) Close() error {
 	if store.db != nil {
@@ -123,24 +133,16 @@ func (store *Store) MigrateData() error {
 
 	if version < portainer.DBVersion {
 		migratorParams := &migrator.Parameters{
-			DB:                      store.db,
-			DatabaseVersion:         version,
-			EndpointGroupService:    store.EndpointGroupService,
-			EndpointService:         store.EndpointService,
-			EndpointRelationService: store.EndpointRelationService,
-			ExtensionService:        store.ExtensionService,
-			RegistryService:         store.RegistryService,
-			ResourceControlService:  store.ResourceControlService,
-			RoleService:             store.RoleService,
-			ScheduleService:         store.ScheduleService,
-			SettingsService:         store.SettingsService,
-			StackService:            store.StackService,
-			TagService:              store.TagService,
-			TeamMembershipService:   store.TeamMembershipService,
-			TemplateService:         store.TemplateService,
-			UserService:             store.UserService,
-			VersionService:          store.VersionService,
-			FileService:             store.fileService,
+			DB:                     store.db,
+			DatabaseVersion:        version,
+			EndpointGroupService:   store.EndpointGroupService,
+			EndpointService:        store.EndpointService,
+			ResourceControlService: store.ResourceControlService,
+			SettingsService:        store.SettingsService,
+			StackService:           store.StackService,
+			UserService:            store.UserService,
+			VersionService:         store.VersionService,
+			FileService:            store.fileService,
 		}
 		migrator := migrator.NewMigrator(migratorParams)
 
@@ -156,30 +158,12 @@ func (store *Store) MigrateData() error {
 }
 
 func (store *Store) initServices() error {
-	authorizationsetService, err := role.NewService(store.db)
-	if err != nil {
-		return err
-	}
-	store.RoleService = authorizationsetService
-
 	dockerhubService, err := dockerhub.NewService(store.db)
 	if err != nil {
 		return err
 	}
 	store.DockerHubService = dockerhubService
 
-	edgeStackService, err := edgestack.NewService(store.db)
-	if err != nil {
-		return err
-	}
-	store.EdgeStackService = edgeStackService
-
-	edgeGroupService, err := edgegroup.NewService(store.db)
-	if err != nil {
-		return err
-	}
-	store.EdgeGroupService = edgeGroupService
-
 	endpointgroupService, err := endpointgroup.NewService(store.db)
 	if err != nil {
 		return err
@@ -192,18 +176,6 @@ func (store *Store) initServices() error {
 	}
 	store.EndpointService = endpointService
 
-	endpointRelationService, err := endpointrelation.NewService(store.db)
-	if err != nil {
-		return err
-	}
-	store.EndpointRelationService = endpointRelationService
-
-	extensionService, err := extension.NewService(store.db)
-	if err != nil {
-		return err
-	}
-	store.ExtensionService = extensionService
-
 	registryService, err := registry.NewService(store.db)
 	if err != nil {
 		return err
@@ -234,6 +206,12 @@ func (store *Store) initServices() error {
 	}
 	store.TagService = tagService
 
+	deploykeyService, err := deploykey.NewService(store.db)
+	if err != nil {
+		return err
+	}
+	store.DeploykeyService = deploykeyService
+	
 	teammembershipService, err := teammembership.NewService(store.db)
 	if err != nil {
 		return err
@@ -252,12 +230,6 @@ func (store *Store) initServices() error {
 	}
 	store.TemplateService = templateService
 
-	tunnelServerService, err := tunnelserver.NewService(store.db)
-	if err != nil {
-		return err
-	}
-	store.TunnelServerService = tunnelServerService
-
 	userService, err := user.NewService(store.db)
 	if err != nil {
 		return err
@@ -276,11 +248,5 @@ func (store *Store) initServices() error {
 	}
 	store.WebhookService = webhookService
 
-	scheduleService, err := schedule.NewService(store.db)
-	if err != nil {
-		return err
-	}
-	store.ScheduleService = scheduleService
-
 	return nil
 }

api/bolt/deploykey/deploykey.go

@@ -0,0 +1,75 @@
+package deploykey
+
+import (
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
+	"github.com/boltdb/bolt"
+)
+
+const (
+	// BucketName represents the name of the bucket where this service stores data.
+	BucketName = "deploykeys"
+)
+
+// Service represents a service for managing endpoint data.
+type Service struct {
+	db *bolt.DB
+}
+
+// NewService creates a new instance of a service.
+func NewService(db *bolt.DB) (*Service, error) {
+	err := internal.CreateBucket(db, BucketName)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Service{
+		db: db,
+	}, nil
+}
+
+// Keys return an array containing all the keys.
+func (service *Service) Deploykeys() ([]portainer.Deploykey, error) {
+	var deploykeys = make([]portainer.Deploykey, 0)
+
+	err := service.db.View(func(tx *bolt.Tx) error {
+		bucket := tx.Bucket([]byte(BucketName))
+
+		cursor := bucket.Cursor()
+		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
+			var deploykey portainer.Deploykey
+			err := internal.UnmarshalObject(v, &deploykey)
+			if err != nil {
+				return err
+			}
+			deploykeys = append(deploykeys, deploykey)
+		}
+
+		return nil
+	})
+
+	return deploykeys, err
+}
+
+// CreateKey creates a new key.
+func (service *Service) CreateDeploykey(deploykey *portainer.Deploykey) error {
+	return service.db.Update(func(tx *bolt.Tx) error {
+		bucket := tx.Bucket([]byte(BucketName))
+
+		id, _ := bucket.NextSequence()
+		deploykey.ID = portainer.DeploykeyID(id)
+
+		data, err := internal.MarshalObject(deploykey)
+		if err != nil {
+			return err
+		}
+
+		return bucket.Put(internal.Itob(int(deploykey.ID)), data)
+	})
+}
+
+// DeleteDeploykey deletes a key.
+func (service *Service) DeleteDeploykey(ID portainer.DeploykeyID) error {
+	identifier := internal.Itob(int(ID))
+	return internal.DeleteObject(service.db, BucketName, identifier)
+}

api/bolt/dockerhub/dockerhub.go

@@ -1,8 +1,8 @@
 package dockerhub
 
 import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 
 	"github.com/boltdb/bolt"
 )

api/bolt/edgegroup/edgegroup.go

@@ -1,94 +0,0 @@
-package edgegroup
-
-import (
-	"github.com/boltdb/bolt"
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "edgegroups"
-)
-
-// Service represents a service for managing Edge group data.
-type Service struct {
-	db *bolt.DB
-}
-
-// NewService creates a new instance of a service.
-func NewService(db *bolt.DB) (*Service, error) {
-	err := internal.CreateBucket(db, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		db: db,
-	}, nil
-}
-
-// EdgeGroups return an array containing all the Edge groups.
-func (service *Service) EdgeGroups() ([]portainer.EdgeGroup, error) {
-	var groups = make([]portainer.EdgeGroup, 0)
-
-	err := service.db.View(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		cursor := bucket.Cursor()
-		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
-			var group portainer.EdgeGroup
-			err := internal.UnmarshalObjectWithJsoniter(v, &group)
-			if err != nil {
-				return err
-			}
-			groups = append(groups, group)
-		}
-
-		return nil
-	})
-
-	return groups, err
-}
-
-// EdgeGroup returns an Edge group by ID.
-func (service *Service) EdgeGroup(ID portainer.EdgeGroupID) (*portainer.EdgeGroup, error) {
-	var group portainer.EdgeGroup
-	identifier := internal.Itob(int(ID))
-
-	err := internal.GetObject(service.db, BucketName, identifier, &group)
-	if err != nil {
-		return nil, err
-	}
-
-	return &group, nil
-}
-
-// UpdateEdgeGroup updates an Edge group.
-func (service *Service) UpdateEdgeGroup(ID portainer.EdgeGroupID, group *portainer.EdgeGroup) error {
-	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.db, BucketName, identifier, group)
-}
-
-// DeleteEdgeGroup deletes an Edge group.
-func (service *Service) DeleteEdgeGroup(ID portainer.EdgeGroupID) error {
-	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.db, BucketName, identifier)
-}
-
-// CreateEdgeGroup assign an ID to a new Edge group and saves it.
-func (service *Service) CreateEdgeGroup(group *portainer.EdgeGroup) error {
-	return service.db.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		id, _ := bucket.NextSequence()
-		group.ID = portainer.EdgeGroupID(id)
-
-		data, err := internal.MarshalObject(group)
-		if err != nil {
-			return err
-		}
-
-		return bucket.Put(internal.Itob(int(group.ID)), data)
-	})
-}

api/bolt/edgestack/edgestack.go

@@ -1,101 +0,0 @@
-package edgestack
-
-import (
-	"github.com/boltdb/bolt"
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "edge_stack"
-)
-
-// Service represents a service for managing Edge stack data.
-type Service struct {
-	db *bolt.DB
-}
-
-// NewService creates a new instance of a service.
-func NewService(db *bolt.DB) (*Service, error) {
-	err := internal.CreateBucket(db, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		db: db,
-	}, nil
-}
-
-// EdgeStacks returns an array containing all edge stacks
-func (service *Service) EdgeStacks() ([]portainer.EdgeStack, error) {
-	var stacks = make([]portainer.EdgeStack, 0)
-
-	err := service.db.View(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		cursor := bucket.Cursor()
-		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
-			var stack portainer.EdgeStack
-			err := internal.UnmarshalObject(v, &stack)
-			if err != nil {
-				return err
-			}
-			stacks = append(stacks, stack)
-		}
-
-		return nil
-	})
-
-	return stacks, err
-}
-
-// EdgeStack returns an Edge stack by ID.
-func (service *Service) EdgeStack(ID portainer.EdgeStackID) (*portainer.EdgeStack, error) {
-	var stack portainer.EdgeStack
-	identifier := internal.Itob(int(ID))
-
-	err := internal.GetObject(service.db, BucketName, identifier, &stack)
-	if err != nil {
-		return nil, err
-	}
-
-	return &stack, nil
-}
-
-// CreateEdgeStack assign an ID to a new Edge stack and saves it.
-func (service *Service) CreateEdgeStack(edgeStack *portainer.EdgeStack) error {
-	return service.db.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		if edgeStack.ID == 0 {
-			id, _ := bucket.NextSequence()
-			edgeStack.ID = portainer.EdgeStackID(id)
-		}
-
-		data, err := internal.MarshalObject(edgeStack)
-		if err != nil {
-			return err
-		}
-
-		return bucket.Put(internal.Itob(int(edgeStack.ID)), data)
-	})
-}
-
-// UpdateEdgeStack updates an Edge stack.
-func (service *Service) UpdateEdgeStack(ID portainer.EdgeStackID, edgeStack *portainer.EdgeStack) error {
-	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.db, BucketName, identifier, edgeStack)
-}
-
-// DeleteEdgeStack deletes an Edge stack.
-func (service *Service) DeleteEdgeStack(ID portainer.EdgeStackID) error {
-	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.db, BucketName, identifier)
-}
-
-// GetNextIdentifier returns the next identifier for an endpoint.
-func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.db, BucketName)
-}

api/bolt/endpoint/endpoint.go

@@ -1,9 +1,10 @@
 package endpoint
 
 import (
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
+
 	"github.com/boltdb/bolt"
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
 )
 
 const (
@@ -63,7 +64,7 @@ func (service *Service) Endpoints() ([]portainer.Endpoint, error) {
 		cursor := bucket.Cursor()
 		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
 			var endpoint portainer.Endpoint
-			err := internal.UnmarshalObjectWithJsoniter(v, &endpoint)
+			err := internal.UnmarshalObject(v, &endpoint)
 			if err != nil {
 				return err
 			}

api/bolt/endpointgroup/endpointgroup.go

@@ -1,8 +1,8 @@
 package endpointgroup
 
 import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 
 	"github.com/boltdb/bolt"
 )

api/bolt/endpointrelation/endpointrelation.go

@@ -1,68 +0,0 @@
-package endpointrelation
-
-import (
-	"github.com/boltdb/bolt"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "endpoint_relations"
-)
-
-// Service represents a service for managing endpoint relation data.
-type Service struct {
-	db *bolt.DB
-}
-
-// NewService creates a new instance of a service.
-func NewService(db *bolt.DB) (*Service, error) {
-	err := internal.CreateBucket(db, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		db: db,
-	}, nil
-}
-
-// EndpointRelation returns a Endpoint relation object by EndpointID
-func (service *Service) EndpointRelation(endpointID portainer.EndpointID) (*portainer.EndpointRelation, error) {
-	var endpointRelation portainer.EndpointRelation
-	identifier := internal.Itob(int(endpointID))
-
-	err := internal.GetObject(service.db, BucketName, identifier, &endpointRelation)
-	if err != nil {
-		return nil, err
-	}
-
-	return &endpointRelation, nil
-}
-
-// CreateEndpointRelation saves endpointRelation
-func (service *Service) CreateEndpointRelation(endpointRelation *portainer.EndpointRelation) error {
-	return service.db.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		data, err := internal.MarshalObject(endpointRelation)
-		if err != nil {
-			return err
-		}
-
-		return bucket.Put(internal.Itob(int(endpointRelation.EndpointID)), data)
-	})
-}
-
-// UpdateEndpointRelation updates an Endpoint relation object
-func (service *Service) UpdateEndpointRelation(EndpointID portainer.EndpointID, endpointRelation *portainer.EndpointRelation) error {
-	identifier := internal.Itob(int(EndpointID))
-	return internal.UpdateObject(service.db, BucketName, identifier, endpointRelation)
-}
-
-// DeleteEndpointRelation deletes an Endpoint relation object
-func (service *Service) DeleteEndpointRelation(EndpointID portainer.EndpointID) error {
-	identifier := internal.Itob(int(EndpointID))
-	return internal.DeleteObject(service.db, BucketName, identifier)
-}

api/bolt/extension/extension.go

@@ -1,86 +0,0 @@
-package extension
-
-import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-
-	"github.com/boltdb/bolt"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "extension"
-)
-
-// Service represents a service for managing endpoint data.
-type Service struct {
-	db *bolt.DB
-}
-
-// NewService creates a new instance of a service.
-func NewService(db *bolt.DB) (*Service, error) {
-	err := internal.CreateBucket(db, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		db: db,
-	}, nil
-}
-
-// Extension returns a extension by ID
-func (service *Service) Extension(ID portainer.ExtensionID) (*portainer.Extension, error) {
-	var extension portainer.Extension
-	identifier := internal.Itob(int(ID))
-
-	err := internal.GetObject(service.db, BucketName, identifier, &extension)
-	if err != nil {
-		return nil, err
-	}
-
-	return &extension, nil
-}
-
-// Extensions return an array containing all the extensions.
-func (service *Service) Extensions() ([]portainer.Extension, error) {
-	var extensions = make([]portainer.Extension, 0)
-
-	err := service.db.View(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		cursor := bucket.Cursor()
-		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
-			var extension portainer.Extension
-			err := internal.UnmarshalObject(v, &extension)
-			if err != nil {
-				return err
-			}
-			extensions = append(extensions, extension)
-		}
-
-		return nil
-	})
-
-	return extensions, err
-}
-
-// Persist persists a extension inside the database.
-func (service *Service) Persist(extension *portainer.Extension) error {
-	return service.db.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		data, err := internal.MarshalObject(extension)
-		if err != nil {
-			return err
-		}
-
-		return bucket.Put(internal.Itob(int(extension.ID)), data)
-	})
-}
-
-// DeleteExtension deletes a Extension.
-func (service *Service) DeleteExtension(ID portainer.ExtensionID) error {
-	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.db, BucketName, identifier)
-}

api/bolt/init.go

@@ -1,84 +0,0 @@
-package bolt
-
-import portainer "github.com/portainer/portainer/api"
-
-// Init creates the default data set.
-func (store *Store) Init() error {
-	groups, err := store.EndpointGroupService.EndpointGroups()
-	if err != nil {
-		return err
-	}
-
-	if len(groups) == 0 {
-		unassignedGroup := &portainer.EndpointGroup{
-			Name:               "Unassigned",
-			Description:        "Unassigned endpoints",
-			Labels:             []portainer.Pair{},
-			UserAccessPolicies: portainer.UserAccessPolicies{},
-			TeamAccessPolicies: portainer.TeamAccessPolicies{},
-			TagIDs:             []portainer.TagID{},
-		}
-
-		err = store.EndpointGroupService.CreateEndpointGroup(unassignedGroup)
-		if err != nil {
-			return err
-		}
-	}
-
-	roles, err := store.RoleService.Roles()
-	if err != nil {
-		return err
-	}
-
-	if len(roles) == 0 {
-		environmentAdministratorRole := &portainer.Role{
-			Name:           "Endpoint administrator",
-			Description:    "Full control of all resources in an endpoint",
-			Priority:       1,
-			Authorizations: portainer.DefaultEndpointAuthorizationsForEndpointAdministratorRole(),
-		}
-
-		err = store.RoleService.CreateRole(environmentAdministratorRole)
-		if err != nil {
-			return err
-		}
-
-		environmentReadOnlyUserRole := &portainer.Role{
-			Name:           "Helpdesk",
-			Description:    "Read-only access of all resources in an endpoint",
-			Priority:       2,
-			Authorizations: portainer.DefaultEndpointAuthorizationsForHelpDeskRole(false),
-		}
-
-		err = store.RoleService.CreateRole(environmentReadOnlyUserRole)
-		if err != nil {
-			return err
-		}
-
-		standardUserRole := &portainer.Role{
-			Name:           "Standard user",
-			Description:    "Full control of assigned resources in an endpoint",
-			Priority:       3,
-			Authorizations: portainer.DefaultEndpointAuthorizationsForStandardUserRole(false),
-		}
-
-		err = store.RoleService.CreateRole(standardUserRole)
-		if err != nil {
-			return err
-		}
-
-		readOnlyUserRole := &portainer.Role{
-			Name:           "Read-only user",
-			Description:    "Read-only access of assigned resources in an endpoint",
-			Priority:       4,
-			Authorizations: portainer.DefaultEndpointAuthorizationsForReadOnlyUserRole(false),
-		}
-
-		err = store.RoleService.CreateRole(readOnlyUserRole)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}

api/bolt/internal/db.go

@@ -4,7 +4,7 @@ import (
 	"encoding/binary"
 
 	"github.com/boltdb/bolt"
-	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer"
 )
 
 // Itob returns an 8-byte big endian representation of v.
@@ -82,15 +82,13 @@ func DeleteObject(db *bolt.DB, bucketName string, key []byte) error {
 func GetNextIdentifier(db *bolt.DB, bucketName string) int {
 	var identifier int
 
-	db.Update(func(tx *bolt.Tx) error {
+	db.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(bucketName))
-		id, err := bucket.NextSequence()
-		if err != nil {
-			return err
-		}
+		id := bucket.Sequence()
 		identifier = int(id)
 		return nil
 	})
 
+	identifier++
 	return identifier
 }

api/bolt/internal/json.go

@@ -2,8 +2,6 @@ package internal
 
 import (
 	"encoding/json"
-
-	jsoniter "github.com/json-iterator/go"
 )
 
 // MarshalObject encodes an object to binary format
@@ -15,11 +13,3 @@ func MarshalObject(object interface{}) ([]byte, error) {
 func UnmarshalObject(data []byte, object interface{}) error {
 	return json.Unmarshal(data, object)
 }
-
-// UnmarshalObjectWithJsoniter decodes an object from binary data
-// using the jsoniter library. It is mainly used to accelerate endpoint
-// decoding at the moment.
-func UnmarshalObjectWithJsoniter(data []byte, object interface{}) error {
-	var jsoni = jsoniter.ConfigCompatibleWithStandardLibrary
-	return jsoni.Unmarshal(data, &object)
-}

api/bolt/migrator/migrate_dbversion0.go

@@ -2,8 +2,8 @@ package migrator
 
 import (
 	"github.com/boltdb/bolt"
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/user"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/user"
 )
 
 func (m *Migrator) updateAdminUserToDBVersion1() error {

api/bolt/migrator/migrate_dbversion1.go

@@ -2,8 +2,8 @@ package migrator
 
 import (
 	"github.com/boltdb/bolt"
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 )
 
 func (m *Migrator) updateResourceControlsToDBVersion2() error {

api/bolt/migrator/migrate_dbversion10.go

@@ -1,6 +1,6 @@
 package migrator
 
-import "github.com/portainer/portainer/api"
+import "github.com/portainer/portainer"
 
 func (m *Migrator) updateEndpointsToVersion11() error {
 	legacyEndpoints, err := m.endpointService.Endpoints()

api/bolt/migrator/migrate_dbversion11.go

@@ -5,9 +5,9 @@ import (
 	"strings"
 
 	"github.com/boltdb/bolt"
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-	"github.com/portainer/portainer/api/bolt/stack"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
+	"github.com/portainer/portainer/bolt/stack"
 )
 
 func (m *Migrator) updateEndpointsToVersion12() error {

api/bolt/migrator/migrate_dbversion12.go

@@ -1,6 +1,6 @@
 package migrator
 
-import "github.com/portainer/portainer/api"
+import "github.com/portainer/portainer"
 
 func (m *Migrator) updateSettingsToVersion13() error {
 	legacySettings, err := m.settingsService.Settings()

api/bolt/migrator/migrate_dbversion14.go

@@ -1,35 +0,0 @@
-package migrator
-
-import (
-	"strings"
-
-	"github.com/portainer/portainer/api"
-)
-
-func (m *Migrator) updateSettingsToDBVersion15() error {
-	legacySettings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	legacySettings.EnableHostManagementFeatures = false
-	return m.settingsService.UpdateSettings(legacySettings)
-}
-
-func (m *Migrator) updateTemplatesToVersion15() error {
-	legacyTemplates, err := m.templateService.Templates()
-	if err != nil {
-		return err
-	}
-
-	for _, template := range legacyTemplates {
-		template.Logo = strings.Replace(template.Logo, "https://portainer.io/images", portainer.AssetsServerURL, -1)
-
-		err = m.templateService.UpdateTemplate(template.ID, &template)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}

api/bolt/migrator/migrate_dbversion15.go

@@ -1,14 +0,0 @@
-package migrator
-
-func (m *Migrator) updateSettingsToDBVersion16() error {
-	legacySettings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	if legacySettings.SnapshotInterval == "" {
-		legacySettings.SnapshotInterval = "5m"
-	}
-
-	return m.settingsService.UpdateSettings(legacySettings)
-}

api/bolt/migrator/migrate_dbversion16.go

@@ -1,19 +0,0 @@
-package migrator
-
-func (m *Migrator) updateExtensionsToDBVersion17() error {
-	legacyExtensions, err := m.extensionService.Extensions()
-	if err != nil {
-		return err
-	}
-
-	for _, extension := range legacyExtensions {
-		extension.License.Valid = true
-
-		err = m.extensionService.Persist(&extension)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}

api/bolt/migrator/migrate_dbversion17.go

@@ -1,125 +0,0 @@
-package migrator
-
-import (
-	portainer "github.com/portainer/portainer/api"
-)
-
-func (m *Migrator) updateUsersToDBVersion18() error {
-	legacyUsers, err := m.userService.Users()
-	if err != nil {
-		return err
-	}
-
-	for _, user := range legacyUsers {
-		user.PortainerAuthorizations = map[portainer.Authorization]bool{
-			portainer.OperationPortainerDockerHubInspect:        true,
-			portainer.OperationPortainerEndpointGroupList:       true,
-			portainer.OperationPortainerEndpointList:            true,
-			portainer.OperationPortainerEndpointInspect:         true,
-			portainer.OperationPortainerEndpointExtensionAdd:    true,
-			portainer.OperationPortainerEndpointExtensionRemove: true,
-			portainer.OperationPortainerExtensionList:           true,
-			portainer.OperationPortainerMOTD:                    true,
-			portainer.OperationPortainerRegistryList:            true,
-			portainer.OperationPortainerRegistryInspect:         true,
-			portainer.OperationPortainerTeamList:                true,
-			portainer.OperationPortainerTemplateList:            true,
-			portainer.OperationPortainerTemplateInspect:         true,
-			portainer.OperationPortainerUserList:                true,
-			portainer.OperationPortainerUserMemberships:         true,
-		}
-
-		err = m.userService.UpdateUser(user.ID, &user)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (m *Migrator) updateEndpointsToDBVersion18() error {
-	legacyEndpoints, err := m.endpointService.Endpoints()
-	if err != nil {
-		return err
-	}
-
-	for _, endpoint := range legacyEndpoints {
-		endpoint.UserAccessPolicies = make(portainer.UserAccessPolicies)
-		for _, userID := range endpoint.AuthorizedUsers {
-			endpoint.UserAccessPolicies[userID] = portainer.AccessPolicy{
-				RoleID: 4,
-			}
-		}
-
-		endpoint.TeamAccessPolicies = make(portainer.TeamAccessPolicies)
-		for _, teamID := range endpoint.AuthorizedTeams {
-			endpoint.TeamAccessPolicies[teamID] = portainer.AccessPolicy{
-				RoleID: 4,
-			}
-		}
-
-		err = m.endpointService.UpdateEndpoint(endpoint.ID, &endpoint)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (m *Migrator) updateEndpointGroupsToDBVersion18() error {
-	legacyEndpointGroups, err := m.endpointGroupService.EndpointGroups()
-	if err != nil {
-		return err
-	}
-
-	for _, endpointGroup := range legacyEndpointGroups {
-		endpointGroup.UserAccessPolicies = make(portainer.UserAccessPolicies)
-		for _, userID := range endpointGroup.AuthorizedUsers {
-			endpointGroup.UserAccessPolicies[userID] = portainer.AccessPolicy{
-				RoleID: 4,
-			}
-		}
-
-		endpointGroup.TeamAccessPolicies = make(portainer.TeamAccessPolicies)
-		for _, teamID := range endpointGroup.AuthorizedTeams {
-			endpointGroup.TeamAccessPolicies[teamID] = portainer.AccessPolicy{
-				RoleID: 4,
-			}
-		}
-
-		err = m.endpointGroupService.UpdateEndpointGroup(endpointGroup.ID, &endpointGroup)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (m *Migrator) updateRegistriesToDBVersion18() error {
-	legacyRegistries, err := m.registryService.Registries()
-	if err != nil {
-		return err
-	}
-
-	for _, registry := range legacyRegistries {
-		registry.UserAccessPolicies = make(portainer.UserAccessPolicies)
-		for _, userID := range registry.AuthorizedUsers {
-			registry.UserAccessPolicies[userID] = portainer.AccessPolicy{}
-		}
-
-		registry.TeamAccessPolicies = make(portainer.TeamAccessPolicies)
-		for _, teamID := range registry.AuthorizedTeams {
-			registry.TeamAccessPolicies[teamID] = portainer.AccessPolicy{}
-		}
-
-		err = m.registryService.UpdateRegistry(registry.ID, &registry)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}

api/bolt/migrator/migrate_dbversion18.go

@@ -1,16 +0,0 @@
-package migrator
-
-import portainer "github.com/portainer/portainer/api"
-
-func (m *Migrator) updateSettingsToDBVersion19() error {
-	legacySettings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	if legacySettings.EdgeAgentCheckinInterval == 0 {
-		legacySettings.EdgeAgentCheckinInterval = portainer.DefaultEdgeAgentCheckinIntervalInSeconds
-	}
-
-	return m.settingsService.UpdateSettings(legacySettings)
-}

api/bolt/migrator/migrate_dbversion19.go

@@ -1,67 +0,0 @@
-package migrator
-
-import (
-	"strings"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-func (m *Migrator) updateUsersToDBVersion20() error {
-	authorizationServiceParameters := &portainer.AuthorizationServiceParameters{
-		EndpointService:       m.endpointService,
-		EndpointGroupService:  m.endpointGroupService,
-		RegistryService:       m.registryService,
-		RoleService:           m.roleService,
-		TeamMembershipService: m.teamMembershipService,
-		UserService:           m.userService,
-	}
-
-	authorizationService := portainer.NewAuthorizationService(authorizationServiceParameters)
-	return authorizationService.UpdateUsersAuthorizations()
-}
-
-func (m *Migrator) updateSettingsToDBVersion20() error {
-	legacySettings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	legacySettings.AllowVolumeBrowserForRegularUsers = false
-
-	return m.settingsService.UpdateSettings(legacySettings)
-}
-
-func (m *Migrator) updateSchedulesToDBVersion20() error {
-	legacySchedules, err := m.scheduleService.Schedules()
-	if err != nil {
-		return err
-	}
-
-	for _, schedule := range legacySchedules {
-		if schedule.JobType == portainer.ScriptExecutionJobType {
-			if schedule.CronExpression == "0 0 * * *" {
-				schedule.CronExpression = "0 * * * *"
-			} else if schedule.CronExpression == "0 0 0/2 * *" {
-				schedule.CronExpression = "0 */2 * * *"
-			} else if schedule.CronExpression == "0 0 0 * *" {
-				schedule.CronExpression = "0 0 * * *"
-			} else {
-				revisedCronExpression := strings.Split(schedule.CronExpression, " ")
-				if len(revisedCronExpression) == 5 {
-					continue
-				}
-
-				revisedCronExpression = revisedCronExpression[1:]
-				schedule.CronExpression = strings.Join(revisedCronExpression, " ")
-			}
-
-			err := m.scheduleService.UpdateSchedule(schedule.ID, &schedule)
-			if err != nil {
-				return err
-			}
-		}
-
-	}
-
-	return nil
-}

api/bolt/migrator/migrate_dbversion2.go

@@ -1,6 +1,6 @@
 package migrator
 
-import "github.com/portainer/portainer/api"
+import "github.com/portainer/portainer"
 
 func (m *Migrator) updateSettingsToDBVersion3() error {
 	legacySettings, err := m.settingsService.Settings()

api/bolt/migrator/migrate_dbversion20.go

@@ -1,89 +0,0 @@
-package migrator
-
-import portainer "github.com/portainer/portainer/api"
-
-func (m *Migrator) updateResourceControlsToDBVersion22() error {
-	legacyResourceControls, err := m.resourceControlService.ResourceControls()
-	if err != nil {
-		return err
-	}
-
-	for _, resourceControl := range legacyResourceControls {
-		resourceControl.AdministratorsOnly = false
-
-		err := m.resourceControlService.UpdateResourceControl(resourceControl.ID, &resourceControl)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (m *Migrator) updateUsersAndRolesToDBVersion22() error {
-	legacyUsers, err := m.userService.Users()
-	if err != nil {
-		return err
-	}
-
-	settings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	for _, user := range legacyUsers {
-		user.PortainerAuthorizations = portainer.DefaultPortainerAuthorizations()
-		err = m.userService.UpdateUser(user.ID, &user)
-		if err != nil {
-			return err
-		}
-	}
-
-	endpointAdministratorRole, err := m.roleService.Role(portainer.RoleID(1))
-	if err != nil {
-		return err
-	}
-	endpointAdministratorRole.Priority = 1
-	endpointAdministratorRole.Authorizations = portainer.DefaultEndpointAuthorizationsForEndpointAdministratorRole()
-
-	err = m.roleService.UpdateRole(endpointAdministratorRole.ID, endpointAdministratorRole)
-
-	helpDeskRole, err := m.roleService.Role(portainer.RoleID(2))
-	if err != nil {
-		return err
-	}
-	helpDeskRole.Priority = 2
-	helpDeskRole.Authorizations = portainer.DefaultEndpointAuthorizationsForHelpDeskRole(settings.AllowVolumeBrowserForRegularUsers)
-
-	err = m.roleService.UpdateRole(helpDeskRole.ID, helpDeskRole)
-
-	standardUserRole, err := m.roleService.Role(portainer.RoleID(3))
-	if err != nil {
-		return err
-	}
-	standardUserRole.Priority = 3
-	standardUserRole.Authorizations = portainer.DefaultEndpointAuthorizationsForStandardUserRole(settings.AllowVolumeBrowserForRegularUsers)
-
-	err = m.roleService.UpdateRole(standardUserRole.ID, standardUserRole)
-
-	readOnlyUserRole, err := m.roleService.Role(portainer.RoleID(4))
-	if err != nil {
-		return err
-	}
-	readOnlyUserRole.Priority = 4
-	readOnlyUserRole.Authorizations = portainer.DefaultEndpointAuthorizationsForReadOnlyUserRole(settings.AllowVolumeBrowserForRegularUsers)
-
-	err = m.roleService.UpdateRole(readOnlyUserRole.ID, readOnlyUserRole)
-
-	authorizationServiceParameters := &portainer.AuthorizationServiceParameters{
-		EndpointService:       m.endpointService,
-		EndpointGroupService:  m.endpointGroupService,
-		RegistryService:       m.registryService,
-		RoleService:           m.roleService,
-		TeamMembershipService: m.teamMembershipService,
-		UserService:           m.userService,
-	}
-
-	authorizationService := portainer.NewAuthorizationService(authorizationServiceParameters)
-	return authorizationService.UpdateUsersAuthorizations()
-}

api/bolt/migrator/migrate_dbversion22.go

@@ -1,94 +0,0 @@
-package migrator
-
-import (
-	"github.com/portainer/portainer/api"
-)
-
-func (m *Migrator) updateTagsToDBVersion23() error {
-	tags, err := m.tagService.Tags()
-	if err != nil {
-		return err
-	}
-
-	for _, tag := range tags {
-		tag.EndpointGroups = make(map[portainer.EndpointGroupID]bool)
-		tag.Endpoints = make(map[portainer.EndpointID]bool)
-		err = m.tagService.UpdateTag(tag.ID, &tag)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (m *Migrator) updateEndpointsAndEndpointGroupsToDBVersion23() error {
-	tags, err := m.tagService.Tags()
-	if err != nil {
-		return err
-	}
-
-	tagsNameMap := make(map[string]portainer.Tag)
-	for _, tag := range tags {
-		tagsNameMap[tag.Name] = tag
-	}
-
-	endpoints, err := m.endpointService.Endpoints()
-	if err != nil {
-		return err
-	}
-
-	for _, endpoint := range endpoints {
-		endpointTags := make([]portainer.TagID, 0)
-		for _, tagName := range endpoint.Tags {
-			tag, ok := tagsNameMap[tagName]
-			if ok {
-				endpointTags = append(endpointTags, tag.ID)
-				tag.Endpoints[endpoint.ID] = true
-			}
-		}
-		endpoint.TagIDs = endpointTags
-		err = m.endpointService.UpdateEndpoint(endpoint.ID, &endpoint)
-		if err != nil {
-			return err
-		}
-
-		relation := &portainer.EndpointRelation{
-			EndpointID: endpoint.ID,
-			EdgeStacks: map[portainer.EdgeStackID]bool{},
-		}
-
-		err = m.endpointRelationService.CreateEndpointRelation(relation)
-		if err != nil {
-			return err
-		}
-	}
-
-	endpointGroups, err := m.endpointGroupService.EndpointGroups()
-	if err != nil {
-		return err
-	}
-
-	for _, endpointGroup := range endpointGroups {
-		endpointGroupTags := make([]portainer.TagID, 0)
-		for _, tagName := range endpointGroup.Tags {
-			tag, ok := tagsNameMap[tagName]
-			if ok {
-				endpointGroupTags = append(endpointGroupTags, tag.ID)
-				tag.EndpointGroups[endpointGroup.ID] = true
-			}
-		}
-		endpointGroup.TagIDs = endpointGroupTags
-		err = m.endpointGroupService.UpdateEndpointGroup(endpointGroup.ID, &endpointGroup)
-		if err != nil {
-			return err
-		}
-	}
-
-	for _, tag := range tagsNameMap {
-		err = m.tagService.UpdateTag(tag.ID, &tag)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}

api/bolt/migrator/migrate_dbversion23.go

@@ -1,14 +0,0 @@
-package migrator
-
-func (m *Migrator) updateSettingsToDBVersion24() error {
-	legacySettings, err := m.settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	legacySettings.AllowDeviceMappingForRegularUsers = true
-	legacySettings.AllowStackManagementForRegularUsers = true
-	legacySettings.AllowHostNamespaceForRegularUsers = true
-
-	return m.settingsService.UpdateSettings(legacySettings)
-}

api/bolt/migrator/migrate_dbversion3.go

@@ -1,6 +1,6 @@
 package migrator
 
-import "github.com/portainer/portainer/api"
+import "github.com/portainer/portainer"
 
 func (m *Migrator) updateEndpointsToDBVersion4() error {
 	legacyEndpoints, err := m.endpointService.Endpoints()

api/bolt/migrator/migrate_dbversion7.go

@@ -1,6 +1,6 @@
 package migrator
 
-import "github.com/portainer/portainer/api"
+import "github.com/portainer/portainer"
 
 func (m *Migrator) updateEndpointsToVersion8() error {
 	legacyEndpoints, err := m.endpointService.Endpoints()

api/bolt/migrator/migrate_dbversion8.go

@@ -1,6 +1,6 @@
 package migrator
 
-import "github.com/portainer/portainer/api"
+import "github.com/portainer/portainer"
 
 func (m *Migrator) updateEndpointsToVersion9() error {
 	legacyEndpoints, err := m.endpointService.Endpoints()

api/bolt/migrator/migrate_dbversion9.go

@@ -1,6 +1,6 @@
 package migrator
 
-import "github.com/portainer/portainer/api"
+import "github.com/portainer/portainer"
 
 func (m *Migrator) updateEndpointsToVersion10() error {
 	legacyEndpoints, err := m.endpointService.Endpoints()

api/bolt/migrator/migrator.go

@@ -2,91 +2,59 @@ package migrator
 
 import (
 	"github.com/boltdb/bolt"
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/endpoint"
-	"github.com/portainer/portainer/api/bolt/endpointgroup"
-	"github.com/portainer/portainer/api/bolt/endpointrelation"
-	"github.com/portainer/portainer/api/bolt/extension"
-	"github.com/portainer/portainer/api/bolt/registry"
-	"github.com/portainer/portainer/api/bolt/resourcecontrol"
-	"github.com/portainer/portainer/api/bolt/role"
-	"github.com/portainer/portainer/api/bolt/schedule"
-	"github.com/portainer/portainer/api/bolt/settings"
-	"github.com/portainer/portainer/api/bolt/stack"
-	"github.com/portainer/portainer/api/bolt/tag"
-	"github.com/portainer/portainer/api/bolt/teammembership"
-	"github.com/portainer/portainer/api/bolt/template"
-	"github.com/portainer/portainer/api/bolt/user"
-	"github.com/portainer/portainer/api/bolt/version"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/endpoint"
+	"github.com/portainer/portainer/bolt/endpointgroup"
+	"github.com/portainer/portainer/bolt/resourcecontrol"
+	"github.com/portainer/portainer/bolt/settings"
+	"github.com/portainer/portainer/bolt/stack"
+	"github.com/portainer/portainer/bolt/user"
+	"github.com/portainer/portainer/bolt/version"
 )
 
 type (
 	// Migrator defines a service to migrate data after a Portainer version update.
 	Migrator struct {
-		currentDBVersion        int
-		db                      *bolt.DB
-		endpointGroupService    *endpointgroup.Service
-		endpointService         *endpoint.Service
-		endpointRelationService *endpointrelation.Service
-		extensionService        *extension.Service
-		registryService         *registry.Service
-		resourceControlService  *resourcecontrol.Service
-		roleService             *role.Service
-		scheduleService         *schedule.Service
-		settingsService         *settings.Service
-		stackService            *stack.Service
-		tagService              *tag.Service
-		teamMembershipService   *teammembership.Service
-		templateService         *template.Service
-		userService             *user.Service
-		versionService          *version.Service
-		fileService             portainer.FileService
+		currentDBVersion       int
+		db                     *bolt.DB
+		endpointGroupService   *endpointgroup.Service
+		endpointService        *endpoint.Service
+		resourceControlService *resourcecontrol.Service
+		settingsService        *settings.Service
+		stackService           *stack.Service
+		userService            *user.Service
+		versionService         *version.Service
+		fileService            portainer.FileService
 	}
 
 	// Parameters represents the required parameters to create a new Migrator instance.
 	Parameters struct {
-		DB                      *bolt.DB
-		DatabaseVersion         int
-		EndpointGroupService    *endpointgroup.Service
-		EndpointService         *endpoint.Service
-		EndpointRelationService *endpointrelation.Service
-		ExtensionService        *extension.Service
-		RegistryService         *registry.Service
-		ResourceControlService  *resourcecontrol.Service
-		RoleService             *role.Service
-		ScheduleService         *schedule.Service
-		SettingsService         *settings.Service
-		StackService            *stack.Service
-		TagService              *tag.Service
-		TeamMembershipService   *teammembership.Service
-		TemplateService         *template.Service
-		UserService             *user.Service
-		VersionService          *version.Service
-		FileService             portainer.FileService
+		DB                     *bolt.DB
+		DatabaseVersion        int
+		EndpointGroupService   *endpointgroup.Service
+		EndpointService        *endpoint.Service
+		ResourceControlService *resourcecontrol.Service
+		SettingsService        *settings.Service
+		StackService           *stack.Service
+		UserService            *user.Service
+		VersionService         *version.Service
+		FileService            portainer.FileService
 	}
 )
 
 // NewMigrator creates a new Migrator.
 func NewMigrator(parameters *Parameters) *Migrator {
 	return &Migrator{
-		db:                      parameters.DB,
-		currentDBVersion:        parameters.DatabaseVersion,
-		endpointGroupService:    parameters.EndpointGroupService,
-		endpointService:         parameters.EndpointService,
-		endpointRelationService: parameters.EndpointRelationService,
-		extensionService:        parameters.ExtensionService,
-		registryService:         parameters.RegistryService,
-		resourceControlService:  parameters.ResourceControlService,
-		roleService:             parameters.RoleService,
-		scheduleService:         parameters.ScheduleService,
-		settingsService:         parameters.SettingsService,
-		tagService:              parameters.TagService,
-		teamMembershipService:   parameters.TeamMembershipService,
-		templateService:         parameters.TemplateService,
-		stackService:            parameters.StackService,
-		userService:             parameters.UserService,
-		versionService:          parameters.VersionService,
-		fileService:             parameters.FileService,
+		db:                     parameters.DB,
+		currentDBVersion:       parameters.DatabaseVersion,
+		endpointGroupService:   parameters.EndpointGroupService,
+		endpointService:        parameters.EndpointService,
+		resourceControlService: parameters.ResourceControlService,
+		settingsService:        parameters.SettingsService,
+		stackService:           parameters.StackService,
+		userService:            parameters.UserService,
+		versionService:         parameters.VersionService,
+		fileService:            parameters.FileService,
 	}
 }
 
@@ -218,117 +186,5 @@ func (m *Migrator) Migrate() error {
 		}
 	}
 
-	// Portainer 1.20.0
-	if m.currentDBVersion < 15 {
-		err := m.updateSettingsToDBVersion15()
-		if err != nil {
-			return err
-		}
-
-		err = m.updateTemplatesToVersion15()
-		if err != nil {
-			return err
-		}
-	}
-
-	if m.currentDBVersion < 16 {
-		err := m.updateSettingsToDBVersion16()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 1.20.1
-	if m.currentDBVersion < 17 {
-		err := m.updateExtensionsToDBVersion17()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 1.21.0
-	if m.currentDBVersion < 18 {
-		err := m.updateUsersToDBVersion18()
-		if err != nil {
-			return err
-		}
-
-		err = m.updateEndpointsToDBVersion18()
-		if err != nil {
-			return err
-		}
-
-		err = m.updateEndpointGroupsToDBVersion18()
-		if err != nil {
-			return err
-		}
-
-		err = m.updateRegistriesToDBVersion18()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 1.22.0
-	if m.currentDBVersion < 19 {
-		err := m.updateSettingsToDBVersion19()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 1.22.1
-	if m.currentDBVersion < 20 {
-		err := m.updateUsersToDBVersion20()
-		if err != nil {
-			return err
-		}
-
-		err = m.updateSettingsToDBVersion20()
-		if err != nil {
-			return err
-		}
-
-		err = m.updateSchedulesToDBVersion20()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 1.23.0
-	// DBVersion 21 is missing as it was shipped as via hotfix 1.22.2
-	if m.currentDBVersion < 22 {
-		err := m.updateResourceControlsToDBVersion22()
-		if err != nil {
-			return err
-		}
-
-		err = m.updateUsersAndRolesToDBVersion22()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 1.24.0
-	if m.currentDBVersion < 23 {
-		err := m.updateTagsToDBVersion23()
-		if err != nil {
-			return err
-		}
-
-		err = m.updateEndpointsAndEndpointGroupsToDBVersion23()
-		if err != nil {
-			return err
-		}
-	}
-
-	// Portainer 1.24.1
-	if m.currentDBVersion < 24 {
-		err := m.updateSettingsToDBVersion24()
-		if err != nil {
-			return err
-		}
-	}
-
 	return m.versionService.StoreDBVersion(portainer.DBVersion)
 }

api/bolt/registry/registry.go

@@ -1,8 +1,8 @@
 package registry
 
 import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 
 	"github.com/boltdb/bolt"
 )

api/bolt/resourcecontrol/resourcecontrol.go

@@ -1,8 +1,8 @@
 package resourcecontrol
 
 import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 
 	"github.com/boltdb/bolt"
 )
@@ -42,10 +42,9 @@ func (service *Service) ResourceControl(ID portainer.ResourceControlID) (*portai
 	return &resourceControl, nil
 }
 
-// ResourceControlByResourceIDAndType returns a ResourceControl object by checking if the resourceID is equal
-// to the main ResourceID or in SubResourceIDs. It also performs a check on the resource type. Return nil
-// if no ResourceControl was found.
-func (service *Service) ResourceControlByResourceIDAndType(resourceID string, resourceType portainer.ResourceControlType) (*portainer.ResourceControl, error) {
+// ResourceControlByResourceID returns a ResourceControl object by checking if the resourceID is equal
+// to the main ResourceID or in SubResourceIDs
+func (service *Service) ResourceControlByResourceID(resourceID string) (*portainer.ResourceControl, error) {
 	var resourceControl *portainer.ResourceControl
 
 	err := service.db.View(func(tx *bolt.Tx) error {
@@ -59,7 +58,7 @@ func (service *Service) ResourceControlByResourceIDAndType(resourceID string, re
 				return err
 			}
 
-			if rc.ResourceID == resourceID && rc.Type == resourceType {
+			if rc.ResourceID == resourceID {
 				resourceControl = &rc
 				break
 			}
@@ -72,6 +71,10 @@ func (service *Service) ResourceControlByResourceIDAndType(resourceID string, re
 			}
 		}
 
+		if resourceControl == nil {
+			return portainer.ErrObjectNotFound
+		}
+
 		return nil
 	})
 

api/bolt/role/role.go

@@ -1,89 +0,0 @@
-package role
-
-import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-
-	"github.com/boltdb/bolt"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "roles"
-)
-
-// Service represents a service for managing endpoint data.
-type Service struct {
-	db *bolt.DB
-}
-
-// NewService creates a new instance of a service.
-func NewService(db *bolt.DB) (*Service, error) {
-	err := internal.CreateBucket(db, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		db: db,
-	}, nil
-}
-
-// Role returns a Role by ID
-func (service *Service) Role(ID portainer.RoleID) (*portainer.Role, error) {
-	var set portainer.Role
-	identifier := internal.Itob(int(ID))
-
-	err := internal.GetObject(service.db, BucketName, identifier, &set)
-	if err != nil {
-		return nil, err
-	}
-
-	return &set, nil
-}
-
-// Roles return an array containing all the sets.
-func (service *Service) Roles() ([]portainer.Role, error) {
-	var sets = make([]portainer.Role, 0)
-
-	err := service.db.View(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		cursor := bucket.Cursor()
-		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
-			var set portainer.Role
-			err := internal.UnmarshalObject(v, &set)
-			if err != nil {
-				return err
-			}
-			sets = append(sets, set)
-		}
-
-		return nil
-	})
-
-	return sets, err
-}
-
-// CreateRole creates a new Role.
-func (service *Service) CreateRole(role *portainer.Role) error {
-	return service.db.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		id, _ := bucket.NextSequence()
-		role.ID = portainer.RoleID(id)
-
-		data, err := internal.MarshalObject(role)
-		if err != nil {
-			return err
-		}
-
-		return bucket.Put(internal.Itob(int(role.ID)), data)
-	})
-}
-
-// UpdateRole updates a role.
-func (service *Service) UpdateRole(ID portainer.RoleID, role *portainer.Role) error {
-	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.db, BucketName, identifier, role)
-}

api/bolt/schedule/schedule.go

@@ -1,129 +0,0 @@
-package schedule
-
-import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-
-	"github.com/boltdb/bolt"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "schedules"
-)
-
-// Service represents a service for managing schedule data.
-type Service struct {
-	db *bolt.DB
-}
-
-// NewService creates a new instance of a service.
-func NewService(db *bolt.DB) (*Service, error) {
-	err := internal.CreateBucket(db, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		db: db,
-	}, nil
-}
-
-// Schedule returns a schedule by ID.
-func (service *Service) Schedule(ID portainer.ScheduleID) (*portainer.Schedule, error) {
-	var schedule portainer.Schedule
-	identifier := internal.Itob(int(ID))
-
-	err := internal.GetObject(service.db, BucketName, identifier, &schedule)
-	if err != nil {
-		return nil, err
-	}
-
-	return &schedule, nil
-}
-
-// UpdateSchedule updates a schedule.
-func (service *Service) UpdateSchedule(ID portainer.ScheduleID, schedule *portainer.Schedule) error {
-	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.db, BucketName, identifier, schedule)
-}
-
-// DeleteSchedule deletes a schedule.
-func (service *Service) DeleteSchedule(ID portainer.ScheduleID) error {
-	identifier := internal.Itob(int(ID))
-	return internal.DeleteObject(service.db, BucketName, identifier)
-}
-
-// Schedules return a array containing all the schedules.
-func (service *Service) Schedules() ([]portainer.Schedule, error) {
-	var schedules = make([]portainer.Schedule, 0)
-
-	err := service.db.View(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		cursor := bucket.Cursor()
-		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
-			var schedule portainer.Schedule
-			err := internal.UnmarshalObject(v, &schedule)
-			if err != nil {
-				return err
-			}
-			schedules = append(schedules, schedule)
-		}
-
-		return nil
-	})
-
-	return schedules, err
-}
-
-// SchedulesByJobType return a array containing all the schedules
-// with the specified JobType.
-func (service *Service) SchedulesByJobType(jobType portainer.JobType) ([]portainer.Schedule, error) {
-	var schedules = make([]portainer.Schedule, 0)
-
-	err := service.db.View(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		cursor := bucket.Cursor()
-		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
-			var schedule portainer.Schedule
-			err := internal.UnmarshalObject(v, &schedule)
-			if err != nil {
-				return err
-			}
-			if schedule.JobType == jobType {
-				schedules = append(schedules, schedule)
-			}
-		}
-
-		return nil
-	})
-
-	return schedules, err
-}
-
-// CreateSchedule assign an ID to a new schedule and saves it.
-func (service *Service) CreateSchedule(schedule *portainer.Schedule) error {
-	return service.db.Update(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(BucketName))
-
-		// We manually manage sequences for schedules
-		err := bucket.SetSequence(uint64(schedule.ID))
-		if err != nil {
-			return err
-		}
-
-		data, err := internal.MarshalObject(schedule)
-		if err != nil {
-			return err
-		}
-
-		return bucket.Put(internal.Itob(int(schedule.ID)), data)
-	})
-}
-
-// GetNextIdentifier returns the next identifier for a schedule.
-func (service *Service) GetNextIdentifier() int {
-	return internal.GetNextIdentifier(service.db, BucketName)
-}

api/bolt/settings/settings.go

@@ -1,8 +1,8 @@
 package settings
 
 import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 
 	"github.com/boltdb/bolt"
 )

api/bolt/stack/stack.go

@@ -1,8 +1,8 @@
 package stack
 
 import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 
 	"github.com/boltdb/bolt"
 )

api/bolt/tag/tag.go

@@ -1,8 +1,8 @@
 package tag
 
 import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 
 	"github.com/boltdb/bolt"
 )
@@ -52,19 +52,6 @@ func (service *Service) Tags() ([]portainer.Tag, error) {
 	return tags, err
 }
 
-// Tag returns a tag by ID.
-func (service *Service) Tag(ID portainer.TagID) (*portainer.Tag, error) {
-	var tag portainer.Tag
-	identifier := internal.Itob(int(ID))
-
-	err := internal.GetObject(service.db, BucketName, identifier, &tag)
-	if err != nil {
-		return nil, err
-	}
-
-	return &tag, nil
-}
-
 // CreateTag creates a new tag.
 func (service *Service) CreateTag(tag *portainer.Tag) error {
 	return service.db.Update(func(tx *bolt.Tx) error {
@@ -82,12 +69,6 @@ func (service *Service) CreateTag(tag *portainer.Tag) error {
 	})
 }
 
-// UpdateTag updates a tag.
-func (service *Service) UpdateTag(ID portainer.TagID, tag *portainer.Tag) error {
-	identifier := internal.Itob(int(ID))
-	return internal.UpdateObject(service.db, BucketName, identifier, tag)
-}
-
 // DeleteTag deletes a tag.
 func (service *Service) DeleteTag(ID portainer.TagID) error {
 	identifier := internal.Itob(int(ID))

api/bolt/team/team.go

@@ -1,8 +1,8 @@
 package team
 
 import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 
 	"github.com/boltdb/bolt"
 )

api/bolt/teammembership/teammembership.go

@@ -1,8 +1,8 @@
 package teammembership
 
 import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 
 	"github.com/boltdb/bolt"
 )

api/bolt/template/template.go

@@ -1,8 +1,8 @@
 package template
 
 import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 
 	"github.com/boltdb/bolt"
 )

api/bolt/tunnelserver/tunnelserver.go

@@ -1,48 +0,0 @@
-package tunnelserver
-
-import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
-
-	"github.com/boltdb/bolt"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "tunnel_server"
-	infoKey    = "INFO"
-)
-
-// Service represents a service for managing endpoint data.
-type Service struct {
-	db *bolt.DB
-}
-
-// NewService creates a new instance of a service.
-func NewService(db *bolt.DB) (*Service, error) {
-	err := internal.CreateBucket(db, BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		db: db,
-	}, nil
-}
-
-// Info retrieve the TunnelServerInfo object.
-func (service *Service) Info() (*portainer.TunnelServerInfo, error) {
-	var info portainer.TunnelServerInfo
-
-	err := internal.GetObject(service.db, BucketName, []byte(infoKey), &info)
-	if err != nil {
-		return nil, err
-	}
-
-	return &info, nil
-}
-
-// UpdateInfo persists a TunnelServerInfo object.
-func (service *Service) UpdateInfo(settings *portainer.TunnelServerInfo) error {
-	return internal.UpdateObject(service.db, BucketName, []byte(infoKey), settings)
-}

api/bolt/user/user.go

@@ -1,8 +1,8 @@
 package user
 
 import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 
 	"github.com/boltdb/bolt"
 )

api/bolt/version/version.go

@@ -4,8 +4,8 @@ import (
 	"strconv"
 
 	"github.com/boltdb/bolt"
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 )
 
 const (

api/bolt/webhook/webhook.go

@@ -1,8 +1,8 @@
 package webhook
 
 import (
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt/internal"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt/internal"
 
 	"github.com/boltdb/bolt"
 )

api/chisel/key.go

@@ -1,24 +0,0 @@
-package chisel
-
-import (
-	"encoding/base64"
-	"fmt"
-	"strconv"
-	"strings"
-)
-
-// GenerateEdgeKey will generate a key that can be used by an Edge agent to register with a Portainer instance.
-// The key represents the following data in this particular format:
-// portainer_instance_url|tunnel_server_addr|tunnel_server_fingerprint|endpoint_ID
-// The key returned by this function is a base64 encoded version of the data.
-func (service *Service) GenerateEdgeKey(url, host string, endpointIdentifier int) string {
-	keyInformation := []string{
-		url,
-		fmt.Sprintf("%s:%s", host, service.serverPort),
-		service.serverFingerprint,
-		strconv.Itoa(endpointIdentifier),
-	}
-
-	key := strings.Join(keyInformation, "|")
-	return base64.RawStdEncoding.EncodeToString([]byte(key))
-}

api/chisel/schedules.go

@@ -1,47 +0,0 @@
-package chisel
-
-import (
-	"strconv"
-
-	portainer "github.com/portainer/portainer/api"
-)
-
-// AddSchedule register a schedule inside the tunnel details associated to an endpoint.
-func (service *Service) AddSchedule(endpointID portainer.EndpointID, schedule *portainer.EdgeSchedule) {
-	tunnel := service.GetTunnelDetails(endpointID)
-
-	existingScheduleIndex := -1
-	for idx, existingSchedule := range tunnel.Schedules {
-		if existingSchedule.ID == schedule.ID {
-			existingScheduleIndex = idx
-			break
-		}
-	}
-
-	if existingScheduleIndex == -1 {
-		tunnel.Schedules = append(tunnel.Schedules, *schedule)
-	} else {
-		tunnel.Schedules[existingScheduleIndex] = *schedule
-	}
-
-	key := strconv.Itoa(int(endpointID))
-	service.tunnelDetailsMap.Set(key, tunnel)
-}
-
-// RemoveSchedule will remove the specified schedule from each tunnel it was registered with.
-func (service *Service) RemoveSchedule(scheduleID portainer.ScheduleID) {
-	for item := range service.tunnelDetailsMap.IterBuffered() {
-		tunnelDetails := item.Val.(*portainer.TunnelDetails)
-
-		updatedSchedules := make([]portainer.EdgeSchedule, 0)
-		for _, schedule := range tunnelDetails.Schedules {
-			if schedule.ID == scheduleID {
-				continue
-			}
-			updatedSchedules = append(updatedSchedules, schedule)
-		}
-
-		tunnelDetails.Schedules = updatedSchedules
-		service.tunnelDetailsMap.Set(item.Key, tunnelDetails)
-	}
-}

api/chisel/service.go

@@ -1,191 +0,0 @@
-package chisel
-
-import (
-	"fmt"
-	"log"
-	"strconv"
-	"time"
-
-	"github.com/dchest/uniuri"
-
-	cmap "github.com/orcaman/concurrent-map"
-
-	chserver "github.com/jpillora/chisel/server"
-	portainer "github.com/portainer/portainer/api"
-)
-
-const (
-	tunnelCleanupInterval = 10 * time.Second
-	requiredTimeout       = 15 * time.Second
-	activeTimeout         = 4*time.Minute + 30*time.Second
-)
-
-// Service represents a service to manage the state of multiple reverse tunnels.
-// It is used to start a reverse tunnel server and to manage the connection status of each tunnel
-// connected to the tunnel server.
-type Service struct {
-	serverFingerprint   string
-	serverPort          string
-	tunnelDetailsMap    cmap.ConcurrentMap
-	endpointService     portainer.EndpointService
-	tunnelServerService portainer.TunnelServerService
-	snapshotter         portainer.Snapshotter
-	chiselServer        *chserver.Server
-}
-
-// NewService returns a pointer to a new instance of Service
-func NewService(endpointService portainer.EndpointService, tunnelServerService portainer.TunnelServerService) *Service {
-	return &Service{
-		tunnelDetailsMap:    cmap.New(),
-		endpointService:     endpointService,
-		tunnelServerService: tunnelServerService,
-	}
-}
-
-// StartTunnelServer starts a tunnel server on the specified addr and port.
-// It uses a seed to generate a new private/public key pair. If the seed cannot
-// be found inside the database, it will generate a new one randomly and persist it.
-// It starts the tunnel status verification process in the background.
-// The snapshotter is used in the tunnel status verification process.
-func (service *Service) StartTunnelServer(addr, port string, snapshotter portainer.Snapshotter) error {
-	keySeed, err := service.retrievePrivateKeySeed()
-	if err != nil {
-		return err
-	}
-
-	config := &chserver.Config{
-		Reverse: true,
-		KeySeed: keySeed,
-	}
-
-	chiselServer, err := chserver.NewServer(config)
-	if err != nil {
-		return err
-	}
-
-	service.serverFingerprint = chiselServer.GetFingerprint()
-	service.serverPort = port
-
-	err = chiselServer.Start(addr, port)
-	if err != nil {
-		return err
-	}
-	service.chiselServer = chiselServer
-
-	// TODO: work-around Chisel default behavior.
-	// By default, Chisel will allow anyone to connect if no user exists.
-	username, password := generateRandomCredentials()
-	err = service.chiselServer.AddUser(username, password, "127.0.0.1")
-	if err != nil {
-		return err
-	}
-
-	service.snapshotter = snapshotter
-	go service.startTunnelVerificationLoop()
-
-	return nil
-}
-
-func (service *Service) retrievePrivateKeySeed() (string, error) {
-	var serverInfo *portainer.TunnelServerInfo
-
-	serverInfo, err := service.tunnelServerService.Info()
-	if err == portainer.ErrObjectNotFound {
-		keySeed := uniuri.NewLen(16)
-
-		serverInfo = &portainer.TunnelServerInfo{
-			PrivateKeySeed: keySeed,
-		}
-
-		err := service.tunnelServerService.UpdateInfo(serverInfo)
-		if err != nil {
-			return "", err
-		}
-	} else if err != nil {
-		return "", err
-	}
-
-	return serverInfo.PrivateKeySeed, nil
-}
-
-func (service *Service) startTunnelVerificationLoop() {
-	log.Printf("[DEBUG] [chisel, monitoring] [check_interval_seconds: %f] [message: starting tunnel management process]", tunnelCleanupInterval.Seconds())
-	ticker := time.NewTicker(tunnelCleanupInterval)
-	stopSignal := make(chan struct{})
-
-	for {
-		select {
-		case <-ticker.C:
-			service.checkTunnels()
-		case <-stopSignal:
-			ticker.Stop()
-			return
-		}
-	}
-}
-
-func (service *Service) checkTunnels() {
-	for item := range service.tunnelDetailsMap.IterBuffered() {
-		tunnel := item.Val.(*portainer.TunnelDetails)
-
-		if tunnel.LastActivity.IsZero() || tunnel.Status == portainer.EdgeAgentIdle {
-			continue
-		}
-
-		elapsed := time.Since(tunnel.LastActivity)
-		log.Printf("[DEBUG] [chisel,monitoring] [endpoint_id: %s] [status: %s] [status_time_seconds: %f] [message: endpoint tunnel monitoring]", item.Key, tunnel.Status, elapsed.Seconds())
-
-		if tunnel.Status == portainer.EdgeAgentManagementRequired && elapsed.Seconds() < requiredTimeout.Seconds() {
-			continue
-		} else if tunnel.Status == portainer.EdgeAgentManagementRequired && elapsed.Seconds() > requiredTimeout.Seconds() {
-			log.Printf("[DEBUG] [chisel,monitoring] [endpoint_id: %s] [status: %s] [status_time_seconds: %f] [timeout_seconds: %f] [message: REQUIRED state timeout exceeded]", item.Key, tunnel.Status, elapsed.Seconds(), requiredTimeout.Seconds())
-		}
-
-		if tunnel.Status == portainer.EdgeAgentActive && elapsed.Seconds() < activeTimeout.Seconds() {
-			continue
-		} else if tunnel.Status == portainer.EdgeAgentActive && elapsed.Seconds() > activeTimeout.Seconds() {
-			log.Printf("[DEBUG] [chisel,monitoring] [endpoint_id: %s] [status: %s] [status_time_seconds: %f] [timeout_seconds: %f] [message: ACTIVE state timeout exceeded]", item.Key, tunnel.Status, elapsed.Seconds(), activeTimeout.Seconds())
-
-			endpointID, err := strconv.Atoi(item.Key)
-			if err != nil {
-				log.Printf("[ERROR] [chisel,snapshot,conversion] Invalid endpoint identifier (id: %s): %s", item.Key, err)
-			}
-
-			err = service.snapshotEnvironment(portainer.EndpointID(endpointID), tunnel.Port)
-			if err != nil {
-				log.Printf("[ERROR] [snapshot] Unable to snapshot Edge endpoint (id: %s): %s", item.Key, err)
-			}
-		}
-
-		if len(tunnel.Schedules) > 0 {
-			endpointID, err := strconv.Atoi(item.Key)
-			if err != nil {
-				log.Printf("[ERROR] [chisel,conversion] Invalid endpoint identifier (id: %s): %s", item.Key, err)
-				continue
-			}
-
-			service.SetTunnelStatusToIdle(portainer.EndpointID(endpointID))
-		} else {
-			service.tunnelDetailsMap.Remove(item.Key)
-		}
-
-	}
-}
-
-func (service *Service) snapshotEnvironment(endpointID portainer.EndpointID, tunnelPort int) error {
-	endpoint, err := service.endpointService.Endpoint(portainer.EndpointID(endpointID))
-	if err != nil {
-		return err
-	}
-
-	endpointURL := endpoint.URL
-	endpoint.URL = fmt.Sprintf("tcp://127.0.0.1:%d", tunnelPort)
-	snapshot, err := service.snapshotter.CreateSnapshot(endpoint)
-	if err != nil {
-		return err
-	}
-
-	endpoint.Snapshots = []portainer.Snapshot{*snapshot}
-	endpoint.URL = endpointURL
-	return service.endpointService.UpdateEndpoint(endpoint.ID, endpoint)
-}

api/chisel/tunnel.go

@@ -1,144 +0,0 @@
-package chisel
-
-import (
-	"encoding/base64"
-	"fmt"
-	"math/rand"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/portainer/libcrypto"
-
-	"github.com/dchest/uniuri"
-	portainer "github.com/portainer/portainer/api"
-)
-
-const (
-	minAvailablePort = 49152
-	maxAvailablePort = 65535
-)
-
-// getUnusedPort is used to generate an unused random port in the dynamic port range.
-// Dynamic ports (also called private ports) are 49152 to 65535.
-func (service *Service) getUnusedPort() int {
-	port := randomInt(minAvailablePort, maxAvailablePort)
-
-	for item := range service.tunnelDetailsMap.IterBuffered() {
-		tunnel := item.Val.(*portainer.TunnelDetails)
-		if tunnel.Port == port {
-			return service.getUnusedPort()
-		}
-	}
-
-	return port
-}
-
-func randomInt(min, max int) int {
-	return min + rand.Intn(max-min)
-}
-
-// GetTunnelDetails returns information about the tunnel associated to an endpoint.
-func (service *Service) GetTunnelDetails(endpointID portainer.EndpointID) *portainer.TunnelDetails {
-	key := strconv.Itoa(int(endpointID))
-
-	if item, ok := service.tunnelDetailsMap.Get(key); ok {
-		tunnelDetails := item.(*portainer.TunnelDetails)
-		return tunnelDetails
-	}
-
-	schedules := make([]portainer.EdgeSchedule, 0)
-	return &portainer.TunnelDetails{
-		Status:      portainer.EdgeAgentIdle,
-		Port:        0,
-		Schedules:   schedules,
-		Credentials: "",
-	}
-}
-
-// SetTunnelStatusToActive update the status of the tunnel associated to the specified endpoint.
-// It sets the status to ACTIVE.
-func (service *Service) SetTunnelStatusToActive(endpointID portainer.EndpointID) {
-	tunnel := service.GetTunnelDetails(endpointID)
-	tunnel.Status = portainer.EdgeAgentActive
-	tunnel.Credentials = ""
-	tunnel.LastActivity = time.Now()
-
-	key := strconv.Itoa(int(endpointID))
-	service.tunnelDetailsMap.Set(key, tunnel)
-}
-
-// SetTunnelStatusToIdle update the status of the tunnel associated to the specified endpoint.
-// It sets the status to IDLE.
-// It removes any existing credentials associated to the tunnel.
-func (service *Service) SetTunnelStatusToIdle(endpointID portainer.EndpointID) {
-	tunnel := service.GetTunnelDetails(endpointID)
-
-	tunnel.Status = portainer.EdgeAgentIdle
-	tunnel.Port = 0
-	tunnel.LastActivity = time.Now()
-
-	credentials := tunnel.Credentials
-	if credentials != "" {
-		tunnel.Credentials = ""
-		service.chiselServer.DeleteUser(strings.Split(credentials, ":")[0])
-	}
-
-	key := strconv.Itoa(int(endpointID))
-	service.tunnelDetailsMap.Set(key, tunnel)
-}
-
-// SetTunnelStatusToRequired update the status of the tunnel associated to the specified endpoint.
-// It sets the status to REQUIRED.
-// If no port is currently associated to the tunnel, it will associate a random unused port to the tunnel
-// and generate temporary credentials that can be used to establish a reverse tunnel on that port.
-// Credentials are encrypted using the Edge ID associated to the endpoint.
-func (service *Service) SetTunnelStatusToRequired(endpointID portainer.EndpointID) error {
-	tunnel := service.GetTunnelDetails(endpointID)
-
-	if tunnel.Port == 0 {
-		endpoint, err := service.endpointService.Endpoint(endpointID)
-		if err != nil {
-			return err
-		}
-
-		tunnel.Status = portainer.EdgeAgentManagementRequired
-		tunnel.Port = service.getUnusedPort()
-		tunnel.LastActivity = time.Now()
-
-		username, password := generateRandomCredentials()
-		authorizedRemote := fmt.Sprintf("^R:0.0.0.0:%d$", tunnel.Port)
-		err = service.chiselServer.AddUser(username, password, authorizedRemote)
-		if err != nil {
-			return err
-		}
-
-		credentials, err := encryptCredentials(username, password, endpoint.EdgeID)
-		if err != nil {
-			return err
-		}
-		tunnel.Credentials = credentials
-
-		key := strconv.Itoa(int(endpointID))
-		service.tunnelDetailsMap.Set(key, tunnel)
-	}
-
-	return nil
-}
-
-func generateRandomCredentials() (string, string) {
-	username := uniuri.NewLen(8)
-	password := uniuri.NewLen(8)
-	return username, password
-}
-
-func encryptCredentials(username, password, key string) (string, error) {
-	credentials := fmt.Sprintf("%s:%s", username, password)
-
-	encryptedCredentials, err := libcrypto.Encrypt([]byte(credentials), []byte(key))
-	if err != nil {
-		return "", err
-	}
-
-	return base64.RawStdEncoding.EncodeToString(encryptedCredentials), nil
-}

api/cli/cli.go

@@ -1,10 +1,9 @@
 package cli
 
 import (
-	"log"
 	"time"
 
-	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer"
 
 	"os"
 	"path/filepath"
@@ -34,13 +33,11 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 
 	flags := &portainer.CLIFlags{
 		Addr:              kingpin.Flag("bind", "Address and port to serve Portainer").Default(defaultBindAddress).Short('p').String(),
-		TunnelAddr:        kingpin.Flag("tunnel-addr", "Address to serve the tunnel server").Default(defaultTunnelServerAddress).String(),
-		TunnelPort:        kingpin.Flag("tunnel-port", "Port to serve the tunnel server").Default(defaultTunnelServerPort).String(),
 		Assets:            kingpin.Flag("assets", "Path to the assets").Default(defaultAssetsDirectory).Short('a').String(),
 		Data:              kingpin.Flag("data", "Path to the folder where the data is stored").Default(defaultDataDirectory).Short('d').String(),
 		EndpointURL:       kingpin.Flag("host", "Endpoint URL").Short('H').String(),
-		ExternalEndpoints: kingpin.Flag("external-endpoints", "Path to a file defining available endpoints (deprecated)").String(),
-		NoAuth:            kingpin.Flag("no-auth", "Disable authentication (deprecated)").Default(defaultNoAuth).Bool(),
+		ExternalEndpoints: kingpin.Flag("external-endpoints", "Path to a file defining available endpoints").String(),
+		NoAuth:            kingpin.Flag("no-auth", "Disable authentication").Default(defaultNoAuth).Bool(),
 		NoAnalytics:       kingpin.Flag("no-analytics", "Disable Analytics in app").Default(defaultNoAnalytics).Bool(),
 		TLS:               kingpin.Flag("tlsverify", "TLS support").Default(defaultTLS).Bool(),
 		TLSSkipVerify:     kingpin.Flag("tlsskipverify", "Disable TLS server verification").Default(defaultTLSSkipVerify).Bool(),
@@ -50,15 +47,15 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 		SSL:               kingpin.Flag("ssl", "Secure Portainer instance using SSL").Default(defaultSSL).Bool(),
 		SSLCert:           kingpin.Flag("sslcert", "Path to the SSL certificate used to secure the Portainer instance").Default(defaultSSLCertPath).String(),
 		SSLKey:            kingpin.Flag("sslkey", "Path to the SSL key used to secure the Portainer instance").Default(defaultSSLKeyPath).String(),
-		SyncInterval:      kingpin.Flag("sync-interval", "Duration between each synchronization via the external endpoints source (deprecated)").Default(defaultSyncInterval).String(),
-		Snapshot:          kingpin.Flag("snapshot", "Start a background job to create endpoint snapshots (deprecated)").Default(defaultSnapshot).Bool(),
+		SyncInterval:      kingpin.Flag("sync-interval", "Duration between each synchronization via the external endpoints source").Default(defaultSyncInterval).String(),
+		Snapshot:          kingpin.Flag("snapshot", "Start a background job to create endpoint snapshots").Default(defaultSnapshot).Bool(),
 		SnapshotInterval:  kingpin.Flag("snapshot-interval", "Duration between each endpoint snapshot job").Default(defaultSnapshotInterval).String(),
 		AdminPassword:     kingpin.Flag("admin-password", "Hashed admin password").String(),
 		AdminPasswordFile: kingpin.Flag("admin-password-file", "Path to the file containing the password for the admin user").String(),
 		Labels:            pairs(kingpin.Flag("hide-label", "Hide containers with a specific label in the UI").Short('l')),
 		Logo:              kingpin.Flag("logo", "URL for the logo displayed in the UI").String(),
 		Templates:         kingpin.Flag("templates", "URL to the templates definitions.").Short('t').String(),
-		TemplateFile:      kingpin.Flag("template-file", "Path to the App templates definitions on the filesystem (deprecated)").Default(defaultTemplateFile).String(),
+		TemplateFile:      kingpin.Flag("template-file", "Path to the templates (app) definitions on the filesystem").Default(defaultTemplateFile).String(),
 	}
 
 	kingpin.Parse()
@@ -77,8 +74,6 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 // ValidateFlags validates the values of the flags.
 func (*Service) ValidateFlags(flags *portainer.CLIFlags) error {
 
-	displayDeprecationWarnings(flags)
-
 	if *flags.EndpointURL != "" && *flags.ExternalEndpoints != "" {
 		return errEndpointExcludeExternal
 	}
@@ -119,28 +114,6 @@ func (*Service) ValidateFlags(flags *portainer.CLIFlags) error {
 	return nil
 }
 
-func displayDeprecationWarnings(flags *portainer.CLIFlags) {
-	if *flags.ExternalEndpoints != "" {
-		log.Println("Warning: the --external-endpoint flag is deprecated and will likely be removed in a future version of Portainer.")
-	}
-
-	if *flags.SyncInterval != defaultSyncInterval {
-		log.Println("Warning: the --sync-interval flag is deprecated and will likely be removed in a future version of Portainer.")
-	}
-
-	if *flags.NoAuth {
-		log.Println("Warning: the --no-auth flag is deprecated and will likely be removed in a future version of Portainer.")
-	}
-
-	if !*flags.Snapshot {
-		log.Println("Warning: the --no-snapshot flag is deprecated and will likely be removed in a future version of Portainer.")
-	}
-
-	if *flags.TemplateFile != "" {
-		log.Println("Warning: the --template-file flag is deprecated and will likely be removed in a future version of Portainer.")
-	}
-}
-
 func validateEndpointURL(endpointURL string) error {
 	if endpointURL != "" {
 		if !strings.HasPrefix(endpointURL, "unix://") && !strings.HasPrefix(endpointURL, "tcp://") && !strings.HasPrefix(endpointURL, "npipe://") {

api/cli/defaults.go

@@ -3,23 +3,21 @@
 package cli
 
 const (
-	defaultBindAddress         = ":9000"
-	defaultTunnelServerAddress = "0.0.0.0"
-	defaultTunnelServerPort    = "8000"
-	defaultDataDirectory       = "/data"
-	defaultAssetsDirectory     = "./"
-	defaultNoAuth              = "false"
-	defaultNoAnalytics         = "false"
-	defaultTLS                 = "false"
-	defaultTLSSkipVerify       = "false"
-	defaultTLSCACertPath       = "/certs/ca.pem"
-	defaultTLSCertPath         = "/certs/cert.pem"
-	defaultTLSKeyPath          = "/certs/key.pem"
-	defaultSSL                 = "false"
-	defaultSSLCertPath         = "/certs/portainer.crt"
-	defaultSSLKeyPath          = "/certs/portainer.key"
-	defaultSyncInterval        = "60s"
-	defaultSnapshot            = "true"
-	defaultSnapshotInterval    = "5m"
-	defaultTemplateFile        = "/templates.json"
+	defaultBindAddress      = ":9000"
+	defaultDataDirectory    = "/data"
+	defaultAssetsDirectory  = "./"
+	defaultNoAuth           = "false"
+	defaultNoAnalytics      = "false"
+	defaultTLS              = "false"
+	defaultTLSSkipVerify    = "false"
+	defaultTLSCACertPath    = "/certs/ca.pem"
+	defaultTLSCertPath      = "/certs/cert.pem"
+	defaultTLSKeyPath       = "/certs/key.pem"
+	defaultSSL              = "false"
+	defaultSSLCertPath      = "/certs/portainer.crt"
+	defaultSSLKeyPath       = "/certs/portainer.key"
+	defaultSyncInterval     = "60s"
+	defaultSnapshot         = "true"
+	defaultSnapshotInterval = "5m"
+	defaultTemplateFile     = "/templates.json"
 )

api/cli/defaults_windows.go

@@ -1,23 +1,21 @@
 package cli
 
 const (
-	defaultBindAddress         = ":9000"
-	defaultTunnelServerAddress = "0.0.0.0"
-	defaultTunnelServerPort    = "8000"
-	defaultDataDirectory       = "C:\\data"
-	defaultAssetsDirectory     = "./"
-	defaultNoAuth              = "false"
-	defaultNoAnalytics         = "false"
-	defaultTLS                 = "false"
-	defaultTLSSkipVerify       = "false"
-	defaultTLSCACertPath       = "C:\\certs\\ca.pem"
-	defaultTLSCertPath         = "C:\\certs\\cert.pem"
-	defaultTLSKeyPath          = "C:\\certs\\key.pem"
-	defaultSSL                 = "false"
-	defaultSSLCertPath         = "C:\\certs\\portainer.crt"
-	defaultSSLKeyPath          = "C:\\certs\\portainer.key"
-	defaultSyncInterval        = "60s"
-	defaultSnapshot            = "true"
-	defaultSnapshotInterval    = "5m"
-	defaultTemplateFile        = "/templates.json"
+	defaultBindAddress      = ":9000"
+	defaultDataDirectory    = "C:\\data"
+	defaultAssetsDirectory  = "./"
+	defaultNoAuth           = "false"
+	defaultNoAnalytics      = "false"
+	defaultTLS              = "false"
+	defaultTLSSkipVerify    = "false"
+	defaultTLSCACertPath    = "C:\\certs\\ca.pem"
+	defaultTLSCertPath      = "C:\\certs\\cert.pem"
+	defaultTLSKeyPath       = "C:\\certs\\key.pem"
+	defaultSSL              = "false"
+	defaultSSLCertPath      = "C:\\certs\\portainer.crt"
+	defaultSSLKeyPath       = "C:\\certs\\portainer.key"
+	defaultSyncInterval     = "60s"
+	defaultSnapshot         = "true"
+	defaultSnapshotInterval = "5m"
+	defaultTemplateFile     = "/templates.json"
 )

api/cli/pairlist.go

@@ -1,7 +1,7 @@
 package cli
 
 import (
-	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer"
 
 	"fmt"
 	"gopkg.in/alecthomas/kingpin.v2"

api/cmd/portainer/main.go

@@ -1,28 +1,25 @@
-package main
+package main // import "github.com/portainer/portainer"
 
 import (
 	"encoding/json"
-	"log"
-	"os"
 	"strings"
-	"time"
 
-	"github.com/portainer/portainer/api/chisel"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/bolt"
+	"github.com/portainer/portainer/cli"
+	"github.com/portainer/portainer/cron"
+	"github.com/portainer/portainer/crypto"
+	"github.com/portainer/portainer/docker"
+	"github.com/portainer/portainer/exec"
+	"github.com/portainer/portainer/filesystem"
+	"github.com/portainer/portainer/git"
+	"github.com/portainer/portainer/http"
+	"github.com/portainer/portainer/http/client"
+	"github.com/portainer/portainer/jwt"
+	"github.com/portainer/portainer/ldap"
+	"github.com/portainer/portainer/libcompose"
 
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/bolt"
-	"github.com/portainer/portainer/api/cli"
-	"github.com/portainer/portainer/api/cron"
-	"github.com/portainer/portainer/api/crypto"
-	"github.com/portainer/portainer/api/docker"
-	"github.com/portainer/portainer/api/exec"
-	"github.com/portainer/portainer/api/filesystem"
-	"github.com/portainer/portainer/api/git"
-	"github.com/portainer/portainer/api/http"
-	"github.com/portainer/portainer/api/http/client"
-	"github.com/portainer/portainer/api/jwt"
-	"github.com/portainer/portainer/api/ldap"
-	"github.com/portainer/portainer/api/libcompose"
+	"log"
 )
 
 func initCLI() *portainer.CLIFlags {
@@ -70,51 +67,12 @@ func initStore(dataStorePath string, fileService portainer.FileService) *bolt.St
 	return store
 }
 
-func initDemoData(store *bolt.Store, cryptoService portainer.CryptoService) error {
-	password, err := cryptoService.Hash("tryportainer")
-	if err != nil {
-		return err
-	}
-
-	admin := &portainer.User{
-		Username: "admin",
-		Password: password,
-		Role:     portainer.AdministratorRole,
-	}
-
-	err = store.UserService.CreateUser(admin)
-	if err != nil {
-		return err
-	}
-
-	localEndpoint := &portainer.Endpoint{
-		ID:        portainer.EndpointID(1),
-		Name:      "local",
-		URL:       "unix:///var/run/docker.sock",
-		PublicURL: "demo.portainer.io",
-		TLSConfig: portainer.TLSConfiguration{
-			TLS: false,
-		},
-		AuthorizedUsers: []portainer.UserID{},
-		AuthorizedTeams: []portainer.TeamID{},
-		Extensions:      []portainer.EndpointExtension{},
-		Tags:            []string{},
-	}
-
-	err = store.EndpointService.CreateEndpoint(localEndpoint)
-	if err != nil {
-		return err
-	}
-
-	return nil
+func initComposeStackManager(dataStorePath string) portainer.ComposeStackManager {
+	return libcompose.NewComposeStackManager(dataStorePath)
 }
 
-func initComposeStackManager(dataStorePath string, reverseTunnelService portainer.ReverseTunnelService) portainer.ComposeStackManager {
-	return libcompose.NewComposeStackManager(dataStorePath, reverseTunnelService)
-}
-
-func initSwarmStackManager(assetsPath string, dataStorePath string, signatureService portainer.DigitalSignatureService, fileService portainer.FileService, reverseTunnelService portainer.ReverseTunnelService) (portainer.SwarmStackManager, error) {
-	return exec.NewSwarmStackManager(assetsPath, dataStorePath, signatureService, fileService, reverseTunnelService)
+func initSwarmStackManager(assetsPath string, dataStorePath string, signatureService portainer.DigitalSignatureService, fileService portainer.FileService) (portainer.SwarmStackManager, error) {
+	return exec.NewSwarmStackManager(assetsPath, dataStorePath, signatureService, fileService)
 }
 
 func initJWTService(authenticationEnabled bool) portainer.JWTService {
@@ -129,140 +87,53 @@ func initJWTService(authenticationEnabled bool) portainer.JWTService {
 }
 
 func initDigitalSignatureService() portainer.DigitalSignatureService {
-	return crypto.NewECDSAService(os.Getenv("AGENT_SECRET"))
+	return &crypto.ECDSAService{}
 }
 
 func initCryptoService() portainer.CryptoService {
 	return &crypto.Service{}
 }
 
+func initDigitalDeploykeyService() portainer.DigitalDeploykeyService {
+	return &crypto.ECDSAService{}
+}
+
+
 func initLDAPService() portainer.LDAPService {
 	return &ldap.Service{}
 }
 
 func initGitService() portainer.GitService {
-	return git.NewService()
+	return &git.Service{}
 }
 
-func initClientFactory(signatureService portainer.DigitalSignatureService, reverseTunnelService portainer.ReverseTunnelService) *docker.ClientFactory {
-	return docker.NewClientFactory(signatureService, reverseTunnelService)
+func initClientFactory(signatureService portainer.DigitalSignatureService) *docker.ClientFactory {
+	return docker.NewClientFactory(signatureService)
 }
 
 func initSnapshotter(clientFactory *docker.ClientFactory) portainer.Snapshotter {
 	return docker.NewSnapshotter(clientFactory)
 }
 
-func initJobScheduler() portainer.JobScheduler {
-	return cron.NewJobScheduler()
-}
+func initJobScheduler(endpointService portainer.EndpointService, snapshotter portainer.Snapshotter, flags *portainer.CLIFlags) (portainer.JobScheduler, error) {
+	jobScheduler := cron.NewJobScheduler(endpointService, snapshotter)
 
-func loadSnapshotSystemSchedule(jobScheduler portainer.JobScheduler, snapshotter portainer.Snapshotter, scheduleService portainer.ScheduleService, endpointService portainer.EndpointService, settingsService portainer.SettingsService) error {
-	settings, err := settingsService.Settings()
-	if err != nil {
-		return err
-	}
-
-	schedules, err := scheduleService.SchedulesByJobType(portainer.SnapshotJobType)
-	if err != nil {
-		return err
-	}
-
-	var snapshotSchedule *portainer.Schedule
-	if len(schedules) == 0 {
-		snapshotJob := &portainer.SnapshotJob{}
-		snapshotSchedule = &portainer.Schedule{
-			ID:             portainer.ScheduleID(scheduleService.GetNextIdentifier()),
-			Name:           "system_snapshot",
-			CronExpression: "@every " + settings.SnapshotInterval,
-			Recurring:      true,
-			JobType:        portainer.SnapshotJobType,
-			SnapshotJob:    snapshotJob,
-			Created:        time.Now().Unix(),
+	if *flags.ExternalEndpoints != "" {
+		log.Println("Using external endpoint definition. Endpoint management via the API will be disabled.")
+		err := jobScheduler.ScheduleEndpointSyncJob(*flags.ExternalEndpoints, *flags.SyncInterval)
+		if err != nil {
+			return nil, err
 		}
-	} else {
-		snapshotSchedule = &schedules[0]
 	}
 
-	snapshotJobContext := cron.NewSnapshotJobContext(endpointService, snapshotter)
-	snapshotJobRunner := cron.NewSnapshotJobRunner(snapshotSchedule, snapshotJobContext)
-
-	err = jobScheduler.ScheduleJob(snapshotJobRunner)
-	if err != nil {
-		return err
-	}
-
-	if len(schedules) == 0 {
-		return scheduleService.CreateSchedule(snapshotSchedule)
-	}
-	return nil
-}
-
-func loadEndpointSyncSystemSchedule(jobScheduler portainer.JobScheduler, scheduleService portainer.ScheduleService, endpointService portainer.EndpointService, flags *portainer.CLIFlags) error {
-	if *flags.ExternalEndpoints == "" {
-		return nil
-	}
-
-	log.Println("Using external endpoint definition. Endpoint management via the API will be disabled.")
-
-	schedules, err := scheduleService.SchedulesByJobType(portainer.EndpointSyncJobType)
-	if err != nil {
-		return err
-	}
-
-	if len(schedules) != 0 {
-		return nil
-	}
-
-	endpointSyncJob := &portainer.EndpointSyncJob{}
-
-	endpointSyncSchedule := &portainer.Schedule{
-		ID:              portainer.ScheduleID(scheduleService.GetNextIdentifier()),
-		Name:            "system_endpointsync",
-		CronExpression:  "@every " + *flags.SyncInterval,
-		Recurring:       true,
-		JobType:         portainer.EndpointSyncJobType,
-		EndpointSyncJob: endpointSyncJob,
-		Created:         time.Now().Unix(),
-	}
-
-	endpointSyncJobContext := cron.NewEndpointSyncJobContext(endpointService, *flags.ExternalEndpoints)
-	endpointSyncJobRunner := cron.NewEndpointSyncJobRunner(endpointSyncSchedule, endpointSyncJobContext)
-
-	err = jobScheduler.ScheduleJob(endpointSyncJobRunner)
-	if err != nil {
-		return err
-	}
-
-	return scheduleService.CreateSchedule(endpointSyncSchedule)
-}
-
-func loadSchedulesFromDatabase(jobScheduler portainer.JobScheduler, jobService portainer.JobService, scheduleService portainer.ScheduleService, endpointService portainer.EndpointService, fileService portainer.FileService, reverseTunnelService portainer.ReverseTunnelService) error {
-	schedules, err := scheduleService.Schedules()
-	if err != nil {
-		return err
-	}
-
-	for _, schedule := range schedules {
-
-		if schedule.JobType == portainer.ScriptExecutionJobType {
-			jobContext := cron.NewScriptExecutionJobContext(jobService, endpointService, fileService)
-			jobRunner := cron.NewScriptExecutionJobRunner(&schedule, jobContext)
-
-			err = jobScheduler.ScheduleJob(jobRunner)
-			if err != nil {
-				return err
-			}
+	if *flags.Snapshot {
+		err := jobScheduler.ScheduleSnapshotJob(*flags.SnapshotInterval)
+		if err != nil {
+			return nil, err
 		}
-
-		if schedule.EdgeSchedule != nil {
-			for _, endpointID := range schedule.EdgeSchedule.Endpoints {
-				reverseTunnelService.AddSchedule(endpointID, schedule.EdgeSchedule)
-			}
-		}
-
 	}
 
-	return nil
+	return jobScheduler, nil
 }
 
 func initStatus(endpointManagement, snapshot bool, flags *portainer.CLIFlags) *portainer.Status {
@@ -298,7 +169,6 @@ func initSettings(settingsService portainer.SettingsService, flags *portainer.CL
 			LogoURL:              *flags.Logo,
 			AuthenticationMethod: portainer.AuthenticationInternal,
 			LDAPSettings: portainer.LDAPSettings{
-				AnonymousMode:   true,
 				AutoCreateUsers: true,
 				TLSConfig:       portainer.TLSConfiguration{},
 				SearchSettings: []portainer.LDAPSearchSettings{
@@ -308,16 +178,9 @@ func initSettings(settingsService portainer.SettingsService, flags *portainer.CL
 					portainer.LDAPGroupSearchSettings{},
 				},
 			},
-			OAuthSettings:                       portainer.OAuthSettings{},
-			AllowBindMountsForRegularUsers:      true,
-			AllowPrivilegedModeForRegularUsers:  true,
-			AllowVolumeBrowserForRegularUsers:   false,
-			AllowDeviceMappingForRegularUsers:   true,
-			AllowStackManagementForRegularUsers: true,
-			EnableHostManagementFeatures:        false,
-			AllowHostNamespaceForRegularUsers:   true,
-			SnapshotInterval:                    *flags.SnapshotInterval,
-			EdgeAgentCheckinInterval:            portainer.DefaultEdgeAgentCheckinIntervalInSeconds,
+			AllowBindMountsForRegularUsers:     true,
+			AllowPrivilegedModeForRegularUsers: true,
+			SnapshotInterval:                   *flags.SnapshotInterval,
 		}
 
 		if *flags.Templates != "" {
@@ -430,18 +293,18 @@ func createTLSSecuredEndpoint(flags *portainer.CLIFlags, endpointService portain
 
 	endpointID := endpointService.GetNextIdentifier()
 	endpoint := &portainer.Endpoint{
-		ID:                 portainer.EndpointID(endpointID),
-		Name:               "primary",
-		URL:                *flags.EndpointURL,
-		GroupID:            portainer.EndpointGroupID(1),
-		Type:               portainer.DockerEnvironment,
-		TLSConfig:          tlsConfiguration,
-		UserAccessPolicies: portainer.UserAccessPolicies{},
-		TeamAccessPolicies: portainer.TeamAccessPolicies{},
-		Extensions:         []portainer.EndpointExtension{},
-		TagIDs:             []portainer.TagID{},
-		Status:             portainer.EndpointStatusUp,
-		Snapshots:          []portainer.Snapshot{},
+		ID:              portainer.EndpointID(endpointID),
+		Name:            "primary",
+		URL:             *flags.EndpointURL,
+		GroupID:         portainer.EndpointGroupID(1),
+		Type:            portainer.DockerEnvironment,
+		TLSConfig:       tlsConfiguration,
+		AuthorizedUsers: []portainer.UserID{},
+		AuthorizedTeams: []portainer.TeamID{},
+		Extensions:      []portainer.EndpointExtension{},
+		Tags:            []string{},
+		Status:          portainer.EndpointStatusUp,
+		Snapshots:       []portainer.Snapshot{},
 	}
 
 	if strings.HasPrefix(endpoint.URL, "tcp://") {
@@ -473,18 +336,18 @@ func createUnsecuredEndpoint(endpointURL string, endpointService portainer.Endpo
 
 	endpointID := endpointService.GetNextIdentifier()
 	endpoint := &portainer.Endpoint{
-		ID:                 portainer.EndpointID(endpointID),
-		Name:               "primary",
-		URL:                endpointURL,
-		GroupID:            portainer.EndpointGroupID(1),
-		Type:               portainer.DockerEnvironment,
-		TLSConfig:          portainer.TLSConfiguration{},
-		UserAccessPolicies: portainer.UserAccessPolicies{},
-		TeamAccessPolicies: portainer.TeamAccessPolicies{},
-		Extensions:         []portainer.EndpointExtension{},
-		TagIDs:             []portainer.TagID{},
-		Status:             portainer.EndpointStatusUp,
-		Snapshots:          []portainer.Snapshot{},
+		ID:              portainer.EndpointID(endpointID),
+		Name:            "primary",
+		URL:             endpointURL,
+		GroupID:         portainer.EndpointGroupID(1),
+		Type:            portainer.DockerEnvironment,
+		TLSConfig:       portainer.TLSConfiguration{},
+		AuthorizedUsers: []portainer.UserID{},
+		AuthorizedTeams: []portainer.TeamID{},
+		Extensions:      []portainer.EndpointExtension{},
+		Tags:            []string{},
+		Status:          portainer.EndpointStatusUp,
+		Snapshots:       []portainer.Snapshot{},
 	}
 
 	return snapshotAndPersistEndpoint(endpoint, endpointService, snapshotter)
@@ -525,36 +388,6 @@ func initEndpoint(flags *portainer.CLIFlags, endpointService portainer.EndpointS
 	return createUnsecuredEndpoint(*flags.EndpointURL, endpointService, snapshotter)
 }
 
-func initJobService(dockerClientFactory *docker.ClientFactory) portainer.JobService {
-	return docker.NewJobService(dockerClientFactory)
-}
-
-func initExtensionManager(fileService portainer.FileService, extensionService portainer.ExtensionService) (portainer.ExtensionManager, error) {
-	extensionManager := exec.NewExtensionManager(fileService, extensionService)
-
-	err := extensionManager.StartExtensions()
-	if err != nil {
-		return nil, err
-	}
-
-	return extensionManager, nil
-}
-
-func terminateIfNoAdminCreated(userService portainer.UserService) {
-	timer1 := time.NewTimer(5 * time.Minute)
-	<-timer1.C
-
-	users, err := userService.UsersByRole(portainer.AdministratorRole)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	if len(users) == 0 {
-		log.Fatal("No administrator account was created after 5 min. Shutting down the Portainer instance for security reasons.")
-		return
-	}
-}
-
 func main() {
 	flags := initCLI()
 
@@ -571,39 +404,37 @@ func main() {
 
 	cryptoService := initCryptoService()
 
-	initDemoData(store, cryptoService)
-
 	digitalSignatureService := initDigitalSignatureService()
 
+	digitalDeploykeyService := initDigitalDeploykeyService()
+
 	err := initKeyPair(fileService, digitalSignatureService)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	extensionManager, err := initExtensionManager(fileService, store.ExtensionService)
+	clientFactory := initClientFactory(digitalSignatureService)
+
+	snapshotter := initSnapshotter(clientFactory)
+
+	jobScheduler, err := initJobScheduler(store.EndpointService, snapshotter, flags)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	reverseTunnelService := chisel.NewService(store.EndpointService, store.TunnelServerService)
-
-	clientFactory := initClientFactory(digitalSignatureService, reverseTunnelService)
-
-	jobService := initJobService(clientFactory)
-
-	snapshotter := initSnapshotter(clientFactory)
+	jobScheduler.Start()
 
 	endpointManagement := true
 	if *flags.ExternalEndpoints != "" {
 		endpointManagement = false
 	}
 
-	swarmStackManager, err := initSwarmStackManager(*flags.Assets, *flags.Data, digitalSignatureService, fileService, reverseTunnelService)
+	swarmStackManager, err := initSwarmStackManager(*flags.Assets, *flags.Data, digitalSignatureService, fileService)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	composeStackManager := initComposeStackManager(*flags.Data, reverseTunnelService)
+	composeStackManager := initComposeStackManager(*flags.Data)
 
 	err = initTemplates(store.TemplateService, fileService, *flags.Templates, *flags.TemplateFile)
 	if err != nil {
@@ -615,27 +446,6 @@ func main() {
 		log.Fatal(err)
 	}
 
-	jobScheduler := initJobScheduler()
-
-	err = loadSchedulesFromDatabase(jobScheduler, jobService, store.ScheduleService, store.EndpointService, fileService, reverseTunnelService)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	err = loadEndpointSyncSystemSchedule(jobScheduler, store.ScheduleService, store.EndpointService, flags)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	if *flags.Snapshot {
-		err = loadSnapshotSystemSchedule(jobScheduler, snapshotter, store.ScheduleService, store.EndpointService, store.SettingsService)
-		if err != nil {
-			log.Fatal(err)
-		}
-	}
-
-	jobScheduler.Start()
-
 	err = initDockerHub(store.DockerHubService)
 	if err != nil {
 		log.Fatal(err)
@@ -654,7 +464,7 @@ func main() {
 		if err != nil {
 			log.Fatal(err)
 		}
-		adminPasswordHash, err = cryptoService.Hash(strings.TrimSuffix(string(content), "\n"))
+		adminPasswordHash, err = cryptoService.Hash(string(content))
 		if err != nil {
 			log.Fatal(err)
 		}
@@ -669,12 +479,11 @@ func main() {
 		}
 
 		if len(users) == 0 {
-			log.Println("Created admin user with the given password.")
+			log.Printf("Creating admin user with password hash %s", adminPasswordHash)
 			user := &portainer.User{
-				Username:                "admin",
-				Role:                    portainer.AdministratorRole,
-				Password:                adminPasswordHash,
-				PortainerAuthorizations: portainer.DefaultPortainerAuthorizations(),
+				Username: "admin",
+				Role:     portainer.AdministratorRole,
+				Password: adminPasswordHash,
 			}
 			err := store.UserService.CreateUser(user)
 			if err != nil {
@@ -685,57 +494,41 @@ func main() {
 		}
 	}
 
-	if !*flags.NoAuth {
-		go terminateIfNoAdminCreated(store.UserService)
-	}
-
-	err = reverseTunnelService.StartTunnelServer(*flags.TunnelAddr, *flags.TunnelPort, snapshotter)
-	if err != nil {
-		log.Fatal(err)
-	}
-
 	var server portainer.Server = &http.Server{
-		ReverseTunnelService:    reverseTunnelService,
-		Status:                  applicationStatus,
-		BindAddress:             *flags.Addr,
-		AssetsPath:              *flags.Assets,
-		AuthDisabled:            *flags.NoAuth,
-		EndpointManagement:      endpointManagement,
-		RoleService:             store.RoleService,
-		UserService:             store.UserService,
-		TeamService:             store.TeamService,
-		TeamMembershipService:   store.TeamMembershipService,
-		EdgeGroupService:        store.EdgeGroupService,
-		EdgeStackService:        store.EdgeStackService,
-		EndpointService:         store.EndpointService,
-		EndpointGroupService:    store.EndpointGroupService,
-		EndpointRelationService: store.EndpointRelationService,
-		ExtensionService:        store.ExtensionService,
-		ResourceControlService:  store.ResourceControlService,
-		SettingsService:         store.SettingsService,
-		RegistryService:         store.RegistryService,
-		DockerHubService:        store.DockerHubService,
-		StackService:            store.StackService,
-		ScheduleService:         store.ScheduleService,
-		TagService:              store.TagService,
-		TemplateService:         store.TemplateService,
-		WebhookService:          store.WebhookService,
-		SwarmStackManager:       swarmStackManager,
-		ComposeStackManager:     composeStackManager,
-		ExtensionManager:        extensionManager,
-		CryptoService:           cryptoService,
-		JWTService:              jwtService,
-		FileService:             fileService,
-		LDAPService:             ldapService,
-		GitService:              gitService,
-		SignatureService:        digitalSignatureService,
-		JobScheduler:            jobScheduler,
-		Snapshotter:             snapshotter,
-		SSL:                     *flags.SSL,
-		SSLCert:                 *flags.SSLCert,
-		SSLKey:                  *flags.SSLKey,
-		DockerClientFactory:     clientFactory,
-		JobService:              jobService,
+		Status:                 applicationStatus,
+		BindAddress:            *flags.Addr,
+		AssetsPath:             *flags.Assets,
+		AuthDisabled:           *flags.NoAuth,
+		EndpointManagement:     endpointManagement,
+		UserService:            store.UserService,
+		TeamService:            store.TeamService,
+		TeamMembershipService:  store.TeamMembershipService,
+		EndpointService:        store.EndpointService,
+		EndpointGroupService:   store.EndpointGroupService,
+		DeploykeyService:        store.DeploykeyService,
+		DigitalDeploykeyService: digitalDeploykeyService,
+		ResourceControlService: store.ResourceControlService,
+		SettingsService:        store.SettingsService,
+		RegistryService:        store.RegistryService,
+		DockerHubService:       store.DockerHubService,
+		StackService:           store.StackService,
+		TagService:             store.TagService,
+		TemplateService:        store.TemplateService,
+		WebhookService:         store.WebhookService,
+		SwarmStackManager:      swarmStackManager,
+		ComposeStackManager:    composeStackManager,
+		CryptoService:          cryptoService,
+		JWTService:             jwtService,
+		FileService:            fileService,
+		LDAPService:            ldapService,
+		GitService:             gitService,
+		SignatureService:       digitalSignatureService,
+		JobScheduler:           jobScheduler,
+		Snapshotter:            snapshotter,
+		SSL:                    *flags.SSL,
+		SSLCert:                *flags.SSLCert,
+		SSLKey:                 *flags.SSLKey,
+		DockerClientFactory:    clientFactory,
 	}
 
 	log.Printf("Starting Portainer %s on %s", portainer.APIVersion, *flags.Addr)

api/cron/job_endpoint_snapshot.go

@@ -0,0 +1,60 @@
+package cron
+
+import (
+	"log"
+
+	"github.com/portainer/portainer"
+)
+
+type (
+	endpointSnapshotJob struct {
+		endpointService portainer.EndpointService
+		snapshotter     portainer.Snapshotter
+	}
+)
+
+func newEndpointSnapshotJob(endpointService portainer.EndpointService, snapshotter portainer.Snapshotter) endpointSnapshotJob {
+	return endpointSnapshotJob{
+		endpointService: endpointService,
+		snapshotter:     snapshotter,
+	}
+}
+
+func (job endpointSnapshotJob) Snapshot() error {
+
+	endpoints, err := job.endpointService.Endpoints()
+	if err != nil {
+		return err
+	}
+
+	for _, endpoint := range endpoints {
+		if endpoint.Type == portainer.AzureEnvironment {
+			continue
+		}
+
+		snapshot, err := job.snapshotter.CreateSnapshot(&endpoint)
+		endpoint.Status = portainer.EndpointStatusUp
+		if err != nil {
+			log.Printf("cron error: endpoint snapshot error (endpoint=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, err)
+			endpoint.Status = portainer.EndpointStatusDown
+		}
+
+		if snapshot != nil {
+			endpoint.Snapshots = []portainer.Snapshot{*snapshot}
+		}
+
+		err = job.endpointService.UpdateEndpoint(endpoint.ID, &endpoint)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (job endpointSnapshotJob) Run() {
+	err := job.Snapshot()
+	if err != nil {
+		log.Printf("cron error: snapshot job error (err=%s)\n", err)
+	}
+}

api/cron/job_endpoint_sync.go

@@ -6,96 +6,47 @@ import (
 	"log"
 	"strings"
 
-	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer"
 )
 
-// EndpointSyncJobRunner is used to run a EndpointSyncJob
-type EndpointSyncJobRunner struct {
-	schedule *portainer.Schedule
-	context  *EndpointSyncJobContext
-}
+type (
+	endpointSyncJob struct {
+		endpointService  portainer.EndpointService
+		endpointFilePath string
+	}
 
-// EndpointSyncJobContext represents the context of execution of a EndpointSyncJob
-type EndpointSyncJobContext struct {
-	endpointService  portainer.EndpointService
-	endpointFilePath string
-}
+	synchronization struct {
+		endpointsToCreate []*portainer.Endpoint
+		endpointsToUpdate []*portainer.Endpoint
+		endpointsToDelete []*portainer.Endpoint
+	}
 
-// NewEndpointSyncJobContext returns a new context that can be used to execute a EndpointSyncJob
-func NewEndpointSyncJobContext(endpointService portainer.EndpointService, endpointFilePath string) *EndpointSyncJobContext {
-	return &EndpointSyncJobContext{
+	fileEndpoint struct {
+		Name          string `json:"Name"`
+		URL           string `json:"URL"`
+		TLS           bool   `json:"TLS,omitempty"`
+		TLSSkipVerify bool   `json:"TLSSkipVerify,omitempty"`
+		TLSCACert     string `json:"TLSCACert,omitempty"`
+		TLSCert       string `json:"TLSCert,omitempty"`
+		TLSKey        string `json:"TLSKey,omitempty"`
+	}
+)
+
+const (
+	// ErrEmptyEndpointArray is an error raised when the external endpoint source array is empty.
+	ErrEmptyEndpointArray = portainer.Error("External endpoint source is empty")
+)
+
+func newEndpointSyncJob(endpointFilePath string, endpointService portainer.EndpointService) endpointSyncJob {
+	return endpointSyncJob{
 		endpointService:  endpointService,
 		endpointFilePath: endpointFilePath,
 	}
 }
 
-// NewEndpointSyncJobRunner returns a new runner that can be scheduled
-func NewEndpointSyncJobRunner(schedule *portainer.Schedule, context *EndpointSyncJobContext) *EndpointSyncJobRunner {
-	return &EndpointSyncJobRunner{
-		schedule: schedule,
-		context:  context,
-	}
-}
-
-type synchronization struct {
-	endpointsToCreate []*portainer.Endpoint
-	endpointsToUpdate []*portainer.Endpoint
-	endpointsToDelete []*portainer.Endpoint
-}
-
-type fileEndpoint struct {
-	Name          string `json:"Name"`
-	URL           string `json:"URL"`
-	TLS           bool   `json:"TLS,omitempty"`
-	TLSSkipVerify bool   `json:"TLSSkipVerify,omitempty"`
-	TLSCACert     string `json:"TLSCACert,omitempty"`
-	TLSCert       string `json:"TLSCert,omitempty"`
-	TLSKey        string `json:"TLSKey,omitempty"`
-}
-
-// GetSchedule returns the schedule associated to the runner
-func (runner *EndpointSyncJobRunner) GetSchedule() *portainer.Schedule {
-	return runner.schedule
-}
-
-// Run triggers the execution of the endpoint synchronization process.
-func (runner *EndpointSyncJobRunner) Run() {
-	data, err := ioutil.ReadFile(runner.context.endpointFilePath)
-	if endpointSyncError(err) {
-		return
-	}
-
-	var fileEndpoints []fileEndpoint
-	err = json.Unmarshal(data, &fileEndpoints)
-	if endpointSyncError(err) {
-		return
-	}
-
-	if len(fileEndpoints) == 0 {
-		log.Println("background job error (endpoint synchronization). External endpoint source is empty")
-		return
-	}
-
-	storedEndpoints, err := runner.context.endpointService.Endpoints()
-	if endpointSyncError(err) {
-		return
-	}
-
-	convertedFileEndpoints := convertFileEndpoints(fileEndpoints)
-
-	sync := prepareSyncData(storedEndpoints, convertedFileEndpoints)
-	if sync.requireSync() {
-		err = runner.context.endpointService.Synchronize(sync.endpointsToCreate, sync.endpointsToUpdate, sync.endpointsToDelete)
-		if endpointSyncError(err) {
-			return
-		}
-		log.Printf("Endpoint synchronization ended. [created: %v] [updated: %v] [deleted: %v]", len(sync.endpointsToCreate), len(sync.endpointsToUpdate), len(sync.endpointsToDelete))
-	}
-}
-
 func endpointSyncError(err error) bool {
 	if err != nil {
-		log.Printf("background job error (endpoint synchronization). Unable to synchronize endpoints (err=%s)\n", err)
+		log.Printf("cron error: synchronization job error (err=%s)\n", err)
 		return true
 	}
 	return false
@@ -175,7 +126,8 @@ func (sync synchronization) requireSync() bool {
 	return false
 }
 
-func prepareSyncData(storedEndpoints, fileEndpoints []portainer.Endpoint) *synchronization {
+// TMP: endpointSyncJob method to access logger, should be generic
+func (job endpointSyncJob) prepareSyncData(storedEndpoints, fileEndpoints []portainer.Endpoint) *synchronization {
 	endpointsToCreate := make([]*portainer.Endpoint, 0)
 	endpointsToUpdate := make([]*portainer.Endpoint, 0)
 	endpointsToDelete := make([]*portainer.Endpoint, 0)
@@ -212,3 +164,43 @@ func prepareSyncData(storedEndpoints, fileEndpoints []portainer.Endpoint) *synch
 		endpointsToDelete: endpointsToDelete,
 	}
 }
+
+func (job endpointSyncJob) Sync() error {
+	data, err := ioutil.ReadFile(job.endpointFilePath)
+	if endpointSyncError(err) {
+		return err
+	}
+
+	var fileEndpoints []fileEndpoint
+	err = json.Unmarshal(data, &fileEndpoints)
+	if endpointSyncError(err) {
+		return err
+	}
+
+	if len(fileEndpoints) == 0 {
+		return ErrEmptyEndpointArray
+	}
+
+	storedEndpoints, err := job.endpointService.Endpoints()
+	if endpointSyncError(err) {
+		return err
+	}
+
+	convertedFileEndpoints := convertFileEndpoints(fileEndpoints)
+
+	sync := job.prepareSyncData(storedEndpoints, convertedFileEndpoints)
+	if sync.requireSync() {
+		err = job.endpointService.Synchronize(sync.endpointsToCreate, sync.endpointsToUpdate, sync.endpointsToDelete)
+		if endpointSyncError(err) {
+			return err
+		}
+		log.Printf("Endpoint synchronization ended. [created: %v] [updated: %v] [deleted: %v]", len(sync.endpointsToCreate), len(sync.endpointsToUpdate), len(sync.endpointsToDelete))
+	}
+	return nil
+}
+
+func (job endpointSyncJob) Run() {
+	log.Println("cron: synchronization job started")
+	err := job.Sync()
+	endpointSyncError(err)
+}

api/cron/job_script_execution.go

@@ -1,96 +0,0 @@
-package cron
-
-import (
-	"log"
-	"time"
-
-	"github.com/portainer/portainer/api"
-)
-
-// ScriptExecutionJobRunner is used to run a ScriptExecutionJob
-type ScriptExecutionJobRunner struct {
-	schedule     *portainer.Schedule
-	context      *ScriptExecutionJobContext
-	executedOnce bool
-}
-
-// ScriptExecutionJobContext represents the context of execution of a ScriptExecutionJob
-type ScriptExecutionJobContext struct {
-	jobService      portainer.JobService
-	endpointService portainer.EndpointService
-	fileService     portainer.FileService
-}
-
-// NewScriptExecutionJobContext returns a new context that can be used to execute a ScriptExecutionJob
-func NewScriptExecutionJobContext(jobService portainer.JobService, endpointService portainer.EndpointService, fileService portainer.FileService) *ScriptExecutionJobContext {
-	return &ScriptExecutionJobContext{
-		jobService:      jobService,
-		endpointService: endpointService,
-		fileService:     fileService,
-	}
-}
-
-// NewScriptExecutionJobRunner returns a new runner that can be scheduled
-func NewScriptExecutionJobRunner(schedule *portainer.Schedule, context *ScriptExecutionJobContext) *ScriptExecutionJobRunner {
-	return &ScriptExecutionJobRunner{
-		schedule:     schedule,
-		context:      context,
-		executedOnce: false,
-	}
-}
-
-// Run triggers the execution of the job.
-// It will iterate through all the endpoints specified in the context to
-// execute the script associated to the job.
-func (runner *ScriptExecutionJobRunner) Run() {
-	if !runner.schedule.Recurring && runner.executedOnce {
-		return
-	}
-	runner.executedOnce = true
-
-	scriptFile, err := runner.context.fileService.GetFileContent(runner.schedule.ScriptExecutionJob.ScriptPath)
-	if err != nil {
-		log.Printf("scheduled job error (script execution). Unable to retrieve script file (err=%s)\n", err)
-		return
-	}
-
-	targets := make([]*portainer.Endpoint, 0)
-	for _, endpointID := range runner.schedule.ScriptExecutionJob.Endpoints {
-		endpoint, err := runner.context.endpointService.Endpoint(endpointID)
-		if err != nil {
-			log.Printf("scheduled job error (script execution). Unable to retrieve information about endpoint (id=%d) (err=%s)\n", endpointID, err)
-			return
-		}
-
-		targets = append(targets, endpoint)
-	}
-
-	runner.executeAndRetry(targets, scriptFile, 0)
-}
-
-func (runner *ScriptExecutionJobRunner) executeAndRetry(endpoints []*portainer.Endpoint, script []byte, retryCount int) {
-	retryTargets := make([]*portainer.Endpoint, 0)
-
-	for _, endpoint := range endpoints {
-		err := runner.context.jobService.ExecuteScript(endpoint, "", runner.schedule.ScriptExecutionJob.Image, script, runner.schedule)
-		if err == portainer.ErrUnableToPingEndpoint {
-			retryTargets = append(retryTargets, endpoint)
-		} else if err != nil {
-			log.Printf("scheduled job error (script execution). Unable to execute script (endpoint=%s) (err=%s)\n", endpoint.Name, err)
-		}
-	}
-
-	retryCount++
-	if retryCount >= runner.schedule.ScriptExecutionJob.RetryCount {
-		return
-	}
-
-	time.Sleep(time.Duration(runner.schedule.ScriptExecutionJob.RetryInterval) * time.Second)
-
-	runner.executeAndRetry(retryTargets, script, retryCount)
-}
-
-// GetSchedule returns the schedule associated to the runner
-func (runner *ScriptExecutionJobRunner) GetSchedule() *portainer.Schedule {
-	return runner.schedule
-}

api/cron/job_snapshot.go

@@ -1,85 +0,0 @@
-package cron
-
-import (
-	"log"
-
-	"github.com/portainer/portainer/api"
-)
-
-// SnapshotJobRunner is used to run a SnapshotJob
-type SnapshotJobRunner struct {
-	schedule *portainer.Schedule
-	context  *SnapshotJobContext
-}
-
-// SnapshotJobContext represents the context of execution of a SnapshotJob
-type SnapshotJobContext struct {
-	endpointService portainer.EndpointService
-	snapshotter     portainer.Snapshotter
-}
-
-// NewSnapshotJobContext returns a new context that can be used to execute a SnapshotJob
-func NewSnapshotJobContext(endpointService portainer.EndpointService, snapshotter portainer.Snapshotter) *SnapshotJobContext {
-	return &SnapshotJobContext{
-		endpointService: endpointService,
-		snapshotter:     snapshotter,
-	}
-}
-
-// NewSnapshotJobRunner returns a new runner that can be scheduled
-func NewSnapshotJobRunner(schedule *portainer.Schedule, context *SnapshotJobContext) *SnapshotJobRunner {
-	return &SnapshotJobRunner{
-		schedule: schedule,
-		context:  context,
-	}
-}
-
-// GetSchedule returns the schedule associated to the runner
-func (runner *SnapshotJobRunner) GetSchedule() *portainer.Schedule {
-	return runner.schedule
-}
-
-// Run triggers the execution of the schedule.
-// It will iterate through all the endpoints available in the database to
-// create a snapshot of each one of them.
-// As a snapshot can be a long process, to avoid any concurrency issue we
-// retrieve the latest version of the endpoint right after a snapshot.
-func (runner *SnapshotJobRunner) Run() {
-	go func() {
-		endpoints, err := runner.context.endpointService.Endpoints()
-		if err != nil {
-			log.Printf("background schedule error (endpoint snapshot). Unable to retrieve endpoint list (err=%s)\n", err)
-			return
-		}
-
-		for _, endpoint := range endpoints {
-			if endpoint.Type == portainer.AzureEnvironment || endpoint.Type == portainer.EdgeAgentEnvironment {
-				continue
-			}
-
-			snapshot, snapshotError := runner.context.snapshotter.CreateSnapshot(&endpoint)
-
-			latestEndpointReference, err := runner.context.endpointService.Endpoint(endpoint.ID)
-			if latestEndpointReference == nil {
-				log.Printf("background schedule error (endpoint snapshot). Endpoint not found inside the database anymore (endpoint=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, err)
-				continue
-			}
-
-			latestEndpointReference.Status = portainer.EndpointStatusUp
-			if snapshotError != nil {
-				log.Printf("background schedule error (endpoint snapshot). Unable to create snapshot (endpoint=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, snapshotError)
-				latestEndpointReference.Status = portainer.EndpointStatusDown
-			}
-
-			if snapshot != nil {
-				latestEndpointReference.Snapshots = []portainer.Snapshot{*snapshot}
-			}
-
-			err = runner.context.endpointService.UpdateEndpoint(latestEndpointReference.ID, latestEndpointReference)
-			if err != nil {
-				log.Printf("background schedule error (endpoint snapshot). Unable to update endpoint (endpoint=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, err)
-				return
-			}
-		}
-	}()
-}

api/cron/scheduler.go

@@ -1,110 +1,76 @@
 package cron
 
 import (
-	"github.com/portainer/portainer/api"
-	"github.com/robfig/cron/v3"
+	"log"
+
+	"github.com/portainer/portainer"
+	"github.com/robfig/cron"
 )
 
-// JobScheduler represents a service for managing crons
+// JobScheduler represents a service for managing crons.
 type JobScheduler struct {
-	cron *cron.Cron
+	cron            *cron.Cron
+	endpointService portainer.EndpointService
+	snapshotter     portainer.Snapshotter
+
+	endpointFilePath     string
+	endpointSyncInterval string
 }
 
-// NewJobScheduler initializes a new service
-func NewJobScheduler() *JobScheduler {
+// NewJobScheduler initializes a new service.
+func NewJobScheduler(endpointService portainer.EndpointService, snapshotter portainer.Snapshotter) *JobScheduler {
 	return &JobScheduler{
-		cron: cron.New(),
+		cron:            cron.New(),
+		endpointService: endpointService,
+		snapshotter:     snapshotter,
 	}
 }
 
-// ScheduleJob schedules the execution of a job via a runner
-func (scheduler *JobScheduler) ScheduleJob(runner portainer.JobRunner) error {
-	_, err := scheduler.cron.AddJob(runner.GetSchedule().CronExpression, runner)
-	return err
-}
+// ScheduleEndpointSyncJob schedules a cron job to synchronize the endpoints from a file
+func (scheduler *JobScheduler) ScheduleEndpointSyncJob(endpointFilePath string, interval string) error {
 
-// UpdateSystemJobSchedule updates the first occurence of the specified
-// scheduled job based on the specified job type.
-// It does so by re-creating a new cron
-// and adding all the existing jobs. It will then re-schedule the new job
-// with the update cron expression passed in parameter.
-// NOTE: the cron library do not support updating schedules directly
-// hence the work-around
-func (scheduler *JobScheduler) UpdateSystemJobSchedule(jobType portainer.JobType, newCronExpression string) error {
-	cronEntries := scheduler.cron.Entries()
-	newCron := cron.New()
+	scheduler.endpointFilePath = endpointFilePath
+	scheduler.endpointSyncInterval = interval
 
-	for _, entry := range cronEntries {
-		if entry.Job.(portainer.JobRunner).GetSchedule().JobType == jobType {
-			_, err := newCron.AddJob(newCronExpression, entry.Job)
-			if err != nil {
-				return err
-			}
-			continue
-		}
+	job := newEndpointSyncJob(endpointFilePath, scheduler.endpointService)
 
-		newCron.Schedule(entry.Schedule, entry.Job)
+	err := job.Sync()
+	if err != nil {
+		return err
 	}
 
+	return scheduler.cron.AddJob("@every "+interval, job)
+}
+
+// ScheduleSnapshotJob schedules a cron job to create endpoint snapshots
+func (scheduler *JobScheduler) ScheduleSnapshotJob(interval string) error {
+	job := newEndpointSnapshotJob(scheduler.endpointService, scheduler.snapshotter)
+	go job.Snapshot()
+
+	return scheduler.cron.AddJob("@every "+interval, job)
+}
+
+// UpdateSnapshotJob will update the schedules to match the new snapshot interval
+func (scheduler *JobScheduler) UpdateSnapshotJob(interval string) {
+	// TODO: the cron library do not support removing/updating schedules.
+	// As a work-around we need to re-create the cron and reschedule the jobs.
+	// We should update the library.
+	jobs := scheduler.cron.Entries()
 	scheduler.cron.Stop()
-	scheduler.cron = newCron
-	scheduler.cron.Start()
-	return nil
-}
 
-// UpdateJobSchedule updates a specific scheduled job by re-creating a new cron
-// and adding all the existing jobs. It will then re-schedule the new job
-// via the specified JobRunner parameter.
-// NOTE: the cron library do not support updating schedules directly
-// hence the work-around
-func (scheduler *JobScheduler) UpdateJobSchedule(runner portainer.JobRunner) error {
-	cronEntries := scheduler.cron.Entries()
-	newCron := cron.New()
+	scheduler.cron = cron.New()
 
-	for _, entry := range cronEntries {
-
-		if entry.Job.(portainer.JobRunner).GetSchedule().ID == runner.GetSchedule().ID {
-
-			var jobRunner cron.Job = runner
-			if entry.Job.(portainer.JobRunner).GetSchedule().JobType == portainer.SnapshotJobType {
-				jobRunner = entry.Job
-			}
-
-			_, err := newCron.AddJob(runner.GetSchedule().CronExpression, jobRunner)
-			if err != nil {
-				return err
-			}
-			continue
+	for _, job := range jobs {
+		switch job.Job.(type) {
+		case endpointSnapshotJob:
+			scheduler.ScheduleSnapshotJob(interval)
+		case endpointSyncJob:
+			scheduler.ScheduleEndpointSyncJob(scheduler.endpointFilePath, scheduler.endpointSyncInterval)
+		default:
+			log.Println("Unsupported job")
 		}
-
-		newCron.Schedule(entry.Schedule, entry.Job)
 	}
 
-	scheduler.cron.Stop()
-	scheduler.cron = newCron
-	scheduler.cron.Start()
-	return nil
-}
-
-// UnscheduleJob remove a scheduled job by re-creating a new cron
-// and adding all the existing jobs except for the one specified via scheduleID.
-// NOTE: the cron library do not support removing schedules directly
-// hence the work-around
-func (scheduler *JobScheduler) UnscheduleJob(scheduleID portainer.ScheduleID) {
-	cronEntries := scheduler.cron.Entries()
-	newCron := cron.New()
-
-	for _, entry := range cronEntries {
-
-		if entry.Job.(portainer.JobRunner).GetSchedule().ID == scheduleID {
-			continue
-		}
-
-		newCron.Schedule(entry.Schedule, entry.Job)
-	}
-
-	scheduler.cron.Stop()
-	scheduler.cron = newCron
 	scheduler.cron.Start()
 }
 

api/crypto/certs.go

@@ -0,0 +1,378 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package crypto
+
+import (
+	"time"
+)
+
+// These constants from [PROTOCOL.certkeys] represent the algorithm names
+// for certificate types supported by this package.
+const (
+	CertAlgoRSAv01      = "ssh-rsa-cert-v01@openssh.com"
+	CertAlgoDSAv01      = "ssh-dss-cert-v01@openssh.com"
+	CertAlgoECDSA256v01 = "ecdsa-sha2-nistp256-cert-v01@openssh.com"
+	CertAlgoECDSA384v01 = "ecdsa-sha2-nistp384-cert-v01@openssh.com"
+	CertAlgoECDSA521v01 = "ecdsa-sha2-nistp521-cert-v01@openssh.com"
+)
+
+// Certificate types are used to specify whether a certificate is for identification
+// of a user or a host.  Current identities are defined in [PROTOCOL.certkeys].
+const (
+	UserCert = 1
+	HostCert = 2
+)
+
+type signature struct {
+	Format string
+	Blob   []byte
+}
+
+type tuple struct {
+	Name string
+	Data string
+}
+
+const (
+	maxUint64 = 1<<64 - 1
+	maxInt64  = 1<<63 - 1
+)
+
+// CertTime represents an unsigned 64-bit time value in seconds starting from
+// UNIX epoch.  We use CertTime instead of time.Time in order to properly handle
+// the "infinite" time value ^0, which would become negative when expressed as
+// an int64.
+type CertTime uint64
+
+func (ct CertTime) Time() time.Time {
+	if ct > maxInt64 {
+		return time.Unix(maxInt64, 0)
+	}
+	return time.Unix(int64(ct), 0)
+}
+
+func (ct CertTime) IsInfinite() bool {
+	return ct == maxUint64
+}
+
+// An OpenSSHCertV01 represents an OpenSSH certificate as defined in
+// [PROTOCOL.certkeys]?rev=1.8.
+type OpenSSHCertV01 struct {
+	Nonce                   []byte
+	Key                     PublicKey
+	Serial                  uint64
+	Type                    uint32
+	KeyId                   string
+	ValidPrincipals         []string
+	ValidAfter, ValidBefore CertTime
+	CriticalOptions         []tuple
+	Extensions              []tuple
+	Reserved                []byte
+	SignatureKey            PublicKey
+	Signature               *signature
+}
+
+// validateOpenSSHCertV01Signature uses the cert's SignatureKey to verify that
+// the cert's Signature.Blob is the result of signing the cert bytes starting
+// from the algorithm string and going up to and including the SignatureKey.
+func validateOpenSSHCertV01Signature(cert *OpenSSHCertV01) bool {
+	return cert.SignatureKey.Verify(cert.BytesForSigning(), cert.Signature.Blob)
+}
+
+var certAlgoNames = map[string]string{
+	KeyAlgoRSA:      CertAlgoRSAv01,
+	KeyAlgoDSA:      CertAlgoDSAv01,
+	KeyAlgoECDSA256: CertAlgoECDSA256v01,
+	KeyAlgoECDSA384: CertAlgoECDSA384v01,
+	KeyAlgoECDSA521: CertAlgoECDSA521v01,
+}
+
+// certToPrivAlgo returns the underlying algorithm for a certificate algorithm.
+// Panics if a non-certificate algorithm is passed.
+func certToPrivAlgo(algo string) string {
+	for privAlgo, pubAlgo := range certAlgoNames {
+		if pubAlgo == algo {
+			return privAlgo
+		}
+	}
+	panic("unknown cert algorithm")
+}
+
+func (cert *OpenSSHCertV01) marshal(includeAlgo, includeSig bool) []byte {
+	algoName := cert.PublicKeyAlgo()
+	pubKey := cert.Key.Marshal()
+	sigKey := MarshalPublicKey(cert.SignatureKey)
+
+	var length int
+	if includeAlgo {
+		length += stringLength(len(algoName))
+	}
+	length += stringLength(len(cert.Nonce))
+	length += len(pubKey)
+	length += 8 // Length of Serial
+	length += 4 // Length of Type
+	length += stringLength(len(cert.KeyId))
+	length += lengthPrefixedNameListLength(cert.ValidPrincipals)
+	length += 8 // Length of ValidAfter
+	length += 8 // Length of ValidBefore
+	length += tupleListLength(cert.CriticalOptions)
+	length += tupleListLength(cert.Extensions)
+	length += stringLength(len(cert.Reserved))
+	length += stringLength(len(sigKey))
+	if includeSig {
+		length += signatureLength(cert.Signature)
+	}
+
+	ret := make([]byte, length)
+	r := ret
+	if includeAlgo {
+		r = marshalString(r, []byte(algoName))
+	}
+	r = marshalString(r, cert.Nonce)
+	copy(r, pubKey)
+	r = r[len(pubKey):]
+	r = marshalUint64(r, cert.Serial)
+	r = marshalUint32(r, cert.Type)
+	r = marshalString(r, []byte(cert.KeyId))
+	r = marshalLengthPrefixedNameList(r, cert.ValidPrincipals)
+	r = marshalUint64(r, uint64(cert.ValidAfter))
+	r = marshalUint64(r, uint64(cert.ValidBefore))
+	r = marshalTupleList(r, cert.CriticalOptions)
+	r = marshalTupleList(r, cert.Extensions)
+	r = marshalString(r, cert.Reserved)
+	r = marshalString(r, sigKey)
+	if includeSig {
+		r = marshalSignature(r, cert.Signature)
+	}
+	if len(r) > 0 {
+		panic("ssh: internal error, marshaling certificate did not fill the entire buffer")
+	}
+	return ret
+}
+
+func (cert *OpenSSHCertV01) BytesForSigning() []byte {
+	return cert.marshal(true, false)
+}
+
+func (cert *OpenSSHCertV01) Marshal() []byte {
+	return cert.marshal(false, true)
+}
+
+func (c *OpenSSHCertV01) PublicKeyAlgo() string {
+	algo, ok := certAlgoNames[c.Key.PublicKeyAlgo()]
+	if !ok {
+		panic("unknown cert key type")
+	}
+	return algo
+}
+
+func (c *OpenSSHCertV01) PrivateKeyAlgo() string {
+	return c.Key.PrivateKeyAlgo()
+}
+
+func (c *OpenSSHCertV01) Verify(data []byte, sig []byte) bool {
+	return c.Key.Verify(data, sig)
+}
+
+func parseOpenSSHCertV01(in []byte, algo string) (out *OpenSSHCertV01, rest []byte, ok bool) {
+	cert := new(OpenSSHCertV01)
+
+	if cert.Nonce, in, ok = parseString(in); !ok {
+		return
+	}
+
+	privAlgo := certToPrivAlgo(algo)
+	cert.Key, in, ok = parsePubKey(in, privAlgo)
+	if !ok {
+		return
+	}
+
+	// We test PublicKeyAlgo to make sure we don't use some weird sub-cert.
+	if cert.Key.PublicKeyAlgo() != privAlgo {
+		ok = false
+		return
+	}
+
+	if cert.Serial, in, ok = parseUint64(in); !ok {
+		return
+	}
+
+	if cert.Type, in, ok = parseUint32(in); !ok {
+		return
+	}
+
+	keyId, in, ok := parseString(in)
+	if !ok {
+		return
+	}
+	cert.KeyId = string(keyId)
+
+	if cert.ValidPrincipals, in, ok = parseLengthPrefixedNameList(in); !ok {
+		return
+	}
+
+	va, in, ok := parseUint64(in)
+	if !ok {
+		return
+	}
+	cert.ValidAfter = CertTime(va)
+
+	vb, in, ok := parseUint64(in)
+	if !ok {
+		return
+	}
+	cert.ValidBefore = CertTime(vb)
+
+	if cert.CriticalOptions, in, ok = parseTupleList(in); !ok {
+		return
+	}
+
+	if cert.Extensions, in, ok = parseTupleList(in); !ok {
+		return
+	}
+
+	if cert.Reserved, in, ok = parseString(in); !ok {
+		return
+	}
+
+	sigKey, in, ok := parseString(in)
+	if !ok {
+		return
+	}
+	if cert.SignatureKey, _, ok = ParsePublicKey(sigKey); !ok {
+		return
+	}
+
+	if cert.Signature, in, ok = parseSignature(in); !ok {
+		return
+	}
+
+	ok = true
+	return cert, in, ok
+}
+
+func lengthPrefixedNameListLength(namelist []string) int {
+	length := 4 // length prefix for list
+	for _, name := range namelist {
+		length += 4 // length prefix for name
+		length += len(name)
+	}
+	return length
+}
+
+func marshalLengthPrefixedNameList(to []byte, namelist []string) []byte {
+	length := uint32(lengthPrefixedNameListLength(namelist) - 4)
+	to = marshalUint32(to, length)
+	for _, name := range namelist {
+		to = marshalString(to, []byte(name))
+	}
+	return to
+}
+
+func parseLengthPrefixedNameList(in []byte) (out []string, rest []byte, ok bool) {
+	list, rest, ok := parseString(in)
+	if !ok {
+		return
+	}
+
+	for len(list) > 0 {
+		var next []byte
+		if next, list, ok = parseString(list); !ok {
+			return nil, nil, false
+		}
+		out = append(out, string(next))
+	}
+	ok = true
+	return
+}
+
+func tupleListLength(tupleList []tuple) int {
+	length := 4 // length prefix for list
+	for _, t := range tupleList {
+		length += 4 // length prefix for t.Name
+		length += len(t.Name)
+		length += 4 // length prefix for t.Data
+		length += len(t.Data)
+	}
+	return length
+}
+
+func marshalTupleList(to []byte, tuplelist []tuple) []byte {
+	length := uint32(tupleListLength(tuplelist) - 4)
+	to = marshalUint32(to, length)
+	for _, t := range tuplelist {
+		to = marshalString(to, []byte(t.Name))
+		to = marshalString(to, []byte(t.Data))
+	}
+	return to
+}
+
+func parseTupleList(in []byte) (out []tuple, rest []byte, ok bool) {
+	list, rest, ok := parseString(in)
+	if !ok {
+		return
+	}
+
+	for len(list) > 0 {
+		var name, data []byte
+		var ok bool
+		name, list, ok = parseString(list)
+		if !ok {
+			return nil, nil, false
+		}
+		data, list, ok = parseString(list)
+		if !ok {
+			return nil, nil, false
+		}
+		out = append(out, tuple{string(name), string(data)})
+	}
+	ok = true
+	return
+}
+
+func signatureLength(sig *signature) int {
+	length := 4 // length prefix for signature
+	length += stringLength(len(sig.Format))
+	length += stringLength(len(sig.Blob))
+	return length
+}
+
+func marshalSignature(to []byte, sig *signature) []byte {
+	length := uint32(signatureLength(sig) - 4)
+	to = marshalUint32(to, length)
+	to = marshalString(to, []byte(sig.Format))
+	to = marshalString(to, sig.Blob)
+	return to
+}
+
+func parseSignatureBody(in []byte) (out *signature, rest []byte, ok bool) {
+	var format []byte
+	if format, in, ok = parseString(in); !ok {
+		return
+	}
+
+	out = &signature{
+		Format: string(format),
+	}
+
+	if out.Blob, in, ok = parseString(in); !ok {
+		return
+	}
+
+	return out, in, ok
+}
+
+func parseSignature(in []byte) (out *signature, rest []byte, ok bool) {
+	var sigBytes []byte
+	if sigBytes, rest, ok = parseString(in); !ok {
+		return
+	}
+
+	out, sigBytes, ok = parseSignatureBody(sigBytes)
+	if !ok || len(sigBytes) > 0 {
+		return nil, nil, false
+	}
+	return
+}

api/crypto/ecdsa.go

@@ -1,4 +1,4 @@
-package crypto
+package crypto	
 
 import (
 	"crypto/ecdsa"
@@ -8,8 +8,8 @@ import (
 	"encoding/base64"
 	"encoding/hex"
 	"math/big"
-
-	"github.com/portainer/libcrypto"
+	"io/ioutil"	
+	"log"	
 )
 
 const (
@@ -28,15 +28,6 @@ type ECDSAService struct {
 	privateKey    *ecdsa.PrivateKey
 	publicKey     *ecdsa.PublicKey
 	encodedPubKey string
-	secret        string
-}
-
-// NewECDSAService returns a pointer to a ECDSAService.
-// An optional secret can be specified
-func NewECDSAService(secret string) *ECDSAService {
-	return &ECDSAService{
-		secret: secret,
-	}
 }
 
 // EncodedPublicKey returns the encoded version of the public that can be used
@@ -102,18 +93,35 @@ func (service *ECDSAService) GenerateKeyPair() ([]byte, []byte, error) {
 	return private, public, nil
 }
 
-// CreateSignature creates a digital signature.
-// It automatically hash a specific message using MD5 and creates a signature from
-// that hash.
-// If a secret is associated to the service, it will be used instead of the specified
-// message.
-// It then encodes the generated signature in base64.
-func (service *ECDSAService) CreateSignature(message string) (string, error) {
-	if service.secret != "" {
-		message = service.secret
+// GenerateKeyPair will create a new key pair using ECDSA.
+func (service *ECDSAService) GenerateSshKey() ([]byte, error) {
+	//savePublicFileTo := "./id_ecdsa_test.pub"
+
+	pubkeyCurve := elliptic.P256()
+
+	byteKeys, err := ecdsa.GenerateKey(pubkeyCurve, rand.Reader)
+	if err != nil {
+		return nil,err
 	}
 
-	hash := libcrypto.HashFromBytes([]byte(message))
+	publicKeyBytes, err := generateECDSAPublicKey(&byteKeys.PublicKey)
+	if err != nil {
+		return nil,err
+	}
+	log.Println(publicKeyBytes)
+	err = writeKeyToFile(publicKeyBytes,"./testFile" )
+	if err != nil {
+		return nil,err
+	}
+	return publicKeyBytes, nil
+}
+
+// Sign creates a signature from a message.
+// It automatically hash the message using MD5 and creates a signature from
+// that hash.
+// It then encodes the generated signature in base64.
+func (service *ECDSAService) Sign(message string) (string, error) {
+	hash := HashFromBytes([]byte(message))
 
 	r := big.NewInt(0)
 	s := big.NewInt(0)
@@ -137,3 +145,22 @@ func (service *ECDSAService) CreateSignature(message string) (string, error) {
 
 	return base64.RawStdEncoding.EncodeToString(signature), nil
 }
+
+func generateECDSAPublicKey(privatekey *ecdsa.PublicKey) ([]byte, error) {
+	publicRsaKey, err := NewPublicKey(privatekey)
+	if err != nil {
+		return nil, err
+	}	
+	pubKeyBytes := MarshalAuthorizedKey(publicRsaKey)	
+	return pubKeyBytes, nil
+}
+// writePemToFile writes keys to a file
+func writeKeyToFile(keyBytes []byte, saveFileTo string) error {
+	log.Println("hey")
+	err := ioutil.WriteFile(saveFileTo, keyBytes, 0777)
+	log.Println("here")
+	if err != nil {
+		return err
+	}		
+	return nil
+}

api/crypto/keys.go

@@ -0,0 +1,615 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This package is a duplicate of 32844aa1ae54: https://code.google.com/p/go/source/browse/ssh/keys.go?repo=crypto
+package crypto
+
+import (
+	"bytes"
+	"crypto"
+	"crypto/dsa"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/asn1"
+	"encoding/base64"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io"
+	"math/big"	
+)
+
+// These constants represent the algorithm names for key types supported by this
+// package.
+const (
+	KeyAlgoRSA      = "ssh-rsa"
+	KeyAlgoDSA      = "ssh-dss"
+	KeyAlgoECDSA256 = "ecdsa-sha2-nistp256"
+	KeyAlgoECDSA384 = "ecdsa-sha2-nistp384"
+	KeyAlgoECDSA521 = "ecdsa-sha2-nistp521"
+)
+
+// parsePubKey parses a public key of the given algorithm.
+// Use ParsePublicKey for keys with prepended algorithm.
+func parsePubKey(in []byte, algo string) (pubKey PublicKey, rest []byte, ok bool) {
+
+	switch algo {
+	case KeyAlgoRSA:
+		return parseRSA(in)
+	case KeyAlgoDSA:
+		return parseDSA(in)
+	case KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521:		
+		return parseECDSA(in)
+	case CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01:
+		return parseOpenSSHCertV01(in, algo)
+	}	
+	return nil, nil, false
+}
+
+
+
+// parseAuthorizedKey parses a public key in OpenSSH authorized_keys format
+// (see sshd(8) manual page) once the options and key type fields have been
+// removed.
+func parseAuthorizedKey(in []byte) (out PublicKey, comment string, ok bool) {
+	in = bytes.TrimSpace(in)
+
+	i := bytes.IndexAny(in, " \t")
+	if i == -1 {
+		i = len(in)
+	}
+	base64Key := in[:i]
+
+	key := make([]byte, base64.StdEncoding.DecodedLen(len(base64Key)))
+	n, err := base64.StdEncoding.Decode(key, base64Key)
+	if err != nil {
+		return
+	}
+	key = key[:n]
+	out, _, ok = ParsePublicKey(key)
+	if !ok {
+		return nil, "", false
+	}
+	comment = string(bytes.TrimSpace(in[i:]))
+	return
+}
+
+// ParseAuthorizedKeys parses a public key from an authorized_keys
+// file used in OpenSSH according to the sshd(8) manual page.
+func ParseAuthorizedKey(in []byte) (out PublicKey, comment string, options []string, rest []byte, ok bool) {
+	for len(in) > 0 {
+		end := bytes.IndexByte(in, '\n')
+		if end != -1 {
+			rest = in[end+1:]
+			in = in[:end]
+		} else {
+			rest = nil
+		}
+
+		end = bytes.IndexByte(in, '\r')
+		if end != -1 {
+			in = in[:end]
+		}
+
+		in = bytes.TrimSpace(in)
+		if len(in) == 0 || in[0] == '#' {
+			in = rest
+			continue
+		}
+
+		i := bytes.IndexAny(in, " \t")
+		if i == -1 {
+			in = rest
+			continue
+		}
+
+		if out, comment, ok = parseAuthorizedKey(in[i:]); ok {
+			return
+		}
+
+		// No key type recognised. Maybe there's an options field at
+		// the beginning.
+		var b byte
+		inQuote := false
+		var candidateOptions []string
+		optionStart := 0
+		for i, b = range in {
+			isEnd := !inQuote && (b == ' ' || b == '\t')
+			if (b == ',' && !inQuote) || isEnd {
+				if i-optionStart > 0 {
+					candidateOptions = append(candidateOptions, string(in[optionStart:i]))
+				}
+				optionStart = i + 1
+			}
+			if isEnd {
+				break
+			}
+			if b == '"' && (i == 0 || (i > 0 && in[i-1] != '\\')) {
+				inQuote = !inQuote
+			}
+		}
+		for i < len(in) && (in[i] == ' ' || in[i] == '\t') {
+			i++
+		}
+		if i == len(in) {
+			// Invalid line: unmatched quote
+			in = rest
+			continue
+		}
+
+		in = in[i:]
+		i = bytes.IndexAny(in, " \t")
+		if i == -1 {
+			in = rest
+			continue
+		}
+
+		if out, comment, ok = parseAuthorizedKey(in[i:]); ok {
+			options = candidateOptions
+			return
+		}
+
+		in = rest
+		continue
+	}
+
+	return
+}
+
+// ParsePublicKey parses an SSH public key formatted for use in
+// the SSH wire protocol according to RFC 4253, section 6.6.
+func ParsePublicKey(in []byte) (out PublicKey, rest []byte, ok bool) {
+	algo, in, ok := parseString(in)
+	if !ok {
+		return
+	}
+
+	return parsePubKey(in, string(algo))
+}
+
+// MarshalAuthorizedKey returns a byte stream suitable for inclusion
+// in an OpenSSH authorized_keys file following the format specified
+// in the sshd(8) manual page.
+func MarshalAuthorizedKey(key PublicKey) []byte {
+	b := &bytes.Buffer{}
+	b.WriteString(key.PublicKeyAlgo())
+	b.WriteByte(' ')
+	e := base64.NewEncoder(base64.StdEncoding, b)
+	e.Write(MarshalPublicKey(key))
+	e.Close()
+	b.WriteByte('\n')
+	return b.Bytes()
+}
+
+// PublicKey is an abstraction of different types of public keys.
+type PublicKey interface {
+	// PrivateKeyAlgo returns the name of the encryption system.
+	PrivateKeyAlgo() string
+
+	// PublicKeyAlgo returns the algorithm for the public key,
+	// which may be different from PrivateKeyAlgo for certificates.
+	PublicKeyAlgo() string
+
+	// Marshal returns the serialized key data in SSH wire format,
+	// without the name prefix.  Callers should typically use
+	// MarshalPublicKey().
+	Marshal() []byte
+
+	// Verify that sig is a signature on the given data using this
+	// key. This function will hash the data appropriately first.
+	Verify(data []byte, sigBlob []byte) bool
+}
+
+// A Signer is can create signatures that verify against a public key.
+type Signer interface {
+	// PublicKey returns an associated PublicKey instance.
+	PublicKey() PublicKey
+
+	// Sign returns raw signature for the given data. This method
+	// will apply the hash specified for the keytype to the data.
+	Sign(rand io.Reader, data []byte) ([]byte, error)
+}
+
+type rsaPublicKey rsa.PublicKey
+
+func (r *rsaPublicKey) PrivateKeyAlgo() string {
+	return "ssh-rsa"
+}
+
+func (r *rsaPublicKey) PublicKeyAlgo() string {
+	return r.PrivateKeyAlgo()
+}
+
+// parseRSA parses an RSA key according to RFC 4253, section 6.6.
+func parseRSA(in []byte) (out PublicKey, rest []byte, ok bool) {
+	key := new(rsa.PublicKey)
+
+	bigE, in, ok := parseInt(in)
+	if !ok || bigE.BitLen() > 24 {
+		return
+	}
+	e := bigE.Int64()
+	if e < 3 || e&1 == 0 {
+		ok = false
+		return
+	}
+	key.E = int(e)
+
+	if key.N, in, ok = parseInt(in); !ok {
+		return
+	}
+
+	ok = true
+	return (*rsaPublicKey)(key), in, ok
+}
+
+func (r *rsaPublicKey) Marshal() []byte {
+	// See RFC 4253, section 6.6.
+	e := new(big.Int).SetInt64(int64(r.E))
+	length := intLength(e)
+	length += intLength(r.N)
+
+	ret := make([]byte, length)
+	rest := marshalInt(ret, e)
+	marshalInt(rest, r.N)
+
+	return ret
+}
+
+func (r *rsaPublicKey) Verify(data []byte, sig []byte) bool {
+	h := crypto.SHA1.New()
+	h.Write(data)
+	digest := h.Sum(nil)
+	return rsa.VerifyPKCS1v15((*rsa.PublicKey)(r), crypto.SHA1, digest, sig) == nil
+}
+
+type rsaPrivateKey struct {
+	*rsa.PrivateKey
+}
+
+func (r *rsaPrivateKey) PublicKey() PublicKey {
+	return (*rsaPublicKey)(&r.PrivateKey.PublicKey)
+}
+
+func (r *rsaPrivateKey) Sign(rand io.Reader, data []byte) ([]byte, error) {
+	h := crypto.SHA1.New()
+	h.Write(data)
+	digest := h.Sum(nil)
+	return rsa.SignPKCS1v15(rand, r.PrivateKey, crypto.SHA1, digest)
+}
+
+type dsaPublicKey dsa.PublicKey
+
+func (r *dsaPublicKey) PrivateKeyAlgo() string {
+	return "ssh-dss"
+}
+
+func (r *dsaPublicKey) PublicKeyAlgo() string {
+	return r.PrivateKeyAlgo()
+}
+
+// parseDSA parses an DSA key according to RFC 4253, section 6.6.
+func parseDSA(in []byte) (out PublicKey, rest []byte, ok bool) {
+	key := new(dsa.PublicKey)
+
+	if key.P, in, ok = parseInt(in); !ok {
+		return
+	}
+
+	if key.Q, in, ok = parseInt(in); !ok {
+		return
+	}
+
+	if key.G, in, ok = parseInt(in); !ok {
+		return
+	}
+
+	if key.Y, in, ok = parseInt(in); !ok {
+		return
+	}
+
+	ok = true
+	return (*dsaPublicKey)(key), in, ok
+}
+
+func (r *dsaPublicKey) Marshal() []byte {
+	// See RFC 4253, section 6.6.
+	length := intLength(r.P)
+	length += intLength(r.Q)
+	length += intLength(r.G)
+	length += intLength(r.Y)
+
+	ret := make([]byte, length)
+	rest := marshalInt(ret, r.P)
+	rest = marshalInt(rest, r.Q)
+	rest = marshalInt(rest, r.G)
+	marshalInt(rest, r.Y)
+
+	return ret
+}
+
+func (k *dsaPublicKey) Verify(data []byte, sigBlob []byte) bool {
+	h := crypto.SHA1.New()
+	h.Write(data)
+	digest := h.Sum(nil)
+
+	// Per RFC 4253, section 6.6,
+	// The value for 'dss_signature_blob' is encoded as a string containing
+	// r, followed by s (which are 160-bit integers, without lengths or
+	// padding, unsigned, and in network byte order).
+	// For DSS purposes, sig.Blob should be exactly 40 bytes in length.
+	if len(sigBlob) != 40 {
+		return false
+	}
+	r := new(big.Int).SetBytes(sigBlob[:20])
+	s := new(big.Int).SetBytes(sigBlob[20:])
+	return dsa.Verify((*dsa.PublicKey)(k), digest, r, s)
+}
+
+type dsaPrivateKey struct {
+	*dsa.PrivateKey
+}
+
+func (k *dsaPrivateKey) PublicKey() PublicKey {
+	return (*dsaPublicKey)(&k.PrivateKey.PublicKey)
+}
+
+func (k *dsaPrivateKey) Sign(rand io.Reader, data []byte) ([]byte, error) {
+	h := crypto.SHA1.New()
+	h.Write(data)
+	digest := h.Sum(nil)
+	r, s, err := dsa.Sign(rand, k.PrivateKey, digest)
+	if err != nil {
+		return nil, err
+	}
+
+	sig := make([]byte, 40)
+	copy(sig[:20], r.Bytes())
+	copy(sig[20:], s.Bytes())
+	return sig, nil
+}
+
+type ecdsaPublicKey ecdsa.PublicKey
+
+func (key *ecdsaPublicKey) PrivateKeyAlgo() string {
+	return "ecdsa-sha2-" + key.nistID()
+}
+
+func (key *ecdsaPublicKey) nistID() string {
+	switch key.Params().BitSize {
+	case 256:
+		return "nistp256"
+	case 384:
+		return "nistp384"
+	case 521:
+		return "nistp521"
+	}
+	panic("ssh: unsupported ecdsa key size")
+}
+
+func supportedEllipticCurve(curve elliptic.Curve) bool {
+	return (curve == elliptic.P256() || curve == elliptic.P384() || curve == elliptic.P521())
+}
+
+// ecHash returns the hash to match the given elliptic curve, see RFC
+// 5656, section 6.2.1
+func ecHash(curve elliptic.Curve) crypto.Hash {
+	bitSize := curve.Params().BitSize
+	switch {
+	case bitSize <= 256:
+		return crypto.SHA256
+	case bitSize <= 384:
+		return crypto.SHA384
+	}
+	return crypto.SHA512
+}
+
+func (key *ecdsaPublicKey) PublicKeyAlgo() string {
+	return key.PrivateKeyAlgo()
+}
+
+// parseECDSA parses an ECDSA key according to RFC 5656, section 3.1.
+func parseECDSA(in []byte) (out PublicKey, rest []byte, ok bool) {
+	var identifier []byte
+	if identifier, in, ok = parseString(in); !ok {
+		return
+	}
+
+	key := new(ecdsa.PublicKey)
+
+	switch string(identifier) {
+	case "nistp256":
+		key.Curve = elliptic.P256()
+	case "nistp384":
+		key.Curve = elliptic.P384()
+	case "nistp521":
+		key.Curve = elliptic.P521()
+	default:
+		ok = false
+		return
+	}
+
+	var keyBytes []byte
+	if keyBytes, in, ok = parseString(in); !ok {
+		return
+	}
+
+	key.X, key.Y = elliptic.Unmarshal(key.Curve, keyBytes)
+	if key.X == nil || key.Y == nil {
+		ok = false
+		return
+	}
+	return (*ecdsaPublicKey)(key), in, ok
+}
+
+func (key *ecdsaPublicKey) Marshal() []byte {
+	// See RFC 5656, section 3.1.
+	keyBytes := elliptic.Marshal(key.Curve, key.X, key.Y)
+
+	ID := key.nistID()
+	length := stringLength(len(ID))
+	length += stringLength(len(keyBytes))
+
+	ret := make([]byte, length)
+	r := marshalString(ret, []byte(ID))
+	r = marshalString(r, keyBytes)
+	return ret
+}
+
+func (key *ecdsaPublicKey) Verify(data []byte, sigBlob []byte) bool {
+	h := ecHash(key.Curve).New()
+	h.Write(data)
+	digest := h.Sum(nil)
+
+	// Per RFC 5656, section 3.1.2,
+	// The ecdsa_signature_blob value has the following specific encoding:
+	//    mpint    r
+	//    mpint    s
+	r, rest, ok := parseInt(sigBlob)
+	if !ok {
+		return false
+	}
+	s, rest, ok := parseInt(rest)
+	if !ok || len(rest) > 0 {
+		return false
+	}
+	return ecdsa.Verify((*ecdsa.PublicKey)(key), digest, r, s)
+}
+
+type ecdsaPrivateKey struct {
+	*ecdsa.PrivateKey
+}
+
+func (k *ecdsaPrivateKey) PublicKey() PublicKey {
+	return (*ecdsaPublicKey)(&k.PrivateKey.PublicKey)
+}
+
+func (k *ecdsaPrivateKey) Sign(rand io.Reader, data []byte) ([]byte, error) {
+	h := ecHash(k.PrivateKey.PublicKey.Curve).New()
+	h.Write(data)
+	digest := h.Sum(nil)
+	r, s, err := ecdsa.Sign(rand, k.PrivateKey, digest)
+	if err != nil {
+		return nil, err
+	}
+
+	sig := make([]byte, intLength(r)+intLength(s))
+	rest := marshalInt(sig, r)
+	marshalInt(rest, s)
+	return sig, nil
+}
+
+// NewPrivateKey takes a pointer to rsa, dsa or ecdsa PrivateKey
+// returns a corresponding Signer instance. EC keys should use P256,
+// P384 or P521.
+func NewSignerFromKey(k interface{}) (Signer, error) {
+	var sshKey Signer
+	switch t := k.(type) {
+	case *rsa.PrivateKey:
+		sshKey = &rsaPrivateKey{t}
+	case *dsa.PrivateKey:
+		sshKey = &dsaPrivateKey{t}
+	case *ecdsa.PrivateKey:
+		if !supportedEllipticCurve(t.Curve) {
+			return nil, errors.New("ssh: only P256, P384 and P521 EC keys are supported.")
+		}
+
+		sshKey = &ecdsaPrivateKey{t}
+	default:
+		return nil, fmt.Errorf("ssh: unsupported key type %T", k)
+	}
+	return sshKey, nil
+}
+
+// NewPublicKey takes a pointer to rsa, dsa or ecdsa PublicKey
+// and returns a corresponding ssh PublicKey instance. EC keys should use P256, P384 or P521.
+func NewPublicKey(k interface{}) (PublicKey, error) {
+	
+	var sshKey PublicKey
+	
+	switch t := k.(type) {
+	case *rsa.PublicKey:
+		sshKey = (*rsaPublicKey)(t)
+	case *ecdsa.PublicKey:
+		if !supportedEllipticCurve(t.Curve) {
+			return nil, errors.New("ssh: only P256, P384 and P521 EC keys are supported.")
+		}				
+		sshKey = (*ecdsaPublicKey)(t)
+	case *dsa.PublicKey:
+		sshKey = (*dsaPublicKey)(t)
+	default:
+		return nil, fmt.Errorf("ssh: unsupported key type %T", k)
+	}
+	return sshKey, nil
+}
+
+// ParsePublicKey parses a PEM encoded private key. It supports
+// PKCS#1, RSA, DSA and ECDSA private keys.
+func ParsePrivateKey(pemBytes []byte) (Signer, error) {
+	block, _ := pem.Decode(pemBytes)
+	if block == nil {
+		return nil, errors.New("ssh: no key found")
+	}
+
+	var rawkey interface{}
+	switch block.Type {
+	case "RSA PRIVATE KEY":
+		rsa, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+		if err != nil {
+			return nil, err
+		}
+		rawkey = rsa
+	case "EC PRIVATE KEY":
+		ec, err := x509.ParseECPrivateKey(block.Bytes)
+		if err != nil {
+			return nil, err
+		}
+		rawkey = ec
+	case "DSA PRIVATE KEY":
+		ec, err := parseDSAPrivate(block.Bytes)
+		if err != nil {
+			return nil, err
+		}
+		rawkey = ec
+	default:
+		return nil, fmt.Errorf("ssh: unsupported key type %q", block.Type)
+	}
+
+	return NewSignerFromKey(rawkey)
+}
+
+// parseDSAPrivate parses a DSA key in ASN.1 DER encoding, as
+// documented in the OpenSSL DSA manpage.
+// TODO(hanwen): move this in to crypto/x509 after the Go 1.2 freeze.
+func parseDSAPrivate(p []byte) (*dsa.PrivateKey, error) {
+	k := struct {
+		Version int
+		P       *big.Int
+		Q       *big.Int
+		G       *big.Int
+		Priv    *big.Int
+		Pub     *big.Int
+	}{}
+	rest, err := asn1.Unmarshal(p, &k)
+	if err != nil {
+		return nil, errors.New("ssh: failed to parse DSA key: " + err.Error())
+	}
+	if len(rest) > 0 {
+		return nil, errors.New("ssh: garbage after DSA key")
+	}
+
+	return &dsa.PrivateKey{
+		PublicKey: dsa.PublicKey{
+			Parameters: dsa.Parameters{
+				P: k.P,
+				Q: k.Q,
+				G: k.G,
+			},
+			Y: k.Priv,
+		},
+		X: k.Pub,
+	}, nil
+}

api/crypto/md5.go

@@ -0,0 +1,10 @@
+package crypto
+
+import "crypto/md5"
+
+// HashFromBytes returns the hash of the specified data
+func HashFromBytes(data []byte) []byte {
+	digest := md5.New()
+	digest.Write(data)
+	return digest.Sum(nil)
+}

api/crypto/private.go

@@ -0,0 +1,187 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package crypto
+
+// Copy only of used functions from message.go, common.go
+
+import (
+	"encoding/binary"
+	"math/big"
+)
+
+const (
+	kexAlgoDH1SHA1  = "diffie-hellman-group1-sha1"
+	kexAlgoDH14SHA1 = "diffie-hellman-group14-sha1"
+	kexAlgoECDH256  = "ecdh-sha2-nistp256"
+	kexAlgoECDH384  = "ecdh-sha2-nistp384"
+	kexAlgoECDH521  = "ecdh-sha2-nistp521"
+)
+
+var bigOne = big.NewInt(1)
+
+func stringLength(n int) int {
+	return 4 + n
+}
+
+// MarshalPublicKey serializes a supported key or certificate for use
+// by the SSH wire protocol. It can be used for comparison with the
+// pubkey argument of ServerConfig's PublicKeyCallback as well as for
+// generating an authorized_keys or host_keys file.
+func MarshalPublicKey(key PublicKey) []byte {
+	// See also RFC 4253 6.6.
+	algoname := key.PublicKeyAlgo()
+	blob := key.Marshal()
+
+	length := stringLength(len(algoname))
+	length += len(blob)
+	ret := make([]byte, length)
+	r := marshalString(ret, []byte(algoname))
+	copy(r, blob)
+	return ret
+}
+
+func parseInt(in []byte) (out *big.Int, rest []byte, ok bool) {
+	contents, rest, ok := parseString(in)
+	if !ok {
+		return
+	}
+	out = new(big.Int)
+
+	if len(contents) > 0 && contents[0]&0x80 == 0x80 {
+		// This is a negative number
+		notBytes := make([]byte, len(contents))
+		for i := range notBytes {
+			notBytes[i] = ^contents[i]
+		}
+		out.SetBytes(notBytes)
+		out.Add(out, bigOne)
+		out.Neg(out)
+	} else {
+		// Positive number
+		out.SetBytes(contents)
+	}
+	ok = true
+	return
+}
+
+func parseUint32(in []byte) (uint32, []byte, bool) {
+	if len(in) < 4 {
+		return 0, nil, false
+	}
+	return binary.BigEndian.Uint32(in), in[4:], true
+}
+
+func parseUint64(in []byte) (uint64, []byte, bool) {
+	if len(in) < 8 {
+		return 0, nil, false
+	}
+	return binary.BigEndian.Uint64(in), in[8:], true
+}
+
+func parseString(in []byte) (out, rest []byte, ok bool) {
+	if len(in) < 4 {
+		return
+	}
+	length := binary.BigEndian.Uint32(in)
+	if uint32(len(in)) < 4+length {
+		return
+	}
+	out = in[4 : 4+length]
+	rest = in[4+length:]
+	ok = true
+	return
+}
+
+func intLength(n *big.Int) int {
+	length := 4 /* length bytes */
+	if n.Sign() < 0 {
+		nMinus1 := new(big.Int).Neg(n)
+		nMinus1.Sub(nMinus1, bigOne)
+		bitLen := nMinus1.BitLen()
+		if bitLen%8 == 0 {
+			// The number will need 0xff padding
+			length++
+		}
+		length += (bitLen + 7) / 8
+	} else if n.Sign() == 0 {
+		// A zero is the zero length string
+	} else {
+		bitLen := n.BitLen()
+		if bitLen%8 == 0 {
+			// The number will need 0x00 padding
+			length++
+		}
+		length += (bitLen + 7) / 8
+	}
+
+	return length
+}
+
+func marshalUint32(to []byte, n uint32) []byte {
+	binary.BigEndian.PutUint32(to, n)
+	return to[4:]
+}
+
+func marshalUint64(to []byte, n uint64) []byte {
+	binary.BigEndian.PutUint64(to, n)
+	return to[8:]
+}
+
+func marshalInt(to []byte, n *big.Int) []byte {
+	lengthBytes := to
+	to = to[4:]
+	length := 0
+
+	if n.Sign() < 0 {
+		// A negative number has to be converted to two's-complement
+		// form. So we'll subtract 1 and invert. If the
+		// most-significant-bit isn't set then we'll need to pad the
+		// beginning with 0xff in order to keep the number negative.
+		nMinus1 := new(big.Int).Neg(n)
+		nMinus1.Sub(nMinus1, bigOne)
+		bytes := nMinus1.Bytes()
+		for i := range bytes {
+			bytes[i] ^= 0xff
+		}
+		if len(bytes) == 0 || bytes[0]&0x80 == 0 {
+			to[0] = 0xff
+			to = to[1:]
+			length++
+		}
+		nBytes := copy(to, bytes)
+		to = to[nBytes:]
+		length += nBytes
+	} else if n.Sign() == 0 {
+		// A zero is the zero length string
+	} else {
+		bytes := n.Bytes()
+		if len(bytes) > 0 && bytes[0]&0x80 != 0 {
+			// We'll have to pad this with a 0x00 in order to
+			// stop it looking like a negative number.
+			to[0] = 0
+			to = to[1:]
+			length++
+		}
+		nBytes := copy(to, bytes)
+		to = to[nBytes:]
+		length += nBytes
+	}
+
+	lengthBytes[0] = byte(length >> 24)
+	lengthBytes[1] = byte(length >> 16)
+	lengthBytes[2] = byte(length >> 8)
+	lengthBytes[3] = byte(length)
+	return to
+}
+
+func marshalString(to []byte, s []byte) []byte {
+	to[0] = byte(len(s) >> 24)
+	to[1] = byte(len(s) >> 16)
+	to[2] = byte(len(s) >> 8)
+	to[3] = byte(len(s))
+	to = to[4:]
+	copy(to, s)
+	return to[len(s):]
+}

api/crypto/tls.go

@@ -6,24 +6,6 @@ import (
 	"io/ioutil"
 )
 
-// CreateTLSConfiguration creates a basic tls.Config to be used by servers with recommended TLS settings
-func CreateServerTLSConfiguration() *tls.Config {
-	return &tls.Config{
-		MinVersion: tls.VersionTLS12,
-		CipherSuites: []uint16{
-			tls.TLS_AES_128_GCM_SHA256,
-			tls.TLS_AES_256_GCM_SHA384,
-			tls.TLS_CHACHA20_POLY1305_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-		},
-	}
-}
-
 // CreateTLSConfigurationFromBytes initializes a tls.Config using a CA certificate, a certificate and a key
 // loaded from memory.
 func CreateTLSConfigurationFromBytes(caCert, cert, key []byte, skipClientVerification, skipServerVerification bool) (*tls.Config, error) {

api/docker/client.go

@@ -1,46 +1,38 @@
 package docker
 
 import (
-	"fmt"
 	"net/http"
 	"strings"
 	"time"
 
 	"github.com/docker/docker/client"
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/crypto"
+	"github.com/portainer/portainer"
+	"github.com/portainer/portainer/crypto"
 )
 
 const (
-	unsupportedEnvironmentType  = portainer.Error("Environment not supported")
-	defaultDockerRequestTimeout = 60
-	dockerClientVersion         = "1.37"
+	unsupportedEnvironmentType = portainer.Error("Environment not supported")
 )
 
 // ClientFactory is used to create Docker clients
 type ClientFactory struct {
-	signatureService     portainer.DigitalSignatureService
-	reverseTunnelService portainer.ReverseTunnelService
+	signatureService portainer.DigitalSignatureService
 }
 
 // NewClientFactory returns a new instance of a ClientFactory
-func NewClientFactory(signatureService portainer.DigitalSignatureService, reverseTunnelService portainer.ReverseTunnelService) *ClientFactory {
+func NewClientFactory(signatureService portainer.DigitalSignatureService) *ClientFactory {
 	return &ClientFactory{
-		signatureService:     signatureService,
-		reverseTunnelService: reverseTunnelService,
+		signatureService: signatureService,
 	}
 }
 
 // CreateClient is a generic function to create a Docker client based on
-// a specific endpoint configuration. The nodeName parameter can be used
-// with an agent enabled endpoint to target a specific node in an agent cluster.
-func (factory *ClientFactory) CreateClient(endpoint *portainer.Endpoint, nodeName string) (*client.Client, error) {
+// a specific endpoint configuration
+func (factory *ClientFactory) CreateClient(endpoint *portainer.Endpoint) (*client.Client, error) {
 	if endpoint.Type == portainer.AzureEnvironment {
 		return nil, unsupportedEnvironmentType
 	} else if endpoint.Type == portainer.AgentOnDockerEnvironment {
-		return createAgentClient(endpoint, factory.signatureService, nodeName)
-	} else if endpoint.Type == portainer.EdgeAgentEnvironment {
-		return createEdgeClient(endpoint, factory.reverseTunnelService, nodeName)
+		return createAgentClient(endpoint, factory.signatureService)
 	}
 
 	if strings.HasPrefix(endpoint.URL, "unix://") || strings.HasPrefix(endpoint.URL, "npipe://") {
@@ -52,7 +44,7 @@ func (factory *ClientFactory) CreateClient(endpoint *portainer.Endpoint, nodeNam
 func createLocalClient(endpoint *portainer.Endpoint) (*client.Client, error) {
 	return client.NewClientWithOpts(
 		client.WithHost(endpoint.URL),
-		client.WithVersion(dockerClientVersion),
+		client.WithVersion(portainer.SupportedDockerAPIVersion),
 	)
 }
 
@@ -64,40 +56,18 @@ func createTCPClient(endpoint *portainer.Endpoint) (*client.Client, error) {
 
 	return client.NewClientWithOpts(
 		client.WithHost(endpoint.URL),
-		client.WithVersion(dockerClientVersion),
+		client.WithVersion(portainer.SupportedDockerAPIVersion),
 		client.WithHTTPClient(httpCli),
 	)
 }
 
-func createEdgeClient(endpoint *portainer.Endpoint, reverseTunnelService portainer.ReverseTunnelService, nodeName string) (*client.Client, error) {
+func createAgentClient(endpoint *portainer.Endpoint, signatureService portainer.DigitalSignatureService) (*client.Client, error) {
 	httpCli, err := httpClient(endpoint)
 	if err != nil {
 		return nil, err
 	}
 
-	headers := map[string]string{}
-	if nodeName != "" {
-		headers[portainer.PortainerAgentTargetHeader] = nodeName
-	}
-
-	tunnel := reverseTunnelService.GetTunnelDetails(endpoint.ID)
-	endpointURL := fmt.Sprintf("http://127.0.0.1:%d", tunnel.Port)
-
-	return client.NewClientWithOpts(
-		client.WithHost(endpointURL),
-		client.WithVersion(dockerClientVersion),
-		client.WithHTTPClient(httpCli),
-		client.WithHTTPHeaders(headers),
-	)
-}
-
-func createAgentClient(endpoint *portainer.Endpoint, signatureService portainer.DigitalSignatureService, nodeName string) (*client.Client, error) {
-	httpCli, err := httpClient(endpoint)
-	if err != nil {
-		return nil, err
-	}
-
-	signature, err := signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
+	signature, err := signatureService.Sign(portainer.PortainerAgentSignatureMessage)
 	if err != nil {
 		return nil, err
 	}
@@ -107,13 +77,9 @@ func createAgentClient(endpoint *portainer.Endpoint, signatureService portainer.
 		portainer.PortainerAgentSignatureHeader: signature,
 	}
 
-	if nodeName != "" {
-		headers[portainer.PortainerAgentTargetHeader] = nodeName
-	}
-
 	return client.NewClientWithOpts(
 		client.WithHost(endpoint.URL),
-		client.WithVersion(dockerClientVersion),
+		client.WithVersion(portainer.SupportedDockerAPIVersion),
 		client.WithHTTPClient(httpCli),
 		client.WithHTTPHeaders(headers),
 	)
@@ -131,7 +97,7 @@ func httpClient(endpoint *portainer.Endpoint) (*http.Client, error) {
 	}
 
 	return &http.Client{
+		Timeout:   time.Second * 10,
 		Transport: transport,
-		Timeout:   defaultDockerRequestTimeout * time.Second,
 	}, nil
 }

api/docker/job.go

@@ -1,115 +0,0 @@
-package docker
-
-import (
-	"bytes"
-	"context"
-	"io"
-	"io/ioutil"
-	"strconv"
-
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/network"
-	"github.com/docker/docker/api/types/strslice"
-	"github.com/docker/docker/client"
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/archive"
-)
-
-// JobService represents a service that handles the execution of jobs
-type JobService struct {
-	dockerClientFactory *ClientFactory
-}
-
-// NewJobService returns a pointer to a new job service
-func NewJobService(dockerClientFactory *ClientFactory) *JobService {
-	return &JobService{
-		dockerClientFactory: dockerClientFactory,
-	}
-}
-
-// ExecuteScript will leverage a privileged container to execute a script against the specified endpoint/nodename.
-// It will copy the script content specified as a parameter inside a container based on the specified image and execute it.
-func (service *JobService) ExecuteScript(endpoint *portainer.Endpoint, nodeName, image string, script []byte, schedule *portainer.Schedule) error {
-	buffer, err := archive.TarFileInBuffer(script, "script.sh", 0700)
-	if err != nil {
-		return err
-	}
-
-	cli, err := service.dockerClientFactory.CreateClient(endpoint, nodeName)
-	if err != nil {
-		return err
-	}
-	defer cli.Close()
-
-	_, err = cli.Ping(context.Background())
-	if err != nil {
-		return portainer.ErrUnableToPingEndpoint
-	}
-
-	err = pullImage(cli, image)
-	if err != nil {
-		return err
-	}
-
-	containerConfig := &container.Config{
-		AttachStdin:  true,
-		AttachStdout: true,
-		AttachStderr: true,
-		Tty:          true,
-		WorkingDir:   "/tmp",
-		Image:        image,
-		Labels: map[string]string{
-			"io.portainer.job.endpoint": strconv.Itoa(int(endpoint.ID)),
-		},
-		Cmd: strslice.StrSlice([]string{"sh", "/tmp/script.sh"}),
-	}
-
-	if schedule != nil {
-		containerConfig.Labels["io.portainer.schedule.id"] = strconv.Itoa(int(schedule.ID))
-	}
-
-	hostConfig := &container.HostConfig{
-		Binds:       []string{"/:/host", "/etc:/etc:ro", "/usr:/usr:ro", "/run:/run:ro", "/sbin:/sbin:ro", "/var:/var:ro"},
-		NetworkMode: "host",
-		Privileged:  true,
-	}
-
-	networkConfig := &network.NetworkingConfig{}
-
-	body, err := cli.ContainerCreate(context.Background(), containerConfig, hostConfig, networkConfig, "")
-	if err != nil {
-		return err
-	}
-
-	if schedule != nil {
-		err = cli.ContainerRename(context.Background(), body.ID, schedule.Name+"_"+body.ID)
-		if err != nil {
-			return err
-		}
-	}
-
-	copyOptions := types.CopyToContainerOptions{}
-	err = cli.CopyToContainer(context.Background(), body.ID, "/tmp", bytes.NewReader(buffer), copyOptions)
-	if err != nil {
-		return err
-	}
-
-	startOptions := types.ContainerStartOptions{}
-	return cli.ContainerStart(context.Background(), body.ID, startOptions)
-}
-
-func pullImage(cli *client.Client, image string) error {
-	imageReadCloser, err := cli.ImagePull(context.Background(), image, types.ImagePullOptions{})
-	if err != nil {
-		return err
-	}
-	defer imageReadCloser.Close()
-
-	_, err = io.Copy(ioutil.Discard, imageReadCloser)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}

api/docker/snapshot.go

@@ -2,17 +2,15 @@ package docker
 
 import (
 	"context"
-	"log"
-	"strings"
 	"time"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/client"
-	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer"
 )
 
-func snapshot(cli *client.Client, endpoint *portainer.Endpoint) (*portainer.Snapshot, error) {
+func snapshot(cli *client.Client) (*portainer.Snapshot, error) {
 	_, err := cli.Ping(context.Background())
 	if err != nil {
 		return nil, err
@@ -24,44 +22,34 @@ func snapshot(cli *client.Client, endpoint *portainer.Endpoint) (*portainer.Snap
 
 	err = snapshotInfo(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot engine information] [endpoint: %s] [err: %s]", endpoint.Name, err)
+		return nil, err
 	}
 
 	if snapshot.Swarm {
 		err = snapshotSwarmServices(snapshot, cli)
 		if err != nil {
-			log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot Swarm services] [endpoint: %s] [err: %s]", endpoint.Name, err)
+			return nil, err
 		}
 
 		err = snapshotNodes(snapshot, cli)
 		if err != nil {
-			log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot Swarm nodes] [endpoint: %s] [err: %s]", endpoint.Name, err)
+			return nil, err
 		}
 	}
 
 	err = snapshotContainers(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot containers] [endpoint: %s] [err: %s]", endpoint.Name, err)
+		return nil, err
 	}
 
 	err = snapshotImages(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot images] [endpoint: %s] [err: %s]", endpoint.Name, err)
+		return nil, err
 	}
 
 	err = snapshotVolumes(snapshot, cli)
 	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot volumes] [endpoint: %s] [err: %s]", endpoint.Name, err)
-	}
-
-	err = snapshotNetworks(snapshot, cli)
-	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot networks] [endpoint: %s] [err: %s]", endpoint.Name, err)
-	}
-
-	err = snapshotVersion(snapshot, cli)
-	if err != nil {
-		log.Printf("[WARN] [docker,snapshot] [message: unable to snapshot engine version] [endpoint: %s] [err: %s]", endpoint.Name, err)
+		return nil, err
 	}
 
 	snapshot.Time = time.Now().Unix()
@@ -78,7 +66,6 @@ func snapshotInfo(snapshot *portainer.Snapshot, cli *client.Client) error {
 	snapshot.DockerVersion = info.ServerVersion
 	snapshot.TotalCPU = info.NCPU
 	snapshot.TotalMemory = info.MemTotal
-	snapshot.SnapshotRaw.Info = info
 	return nil
 }
 
@@ -127,8 +114,6 @@ func snapshotContainers(snapshot *portainer.Snapshot, cli *client.Client) error
 
 	runningContainers := 0
 	stoppedContainers := 0
-	healthyContainers := 0
-	unhealthyContainers := 0
 	stacks := make(map[string]struct{})
 	for _, container := range containers {
 		if container.State == "exited" {
@@ -137,12 +122,6 @@ func snapshotContainers(snapshot *portainer.Snapshot, cli *client.Client) error
 			runningContainers++
 		}
 
-		if strings.Contains(container.Status, "(healthy)") {
-			healthyContainers++
-		} else if strings.Contains(container.Status, "(unhealthy)") {
-			unhealthyContainers++
-		}
-
 		for k, v := range container.Labels {
 			if k == "com.docker.compose.project" {
 				stacks[v] = struct{}{}
@@ -152,10 +131,7 @@ func snapshotContainers(snapshot *portainer.Snapshot, cli *client.Client) error
 
 	snapshot.RunningContainerCount = runningContainers
 	snapshot.StoppedContainerCount = stoppedContainers
-	snapshot.HealthyContainerCount = healthyContainers
-	snapshot.UnhealthyContainerCount = unhealthyContainers
 	snapshot.StackCount += len(stacks)
-	snapshot.SnapshotRaw.Containers = containers
 	return nil
 }
 
@@ -166,7 +142,6 @@ func snapshotImages(snapshot *portainer.Snapshot, cli *client.Client) error {
 	}
 
 	snapshot.ImageCount = len(images)
-	snapshot.SnapshotRaw.Images = images
 	return nil
 }
 
@@ -177,24 +152,5 @@ func snapshotVolumes(snapshot *portainer.Snapshot, cli *client.Client) error {
 	}
 
 	snapshot.VolumeCount = len(volumes.Volumes)
-	snapshot.SnapshotRaw.Volumes = volumes
-	return nil
-}
-
-func snapshotNetworks(snapshot *portainer.Snapshot, cli *client.Client) error {
-	networks, err := cli.NetworkList(context.Background(), types.NetworkListOptions{})
-	if err != nil {
-		return err
-	}
-	snapshot.SnapshotRaw.Networks = networks
-	return nil
-}
-
-func snapshotVersion(snapshot *portainer.Snapshot, cli *client.Client) error {
-	version, err := cli.ServerVersion(context.Background())
-	if err != nil {
-		return err
-	}
-	snapshot.SnapshotRaw.Version = version
 	return nil
 }

api/docker/snapshotter.go

@@ -1,7 +1,7 @@
 package docker
 
 import (
-	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer"
 )
 
 // Snapshotter represents a service used to create endpoint snapshots
@@ -18,11 +18,11 @@ func NewSnapshotter(clientFactory *ClientFactory) *Snapshotter {
 
 // CreateSnapshot creates a snapshot of a specific endpoint
 func (snapshotter *Snapshotter) CreateSnapshot(endpoint *portainer.Endpoint) (*portainer.Snapshot, error) {
-	cli, err := snapshotter.clientFactory.CreateClient(endpoint, "")
+	cli, err := snapshotter.clientFactory.CreateClient(endpoint)
 	if err != nil {
 		return nil, err
 	}
 	defer cli.Close()
 
-	return snapshot(cli, endpoint)
+	return snapshot(cli)
 }

api/edgegroup.go

@@ -1,54 +0,0 @@
-package portainer
-
-// EdgeGroupRelatedEndpoints returns a list of endpoints related to this Edge group
-func EdgeGroupRelatedEndpoints(edgeGroup *EdgeGroup, endpoints []Endpoint, endpointGroups []EndpointGroup) []EndpointID {
-	if !edgeGroup.Dynamic {
-		return edgeGroup.Endpoints
-	}
-
-	endpointIDs := []EndpointID{}
-	for _, endpoint := range endpoints {
-		if endpoint.Type != EdgeAgentEnvironment {
-			continue
-		}
-
-		var endpointGroup EndpointGroup
-		for _, group := range endpointGroups {
-			if endpoint.GroupID == group.ID {
-				endpointGroup = group
-				break
-			}
-		}
-
-		if edgeGroupRelatedToEndpoint(edgeGroup, &endpoint, &endpointGroup) {
-			endpointIDs = append(endpointIDs, endpoint.ID)
-		}
-	}
-
-	return endpointIDs
-}
-
-// edgeGroupRelatedToEndpoint returns true is edgeGroup is associated with endpoint
-func edgeGroupRelatedToEndpoint(edgeGroup *EdgeGroup, endpoint *Endpoint, endpointGroup *EndpointGroup) bool {
-	if !edgeGroup.Dynamic {
-		for _, endpointID := range edgeGroup.Endpoints {
-			if endpoint.ID == endpointID {
-				return true
-			}
-		}
-		return false
-	}
-
-	endpointTags := TagSet(endpoint.TagIDs)
-	if endpointGroup.TagIDs != nil {
-		endpointTags = TagUnion(endpointTags, TagSet(endpointGroup.TagIDs))
-	}
-	edgeGroupTags := TagSet(edgeGroup.TagIDs)
-
-	if edgeGroup.PartialMatch {
-		intersection := TagIntersection(endpointTags, edgeGroupTags)
-		return len(intersection) != 0
-	}
-
-	return TagContains(edgeGroupTags, endpointTags)
-}

api/edgestack.go

@@ -1,27 +0,0 @@
-package portainer
-
-import "errors"
-
-// EdgeStackRelatedEndpoints returns a list of endpoints related to this Edge stack
-func EdgeStackRelatedEndpoints(edgeGroupIDs []EdgeGroupID, endpoints []Endpoint, endpointGroups []EndpointGroup, edgeGroups []EdgeGroup) ([]EndpointID, error) {
-	edgeStackEndpoints := []EndpointID{}
-
-	for _, edgeGroupID := range edgeGroupIDs {
-		var edgeGroup *EdgeGroup
-
-		for _, group := range edgeGroups {
-			if group.ID == edgeGroupID {
-				edgeGroup = &group
-				break
-			}
-		}
-
-		if edgeGroup == nil {
-			return nil, errors.New("Edge group was not found")
-		}
-
-		edgeStackEndpoints = append(edgeStackEndpoints, EdgeGroupRelatedEndpoints(edgeGroup, endpoints, endpointGroups)...)
-	}
-
-	return edgeStackEndpoints, nil
-}

api/endpoint.go

@@ -1,25 +0,0 @@
-package portainer
-
-// EndpointRelatedEdgeStacks returns a list of Edge stacks related to this Endpoint
-func EndpointRelatedEdgeStacks(endpoint *Endpoint, endpointGroup *EndpointGroup, edgeGroups []EdgeGroup, edgeStacks []EdgeStack) []EdgeStackID {
-	relatedEdgeGroupsSet := map[EdgeGroupID]bool{}
-
-	for _, edgeGroup := range edgeGroups {
-		if edgeGroupRelatedToEndpoint(&edgeGroup, endpoint, endpointGroup) {
-			relatedEdgeGroupsSet[edgeGroup.ID] = true
-		}
-	}
-
-	relatedEdgeStacks := []EdgeStackID{}
-	for _, edgeStack := range edgeStacks {
-		for _, edgeGroupID := range edgeStack.EdgeGroups {
-			if relatedEdgeGroupsSet[edgeGroupID] {
-				relatedEdgeStacks = append(relatedEdgeStacks, edgeStack.ID)
-				break
-			}
-		}
-	}
-
-	return relatedEdgeStacks
-
-}

api/errors.go

@@ -4,7 +4,6 @@ package portainer
 const (
 	ErrUnauthorized           = Error("Unauthorized")
 	ErrResourceAccessDenied   = Error("Access denied to resource")
-	ErrAuthorizationRequired  = Error("Authorization required for this operation")
 	ErrObjectNotFound         = Error("Object not found inside the database")
 	ErrMissingSecurityContext = Error("Unable to find security details in request context")
 )
@@ -72,6 +71,11 @@ const (
 	ErrEndpointExtensionAlreadyAssociated = Error("This extension is already associated to the endpoint")
 )
 
+// Deploykey errors
+const (
+	ErrDeploykeyAlreadyExists = Error("A key already exists with this name")
+)
+
 // Crypto errors.
 const (
 	ErrCryptoHashFailure = Error("Unable to hash data")
@@ -89,26 +93,6 @@ const (
 	ErrUndefinedTLSFileType = Error("Undefined TLS file type")
 )
 
-// Demo errors.
-const (
-	ErrNotAvailableInDemo = Error("This feature is not available in the demo version of Portainer")
-)
-
-// Extension errors.
-const (
-	ErrExtensionAlreadyEnabled = Error("This extension is already enabled")
-)
-
-// Docker errors.
-const (
-	ErrUnableToPingEndpoint = Error("Unable to communicate with the endpoint")
-)
-
-// Schedule errors.
-const (
-	ErrHostManagementFeaturesDisabled = Error("Host management features are disabled")
-)
-
 // Error represents an application error.
 type Error string
 

api/exec/extension.go

@@ -1,313 +0,0 @@
-package exec
-
-import (
-	"bytes"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"log"
-	"os"
-	"os/exec"
-	"path"
-	"regexp"
-	"runtime"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/coreos/go-semver/semver"
-
-	"github.com/orcaman/concurrent-map"
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/http/client"
-)
-
-var extensionDownloadBaseURL = portainer.AssetsServerURL + "/extensions/"
-var extensionVersionRegexp = regexp.MustCompile(`\d+(\.\d+)+`)
-
-var extensionBinaryMap = map[portainer.ExtensionID]string{
-	portainer.RegistryManagementExtension:  "extension-registry-management",
-	portainer.OAuthAuthenticationExtension: "extension-oauth-authentication",
-	portainer.RBACExtension:                "extension-rbac",
-}
-
-// ExtensionManager represents a service used to
-// manage extension processes.
-type ExtensionManager struct {
-	processes        cmap.ConcurrentMap
-	fileService      portainer.FileService
-	extensionService portainer.ExtensionService
-}
-
-// NewExtensionManager returns a pointer to an ExtensionManager
-func NewExtensionManager(fileService portainer.FileService, extensionService portainer.ExtensionService) *ExtensionManager {
-	return &ExtensionManager{
-		processes:        cmap.New(),
-		fileService:      fileService,
-		extensionService: extensionService,
-	}
-}
-
-func processKey(ID portainer.ExtensionID) string {
-	return strconv.Itoa(int(ID))
-}
-
-func buildExtensionURL(extension *portainer.Extension) string {
-	return fmt.Sprintf("%s%s-%s-%s-%s.zip", extensionDownloadBaseURL, extensionBinaryMap[extension.ID], runtime.GOOS, runtime.GOARCH, extension.Version)
-}
-
-func buildExtensionPath(binaryPath string, extension *portainer.Extension) string {
-	extensionFilename := fmt.Sprintf("%s-%s-%s-%s", extensionBinaryMap[extension.ID], runtime.GOOS, runtime.GOARCH, extension.Version)
-	if runtime.GOOS == "windows" {
-		extensionFilename += ".exe"
-	}
-
-	extensionPath := path.Join(
-		binaryPath,
-		extensionFilename)
-
-	return extensionPath
-}
-
-// FetchExtensionDefinitions will fetch the list of available
-// extension definitions from the official Portainer assets server.
-// If it cannot retrieve the data from the Internet it will fallback to the locally cached
-// manifest file.
-func (manager *ExtensionManager) FetchExtensionDefinitions() ([]portainer.Extension, error) {
-	var extensionData []byte
-
-	extensionData, err := client.Get(portainer.ExtensionDefinitionsURL, 5)
-	if err != nil {
-		log.Printf("[WARN] [exec,extensions] [message: unable to retrieve extensions manifest via Internet. Extensions will be retrieved from local cache and might not be up to date] [err: %s]", err)
-
-		extensionData, err = manager.fileService.GetFileContent(portainer.LocalExtensionManifestFile)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	var extensions []portainer.Extension
-	err = json.Unmarshal(extensionData, &extensions)
-	if err != nil {
-		return nil, err
-	}
-
-	return extensions, nil
-}
-
-// InstallExtension will install the extension from an archive. It will extract the extension version number from
-// the archive file name first and return an error if the file name is not valid (cannot find extension version).
-// It will then extract the archive and execute the EnableExtension function to enable the extension.
-// Since we're missing information about this extension (stored on Portainer.io server) we need to assume
-// default information based on the extension ID.
-func (manager *ExtensionManager) InstallExtension(extension *portainer.Extension, licenseKey string, archiveFileName string, extensionArchive []byte) error {
-	extensionVersion := extensionVersionRegexp.FindString(archiveFileName)
-	if extensionVersion == "" {
-		return errors.New("invalid extension archive filename: unable to retrieve extension version")
-	}
-
-	err := manager.fileService.ExtractExtensionArchive(extensionArchive)
-	if err != nil {
-		return err
-	}
-
-	switch extension.ID {
-	case portainer.RegistryManagementExtension:
-		extension.Name = "Registry Manager"
-	case portainer.OAuthAuthenticationExtension:
-		extension.Name = "External Authentication"
-	case portainer.RBACExtension:
-		extension.Name = "Role-Based Access Control"
-	}
-	extension.ShortDescription = "Extension enabled offline"
-	extension.Version = extensionVersion
-	extension.Available = true
-
-	return manager.EnableExtension(extension, licenseKey)
-}
-
-// EnableExtension will check for the existence of the extension binary on the filesystem
-// first. If it does not exist, it will download it from the official Portainer assets server.
-// After installing the binary on the filesystem, it will execute the binary in license check
-// mode to validate the extension license. If the license is valid, it will then start
-// the extension process and register it in the processes map.
-func (manager *ExtensionManager) EnableExtension(extension *portainer.Extension, licenseKey string) error {
-	extensionBinaryPath := buildExtensionPath(manager.fileService.GetBinaryFolder(), extension)
-	extensionBinaryExists, err := manager.fileService.FileExists(extensionBinaryPath)
-	if err != nil {
-		return err
-	}
-
-	if !extensionBinaryExists {
-		err := manager.downloadExtension(extension)
-		if err != nil {
-			return err
-		}
-	}
-
-	licenseDetails, err := validateLicense(extensionBinaryPath, licenseKey)
-	if err != nil {
-		return err
-	}
-
-	extension.License = portainer.LicenseInformation{
-		LicenseKey: licenseKey,
-		Company:    licenseDetails[0],
-		Expiration: licenseDetails[1],
-		Valid:      true,
-	}
-	extension.Version = licenseDetails[2]
-
-	return manager.startExtensionProcess(extension, extensionBinaryPath)
-}
-
-// DisableExtension will retrieve the process associated to the extension
-// from the processes map and kill the process. It will then remove the process
-// from the processes map and remove the binary associated to the extension
-// from the filesystem
-func (manager *ExtensionManager) DisableExtension(extension *portainer.Extension) error {
-	process, ok := manager.processes.Get(processKey(extension.ID))
-	if !ok {
-		return nil
-	}
-
-	err := process.(*exec.Cmd).Process.Kill()
-	if err != nil {
-		return err
-	}
-
-	manager.processes.Remove(processKey(extension.ID))
-
-	extensionBinaryPath := buildExtensionPath(manager.fileService.GetBinaryFolder(), extension)
-	return manager.fileService.RemoveDirectory(extensionBinaryPath)
-}
-
-// StartExtensions will retrieve the extensions definitions from the Internet and check if a new version of each
-// extension is available. If so, it will automatically install the new version of the extension. If no update is
-// available it will simply start the extension.
-// The purpose of this function is to be ran at startup, as such most of the error handling won't block the program execution
-// and will log warning messages instead.
-func (manager *ExtensionManager) StartExtensions() error {
-	extensions, err := manager.extensionService.Extensions()
-	if err != nil {
-		return err
-	}
-
-	definitions, err := manager.FetchExtensionDefinitions()
-	if err != nil {
-		log.Printf("[WARN] [exec,extensions] [message: unable to retrieve extension information from Internet. Skipping extensions update check.] [err: %s]", err)
-		return nil
-	}
-
-	return manager.updateAndStartExtensions(extensions, definitions)
-}
-
-func (manager *ExtensionManager) updateAndStartExtensions(extensions []portainer.Extension, definitions []portainer.Extension) error {
-	for _, definition := range definitions {
-		for _, extension := range extensions {
-			if extension.ID == definition.ID {
-				definitionVersion := semver.New(definition.Version)
-				extensionVersion := semver.New(extension.Version)
-
-				if extensionVersion.LessThan(*definitionVersion) {
-					log.Printf("[INFO] [exec,extensions] [message: new version detected, updating extension] [extension: %s] [current_version: %s] [available_version: %s]", extension.Name, extension.Version, definition.Version)
-					err := manager.UpdateExtension(&extension, definition.Version)
-					if err != nil {
-						log.Printf("[WARN] [exec,extensions] [message: unable to update extension automatically] [extension: %s] [current_version: %s] [available_version: %s] [err: %s]", extension.Name, extension.Version, definition.Version, err)
-					}
-				} else {
-					err := manager.EnableExtension(&extension, extension.License.LicenseKey)
-					if err != nil {
-						log.Printf("[WARN] [exec,extensions] [message: unable to start extension] [extension: %s] [err: %s]", extension.Name, err)
-						extension.Enabled = false
-						extension.License.Valid = false
-					}
-				}
-
-				err := manager.extensionService.Persist(&extension)
-				if err != nil {
-					return err
-				}
-
-				break
-			}
-		}
-	}
-
-	return nil
-}
-
-// UpdateExtension will download the new extension binary from the official Portainer assets
-// server, disable the previous extension via DisableExtension, trigger a license check
-// and then start the extension process and add it to the processes map
-func (manager *ExtensionManager) UpdateExtension(extension *portainer.Extension, version string) error {
-	oldVersion := extension.Version
-
-	extension.Version = version
-	err := manager.downloadExtension(extension)
-	if err != nil {
-		return err
-	}
-
-	extension.Version = oldVersion
-	err = manager.DisableExtension(extension)
-	if err != nil {
-		return err
-	}
-
-	extension.Version = version
-	extensionBinaryPath := buildExtensionPath(manager.fileService.GetBinaryFolder(), extension)
-
-	licenseDetails, err := validateLicense(extensionBinaryPath, extension.License.LicenseKey)
-	if err != nil {
-		return err
-	}
-
-	extension.Version = licenseDetails[2]
-
-	return manager.startExtensionProcess(extension, extensionBinaryPath)
-}
-
-func (manager *ExtensionManager) downloadExtension(extension *portainer.Extension) error {
-	extensionURL := buildExtensionURL(extension)
-
-	data, err := client.Get(extensionURL, 30)
-	if err != nil {
-		return err
-	}
-
-	return manager.fileService.ExtractExtensionArchive(data)
-}
-
-func validateLicense(binaryPath, licenseKey string) ([]string, error) {
-	licenseCheckProcess := exec.Command(binaryPath, "-license", licenseKey, "-check")
-	cmdOutput := &bytes.Buffer{}
-	licenseCheckProcess.Stdout = cmdOutput
-
-	err := licenseCheckProcess.Run()
-	if err != nil {
-		log.Printf("[DEBUG] [exec,extension] [message: unable to run extension process] [err: %s]", err)
-		return nil, errors.New("invalid extension license key")
-	}
-
-	output := string(cmdOutput.Bytes())
-
-	return strings.Split(output, "|"), nil
-}
-
-func (manager *ExtensionManager) startExtensionProcess(extension *portainer.Extension, binaryPath string) error {
-	extensionProcess := exec.Command(binaryPath, "-license", extension.License.LicenseKey)
-	extensionProcess.Stdout = os.Stdout
-	extensionProcess.Stderr = os.Stderr
-
-	err := extensionProcess.Start()
-	if err != nil {
-		log.Printf("[DEBUG] [exec,extension] [message: unable to start extension process] [err: %s]", err)
-		return err
-	}
-
-	time.Sleep(3 * time.Second)
-
-	manager.processes.Set(processKey(extension.ID), extensionProcess)
-	return nil
-}

api/exec/swarm_stack.go

@@ -3,33 +3,30 @@ package exec
 import (
 	"bytes"
 	"encoding/json"
-	"fmt"
 	"os"
 	"os/exec"
 	"path"
 	"runtime"
 
-	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer"
 )
 
 // SwarmStackManager represents a service for managing stacks.
 type SwarmStackManager struct {
-	binaryPath           string
-	dataPath             string
-	signatureService     portainer.DigitalSignatureService
-	fileService          portainer.FileService
-	reverseTunnelService portainer.ReverseTunnelService
+	binaryPath       string
+	dataPath         string
+	signatureService portainer.DigitalSignatureService
+	fileService      portainer.FileService
 }
 
 // NewSwarmStackManager initializes a new SwarmStackManager service.
 // It also updates the configuration of the Docker CLI binary.
-func NewSwarmStackManager(binaryPath, dataPath string, signatureService portainer.DigitalSignatureService, fileService portainer.FileService, reverseTunnelService portainer.ReverseTunnelService) (*SwarmStackManager, error) {
+func NewSwarmStackManager(binaryPath, dataPath string, signatureService portainer.DigitalSignatureService, fileService portainer.FileService) (*SwarmStackManager, error) {
 	manager := &SwarmStackManager{
-		binaryPath:           binaryPath,
-		dataPath:             dataPath,
-		signatureService:     signatureService,
-		fileService:          fileService,
-		reverseTunnelService: reverseTunnelService,
+		binaryPath:       binaryPath,
+		dataPath:         dataPath,
+		signatureService: signatureService,
+		fileService:      fileService,
 	}
 
 	err := manager.updateDockerCLIConfiguration(dataPath)
@@ -42,7 +39,7 @@ func NewSwarmStackManager(binaryPath, dataPath string, signatureService portaine
 
 // Login executes the docker login command against a list of registries (including DockerHub).
 func (manager *SwarmStackManager) Login(dockerhub *portainer.DockerHub, registries []portainer.Registry, endpoint *portainer.Endpoint) {
-	command, args := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.dataPath, endpoint)
+	command, args := prepareDockerCommandAndArgs(manager.binaryPath, manager.dataPath, endpoint)
 	for _, registry := range registries {
 		if registry.Authentication {
 			registryArgs := append(args, "login", "--username", registry.Username, "--password", registry.Password, registry.URL)
@@ -58,7 +55,7 @@ func (manager *SwarmStackManager) Login(dockerhub *portainer.DockerHub, registri
 
 // Logout executes the docker logout command.
 func (manager *SwarmStackManager) Logout(endpoint *portainer.Endpoint) error {
-	command, args := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.dataPath, endpoint)
+	command, args := prepareDockerCommandAndArgs(manager.binaryPath, manager.dataPath, endpoint)
 	args = append(args, "logout")
 	return runCommandAndCaptureStdErr(command, args, nil, "")
 }
@@ -66,7 +63,7 @@ func (manager *SwarmStackManager) Logout(endpoint *portainer.Endpoint) error {
 // Deploy executes the docker stack deploy command.
 func (manager *SwarmStackManager) Deploy(stack *portainer.Stack, prune bool, endpoint *portainer.Endpoint) error {
 	stackFilePath := path.Join(stack.ProjectPath, stack.EntryPoint)
-	command, args := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.dataPath, endpoint)
+	command, args := prepareDockerCommandAndArgs(manager.binaryPath, manager.dataPath, endpoint)
 
 	if prune {
 		args = append(args, "stack", "deploy", "--prune", "--with-registry-auth", "--compose-file", stackFilePath, stack.Name)
@@ -85,7 +82,7 @@ func (manager *SwarmStackManager) Deploy(stack *portainer.Stack, prune bool, end
 
 // Remove executes the docker stack rm command.
 func (manager *SwarmStackManager) Remove(stack *portainer.Stack, endpoint *portainer.Endpoint) error {
-	command, args := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.dataPath, endpoint)
+	command, args := prepareDockerCommandAndArgs(manager.binaryPath, manager.dataPath, endpoint)
 	args = append(args, "stack", "rm", stack.Name)
 	return runCommandAndCaptureStdErr(command, args, nil, "")
 }
@@ -109,7 +106,7 @@ func runCommandAndCaptureStdErr(command string, args []string, env []string, wor
 	return nil
 }
 
-func (manager *SwarmStackManager) prepareDockerCommandAndArgs(binaryPath, dataPath string, endpoint *portainer.Endpoint) (string, []string) {
+func prepareDockerCommandAndArgs(binaryPath, dataPath string, endpoint *portainer.Endpoint) (string, []string) {
 	// Assume Linux as a default
 	command := path.Join(binaryPath, "docker")
 
@@ -119,14 +116,7 @@ func (manager *SwarmStackManager) prepareDockerCommandAndArgs(binaryPath, dataPa
 
 	args := make([]string, 0)
 	args = append(args, "--config", dataPath)
-
-	endpointURL := endpoint.URL
-	if endpoint.Type == portainer.EdgeAgentEnvironment {
-		tunnel := manager.reverseTunnelService.GetTunnelDetails(endpoint.ID)
-		endpointURL = fmt.Sprintf("tcp://127.0.0.1:%d", tunnel.Port)
-	}
-
-	args = append(args, "-H", endpointURL)
+	args = append(args, "-H", endpoint.URL)
 
 	if endpoint.TLSConfig.TLS {
 		args = append(args, "--tls")
@@ -150,7 +140,7 @@ func (manager *SwarmStackManager) updateDockerCLIConfiguration(dataPath string)
 		return err
 	}
 
-	signature, err := manager.signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
+	signature, err := manager.signatureService.Sign(portainer.PortainerAgentSignatureMessage)
 	if err != nil {
 		return err
 	}

api/filesystem/filesystem.go

@@ -6,8 +6,7 @@ import (
 	"encoding/pem"
 	"io/ioutil"
 
-	"github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/archive"
+	"github.com/portainer/portainer"
 
 	"io"
 	"os"
@@ -29,19 +28,10 @@ const (
 	ComposeStorePath = "compose"
 	// ComposeFileDefaultName represents the default name of a compose file.
 	ComposeFileDefaultName = "docker-compose.yml"
-	// EdgeStackStorePath represents the subfolder where edge stack files are stored in the file store folder.
-	EdgeStackStorePath = "edge_stacks"
 	// PrivateKeyFile represents the name on disk of the file containing the private key.
 	PrivateKeyFile = "portainer.key"
 	// PublicKeyFile represents the name on disk of the file containing the public key.
 	PublicKeyFile = "portainer.pub"
-	// BinaryStorePath represents the subfolder where binaries are stored in the file store folder.
-	BinaryStorePath = "bin"
-	// ScheduleStorePath represents the subfolder where schedule files are stored.
-	ScheduleStorePath = "schedules"
-	// ExtensionRegistryManagementStorePath represents the subfolder where files related to the
-	// registry management extension are stored.
-	ExtensionRegistryManagementStorePath = "extensions"
 )
 
 // Service represents a service for managing files and directories.
@@ -73,25 +63,9 @@ func NewService(dataStorePath, fileStorePath string) (*Service, error) {
 		return nil, err
 	}
 
-	err = service.createDirectoryInStore(BinaryStorePath)
-	if err != nil {
-		return nil, err
-	}
-
 	return service, nil
 }
 
-// GetBinaryFolder returns the full path to the binary store on the filesystem
-func (service *Service) GetBinaryFolder() string {
-	return path.Join(service.fileStorePath, BinaryStorePath)
-}
-
-// ExtractExtensionArchive extracts the content of an extension archive
-// specified as raw data into the binary store on the filesystem
-func (service *Service) ExtractExtensionArchive(data []byte) error {
-	return archive.UnzipArchive(data, path.Join(service.fileStorePath, BinaryStorePath))
-}
-
 // RemoveDirectory removes a directory on the filesystem.
 func (service *Service) RemoveDirectory(directoryPath string) error {
 	return os.RemoveAll(directoryPath)
@@ -123,53 +97,6 @@ func (service *Service) StoreStackFileFromBytes(stackIdentifier, fileName string
 	return path.Join(service.fileStorePath, stackStorePath), nil
 }
 
-// GetEdgeStackProjectPath returns the absolute path on the FS for a edge stack based
-// on its identifier.
-func (service *Service) GetEdgeStackProjectPath(edgeStackIdentifier string) string {
-	return path.Join(service.fileStorePath, EdgeStackStorePath, edgeStackIdentifier)
-}
-
-// StoreEdgeStackFileFromBytes creates a subfolder in the EdgeStackStorePath and stores a new file from bytes.
-// It returns the path to the folder where the file is stored.
-func (service *Service) StoreEdgeStackFileFromBytes(edgeStackIdentifier, fileName string, data []byte) (string, error) {
-	stackStorePath := path.Join(EdgeStackStorePath, edgeStackIdentifier)
-	err := service.createDirectoryInStore(stackStorePath)
-	if err != nil {
-		return "", err
-	}
-
-	composeFilePath := path.Join(stackStorePath, fileName)
-	r := bytes.NewReader(data)
-
-	err = service.createFileInStore(composeFilePath, r)
-	if err != nil {
-		return "", err
-	}
-
-	return path.Join(service.fileStorePath, stackStorePath), nil
-}
-
-// StoreRegistryManagementFileFromBytes creates a subfolder in the
-// ExtensionRegistryManagementStorePath and stores a new file from bytes.
-// It returns the path to the folder where the file is stored.
-func (service *Service) StoreRegistryManagementFileFromBytes(folder, fileName string, data []byte) (string, error) {
-	extensionStorePath := path.Join(ExtensionRegistryManagementStorePath, folder)
-	err := service.createDirectoryInStore(extensionStorePath)
-	if err != nil {
-		return "", err
-	}
-
-	file := path.Join(extensionStorePath, fileName)
-	r := bytes.NewReader(data)
-
-	err = service.createFileInStore(file, r)
-	if err != nil {
-		return "", err
-	}
-
-	return path.Join(service.fileStorePath, file), nil
-}
-
 // StoreTLSFileFromBytes creates a folder in the TLSStorePath and stores a new file from bytes.
 // It returns the path to the newly created file.
 func (service *Service) StoreTLSFileFromBytes(folder string, fileType portainer.TLSFileType, data []byte) (string, error) {
@@ -391,32 +318,3 @@ func (service *Service) getContentFromPEMFile(filePath string) ([]byte, error) {
 	block, _ := pem.Decode(fileContent)
 	return block.Bytes, nil
 }
-
-// GetScheduleFolder returns the absolute path on the filesystem for a schedule based
-// on its identifier.
-func (service *Service) GetScheduleFolder(identifier string) string {
-	return path.Join(service.fileStorePath, ScheduleStorePath, identifier)
-}
-
-// StoreScheduledJobFileFromBytes creates a subfolder in the ScheduleStorePath and stores a new file from bytes.
-// It returns the path to the folder where the file is stored.
-func (service *Service) StoreScheduledJobFileFromBytes(identifier string, data []byte) (string, error) {
-	scheduleStorePath := path.Join(ScheduleStorePath, identifier)
-	err := service.createDirectoryInStore(scheduleStorePath)
-	if err != nil {
-		return "", err
-	}
-
-	filePath := path.Join(scheduleStorePath, createScheduledJobFileName(identifier))
-	r := bytes.NewReader(data)
-	err = service.createFileInStore(filePath, r)
-	if err != nil {
-		return "", err
-	}
-
-	return path.Join(service.fileStorePath, filePath), nil
-}
-
-func createScheduledJobFileName(identifier string) string {
-	return "job_" + identifier + ".sh"
-}

api/git/git.go

@@ -1,37 +1,21 @@
 package git
 
 import (
-	"crypto/tls"
-	"net/http"
 	"net/url"
 	"strings"
-	"time"
 
 	"gopkg.in/src-d/go-git.v4"
 	"gopkg.in/src-d/go-git.v4/plumbing"
-	"gopkg.in/src-d/go-git.v4/plumbing/transport/client"
-	githttp "gopkg.in/src-d/go-git.v4/plumbing/transport/http"
 )
 
 // Service represents a service for managing Git.
-type Service struct {
-	httpsCli *http.Client
-}
+type Service struct{}
 
 // NewService initializes a new service.
-func NewService() *Service {
-	httpsCli := &http.Client{
-		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-		},
-		Timeout: 300 * time.Second,
-	}
+func NewService(dataStorePath string) (*Service, error) {
+	service := &Service{}
 
-	client.InstallProtocol("https", githttp.NewClient(httpsCli))
-
-	return &Service{
-		httpsCli: httpsCli,
-	}
+	return service, nil
 }
 
 // ClonePublicRepository clones a public git repository using the specified URL in the specified
@@ -48,7 +32,7 @@ func (service *Service) ClonePrivateRepositoryWithBasicAuth(repositoryURL, refer
 	return cloneRepository(repositoryURL, referenceName, destination)
 }
 
-func cloneRepository(repositoryURL, referenceName, destination string) error {
+func cloneRepository(repositoryURL, referenceName string, destination string) error {
 	options := &git.CloneOptions{
 		URL: repositoryURL,
 	}

api/go.mod

@@ -1,40 +0,0 @@
-module github.com/portainer/portainer/api
-
-go 1.13
-
-require (
-	github.com/Microsoft/go-winio v0.4.14
-	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
-	github.com/boltdb/bolt v1.3.1
-	github.com/containerd/containerd v1.3.1 // indirect
-	github.com/coreos/go-semver v0.3.0
-	github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/docker/cli v0.0.0-20191126203649-54d085b857e9
-	github.com/docker/docker v0.0.0-00010101000000-000000000000
-	github.com/g07cha/defender v0.0.0-20180505193036-5665c627c814
-	github.com/gofrs/uuid v3.2.0+incompatible
-	github.com/gorilla/mux v1.7.3
-	github.com/gorilla/securecookie v1.1.1
-	github.com/gorilla/websocket v1.4.1
-	github.com/imdario/mergo v0.3.8 // indirect
-	github.com/jpillora/chisel v0.0.0-20190724232113-f3a8df20e389
-	github.com/json-iterator/go v1.1.8
-	github.com/koding/websocketproxy v0.0.0-20181220232114-7ed82d81a28c
-	github.com/mattn/go-shellwords v1.0.6 // indirect
-	github.com/mitchellh/mapstructure v1.1.2 // indirect
-	github.com/orcaman/concurrent-map v0.0.0-20190826125027-8c72a8bb44f6
-	github.com/portainer/libcompose v0.5.3
-	github.com/portainer/libcrypto v0.0.0-20190723020515-23ebe86ab2c2
-	github.com/portainer/libhttp v0.0.0-20190806161843-ba068f58be33
-	github.com/robfig/cron/v3 v3.0.0
-	golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1
-	gopkg.in/alecthomas/kingpin.v2 v2.2.6
-	gopkg.in/asn1-ber.v1 v1.0.0-00010101000000-000000000000 // indirect
-	gopkg.in/ldap.v2 v2.5.1
-	gopkg.in/src-d/go-git.v4 v4.13.1
-)
-
-replace github.com/docker/docker => github.com/docker/engine v1.4.2-0.20200204220554-5f6d6f3f2203
-
-replace gopkg.in/asn1-ber.v1 => github.com/go-asn1-ber/asn1-ber v1.3.1

api/go.sum

@@ -1,286 +0,0 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
-github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/Microsoft/go-winio v0.3.8 h1:dvxbxtpTIjdAbx2OtL26p4eq0iEvys/U5yrsTJb3NZI=
-github.com/Microsoft/go-winio v0.3.8/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
-github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/hcsshim v0.8.6 h1:ZfF0+zZeYdzMIVMZHKtDKJvLHj76XCuVae/jNkjj0IA=
-github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
-github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7 h1:uSoVVbwJiQipAclBbw+8quDsfcvFjOpI5iCf4p/cqCs=
-github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/andrew-d/go-termutil v0.0.0-20150726205930-009166a695a2 h1:axBiC50cNZOs7ygH5BgQp4N+aYrZ2DNpWZ1KG3VOSOM=
-github.com/andrew-d/go-termutil v0.0.0-20150726205930-009166a695a2/go.mod h1:jnzFpU88PccN/tPPhCpnNU8mZphvKxYM9lLNkd8e+os=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
-github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
-github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/boltdb/bolt v1.3.1 h1:JQmyP4ZBrce+ZQu0dY660FMfatumYDLun9hBCUVIkF4=
-github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/containerd/containerd v1.3.1 h1:LdbWxLhkAIxGO7h3mATHkyav06WuDs/yTWxIljJOTks=
-github.com/containerd/containerd v1.3.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc h1:TP+534wVlf61smEIq1nwLLAjQVEK2EADoW3CX9AuT+8=
-github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9 h1:74lLNRzvsdIlkTgfDSMuaPjBr4cf6k7pwQQANm/yLKU=
-github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/docker/cli v0.0.0-20190711175710-5b38d82aa076/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/cli v0.0.0-20191126203649-54d085b857e9 h1:Q6D6b2iRKhvtL3Wj9p0SyPOvUDJ1ht62mbiBoNJ3Aus=
-github.com/docker/cli v0.0.0-20191126203649-54d085b857e9/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
-github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker-credential-helpers v0.6.3 h1:zI2p9+1NQYdnG6sMU26EX4aVGlqbInSQxQXLvzJ4RPQ=
-github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
-github.com/docker/engine v1.4.2-0.20191127222017-3152f9436292 h1:qQ7mw+CVWpRj5DWBL4CVHtBbGQdlPCj4j1evDh0ethw=
-github.com/docker/engine v1.4.2-0.20191127222017-3152f9436292/go.mod h1:3CPr2caMgTHxxIAZgEMd3uLYPDlRvPqCpyeRf6ncPcY=
-github.com/docker/engine v1.4.2-0.20200204220554-5f6d6f3f2203 h1:QeBh8wW8pIZKlXxlMOQ8hSCMdJA+2Z/bD/iDyCAS8XU=
-github.com/docker/engine v1.4.2-0.20200204220554-5f6d6f3f2203/go.mod h1:3CPr2caMgTHxxIAZgEMd3uLYPDlRvPqCpyeRf6ncPcY=
-github.com/docker/engine v1.13.1 h1:Cks33UT9YBW5Xyc3MtGDq2IPgqfJtJ+qkFaxc2b0Euc=
-github.com/docker/engine v1.13.1/go.mod h1:3CPr2caMgTHxxIAZgEMd3uLYPDlRvPqCpyeRf6ncPcY=
-github.com/docker/go-connections v0.3.0 h1:3lOnM9cSzgGwx8VfK/NGOW5fLQ0GjIlCkaktF+n1M6o=
-github.com/docker/go-connections v0.3.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
-github.com/docker/go-metrics v0.0.0-20181218153428-b84716841b82 h1:X0fj836zx99zFu83v/M79DuBn84IL/Syx1SY6Y5ZEMA=
-github.com/docker/go-metrics v0.0.0-20181218153428-b84716841b82/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
-github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
-github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4=
-github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg=
-github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/g07cha/defender v0.0.0-20180505193036-5665c627c814 h1:gWvniJ4GbFfkf700kykAImbLiEMU0Q3QN9hQ26Js1pU=
-github.com/g07cha/defender v0.0.0-20180505193036-5665c627c814/go.mod h1:secRm32Ro77eD23BmPVbgLbWN+JWDw7pJszenjxI4bI=
-github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
-github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/go-asn1-ber/asn1-ber v1.3.1 h1:gvPdv/Hr++TRFCl0UbPFHC54P9N9jgsRPnmnr419Uck=
-github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE=
-github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gogo/protobuf v1.1.1 h1:72R+M5VuhED/KujmZVcIquuo8mBgX4oVda//DQb3PXo=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
-github.com/gorilla/mux v0.0.0-20160317213430-0eeaf8392f5b/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
-github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.1 h1:q7AeDBpnBk8AogcD4DSag/Ukw/KV+YhzLj2bP5HvKCM=
-github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/imdario/mergo v0.3.8 h1:CGgOkSJeqMRmt0D9XLWExdT4m4F1vd3FV3VPt+0VxkQ=
-github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
-github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
-github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jpillora/ansi v0.0.0-20170202005112-f496b27cd669 h1:l5rH/CnVVu+HPxjtxjM90nHrm4nov3j3RF9/62UjgLs=
-github.com/jpillora/ansi v0.0.0-20170202005112-f496b27cd669/go.mod h1:kOeLNvjNBGSV3uYtFjvb72+fnZCMFJF1XDvRIjdom0g=
-github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0=
-github.com/jpillora/chisel v0.0.0-20190724232113-f3a8df20e389 h1:K3JsoRqX6C4gmTvY4jqtFGCfK8uToj9DMahciJaoWwE=
-github.com/jpillora/chisel v0.0.0-20190724232113-f3a8df20e389/go.mod h1:wHQUFFnFySoqdAOzjHkTvb4DsVM1h/73PS9l2vnioRM=
-github.com/jpillora/requestlog v0.0.0-20181015073026-df8817be5f82 h1:7ufdyC3aMxFcCv+ABZy/dmIVGKFoGNBCqOgLYPIckD8=
-github.com/jpillora/requestlog v0.0.0-20181015073026-df8817be5f82/go.mod h1:w8buj+yNfmLEP0ENlbG/FRnK6bVmuhqXnukYCs9sDvY=
-github.com/jpillora/sizestr v0.0.0-20160130011556-e2ea2fa42fb9 h1:0c9jcgBtHRtDU//jTrcCgWG6UHjMZytiq/3WhraNgUM=
-github.com/jpillora/sizestr v0.0.0-20160130011556-e2ea2fa42fb9/go.mod h1:1ffp+CRe0eAwwRb0/BownUAjMBsmTLwgAvRbfj9dRwE=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok=
-github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd h1:Coekwdh0v2wtGp9Gmz1Ze3eVRAWJMLokvN3QjdzCHLY=
-github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/koding/websocketproxy v0.0.0-20181220232114-7ed82d81a28c h1:N7A4JCA2G+j5fuFxCsJqjFU/sZe0mj8H0sSoSwbaikw=
-github.com/koding/websocketproxy v0.0.0-20181220232114-7ed82d81a28c/go.mod h1:Nn5wlyECw3iJrzi0AhIWg+AJUb4PlRQVW4/3XHH1LZA=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pty v0.0.0-20150511174710-5cf931ef8f76/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/mattn/go-shellwords v1.0.6 h1:9Jok5pILi5S1MnDirGVTufYGtksUs/V2BWUP3ZkeUUI=
-github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
-github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/microsoft/go-winio v0.4.8 h1:N4SmTFXUK7/jnn/UG/gm2mrHiYu9LVGvtsvULyody/c=
-github.com/microsoft/go-winio v0.4.8/go.mod h1:kcIxxtKZE55DEncT/EOvFiygPobhUWpSDqDb47poQOU=
-github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c h1:nXxl5PrvVm2L/wCy8dQu6DMTwH4oIuGN8GJDAlqDdVE=
-github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420 h1:Yu3681ykYHDfLoI6XVjL4JWmkE+3TX9yfIWwRCh1kFM=
-github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/image-spec v0.0.0-20170515205857-f03dbe35d449 h1:Aq8iG72akPb/kszE7ksZ5ldV+JYPYii/KZOxlpJF07s=
-github.com/opencontainers/image-spec v0.0.0-20170515205857-f03dbe35d449/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/runc v0.0.0-20161109192122-51371867a01c h1:iOMba/KmaXgSX5PFKu1u6s+DZXiq+EzPayawa76w6aA=
-github.com/opencontainers/runc v0.0.0-20161109192122-51371867a01c/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/orcaman/concurrent-map v0.0.0-20190826125027-8c72a8bb44f6 h1:lNCW6THrCKBiJBpz8kbVGjC7MgdCGKwuvBgc7LoD6sw=
-github.com/orcaman/concurrent-map v0.0.0-20190826125027-8c72a8bb44f6/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI=
-github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/portainer/libcompose v0.5.3 h1:tE4WcPuGvo+NKeDkDWpwNavNLZ5GHIJ4RvuZXsI9uI8=
-github.com/portainer/libcompose v0.5.3/go.mod h1:7SKd/ho69rRKHDFSDUwkbMcol2TMKU5OslDsajr8Ro8=
-github.com/portainer/libcrypto v0.0.0-20190723020515-23ebe86ab2c2 h1:0PfgGLys9yHr4rtnirg0W0Cjvv6/DzxBIZk5sV59208=
-github.com/portainer/libcrypto v0.0.0-20190723020515-23ebe86ab2c2/go.mod h1:/wIeGwJOMYc1JplE/OvYMO5korce39HddIfI8VKGyAM=
-github.com/portainer/libhttp v0.0.0-20190806161843-ba068f58be33 h1:H8HR2dHdBf8HANSkUyVw4o8+4tegGcd+zyKZ3e599II=
-github.com/portainer/libhttp v0.0.0-20190806161843-ba068f58be33/go.mod h1:Y2TfgviWI4rT2qaOTHr+hq6MdKIE5YjgQAu7qwptTV0=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.1.0 h1:BQ53HtBmfOitExawJ6LokA4x8ov/z0SYYb0+HxJfRI8=
-github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 h1:S/YWwWx/RA8rT8tKFRuGUZhuA90OyIBpPCXkcbwU8DE=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.6.0 h1:kRhiuYSXR3+uv2IbVbZhUxK5zVD/2pp3Gd2PpvPkpEo=
-github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.3 h1:CTwfnzjQ+8dS6MhHHu4YswVAD99sL2wjPqP+VkURmKE=
-github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
-github.com/robfig/cron/v3 v3.0.0 h1:kQ6Cb7aHOHTSzNVNEhmp8EcWKLb4CbiMW9h9VyIhO4E=
-github.com/robfig/cron/v3 v3.0.0/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
-github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
-github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
-github.com/sirupsen/logrus v1.2.0 h1:juTguoYk5qI21pwyTXY3B3Y5cOTH3ZUyZCg1v/mihuo=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1 h1:GL2rEmy6nsikmW0r8opw9JIRScdMF5hA8cOYLH7In1k=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/src-d/gcfg v1.4.0 h1:xXbNR5AlLSA315x2UO+fTSSAXCDf+Ar38/6oyGbDKQ4=
-github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce h1:fb190+cK2Xz/dvi9Hv8eCYJYvIGUTN2/KLq1pT6CjEc=
-github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4=
-github.com/urfave/cli v1.21.0/go.mod h1:lxDj6qX9Q6lWQxIrbrT0nwecwUtRnhVZAJjJZrVUZZQ=
-github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70=
-github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v1.1.0 h1:ngVtJC9TY/lg0AA/1k48FYhBrhRoFlEmWzsehpNAaZg=
-github.com/xeipuuv/gojsonschema v1.1.0/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181015023909-0c41d7ab0a0e/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 h1:anGSYQpPhQwXlwsu5wmfq0nWkCNaMEMUwAv13Y92hd8=
-golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/net v0.0.0-20181017193950-04a2e542c03f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80 h1:Ao/3l156eZf2AW5wK8a7/smtodRU+gha3+BeqJ69lRk=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181019160139-8e24a49d80f8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3 h1:4y9KwBHBgBNwDbtu44R5o1fdOCQUEXhbk/P4A9WmJq0=
-golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200219091948-cb0a6d8edb6c h1:jceGD5YNJGgGMkJz79agzOln1K9TaZUjv5ird16qniQ=
-golang.org/x/sys v0.0.0-20200219091948-cb0a6d8edb6c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8 h1:Nw54tB0rB7hY/N0NQvRW8DG4Yk3Q6T9cu9RcFQDu1tc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/grpc v1.22.1 h1:/7cs52RnTJmD43s3uxzlq2U7nqVTd/37viQwMrMNlOM=
-google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/ldap.v2 v2.5.1 h1:wiu0okdNfjlBzg6UWvd1Hn8Y+Ux17/u/4nlk4CQr6tU=
-gopkg.in/ldap.v2 v2.5.1/go.mod h1:oI0cpe/D7HRtBQl8aTg+ZmzFUAvu4lsv3eLXMLGFxWk=
-gopkg.in/src-d/go-billy.v4 v4.3.2 h1:0SQA1pRztfTFx2miS8sA97XvooFeNOmvUenF4o0EcVg=
-gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98=
-gopkg.in/src-d/go-git-fixtures.v3 v3.5.0 h1:ivZFOIltbce2Mo8IjzUHAFoq/IylO9WHhNOAJK+LsJg=
-gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g=
-gopkg.in/src-d/go-git.v4 v4.13.1 h1:SRtFyV8Kxc0UP7aCHcijOMQGPxHSmMOPrzulQWolkYE=
-gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8=
-gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
-gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
-gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

api/http/client/client.go

@@ -5,13 +5,12 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
-	"log"
 	"net/http"
 	"net/url"
 	"strings"
 	"time"
 
-	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer"
 )
 
 const (
@@ -88,7 +87,6 @@ func Get(url string, timeout int) ([]byte, error) {
 	defer response.Body.Close()
 
 	if response.StatusCode != http.StatusOK {
-		log.Printf("[ERROR] [http,client] [message: unexpected status code] [status_code: %d]", response.StatusCode)
 		return nil, errInvalidResponseStatus
 	}
 

api/http/handler/auth/authenticate.go

@@ -9,7 +9,7 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
-	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer"
 )
 
 type authenticatePayload struct {
@@ -52,7 +52,7 @@ func (handler *Handler) authenticate(w http.ResponseWriter, r *http.Request) *ht
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve a user with the specified username from the database", err}
 	}
 
-	if err == portainer.ErrObjectNotFound && (settings.AuthenticationMethod == portainer.AuthenticationInternal || settings.AuthenticationMethod == portainer.AuthenticationOAuth) {
+	if err == portainer.ErrObjectNotFound && settings.AuthenticationMethod == portainer.AuthenticationInternal {
 		return &httperror.HandlerError{http.StatusUnprocessableEntity, "Invalid credentials", portainer.ErrUnauthorized}
 	}
 
@@ -79,11 +79,6 @@ func (handler *Handler) authenticateLDAP(w http.ResponseWriter, user *portainer.
 		log.Printf("Warning: unable to automatically add user into teams: %s\n", err.Error())
 	}
 
-	err = handler.AuthorizationService.UpdateUsersAuthorizations()
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to update user authorizations", err}
-	}
-
 	return handler.writeToken(w, user)
 }
 
@@ -103,9 +98,8 @@ func (handler *Handler) authenticateLDAPAndCreateUser(w http.ResponseWriter, use
 	}
 
 	user := &portainer.User{
-		Username:                username,
-		Role:                    portainer.StandardUserRole,
-		PortainerAuthorizations: portainer.DefaultPortainerAuthorizations(),
+		Username: username,
+		Role:     portainer.StandardUserRole,
 	}
 
 	err = handler.UserService.CreateUser(user)
@@ -118,11 +112,6 @@ func (handler *Handler) authenticateLDAPAndCreateUser(w http.ResponseWriter, use
 		log.Printf("Warning: unable to automatically add user into teams: %s\n", err.Error())
 	}
 
-	err = handler.AuthorizationService.UpdateUsersAuthorizations()
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to update user authorizations", err}
-	}
-
 	return handler.writeToken(w, user)
 }
 
@@ -133,10 +122,6 @@ func (handler *Handler) writeToken(w http.ResponseWriter, user *portainer.User)
 		Role:     user.Role,
 	}
 
-	return handler.persistAndWriteToken(w, tokenData)
-}
-
-func (handler *Handler) persistAndWriteToken(w http.ResponseWriter, tokenData *portainer.TokenData) *httperror.HandlerError {
 	token, err := handler.JWTService.GenerateToken(tokenData)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to generate JWT token", err}
@@ -180,7 +165,6 @@ func (handler *Handler) addUserIntoTeams(user *portainer.User, settings *portain
 			}
 		}
 	}
-
 	return nil
 }
 

api/http/handler/auth/authenticate_oauth.go

@@ -1,144 +0,0 @@
-package auth
-
-import (
-	"encoding/json"
-	"io/ioutil"
-	"log"
-	"net/http"
-
-	"github.com/asaskevich/govalidator"
-	httperror "github.com/portainer/libhttp/error"
-	"github.com/portainer/libhttp/request"
-	"github.com/portainer/portainer/api"
-)
-
-type oauthPayload struct {
-	Code string
-}
-
-func (payload *oauthPayload) Validate(r *http.Request) error {
-	if govalidator.IsNull(payload.Code) {
-		return portainer.Error("Invalid OAuth authorization code")
-	}
-	return nil
-}
-
-func (handler *Handler) authenticateThroughExtension(code, licenseKey string, settings *portainer.OAuthSettings) (string, error) {
-	extensionURL := handler.ProxyManager.GetExtensionURL(portainer.OAuthAuthenticationExtension)
-
-	encodedConfiguration, err := json.Marshal(settings)
-	if err != nil {
-		return "", nil
-	}
-
-	req, err := http.NewRequest("GET", extensionURL+"/validate", nil)
-	if err != nil {
-		return "", err
-	}
-
-	client := &http.Client{}
-	req.Header.Set("X-OAuth-Config", string(encodedConfiguration))
-	req.Header.Set("X-OAuth-Code", code)
-	req.Header.Set("X-PortainerExtension-License", licenseKey)
-
-	resp, err := client.Do(req)
-	if err != nil {
-		return "", err
-	}
-
-	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return "", err
-	}
-
-	type extensionResponse struct {
-		Username string `json:"Username,omitempty"`
-		Err      string `json:"err,omitempty"`
-		Details  string `json:"details,omitempty"`
-	}
-
-	var extResp extensionResponse
-	err = json.Unmarshal(body, &extResp)
-	if err != nil {
-		return "", err
-	}
-
-	if resp.StatusCode != http.StatusOK {
-		return "", portainer.Error(extResp.Err + ":" + extResp.Details)
-	}
-
-	return extResp.Username, nil
-}
-
-func (handler *Handler) validateOAuth(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	var payload oauthPayload
-	err := request.DecodeAndValidateJSONPayload(r, &payload)
-	if err != nil {
-		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
-	}
-
-	settings, err := handler.SettingsService.Settings()
-	if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
-	}
-
-	if settings.AuthenticationMethod != 3 {
-		return &httperror.HandlerError{http.StatusForbidden, "OAuth authentication is not enabled", portainer.Error("OAuth authentication is not enabled")}
-	}
-
-	extension, err := handler.ExtensionService.Extension(portainer.OAuthAuthenticationExtension)
-	if err == portainer.ErrObjectNotFound {
-		return &httperror.HandlerError{http.StatusNotFound, "Oauth authentication extension is not enabled", err}
-	} else if err != nil {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to find a extension with the specified identifier inside the database", err}
-	}
-
-	username, err := handler.authenticateThroughExtension(payload.Code, extension.License.LicenseKey, &settings.OAuthSettings)
-	if err != nil {
-		log.Printf("[DEBUG] - OAuth authentication error: %s", err)
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to authenticate through OAuth", portainer.ErrUnauthorized}
-	}
-
-	user, err := handler.UserService.UserByUsername(username)
-	if err != nil && err != portainer.ErrObjectNotFound {
-		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve a user with the specified username from the database", err}
-	}
-
-	if user == nil && !settings.OAuthSettings.OAuthAutoCreateUsers {
-		return &httperror.HandlerError{http.StatusForbidden, "Account not created beforehand in Portainer and automatic user provisioning not enabled", portainer.ErrUnauthorized}
-	}
-
-	if user == nil {
-		user = &portainer.User{
-			Username:                username,
-			Role:                    portainer.StandardUserRole,
-			PortainerAuthorizations: portainer.DefaultPortainerAuthorizations(),
-		}
-
-		err = handler.UserService.CreateUser(user)
-		if err != nil {
-			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist user inside the database", err}
-		}
-
-		if settings.OAuthSettings.DefaultTeamID != 0 {
-			membership := &portainer.TeamMembership{
-				UserID: user.ID,
-				TeamID: settings.OAuthSettings.DefaultTeamID,
-				Role:   portainer.TeamMember,
-			}
-
-			err = handler.TeamMembershipService.CreateTeamMembership(membership)
-			if err != nil {
-				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist team membership inside the database", err}
-			}
-		}
-
-		err = handler.AuthorizationService.UpdateUsersAuthorizations()
-		if err != nil {
-			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to update user authorizations", err}
-		}
-	}
-
-	return handler.writeToken(w, user)
-}