fix out of bounds access

feat(docker/container): run prettier
feat(docker/container): bump DB version to 50
2022-05-30 13:44:55 +12:00 · 2022-05-30 12:12:51 +12:00 · 2022-05-30 11:32:33 +12:00 · 2022-05-27 17:33:56 +08:00 · 2022-05-27 17:32:49 +08:00 · 2022-05-27 17:32:49 +08:00
485 changed files with 6865 additions and 2794 deletions
--- a/api/cli/cli.go
+++ b/api/cli/cli.go
@@ -35,6 +35,7 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 		TunnelPort:                kingpin.Flag("tunnel-port", "Port to serve the tunnel server").Default(defaultTunnelServerPort).String(),
 		Assets:                    kingpin.Flag("assets", "Path to the assets").Default(defaultAssetsDirectory).Short('a').String(),
 		Data:                      kingpin.Flag("data", "Path to the folder where the data is stored").Default(defaultDataDirectory).Short('d').String(),
+		DemoEnvironment:           kingpin.Flag("demo", "Demo environment").Bool(),
 		EndpointURL:               kingpin.Flag("host", "Environment URL").Short('H').String(),
 		FeatureFlags:              BoolPairs(kingpin.Flag("feat", "List of feature flags").Hidden()),
 		EnableEdgeComputeFeatures: kingpin.Flag("edge-compute", "Enable Edge Compute features").Bool(),
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@@ -23,6 +23,7 @@ import (
 	"github.com/portainer/portainer/api/database/boltdb"
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/datastore"
+	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/docker"
 	"github.com/portainer/portainer/api/exec"
 	"github.com/portainer/portainer/api/filesystem"
@@ -572,6 +573,7 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 	openAMTService := openamt.NewService()

 	cryptoService := initCryptoService()
+
 	digitalSignatureService := initDigitalSignatureService()

 	sslService, err := initSSLService(*flags.AddrHTTPS, *flags.SSLCert, *flags.SSLKey, fileService, dataStore, shutdownTrigger)
@@ -607,7 +609,7 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {

 	kubeClusterAccessService := kubernetes.NewKubeClusterAccessService(*flags.BaseURL, *flags.AddrHTTPS, sslSettings.CertPath)

-	proxyManager := proxy.NewManager(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager)
+	proxyManager := proxy.NewManager(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager, gitService)

 	reverseTunnelService.ProxyManager = proxyManager

@@ -634,6 +636,14 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {

 	applicationStatus := initStatus(instanceID)

+	demoService := demo.NewService()
+	if *flags.DemoEnvironment {
+		err := demoService.Init(dataStore, cryptoService)
+		if err != nil {
+			log.Fatalf("failed initializing demo environment: %v", err)
+		}
+	}
+
 	err = initEndpoint(flags, dataStore, snapshotService)
 	if err != nil {
 		logrus.Fatalf("Failed initializing environment: %v", err)
@@ -722,6 +732,7 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		ShutdownCtx:                 shutdownCtx,
 		ShutdownTrigger:             shutdownTrigger,
 		StackDeployer:               stackDeployer,
+		DemoService:                 demoService,
 	}
 }

--- a/api/crypto/tls.go
+++ b/api/crypto/tls.go
@@ -9,7 +9,18 @@ import (
 // CreateServerTLSConfiguration creates a basic tls.Config to be used by servers with recommended TLS settings
 func CreateServerTLSConfiguration() *tls.Config {
 	return &tls.Config{
-		MinVersion: tls.VersionTLS13,
+		MinVersion: tls.VersionTLS12,
+		CipherSuites: []uint16{
+			tls.TLS_AES_128_GCM_SHA256,
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+		},
 	}
 }

--- a/api/datastore/migrator/migrate_ce.go
+++ b/api/datastore/migrator/migrate_ce.go
@@ -100,6 +100,8 @@ func (m *Migrator) Migrate() error {

 		// Portainer 2.13
 		newMigration(40, m.migrateDBVersionToDB40),
+
+		newMigration(50, m.migrateDBVersionToDB50),
 	}

 	var lastDbVersion int
--- a/api/datastore/migrator/migrate_dbversion50.go
+++ b/api/datastore/migrator/migrate_dbversion50.go
@@ -0,0 +1,30 @@
+package migrator
+
+import portainer "github.com/portainer/portainer/api"
+
+func (m *Migrator) migrateDBVersionToDB50() error {
+	if err := m.addGpuInputFieldDB50(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *Migrator) addGpuInputFieldDB50() error {
+	migrateLog.Info("- add gpu input field")
+	endpoints, err := m.endpointService.Endpoints()
+	if err != nil {
+		return err
+	}
+
+	for _, endpoint := range endpoints {
+		endpoint.Gpus = []portainer.Pair{}
+		err = m.endpointService.UpdateEndpoint(endpoint.ID, &endpoint)
+		if err != nil {
+			return err
+		}
+
+	}
+
+	return nil
+}
--- a/api/datastore/test_data/output_35.json
+++ b/api/datastore/test_data/output_35.json
@@ -37,6 +37,7 @@
      "ComposeSyntaxMaxVersion": "",
      "EdgeCheckinInterval": 0,
      "EdgeKey": "",
+      "Gpus": [],
      "GroupId": 1,
      "Id": 1,
      "IsEdgeDevice": false,
@@ -76,6 +77,8 @@
            "Volumes": null
          },
          "DockerVersion": "20.10.13",
+          "GpuUseAll": false,
+          "GpuUseList": null,
          "HealthyContainerCount": 0,
          "ImageCount": 9,
          "NodeCount": 0,
@@ -802,7 +805,7 @@
  ],
  "version": {
    "DB_UPDATING": "false",
-    "DB_VERSION": "35",
+    "DB_VERSION": "50",
    "INSTANCE_ID": "null"
  }
 }
--- a/api/demo/demo.go
+++ b/api/demo/demo.go
@@ -0,0 +1,118 @@
+package demo
+
+import (
+	"log"
+
+	"github.com/pkg/errors"
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/dataservices"
+)
+
+type EnvironmentDetails struct {
+	Enabled      bool                   `json:"enabled"`
+	Users        []portainer.UserID     `json:"users"`
+	Environments []portainer.EndpointID `json:"environments"`
+}
+
+type Service struct {
+	details EnvironmentDetails
+}
+
+func NewService() *Service {
+	return &Service{}
+}
+
+func (service *Service) Details() EnvironmentDetails {
+	return service.details
+}
+
+func (service *Service) Init(store dataservices.DataStore, cryptoService portainer.CryptoService) error {
+	log.Print("[INFO] [main] Starting demo environment")
+
+	isClean, err := isCleanStore(store)
+	if err != nil {
+		return errors.WithMessage(err, "failed checking if store is clean")
+	}
+
+	if !isClean {
+		return errors.New(" Demo environment can only be initialized on a clean database")
+	}
+
+	id, err := initDemoUser(store, cryptoService)
+	if err != nil {
+		return errors.WithMessage(err, "failed creating demo user")
+	}
+
+	endpointIds, err := initDemoEndpoints(store)
+	if err != nil {
+		return errors.WithMessage(err, "failed creating demo endpoint")
+	}
+
+	err = initDemoSettings(store)
+	if err != nil {
+		return errors.WithMessage(err, "failed updating demo settings")
+	}
+
+	service.details = EnvironmentDetails{
+		Enabled: true,
+		Users:   []portainer.UserID{id},
+		// endpoints 2,3 are created after deployment of portainer
+		Environments: endpointIds,
+	}
+
+	return nil
+}
+
+func isCleanStore(store dataservices.DataStore) (bool, error) {
+	endpoints, err := store.Endpoint().Endpoints()
+	if err != nil {
+		return false, err
+	}
+
+	if len(endpoints) > 0 {
+		return false, nil
+	}
+
+	users, err := store.User().Users()
+	if err != nil {
+		return false, err
+	}
+
+	if len(users) > 0 {
+		return false, nil
+	}
+
+	return true, nil
+}
+
+func (service *Service) IsDemo() bool {
+	return service.details.Enabled
+}
+
+func (service *Service) IsDemoEnvironment(environmentID portainer.EndpointID) bool {
+	if !service.IsDemo() {
+		return false
+	}
+
+	for _, demoEndpointID := range service.details.Environments {
+		if environmentID == demoEndpointID {
+			return true
+		}
+	}
+
+	return false
+}
+
+func (service *Service) IsDemoUser(userID portainer.UserID) bool {
+	if !service.IsDemo() {
+		return false
+	}
+
+	for _, demoUserID := range service.details.Users {
+		if userID == demoUserID {
+			return true
+		}
+	}
+
+	return false
+}
--- a/api/demo/init.go
+++ b/api/demo/init.go
@@ -0,0 +1,79 @@
+package demo
+
+import (
+	"github.com/pkg/errors"
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/dataservices"
+)
+
+func initDemoUser(
+	store dataservices.DataStore,
+	cryptoService portainer.CryptoService,
+) (portainer.UserID, error) {
+
+	password, err := cryptoService.Hash("tryportainer")
+	if err != nil {
+		return 0, errors.WithMessage(err, "failed creating password hash")
+	}
+
+	admin := &portainer.User{
+		Username: "admin",
+		Password: password,
+		Role:     portainer.AdministratorRole,
+	}
+
+	err = store.User().Create(admin)
+	return admin.ID, errors.WithMessage(err, "failed creating user")
+}
+
+func initDemoEndpoints(store dataservices.DataStore) ([]portainer.EndpointID, error) {
+	localEndpointId, err := initDemoLocalEndpoint(store)
+	if err != nil {
+		return nil, err
+	}
+
+	// second and third endpoints are going to be created with docker-compose as a part of the demo environment set up.
+	// ref: https://github.com/portainer/portainer-demo/blob/master/docker-compose.yml
+	return []portainer.EndpointID{localEndpointId, localEndpointId + 1, localEndpointId + 2}, nil
+}
+
+func initDemoLocalEndpoint(store dataservices.DataStore) (portainer.EndpointID, error) {
+	id := portainer.EndpointID(store.Endpoint().GetNextIdentifier())
+	localEndpoint := &portainer.Endpoint{
+		ID:        id,
+		Name:      "local",
+		URL:       "unix:///var/run/docker.sock",
+		PublicURL: "demo.portainer.io",
+		Type:      portainer.DockerEnvironment,
+		GroupID:   portainer.EndpointGroupID(1),
+		TLSConfig: portainer.TLSConfiguration{
+			TLS: false,
+		},
+		AuthorizedUsers:    []portainer.UserID{},
+		AuthorizedTeams:    []portainer.TeamID{},
+		UserAccessPolicies: portainer.UserAccessPolicies{},
+		TeamAccessPolicies: portainer.TeamAccessPolicies{},
+		TagIDs:             []portainer.TagID{},
+		Status:             portainer.EndpointStatusUp,
+		Snapshots:          []portainer.DockerSnapshot{},
+		Kubernetes:         portainer.KubernetesDefault(),
+	}
+
+	err := store.Endpoint().Create(localEndpoint)
+	return id, errors.WithMessage(err, "failed creating local endpoint")
+}
+
+func initDemoSettings(
+	store dataservices.DataStore,
+) error {
+	settings, err := store.Settings().Settings()
+	if err != nil {
+		return errors.WithMessage(err, "failed fetching settings")
+	}
+
+	settings.EnableTelemetry = false
+	settings.LogoURL = ""
+
+	err = store.Settings().UpdateSettings(settings)
+	return errors.WithMessage(err, "failed updating settings")
+}
--- a/api/docker/snapshot.go
+++ b/api/docker/snapshot.go
@@ -7,9 +7,10 @@ import (
 	"time"

 	"github.com/docker/docker/api/types"
+	contypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/client"
-	"github.com/portainer/portainer/api"
+	portainer "github.com/portainer/portainer/api"
 )

 // Snapshotter represents a service used to create environment(endpoint) snapshots
@@ -154,11 +155,40 @@ func snapshotContainers(snapshot *portainer.DockerSnapshot, cli *client.Client)
 	healthyContainers := 0
 	unhealthyContainers := 0
 	stacks := make(map[string]struct{})
+	gpuUseSet := make(map[string]struct{})
+	gpuUseAll := false
 	for _, container := range containers {
 		if container.State == "exited" {
 			stoppedContainers++
 		} else if container.State == "running" {
 			runningContainers++
+
+			// snapshot GPUs
+			response, err := cli.ContainerInspect(context.Background(), container.ID)
+			if err != nil {
+				return err
+			}
+
+			var gpuOptions *contypes.DeviceRequest = nil
+			for _, deviceRequest := range response.HostConfig.Resources.DeviceRequests {
+				var cap string
+				if len(deviceRequest.Capabilities) > 0 && len(deviceRequest.Capabilities[0]) > 0 {
+					cap = deviceRequest.Capabilities[0][0]
+				}
+
+				if deviceRequest.Driver == "nvidia" || cap == "gpu" {
+					gpuOptions = &deviceRequest
+				}
+			}
+
+			if gpuOptions != nil {
+				if gpuOptions.Count == -1 {
+					gpuUseAll = true
+				}
+				for _, id := range gpuOptions.DeviceIDs {
+					gpuUseSet[id] = struct{}{}
+				}
+			}
 		}

 		if strings.Contains(container.Status, "(healthy)") {
@@ -174,6 +204,14 @@ func snapshotContainers(snapshot *portainer.DockerSnapshot, cli *client.Client)
 		}
 	}

+	gpuUseList := make([]string, 0, len(gpuUseSet))
+	for gpuUse := range gpuUseSet {
+		gpuUseList = append(gpuUseList, gpuUse)
+	}
+
+	snapshot.GpuUseAll = gpuUseAll
+	snapshot.GpuUseList = gpuUseList
+
 	snapshot.RunningContainerCount = runningContainers
 	snapshot.StoppedContainerCount = stoppedContainers
 	snapshot.HealthyContainerCount = healthyContainers
--- a/api/git/azure.go
+++ b/api/git/azure.go
@@ -108,12 +108,12 @@ func (a *azureDownloader) latestCommitID(ctx context.Context, options fetchOptio
 		return "", errors.WithMessage(err, "failed to parse url")
 	}

-	refsUrl, err := a.buildRefsUrl(config, options.referenceName)
+	rootItemUrl, err := a.buildRootItemUrl(config, options.referenceName)
 	if err != nil {
-		return "", errors.WithMessage(err, "failed to build azure refs url")
+		return "", errors.WithMessage(err, "failed to build azure root item url")
 	}

-	req, err := http.NewRequestWithContext(ctx, "GET", refsUrl, nil)
+	req, err := http.NewRequestWithContext(ctx, "GET", rootItemUrl, nil)
 	if options.username != "" || options.password != "" {
 		req.SetBasicAuth(options.username, options.password)
 	} else if config.username != "" || config.password != "" {
@@ -131,26 +131,24 @@ func (a *azureDownloader) latestCommitID(ctx context.Context, options fetchOptio
 	defer resp.Body.Close()

 	if resp.StatusCode != http.StatusOK {
-		return "", fmt.Errorf("failed to get repository refs with a status \"%v\"", resp.Status)
+		return "", fmt.Errorf("failed to get repository root item with a status \"%v\"", resp.Status)
 	}

-	var refs struct {
+	var items struct {
 		Value []struct {
-			Name     string `json:"name"`
-			ObjectId string `json:"objectId"`
-		}
-	}
-	if err := json.NewDecoder(resp.Body).Decode(&refs); err != nil {
-		return "", errors.Wrap(err, "could not parse Azure Refs response")
-	}
-
-	for _, ref := range refs.Value {
-		if strings.EqualFold(ref.Name, options.referenceName) {
-			return ref.ObjectId, nil
+			CommitId string `json:"commitId"`
 		}
 	}

-	return "", errors.Errorf("could not find ref %q in the repository", options.referenceName)
+	if err := json.NewDecoder(resp.Body).Decode(&items); err != nil {
+		return "", errors.Wrap(err, "could not parse Azure items response")
+	}
+
+	if len(items.Value) == 0 || items.Value[0].CommitId == "" {
+		return "", errors.Errorf("failed to get latest commitID in the repository")
+	}
+
+	return items.Value[0].CommitId, nil
 }

 func parseUrl(rawUrl string) (*azureOptions, error) {
@@ -236,8 +234,10 @@ func (a *azureDownloader) buildDownloadUrl(config *azureOptions, referenceName s
 	// scopePath=/&download=true&versionDescriptor.version=main&$format=zip&recursionLevel=full&api-version=6.0
 	q.Set("scopePath", "/")
 	q.Set("download", "true")
-	q.Set("versionDescriptor.versionType", getVersionType(referenceName))
-	q.Set("versionDescriptor.version", formatReferenceName(referenceName))
+	if referenceName != "" {
+		q.Set("versionDescriptor.versionType", getVersionType(referenceName))
+		q.Set("versionDescriptor.version", formatReferenceName(referenceName))
+	}
 	q.Set("$format", "zip")
 	q.Set("recursionLevel", "full")
 	q.Set("api-version", "6.0")
@@ -246,8 +246,8 @@ func (a *azureDownloader) buildDownloadUrl(config *azureOptions, referenceName s
 	return u.String(), nil
 }

-func (a *azureDownloader) buildRefsUrl(config *azureOptions, referenceName string) (string, error) {
-	rawUrl := fmt.Sprintf("%s/%s/%s/_apis/git/repositories/%s/refs",
+func (a *azureDownloader) buildRootItemUrl(config *azureOptions, referenceName string) (string, error) {
+	rawUrl := fmt.Sprintf("%s/%s/%s/_apis/git/repositories/%s/items",
 		a.baseUrl,
 		url.PathEscape(config.organisation),
 		url.PathEscape(config.project),
@@ -255,12 +255,15 @@ func (a *azureDownloader) buildRefsUrl(config *azureOptions, referenceName strin
 	u, err := url.Parse(rawUrl)

 	if err != nil {
-		return "", errors.Wrapf(err, "failed to parse refs url path %s", rawUrl)
+		return "", errors.Wrapf(err, "failed to parse root item url path %s", rawUrl)
 	}

-	// filterContains=main&api-version=6.0
 	q := u.Query()
-	q.Set("filterContains", formatReferenceName(referenceName))
+	q.Set("scopePath", "/")
+	if referenceName != "" {
+		q.Set("versionDescriptor.versionType", getVersionType(referenceName))
+		q.Set("versionDescriptor.version", formatReferenceName(referenceName))
+	}
 	q.Set("api-version", "6.0")
 	u.RawQuery = q.Encode()

--- a/api/git/azure_test.go
+++ b/api/git/azure_test.go
@@ -28,15 +28,15 @@ func Test_buildDownloadUrl(t *testing.T) {
 	}
 }

-func Test_buildRefsUrl(t *testing.T) {
+func Test_buildRootItemUrl(t *testing.T) {
 	a := NewAzureDownloader(nil)
-	u, err := a.buildRefsUrl(&azureOptions{
+	u, err := a.buildRootItemUrl(&azureOptions{
 		organisation: "organisation",
 		project:      "project",
 		repository:   "repository",
 	}, "refs/heads/main")

-	expectedUrl, _ := url.Parse("https://dev.azure.com/organisation/project/_apis/git/repositories/repository/refs?filterContains=main&api-version=6.0")
+	expectedUrl, _ := url.Parse("https://dev.azure.com/organisation/project/_apis/git/repositories/repository/items?scopePath=/&api-version=6.0&versionDescriptor.version=main&versionDescriptor.versionType=branch")
 	actualUrl, _ := url.Parse(u)
 	assert.NoError(t, err)
 	assert.Equal(t, expectedUrl.Host, actualUrl.Host)
@@ -270,63 +270,17 @@ func Test_azureDownloader_downloadZipFromAzureDevOps(t *testing.T) {
 func Test_azureDownloader_latestCommitID(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		response := `{
-			"value": [
-				{
-					"name": "refs/heads/feature/calcApp",
-					"objectId": "ffe9cba521f00d7f60e322845072238635edb451",
-					"creator": {
-						"displayName": "Normal Paulk",
-						"url": "https://vssps.dev.azure.com/fabrikam/_apis/Identities/ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
-						"_links": {
-							"avatar": {
-								"href": "https://dev.azure.com/fabrikam/_apis/GraphProfile/MemberAvatars/aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
-							}
-						},
-						"id": "ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
-						"uniqueName": "dev@mailserver.com",
-						"imageUrl": "https://dev.azure.com/fabrikam/_api/_common/identityImage?id=ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
-						"descriptor": "aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
-					},
-					"url": "https://dev.azure.com/fabrikam/7484f783-66a3-4f27-b7cd-6b08b0b077ed/_apis/git/repositories/d3d1760b-311c-4175-a726-20dfc6a7f885/refs?filter=heads%2Ffeature%2FcalcApp"
-				},
-				{
-					"name": "refs/heads/feature/replacer",
-					"objectId": "917131a709996c5cfe188c3b57e9a6ad90e8b85c",
-					"creator": {
-						"displayName": "Normal Paulk",
-						"url": "https://vssps.dev.azure.com/fabrikam/_apis/Identities/ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
-						"_links": {
-							"avatar": {
-								"href": "https://dev.azure.com/fabrikam/_apis/GraphProfile/MemberAvatars/aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
-							}
-						},
-						"id": "ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
-						"uniqueName": "dev@mailserver.com",
-						"imageUrl": "https://dev.azure.com/fabrikam/_api/_common/identityImage?id=ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
-						"descriptor": "aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
-					},
-					"url": "https://dev.azure.com/fabrikam/7484f783-66a3-4f27-b7cd-6b08b0b077ed/_apis/git/repositories/d3d1760b-311c-4175-a726-20dfc6a7f885/refs?filter=heads%2Ffeature%2Freplacer"
-				},
-				{
-					"name": "refs/heads/master",
-					"objectId": "ffe9cba521f00d7f60e322845072238635edb451",
-					"creator": {
-						"displayName": "Normal Paulk",
-						"url": "https://vssps.dev.azure.com/fabrikam/_apis/Identities/ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
-						"_links": {
-							"avatar": {
-								"href": "https://dev.azure.com/fabrikam/_apis/GraphProfile/MemberAvatars/aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
-							}
-						},
-						"id": "ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
-						"uniqueName": "dev@mailserver.com",
-						"imageUrl": "https://dev.azure.com/fabrikam/_api/_common/identityImage?id=ac5aaba6-a66a-4e1d-b508-b060ec624fa9",
-						"descriptor": "aad.YmFjMGYyZDctNDA3ZC03OGRhLTlhMjUtNmJhZjUwMWFjY2U5"
-					},
-					"url": "https://dev.azure.com/fabrikam/7484f783-66a3-4f27-b7cd-6b08b0b077ed/_apis/git/repositories/d3d1760b-311c-4175-a726-20dfc6a7f885/refs?filter=heads%2Fmaster"
-				}
-			],
-			"count": 3
+		  "count": 1,
+		  "value": [
+			{
+			  "objectId": "1a5630f017127db7de24d8771da0f536ff98fc9b",
+			  "gitObjectType": "tree",
+			  "commitId": "27104ad7549d9e66685e115a497533f18024be9c",
+			  "path": "/",
+			  "isFolder": true,
+			  "url": "https://dev.azure.com/simonmeng0474/4b546a97-c481-4506-bdd5-976e9592f91a/_apis/git/repositories/a22247ad-053f-43bc-88a7-62ff4846bb97/items?path=%2F&versionType=Branch&versionOptions=None"
+			}
+		  ]
 		}`
 		w.Header().Set("Content-Type", "application/json")
 		w.Write([]byte(response))
@@ -347,19 +301,11 @@ func Test_azureDownloader_latestCommitID(t *testing.T) {
 		{
 			name: "should be able to parse response",
 			args: fetchOptions{
-				referenceName: "refs/heads/master",
+				referenceName: "",
 				repositoryUrl: "https://dev.azure.com/Organisation/Project/_git/Repository"},
-			want:    "ffe9cba521f00d7f60e322845072238635edb451",
+			want:    "27104ad7549d9e66685e115a497533f18024be9c",
 			wantErr: false,
 		},
-		{
-			name: "should be able to parse response",
-			args: fetchOptions{
-				referenceName: "refs/heads/unknown",
-				repositoryUrl: "https://dev.azure.com/Organisation/Project/_git/Repository"},
-			want:    "",
-			wantErr: true,
-		},
 	}

 	for _, tt := range tests {
--- a/api/git/git.go
+++ b/api/git/git.go
@@ -82,8 +82,17 @@ func (c gitClient) latestCommitID(ctx context.Context, opt fetchOptions) (string
 		return "", errors.Wrap(err, "failed to list repository refs")
 	}

+	referenceName := opt.referenceName
+	if referenceName == "" {
+		for _, ref := range refs {
+			if strings.EqualFold(ref.Name().String(), "HEAD") {
+				referenceName = ref.Target().String()
+			}
+		}
+	}
+
 	for _, ref := range refs {
-		if strings.EqualFold(ref.Name().String(), opt.referenceName) {
+		if strings.EqualFold(ref.Name().String(), referenceName) {
 			return ref.Hash().String(), nil
 		}
 	}
--- a/api/http/errors/errors.go
+++ b/api/http/errors/errors.go
@@ -9,4 +9,6 @@ var (
 	ErrUnauthorized = errors.New("Unauthorized")
 	// ErrResourceAccessDenied Access denied to resource error
 	ErrResourceAccessDenied = errors.New("Access denied to resource")
+	// ErrNotAvailableInDemo feature is not allowed in demo
+	ErrNotAvailableInDemo = errors.New("This feature is not available in the demo version of Portainer")
 )
--- a/api/http/handler/backup/backup_test.go
+++ b/api/http/handler/backup/backup_test.go
@@ -18,6 +18,7 @@ import (
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/portainer/portainer/api/adminmonitor"
 	"github.com/portainer/portainer/api/crypto"
+	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/offlinegate"
 	i "github.com/portainer/portainer/api/internal/testhelpers"
 	"github.com/stretchr/testify/assert"
@@ -49,7 +50,7 @@ func Test_backupHandlerWithoutPassword_shouldCreateATarballArchive(t *testing.T)
 	gate := offlinegate.NewOfflineGate()
 	adminMonitor := adminmonitor.New(time.Hour, nil, context.Background())

-	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor).backup(w, r)
+	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor, &demo.Service{}).backup(w, r)
 	assert.Nil(t, handlerErr, "Handler should not fail")

 	response := w.Result()
@@ -86,7 +87,7 @@ func Test_backupHandlerWithPassword_shouldCreateEncryptedATarballArchive(t *test
 	gate := offlinegate.NewOfflineGate()
 	adminMonitor := adminmonitor.New(time.Hour, nil, nil)

-	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor).backup(w, r)
+	handlerErr := NewHandler(nil, i.NewDatastore(), gate, "./test_assets/handler_test", func() {}, adminMonitor, &demo.Service{}).backup(w, r)
 	assert.Nil(t, handlerErr, "Handler should not fail")

 	response := w.Result()
--- a/api/http/handler/backup/handler.go
+++ b/api/http/handler/backup/handler.go
@@ -9,6 +9,8 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/adminmonitor"
 	"github.com/portainer/portainer/api/dataservices"
+	"github.com/portainer/portainer/api/demo"
+	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/offlinegate"
 	"github.com/portainer/portainer/api/http/security"
 )
@@ -25,7 +27,17 @@ type Handler struct {
 }

 // NewHandler creates an new instance of backup handler
-func NewHandler(bouncer *security.RequestBouncer, dataStore dataservices.DataStore, gate *offlinegate.OfflineGate, filestorePath string, shutdownTrigger context.CancelFunc, adminMonitor *adminmonitor.Monitor) *Handler {
+func NewHandler(
+	bouncer *security.RequestBouncer,
+	dataStore dataservices.DataStore,
+	gate *offlinegate.OfflineGate,
+	filestorePath string,
+	shutdownTrigger context.CancelFunc,
+	adminMonitor *adminmonitor.Monitor,
+	demoService *demo.Service,
+
+) *Handler {
+
 	h := &Handler{
 		Router:          mux.NewRouter(),
 		bouncer:         bouncer,
@@ -36,8 +48,11 @@ func NewHandler(bouncer *security.RequestBouncer, dataStore dataservices.DataSto
 		adminMonitor:    adminMonitor,
 	}

-	h.Handle("/backup", bouncer.RestrictedAccess(adminAccess(httperror.LoggerHandler(h.backup)))).Methods(http.MethodPost)
-	h.Handle("/restore", bouncer.PublicAccess(httperror.LoggerHandler(h.restore))).Methods(http.MethodPost)
+	demoRestrictedRouter := h.NewRoute().Subrouter()
+	demoRestrictedRouter.Use(middlewares.RestrictDemoEnv(demoService.IsDemo))
+
+	demoRestrictedRouter.Handle("/backup", bouncer.RestrictedAccess(adminAccess(httperror.LoggerHandler(h.backup)))).Methods(http.MethodPost)
+	demoRestrictedRouter.Handle("/restore", bouncer.PublicAccess(httperror.LoggerHandler(h.restore))).Methods(http.MethodPost)

 	return h
 }
@@ -50,7 +65,7 @@ func adminAccess(next http.Handler) http.Handler {
 		}

 		if !securityContext.IsAdmin {
-			httperror.WriteError(w, http.StatusUnauthorized, "User is not authorized to perfom the action", nil)
+			httperror.WriteError(w, http.StatusUnauthorized, "User is not authorized to perform the action", nil)
 		}

 		next.ServeHTTP(w, r)
--- a/api/http/handler/backup/restore_test.go
+++ b/api/http/handler/backup/restore_test.go
@@ -14,6 +14,7 @@ import (

 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/adminmonitor"
+	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/offlinegate"
 	i "github.com/portainer/portainer/api/internal/testhelpers"
 	"github.com/stretchr/testify/assert"
@@ -51,7 +52,7 @@ func Test_restoreArchive_usingCombinationOfPasswords(t *testing.T) {
 			datastore := i.NewDatastore(i.WithUsers([]portainer.User{}), i.WithEdgeJobs([]portainer.EdgeJob{}))
 			adminMonitor := adminmonitor.New(time.Hour, datastore, context.Background())

-			h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor)
+			h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor, &demo.Service{})

 			//backup
 			archive := backup(t, h, test.backupPassword)
@@ -74,7 +75,7 @@ func Test_restoreArchive_shouldFailIfSystemWasAlreadyInitialized(t *testing.T) {
 	datastore := i.NewDatastore(i.WithUsers([]portainer.User{admin}), i.WithEdgeJobs([]portainer.EdgeJob{}))
 	adminMonitor := adminmonitor.New(time.Hour, datastore, context.Background())

-	h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor)
+	h := NewHandler(nil, datastore, offlinegate.NewOfflineGate(), "./test_assets/handler_test", func() {}, adminMonitor, &demo.Service{})

 	//backup
 	archive := backup(t, h, "password")
--- a/api/http/handler/edgestacks/edgestack_test.go
+++ b/api/http/handler/edgestacks/edgestack_test.go
@@ -0,0 +1,924 @@
+package edgestacks
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"reflect"
+	"strconv"
+	"testing"
+	"time"
+
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/apikey"
+	"github.com/portainer/portainer/api/dataservices"
+	"github.com/portainer/portainer/api/datastore"
+	"github.com/portainer/portainer/api/filesystem"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/jwt"
+)
+
+type gitService struct {
+	cloneErr error
+	id       string
+}
+
+func (g *gitService) CloneRepository(destination, repositoryURL, referenceName, username, password string) error {
+	return g.cloneErr
+}
+
+func (g *gitService) LatestCommitID(repositoryURL, referenceName, username, password string) (string, error) {
+	return g.id, nil
+}
+
+// Helpers
+func setupHandler(t *testing.T) (*Handler, string, func()) {
+	t.Helper()
+
+	_, store, storeTeardown := datastore.MustNewTestStore(true, true)
+
+	jwtService, err := jwt.NewService("1h", store)
+	if err != nil {
+		storeTeardown()
+		t.Fatal(err)
+	}
+
+	user := &portainer.User{ID: 2, Username: "admin", Role: portainer.AdministratorRole}
+	err = store.User().Create(user)
+	if err != nil {
+		storeTeardown()
+		t.Fatal(err)
+	}
+
+	apiKeyService := apikey.NewAPIKeyService(store.APIKeyRepository(), store.User())
+	rawAPIKey, _, err := apiKeyService.GenerateApiKey(*user, "test")
+	if err != nil {
+		storeTeardown()
+		t.Fatal(err)
+	}
+
+	handler := NewHandler(
+		security.NewRequestBouncer(store, jwtService, apiKeyService),
+		store,
+	)
+
+	tmpDir, err := os.MkdirTemp(os.TempDir(), "portainer-test")
+	if err != nil {
+		storeTeardown()
+		t.Fatal(err)
+	}
+
+	fs, err := filesystem.NewService(tmpDir, "")
+	if err != nil {
+		storeTeardown()
+		t.Fatal(err)
+	}
+	handler.FileService = fs
+
+	settings, err := handler.DataStore.Settings().Settings()
+	if err != nil {
+		t.Fatal(err)
+	}
+	settings.EnableEdgeComputeFeatures = true
+
+	err = handler.DataStore.Settings().UpdateSettings(settings)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	handler.GitService = &gitService{errors.New("Clone error"), "git-service-id"}
+
+	return handler, rawAPIKey, storeTeardown
+}
+
+func createEndpoint(t *testing.T, store dataservices.DataStore) portainer.Endpoint {
+	t.Helper()
+
+	endpointID := portainer.EndpointID(5)
+	endpoint := portainer.Endpoint{
+		ID:              endpointID,
+		Name:            "test-endpoint-" + strconv.Itoa(int(endpointID)),
+		Type:            portainer.EdgeAgentOnDockerEnvironment,
+		URL:             "https://portainer.io:9443",
+		EdgeID:          "edge-id",
+		LastCheckInDate: time.Now().Unix(),
+	}
+
+	err := store.Endpoint().Create(&endpoint)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return endpoint
+}
+
+func createEdgeStack(t *testing.T, store dataservices.DataStore, endpointID portainer.EndpointID) portainer.EdgeStack {
+	t.Helper()
+
+	edgeGroup := portainer.EdgeGroup{
+		ID:           1,
+		Name:         "EdgeGroup 1",
+		Dynamic:      false,
+		TagIDs:       nil,
+		Endpoints:    []portainer.EndpointID{endpointID},
+		PartialMatch: false,
+	}
+
+	err := store.EdgeGroup().Create(&edgeGroup)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	edgeStackID := portainer.EdgeStackID(14)
+	edgeStack := portainer.EdgeStack{
+		ID:   edgeStackID,
+		Name: "test-edge-stack-" + strconv.Itoa(int(edgeStackID)),
+		Status: map[portainer.EndpointID]portainer.EdgeStackStatus{
+			endpointID: {Type: portainer.StatusOk, Error: "", EndpointID: endpointID},
+		},
+		CreationDate:   time.Now().Unix(),
+		EdgeGroups:     []portainer.EdgeGroupID{edgeGroup.ID},
+		ProjectPath:    "/project/path",
+		EntryPoint:     "entrypoint",
+		Version:        237,
+		ManifestPath:   "/manifest/path",
+		DeploymentType: portainer.EdgeStackDeploymentKubernetes,
+	}
+
+	endpointRelation := portainer.EndpointRelation{
+		EndpointID: endpointID,
+		EdgeStacks: map[portainer.EdgeStackID]bool{
+			edgeStack.ID: true,
+		},
+	}
+
+	err = store.EdgeStack().Create(edgeStack.ID, &edgeStack)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	err = store.EndpointRelation().Create(&endpointRelation)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	return edgeStack
+}
+
+// Inspect
+func TestInspectInvalidEdgeID(t *testing.T) {
+	handler, rawAPIKey, teardown := setupHandler(t)
+	defer teardown()
+
+	cases := []struct {
+		Name               string
+		EdgeStackID        string
+		ExpectedStatusCode int
+	}{
+		{"Invalid EdgeStackID", "x", 400},
+		{"Non-existing EdgeStackID", "5", 404},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.Name, func(t *testing.T) {
+			req, err := http.NewRequest(http.MethodGet, "/edge_stacks/"+tc.EdgeStackID, nil)
+			if err != nil {
+				t.Fatal("request error:", err)
+			}
+
+			req.Header.Add("x-api-key", rawAPIKey)
+			rec := httptest.NewRecorder()
+			handler.ServeHTTP(rec, req)
+
+			if rec.Code != tc.ExpectedStatusCode {
+				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
+			}
+		})
+	}
+}
+
+// Create
+func TestCreateAndInspect(t *testing.T) {
+	handler, rawAPIKey, teardown := setupHandler(t)
+	defer teardown()
+
+	// Create Endpoint, EdgeGroup and EndpointRelation
+	endpoint := createEndpoint(t, handler.DataStore)
+	edgeGroup := portainer.EdgeGroup{
+		ID:           1,
+		Name:         "EdgeGroup 1",
+		Dynamic:      false,
+		TagIDs:       nil,
+		Endpoints:    []portainer.EndpointID{endpoint.ID},
+		PartialMatch: false,
+	}
+
+	err := handler.DataStore.EdgeGroup().Create(&edgeGroup)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	endpointRelation := portainer.EndpointRelation{
+		EndpointID: endpoint.ID,
+		EdgeStacks: map[portainer.EdgeStackID]bool{},
+	}
+
+	err = handler.DataStore.EndpointRelation().Create(&endpointRelation)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	payload := swarmStackFromFileContentPayload{
+		Name:             "Test Stack",
+		StackFileContent: "stack content",
+		EdgeGroups:       []portainer.EdgeGroupID{1},
+		DeploymentType:   portainer.EdgeStackDeploymentCompose,
+	}
+
+	jsonPayload, err := json.Marshal(payload)
+	if err != nil {
+		t.Fatal("JSON marshal error:", err)
+	}
+	r := bytes.NewBuffer(jsonPayload)
+
+	// Create EdgeStack
+	req, err := http.NewRequest(http.MethodPost, "/edge_stacks?method=string", r)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+	req.Header.Add("x-api-key", rawAPIKey)
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
+	}
+
+	data := portainer.EdgeStack{}
+	err = json.NewDecoder(rec.Body).Decode(&data)
+	if err != nil {
+		t.Fatal("error decoding response:", err)
+	}
+
+	// Inspect
+	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", data.ID), nil)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	req.Header.Add("x-api-key", rawAPIKey)
+	rec = httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
+	}
+
+	data = portainer.EdgeStack{}
+	err = json.NewDecoder(rec.Body).Decode(&data)
+	if err != nil {
+		t.Fatal("error decoding response:", err)
+	}
+
+	if payload.Name != data.Name {
+		t.Fatalf(fmt.Sprintf("expected EdgeStack Name %s, found %s", payload.Name, data.Name))
+	}
+}
+
+func TestCreateWithInvalidPayload(t *testing.T) {
+	handler, rawAPIKey, teardown := setupHandler(t)
+	defer teardown()
+
+	endpoint := createEndpoint(t, handler.DataStore)
+	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
+
+	cases := []struct {
+		Name               string
+		Payload            interface{}
+		QueryString        string
+		ExpectedStatusCode int
+	}{
+		{
+			Name:               "Invalid query string parameter",
+			Payload:            swarmStackFromFileContentPayload{},
+			QueryString:        "invalid=query-string",
+			ExpectedStatusCode: 400,
+		},
+		{
+			Name:               "Invalid creation method",
+			Payload:            swarmStackFromFileContentPayload{},
+			QueryString:        "method=invalid-creation-method",
+			ExpectedStatusCode: 500,
+		},
+		{
+			Name:               "Empty swarmStackFromFileContentPayload with string method",
+			Payload:            swarmStackFromFileContentPayload{},
+			QueryString:        "method=string",
+			ExpectedStatusCode: 500,
+		},
+		{
+			Name:               "Empty swarmStackFromFileContentPayload with repository method",
+			Payload:            swarmStackFromFileContentPayload{},
+			QueryString:        "method=repository",
+			ExpectedStatusCode: 500,
+		},
+		{
+			Name:               "Empty swarmStackFromFileContentPayload with file method",
+			Payload:            swarmStackFromFileContentPayload{},
+			QueryString:        "method=file",
+			ExpectedStatusCode: 500,
+		},
+		{
+			Name: "Duplicated EdgeStack Name",
+			Payload: swarmStackFromFileContentPayload{
+				Name:             edgeStack.Name,
+				StackFileContent: "content",
+				EdgeGroups:       edgeStack.EdgeGroups,
+				DeploymentType:   edgeStack.DeploymentType,
+			},
+			QueryString:        "method=string",
+			ExpectedStatusCode: 500,
+		},
+		{
+			Name: "Empty EdgeStack Groups",
+			Payload: swarmStackFromFileContentPayload{
+				Name:             edgeStack.Name,
+				StackFileContent: "content",
+				EdgeGroups:       []portainer.EdgeGroupID{},
+				DeploymentType:   edgeStack.DeploymentType,
+			},
+			QueryString:        "method=string",
+			ExpectedStatusCode: 500,
+		},
+		{
+			Name: "EdgeStackDeploymentKubernetes with Docker endpoint",
+			Payload: swarmStackFromFileContentPayload{
+				Name:             "Stack name",
+				StackFileContent: "content",
+				EdgeGroups:       []portainer.EdgeGroupID{1},
+				DeploymentType:   portainer.EdgeStackDeploymentKubernetes,
+			},
+			QueryString:        "method=string",
+			ExpectedStatusCode: 500,
+		},
+		{
+			Name: "Empty Stack File Content",
+			Payload: swarmStackFromFileContentPayload{
+				Name:             "Stack name",
+				StackFileContent: "",
+				EdgeGroups:       []portainer.EdgeGroupID{1},
+				DeploymentType:   portainer.EdgeStackDeploymentCompose,
+			},
+			QueryString:        "method=string",
+			ExpectedStatusCode: 500,
+		},
+		{
+			Name: "Clone Git respository error",
+			Payload: swarmStackFromGitRepositoryPayload{
+				Name:                     "Stack name",
+				RepositoryURL:            "github.com/portainer/portainer",
+				RepositoryReferenceName:  "ref name",
+				RepositoryAuthentication: false,
+				RepositoryUsername:       "",
+				RepositoryPassword:       "",
+				FilePathInRepository:     "/file/path",
+				EdgeGroups:               []portainer.EdgeGroupID{1},
+				DeploymentType:           portainer.EdgeStackDeploymentCompose,
+			},
+			QueryString:        "method=repository",
+			ExpectedStatusCode: 500,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.Name, func(t *testing.T) {
+			jsonPayload, err := json.Marshal(tc.Payload)
+			if err != nil {
+				t.Fatal("JSON marshal error:", err)
+			}
+			r := bytes.NewBuffer(jsonPayload)
+
+			// Create EdgeStack
+			req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("/edge_stacks?%s", tc.QueryString), r)
+			if err != nil {
+				t.Fatal("request error:", err)
+			}
+
+			req.Header.Add("x-api-key", rawAPIKey)
+			rec := httptest.NewRecorder()
+			handler.ServeHTTP(rec, req)
+
+			if rec.Code != tc.ExpectedStatusCode {
+				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
+			}
+		})
+	}
+}
+
+// Delete
+func TestDeleteAndInspect(t *testing.T) {
+	handler, rawAPIKey, teardown := setupHandler(t)
+	defer teardown()
+
+	// Create
+	endpoint := createEndpoint(t, handler.DataStore)
+	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
+
+	// Inspect
+	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	req.Header.Add("x-api-key", rawAPIKey)
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
+	}
+
+	data := portainer.EdgeStack{}
+	err = json.NewDecoder(rec.Body).Decode(&data)
+	if err != nil {
+		t.Fatal("error decoding response:", err)
+	}
+
+	if data.ID != edgeStack.ID {
+		t.Fatalf(fmt.Sprintf("expected EdgeStackID %d, found %d", int(edgeStack.ID), data.ID))
+	}
+
+	// Delete
+	req, err = http.NewRequest(http.MethodDelete, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	req.Header.Add("x-api-key", rawAPIKey)
+	rec = httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusNoContent {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusNoContent, rec.Code))
+	}
+
+	// Inspect
+	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	req.Header.Add("x-api-key", rawAPIKey)
+	rec = httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusNotFound {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusNotFound, rec.Code))
+	}
+}
+
+func TestDeleteInvalidEdgeStack(t *testing.T) {
+	handler, rawAPIKey, teardown := setupHandler(t)
+	defer teardown()
+
+	cases := []struct {
+		Name               string
+		URL                string
+		ExpectedStatusCode int
+	}{
+		{Name: "Non-existing EdgeStackID", URL: "/edge_stacks/-1", ExpectedStatusCode: http.StatusNotFound},
+		{Name: "Invalid EdgeStackID", URL: "/edge_stacks/aaaaaaa", ExpectedStatusCode: http.StatusBadRequest},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.Name, func(t *testing.T) {
+			req, err := http.NewRequest(http.MethodDelete, tc.URL, nil)
+			if err != nil {
+				t.Fatal("request error:", err)
+			}
+
+			req.Header.Add("x-api-key", rawAPIKey)
+			rec := httptest.NewRecorder()
+			handler.ServeHTTP(rec, req)
+
+			if rec.Code != tc.ExpectedStatusCode {
+				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
+			}
+		})
+	}
+}
+
+// Update
+func TestUpdateAndInspect(t *testing.T) {
+	handler, rawAPIKey, teardown := setupHandler(t)
+	defer teardown()
+
+	endpoint := createEndpoint(t, handler.DataStore)
+	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
+
+	// Update edge stack: create new Endpoint, EndpointRelation and EdgeGroup
+	endpointID := portainer.EndpointID(6)
+	newEndpoint := portainer.Endpoint{
+		ID:              endpointID,
+		Name:            "test-endpoint-" + strconv.Itoa(int(endpointID)),
+		Type:            portainer.EdgeAgentOnDockerEnvironment,
+		URL:             "https://portainer.io:9443",
+		EdgeID:          "edge-id",
+		LastCheckInDate: time.Now().Unix(),
+	}
+
+	err := handler.DataStore.Endpoint().Create(&newEndpoint)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	endpointRelation := portainer.EndpointRelation{
+		EndpointID: endpointID,
+		EdgeStacks: map[portainer.EdgeStackID]bool{
+			edgeStack.ID: true,
+		},
+	}
+
+	err = handler.DataStore.EndpointRelation().Create(&endpointRelation)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	newEdgeGroup := portainer.EdgeGroup{
+		ID:           2,
+		Name:         "EdgeGroup 2",
+		Dynamic:      false,
+		TagIDs:       nil,
+		Endpoints:    []portainer.EndpointID{newEndpoint.ID},
+		PartialMatch: false,
+	}
+
+	err = handler.DataStore.EdgeGroup().Create(&newEdgeGroup)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	newVersion := 238
+	payload := updateEdgeStackPayload{
+		StackFileContent: "update-test",
+		Version:          &newVersion,
+		EdgeGroups:       append(edgeStack.EdgeGroups, newEdgeGroup.ID),
+		DeploymentType:   portainer.EdgeStackDeploymentCompose,
+	}
+
+	jsonPayload, err := json.Marshal(payload)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	r := bytes.NewBuffer(jsonPayload)
+	req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), r)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	req.Header.Add("x-api-key", rawAPIKey)
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
+	}
+
+	// Get updated edge stack
+	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	req.Header.Add("x-api-key", rawAPIKey)
+	rec = httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
+	}
+
+	data := portainer.EdgeStack{}
+	err = json.NewDecoder(rec.Body).Decode(&data)
+	if err != nil {
+		t.Fatal("error decoding response:", err)
+	}
+
+	if data.Version != *payload.Version {
+		t.Fatalf(fmt.Sprintf("expected EdgeStackID %d, found %d", edgeStack.Version, data.Version))
+	}
+
+	if data.DeploymentType != payload.DeploymentType {
+		t.Fatalf(fmt.Sprintf("expected DeploymentType %d, found %d", edgeStack.DeploymentType, data.DeploymentType))
+	}
+
+	if !reflect.DeepEqual(data.EdgeGroups, payload.EdgeGroups) {
+		t.Fatalf("expected EdgeGroups to be equal")
+	}
+}
+
+func TestUpdateWithInvalidEdgeGroups(t *testing.T) {
+	handler, rawAPIKey, teardown := setupHandler(t)
+	defer teardown()
+
+	endpoint := createEndpoint(t, handler.DataStore)
+	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
+
+	//newEndpoint := createEndpoint(t, handler.DataStore)
+	newEdgeGroup := portainer.EdgeGroup{
+		ID:           2,
+		Name:         "EdgeGroup 2",
+		Dynamic:      false,
+		TagIDs:       nil,
+		Endpoints:    []portainer.EndpointID{8889},
+		PartialMatch: false,
+	}
+
+	handler.DataStore.EdgeGroup().Create(&newEdgeGroup)
+
+	newVersion := 238
+	cases := []struct {
+		Name               string
+		Payload            updateEdgeStackPayload
+		ExpectedStatusCode int
+	}{
+		{
+			"Update with non-existing EdgeGroupID",
+			updateEdgeStackPayload{
+				StackFileContent: "error-test",
+				Version:          &newVersion,
+				EdgeGroups:       []portainer.EdgeGroupID{9999},
+				DeploymentType:   edgeStack.DeploymentType,
+			},
+			http.StatusInternalServerError,
+		},
+		{
+			"Update with invalid EdgeGroup (non-existing Endpoint)",
+			updateEdgeStackPayload{
+				StackFileContent: "error-test",
+				Version:          &newVersion,
+				EdgeGroups:       []portainer.EdgeGroupID{2},
+				DeploymentType:   edgeStack.DeploymentType,
+			},
+			http.StatusInternalServerError,
+		},
+		{
+			"Update DeploymentType from Docker to Kubernetes",
+			updateEdgeStackPayload{
+				StackFileContent: "error-test",
+				Version:          &newVersion,
+				EdgeGroups:       []portainer.EdgeGroupID{1},
+				DeploymentType:   portainer.EdgeStackDeploymentKubernetes,
+			},
+			http.StatusBadRequest,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.Name, func(t *testing.T) {
+			jsonPayload, err := json.Marshal(tc.Payload)
+			if err != nil {
+				t.Fatal("JSON marshal error:", err)
+			}
+
+			r := bytes.NewBuffer(jsonPayload)
+			req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), r)
+			if err != nil {
+				t.Fatal("request error:", err)
+			}
+
+			req.Header.Add("x-api-key", rawAPIKey)
+			rec := httptest.NewRecorder()
+			handler.ServeHTTP(rec, req)
+
+			if rec.Code != tc.ExpectedStatusCode {
+				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
+			}
+		})
+	}
+}
+
+func TestUpdateWithInvalidPayload(t *testing.T) {
+	handler, rawAPIKey, teardown := setupHandler(t)
+	defer teardown()
+
+	endpoint := createEndpoint(t, handler.DataStore)
+	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
+
+	newVersion := 238
+	cases := []struct {
+		Name               string
+		Payload            updateEdgeStackPayload
+		ExpectedStatusCode int
+	}{
+		{
+			"Update with empty StackFileContent",
+			updateEdgeStackPayload{
+				StackFileContent: "",
+				Version:          &newVersion,
+				EdgeGroups:       edgeStack.EdgeGroups,
+				DeploymentType:   edgeStack.DeploymentType,
+			},
+			http.StatusBadRequest,
+		},
+		{
+			"Update with empty EdgeGroups",
+			updateEdgeStackPayload{
+				StackFileContent: "error-test",
+				Version:          &newVersion,
+				EdgeGroups:       []portainer.EdgeGroupID{},
+				DeploymentType:   edgeStack.DeploymentType,
+			},
+			http.StatusBadRequest,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.Name, func(t *testing.T) {
+			jsonPayload, err := json.Marshal(tc.Payload)
+			if err != nil {
+				t.Fatal("request error:", err)
+			}
+
+			r := bytes.NewBuffer(jsonPayload)
+			req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), r)
+			if err != nil {
+				t.Fatal("request error:", err)
+			}
+
+			req.Header.Add("x-api-key", rawAPIKey)
+			rec := httptest.NewRecorder()
+			handler.ServeHTTP(rec, req)
+
+			if rec.Code != tc.ExpectedStatusCode {
+				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
+			}
+		})
+	}
+}
+
+// Update Status
+func TestUpdateStatusAndInspect(t *testing.T) {
+	handler, rawAPIKey, teardown := setupHandler(t)
+	defer teardown()
+
+	endpoint := createEndpoint(t, handler.DataStore)
+	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
+
+	// Update edge stack status
+	newStatus := portainer.StatusError
+	payload := updateStatusPayload{
+		Error:      "test-error",
+		Status:     &newStatus,
+		EndpointID: &endpoint.ID,
+	}
+
+	jsonPayload, err := json.Marshal(payload)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	r := bytes.NewBuffer(jsonPayload)
+	req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d/status", edgeStack.ID), r)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, endpoint.EdgeID)
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
+	}
+
+	// Get updated edge stack
+	req, err = http.NewRequest(http.MethodGet, fmt.Sprintf("/edge_stacks/%d", edgeStack.ID), nil)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	req.Header.Add("x-api-key", rawAPIKey)
+	rec = httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
+	}
+
+	data := portainer.EdgeStack{}
+	err = json.NewDecoder(rec.Body).Decode(&data)
+	if err != nil {
+		t.Fatal("error decoding response:", err)
+	}
+
+	if data.Status[endpoint.ID].Type != *payload.Status {
+		t.Fatalf(fmt.Sprintf("expected EdgeStackStatusType %d, found %d", payload.Status, data.Status[endpoint.ID].Type))
+	}
+
+	if data.Status[endpoint.ID].Error != payload.Error {
+		t.Fatalf(fmt.Sprintf("expected EdgeStackStatusError %s, found %s", payload.Error, data.Status[endpoint.ID].Error))
+	}
+
+	if data.Status[endpoint.ID].EndpointID != *payload.EndpointID {
+		t.Fatalf(fmt.Sprintf("expected EndpointID %d, found %d", payload.EndpointID, data.Status[endpoint.ID].EndpointID))
+	}
+}
+func TestUpdateStatusWithInvalidPayload(t *testing.T) {
+	handler, _, teardown := setupHandler(t)
+	defer teardown()
+
+	endpoint := createEndpoint(t, handler.DataStore)
+	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
+
+	// Update edge stack status
+	statusError := portainer.StatusError
+	statusOk := portainer.StatusOk
+	cases := []struct {
+		Name                 string
+		Payload              updateStatusPayload
+		ExpectedErrorMessage string
+		ExpectedStatusCode   int
+	}{
+		{
+			"Update with nil Status",
+			updateStatusPayload{
+				Error:      "test-error",
+				Status:     nil,
+				EndpointID: &endpoint.ID,
+			},
+			"Invalid status",
+			400,
+		},
+		{
+			"Update with error status and empty error message",
+			updateStatusPayload{
+				Error:      "",
+				Status:     &statusError,
+				EndpointID: &endpoint.ID,
+			},
+			"Error message is mandatory when status is error",
+			400,
+		},
+		{
+			"Update with nil EndpointID",
+			updateStatusPayload{
+				Error:      "",
+				Status:     &statusOk,
+				EndpointID: nil,
+			},
+			"Invalid EnvironmentID",
+			400,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.Name, func(t *testing.T) {
+			jsonPayload, err := json.Marshal(tc.Payload)
+			if err != nil {
+				t.Fatal("request error:", err)
+			}
+
+			r := bytes.NewBuffer(jsonPayload)
+			req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("/edge_stacks/%d/status", edgeStack.ID), r)
+			if err != nil {
+				t.Fatal("request error:", err)
+			}
+
+			req.Header.Set(portainer.PortainerAgentEdgeIDHeader, endpoint.EdgeID)
+			rec := httptest.NewRecorder()
+			handler.ServeHTTP(rec, req)
+
+			if rec.Code != tc.ExpectedStatusCode {
+				t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", tc.ExpectedStatusCode, rec.Code))
+			}
+		})
+	}
+}
+
+// Delete Status
+func TestDeleteStatus(t *testing.T) {
+	handler, _, teardown := setupHandler(t)
+	defer teardown()
+
+	endpoint := createEndpoint(t, handler.DataStore)
+	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
+
+	req, err := http.NewRequest(http.MethodDelete, fmt.Sprintf("/edge_stacks/%d/status/%d", edgeStack.ID, endpoint.ID), nil)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, endpoint.EdgeID)
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
+	}
+}
--- a/api/http/handler/endpointedge/endpoint_edgestatus_inspect_test.go
+++ b/api/http/handler/endpointedge/endpoint_edgestatus_inspect_test.go
@@ -0,0 +1,445 @@
+package endpointedge
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"testing"
+	"time"
+
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/apikey"
+	"github.com/portainer/portainer/api/chisel"
+	"github.com/portainer/portainer/api/datastore"
+	"github.com/portainer/portainer/api/filesystem"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/jwt"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type endpointTestCase struct {
+	endpoint           portainer.Endpoint
+	endpointRelation   portainer.EndpointRelation
+	expectedStatusCode int
+}
+
+var endpointTestCases = []endpointTestCase{
+	{
+		portainer.Endpoint{},
+		portainer.EndpointRelation{},
+		http.StatusNotFound,
+	},
+	{
+		portainer.Endpoint{
+			ID:     -1,
+			Name:   "endpoint-id--1",
+			Type:   portainer.EdgeAgentOnDockerEnvironment,
+			URL:    "https://portainer.io:9443",
+			EdgeID: "edge-id",
+		},
+		portainer.EndpointRelation{
+			EndpointID: -1,
+		},
+		http.StatusNotFound,
+	},
+	{
+		portainer.Endpoint{
+			ID:     2,
+			Name:   "endpoint-id-2",
+			Type:   portainer.EdgeAgentOnDockerEnvironment,
+			URL:    "https://portainer.io:9443",
+			EdgeID: "",
+		},
+		portainer.EndpointRelation{
+			EndpointID: 2,
+		},
+		http.StatusBadRequest,
+	},
+	{
+		portainer.Endpoint{
+			ID:     4,
+			Name:   "endpoint-id-4",
+			Type:   portainer.EdgeAgentOnDockerEnvironment,
+			URL:    "https://portainer.io:9443",
+			EdgeID: "edge-id",
+		},
+		portainer.EndpointRelation{
+			EndpointID: 4,
+		},
+		http.StatusOK,
+	},
+}
+
+func setupHandler() (*Handler, func(), error) {
+	tmpDir, err := os.MkdirTemp(os.TempDir(), "portainer-test")
+	if err != nil {
+		return nil, nil, fmt.Errorf("could not create a tmp dir: %w", err)
+	}
+
+	fs, err := filesystem.NewService(tmpDir, "")
+	if err != nil {
+		return nil, nil, fmt.Errorf("could not start a new filesystem service: %w", err)
+	}
+
+	_, store, storeTeardown := datastore.MustNewTestStore(true, true)
+
+	ctx := context.Background()
+	shutdownCtx, cancelFn := context.WithCancel(ctx)
+
+	teardown := func() {
+		cancelFn()
+		storeTeardown()
+	}
+
+	jwtService, err := jwt.NewService("1h", store)
+	if err != nil {
+		teardown()
+		return nil, nil, fmt.Errorf("could not start a new jwt service: %w", err)
+	}
+
+	apiKeyService := apikey.NewAPIKeyService(nil, nil)
+
+	settings, err := store.Settings().Settings()
+	if err != nil {
+		teardown()
+		return nil, nil, fmt.Errorf("could not create new settings: %w", err)
+	}
+	settings.TrustOnFirstConnect = true
+
+	err = store.Settings().UpdateSettings(settings)
+	if err != nil {
+		teardown()
+		return nil, nil, fmt.Errorf("could not update settings: %w", err)
+	}
+
+	handler := NewHandler(
+		security.NewRequestBouncer(store, jwtService, apiKeyService),
+		store,
+		fs,
+		chisel.NewService(store, shutdownCtx),
+	)
+
+	handler.ReverseTunnelService = chisel.NewService(store, shutdownCtx)
+
+	return handler, teardown, nil
+}
+
+func createEndpoint(handler *Handler, endpoint portainer.Endpoint, endpointRelation portainer.EndpointRelation) (err error) {
+	// Avoid setting ID below 0 to generate invalid test cases
+	if endpoint.ID <= 0 {
+		return nil
+	}
+
+	err = handler.DataStore.Endpoint().Create(&endpoint)
+	if err != nil {
+		return err
+	}
+
+	return handler.DataStore.EndpointRelation().Create(&endpointRelation)
+}
+
+func TestMissingEdgeIdentifier(t *testing.T) {
+	handler, teardown, err := setupHandler()
+	defer teardown()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	endpointID := portainer.EndpointID(45)
+	err = createEndpoint(handler, portainer.Endpoint{
+		ID:     endpointID,
+		Name:   "endpoint-id-45",
+		Type:   portainer.EdgeAgentOnDockerEnvironment,
+		URL:    "https://portainer.io:9443",
+		EdgeID: "edge-id",
+	}, portainer.EndpointRelation{EndpointID: endpointID})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/%d/edge/status", endpointID), nil)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusForbidden {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d without Edge identifier", http.StatusForbidden, rec.Code))
+	}
+}
+
+func TestWithEndpoints(t *testing.T) {
+	handler, teardown, err := setupHandler()
+	defer teardown()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for _, test := range endpointTestCases {
+		err = createEndpoint(handler, test.endpoint, test.endpointRelation)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/%d/edge/status", test.endpoint.ID), nil)
+		if err != nil {
+			t.Fatal("request error:", err)
+		}
+		req.Header.Set(portainer.PortainerAgentEdgeIDHeader, "edge-id")
+
+		rec := httptest.NewRecorder()
+		handler.ServeHTTP(rec, req)
+
+		if rec.Code != test.expectedStatusCode {
+			t.Fatalf(fmt.Sprintf("expected a %d response, found: %d for endpoint ID: %d", test.expectedStatusCode, rec.Code, test.endpoint.ID))
+		}
+	}
+}
+
+func TestLastCheckInDateIncreases(t *testing.T) {
+	handler, teardown, err := setupHandler()
+	defer teardown()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	endpointID := portainer.EndpointID(56)
+	endpoint := portainer.Endpoint{
+		ID:              endpointID,
+		Name:            "test-endpoint-56",
+		Type:            portainer.EdgeAgentOnDockerEnvironment,
+		URL:             "https://portainer.io:9443",
+		EdgeID:          "edge-id",
+		LastCheckInDate: time.Now().Unix(),
+	}
+
+	endpointRelation := portainer.EndpointRelation{
+		EndpointID: endpoint.ID,
+	}
+
+	err = createEndpoint(handler, endpoint, endpointRelation)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	time.Sleep(1 * time.Second)
+
+	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/%d/edge/status", endpoint.ID), nil)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, "edge-id")
+
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
+	}
+
+	updatedEndpoint, err := handler.DataStore.Endpoint().Endpoint(endpoint.ID)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assert.Greater(t, updatedEndpoint.LastCheckInDate, endpoint.LastCheckInDate)
+}
+
+func TestEmptyEdgeIdWithAgentPlatformHeader(t *testing.T) {
+	handler, teardown, err := setupHandler()
+	defer teardown()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	endpointID := portainer.EndpointID(44)
+	edgeId := "edge-id"
+	endpoint := portainer.Endpoint{
+		ID:     endpointID,
+		Name:   "test-endpoint-44",
+		Type:   portainer.EdgeAgentOnDockerEnvironment,
+		URL:    "https://portainer.io:9443",
+		EdgeID: "",
+	}
+	endpointRelation := portainer.EndpointRelation{
+		EndpointID: endpoint.ID,
+	}
+
+	err = createEndpoint(handler, endpoint, endpointRelation)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/%d/edge/status", endpoint.ID), nil)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, edgeId)
+	req.Header.Set(portainer.HTTPResponseAgentPlatform, "1")
+
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d with empty edge ID", http.StatusOK, rec.Code))
+	}
+
+	updatedEndpoint, err := handler.DataStore.Endpoint().Endpoint(endpoint.ID)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assert.Equal(t, updatedEndpoint.EdgeID, edgeId)
+}
+
+func TestEdgeStackStatus(t *testing.T) {
+	handler, teardown, err := setupHandler()
+	defer teardown()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	endpointID := portainer.EndpointID(7)
+	endpoint := portainer.Endpoint{
+		ID:              endpointID,
+		Name:            "test-endpoint-7",
+		Type:            portainer.EdgeAgentOnDockerEnvironment,
+		URL:             "https://portainer.io:9443",
+		EdgeID:          "edge-id",
+		LastCheckInDate: time.Now().Unix(),
+	}
+
+	edgeStackID := portainer.EdgeStackID(17)
+	edgeStack := portainer.EdgeStack{
+		ID:   edgeStackID,
+		Name: "test-edge-stack-17",
+		Status: map[portainer.EndpointID]portainer.EdgeStackStatus{
+			endpointID: {Type: portainer.StatusOk, Error: "", EndpointID: endpoint.ID},
+		},
+		CreationDate:   time.Now().Unix(),
+		EdgeGroups:     []portainer.EdgeGroupID{1, 2},
+		ProjectPath:    "/project/path",
+		EntryPoint:     "entrypoint",
+		Version:        237,
+		ManifestPath:   "/manifest/path",
+		DeploymentType: 1,
+	}
+
+	endpointRelation := portainer.EndpointRelation{
+		EndpointID: endpoint.ID,
+		EdgeStacks: map[portainer.EdgeStackID]bool{
+			edgeStack.ID: true,
+		},
+	}
+	handler.DataStore.EdgeStack().Create(edgeStack.ID, &edgeStack)
+
+	err = createEndpoint(handler, endpoint, endpointRelation)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/%d/edge/status", endpoint.ID), nil)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, "edge-id")
+
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
+	}
+
+	var data endpointEdgeStatusInspectResponse
+	err = json.NewDecoder(rec.Body).Decode(&data)
+	if err != nil {
+		t.Fatal("error decoding response:", err)
+	}
+
+	assert.Len(t, data.Stacks, 1)
+	assert.Equal(t, edgeStack.ID, data.Stacks[0].ID)
+	assert.Equal(t, edgeStack.Version, data.Stacks[0].Version)
+}
+
+func TestEdgeJobsResponse(t *testing.T) {
+	handler, teardown, err := setupHandler()
+	defer teardown()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	endpointID := portainer.EndpointID(77)
+	endpoint := portainer.Endpoint{
+		ID:              endpointID,
+		Name:            "test-endpoint-77",
+		Type:            portainer.EdgeAgentOnDockerEnvironment,
+		URL:             "https://portainer.io:9443",
+		EdgeID:          "edge-id",
+		LastCheckInDate: time.Now().Unix(),
+	}
+
+	endpointRelation := portainer.EndpointRelation{
+		EndpointID: endpoint.ID,
+	}
+
+	err = createEndpoint(handler, endpoint, endpointRelation)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	path, err := handler.FileService.StoreEdgeJobFileFromBytes("test-script", []byte("pwd"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	edgeJobID := portainer.EdgeJobID(35)
+	edgeJob := portainer.EdgeJob{
+		ID:             edgeJobID,
+		Created:        time.Now().Unix(),
+		CronExpression: "* * * * *",
+		Name:           "test-edge-job",
+		ScriptPath:     path,
+		Recurring:      true,
+		Version:        57,
+	}
+
+	handler.ReverseTunnelService.AddEdgeJob(endpoint.ID, &edgeJob)
+
+	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("/%d/edge/status", endpoint.ID), nil)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, "edge-id")
+
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf(fmt.Sprintf("expected a %d response, found: %d", http.StatusOK, rec.Code))
+	}
+
+	var data endpointEdgeStatusInspectResponse
+	err = json.NewDecoder(rec.Body).Decode(&data)
+	if err != nil {
+		t.Fatal("error decoding response:", err)
+	}
+
+	assert.Len(t, data.Schedules, 1)
+	assert.Equal(t, edgeJob.ID, data.Schedules[0].ID)
+	assert.Equal(t, edgeJob.CronExpression, data.Schedules[0].CronExpression)
+	assert.Equal(t, edgeJob.Version, data.Schedules[0].Version)
+}
--- a/api/http/handler/endpoints/endpoint_create.go
+++ b/api/http/handler/endpoints/endpoint_create.go
@@ -25,6 +25,7 @@ type endpointCreatePayload struct {
 	URL                    string
 	EndpointCreationType   endpointCreationEnum
 	PublicURL              string
+	Gpus                   []portainer.Pair
 	GroupID                int
 	TLS                    bool
 	TLSSkipVerify          bool
@@ -141,7 +142,7 @@ func (payload *endpointCreatePayload) Validate(r *http.Request) error {
 		publicURL, _ := request.RetrieveMultiPartFormValue(r, "PublicURL", true)
 		payload.PublicURL = publicURL
 	}
-
+	payload.Gpus = []portainer.Pair{}
 	checkinInterval, _ := request.RetrieveNumericMultiPartFormValue(r, "CheckinInterval", true)
 	payload.EdgeCheckinInterval = checkinInterval

@@ -187,6 +188,15 @@ func (handler *Handler) endpointCreate(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid request payload", err}
 	}

+	isUnique, err := handler.isNameUnique(payload.Name, 0)
+	if err != nil {
+		return httperror.InternalServerError("Unable to check if name is unique", err)
+	}
+
+	if !isUnique {
+		return httperror.NewError(http.StatusConflict, "Name is not unique", nil)
+	}
+
 	endpoint, endpointCreationError := handler.createEndpoint(payload)
 	if endpointCreationError != nil {
 		return endpointCreationError
@@ -281,6 +291,7 @@ func (handler *Handler) createAzureEndpoint(payload *endpointCreatePayload) (*po
 		Type:               portainer.AzureEnvironment,
 		GroupID:            portainer.EndpointGroupID(payload.GroupID),
 		PublicURL:          payload.PublicURL,
+		Gpus:               payload.Gpus,
 		UserAccessPolicies: portainer.UserAccessPolicies{},
 		TeamAccessPolicies: portainer.TeamAccessPolicies{},
 		AzureCredentials:   credentials,
@@ -314,6 +325,7 @@ func (handler *Handler) createEdgeAgentEndpoint(payload *endpointCreatePayload)
 		URL:     portainerHost,
 		Type:    portainer.EdgeAgentOnDockerEnvironment,
 		GroupID: portainer.EndpointGroupID(payload.GroupID),
+		Gpus:    payload.Gpus,
 		TLSConfig: portainer.TLSConfiguration{
 			TLS: false,
 		},
@@ -369,6 +381,7 @@ func (handler *Handler) createUnsecuredEndpoint(payload *endpointCreatePayload)
 		Type:      endpointType,
 		GroupID:   portainer.EndpointGroupID(payload.GroupID),
 		PublicURL: payload.PublicURL,
+		Gpus:      payload.Gpus,
 		TLSConfig: portainer.TLSConfiguration{
 			TLS: false,
 		},
@@ -403,6 +416,7 @@ func (handler *Handler) createKubernetesEndpoint(payload *endpointCreatePayload)
 		Type:      portainer.KubernetesLocalEnvironment,
 		GroupID:   portainer.EndpointGroupID(payload.GroupID),
 		PublicURL: payload.PublicURL,
+		Gpus:      payload.Gpus,
 		TLSConfig: portainer.TLSConfiguration{
 			TLS:           payload.TLS,
 			TLSSkipVerify: payload.TLSSkipVerify,
@@ -432,6 +446,7 @@ func (handler *Handler) createTLSSecuredEndpoint(payload *endpointCreatePayload,
 		Type:      endpointType,
 		GroupID:   portainer.EndpointGroupID(payload.GroupID),
 		PublicURL: payload.PublicURL,
+		Gpus:      payload.Gpus,
 		TLSConfig: portainer.TLSConfiguration{
 			TLS:           payload.TLS,
 			TLSSkipVerify: payload.TLSSkipVerify,
--- a/api/http/handler/endpoints/endpoint_create_global_key_test.go
+++ b/api/http/handler/endpoints/endpoint_create_global_key_test.go
@@ -12,6 +12,7 @@ import (
 func TestEmptyGlobalKey(t *testing.T) {
 	handler := NewHandler(
 		helper.NewTestRequestBouncer(),
+		nil,
 	)

 	req, err := http.NewRequest(http.MethodPost, "https://portainer.io:9443/endpoints/global-key", nil)
--- a/api/http/handler/endpoints/endpoint_delete.go
+++ b/api/http/handler/endpoints/endpoint_delete.go
@@ -8,6 +8,7 @@ import (
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
+	httperrors "github.com/portainer/portainer/api/http/errors"
 )

 // @id EndpointDelete
@@ -29,6 +30,10 @@ func (handler *Handler) endpointDelete(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid environment identifier route variable", err}
 	}

+	if handler.demoService.IsDemoEnvironment(portainer.EndpointID(endpointID)) {
+		return &httperror.HandlerError{http.StatusForbidden, httperrors.ErrNotAvailableInDemo.Error(), httperrors.ErrNotAvailableInDemo}
+	}
+
 	endpoint, err := handler.DataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
 	if handler.DataStore.IsErrObjectNotFound(err) {
 		return &httperror.HandlerError{http.StatusNotFound, "Unable to find an environment with the specified identifier inside the database", err}
--- a/api/http/handler/endpoints/endpoint_list.go
+++ b/api/http/handler/endpoints/endpoint_list.go
@@ -50,6 +50,7 @@ var endpointGroupNames map[portainer.EndpointGroupID]string
 // @param tagsPartialMatch query bool false "If true, will return environment(endpoint) which has one of tagIds, if false (or missing) will return only environments(endpoints) that has all the tags"
 // @param endpointIds query []int false "will return only these environments(endpoints)"
 // @param edgeDeviceFilter query string false "will return only these edge environments, none will return only regular edge environments" Enum("all", "trusted", "untrusted", "none")
+// @param name query string false "will return only environments(endpoints) with this name"
 // @success 200 {array} portainer.Endpoint "Endpoints"
 // @failure 500 "Server error"
 // @router /endpoints [get]
@@ -127,6 +128,11 @@ func (handler *Handler) endpointList(w http.ResponseWriter, r *http.Request) *ht
 		filteredEndpoints = filterEndpointsByGroupIDs(filteredEndpoints, groupIDs)
 	}

+	name, _ := request.RetrieveQueryParameter(r, "name", true)
+	if name != "" {
+		filteredEndpoints = filterEndpointsByName(filteredEndpoints, name)
+	}
+
 	edgeDeviceFilter, _ := request.RetrieveQueryParameter(r, "edgeDeviceFilter", false)
 	if edgeDeviceFilter != "" {
 		filteredEndpoints = filterEndpointsByEdgeDevice(filteredEndpoints, edgeDeviceFilter)
@@ -465,3 +471,18 @@ func filteredEndpointsByIds(endpoints []portainer.Endpoint, ids []portainer.Endp
 	return filteredEndpoints

 }
+
+func filterEndpointsByName(endpoints []portainer.Endpoint, name string) []portainer.Endpoint {
+	if name == "" {
+		return endpoints
+	}
+
+	filteredEndpoints := make([]portainer.Endpoint, 0)
+
+	for _, endpoint := range endpoints {
+		if endpoint.Name == name {
+			filteredEndpoints = append(filteredEndpoints, endpoint)
+		}
+	}
+	return filteredEndpoints
+}
--- a/api/http/handler/endpoints/endpoint_list_test.go
+++ b/api/http/handler/endpoints/endpoint_list_test.go
@@ -52,7 +52,7 @@ func Test_endpointList(t *testing.T) {
 	is.NoError(err, "error creating a user")

 	bouncer := helper.NewTestRequestBouncer()
-	h := NewHandler(bouncer)
+	h := NewHandler(bouncer, nil)
 	h.DataStore = store
 	h.ComposeStackManager = testhelpers.NewComposeStackManager()

--- a/api/http/handler/endpoints/endpoint_update.go
+++ b/api/http/handler/endpoints/endpoint_update.go
@@ -22,6 +22,8 @@ type endpointUpdatePayload struct {
 	// URL or IP address where exposed containers will be reachable.\
 	// Defaults to URL if not specified
 	PublicURL *string `example:"docker.mydomain.tld:2375"`
+	// GPUs information
+	Gpus []portainer.Pair
 	// Group identifier
 	GroupID *int `example:"1"`
 	// Require TLS to connect against this environment(endpoint)
@@ -88,7 +90,18 @@ func (handler *Handler) endpointUpdate(w http.ResponseWriter, r *http.Request) *
 	}

 	if payload.Name != nil {
-		endpoint.Name = *payload.Name
+		name := *payload.Name
+		isUnique, err := handler.isNameUnique(name, endpoint.ID)
+		if err != nil {
+			return httperror.InternalServerError("Unable to check if name is unique", err)
+		}
+
+		if !isUnique {
+			return httperror.NewError(http.StatusConflict, "Name is not unique", nil)
+		}
+
+		endpoint.Name = name
+
 	}

 	if payload.URL != nil {
@@ -99,6 +112,10 @@ func (handler *Handler) endpointUpdate(w http.ResponseWriter, r *http.Request) *
 		endpoint.PublicURL = *payload.PublicURL
 	}

+	if payload.Gpus != nil {
+		endpoint.Gpus = payload.Gpus
+	}
+
 	if payload.EdgeCheckinInterval != nil {
 		endpoint.EdgeCheckinInterval = *payload.EdgeCheckinInterval
 	}
--- a/api/http/handler/endpoints/handler.go
+++ b/api/http/handler/endpoints/handler.go
@@ -4,6 +4,7 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
+	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/proxy"
 	"github.com/portainer/portainer/api/internal/authorization"
 	"github.com/portainer/portainer/api/kubernetes/cli"
@@ -35,6 +36,7 @@ type requestBouncer interface {
 type Handler struct {
 	*mux.Router
 	requestBouncer       requestBouncer
+	demoService          *demo.Service
 	DataStore            dataservices.DataStore
 	FileService          portainer.FileService
 	ProxyManager         *proxy.Manager
@@ -48,10 +50,11 @@ type Handler struct {
 }

 // NewHandler creates a handler to manage environment(endpoint) operations.
-func NewHandler(bouncer requestBouncer) *Handler {
+func NewHandler(bouncer requestBouncer, demoService *demo.Service) *Handler {
 	h := &Handler{
 		Router:         mux.NewRouter(),
 		requestBouncer: bouncer,
+		demoService:    demoService,
 	}

 	h.Handle("/endpoints",
--- a/api/http/handler/endpoints/unique_name.go
+++ b/api/http/handler/endpoints/unique_name.go
@@ -0,0 +1,18 @@
+package endpoints
+
+import portainer "github.com/portainer/portainer/api"
+
+func (handler *Handler) isNameUnique(name string, endpointID portainer.EndpointID) (bool, error) {
+	endpoints, err := handler.DataStore.Endpoint().Endpoints()
+	if err != nil {
+		return false, err
+	}
+
+	for _, endpoint := range endpoints {
+		if endpoint.Name == name && (endpointID == 0 || endpoint.ID != endpointID) {
+			return false, nil
+		}
+	}
+
+	return true, nil
+}
--- a/api/http/handler/settings/handler.go
+++ b/api/http/handler/settings/handler.go
@@ -7,6 +7,7 @@ import (
 	httperror "github.com/portainer/libhttp/error"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
+	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/security"
 )

@@ -24,12 +25,14 @@ type Handler struct {
 	JWTService      dataservices.JWTService
 	LDAPService     portainer.LDAPService
 	SnapshotService portainer.SnapshotService
+	demoService     *demo.Service
 }

 // NewHandler creates a handler to manage settings operations.
-func NewHandler(bouncer *security.RequestBouncer) *Handler {
+func NewHandler(bouncer *security.RequestBouncer, demoService *demo.Service) *Handler {
 	h := &Handler{
-		Router: mux.NewRouter(),
+		Router:      mux.NewRouter(),
+		demoService: demoService,
 	}
 	h.Handle("/settings",
 		bouncer.AdminAccess(httperror.LoggerHandler(h.settingsInspect))).Methods(http.MethodGet)
--- a/api/http/handler/settings/settings_update.go
+++ b/api/http/handler/settings/settings_update.go
@@ -77,7 +77,7 @@ func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
 		}
 	}

-	if payload.EdgePortainerURL != nil {
+	if payload.EdgePortainerURL != nil && *payload.EdgePortainerURL != "" {
 		_, err := edge.ParseHostForEdge(*payload.EdgePortainerURL)
 		if err != nil {
 			return err
@@ -113,6 +113,11 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve the settings from the database", err}
 	}

+	if handler.demoService.IsDemo() {
+		payload.EnableTelemetry = nil
+		payload.LogoURL = nil
+	}
+
 	if payload.AuthenticationMethod != nil {
 		settings.AuthenticationMethod = portainer.AuthenticationMethod(*payload.AuthenticationMethod)
 	}
--- a/api/http/handler/stacks/create_compose_stack.go
+++ b/api/http/handler/stacks/create_compose_stack.go
@@ -177,9 +177,6 @@ func (payload *composeStackFromGitRepositoryPayload) Validate(r *http.Request) e
 	if govalidator.IsNull(payload.RepositoryURL) || !govalidator.IsURL(payload.RepositoryURL) {
 		return errors.New("Invalid repository URL. Must correspond to a valid URL format")
 	}
-	if govalidator.IsNull(payload.RepositoryReferenceName) {
-		payload.RepositoryReferenceName = defaultGitReferenceName
-	}
 	if payload.RepositoryAuthentication && govalidator.IsNull(payload.RepositoryPassword) {
 		return errors.New("Invalid repository credentials. Password must be specified when authentication is enabled")
 	}
--- a/api/http/handler/stacks/create_kubernetes_stack.go
+++ b/api/http/handler/stacks/create_kubernetes_stack.go
@@ -70,9 +70,6 @@ func (payload *kubernetesGitDeploymentPayload) Validate(r *http.Request) error {
 	if govalidator.IsNull(payload.ManifestFile) {
 		return errors.New("Invalid manifest file in repository")
 	}
-	if govalidator.IsNull(payload.RepositoryReferenceName) {
-		payload.RepositoryReferenceName = defaultGitReferenceName
-	}
 	if err := validateStackAutoUpdate(payload.AutoUpdate); err != nil {
 		return err
 	}
--- a/api/http/handler/stacks/create_swarm_stack.go
+++ b/api/http/handler/stacks/create_swarm_stack.go
@@ -144,9 +144,6 @@ func (payload *swarmStackFromGitRepositoryPayload) Validate(r *http.Request) err
 	if govalidator.IsNull(payload.RepositoryURL) || !govalidator.IsURL(payload.RepositoryURL) {
 		return errors.New("Invalid repository URL. Must correspond to a valid URL format")
 	}
-	if govalidator.IsNull(payload.RepositoryReferenceName) {
-		payload.RepositoryReferenceName = defaultGitReferenceName
-	}
 	if payload.RepositoryAuthentication && govalidator.IsNull(payload.RepositoryPassword) {
 		return errors.New("Invalid repository credentials. Password must be specified when authentication is enabled")
 	}
--- a/api/http/handler/stacks/handler.go
+++ b/api/http/handler/stacks/handler.go
@@ -21,8 +21,6 @@ import (
 	"github.com/portainer/portainer/api/stacks"
 )

-const defaultGitReferenceName = "refs/heads/master"
-
 var (
 	errStackAlreadyExists     = errors.New("A stack already exists with this name")
 	errWebhookIDAlreadyExists = errors.New("A webhook ID already exists")
--- a/api/http/handler/stacks/stack_update_git.go
+++ b/api/http/handler/stacks/stack_update_git.go
@@ -4,7 +4,6 @@ import (
 	"net/http"
 	"time"

-	"github.com/asaskevich/govalidator"
 	"github.com/pkg/errors"
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
@@ -26,10 +25,6 @@ type stackGitUpdatePayload struct {
 }

 func (payload *stackGitUpdatePayload) Validate(r *http.Request) error {
-	if govalidator.IsNull(payload.RepositoryReferenceName) {
-		payload.RepositoryReferenceName = defaultGitReferenceName
-	}
-
 	if err := validateStackAutoUpdate(payload.AutoUpdate); err != nil {
 		return err
 	}
--- a/api/http/handler/stacks/stack_update_git_redeploy.go
+++ b/api/http/handler/stacks/stack_update_git_redeploy.go
@@ -6,7 +6,6 @@ import (
 	"net/http"
 	"time"

-	"github.com/asaskevich/govalidator"
 	"github.com/pkg/errors"
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
@@ -28,9 +27,6 @@ type stackGitRedployPayload struct {
 }

 func (payload *stackGitRedployPayload) Validate(r *http.Request) error {
-	if govalidator.IsNull(payload.RepositoryReferenceName) {
-		payload.RepositoryReferenceName = defaultGitReferenceName
-	}
 	return nil
 }

--- a/api/http/handler/stacks/update_kubernetes_stack.go
+++ b/api/http/handler/stacks/update_kubernetes_stack.go
@@ -38,9 +38,6 @@ func (payload *kubernetesFileStackUpdatePayload) Validate(r *http.Request) error
 }

 func (payload *kubernetesGitStackUpdatePayload) Validate(r *http.Request) error {
-	if govalidator.IsNull(payload.RepositoryReferenceName) {
-		payload.RepositoryReferenceName = defaultGitReferenceName
-	}
 	if err := validateStackAutoUpdate(payload.AutoUpdate); err != nil {
 		return err
 	}
--- a/api/http/handler/status/handler.go
+++ b/api/http/handler/status/handler.go
@@ -5,21 +5,24 @@ import (

 	"github.com/gorilla/mux"
 	httperror "github.com/portainer/libhttp/error"
-	"github.com/portainer/portainer/api"
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/security"
 )

 // Handler is the HTTP handler used to handle status operations.
 type Handler struct {
 	*mux.Router
-	Status *portainer.Status
+	Status      *portainer.Status
+	demoService *demo.Service
 }

 // NewHandler creates a handler to manage status operations.
-func NewHandler(bouncer *security.RequestBouncer, status *portainer.Status) *Handler {
+func NewHandler(bouncer *security.RequestBouncer, status *portainer.Status, demoService *demo.Service) *Handler {
 	h := &Handler{
-		Router: mux.NewRouter(),
-		Status: status,
+		Router:      mux.NewRouter(),
+		Status:      status,
+		demoService: demoService,
 	}
 	h.Handle("/status",
 		bouncer.PublicAccess(httperror.LoggerHandler(h.statusInspect))).Methods(http.MethodGet)
--- a/api/http/handler/status/status_inspect.go
+++ b/api/http/handler/status/status_inspect.go
@@ -5,16 +5,26 @@ import (

 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/response"
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/demo"
 )

+type status struct {
+	*portainer.Status
+	DemoEnvironment demo.EnvironmentDetails
+}
+
 // @id StatusInspect
 // @summary Check Portainer status
 // @description Retrieve Portainer status
 // @description **Access policy**: public
 // @tags status
 // @produce json
-// @success 200 {object} portainer.Status "Success"
+// @success 200 {object} status "Success"
 // @router /status [get]
 func (handler *Handler) statusInspect(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	return response.JSON(w, handler.Status)
+	return response.JSON(w, &status{
+		Status:          handler.Status,
+		DemoEnvironment: handler.demoService.Details(),
+	})
 }
--- a/api/http/handler/users/handler.go
+++ b/api/http/handler/users/handler.go
@@ -8,6 +8,7 @@ import (

 	"github.com/portainer/portainer/api/apikey"
 	"github.com/portainer/portainer/api/dataservices"
+	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/http/security"

 	"net/http"
@@ -32,16 +33,18 @@ type Handler struct {
 	*mux.Router
 	bouncer       *security.RequestBouncer
 	apiKeyService apikey.APIKeyService
+	demoService   *demo.Service
 	DataStore     dataservices.DataStore
 	CryptoService portainer.CryptoService
 }

 // NewHandler creates a handler to manage user operations.
-func NewHandler(bouncer *security.RequestBouncer, rateLimiter *security.RateLimiter, apiKeyService apikey.APIKeyService) *Handler {
+func NewHandler(bouncer *security.RequestBouncer, rateLimiter *security.RateLimiter, apiKeyService apikey.APIKeyService, demoService *demo.Service) *Handler {
 	h := &Handler{
 		Router:        mux.NewRouter(),
 		bouncer:       bouncer,
 		apiKeyService: apiKeyService,
+		demoService:   demoService,
 	}
 	h.Handle("/users",
 		bouncer.AdminAccess(httperror.LoggerHandler(h.userCreate))).Methods(http.MethodPost)
--- a/api/http/handler/users/user_create_access_token_test.go
+++ b/api/http/handler/users/user_create_access_token_test.go
@@ -40,7 +40,7 @@ func Test_userCreateAccessToken(t *testing.T) {
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil)
 	h.DataStore = store

 	// generate standard and admin user tokens
--- a/api/http/handler/users/user_delete_test.go
+++ b/api/http/handler/users/user_delete_test.go
@@ -32,7 +32,7 @@ func Test_deleteUserRemovesAccessTokens(t *testing.T) {
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil)
 	h.DataStore = store

 	t.Run("standard user deletion removes all associated access tokens", func(t *testing.T) {
--- a/api/http/handler/users/user_get_access_tokens_test.go
+++ b/api/http/handler/users/user_get_access_tokens_test.go
@@ -39,7 +39,7 @@ func Test_userGetAccessTokens(t *testing.T) {
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil)
 	h.DataStore = store

 	// generate standard and admin user tokens
--- a/api/http/handler/users/user_remove_access_token_test.go
+++ b/api/http/handler/users/user_remove_access_token_test.go
@@ -37,7 +37,7 @@ func Test_userRemoveAccessToken(t *testing.T) {
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil)
 	h.DataStore = store

 	// generate standard and admin user tokens
--- a/api/http/handler/users/user_update.go
+++ b/api/http/handler/users/user_update.go
@@ -57,6 +57,10 @@ func (handler *Handler) userUpdate(w http.ResponseWriter, r *http.Request) *http
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid user identifier route variable", err}
 	}

+	if handler.demoService.IsDemoUser(portainer.UserID(userID)) {
+		return &httperror.HandlerError{http.StatusForbidden, httperrors.ErrNotAvailableInDemo.Error(), httperrors.ErrNotAvailableInDemo}
+	}
+
 	tokenData, err := security.RetrieveTokenData(r)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user authentication token", err}
--- a/api/http/handler/users/user_update_password.go
+++ b/api/http/handler/users/user_update_password.go
@@ -55,6 +55,10 @@ func (handler *Handler) userUpdatePassword(w http.ResponseWriter, r *http.Reques
 		return &httperror.HandlerError{http.StatusBadRequest, "Invalid user identifier route variable", err}
 	}

+	if handler.demoService.IsDemoUser(portainer.UserID(userID)) {
+		return &httperror.HandlerError{http.StatusForbidden, httperrors.ErrNotAvailableInDemo.Error(), httperrors.ErrNotAvailableInDemo}
+	}
+
 	tokenData, err := security.RetrieveTokenData(r)
 	if err != nil {
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve user authentication token", err}
--- a/api/http/handler/users/user_update_test.go
+++ b/api/http/handler/users/user_update_test.go
@@ -32,7 +32,7 @@ func Test_updateUserRemovesAccessTokens(t *testing.T) {
 	requestBouncer := security.NewRequestBouncer(store, jwtService, apiKeyService)
 	rateLimiter := security.NewRateLimiter(10, 1*time.Second, 1*time.Hour)

-	h := NewHandler(requestBouncer, rateLimiter, apiKeyService)
+	h := NewHandler(requestBouncer, rateLimiter, apiKeyService, nil)
 	h.DataStore = store

 	t.Run("standard user deletion removes all associated access tokens", func(t *testing.T) {
--- a/api/http/middlewares/demo.go
+++ b/api/http/middlewares/demo.go
@@ -0,0 +1,23 @@
+package middlewares
+
+import (
+	"net/http"
+
+	"github.com/gorilla/mux"
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/portainer/api/http/errors"
+)
+
+// restrict functionality on demo environments
+func RestrictDemoEnv(isDemo func() bool) mux.MiddlewareFunc {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if !isDemo() {
+				next.ServeHTTP(w, r)
+				return
+			}
+
+			httperror.WriteError(w, http.StatusBadRequest, errors.ErrNotAvailableInDemo.Error(), errors.ErrNotAvailableInDemo)
+		})
+	}
+}
--- a/api/http/middlewares/demo_test.go
+++ b/api/http/middlewares/demo_test.go
@@ -0,0 +1,41 @@
+package middlewares
+
+import (
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_demoEnvironment_shouldFail(t *testing.T) {
+	r := httptest.NewRequest(http.MethodPost, "/", strings.NewReader(`{}`))
+	w := httptest.NewRecorder()
+
+	h := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {})
+
+	RestrictDemoEnv(func() bool { return true }).Middleware(h).ServeHTTP(w, r)
+
+	response := w.Result()
+	defer response.Body.Close()
+
+	assert.Equal(t, http.StatusBadRequest, response.StatusCode)
+
+	body, _ := io.ReadAll(response.Body)
+	assert.Contains(t, string(body), "This feature is not available in the demo version of Portainer")
+}
+
+func Test_notDemoEnvironment_shouldSucceed(t *testing.T) {
+	r := httptest.NewRequest(http.MethodPost, "/", strings.NewReader(`{}`))
+	w := httptest.NewRecorder()
+
+	h := http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {})
+
+	RestrictDemoEnv(func() bool { return false }).Middleware(h).ServeHTTP(w, r)
+
+	response := w.Result()
+	assert.Equal(t, http.StatusOK, response.StatusCode)
+
+}
--- a/api/http/proxy/factory/docker.go
+++ b/api/http/proxy/factory/docker.go
@@ -64,7 +64,7 @@ func (factory *ProxyFactory) newDockerHTTPProxy(endpoint *portainer.Endpoint) (h
 		DockerClientFactory:  factory.dockerClientFactory,
 	}

-	dockerTransport, err := docker.NewTransport(transportParameters, httpTransport)
+	dockerTransport, err := docker.NewTransport(transportParameters, httpTransport, factory.gitService)
 	if err != nil {
 		return nil, err
 	}
--- a/api/http/proxy/factory/docker/networks.go
+++ b/api/http/proxy/factory/docker/networks.go
@@ -86,7 +86,7 @@ func findSystemNetworkResourceControl(networkObject map[string]interface{}) *por
 	networkID := networkObject[networkObjectIdentifier].(string)
 	networkName := networkObject[networkObjectName].(string)

-	if networkName == "bridge" || networkName == "host" || networkName == "none" {
+	if networkName == "bridge" || networkName == "host" || networkName == "ingress" || networkName == "nat" || networkName == "none" {
 		return authorization.NewSystemResourceControl(networkID, portainer.NetworkResourceControl)
 	}

--- a/api/http/proxy/factory/docker/transport.go
+++ b/api/http/proxy/factory/docker/transport.go
@@ -35,6 +35,7 @@ type (
 		signatureService     portainer.DigitalSignatureService
 		reverseTunnelService portainer.ReverseTunnelService
 		dockerClientFactory  *docker.ClientFactory
+		gitService           portainer.GitService
 	}

 	// TransportParameters is used to create a new Transport
@@ -62,7 +63,7 @@ type (
 )

 // NewTransport returns a pointer to a new Transport instance.
-func NewTransport(parameters *TransportParameters, httpTransport *http.Transport) (*Transport, error) {
+func NewTransport(parameters *TransportParameters, httpTransport *http.Transport, gitService portainer.GitService) (*Transport, error) {
 	transport := &Transport{
 		endpoint:             parameters.Endpoint,
 		dataStore:            parameters.DataStore,
@@ -70,6 +71,7 @@ func NewTransport(parameters *TransportParameters, httpTransport *http.Transport
 		reverseTunnelService: parameters.ReverseTunnelService,
 		dockerClientFactory:  parameters.DockerClientFactory,
 		HTTPTransport:        httpTransport,
+		gitService:           gitService,
 	}

 	return transport, nil
@@ -381,9 +383,31 @@ func (transport *Transport) proxyTaskRequest(request *http.Request) (*http.Respo
 }

 func (transport *Transport) proxyBuildRequest(request *http.Request) (*http.Response, error) {
+	err := transport.updateDefaultGitBranch(request)
+	if err != nil {
+		return nil, err
+	}
 	return transport.interceptAndRewriteRequest(request, buildOperation)
 }

+func (transport *Transport) updateDefaultGitBranch(request *http.Request) error {
+	remote := request.URL.Query().Get("remote")
+	if strings.HasSuffix(remote, ".git") {
+		repositoryURL := remote[:len(remote)-4]
+		latestCommitID, err := transport.gitService.LatestCommitID(repositoryURL, "", "", "")
+		if err != nil {
+			return err
+		}
+		newRemote := fmt.Sprintf("%s#%s", remote, latestCommitID)
+
+		q := request.URL.Query()
+		q.Set("remote", newRemote)
+		request.URL.RawQuery = q.Encode()
+	}
+
+	return nil
+}
+
 func (transport *Transport) proxyImageRequest(request *http.Request) (*http.Response, error) {
 	switch requestPath := request.URL.Path; requestPath {
 	case "/images/create":
--- a/api/http/proxy/factory/docker/transport_test.go
+++ b/api/http/proxy/factory/docker/transport_test.go
@@ -0,0 +1,73 @@
+package docker
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/stretchr/testify/assert"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+type noopGitService struct{}
+
+func (s *noopGitService) CloneRepository(destination string, repositoryURL, referenceName, username, password string) error {
+	return nil
+}
+func (s *noopGitService) LatestCommitID(repositoryURL, referenceName, username, password string) (string, error) {
+	return "my-latest-commit-id", nil
+}
+
+func TestTransport_updateDefaultGitBranch(t *testing.T) {
+	type fields struct {
+		gitService portainer.GitService
+	}
+
+	type args struct {
+		request *http.Request
+	}
+
+	defaultFields := fields{
+		gitService: &noopGitService{},
+	}
+
+	tests := []struct {
+		name          string
+		fields        fields
+		args          args
+		wantErr       bool
+		expectedQuery string
+	}{
+		{
+			name:   "append commit ID",
+			fields: defaultFields,
+			args: args{
+				request: httptest.NewRequest(http.MethodPost, "http://unixsocket/build?dockerfile=Dockerfile&remote=https://my-host.com/my-user/my-repo.git&t=my-image", nil),
+			},
+			wantErr:       false,
+			expectedQuery: "dockerfile=Dockerfile&remote=https%3A%2F%2Fmy-host.com%2Fmy-user%2Fmy-repo.git%23my-latest-commit-id&t=my-image",
+		},
+		{
+			name:   "not append commit ID",
+			fields: defaultFields,
+			args: args{
+				request: httptest.NewRequest(http.MethodPost, "http://unixsocket/build?dockerfile=Dockerfile&remote=https://my-host.com/my-user/my-repo/my-file&t=my-image", nil),
+			},
+			wantErr:       false,
+			expectedQuery: "dockerfile=Dockerfile&remote=https://my-host.com/my-user/my-repo/my-file&t=my-image",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			transport := &Transport{
+				gitService: tt.fields.gitService,
+			}
+			err := transport.updateDefaultGitBranch(tt.args.request)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("updateDefaultGitBranch() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+
+			assert.Equal(t, tt.expectedQuery, tt.args.request.URL.RawQuery)
+		})
+	}
+}
--- a/api/http/proxy/factory/docker_unix.go
+++ b/api/http/proxy/factory/docker_unix.go
@@ -22,7 +22,7 @@ func (factory ProxyFactory) newOSBasedLocalProxy(path string, endpoint *portaine

 	proxy := &dockerLocalProxy{}

-	dockerTransport, err := docker.NewTransport(transportParameters, newSocketTransport(path))
+	dockerTransport, err := docker.NewTransport(transportParameters, newSocketTransport(path), factory.gitService)
 	if err != nil {
 		return nil, err
 	}
--- a/api/http/proxy/factory/docker_windows.go
+++ b/api/http/proxy/factory/docker_windows.go
@@ -23,7 +23,7 @@ func (factory ProxyFactory) newOSBasedLocalProxy(path string, endpoint *portaine

 	proxy := &dockerLocalProxy{}

-	dockerTransport, err := docker.NewTransport(transportParameters, newNamedPipeTransport(path))
+	dockerTransport, err := docker.NewTransport(transportParameters, newNamedPipeTransport(path), factory.gitService)
 	if err != nil {
 		return nil, err
 	}
--- a/api/http/proxy/factory/factory.go
+++ b/api/http/proxy/factory/factory.go
@@ -23,11 +23,12 @@ type (
 		dockerClientFactory         *docker.ClientFactory
 		kubernetesClientFactory     *cli.ClientFactory
 		kubernetesTokenCacheManager *kubernetes.TokenCacheManager
+		gitService                  portainer.GitService
 	}
 )

 // NewProxyFactory returns a pointer to a new instance of a ProxyFactory
-func NewProxyFactory(dataStore dataservices.DataStore, signatureService portainer.DigitalSignatureService, tunnelService portainer.ReverseTunnelService, clientFactory *docker.ClientFactory, kubernetesClientFactory *cli.ClientFactory, kubernetesTokenCacheManager *kubernetes.TokenCacheManager) *ProxyFactory {
+func NewProxyFactory(dataStore dataservices.DataStore, signatureService portainer.DigitalSignatureService, tunnelService portainer.ReverseTunnelService, clientFactory *docker.ClientFactory, kubernetesClientFactory *cli.ClientFactory, kubernetesTokenCacheManager *kubernetes.TokenCacheManager, gitService portainer.GitService) *ProxyFactory {
 	return &ProxyFactory{
 		dataStore:                   dataStore,
 		signatureService:            signatureService,
@@ -35,6 +36,7 @@ func NewProxyFactory(dataStore dataservices.DataStore, signatureService portaine
 		dockerClientFactory:         clientFactory,
 		kubernetesClientFactory:     kubernetesClientFactory,
 		kubernetesTokenCacheManager: kubernetesTokenCacheManager,
+		gitService:                  gitService,
 	}
 }

--- a/api/http/proxy/manager.go
+++ b/api/http/proxy/manager.go
@@ -25,11 +25,11 @@ type (
 )

 // NewManager initializes a new proxy Service
-func NewManager(dataStore dataservices.DataStore, signatureService portainer.DigitalSignatureService, tunnelService portainer.ReverseTunnelService, clientFactory *docker.ClientFactory, kubernetesClientFactory *cli.ClientFactory, kubernetesTokenCacheManager *kubernetes.TokenCacheManager) *Manager {
+func NewManager(dataStore dataservices.DataStore, signatureService portainer.DigitalSignatureService, tunnelService portainer.ReverseTunnelService, clientFactory *docker.ClientFactory, kubernetesClientFactory *cli.ClientFactory, kubernetesTokenCacheManager *kubernetes.TokenCacheManager, gitService portainer.GitService) *Manager {
 	return &Manager{
 		endpointProxies:  cmap.New(),
 		k8sClientFactory: kubernetesClientFactory,
-		proxyFactory:     factory.NewProxyFactory(dataStore, signatureService, tunnelService, clientFactory, kubernetesClientFactory, kubernetesTokenCacheManager),
+		proxyFactory:     factory.NewProxyFactory(dataStore, signatureService, tunnelService, clientFactory, kubernetesClientFactory, kubernetesTokenCacheManager, gitService),
 	}
 }

--- a/api/http/server.go
+++ b/api/http/server.go
@@ -15,6 +15,7 @@ import (
 	"github.com/portainer/portainer/api/apikey"
 	"github.com/portainer/portainer/api/crypto"
 	"github.com/portainer/portainer/api/dataservices"
+	"github.com/portainer/portainer/api/demo"
 	"github.com/portainer/portainer/api/docker"
 	"github.com/portainer/portainer/api/http/handler"
 	"github.com/portainer/portainer/api/http/handler/auth"
@@ -98,6 +99,7 @@ type Server struct {
 	ShutdownCtx                 context.Context
 	ShutdownTrigger             context.CancelFunc
 	StackDeployer               stackdeployer.StackDeployer
+	DemoService                 *demo.Service
 }

 // Start starts the HTTP server
@@ -121,7 +123,15 @@ func (server *Server) Start() error {
 	adminMonitor := adminmonitor.New(5*time.Minute, server.DataStore, server.ShutdownCtx)
 	adminMonitor.Start()

-	var backupHandler = backup.NewHandler(requestBouncer, server.DataStore, offlineGate, server.FileService.GetDatastorePath(), server.ShutdownTrigger, adminMonitor)
+	var backupHandler = backup.NewHandler(
+		requestBouncer,
+		server.DataStore,
+		offlineGate,
+		server.FileService.GetDatastorePath(),
+		server.ShutdownTrigger,
+		adminMonitor,
+		server.DemoService,
+	)

 	var roleHandler = roles.NewHandler(requestBouncer)
 	roleHandler.DataStore = server.DataStore
@@ -147,7 +157,7 @@ func (server *Server) Start() error {
 	var edgeTemplatesHandler = edgetemplates.NewHandler(requestBouncer)
 	edgeTemplatesHandler.DataStore = server.DataStore

-	var endpointHandler = endpoints.NewHandler(requestBouncer)
+	var endpointHandler = endpoints.NewHandler(requestBouncer, server.DemoService)
 	endpointHandler.DataStore = server.DataStore
 	endpointHandler.FileService = server.FileService
 	endpointHandler.ProxyManager = server.ProxyManager
@@ -194,7 +204,7 @@ func (server *Server) Start() error {
 	var resourceControlHandler = resourcecontrols.NewHandler(requestBouncer)
 	resourceControlHandler.DataStore = server.DataStore

-	var settingsHandler = settings.NewHandler(requestBouncer)
+	var settingsHandler = settings.NewHandler(requestBouncer, server.DemoService)
 	settingsHandler.DataStore = server.DataStore
 	settingsHandler.FileService = server.FileService
 	settingsHandler.JWTService = server.JWTService
@@ -234,7 +244,7 @@ func (server *Server) Start() error {
 	var teamMembershipHandler = teammemberships.NewHandler(requestBouncer)
 	teamMembershipHandler.DataStore = server.DataStore

-	var statusHandler = status.NewHandler(requestBouncer, server.Status)
+	var statusHandler = status.NewHandler(requestBouncer, server.Status, server.DemoService)

 	var templatesHandler = templates.NewHandler(requestBouncer)
 	templatesHandler.DataStore = server.DataStore
@@ -244,7 +254,7 @@ func (server *Server) Start() error {
 	var uploadHandler = upload.NewHandler(requestBouncer)
 	uploadHandler.FileService = server.FileService

-	var userHandler = users.NewHandler(requestBouncer, rateLimiter, server.APIKeyService)
+	var userHandler = users.NewHandler(requestBouncer, rateLimiter, server.APIKeyService, server.DemoService)
 	userHandler.DataStore = server.DataStore
 	userHandler.CryptoService = server.CryptoService

--- a/api/internal/passwordutils/strengthCheck.go
+++ b/api/internal/passwordutils/strengthCheck.go
@@ -1,33 +1,11 @@
 package passwordutils

-import (
-	"regexp"
-)
-
 const MinPasswordLen = 12

 func lengthCheck(password string) bool {
 	return len(password) >= MinPasswordLen
 }

-func comboCheck(password string) bool {
-	count := 0
-	regexps := [4]*regexp.Regexp{
-		regexp.MustCompile(`[a-z]`),
-		regexp.MustCompile(`[A-Z]`),
-		regexp.MustCompile(`[0-9]`),
-		regexp.MustCompile(`[\W_]`),
-	}
-
-	for _, re := range regexps {
-		if re.FindString(password) != "" {
-			count += 1
-		}
-	}
-
-	return count >= 3
-}
-
 func StrengthCheck(password string) bool {
-	return lengthCheck(password) && comboCheck(password)
+	return lengthCheck(password)
 }
--- a/api/internal/passwordutils/strengthCheck_test.go
+++ b/api/internal/passwordutils/strengthCheck_test.go
@@ -13,9 +13,9 @@ func TestStrengthCheck(t *testing.T) {
 	}{
 		{"Empty password", args{""}, false},
 		{"Short password", args{"portainer"}, false},
-		{"Short password", args{"portaienr!@#"}, false},
+		{"Short password", args{"portaienr!@#"}, true},
 		{"Week password", args{"12345678!@#"}, false},
-		{"Week password", args{"portaienr123"}, false},
+		{"Week password", args{"portaienr123"}, true},
 		{"Good password", args{"Portainer123"}, true},
 		{"Good password", args{"Portainer___"}, true},
 		{"Good password", args{"^portainer12"}, true},
--- a/api/portainer.go
+++ b/api/portainer.go
@@ -102,6 +102,7 @@ type (
 		Assets                    *string
 		Data                      *string
 		FeatureFlags              *[]Pair
+		DemoEnvironment           *bool
 		EnableEdgeComputeFeatures *bool
 		EndpointURL               *string
 		Labels                    *[]Pair
@@ -187,6 +188,8 @@ type (
 		StackCount              int               `json:"StackCount"`
 		SnapshotRaw             DockerSnapshotRaw `json:"DockerSnapshotRaw"`
 		NodeCount               int               `json:"NodeCount"`
+		GpuUseAll               bool              `json:"GpuUseAll"`
+		GpuUseList              []string          `json:"GpuUseList"`
 	}

 	// DockerSnapshotRaw represents all the information related to a snapshot as returned by the Docker API
@@ -297,6 +300,7 @@ type (
 		GroupID EndpointGroupID `json:"GroupId" example:"1"`
 		// URL or IP address where exposed containers will be reachable
 		PublicURL        string           `json:"PublicURL" example:"docker.mydomain.tld:2375"`
+		Gpus             []Pair           `json:"Gpus"`
 		TLSConfig        TLSConfiguration `json:"TLSConfig"`
 		AzureCredentials AzureCredentials `json:"AzureCredentials,omitempty" example:""`
 		// List of tag identifiers to which this environment(endpoint) is associated
@@ -1346,7 +1350,7 @@ const (
 	// APIVersion is the version number of the Portainer API
 	APIVersion = "2.13.0"
 	// DBVersion is the version number of the Portainer database
-	DBVersion = 35
+	DBVersion = 50
 	// ComposeSyntaxMaxVersion is a maximum supported version of the docker compose syntax
 	ComposeSyntaxMaxVersion = "3.9"
 	// AssetsServerURL represents the URL of the Portainer asset server
--- a/api/swagger.yaml
+++ b/api/swagger.yaml
@@ -693,6 +693,12 @@ definitions:
        $ref: '#/definitions/portainer.DockerSnapshotRaw'
      DockerVersion:
        type: string
+      GpuUseAll:
+        type: boolean
+      GpuUseList:
+        items:
+          type: string
+        type: array
      HealthyContainerCount:
        type: integer
      ImageCount:
@@ -849,6 +855,11 @@ definitions:
      EdgeKey:
        description: The key which is used to map the agent to Portainer
        type: string
+      Gpus:
+        description: Endpoint Gpus information
+        items:
+          $ref: '#/definitions/portainer.Pair'
+        type: array
      GroupId:
        description: Endpoint group identifier
        example: 1
--- a/app/angulartics.matomo/analytics-services.ts
+++ b/app/angulartics.matomo/analytics-services.ts
@@ -1,4 +1,6 @@
-import _ from 'lodash-es';
+import _ from 'lodash';
+
+import { useSettings } from '@/portainer/settings/queries';

 const categories = [
  'docker',
@@ -61,6 +63,18 @@ export function push(
  }
 }

+export function useAnalytics() {
+  const telemetryQuery = useSettings((settings) => settings.EnableTelemetry);
+
+  return { trackEvent: handleTrackEvent };
+
+  function handleTrackEvent(...args: Parameters<typeof trackEvent>) {
+    if (telemetryQuery.data) {
+      trackEvent(...args);
+    }
+  }
+}
+
 export function trackEvent(action: string, properties: TrackEventProps) {
  /**
   * @description Logs an event with an event category (Videos, Music, Games...), an event
--- a/app/assets/css/app.css
+++ b/app/assets/css/app.css
@@ -2,6 +2,10 @@
@tailwind components;
@tailwind utilities;

+html {
+  font-size: 16px;
+}
+
 html,
 body,
 #page-wrapper,
@@ -217,8 +221,8 @@ a[ng-click] {
 }

 .blocklist-item {
-  padding: 0.7rem;
-  margin-bottom: 0.7rem;
+  padding: 7px;
+  margin-bottom: 7px;
  cursor: pointer;
  border: 1px solid var(--border-blocklist-color);
  border-radius: 2px;
--- a/app/azure/_module.js
+++ b/app/azure/_module.js
@@ -3,9 +3,10 @@ import angular from 'angular';
 import { AzureSidebarAngular } from './AzureSidebar/AzureSidebar';
 import { DashboardViewAngular } from './Dashboard/DashboardView';
 import { containerInstancesModule } from './ContainerInstances';
+import { reactModule } from './react';

 angular
-  .module('portainer.azure', ['portainer.app', containerInstancesModule])
+  .module('portainer.azure', ['portainer.app', containerInstancesModule, reactModule])
  .config([
    '$stateRegistryProvider',
    function ($stateRegistryProvider) {
--- a/app/azure/models/provider.ts
+++ b/app/azure/models/provider.ts
@@ -1,4 +1,4 @@
-import _ from 'lodash-es';
+import _ from 'lodash';

 import { ProviderResponse } from '../types';

--- a/app/azure/react/components/index.ts
+++ b/app/azure/react/components/index.ts
@@ -0,0 +1,6 @@
+import angular from 'angular';
+
+export const componentsModule = angular.module(
+  'portainer.azure.react.components',
+  []
+).name;
--- a/app/azure/react/index.ts
+++ b/app/azure/react/index.ts
@@ -0,0 +1,9 @@
+import angular from 'angular';
+
+import { componentsModule } from './components';
+import { viewsModule } from './views';
+
+export const reactModule = angular.module('portainer.azure.react', [
+  viewsModule,
+  componentsModule,
+]).name;
--- a/app/azure/react/views/index.ts
+++ b/app/azure/react/views/index.ts
@@ -0,0 +1,6 @@
+import angular from 'angular';
+
+export const viewsModule = angular.module(
+  'portainer.azure.react.views',
+  []
+).name;
--- a/app/constants.js
+++ b/app/constants.js
@@ -25,7 +25,7 @@ export const DEFAULT_TEMPLATES_URL = 'https://raw.githubusercontent.com/portaine
 export const PAGINATION_MAX_ITEMS = 10;
 export const APPLICATION_CACHE_VALIDITY = 3600;
 export const CONSOLE_COMMANDS_LABEL_PREFIX = 'io.portainer.commands.';
-export const PREDEFINED_NETWORKS = ['host', 'bridge', 'none'];
+export const PREDEFINED_NETWORKS = ['host', 'bridge', 'ingress', 'nat', 'none'];
 export const KUBERNETES_DEFAULT_NAMESPACE = 'default';
 export const KUBERNETES_SYSTEM_NAMESPACES = ['kube-system', 'kube-public', 'kube-node-lease', 'portainer'];
 export const PORTAINER_FADEOUT = 1500;
--- a/app/docker/__module.js
+++ b/app/docker/__module.js
@@ -1,11 +1,13 @@
 import angular from 'angular';

 import { EnvironmentStatus } from '@/portainer/environments/types';
+
+import { reactModule } from './react';
 import containersModule from './containers';
 import { componentsModule } from './components';
 import { networksModule } from './networks';

-angular.module('portainer.docker', ['portainer.app', containersModule, componentsModule, networksModule]).config([
+angular.module('portainer.docker', ['portainer.app', containersModule, componentsModule, networksModule, reactModule]).config([
  '$stateRegistryProvider',
  function ($stateRegistryProvider) {
    'use strict';
--- a/app/docker/containers/components/ContainersDatatable/columns/gpus.tsx
+++ b/app/docker/containers/components/ContainersDatatable/columns/gpus.tsx
@@ -0,0 +1,12 @@
+import { Column } from 'react-table';
+
+import type { DockerContainer } from '@/docker/containers/types';
+
+export const gpus: Column<DockerContainer> = {
+  Header: 'GPUs',
+  accessor: 'Gpus',
+  id: 'gpus',
+  disableFilters: true,
+  canHide: true,
+  Filter: () => null,
+};
--- a/app/docker/containers/components/ContainersDatatable/columns/index.tsx
+++ b/app/docker/containers/components/ContainersDatatable/columns/index.tsx
@@ -10,6 +10,7 @@ import { ports } from './ports';
 import { quickActions } from './quick-actions';
 import { stack } from './stack';
 import { state } from './state';
+import { gpus } from './gpus';

 export function useColumns() {
  return useMemo(
@@ -22,6 +23,7 @@ export function useColumns() {
      created,
      ip,
      host,
+      gpus,
      ports,
      ownership,
    ],
--- a/app/docker/containers/components/ContainersDatatable/columns/name.tsx
+++ b/app/docker/containers/components/ContainersDatatable/columns/name.tsx
@@ -1,5 +1,5 @@
 import { CellProps, Column, TableInstance } from 'react-table';
-import _ from 'lodash-es';
+import _ from 'lodash';
 import { useSref } from '@uirouter/react';

 import { useEnvironment } from '@/portainer/environments/useEnvironment';
--- a/app/docker/containers/components/ContainersDatatable/columns/ports.tsx
+++ b/app/docker/containers/components/ContainersDatatable/columns/ports.tsx
@@ -1,5 +1,5 @@
 import { Column } from 'react-table';
-import _ from 'lodash-es';
+import _ from 'lodash';

 import { useEnvironment } from '@/portainer/environments/useEnvironment';
 import type { DockerContainer, Port } from '@/docker/containers/types';
--- a/app/docker/containers/components/ContainersDatatable/columns/state.tsx
+++ b/app/docker/containers/components/ContainersDatatable/columns/state.tsx
@@ -1,6 +1,6 @@
 import { Column } from 'react-table';
 import clsx from 'clsx';
-import _ from 'lodash-es';
+import _ from 'lodash';

 import { DefaultFilter } from '@/portainer/components/datatables/components/Filter';
 import type {
--- a/app/docker/containers/types.ts
+++ b/app/docker/containers/types.ts
@@ -49,4 +49,5 @@ export type DockerContainer = {
  Ports: Port[];
  StackName?: string;
  Image: string;
+  Gpus: string;
 };
--- a/app/docker/networks/network.helper.ts
+++ b/app/docker/networks/network.helper.ts
@@ -1,4 +1,4 @@
-const systemNetworks = ['host', 'bridge', 'none'];
+const systemNetworks = ['host', 'bridge', 'ingress', 'nat', 'none'];

 export function isSystemNetwork(networkName: string) {
  return systemNetworks.includes(networkName);
--- a/app/docker/react/components/index.ts
+++ b/app/docker/react/components/index.ts
@@ -0,0 +1,6 @@
+import angular from 'angular';
+
+export const componentsModule = angular.module(
+  'portainer.docker.react.components',
+  []
+).name;
--- a/app/docker/react/index.ts
+++ b/app/docker/react/index.ts
@@ -0,0 +1,9 @@
+import angular from 'angular';
+
+import { componentsModule } from './components';
+import { viewsModule } from './views';
+
+export const reactModule = angular.module('portainer.docker.react', [
+  viewsModule,
+  componentsModule,
+]).name;
--- a/app/docker/react/views/index.ts
+++ b/app/docker/react/views/index.ts
@@ -0,0 +1,6 @@
+import angular from 'angular';
+
+export const viewsModule = angular.module(
+  'portainer.docker.react.views',
+  []
+).name;
--- a/app/docker/views/containers/containersController.js
+++ b/app/docker/views/containers/containersController.js
@@ -1,4 +1,5 @@
 angular.module('portainer.docker').controller('ContainersController', ContainersController);
+import _ from 'lodash';

 /* @ngInject */
 function ContainersController($scope, ContainerService, Notifications, endpoint) {
@@ -8,9 +9,42 @@ function ContainersController($scope, ContainerService, Notifications, endpoint)
  $scope.getContainers = getContainers;

  function getContainers() {
+    $scope.containers = null;
+    $scope.containers_t = null;
    ContainerService.containers(1)
      .then(function success(data) {
-        $scope.containers = data;
+        $scope.containers_t = data;
+        if ($scope.containers_t.length === 0) {
+          $scope.containers = $scope.containers_t;
+          return;
+        }
+        for (let item of $scope.containers_t) {
+          ContainerService.container(item.Id).then(function success(data) {
+            var Id = data.Id;
+            for (var i = 0; i < $scope.containers_t.length; i++) {
+              if (Id == $scope.containers_t[i].Id) {
+                const gpuOptions = _.find(data.HostConfig.DeviceRequests, function (o) {
+                  return o.Driver === 'nvidia' || o.Capabilities[0][0] === 'gpu';
+                });
+                if (!gpuOptions) {
+                  $scope.containers_t[i]['Gpus'] = 'none';
+                } else {
+                  let gpuStr = 'all';
+                  if (gpuOptions.Count !== -1) {
+                    gpuStr = `id:${_.join(gpuOptions.DeviceIDs, ',')}`;
+                  }
+                  $scope.containers_t[i]['Gpus'] = `${gpuStr}`;
+                }
+              }
+            }
+            for (let item of $scope.containers_t) {
+              if (!Object.keys(item).includes('Gpus')) {
+                return;
+              }
+            }
+            $scope.containers = $scope.containers_t;
+          });
+        }
      })
      .catch(function error(err) {
        Notifications.error('Failure', err, 'Unable to retrieve containers');
--- a/app/docker/views/containers/create/createContainerController.js
+++ b/app/docker/views/containers/create/createContainerController.js
@@ -69,6 +69,12 @@ angular.module('portainer.docker').controller('CreateContainerController', [
    $scope.containerWebhookFeature = FeatureId.CONTAINER_WEBHOOK;
    $scope.formValues = {
      alwaysPull: true,
+      GPU: {
+        enabled: false,
+        useSpecific: false,
+        selectedGPUs: [],
+        capabilities: [],
+      },
      Console: 'none',
      Volumes: [],
      NetworkContainer: null,
@@ -102,6 +108,15 @@ angular.module('portainer.docker').controller('CreateContainerController', [
      mode: '',
      pullImageValidity: true,
      settingUnlimitedResources: false,
+      nvidiaCapabilities: [
+        // Taken from https://github.com/containerd/containerd/blob/master/contrib/nvidia/nvidia.go#L40
+        { name: 'compute', description: 'required for CUDA and OpenCL applications', selected: true },
+        { name: 'compat32', description: 'required for running 32-bit applications', selected: false },
+        { name: 'graphics', description: 'required for running OpenGL and Vulkan applications', selected: false },
+        { name: 'utility', description: 'required for using nvidia-smi and NVML', selected: true },
+        { name: 'video', description: 'required for using the Video Codec SDK', selected: false },
+        { name: 'display', description: 'required for leveraging X11 display', selected: false },
+      ],
    };

    $scope.handleEnvVarChange = handleEnvVarChange;
@@ -149,6 +164,7 @@ angular.module('portainer.docker').controller('CreateContainerController', [
        Runtime: null,
        ExtraHosts: [],
        Devices: [],
+        DeviceRequests: [],
        CapAdd: [],
        CapDrop: [],
        Sysctls: {},
@@ -199,6 +215,20 @@ angular.module('portainer.docker').controller('CreateContainerController', [
      $scope.config.HostConfig.Devices.splice(index, 1);
    };

+    $scope.addGPU = () => $scope.formValues.GPU.selectedGPUs.push({ key: '' });
+    $scope.removeGPU = (index) => $scope.formValues.GPU.selectedGPUs.splice(index, 1);
+    $scope.computeDockerGPUCommand = () => {
+      const useSpecific = $scope.formValues.GPU.useSpecific;
+      let gpuStr = 'all';
+      if (useSpecific) {
+        const computeGPUs = _.flow([(arr) => _.map(arr, 'key'), (arr) => _.join(arr, ',')]);
+        gpuStr = `"device=${computeGPUs($scope.formValues.GPU.selectedGPUs)}"`;
+      }
+      const computeCapabilities = _.flow([(arr) => _.map(arr, 'name'), (arr) => _.join(arr, ',')]);
+      const capStr = `"capabilities=${computeCapabilities($scope.formValues.GPU.capabilities)}"`;
+      return `--gpus '${gpuStr},${capStr}'`;
+    };
+
    $scope.addSysctl = function () {
      $scope.formValues.Sysctls.push({ name: '', value: '' });
    };
@@ -417,6 +447,38 @@ angular.module('portainer.docker').controller('CreateContainerController', [
      config.HostConfig.CapDrop = notAllowed.map(getCapName);
    }

+    function prepareGPUOptions(config) {
+      const gpuOptions = $scope.formValues.GPU;
+      if (!gpuOptions.enabled) {
+        return;
+      }
+      const driver = 'nvidia';
+      const existingDeviceRequest = _.find($scope.config.HostConfig.DeviceRequests, function (o) {
+        return o.Driver === 'nvidia' || o.Capabilities[0][0] === 'gpu';
+      });
+      if (existingDeviceRequest) {
+        _.pullAllBy(config.HostConfig.DeviceRequests, [existingDeviceRequest], 'Driver');
+      }
+      const deviceRequest = existingDeviceRequest || {
+        Driver: driver,
+        Count: -1,
+        DeviceIDs: [], // must be empty if Count != 0 https://github.com/moby/moby/blob/master/daemon/nvidia_linux.go#L50
+        Capabilities: [], // array of ORed arrays of ANDed capabilites = [ [c1 AND c2] OR [c1 AND c3] ] : https://github.com/moby/moby/blob/master/api/types/container/host_config.go#L272
+        // Options: { property1: "string", property2: "string" }, // seems to never be evaluated/used in docker API ?
+      };
+      if (gpuOptions.useSpecific) {
+        const gpuIds = _.map(gpuOptions.selectedGPUs, 'key');
+        deviceRequest.DeviceIDs = gpuIds;
+        deviceRequest.Count = 0;
+      }
+      const caps = _.map(gpuOptions.capabilities, 'name');
+      // we only support a single set of capabilities for now
+      // UI needs to be reworked in order to support OR combinations of AND capabilities
+      deviceRequest.Capabilities = [caps];
+
+      config.HostConfig.DeviceRequests.push(deviceRequest);
+    }
+
    function prepareConfiguration() {
      var config = angular.copy($scope.config);
      prepareCmd(config);
@@ -433,6 +495,7 @@ angular.module('portainer.docker').controller('CreateContainerController', [
      prepareLogDriver(config);
      prepareCapabilities(config);
      prepareSysctls(config);
+      prepareGPUOptions(config);
      return config;
    }

@@ -571,6 +634,34 @@ angular.module('portainer.docker').controller('CreateContainerController', [
      $scope.config.HostConfig.Devices = path;
    }

+    function loadFromContainerDeviceRequests() {
+      const deviceRequest = _.find($scope.config.HostConfig.DeviceRequests, function (o) {
+        return o.Driver === 'nvidia' || o.Capabilities[0][0] === 'gpu';
+      });
+      if (deviceRequest) {
+        $scope.formValues.GPU.enabled = true;
+        $scope.formValues.GPU.useSpecific = deviceRequest.Count !== -1;
+        if ($scope.formValues.GPU.useSpecific) {
+          $scope.formValues.GPU.selectedGPUs = _.map(deviceRequest.DevicesIDs, (id) => {
+            return { key: id };
+          });
+        }
+        // we only support a single set of capabilities for now
+        // UI needs to be reworked in order to support OR combinations of AND capabilities
+        const caps = deviceRequest.Capabilities[0];
+        const fvCaps = _.map(caps, (cap) => {
+          return { name: cap };
+        });
+        $scope.formValues.GPU.capabilities = fvCaps;
+        _.forEach(caps, (cap) => {
+          const c = _.find($scope.state.nvidiaCapabilities, { name: cap });
+          if (c) {
+            c.selected = true;
+          }
+        });
+      }
+    }
+
    function loadFromContainerSysctls() {
      for (var s in $scope.config.HostConfig.Sysctls) {
        if ({}.hasOwnProperty.call($scope.config.HostConfig.Sysctls, s)) {
@@ -651,6 +742,7 @@ angular.module('portainer.docker').controller('CreateContainerController', [
          loadFromContainerLabels(d);
          loadFromContainerConsole(d);
          loadFromContainerDevices(d);
+          loadFromContainerDeviceRequests(d);
          loadFromContainerImageConfig(d);
          loadFromContainerResources(d);
          loadFromContainerCapabilities(d);
@@ -672,6 +764,24 @@ angular.module('portainer.docker').controller('CreateContainerController', [
      });
    }

+    $scope.getGpusInfo = function () {
+      var gpusInfo = new Array();
+      var selectedGPUs = _.map($scope.formValues.GPU.selectedGPUs, 'key');
+      var gpuUseSet = new Set($scope.gpuUseList);
+      var mark = '';
+      for (let gpu of endpoint.Gpus) {
+        if (selectedGPUs.includes(gpu.name)) {
+          continue;
+        } else if ($scope.gpuUseAll === true || gpuUseSet.has(gpu.name)) {
+          mark = '<i class="fa fa-ban space-right red-icon"></i>';
+        } else {
+          mark = '<i class="fa fa-check space-right green-icon"></i>';
+        }
+        gpusInfo.push({ name: gpu.name, value: gpu.value, mark: mark });
+      }
+      return gpusInfo;
+    };
+
    async function initView() {
      var nodeName = $transition$.params().nodeName;
      $scope.formValues.NodeName = nodeName;
@@ -715,6 +825,8 @@ angular.module('portainer.docker').controller('CreateContainerController', [
        function (d) {
          var containers = d;
          $scope.runningContainers = containers;
+          $scope.gpuUseAll = $scope.endpoint.Snapshots[0].GpuUseAll;
+          $scope.gpuUseList = $scope.endpoint.Snapshots[0].GpuUseList;
          if ($transition$.params().from) {
            loadFromContainerSpec();
          } else {
--- a/app/docker/views/containers/create/createcontainer.css
+++ b/app/docker/views/containers/create/createcontainer.css
@@ -6,15 +6,3 @@
 .widget .edit-resources button {
  margin-left: 0;
 }
-
-.mt-20 {
-  margin-top: 20px;
-}
-
-.mt-7 {
-  margin-top: 7px;
-}
-
-.mt-10 {
-  margin-top: 10px;
-}
--- a/app/docker/views/containers/create/createcontainer.html
+++ b/app/docker/views/containers/create/createcontainer.html
@@ -703,11 +703,99 @@
                <!-- !sysctls-input-list -->
              </div>
              <!-- !sysctls -->
+              <!-- #region GPU -->
+              <div class="col-sm-12 form-section-title"> GPU </div>
+              <div class="form-group" ng-if="applicationState.endpoint.apiVersion >= 1.4">
+                <label class="col-xs-3 col-sm-3 col-lg-2 control-label text-left"> Enable GPU </label>
+                <div class="col-xs-9 col-sm-9 col-lg-4">
+                  <label class="switch" style="margin-left: 5px"> <input type="checkbox" name="use_gpu" ng-model="formValues.GPU.enabled" /><i></i> </label>
+                </div>
+              </div>
+              <div ng-if="formValues.GPU.enabled">
+                <!-- #region GPU DEVICES -->
+                <div class="form-group">
+                  <label class="col-xs-3 col-sm-3 col-lg-2 control-label text-left">
+                    Use specific GPUs
+                    <portainer-tooltip
+                      position="top"
+                      message="By default all GPUs will be usable by the container. Enable this if you want to give access to only specific host GPUs. Accept GPU indexes or UUIDs."
+                    >
+                    </portainer-tooltip>
+                  </label>
+                  <div class="col-xs-9 col-lg-4">
+                    <label class="switch" style="margin-left: 5px"> <input type="checkbox" name="use_gpu" ng-model="formValues.GPU.useSpecific" /><i></i> </label>
+                    <span class="label label-default interactive" style="margin-left: 10px" ng-if="formValues.GPU.useSpecific" ng-click="addGPU()">
+                      <i class="fa fa-plus-circle" aria-hidden="true"></i> add gpu
+                    </span>
+                  </div>
+                  <div class="col-sm-12 form-inline" style="margin-top: 10px" ng-if="formValues.GPU.useSpecific && formValues.GPU.selectedGPUs.length">
+                    <div ng-repeat="gpu in formValues.GPU.selectedGPUs track by $index" style="margin-top: 2px">
+                      <div class="input-group col-sm-8 input-group-sm">
+                        <span class="input-group-addon">index or UUID</span>
+                        <input
+                          type="text"
+                          class="form-control"
+                          typeahead-no-results="noResults"
+                          typeahead-min-length="0"
+                          typeahead-editable="false"
+                          typeahead-select-on-exact="true"
+                          uib-typeahead="item.name as item.mark+item.name+' : '+item.value for item in getGpusInfo() | filter:$viewValue | limitTo:all"
+                          ng-model="gpu.key"
+                          placeholder="e.g. 0 or GPU-fef8089b"
+                          typeahead-wait-ms="100"
+                        />
+                      </div>
+                      <button class="btn btn-sm btn-danger" type="button" ng-click="removeGPU($index)">
+                        <i class="fa fa-trash" aria-hidden="true"></i>
+                      </button>
+                      <div ng-if="noResults">No Available GPU</div>
+                    </div>
+                  </div>
+                </div>
+                <!-- #endregion -->
+
+                <div class="form-group">
+                  <label class="col-xs-3 col-sm-3 col-lg-2 control-label text-left">
+                    Capabilities
+                    <portainer-tooltip
+                      position="top"
+                      message="'compute' and 'utility' capabilities are preselected by Portainer because they are used by default when you don't explicitly specify capabilities with docker CLI '--gpus' option."
+                    >
+                    </portainer-tooltip>
+                  </label>
+                  <div class="col-xs-12 col-sm-9 col-lg-4">
+                    <span
+                      isteven-multi-select
+                      input-model="state.nvidiaCapabilities"
+                      output-model="formValues.GPU.capabilities"
+                      output-properties="name"
+                      button-label="name"
+                      item-label="name - description"
+                      tick-property="selected"
+                      directive-id="nvidia_capabilities"
+                      helper-elements=""
+                      translation="{nothingSelected: 'No capabilities selected'}"
+                    >
+                    </span>
+                  </div>
+                </div>
+                <div class="form-group">
+                  <label class="col-xs-3 col-sm-3 col-lg-2 control-label text-left">
+                    Control
+                    <portainer-tooltip position="top" message="This is the generated equivalent of the '--gpus' docker CLI parameter based on your settings."> </portainer-tooltip>
+                  </label>
+                  <label class="col-xs-12 col-sm-9 col-lg-4">
+                    <code>{{ computeDockerGPUCommand() }}</code>
+                  </label>
+                </div>
+              </div>
+
+              <!-- #endregion GPU -->
              <div ng-class="{ 'edit-resources': state.mode == 'duplicate' }">
                <div class="col-sm-12 form-section-title"> Resources </div>
                <!-- memory-reservation-input -->
                <div class="form-group">
-                  <label for="memory-reservation" class="col-sm-3 col-lg-2 control-label text-left mt-20"> Memory reservation </label>
+                  <label for="memory-reservation" class="col-sm-3 col-lg-2 control-label text-left mt-8"> Memory reservation </label>
                  <div class="col-sm-3">
                    <slider
                      on-change="(handleResourceChange)"
@@ -722,13 +810,13 @@
                    <input type="number" min="0" class="form-control" ng-model="formValues.MemoryReservation" id="memory-reservation" />
                  </div>
                  <div class="col-sm-4">
-                    <p class="small text-muted mt-7"> Memory soft limit (<b>MB</b>) </p>
+                    <p class="small text-muted mt-2"> Memory soft limit (<b>MB</b>) </p>
                  </div>
                </div>
                <!-- !memory-reservation-input -->
                <!-- memory-limit-input -->
                <div class="form-group">
-                  <label for="memory-limit" class="col-sm-3 col-lg-2 control-label text-left mt-20"> Memory limit </label>
+                  <label for="memory-limit" class="col-sm-3 col-lg-2 control-label text-left mt-8"> Memory limit </label>
                  <div class="col-sm-3">
                    <slider
                      on-change="(handleResourceChange)"
@@ -749,7 +837,7 @@
                <!-- !memory-limit-input -->
                <!-- cpu-limit-input -->
                <div class="form-group">
-                  <label for="cpu-limit" class="col-sm-3 col-lg-2 control-label text-left mt-20"> CPU limit </label>
+                  <label for="cpu-limit" class="col-sm-3 col-lg-2 control-label text-left mt-8"> CPU limit </label>
                  <div class="col-sm-5">
                    <slider
                      on-change="(handleResourceChange)"
@@ -761,7 +849,7 @@
                      ng-if="state.sliderMaxCpu"
                    ></slider>
                  </div>
-                  <div class="col-sm-4 mt-20">
+                  <div class="col-sm-4 mt-8">
                    <p class="small text-muted"> Maximum CPU usage </p>
                  </div>
                </div>
--- a/app/docker/views/containers/edit/container.html
+++ b/app/docker/views/containers/edit/container.html
@@ -325,6 +325,10 @@
                </table>
              </td>
            </tr>
+            <tr ng-if="container.HostConfig.DeviceRequests.length">
+              <td>GPUS</td>
+              <td>{{ computeDockerGPUCommand() }}</td>
+            </tr>
          </tbody>
        </table>
      </rd-widget-body>
--- a/app/docker/views/containers/edit/containerController.js
+++ b/app/docker/views/containers/edit/containerController.js
@@ -77,6 +77,23 @@ angular.module('portainer.docker').controller('ContainerController', [
      $state.reload();
    };

+    $scope.computeDockerGPUCommand = () => {
+      const gpuOptions = _.find($scope.container.HostConfig.DeviceRequests, function (o) {
+        return o.Driver === 'nvidia' || o.Capabilities[0][0] === 'gpu';
+      });
+      if (!gpuOptions) {
+        return 'No GPU config found';
+      }
+      let gpuStr = 'all';
+      if (gpuOptions.Count !== -1) {
+        gpuStr = `"device=${_.join(gpuOptions.DeviceIDs, ',')}"`;
+      }
+      // we only support a single set of capabilities for now
+      // creation UI needs to be reworked in order to support OR combinations of AND capabilities
+      const capStr = `"capabilities=${_.join(gpuOptions.Capabilities[0], ',')}"`;
+      return `${gpuStr},${capStr}`;
+    };
+
    var update = function () {
      var nodeName = $transition$.params().nodeName;
      HttpRequestHelper.setPortainerAgentTargetHeader(nodeName);
--- a/app/docker/views/dashboard/dashboard.html
+++ b/app/docker/views/dashboard/dashboard.html
@@ -51,10 +51,14 @@
                >
              </td>
            </tr>
-            <tr>
+            <tr ng-if="showEnvUrl">
              <td>URL</td>
              <td>{{ endpoint.URL | stripprotocol }}</td>
            </tr>
+            <tr>
+              <td>{{ endpoint.Gpus.length <= 1 ? 'GPU' : 'GPUs' }}</td>
+              <td>{{ gpuInfoStr }}</td>
+            </tr>
            <tr>
              <td>Tags</td>
              <td>{{ endpointTags }}</td>
@@ -163,4 +167,21 @@
      </rd-widget>
    </a>
  </div>
+  <div class="col-xs-12 col-md-6">
+    <!-- <a ui-sref="docker.containers"> -->
+    <rd-widget>
+      <rd-widget-body>
+        <div class="widget-icon blue pull-left">
+          <i class="fa fa-digital-tachograph"></i>
+        </div>
+        <div class="pull-right" style="padding-left: 5px">
+          <div ng-if="gpuFreeStr !== 'none'"><i class="fa fa-check space-right green-icon"></i>{{ gpuFreeStr }} free</div>
+          <div ng-if="gpuFreeStr === 'none'"><i class="fa fa-ban space-right red-icon"></i>all occupied</div>
+        </div>
+        <div class="title">{{ endpoint.Gpus.length }}</div>
+        <div class="comment">{{ endpoint.Gpus.length <= 1 ? 'GPU' : 'GPUs' }}</div>
+      </rd-widget-body>
+    </rd-widget>
+    <!-- </a> -->
+  </div>
 </div>
--- a/app/docker/views/dashboard/dashboardController.js
+++ b/app/docker/views/dashboard/dashboardController.js
@@ -2,6 +2,7 @@ import angular from 'angular';
 import _ from 'lodash';

 import { isOfflineEndpoint } from '@/portainer/helpers/endpointHelper';
+import { PortainerEndpointTypes } from 'Portainer/models/endpoint/models';

 angular.module('portainer.docker').controller('DashboardController', [
  '$scope',
@@ -41,12 +42,42 @@ angular.module('portainer.docker').controller('DashboardController', [
    $scope.offlineMode = false;
    $scope.showStacks = false;

+    $scope.buildGpusStr = function (gpuUseSet) {
+      var gpusAvailable = new Object();
+      for (let i = 0; i < $scope.endpoint.Gpus.length; i++) {
+        if (!gpuUseSet.has($scope.endpoint.Gpus[i].name)) {
+          var exist = false;
+          for (let gpuAvailable in gpusAvailable) {
+            if ($scope.endpoint.Gpus[i].value == gpuAvailable) {
+              gpusAvailable[gpuAvailable] += 1;
+              exist = true;
+            }
+          }
+          if (exist === false) {
+            gpusAvailable[$scope.endpoint.Gpus[i].value] = 1;
+          }
+        }
+      }
+      var retStr = Object.keys(gpusAvailable).length
+        ? _.join(
+            _.map(Object.keys(gpusAvailable), (gpuAvailable) => {
+              var _str = gpusAvailable[gpuAvailable];
+              _str += ' x ';
+              _str += gpuAvailable;
+              return _str;
+            }),
+            ' + '
+          )
+        : 'none';
+      return retStr;
+    };
+
    async function initView() {
      const endpointMode = $scope.applicationState.endpoint.mode;
      $scope.endpoint = endpoint;

      $scope.showStacks = await shouldShowStacks();
-
+      $scope.showEnvUrl = endpoint.Type !== PortainerEndpointTypes.EdgeAgentOnDockerEnvironment && endpoint.Type !== PortainerEndpointTypes.EdgeAgentOnKubernetesEnvironment;
      $q.all({
        containers: ContainerService.containers(1),
        images: ImageService.images(false),
@@ -65,6 +96,14 @@ angular.module('portainer.docker').controller('DashboardController', [
          $scope.serviceCount = data.services.length;
          $scope.stackCount = data.stacks.length;
          $scope.info = data.info;
+
+          $scope.gpuInfoStr = $scope.buildGpusStr(new Set());
+          $scope.gpuUseAll = $scope.endpoint.Snapshots[0].GpuUseAll;
+          $scope.gpuUseList = $scope.endpoint.Snapshots[0].GpuUseList;
+          $scope.gpuFreeStr = 'all';
+          if ($scope.gpuUseAll == true) $scope.gpuFreeStr = 'none';
+          else $scope.gpuFreeStr = $scope.buildGpusStr(new Set($scope.gpuUseList));
+
          $scope.endpointTags = endpoint.TagIds.length
            ? _.join(
                _.filter(
--- a/app/docker/views/images/build/buildimage.html
+++ b/app/docker/views/images/build/buildimage.html
@@ -166,7 +166,13 @@
                <div class="form-group">
                  <label for="image_url" class="col-sm-2 control-label text-left">URL</label>
                  <div class="col-sm-10">
-                    <input type="text" class="form-control" ng-model="formValues.URL" id="image_url" placeholder="https://myhost.mydomain/myimage.tar.gz" />
+                    <input
+                      type="text"
+                      class="form-control"
+                      ng-model="formValues.URL"
+                      id="image_url"
+                      placeholder="https://myhost.mydomain/myimage.tar.gz or https://github.com/myname/myrepo.git#mybranch"
+                    />
                  </div>
                </div>
                <div class="form-group">
--- a/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/AMTDevicesDatatable.tsx
+++ b/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/AMTDevicesDatatable.tsx
@@ -8,8 +8,8 @@ import {
 } from '@/portainer/components/datatables/components';
 import { InnerDatatable } from '@/portainer/components/datatables/components/InnerDatatable';
 import { Device } from '@/portainer/hostmanagement/open-amt/model';
-import { useAMTDevices } from '@/edge/devices/components/AMTDevicesDatatable/useAMTDevices';
-import { RowProvider } from '@/edge/devices/components/AMTDevicesDatatable/columns/RowContext';
+import { useAMTDevices } from '@/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/useAMTDevices';
+import { RowProvider } from '@/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/columns/RowContext';
 import { EnvironmentId } from '@/portainer/environments/types';
 import PortainerError from '@/portainer/error';

--- a/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/columns/RowContext.tsx
+++ b/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/columns/RowContext.tsx
--- a/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/columns/actions.tsx
+++ b/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/columns/actions.tsx
@@ -9,8 +9,14 @@ import { confirmAsync } from '@/portainer/services/modal.service/confirm';
 import { executeDeviceAction } from '@/portainer/hostmanagement/open-amt/open-amt.service';
 import * as notifications from '@/portainer/services/notifications';
 import { ActionsMenuTitle } from '@/portainer/components/datatables/components/ActionsMenuTitle';
-import { useRowContext } from '@/edge/devices/components/AMTDevicesDatatable/columns/RowContext';
-import { DeviceAction } from '@/edge/devices/types';
+
+import { useRowContext } from './RowContext';
+
+enum DeviceAction {
+  PowerOn = 'power on',
+  PowerOff = 'power off',
+  Restart = 'restart',
+}

 export const actions: Column<Device> = {
  Header: 'Actions',
--- a/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/columns/hostname.tsx
+++ b/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/columns/hostname.tsx
--- a/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/columns/index.tsx
+++ b/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/columns/index.tsx
--- a/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/columns/power-state.tsx
+++ b/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/columns/power-state.tsx
@@ -2,8 +2,27 @@ import { CellProps, Column } from 'react-table';
 import clsx from 'clsx';

 import { Device } from '@/portainer/hostmanagement/open-amt/model';
-import { useRowContext } from '@/edge/devices/components/AMTDevicesDatatable/columns/RowContext';
-import { PowerState, PowerStateCode } from '@/edge/devices/types';
+
+import { useRowContext } from './RowContext';
+
+enum PowerState {
+  Running = 'Running',
+  Sleep = 'Sleep',
+  Off = 'Off',
+  Hibernate = 'Hibernate',
+  PowerCycle = 'Power Cycle',
+}
+
+enum PowerStateCode {
+  On = 2,
+  SleepLight = 3,
+  SleepDeep = 4,
+  OffHard = 6,
+  Hibernate = 7,
+  OffSoft = 8,
+  PowerCycle = 9,
+  OffHardGraceful = 13,
+}

 export const powerState: Column<Device> = {
  Header: 'Power State',
--- a/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/columns/status.tsx
+++ b/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/columns/status.tsx
--- a/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/useAMTDevices.tsx
+++ b/app/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/useAMTDevices.tsx
--- a/app/edge/EdgeDevices/EdgeDevicesView/EdgeDevicesDatatable/EdgeDevicesDatatable.module.css
+++ b/app/edge/EdgeDevices/EdgeDevicesView/EdgeDevicesDatatable/EdgeDevicesDatatable.module.css
--- a/app/edge/EdgeDevices/EdgeDevicesView/EdgeDevicesDatatable/EdgeDevicesDatatable.tsx
+++ b/app/edge/EdgeDevices/EdgeDevicesView/EdgeDevicesDatatable/EdgeDevicesDatatable.tsx
@@ -0,0 +1,269 @@
+import { useTable, useExpanded, useSortBy, useFilters } from 'react-table';
+import { useRowSelectColumn } from '@lineup-lite/hooks';
+import _ from 'lodash';
+
+import { Environment } from '@/portainer/environments/types';
+import { PaginationControls } from '@/portainer/components/pagination-controls';
+import {
+  Table,
+  TableActions,
+  TableContainer,
+  TableHeaderRow,
+  TableRow,
+  TableSettingsMenu,
+  TableTitle,
+  TableTitleActions,
+} from '@/portainer/components/datatables/components';
+import { multiple } from '@/portainer/components/datatables/components/filter-types';
+import { useTableSettings } from '@/portainer/components/datatables/components/useTableSettings';
+import { ColumnVisibilityMenu } from '@/portainer/components/datatables/components/ColumnVisibilityMenu';
+import { SearchBar } from '@/portainer/components/datatables/components/SearchBar';
+import { useRowSelect } from '@/portainer/components/datatables/components/useRowSelect';
+import { TableFooter } from '@/portainer/components/datatables/components/TableFooter';
+import { SelectedRowsCount } from '@/portainer/components/datatables/components/SelectedRowsCount';
+import { AMTDevicesDatatable } from '@/edge/EdgeDevices/EdgeDevicesView/AMTDevicesDatatable/AMTDevicesDatatable';
+import { TextTip } from '@/portainer/components/Tip/TextTip';
+import { EnvironmentGroup } from '@/portainer/environment-groups/types';
+
+import { EdgeDevicesDatatableActions } from './EdgeDevicesDatatableActions';
+import { EdgeDevicesDatatableSettings } from './EdgeDevicesDatatableSettings';
+import { RowProvider } from './columns/RowContext';
+import { useColumns } from './columns';
+import styles from './EdgeDevicesDatatable.module.css';
+import { EdgeDeviceTableSettings, Pagination } from './types';
+
+export interface EdgeDevicesTableProps {
+  storageKey: string;
+  isFdoEnabled: boolean;
+  isOpenAmtEnabled: boolean;
+  showWaitingRoomLink: boolean;
+  mpsServer: string;
+  dataset: Environment[];
+  groups: EnvironmentGroup[];
+  setLoadingMessage(message: string): void;
+  pagination: Pagination;
+  onChangePagination(pagination: Partial<Pagination>): void;
+  totalCount: number;
+  search: string;
+  onChangeSearch(search: string): void;
+}
+
+export function EdgeDevicesDatatable({
+  isFdoEnabled,
+  isOpenAmtEnabled,
+  showWaitingRoomLink,
+  mpsServer,
+  dataset,
+  onChangeSearch,
+  search,
+  groups,
+  setLoadingMessage,
+  pagination,
+  onChangePagination,
+  totalCount,
+}: EdgeDevicesTableProps) {
+  const { settings, setTableSettings } =
+    useTableSettings<EdgeDeviceTableSettings>();
+
+  const columns = useColumns();
+
+  const {
+    getTableProps,
+    getTableBodyProps,
+    headerGroups,
+    rows,
+    prepareRow,
+    selectedFlatRows,
+    allColumns,
+    setHiddenColumns,
+  } = useTable<Environment>(
+    {
+      defaultCanFilter: false,
+      columns,
+      data: dataset,
+      filterTypes: { multiple },
+      initialState: {
+        hiddenColumns: settings.hiddenColumns,
+        sortBy: [settings.sortBy],
+      },
+      isRowSelectable() {
+        return true;
+      },
+      autoResetExpanded: false,
+      autoResetSelectedRows: false,
+      getRowId(originalRow: Environment) {
+        return originalRow.Id.toString();
+      },
+      selectColumnWidth: 5,
+    },
+    useFilters,
+    useSortBy,
+    useExpanded,
+    useRowSelect,
+    useRowSelectColumn
+  );
+
+  const columnsToHide = allColumns.filter((colInstance) => {
+    const columnDef = columns.find((c) => c.id === colInstance.id);
+    return columnDef?.canHide;
+  });
+
+  const tableProps = getTableProps();
+  const tbodyProps = getTableBodyProps();
+
+  const someDeviceHasAMTActivated = dataset.some(
+    (environment) =>
+      environment.AMTDeviceGUID && environment.AMTDeviceGUID !== ''
+  );
+
+  const groupsById = _.groupBy(groups, 'Id');
+
+  return (
+    <div className="row">
+      <div className="col-sm-12">
+        <TableContainer>
+          <TableTitle icon="fa-plug" label="Edge Devices">
+            <TableTitleActions>
+              <ColumnVisibilityMenu<Environment>
+                columns={columnsToHide}
+                onChange={handleChangeColumnsVisibility}
+                value={settings.hiddenColumns}
+              />
+              <TableSettingsMenu>
+                <EdgeDevicesDatatableSettings />
+              </TableSettingsMenu>
+            </TableTitleActions>
+          </TableTitle>
+          <TableActions>
+            <EdgeDevicesDatatableActions
+              selectedItems={selectedFlatRows.map((row) => row.original)}
+              isFDOEnabled={isFdoEnabled}
+              isOpenAMTEnabled={isOpenAmtEnabled}
+              setLoadingMessage={setLoadingMessage}
+              showWaitingRoomLink={showWaitingRoomLink}
+            />
+          </TableActions>
+          {isOpenAmtEnabled && someDeviceHasAMTActivated && (
+            <div className={styles.kvmTip}>
+              <TextTip color="blue">
+                For the KVM function to work you need to have the MPS server
+                added to your trusted site list, browse to this{' '}
+                <a
+                  href={`https://${mpsServer}`}
+                  target="_blank"
+                  rel="noreferrer"
+                  className="space-right"
+                >
+                  site
+                </a>
+                and add to your trusted site list
+              </TextTip>
+            </div>
+          )}
+          <SearchBar value={search} onChange={handleSearchBarChange} />
+          <Table
+            className={tableProps.className}
+            role={tableProps.role}
+            style={tableProps.style}
+          >
+            <thead>
+              {headerGroups.map((headerGroup) => {
+                const { key, className, role, style } =
+                  headerGroup.getHeaderGroupProps();
+                return (
+                  <TableHeaderRow<Environment>
+                    key={key}
+                    className={className}
+                    role={role}
+                    style={style}
+                    headers={headerGroup.headers}
+                    onSortChange={handleSortChange}
+                  />
+                );
+              })}
+            </thead>
+            <tbody
+              className={tbodyProps.className}
+              role={tbodyProps.role}
+              style={tbodyProps.style}
+            >
+              <Table.Content
+                prepareRow={prepareRow}
+                rows={rows}
+                renderRow={(row, { key, className, role, style }) => {
+                  const group = groupsById[row.original.GroupId];
+
+                  return (
+                    <RowProvider
+                      key={key}
+                      isOpenAmtEnabled={isOpenAmtEnabled}
+                      groupName={group[0]?.Name}
+                    >
+                      <TableRow<Environment>
+                        cells={row.cells}
+                        key={key}
+                        className={className}
+                        role={role}
+                        style={style}
+                      />
+                      {row.isExpanded && (
+                        <tr>
+                          <td />
+                          <td colSpan={row.cells.length - 1}>
+                            <AMTDevicesDatatable
+                              environmentId={row.original.Id}
+                            />
+                          </td>
+                        </tr>
+                      )}
+                    </RowProvider>
+                  );
+                }}
+              />
+            </tbody>
+          </Table>
+          <TableFooter>
+            <SelectedRowsCount value={selectedFlatRows.length} />
+            <PaginationControls
+              isPageInputVisible
+              pageLimit={pagination.pageLimit}
+              page={pagination.page}
+              onPageChange={(p) => gotoPage(p)}
+              totalCount={totalCount}
+              onPageLimitChange={handlePageSizeChange}
+            />
+          </TableFooter>
+        </TableContainer>
+      </div>
+    </div>
+  );
+
+  function gotoPage(pageIndex: number) {
+    onChangePagination({ page: pageIndex });
+  }
+
+  function setPageSize(pageSize: number) {
+    onChangePagination({ pageLimit: pageSize });
+  }
+
+  function handlePageSizeChange(pageSize: number) {
+    setPageSize(pageSize);
+    setTableSettings((settings) => ({ ...settings, pageSize }));
+  }
+
+  function handleChangeColumnsVisibility(hiddenColumns: string[]) {
+    setHiddenColumns(hiddenColumns);
+    setTableSettings((settings) => ({ ...settings, hiddenColumns }));
+  }
+
+  function handleSearchBarChange(value: string) {
+    onChangeSearch(value);
+  }
+
+  function handleSortChange(id: string, desc: boolean) {
+    setTableSettings((settings) => ({
+      ...settings,
+      sortBy: { id, desc },
+    }));
+  }
+}
--- a/app/edge/EdgeDevices/EdgeDevicesView/EdgeDevicesDatatable/EdgeDevicesDatatableActions.tsx
+++ b/app/edge/EdgeDevices/EdgeDevicesView/EdgeDevicesDatatable/EdgeDevicesDatatableActions.tsx
--- a/app/edge/EdgeDevices/EdgeDevicesView/EdgeDevicesDatatable/EdgeDevicesDatatableContainer.tsx
+++ b/app/edge/EdgeDevices/EdgeDevicesView/EdgeDevicesDatatable/EdgeDevicesDatatableContainer.tsx
@@ -0,0 +1,118 @@
+import { useState } from 'react';
+
+import {
+  TableSettingsProvider,
+  useTableSettings,
+} from '@/portainer/components/datatables/components/useTableSettings';
+import { useEnvironmentList } from '@/portainer/environments/queries/useEnvironmentList';
+import { Environment } from '@/portainer/environments/types';
+import { useSearchBarState } from '@/portainer/components/datatables/components/SearchBar';
+import { useDebounce } from '@/portainer/hooks/useDebounce';
+
+import {
+  EdgeDevicesDatatable,
+  EdgeDevicesTableProps,
+} from './EdgeDevicesDatatable';
+import { EdgeDeviceTableSettings, Pagination } from './types';
+
+export function EdgeDevicesDatatableContainer({
+  ...props
+}: Omit<
+  EdgeDevicesTableProps,
+  | 'dataset'
+  | 'pagination'
+  | 'onChangePagination'
+  | 'totalCount'
+  | 'search'
+  | 'onChangeSearch'
+>) {
+  const defaultSettings = {
+    autoRefreshRate: 0,
+    hiddenQuickActions: [],
+    hiddenColumns: [],
+    pageSize: 10,
+    sortBy: { id: 'state', desc: false },
+  };
+
+  const storageKey = 'edgeDevices';
+
+  return (
+    <TableSettingsProvider defaults={defaultSettings} storageKey={storageKey}>
+      <Loader storageKey={storageKey}>
+        {({
+          environments,
+          pagination,
+          totalCount,
+          setPagination,
+          search,
+          setSearch,
+        }) => (
+          <EdgeDevicesDatatable
+            // eslint-disable-next-line react/jsx-props-no-spreading
+            {...props}
+            storageKey={storageKey}
+            dataset={environments}
+            pagination={pagination}
+            onChangePagination={setPagination}
+            totalCount={totalCount}
+            search={search}
+            onChangeSearch={setSearch}
+          />
+        )}
+      </Loader>
+    </TableSettingsProvider>
+  );
+}
+
+interface LoaderProps {
+  storageKey: string;
+  children: (options: {
+    environments: Environment[];
+    totalCount: number;
+    pagination: Pagination;
+    setPagination(value: Partial<Pagination>): void;
+    search: string;
+    setSearch: (value: string) => void;
+  }) => React.ReactNode;
+}
+
+function Loader({ children, storageKey }: LoaderProps) {
+  const { settings } = useTableSettings<EdgeDeviceTableSettings>();
+  const [pagination, setPagination] = useState({
+    pageLimit: settings.pageSize,
+    page: 1,
+  });
+
+  const [search, setSearch] = useSearchBarState(storageKey);
+  const debouncedSearchValue = useDebounce(search);
+
+  const { environments, isLoading, totalCount } = useEnvironmentList(
+    {
+      edgeDeviceFilter: 'trusted',
+      search: debouncedSearchValue,
+      ...pagination,
+    },
+    settings.autoRefreshRate * 1000
+  );
+
+  if (isLoading) {
+    return null;
+  }
+
+  return (
+    <>
+      {children({
+        environments,
+        totalCount,
+        pagination,
+        setPagination: handleSetPagination,
+        search,
+        setSearch,
+      })}
+    </>
+  );
+
+  function handleSetPagination(value: Partial<Pagination>) {
+    setPagination((prev) => ({ ...prev, ...value }));
+  }
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Dakota Walsh	9e3a26bc97	fix out of bounds access	2022-05-30 13:44:55 +12:00
Dakota Walsh	258f3c0ed9	feat(docker/container): run prettier	2022-05-30 12:12:51 +12:00
Dakota Walsh	b5c1535886	feat(docker/container): bump DB version to 50 We would like to use DB version 50 for the 2.14.0 release so I'm just incrementing it quick before we test and merge.	2022-05-30 11:32:33 +12:00
dfldylan	439393f77f	feat(docker/container): show available gpus	2022-05-27 17:33:56 +08:00
xAt0mZ	aa45263872	feat(docker/container): show gpu command equivalent on container details view	2022-05-27 17:32:49 +08:00
dfldylan	9a571e00e0	feat(docker/container): add gpu support for containers	2022-05-27 17:32:49 +08:00
dfldylan	ffc5fa1ec0	feat(docker/container): show allocated gpus at containers list view	2022-05-27 17:32:49 +08:00
dfldylan	425af1dda2	feat(dashboard): add gpus information on dashboard	2022-05-27 17:32:43 +08:00
dfldylan	6573560ea2	feat(endpoint): add gpus input when modify endpoint	2022-05-27 17:32:02 +08:00
dfldylan	1fbdaa87bd	feat(snapshots): add gpus use information	2022-05-27 17:32:02 +08:00
Chaim Lev-Ari	75d854e6ad	Revert "refactor(docker): strongly type snapshot [EE-3256]" This reverts commit `0b2217a916`.	2022-05-26 15:39:55 +03:00
Chaim Lev-Ari	0b2217a916	refactor(docker): strongly type snapshot [EE-3256] fixes [EE-3256]	2022-05-26 15:34:34 +03:00
Chao Geng	ca30efeca7	EE-1892 Centralize prompt dialog (#6903 )	2022-05-24 20:14:38 +08:00
Chaim Lev-Ari	dc98850489	feat(app): enforce using of props in r2a [EE-3215] (#6943 )	2022-05-24 08:35:20 +03:00
Chaim Lev-Ari	01dc9066b7	refactor(wizard): migrate to react [EE-2305] (#6957 )	2022-05-23 17:32:51 +03:00
Chao Geng	3aacaa7caf	feat(dashboard) remove environment url from dashboard EE-2849 (#6955 ) * EE-2849 remove environment url from dashboard * EE-2849 only remove edge env's url * EE-2849 remove logging	2022-05-23 17:05:37 +08:00
Chaim Lev-Ari	b031a30f62	feat(edge-devices): set specific page to view [EE-2082] (#6869 )	2022-05-23 10:57:22 +03:00
Chaim Lev-Ari	12cddbd896	feat(demo): disable features on demo env [EE-1874] (#6040 )	2022-05-22 08:34:09 +03:00
Chao Geng	3791b7a16f	fix(kube): misspelling kube namespace (#6951 )	2022-05-20 07:34:30 +08:00
matias-portainer	d754532ab1	chore(edgestacks): add unit tests for edge stacks (#6931 ) chore(edgestacks): add unit tests for edge stacks EE-3172	2022-05-19 17:13:51 -03:00
Chao Geng	9a48ceaec1	fix(docker): Restrict registry edit options for different registry type EE-2705 (#6708 ) * EE-2705 restrict registry edit options for different registry type * EE-2705 quay and azure registry should not disable authentication * EE-2705 Resolve conflict	2022-05-18 18:46:24 +08:00
Chaim Lev-Ari	1132c9ce87	refactor(app): create empty react structure [EE-3178] (#6926 )	2022-05-17 07:22:44 +03:00
itsconquest	668d526604	fix(networks): handle windows specific system networks [EE-2594] (#6922 )	2022-05-17 14:45:30 +12:00
Chaim Lev-Ari	0e257c200f	chore(app): use base font-size of 16px [EE-3186] (#6938 )	2022-05-16 10:24:13 +03:00
congs	df05914fac	fix(git) EE-2026 git default branch (#6876 ) fix(git) EE-2026 git default branch	2022-05-16 09:35:11 +12:00
Chaim Lev-Ari	0ffb84aaa6	refactor(app): add rq mutation helpers [EE-3176] (#6923 )	2022-05-15 10:01:08 +03:00
Chaim Lev-Ari	b01180bb29	chore(deps): remove lodash-es dependency [EE-2560] (#6576 )	2022-05-12 08:44:53 +03:00
cong meng	16f8b737f1	fix(pwd) EE-3161 ease the minimum password restrictions to 12 characters (#6921 ) * fix(pwd): EE-3161 ease the minimum password restrictions to 12 characters	2022-05-12 13:17:01 +12:00
itsconquest	d9d1d6bfaa	feat(extension): add a readme [EE-3085] (#6888 ) * feat(extension): add a readme [EE-3085] * add prerequisites	2022-05-11 11:58:11 +12:00
Dmitry Salakhov	45b300eaff	fix(settings): allow empty edge url (#6907 )	2022-05-10 15:51:12 -03:00
andres-portainer	ad7545f009	fix(tls): downgrade minimum version to TLS 1.2 to avoid proxy problems EE-3152 (#6909 )	2022-05-10 15:33:53 -03:00
matias-portainer	5df30b9eb0	chore(edge): add unit tests to edgestatus inspect endpoint EE-3088 (#6905 ) * chore(edge): add unit tests to edgestatus inspect endpoint EE-3088	2022-05-10 11:58:19 -03:00