poc(search): doco/comments

# Conflicts:
#	api/http/handler/websocket/shell_pod.go
#	app/portainer/components/box-selector/box-selector-item/box-selector-item.html
#	app/portainer/rbac/components/access-viewer/access-viewer-datatable/access-viewer-datatable.html
#	app/portainer/settings/authentication/ldap/ad-settings/ad-settings.html
#	app/portainer/settings/authentication/ldap/index.js
#	app/portainer/settings/authentication/ldap/ldap-settings-custom/ldap-settings-custom.html
#	app/portainer/settings/authentication/ldap/ldap-settings.model.js
#	app/portainer/settings/authentication/ldap/ldap-settings/ldap-settings.controller.js
#	app/portainer/views/settings/authentication/settingsAuthenticationController.js

api/bolt/stack/stack.go

@@ -192,8 +192,8 @@ func (service *Service) RefreshableStacks() ([]portainer.Stack, error) {
 		bucket := tx.Bucket([]byte(BucketName))
 		cursor := bucket.Cursor()
 
-		var stack portainer.Stack
 		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
+			stack := portainer.Stack{}
 			err := internal.UnmarshalObject(v, &stack)
 			if err != nil {
 				return err

api/chisel/service.go

@@ -3,6 +3,7 @@ package chisel
 import (
 	"context"
 	"fmt"
+	"github.com/portainer/portainer/api/http/proxy"
 	"log"
 	"net/http"
 	"strconv"
@@ -32,6 +33,7 @@ type Service struct {
 	snapshotService   portainer.SnapshotService
 	chiselServer      *chserver.Server
 	shutdownCtx       context.Context
+	ProxyManager      *proxy.Manager
 }
 
 // NewService returns a pointer to a new instance of Service
@@ -215,18 +217,13 @@ func (service *Service) checkTunnels() {
 			}
 		}
 
-		if len(tunnel.Jobs) > 0 {
-			endpointID, err := strconv.Atoi(item.Key)
-			if err != nil {
-				log.Printf("[ERROR] [chisel,conversion] Invalid environment identifier (id: %s): %s", item.Key, err)
-				continue
-			}
-
-			service.SetTunnelStatusToIdle(portainer.EndpointID(endpointID))
-		} else {
-			service.tunnelDetailsMap.Remove(item.Key)
+		endpointID, err := strconv.Atoi(item.Key)
+		if err != nil {
+			log.Printf("[ERROR] [chisel,conversion] Invalid environment identifier (id: %s): %s", item.Key, err)
+			continue
 		}
 
+		service.SetTunnelStatusToIdle(portainer.EndpointID(endpointID))
 	}
 }
 

api/chisel/tunnel.go

@@ -59,6 +59,12 @@ func (service *Service) GetTunnelDetails(endpointID portainer.EndpointID) *porta
 // GetActiveTunnel retrieves an active tunnel which allows communicating with edge agent
 func (service *Service) GetActiveTunnel(endpoint *portainer.Endpoint) (*portainer.TunnelDetails, error) {
 	tunnel := service.GetTunnelDetails(endpoint.ID)
+
+	if tunnel.Status == portainer.EdgeAgentActive {
+		// update the LastActivity
+		service.SetTunnelStatusToActive(endpoint.ID)
+	}
+
 	if tunnel.Status == portainer.EdgeAgentIdle || tunnel.Status == portainer.EdgeAgentManagementRequired {
 		err := service.SetTunnelStatusToRequired(endpoint.ID)
 		if err != nil {
@@ -74,9 +80,18 @@ func (service *Service) GetActiveTunnel(endpoint *portainer.Endpoint) (*portaine
 			endpoint.EdgeCheckinInterval = settings.EdgeAgentCheckinInterval
 		}
 
-		waitForAgentToConnect := time.Duration(endpoint.EdgeCheckinInterval) * time.Second
-		time.Sleep(waitForAgentToConnect * 2)
+		waitForAgentToConnect := 2 * time.Duration(endpoint.EdgeCheckinInterval)
+
+		for waitForAgentToConnect >= 0 {
+			waitForAgentToConnect--
+			time.Sleep(time.Second)
+			tunnel = service.GetTunnelDetails(endpoint.ID)
+			if tunnel.Status == portainer.EdgeAgentActive {
+				break
+			}
+		}
 	}
+
 	tunnel = service.GetTunnelDetails(endpoint.ID)
 
 	return tunnel, nil
@@ -112,6 +127,8 @@ func (service *Service) SetTunnelStatusToIdle(endpointID portainer.EndpointID) {
 
 	key := strconv.Itoa(int(endpointID))
 	service.tunnelDetailsMap.Set(key, tunnel)
+
+	service.ProxyManager.DeleteEndpointProxy(endpointID)
 }
 
 // SetTunnelStatusToRequired update the status of the tunnel associated to the specified environment(endpoint).

api/cmd/portainer/main.go

@@ -467,6 +467,8 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 
 	proxyManager := proxy.NewManager(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager)
 
+	reverseTunnelService.ProxyManager = proxyManager
+
 	dockerConfigPath := fileService.GetDockerConfigPath()
 
 	composeStackManager := initComposeStackManager(*flags.Assets, dockerConfigPath, reverseTunnelService, proxyManager)

api/docker/client.go

@@ -91,7 +91,11 @@ func createEdgeClient(endpoint *portainer.Endpoint, signatureService portainer.D
 		headers[portainer.PortainerAgentTargetHeader] = nodeName
 	}
 
-	tunnel := reverseTunnelService.GetTunnelDetails(endpoint.ID)
+	tunnel, err := reverseTunnelService.GetActiveTunnel(endpoint)
+	if err != nil {
+		return nil, err
+	}
+	
 	endpointURL := fmt.Sprintf("http://127.0.0.1:%d", tunnel.Port)
 
 	return client.NewClientWithOpts(

api/exec/swarm_stack.go

@@ -44,19 +44,26 @@ func NewSwarmStackManager(binaryPath, configPath string, signatureService portai
 }
 
 // Login executes the docker login command against a list of registries (including DockerHub).
-func (manager *SwarmStackManager) Login(registries []portainer.Registry, endpoint *portainer.Endpoint) {
-	command, args := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.configPath, endpoint)
+func (manager *SwarmStackManager) Login(registries []portainer.Registry, endpoint *portainer.Endpoint) error {
+	command, args, err := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.configPath, endpoint)
+	if err != nil {
+		return err
+	}
 	for _, registry := range registries {
 		if registry.Authentication {
 			registryArgs := append(args, "login", "--username", registry.Username, "--password", registry.Password, registry.URL)
 			runCommandAndCaptureStdErr(command, registryArgs, nil, "")
 		}
 	}
+	return nil
 }
 
 // Logout executes the docker logout command.
 func (manager *SwarmStackManager) Logout(endpoint *portainer.Endpoint) error {
-	command, args := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.configPath, endpoint)
+	command, args, err := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.configPath, endpoint)
+	if err != nil {
+		return err
+	}
 	args = append(args, "logout")
 	return runCommandAndCaptureStdErr(command, args, nil, "")
 }
@@ -64,7 +71,10 @@ func (manager *SwarmStackManager) Logout(endpoint *portainer.Endpoint) error {
 // Deploy executes the docker stack deploy command.
 func (manager *SwarmStackManager) Deploy(stack *portainer.Stack, prune bool, endpoint *portainer.Endpoint) error {
 	filePaths := stackutils.GetStackFilePaths(stack)
-	command, args := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.configPath, endpoint)
+	command, args, err := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.configPath, endpoint)
+	if err != nil {
+		return err
+	}
 
 	if prune {
 		args = append(args, "stack", "deploy", "--prune", "--with-registry-auth")
@@ -84,7 +94,10 @@ func (manager *SwarmStackManager) Deploy(stack *portainer.Stack, prune bool, end
 
 // Remove executes the docker stack rm command.
 func (manager *SwarmStackManager) Remove(stack *portainer.Stack, endpoint *portainer.Endpoint) error {
-	command, args := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.configPath, endpoint)
+	command, args, err := manager.prepareDockerCommandAndArgs(manager.binaryPath, manager.configPath, endpoint)
+	if err != nil {
+		return err
+	}
 	args = append(args, "stack", "rm", stack.Name)
 	return runCommandAndCaptureStdErr(command, args, nil, "")
 }
@@ -108,7 +121,7 @@ func runCommandAndCaptureStdErr(command string, args []string, env []string, wor
 	return nil
 }
 
-func (manager *SwarmStackManager) prepareDockerCommandAndArgs(binaryPath, configPath string, endpoint *portainer.Endpoint) (string, []string) {
+func (manager *SwarmStackManager) prepareDockerCommandAndArgs(binaryPath, configPath string, endpoint *portainer.Endpoint) (string, []string, error) {
 	// Assume Linux as a default
 	command := path.Join(binaryPath, "docker")
 
@@ -121,7 +134,10 @@ func (manager *SwarmStackManager) prepareDockerCommandAndArgs(binaryPath, config
 
 	endpointURL := endpoint.URL
 	if endpoint.Type == portainer.EdgeAgentOnDockerEnvironment {
-		tunnel := manager.reverseTunnelService.GetTunnelDetails(endpoint.ID)
+		tunnel, err := manager.reverseTunnelService.GetActiveTunnel(endpoint)
+		if err != nil {
+			return "", nil, err
+		}
 		endpointURL = fmt.Sprintf("tcp://127.0.0.1:%d", tunnel.Port)
 	}
 
@@ -141,7 +157,7 @@ func (manager *SwarmStackManager) prepareDockerCommandAndArgs(binaryPath, config
 		}
 	}
 
-	return command, args
+	return command, args, nil
 }
 
 func (manager *SwarmStackManager) updateDockerCLIConfiguration(configPath string) error {

api/go.mod

@@ -3,58 +3,48 @@ module github.com/portainer/portainer/api
 go 1.16
 
 require (
-	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/Microsoft/go-winio v0.4.16
-	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
+	github.com/Microsoft/go-winio v0.4.17
 	github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535
 	github.com/boltdb/bolt v1.3.1
-	github.com/containerd/containerd v1.3.1 // indirect
+	github.com/containerd/containerd v1.5.7 // indirect
 	github.com/coreos/go-semver v0.3.0
 	github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/docker/cli v0.0.0-20191126203649-54d085b857e9
-	github.com/docker/distribution v2.7.1+incompatible // indirect
-	github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0
+	github.com/docker/cli v20.10.9+incompatible
+	github.com/docker/docker v20.10.9+incompatible
 	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/docker/go-units v0.4.0 // indirect
 	github.com/g07cha/defender v0.0.0-20180505193036-5665c627c814
 	github.com/go-git/go-git/v5 v5.3.0
 	github.com/go-ldap/ldap/v3 v3.1.8
-	github.com/gofrs/uuid v3.2.0+incompatible
+	github.com/gofrs/uuid v4.0.0+incompatible
+	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/gorilla/mux v1.7.3
 	github.com/gorilla/securecookie v1.1.1
-	github.com/gorilla/websocket v1.4.1
+	github.com/gorilla/websocket v1.4.2
 	github.com/joho/godotenv v1.3.0
 	github.com/jpillora/chisel v0.0.0-20190724232113-f3a8df20e389
-	github.com/json-iterator/go v1.1.10
+	github.com/json-iterator/go v1.1.11
 	github.com/koding/websocketproxy v0.0.0-20181220232114-7ed82d81a28c
-	github.com/mattn/go-shellwords v1.0.6 // indirect
-	github.com/mitchellh/mapstructure v1.1.2 // indirect
+	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
-	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.0.1 // indirect
 	github.com/orcaman/concurrent-map v0.0.0-20190826125027-8c72a8bb44f6
 	github.com/pkg/errors v0.9.1
-	github.com/portainer/docker-compose-wrapper v0.0.0-20210909083948-8be0d98451a1
+	github.com/portainer/docker-compose-wrapper v0.0.0-20211018221743-10a04c9d4f19
 	github.com/portainer/libcrypto v0.0.0-20210422035235-c652195c5c3a
 	github.com/portainer/libhelm v0.0.0-20210929000907-825e93d62108
 	github.com/portainer/libhttp v0.0.0-20190806161843-ba068f58be33
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/sirupsen/logrus v1.8.1
 	github.com/stretchr/testify v1.7.0
+	github.com/swaggo/swag v1.7.3
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
-	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
-	gotest.tools v2.2.0+incompatible // indirect
-	k8s.io/api v0.17.2
-	k8s.io/apimachinery v0.17.2
-	k8s.io/client-go v0.17.2
+	k8s.io/api v0.22.2
+	k8s.io/apimachinery v0.22.2
+	k8s.io/client-go v0.22.2
 )
-
-replace github.com/docker/docker => github.com/docker/engine v1.4.2-0.20200204220554-5f6d6f3f2203
-
-replace golang.org/x/sys => golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456

api/http/handler/auth/authenticate.go

@@ -39,6 +39,7 @@ func (payload *authenticatePayload) Validate(r *http.Request) error {
 
 // @id AuthenticateUser
 // @summary Authenticate
+// @description **Access policy**: public
 // @description Use this environment(endpoint) to authenticate against Portainer using a username and password.
 // @tags auth
 // @accept json

api/http/handler/auth/authenticate_oauth.go

@@ -44,6 +44,7 @@ func (handler *Handler) authenticateOAuth(code string, settings *portainer.OAuth
 
 // @id ValidateOAuth
 // @summary Authenticate with OAuth
+// @description **Access policy**: public
 // @tags auth
 // @accept json
 // @produce json

api/http/handler/auth/logout.go

@@ -10,6 +10,7 @@ import (
 
 // @id Logout
 // @summary Logout
+// @description **Access policy**: authenticated
 // @security jwt
 // @tags auth
 // @success 204 "Success"

api/http/handler/backup/backup.go

@@ -27,8 +27,9 @@ func (p *backupPayload) Validate(r *http.Request) error {
 // @description **Access policy**: admin
 // @tags backup
 // @security jwt
+// @accept json
 // @produce octet-stream
-// @param Password body string false "Password to encrypt the backup with"
+// @param body body backupPayload false "An object contains the password to encrypt the backup with"
 // @success 200 "Success"
 // @failure 400 "Invalid request"
 // @failure 500 "Server error"

api/http/handler/backup/restore.go

@@ -22,10 +22,9 @@ type restorePayload struct {
 // @description Triggers a system restore using provided backup file
 // @description **Access policy**: public
 // @tags backup
-// @param FileContent body []byte true "Content of the backup"
-// @param FileName body string true "File name"
-// @param Password body string false "Password to decrypt the backup with"
-// @success 200  "Success"
+// @accept json
+// @param restorePayload body restorePayload true "Restore request payload"
+// @success 200 "Success"
 // @failure 400 "Invalid request"
 // @failure 500 "Server error"
 // @router /restore [post]

api/http/handler/customtemplates/customtemplate_delete.go

@@ -16,7 +16,7 @@ import (
 // @id CustomTemplateDelete
 // @summary Remove a template
 // @description Remove a template.
-// @description **Access policy**: authorized
+// @description **Access policy**: authenticated
 // @tags custom_templates
 // @security jwt
 // @param id path int true "Template identifier"

api/http/handler/customtemplates/customtemplate_file.go

@@ -18,7 +18,7 @@ type fileResponse struct {
 // @id CustomTemplateFile
 // @summary Get Template stack file content.
 // @description Retrieve the content of the Stack file for the specified custom template
-// @description **Access policy**: authorized
+// @description **Access policy**: authenticated
 // @tags custom_templates
 // @security jwt
 // @produce json

api/http/handler/customtemplates/customtemplate_inspect.go

@@ -19,7 +19,6 @@ import (
 // @description **Access policy**: authenticated
 // @tags custom_templates
 // @security jwt
-// @accept json
 // @produce json
 // @param id path int true "Template identifier"
 // @success 200 {object} portainer.CustomTemplate "Success"

api/http/handler/edgegroups/edgegroup_create.go

@@ -34,7 +34,7 @@ func (payload *edgeGroupCreatePayload) Validate(r *http.Request) error {
 
 // @id EdgeGroupCreate
 // @summary Create an EdgeGroup
-// @description
+// @description **Access policy**: administrator
 // @tags edge_groups
 // @security jwt
 // @accept json

api/http/handler/edgegroups/edgegroup_delete.go

@@ -13,11 +13,9 @@ import (
 
 // @id EdgeGroupDelete
 // @summary Deletes an EdgeGroup
-// @description
+// @description **Access policy**: administrator
 // @tags edge_groups
 // @security jwt
-// @accept json
-// @produce json
 // @param id path int true "EdgeGroup Id"
 // @success 204
 // @failure 503 "Edge compute features are disabled"

api/http/handler/edgegroups/edgegroup_inspect.go

@@ -12,10 +12,9 @@ import (
 
 // @id EdgeGroupInspect
 // @summary Inspects an EdgeGroup
-// @description
+// @description **Access policy**: administrator
 // @tags edge_groups
 // @security jwt
-// @accept json
 // @produce json
 // @param id path int true "EdgeGroup Id"
 // @success 200 {object} portainer.EdgeGroup

api/http/handler/edgegroups/edgegroup_list.go

@@ -17,10 +17,9 @@ type decoratedEdgeGroup struct {
 
 // @id EdgeGroupList
 // @summary list EdgeGroups
-// @description
+// @description **Access policy**: administrator
 // @tags edge_groups
 // @security jwt
-// @accept json
 // @produce json
 // @success 200 {array} portainer.EdgeGroup{HasEdgeStack=bool} "EdgeGroups"
 // @failure 500

api/http/handler/edgegroups/edgegroup_update.go

@@ -36,7 +36,7 @@ func (payload *edgeGroupUpdatePayload) Validate(r *http.Request) error {
 
 // @id EgeGroupUpdate
 // @summary Updates an EdgeGroup
-// @description
+// @description **Access policy**: administrator
 // @tags edge_groups
 // @security jwt
 // @accept json

api/http/handler/edgejobs/edgejob_create.go

@@ -16,10 +16,9 @@ import (
 
 // @id EdgeJobCreate
 // @summary Create an EdgeJob
-// @description
+// @description **Access policy**: administrator
 // @tags edge_jobs
 // @security jwt
-// @accept json
 // @produce json
 // @param method query string true "Creation Method" Enums(file, string)
 // @param body_string body edgeJobCreateFromFileContentPayload true "EdgeGroup data when method is string"

api/http/handler/edgejobs/edgejob_delete.go

@@ -13,11 +13,9 @@ import (
 
 // @id EdgeJobDelete
 // @summary Delete an EdgeJob
-// @description
+// @description **Access policy**: administrator
 // @tags edge_jobs
 // @security jwt
-// @accept json
-// @produce json
 // @param id path string true "EdgeJob Id"
 // @success 204
 // @failure 500

api/http/handler/edgejobs/edgejob_file.go

@@ -16,10 +16,9 @@ type edgeJobFileResponse struct {
 
 // @id EdgeJobFile
 // @summary Fetch a file of an EdgeJob
-// @description
+// @description **Access policy**: administrator
 // @tags edge_jobs
 // @security jwt
-// @accept json
 // @produce json
 // @param id path string true "EdgeJob Id"
 // @success 200 {object} edgeJobFileResponse

api/http/handler/edgejobs/edgejob_inspect.go

@@ -17,10 +17,9 @@ type edgeJobInspectResponse struct {
 
 // @id EdgeJobInspect
 // @summary Inspect an EdgeJob
-// @description
+// @description **Access policy**: administrator
 // @tags edge_jobs
 // @security jwt
-// @accept json
 // @produce json
 // @param id path string true "EdgeJob Id"
 // @success 200 {object} portainer.EdgeJob

api/http/handler/edgejobs/edgejob_list.go

@@ -9,10 +9,9 @@ import (
 
 // @id EdgeJobList
 // @summary Fetch EdgeJobs list
-// @description
+// @description **Access policy**: administrator
 // @tags edge_jobs
 // @security jwt
-// @accept json
 // @produce json
 // @success 200 {array} portainer.EdgeJob
 // @failure 500

api/http/handler/edgejobs/edgejob_tasklogs_clear.go

@@ -13,10 +13,9 @@ import (
 
 // @id EdgeJobTasksClear
 // @summary Clear the log for a specifc task on an EdgeJob
-// @description
+// @description **Access policy**: administrator
 // @tags edge_jobs
 // @security jwt
-// @accept json
 // @produce json
 // @param id path string true "EdgeJob Id"
 // @param taskID path string true "Task Id"

api/http/handler/edgejobs/edgejob_tasklogs_collect.go

@@ -12,10 +12,9 @@ import (
 
 // @id EdgeJobTasksCollect
 // @summary Collect the log for a specifc task on an EdgeJob
-// @description
+// @description **Access policy**: administrator
 // @tags edge_jobs
 // @security jwt
-// @accept json
 // @produce json
 // @param id path string true "EdgeJob Id"
 // @param taskID path string true "Task Id"

api/http/handler/edgejobs/edgejob_tasklogs_inspect.go

@@ -15,10 +15,9 @@ type fileResponse struct {
 
 // @id EdgeJobTaskLogsInspect
 // @summary Fetch the log for a specifc task on an EdgeJob
-// @description
+// @description **Access policy**: administrator
 // @tags edge_jobs
 // @security jwt
-// @accept json
 // @produce json
 // @param id path string true "EdgeJob Id"
 // @param taskID path string true "Task Id"

api/http/handler/edgejobs/edgejob_tasks_list.go

@@ -19,10 +19,9 @@ type taskContainer struct {
 
 // @id EdgeJobTasksList
 // @summary Fetch the list of tasks on an EdgeJob
-// @description
+// @description **Access policy**: administrator
 // @tags edge_jobs
 // @security jwt
-// @accept json
 // @produce json
 // @param id path string true "EdgeJob Id"
 // @success 200 {array} taskContainer

api/http/handler/edgejobs/edgejob_update.go

@@ -30,7 +30,7 @@ func (payload *edgeJobUpdatePayload) Validate(r *http.Request) error {
 
 // @id EdgeJobUpdate
 // @summary Update an EdgeJob
-// @description
+// @description **Access policy**: administrator
 // @tags edge_jobs
 // @security jwt
 // @accept json

api/http/handler/edgestacks/edgestack_create.go

@@ -19,10 +19,9 @@ import (
 
 // @id EdgeStackCreate
 // @summary Create an EdgeStack
-// @description
+// @description **Access policy**: administrator
 // @tags edge_stacks
 // @security jwt
-// @accept json
 // @produce json
 // @param method query string true "Creation Method" Enums(file,string,repository)
 // @param body_string body swarmStackFromFileContentPayload true "Required when using method=string"

api/http/handler/edgestacks/edgestack_delete.go

@@ -13,11 +13,9 @@ import (
 
 // @id EdgeStackDelete
 // @summary Delete an EdgeStack
-// @description
+// @description **Access policy**: administrator
 // @tags edge_stacks
 // @security jwt
-// @accept json
-// @produce json
 // @param id path string true "EdgeStack Id"
 // @success 204
 // @failure 500

api/http/handler/edgestacks/edgestack_file.go

@@ -17,10 +17,9 @@ type stackFileResponse struct {
 
 // @id EdgeStackFile
 // @summary Fetches the stack file for an EdgeStack
-// @description
+// @description **Access policy**: administrator
 // @tags edge_stacks
 // @security jwt
-// @accept json
 // @produce json
 // @param id path string true "EdgeStack Id"
 // @success 200 {object} stackFileResponse

api/http/handler/edgestacks/edgestack_inspect.go

@@ -12,10 +12,9 @@ import (
 
 // @id EdgeStackInspect
 // @summary Inspect an EdgeStack
-// @description
+// @description **Access policy**: administrator
 // @tags edge_stacks
 // @security jwt
-// @accept json
 // @produce json
 // @param id path string true "EdgeStack Id"
 // @success 200 {object} portainer.EdgeStack

api/http/handler/edgestacks/edgestack_list.go

@@ -9,10 +9,9 @@ import (
 
 // @id EdgeStackList
 // @summary Fetches the list of EdgeStacks
-// @description
+// @description **Access policy**: administrator
 // @tags edge_stacks
 // @security jwt
-// @accept json
 // @produce json
 // @success 200 {array} portainer.EdgeStack
 // @failure 500

api/http/handler/edgestacks/edgestack_update.go

@@ -33,7 +33,7 @@ func (payload *updateEdgeStackPayload) Validate(r *http.Request) error {
 
 // @id EdgeStackUpdate
 // @summary Update an EdgeStack
-// @description
+// @description **Access policy**: administrator
 // @tags edge_stacks
 // @security jwt
 // @accept json

api/http/handler/edgetemplates/edgetemplate_list.go

@@ -17,7 +17,7 @@ type templateFileFormat struct {
 
 // @id EdgeTemplateList
 // @summary Fetches the list of Edge Templates
-// @description
+// @description **Access policy**: administrator
 // @tags edge_templates
 // @security jwt
 // @accept json

api/http/handler/endpointedge/endpoint_edgejob_logs.go

@@ -21,7 +21,7 @@ func (payload *logsPayload) Validate(r *http.Request) error {
 
 // endpointEdgeJobsLogs
 // @summary Inspect an EdgeJob Log
-// @description
+// @description **Access policy**: public
 // @tags edge, endpoints
 // @accept json
 // @produce json

api/http/handler/endpointedge/endpoint_edgestack_inspect.go

@@ -19,7 +19,7 @@ type configResponse struct {
 }
 
 // @summary Inspect an Edge Stack for an Environment(Endpoint)
-// @description
+// @description **Access policy**: public
 // @tags edge, endpoints, edge_stacks
 // @accept json
 // @produce json

api/http/handler/endpointgroups/endpointgroup_delete.go

@@ -17,8 +17,6 @@ import (
 // @description **Access policy**: administrator
 // @tags endpoint_groups
 // @security jwt
-// @accept json
-// @produce json
 // @param id path int true "EndpointGroup identifier"
 // @success 204 "Success"
 // @failure 400 "Invalid request"

api/http/handler/endpointproxy/proxy_docker.go

@@ -2,14 +2,12 @@ package endpointproxy
 
 import (
 	"errors"
-	"strconv"
-	"strings"
-	"time"
-
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/portainer/api"
 	bolterrors "github.com/portainer/portainer/api/bolt/errors"
+	"strconv"
+	"strings"
 
 	"net/http"
 )
@@ -37,22 +35,9 @@ func (handler *Handler) proxyRequestsToDockerAPI(w http.ResponseWriter, r *http.
 			return &httperror.HandlerError{http.StatusInternalServerError, "No Edge agent registered with the environment", errors.New("No agent available")}
 		}
 
-		tunnel := handler.ReverseTunnelService.GetTunnelDetails(endpoint.ID)
-		if tunnel.Status == portainer.EdgeAgentIdle {
-			handler.ProxyManager.DeleteEndpointProxy(endpoint)
-
-			err := handler.ReverseTunnelService.SetTunnelStatusToRequired(endpoint.ID)
-			if err != nil {
-				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to update tunnel status", err}
-			}
-
-			settings, err := handler.DataStore.Settings().Settings()
-			if err != nil {
-				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
-			}
-
-			waitForAgentToConnect := time.Duration(settings.EdgeAgentCheckinInterval) * time.Second
-			time.Sleep(waitForAgentToConnect * 2)
+		_, err := handler.ReverseTunnelService.GetActiveTunnel(endpoint)
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to get the active tunnel", err}
 		}
 	}
 

api/http/handler/endpointproxy/proxy_kubernetes.go

@@ -3,13 +3,11 @@ package endpointproxy
 import (
 	"errors"
 	"fmt"
-	"strings"
-	"time"
-
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	portainer "github.com/portainer/portainer/api"
 	bolterrors "github.com/portainer/portainer/api/bolt/errors"
+	"strings"
 
 	"net/http"
 )
@@ -37,22 +35,9 @@ func (handler *Handler) proxyRequestsToKubernetesAPI(w http.ResponseWriter, r *h
 			return &httperror.HandlerError{http.StatusInternalServerError, "No Edge agent registered with the environment", errors.New("No agent available")}
 		}
 
-		tunnel := handler.ReverseTunnelService.GetTunnelDetails(endpoint.ID)
-		if tunnel.Status == portainer.EdgeAgentIdle {
-			handler.ProxyManager.DeleteEndpointProxy(endpoint)
-
-			err := handler.ReverseTunnelService.SetTunnelStatusToRequired(endpoint.ID)
-			if err != nil {
-				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to update tunnel status", err}
-			}
-
-			settings, err := handler.DataStore.Settings().Settings()
-			if err != nil {
-				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve settings from the database", err}
-			}
-
-			waitForAgentToConnect := time.Duration(settings.EdgeAgentCheckinInterval) * time.Second
-			time.Sleep(waitForAgentToConnect * 2)
+		_, err := handler.ReverseTunnelService.GetActiveTunnel(endpoint)
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to get the active tunnel", err}
 		}
 	}
 

api/http/handler/endpoints/endpoint_association_delete.go

@@ -27,7 +27,7 @@ import (
 // @failure 400 "Invalid request"
 // @failure 404 "Environment(Endpoint) not found"
 // @failure 500 "Server error"
-// @router /api/endpoints/{id}/association [put]
+// @router /endpoints/{id}/association [put]
 func (handler *Handler) endpointAssociationDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
 	if err != nil {

api/http/handler/endpoints/endpoint_delete.go

@@ -49,7 +49,7 @@ func (handler *Handler) endpointDelete(w http.ResponseWriter, r *http.Request) *
 		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to remove environment from the database", err}
 	}
 
-	handler.ProxyManager.DeleteEndpointProxy(endpoint)
+	handler.ProxyManager.DeleteEndpointProxy(endpoint.ID)
 
 	err = handler.DataStore.EndpointRelation().DeleteEndpointRelation(endpoint.ID)
 	if err != nil {

api/http/handler/endpoints/endpoint_dockerhub_status.go

@@ -18,11 +18,27 @@ import (
 )
 
 type dockerhubStatusResponse struct {
+	// Remaiming images to pull
 	Remaining int `json:"remaining"`
-	Limit     int `json:"limit"`
+	// Daily limit
+	Limit int `json:"limit"`
 }
 
-// GET request on /api/endpoints/{id}/dockerhub/{registryId}
+// @id endpointDockerhubStatus
+// @summary fetch docker pull limits
+// @description get docker pull limits for a docker hub registry in the environment
+// @description **Access policy**:
+// @tags endpoints
+// @security jwt
+// @produce json
+// @param id path int true "endpoint ID"
+// @param registryId path int true "registry ID"
+// @success 200 {object} dockerhubStatusResponse "Success"
+// @failure 400 "Invalid request"
+// @failure 403 "Permission denied"
+// @failure 404 "registry or endpoint not found"
+// @failure 500 "Server error"
+// @router /endpoints/{id}/dockerhub/{registryId} [get]
 func (handler *Handler) endpointDockerhubStatus(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
 	if err != nil {

api/http/handler/endpoints/endpoint_extension_add.go

@@ -29,6 +29,12 @@ func (payload *endpointExtensionAddPayload) Validate(r *http.Request) error {
 	return nil
 }
 
+// @id endpointExtensionAdd
+// @tags endpoints
+// @deprecated
+// @param id path int true "Environment(Endpoint) identifier"
+// @success 204 "Success"
+// @router /endpoints/{id}/extensions [post]
 func (handler *Handler) endpointExtensionAdd(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
 	if err != nil {

api/http/handler/endpoints/endpoint_extension_remove.go

@@ -12,6 +12,13 @@ import (
 	"github.com/portainer/portainer/api/bolt/errors"
 )
 
+// @id endpointExtensionRemove
+// @tags endpoints
+// @deprecated
+// @param id path int true "Environment(Endpoint) identifier"
+// @param extensionType path string true "Extension Type"
+// @success 204 "Success"
+// @router /endpoints/{id}/extensions/{extensionType} [delete]
 func (handler *Handler) endpointExtensionRemove(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
 	if err != nil {

api/http/handler/endpoints/endpoint_registries_inspect.go

@@ -12,7 +12,20 @@ import (
 	"github.com/portainer/portainer/api/http/security"
 )
 
-// GET request on /endpoints/{id}/registries/{registryId}
+// @id endpointRegistryInspect
+// @summary get registry for environment
+// @description **Access policy**: authenticated
+// @tags endpoints
+// @security jwt
+// @produce json
+// @param id path int true "identifier"
+// @param registryId path int true "Registry identifier"
+// @success 200 {object} portainer.Registry "Success"
+// @failure 400 "Invalid request"
+// @failure 403 "Permission denied"
+// @failure 404 "Registry not found"
+// @failure 500 "Server error"
+// @router /endpoints/{id}/registries/{registryId} [get]
 func (handler *Handler) endpointRegistryInspect(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
 	if err != nil {

api/http/handler/endpoints/endpoint_registries_list.go

@@ -13,7 +13,18 @@ import (
 	"github.com/portainer/portainer/api/internal/endpointutils"
 )
 
-// GET request on /endpoints/{id}/registries?namespace
+// @id endpointRegistriesList
+// @summary List Registries on environment
+// @description List all registries based on the current user authorizations in current environment.
+// @description **Access policy**: authenticated
+// @tags endpoints
+// @param namespace query string false "required if kubernetes environment, will show registries by namespace"
+// @security jwt
+// @produce json
+// @param id path int true "Environment(Endpoint) identifier"
+// @success 200 {array} portainer.Registry "Success"
+// @failure 500 "Server error"
+// @router /endpoints/{id}/registries [get]
 func (handler *Handler) endpointRegistriesList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	securityContext, err := security.RetrieveRestrictedRequestContext(r)
 	if err != nil {

api/http/handler/endpoints/endpoint_registry_access.go

@@ -21,7 +21,22 @@ func (payload *registryAccessPayload) Validate(r *http.Request) error {
 	return nil
 }
 
-// PUT request on /endpoints/{id}/registries/{registryId}
+// @id endpointRegistryAccess
+// @summary update registry access for environment
+// @description **Access policy**: authenticated
+// @tags endpoints
+// @security jwt
+// @accept json
+// @produce json
+// @param id path int true "Environment(Endpoint) identifier"
+// @param registryId path int true "Registry identifier"
+// @param body body registryAccessPayload true "details"
+// @success 204 "Success"
+// @failure 400 "Invalid request"
+// @failure 403 "Permission denied"
+// @failure 404 "Endpoint not found"
+// @failure 500 "Server error"
+// @router /endpoints/{id}/registries/{registryId} [put]
 func (handler *Handler) endpointRegistryAccess(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
 	if err != nil {

api/http/handler/endpoints/endpoint_settings_update.go

@@ -36,9 +36,9 @@ func (payload *endpointSettingsUpdatePayload) Validate(r *http.Request) error {
 }
 
 // @id EndpointSettingsUpdate
-// @summary Update settings for an environments(endpoints)
-// @description Update settings for an environments(endpoints).
-// @description **Access policy**: administrator
+// @summary Update settings for an environment(endpoint)
+// @description Update settings for an environment(endpoint).
+// @description **Access policy**: authenticated
 // @security jwt
 // @tags endpoints
 // @accept json
@@ -49,7 +49,7 @@ func (payload *endpointSettingsUpdatePayload) Validate(r *http.Request) error {
 // @failure 400 "Invalid request"
 // @failure 404 "Environment(Endpoint) not found"
 // @failure 500 "Server error"
-// @router /api/endpoints/{id}/settings [put]
+// @router /endpoints/{id}/settings [put]
 func (handler *Handler) endpointSettingsUpdate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	endpointID, err := request.RetrieveNumericRouteVariableValue(r, "id")
 	if err != nil {

api/http/handler/endpoints/endpoint_snapshot.go

@@ -12,9 +12,9 @@ import (
 )
 
 // @id EndpointSnapshot
-// @summary Snapshots an environments(endpoints)
-// @description Snapshots an environments(endpoints)
-// @description **Access policy**: restricted
+// @summary Snapshots an environment(endpoint)
+// @description Snapshots an environment(endpoint)
+// @description **Access policy**: administrator
 // @tags endpoints
 // @security jwt
 // @param id path int true "Environment(Endpoint) identifier"

api/http/handler/endpoints/endpoint_update.go

@@ -56,7 +56,7 @@ func (payload *endpointUpdatePayload) Validate(r *http.Request) error {
 // @id EndpointUpdate
 // @summary Update an environment(endpoint)
 // @description Update an environment(endpoint).
-// @description **Access policy**: administrator
+// @description **Access policy**: authenticated
 // @security jwt
 // @tags endpoints
 // @accept json

api/http/handler/handler.go

@@ -23,6 +23,7 @@ import (
 	"github.com/portainer/portainer/api/http/handler/registries"
 	"github.com/portainer/portainer/api/http/handler/resourcecontrols"
 	"github.com/portainer/portainer/api/http/handler/roles"
+	"github.com/portainer/portainer/api/http/handler/search"
 	"github.com/portainer/portainer/api/http/handler/settings"
 	"github.com/portainer/portainer/api/http/handler/ssl"
 	"github.com/portainer/portainer/api/http/handler/stacks"
@@ -59,6 +60,7 @@ type Handler struct {
 	RegistryHandler        *registries.Handler
 	ResourceControlHandler *resourcecontrols.Handler
 	RoleHandler            *roles.Handler
+	SearchHandler 		   *search.Handler
 	SettingsHandler        *settings.Handler
 	SSLHandler             *ssl.Handler
 	StackHandler           *stacks.Handler
@@ -74,7 +76,7 @@ type Handler struct {
 }
 
 // @title PortainerCE API
-// @version 2.9.1
+// @version 2.9.2
 // @description.markdown api-description.md
 // @termsOfService
 
@@ -201,6 +203,8 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.StripPrefix("/api", h.ResourceControlHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/roles"):
 		http.StripPrefix("/api", h.RoleHandler).ServeHTTP(w, r)
+	case strings.HasPrefix(r.URL.Path, "/api/search"):
+		http.StripPrefix("/api", h.SearchHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/settings"):
 		http.StripPrefix("/api", h.SettingsHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/stacks"):

api/http/handler/helm/helm_delete.go

@@ -12,11 +12,9 @@ import (
 // @id HelmDelete
 // @summary Delete Helm Release
 // @description
-// @description **Access policy**: authorized
+// @description **Access policy**: authenticated
 // @tags helm
 // @security jwt
-// @accept json
-// @produce json
 // @param id path int true "Environment(Endpoint) identifier"
 // @param release path string true "The name of the release/application to uninstall"
 // @param namespace query string true "An optional namespace"

api/http/handler/helm/helm_install.go

@@ -36,7 +36,7 @@ var errChartNameInvalid = errors.New("invalid chart name. " +
 // @id HelmInstall
 // @summary Install Helm Chart
 // @description
-// @description **Access policy**: authorized
+// @description **Access policy**: authenticated
 // @tags helm
 // @security jwt
 // @accept json

api/http/handler/helm/helm_list.go

@@ -12,7 +12,7 @@ import (
 // @id HelmList
 // @summary List Helm Releases
 // @description
-// @description **Access policy**: authorized
+// @description **Access policy**: authenticated
 // @tags helm
 // @security jwt
 // @accept json

api/http/handler/helm/helm_repo_search.go

@@ -13,7 +13,7 @@ import (
 // @id HelmRepoSearch
 // @summary Search Helm Charts
 // @description
-// @description **Access policy**: authorized
+// @description **Access policy**: authenticated
 // @tags helm
 // @param repo query string true "Helm repository URL"
 // @security jwt

api/http/handler/helm/helm_show.go

@@ -15,8 +15,8 @@ import (
 // @id HelmShow
 // @summary Show Helm Chart Information
 // @description
-// @description **Access policy**: authorized
-// @tags helm_chart
+// @description **Access policy**: authenticated
+// @tags helm
 // @param repo query string true "Helm repository URL"
 // @param chart query string true "Chart name"
 // @param command path string true "chart/values/readme"

api/http/handler/kubernetes/kubernetes_config.go

@@ -17,7 +17,7 @@ import (
 // @id GetKubernetesConfig
 // @summary Generates kubeconfig file enabling client communication with k8s api server
 // @description Generates kubeconfig file enabling client communication with k8s api server
-// @description **Access policy**: authorized
+// @description **Access policy**: authenticated
 // @tags kubernetes
 // @security jwt
 // @accept json

api/http/handler/kubernetes/kubernetes_nodes_limits.go

@@ -13,7 +13,7 @@ import (
 // @id getKubernetesNodesLimits
 // @summary Get CPU and memory limits of all nodes within k8s cluster
 // @description Get CPU and memory limits of all nodes within k8s cluster
-// @description **Access policy**: authorized
+// @description **Access policy**: authenticated
 // @tags kubernetes
 // @security jwt
 // @accept json

api/http/handler/motd/motd.go

@@ -26,7 +26,9 @@ type motdData struct {
 	Style         string            `json:"style"`
 }
 
+// @id MOTD
 // @summary fetches the message of the day
+// @description **Access policy**: restricted
 // @tags motd
 // @security jwt
 // @produce json

api/http/handler/registries/registry_configure.go

@@ -81,7 +81,7 @@ func (payload *registryConfigurePayload) Validate(r *http.Request) error {
 // @id RegistryConfigure
 // @summary Configures a registry
 // @description Configures a registry.
-// @description **Access policy**: admin
+// @description **Access policy**: restricted
 // @tags registries
 // @security jwt
 // @accept json

api/http/handler/registries/registry_create.go

@@ -62,7 +62,7 @@ func (payload *registryCreatePayload) Validate(_ *http.Request) error {
 // @id RegistryCreate
 // @summary Create a new registry
 // @description Create a new registry.
-// @description **Access policy**: administrator
+// @description **Access policy**: restricted
 // @tags registries
 // @security jwt
 // @accept json

api/http/handler/registries/registry_delete.go

@@ -15,7 +15,7 @@ import (
 // @id RegistryDelete
 // @summary Remove a registry
 // @description Remove a registry
-// @description **Access policy**: administrator
+// @description **Access policy**: restricted
 // @tags registries
 // @security jwt
 // @param id path int true "Registry identifier"

api/http/handler/registries/registry_inspect.go

@@ -14,7 +14,7 @@ import (
 // @id RegistryInspect
 // @summary Inspect a registry
 // @description Retrieve details about a registry.
-// @description **Access policy**: administrator
+// @description **Access policy**: restricted
 // @tags registries
 // @security jwt
 // @produce json

api/http/handler/registries/registry_update.go

@@ -37,7 +37,7 @@ func (payload *registryUpdatePayload) Validate(r *http.Request) error {
 // @id RegistryUpdate
 // @summary Update a registry
 // @description Update a registry
-// @description **Access policy**: administrator
+// @description **Access policy**: restricted
 // @tags registries
 // @security jwt
 // @accept json

api/http/handler/resourcecontrols/resourcecontrol_update.go

@@ -38,7 +38,7 @@ func (payload *resourceControlUpdatePayload) Validate(r *http.Request) error {
 // @id ResourceControlUpdate
 // @summary Update a resource control
 // @description Update a resource control
-// @description **Access policy**: restricted
+// @description **Access policy**: authenticated
 // @tags resource_controls
 // @security jwt
 // @accept json

api/http/handler/search/handler.go

@@ -0,0 +1,26 @@
+package search
+
+import (
+	"net/http"
+
+	"github.com/gorilla/mux"
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/http/security"
+)
+
+// Handler is the HTTP handler used to handle tag operations.
+type Handler struct {
+	*mux.Router
+	DataStore portainer.DataStore
+}
+
+// NewHandler creates a handler to manage search operations.
+func NewHandler(bouncer *security.RequestBouncer) *Handler {
+	h := &Handler{
+		Router: mux.NewRouter(),
+	}
+	h.Handle("/search",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.search))).Methods(http.MethodGet)
+	return h
+}

api/http/handler/search/search.go

@@ -0,0 +1,315 @@
+package search
+
+import (
+	"net/http"
+	"strings"
+	"fmt"
+
+	"github.com/portainer/portainer/api"
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/request"
+	"github.com/portainer/libhttp/response"
+)
+
+type searchResponse struct {
+	Results 	[]searchResult 	`json:"Results"`
+	ResultCount int 			`json:"ResultCount"`
+}
+
+type searchResult struct {
+	Label 			string 	`json:"Label"`
+	ResultType 		string 	`json:"Type"`
+	Environment 	string  `json:"Environment"`
+	EnvironmentType string 	`json:"EnvironmentType"`
+	ResourceID 		string  `json:"ResourceID"`
+	EnvironmentID 	int		`json:"EnvironmentID"`
+}
+
+// @id Search
+// @summary Search for resources 
+// @description Search for any resource inside this Portainer instance (through snapshots).
+// @description **Access policy**: authenticated
+// @tags search
+// @security jwt
+// @produce json
+// @param query query string true "Query used to search and filter resources"
+// @success 200 {object} searchResponse "Success"
+// @failure 400 "Bad request"
+// @failure 500 "Server error"
+// @router /search [get]
+func (handler *Handler) search(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	query, err := request.RetrieveQueryParameter(r, "query", false)
+	if err != nil {
+		return &httperror.HandlerError{http.StatusBadRequest, "Invalid query parameter: query", err}
+	}
+	query = strings.ToLower(query)
+
+	endpoints, err := handler.DataStore.Endpoint().Endpoints()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to retrieve environments from the database", err}
+	}
+
+	results := make([]searchResult, 0)
+
+	for _, endpoint := range endpoints {
+
+		if match(endpoint.Name, query) {
+
+			result := searchResult{
+				Label: 				endpoint.Name,
+				ResultType: 		"ENVIRONMENT", 
+				EnvironmentType: 	envTypeFromEndpoint(&endpoint),
+				EnvironmentID: 		int(endpoint.ID),
+			}
+
+			results = append(results, result)
+		}
+
+		if len(endpoint.Snapshots) > 0 {
+
+			containers, _ := containerMatch(&endpoint, query)
+			results = append(results, containers...)
+
+			images, _ := imageMatch(&endpoint, query)
+			results = append(results, images...)
+
+			networks, _ := networkMatch(&endpoint, query)
+			results = append(results, networks...)
+
+			volumes, _ := volumeMatch(&endpoint, query)
+			results = append(results, volumes...)
+
+		}
+	}
+
+	searchResponse := searchResponse{
+		Results: 		results,
+		ResultCount: 	len(results),	
+	}
+
+	return response.JSON(w, searchResponse)
+}
+
+func volumeMatch(endpoint *portainer.Endpoint, query string) ([]searchResult, error) {
+	results := make([]searchResult, 0)
+
+	volumeRoot, ok := endpoint.Snapshots[0].SnapshotRaw.Volumes.(map[string]interface{})
+	if !ok {
+		fmt.Println("Unable to retrieve volume data from snapshot")
+		return results, nil
+	}
+
+	if volumeRoot["Volumes"] == nil {
+		fmt.Println("Unable to retrieve volume data from snapshot")
+		return results, nil
+	}
+	
+	volumes, ok := volumeRoot["Volumes"].([]interface{})
+	if !ok {
+		fmt.Println("Unable to retrieve volume data from snapshot")
+		return results, nil
+	}
+
+	for _, volume := range volumes {
+
+		volumeObject, ok := volume.(map[string]interface{})
+		if !ok {
+			fmt.Println("Unable to retrieve volume data from volumes snapshot")
+			continue
+		}
+
+		name := volumeObject["Name"]
+		if name == nil {
+			continue
+		}
+
+		volumeName := name.(string)
+		if match(volumeName, query) {
+			result := searchResult{
+				Label: 				volumeName,
+				ResultType: 		"VOLUME", 
+				Environment: 		endpoint.Name,
+				EnvironmentType: 	envTypeFromEndpoint(endpoint),
+				EnvironmentID: 		int(endpoint.ID),
+				ResourceID:			volumeName,
+			}
+			results = append(results, result)
+		}	
+	}
+
+	return results, nil
+}
+
+func networkMatch(endpoint *portainer.Endpoint, query string) ([]searchResult, error) {
+	results := make([]searchResult, 0)
+
+	networks, ok := endpoint.Snapshots[0].SnapshotRaw.Networks.([]interface{})
+	if !ok {
+		fmt.Println("Unable to retrieve networks data from snapshot")
+		return results, nil
+	}
+
+	for _, network := range networks {
+
+		networkObject, ok := network.(map[string]interface{})
+		if !ok {
+			fmt.Println("Unable to retrieve network data from networks snapshot")
+			continue
+		}
+
+		name := networkObject["Name"]
+		if name == nil {
+			continue
+		}
+
+		id := networkObject["Id"]
+		if id == nil {
+			continue
+		}
+
+		networkName := name.(string)
+		networkId := id.(string)
+		if match(networkName, query) {
+			result := searchResult{
+				Label: 				networkName,
+				ResultType: 		"NETWORK", 
+				Environment: 		endpoint.Name,
+				EnvironmentType: 	envTypeFromEndpoint(endpoint),
+				EnvironmentID: 		int(endpoint.ID),
+				ResourceID:			networkId,
+			}
+			results = append(results, result)
+		}	
+	}
+
+	return results, nil
+}
+
+func imageMatch(endpoint *portainer.Endpoint, query string) ([]searchResult, error) {
+	results := make([]searchResult, 0)
+
+	images, ok := endpoint.Snapshots[0].SnapshotRaw.Images.([]interface{})
+	if !ok {
+		fmt.Println("Unable to retrieve images data from snapshot")
+		return results, nil
+	}
+
+	for _, image := range images {
+
+		imgObject, ok := image.(map[string]interface{})
+		if !ok {
+			fmt.Println("Unable to retrieve image data from images snapshot")
+			continue
+		}
+
+		repoTags := imgObject["RepoTags"]
+		if repoTags == nil {
+			continue
+		}
+
+		id := imgObject["Id"]
+		if id == nil {
+			continue
+		}
+		imageId := id.(string)
+
+		repoTagsArray := repoTags.([]interface{})
+		if len(repoTagsArray) > 0 {
+			
+			for _, tag := range repoTagsArray {
+				tagName := tag.(string)
+
+				if match(tagName, query) {
+					result := searchResult{
+						Label: 				tagName,
+						ResultType: 		"IMAGE", 
+						Environment: 		endpoint.Name,
+						EnvironmentType: 	envTypeFromEndpoint(endpoint),
+						EnvironmentID: 		int(endpoint.ID),
+						ResourceID:			imageId,
+					}
+					results = append(results, result)
+				}	
+			}
+		}
+	}
+
+	return results, nil
+}
+
+
+func containerMatch(endpoint *portainer.Endpoint, query string) ([]searchResult, error) {
+	results := make([]searchResult, 0)
+
+	containers, ok := endpoint.Snapshots[0].SnapshotRaw.Containers.([]interface{})
+	if !ok {
+		fmt.Println("Unable to retrieve containers data from snapshot")
+		return results, nil
+	}
+
+	for _, container := range containers {
+
+		cntrObject, ok := container.(map[string]interface{})
+		if !ok {
+			fmt.Println("Unable to retrieve container data from containers snapshot")
+			continue
+		}
+
+		cntrNameEntry := cntrObject["Names"]
+		if cntrNameEntry == nil {
+			continue
+		}
+
+		id := cntrObject["Id"]
+		if id == nil {
+			continue
+		}
+		containerId := id.(string)
+
+		cntrNameArray := cntrNameEntry.([]interface{})
+		if len(cntrNameArray) > 0 {
+			
+			containerName := cntrNameArray[0].(string)
+			cName := strings.TrimPrefix(containerName, "/")
+
+			if match(cName, query) {
+				result := searchResult{
+					Label: 				cName,
+					ResultType: 		"CONTAINER",
+					Environment: 		endpoint.Name,
+					EnvironmentType: 	envTypeFromEndpoint(endpoint),
+					EnvironmentID: 		int(endpoint.ID),
+					ResourceID: 		containerId,
+				}
+				results = append(results, result)
+			}
+		}
+	}
+
+	return results, nil
+}
+
+func envTypeFromEndpoint(endpoint *portainer.Endpoint) string {
+	switch endpoint.Type {
+	case 1:
+		return "docker"
+	case 2:
+		return "docker"
+	case 3:
+		return "azure"
+	case 4:
+		return "edge"
+	case 5:
+		return "kubernetes"
+	case 6:
+		return "kubernetes"
+	case 7:
+		return "edge"
+	}
+
+	return "unsupported"
+}
+
+func match(data, filter string) bool {
+	return strings.Contains(data, filter);
+}

api/http/handler/settings/settings_update.go

@@ -54,11 +54,8 @@ func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
 	if payload.TemplatesURL != nil && *payload.TemplatesURL != "" && !govalidator.IsURL(*payload.TemplatesURL) {
 		return errors.New("Invalid external templates URL. Must correspond to a valid URL format")
 	}
-	if payload.HelmRepositoryURL != nil && *payload.HelmRepositoryURL != "" {
-		err := libhelm.ValidateHelmRepositoryURL(*payload.HelmRepositoryURL)
-		if err != nil {
-			return errors.Wrap(err, "Invalid Helm repository URL. Must correspond to a valid URL format")
-		}
+	if payload.HelmRepositoryURL != nil && *payload.HelmRepositoryURL != "" && !govalidator.IsURL(*payload.HelmRepositoryURL) {
+		return errors.New("Invalid Helm repository URL. Must correspond to a valid URL format")
 	}
 	if payload.UserSessionTimeout != nil {
 		_, err := time.ParseDuration(*payload.UserSessionTimeout)
@@ -114,7 +111,16 @@ func (handler *Handler) settingsUpdate(w http.ResponseWriter, r *http.Request) *
 	}
 
 	if payload.HelmRepositoryURL != nil {
-		settings.HelmRepositoryURL = strings.TrimSuffix(strings.ToLower(*payload.HelmRepositoryURL), "/")
+		newHelmRepo := strings.TrimSuffix(strings.ToLower(*payload.HelmRepositoryURL), "/")
+
+		if newHelmRepo != settings.HelmRepositoryURL && newHelmRepo != portainer.DefaultHelmRepositoryURL {
+			err := libhelm.ValidateHelmRepositoryURL(*payload.HelmRepositoryURL)
+			if err != nil {
+				return &httperror.HandlerError{http.StatusBadRequest, "Invalid Helm repository URL. Must correspond to a valid URL format", err}
+			}
+		}
+
+		settings.HelmRepositoryURL = newHelmRepo
 	}
 
 	if payload.BlackListedLabels != nil {

api/http/handler/stacks/stack_associate.go

@@ -14,7 +14,22 @@ import (
 	"github.com/portainer/portainer/api/internal/stackutils"
 )
 
-// PUT request on /api/stacks/:id/associate?endpointId=<endpointId>&swarmId=<swarmId>&orphanedRunning=<orphanedRunning>
+// @id StackAssociate
+// @summary Associate an orphaned stack to a new environment(endpoint)
+// @description **Access policy**: administrator
+// @tags stacks
+// @security jwt
+// @produce json
+// @param id path int true "Stack identifier"
+// @param endpointId query int true "Stacks created before version 1.18.0 might not have an associated environment(endpoint) identifier. Use this optional parameter to set the environment(endpoint) identifier used by the stack."
+// @param swarmId query int true "Swarm identifier"
+// @param orphanedRunning query boolean true "Indicates whether the stack is orphaned"
+// @success 200 {object} portainer.Stack "Success"
+// @failure 400 "Invalid request"
+// @failure 403 "Permission denied"
+// @failure 404 "Stack not found"
+// @failure 500 "Server error"
+// @router /stacks/{id}/associate [put]
 func (handler *Handler) stackAssociate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	stackID, err := request.RetrieveNumericRouteVariableValue(r, "id")
 	if err != nil {

api/http/handler/stacks/stack_create.go

@@ -33,7 +33,7 @@ func (handler *Handler) cleanUp(stack *portainer.Stack, doCleanUp *bool) error {
 // @id StackCreate
 // @summary Deploy a new stack
 // @description Deploy a new stack into a Docker environment(endpoint) specified via the environment(endpoint) identifier.
-// @description **Access policy**: restricted
+// @description **Access policy**: authenticated
 // @tags stacks
 // @security jwt
 // @accept json,multipart/form-data

api/http/handler/stacks/stack_list.go

@@ -24,10 +24,10 @@ type stackListOperationFilters struct {
 // @description List all stacks based on the current user authorizations.
 // @description Will return all stacks if using an administrator account otherwise it
 // @description will only return the list of stacks the user have access to.
-// @description **Access policy**: restricted
+// @description **Access policy**: authenticated
 // @tags stacks
 // @security jwt
-// @param filters query string false "Filters to process on the stack list. Encoded as JSON (a map[string]string). For example, {"SwarmID": "jpofkc0i9uo9wtx1zesuk649w"} will only return stacks that are part of the specified Swarm cluster. Available filters: EndpointID, SwarmID."
+// @param filters query string false "Filters to process on the stack list. Encoded as JSON (a map[string]string). For example, {'SwarmID': 'jpofkc0i9uo9wtx1zesuk649w'} will only return stacks that are part of the specified Swarm cluster. Available filters: EndpointID, SwarmID."
 // @success 200 {array} portainer.Stack "Success"
 // @success 204 "Success"
 // @failure 400 "Invalid request"

api/http/handler/stacks/stack_migrate.go

@@ -34,7 +34,7 @@ func (payload *stackMigratePayload) Validate(r *http.Request) error {
 // @id StackMigrate
 // @summary Migrate a stack to another environment(endpoint)
 // @description  Migrate a stack from an environment(endpoint) to another environment(endpoint). It will re-create the stack inside the target environment(endpoint) before removing the original stack.
-// @description **Access policy**: restricted
+// @description **Access policy**: authenticated
 // @tags stacks
 // @security jwt
 // @produce json
@@ -143,12 +143,14 @@ func (handler *Handler) stackMigrate(w http.ResponseWriter, r *http.Request) *ht
 		return migrationError
 	}
 
+	newName := stack.Name
 	stack.Name = oldName
 	err = handler.deleteStack(securityContext.UserID, stack, endpoint)
 	if err != nil {
 		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: err.Error(), Err: err}
 	}
 
+	stack.Name = newName
 	err = handler.DataStore.Stack().UpdateStack(stack.ID, stack)
 	if err != nil {
 		return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to persist the stack changes inside the database", Err: err}

api/http/handler/stacks/stack_start.go

@@ -20,7 +20,7 @@ import (
 // @id StackStart
 // @summary Starts a stopped Stack
 // @description Starts a stopped Stack.
-// @description **Access policy**: restricted
+// @description **Access policy**: authenticated
 // @tags stacks
 // @security jwt
 // @param id path int true "Stack identifier"

api/http/handler/stacks/stack_stop.go

@@ -18,7 +18,7 @@ import (
 // @id StackStop
 // @summary Stops a stopped Stack
 // @description Stops a stopped Stack.
-// @description **Access policy**: restricted
+// @description **Access policy**: authenticated
 // @tags stacks
 // @security jwt
 // @param id path int true "Stack identifier"

api/http/handler/stacks/stack_update.go

@@ -51,7 +51,7 @@ func (payload *updateSwarmStackPayload) Validate(r *http.Request) error {
 // @id StackUpdate
 // @summary Update a stack
 // @description Update a stack.
-// @description **Access policy**: restricted
+// @description **Access policy**: authenticated
 // @tags stacks
 // @security jwt
 // @accept json

api/http/handler/stacks/stack_update_git.go

@@ -40,7 +40,7 @@ func (payload *stackGitUpdatePayload) Validate(r *http.Request) error {
 // @id StackUpdateGit
 // @summary Update a stack's Git configs
 // @description Update the Git settings in a stack, e.g., RepositoryReferenceName and AutoUpdate
-// @description **Access policy**: restricted
+// @description **Access policy**: authenticated
 // @tags stacks
 // @security jwt
 // @accept json
@@ -146,6 +146,10 @@ func (handler *Handler) stackUpdateGit(w http.ResponseWriter, r *http.Request) *
 			Username: payload.RepositoryUsername,
 			Password: password,
 		}
+		_, err = handler.GitService.LatestCommitID(stack.GitConfig.URL, stack.GitConfig.ReferenceName, stack.GitConfig.Authentication.Username, stack.GitConfig.Authentication.Password)
+		if err != nil {
+			return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to fetch git repository", Err: err}
+		}
 	}
 
 	if payload.AutoUpdate != nil && payload.AutoUpdate.Interval != "" {

api/http/handler/stacks/stack_update_git_redeploy.go

@@ -38,7 +38,7 @@ func (payload *stackGitRedployPayload) Validate(r *http.Request) error {
 // @id StackGitRedeploy
 // @summary Redeploy a stack
 // @description Pull and redeploy a stack via Git
-// @description **Access policy**: restricted
+// @description **Access policy**: authenticated
 // @tags stacks
 // @security jwt
 // @accept json

api/http/handler/stacks/update_kubernetes_stack.go

@@ -74,6 +74,10 @@ func (handler *Handler) updateKubernetesStack(r *http.Request, stack *portainer.
 				Username: payload.RepositoryUsername,
 				Password: password,
 			}
+			_, err := handler.GitService.LatestCommitID(stack.GitConfig.URL, stack.GitConfig.ReferenceName, stack.GitConfig.Authentication.Username, stack.GitConfig.Authentication.Password)
+			if err != nil {
+				return &httperror.HandlerError{StatusCode: http.StatusInternalServerError, Message: "Unable to fetch git repository", Err: err}
+			}
 		} else {
 			stack.GitConfig.Authentication = nil
 		}

api/http/handler/stacks/webhook_invoke.go

@@ -15,6 +15,16 @@ import (
 	"github.com/portainer/libhttp/request"
 )
 
+// @id WebhookInvoke
+// @summary Webhook for triggering stack updates from git
+// @description **Access policy**: public
+// @tags stacks
+// @param webhookID path string true "Stack identifier"
+// @success 200 "Success"
+// @failure 400 "Invalid request"
+// @failure 409 "Conflict"
+// @failure 500 "Server error"
+// @router /stacks/webhooks/{webhookID} [post]
 func (handler *Handler) webhookInvoke(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	webhookID, err := retrieveUUIDRouteVariableValue(r, "webhookID")
 	if err != nil {

api/http/handler/tags/tag_create.go

@@ -29,6 +29,7 @@ func (payload *tagCreatePayload) Validate(r *http.Request) error {
 // @description **Access policy**: administrator
 // @tags tags
 // @security jwt
+// @accept json
 // @produce json
 // @param body body tagCreatePayload true "Tag details"
 // @success 200 {object} portainer.Tag "Success"

api/http/handler/tags/tag_delete.go

@@ -17,8 +17,6 @@ import (
 // @description **Access policy**: administrator
 // @tags tags
 // @security jwt
-// @accept json
-// @produce json
 // @param id path int true "Tag identifier"
 // @success 204 "Success"
 // @failure 400 "Invalid request"

api/http/handler/tags/tag_list.go

@@ -10,7 +10,7 @@ import (
 // @id TagList
 // @summary List tags
 // @description List tags.
-// @description **Access policy**: administrator
+// @description **Access policy**: authenticated
 // @tags tags
 // @security jwt
 // @produce json

api/http/handler/teammemberships/teammembership_create.go

@@ -37,7 +37,7 @@ func (payload *teamMembershipCreatePayload) Validate(r *http.Request) error {
 // @id TeamMembershipCreate
 // @summary Create a new team membership
 // @description Create a new team memberships. Access is only available to administrators leaders of the associated team.
-// @description **Access policy**: admin
+// @description **Access policy**: administrator
 // @tags team_memberships
 // @security jwt
 // @accept json

api/http/handler/teammemberships/teammembership_delete.go

@@ -15,7 +15,7 @@ import (
 // @id TeamMembershipDelete
 // @summary Remove a team membership
 // @description Remove a team membership. Access is only available to administrators leaders of the associated team.
-// @description **Access policy**: restricted
+// @description **Access policy**: administrator
 // @tags team_memberships
 // @security jwt
 // @param id path int true "TeamMembership identifier"

api/http/handler/teammemberships/teammembership_list.go

@@ -12,7 +12,7 @@ import (
 // @id TeamMembershipList
 // @summary List team memberships
 // @description  List team memberships. Access is only available to administrators and team leaders.
-// @description **Access policy**: admin
+// @description **Access policy**: administrator
 // @tags team_memberships
 // @security jwt
 // @produce json

api/http/handler/teammemberships/teammembership_update.go

@@ -38,7 +38,7 @@ func (payload *teamMembershipUpdatePayload) Validate(r *http.Request) error {
 // @id TeamMembershipUpdate
 // @summary Update a team membership
 // @description Update a team membership. Access is only available to administrators leaders of the associated team.
-// @description **Access policy**: restricted
+// @description **Access policy**: administrator
 // @tags team_memberships
 // @security jwt
 // @accept json

api/http/handler/teams/team_inspect.go

@@ -15,7 +15,7 @@ import (
 // @id TeamInspect
 // @summary Inspect a team
 // @description Retrieve details about a team. Access is only available for administrator and leaders of that team.
-// @description **Access policy**: restricted
+// @description **Access policy**: administrator
 // @tags teams
 // @security jwt
 // @produce json

api/http/handler/teams/team_update.go

@@ -23,7 +23,7 @@ func (payload *teamUpdatePayload) Validate(r *http.Request) error {
 // @summary Update a team
 // @description Update a team.
 // @description **Access policy**: administrator
-// @tags
+// @tags teams
 // @security jwt
 // @accept json
 // @produce json

api/http/handler/templates/template_file.go

@@ -39,7 +39,7 @@ func (payload *filePayload) Validate(r *http.Request) error {
 // @id TemplateFile
 // @summary Get a template's file
 // @description Get a template's file
-// @description **Access policy**: restricted
+// @description **Access policy**: authenticated
 // @tags templates
 // @security jwt
 // @accept json

api/http/handler/templates/template_list.go

@@ -17,7 +17,7 @@ type listResponse struct {
 // @id TemplateList
 // @summary List available templates
 // @description List available templates.
-// @description **Access policy**: restricted
+// @description **Access policy**: authenticated
 // @tags templates
 // @security jwt
 // @produce json

api/http/handler/users/admin_init.go

@@ -32,7 +32,7 @@ func (payload *adminInitPayload) Validate(r *http.Request) error {
 // @summary Initialize administrator account
 // @description Initialize the 'admin' user account.
 // @description **Access policy**: public
-// @tags
+// @tags users
 // @accept json
 // @produce json
 // @param body body adminInitPayload true "User details"

api/http/handler/users/user_delete.go

@@ -18,7 +18,6 @@ import (
 // @description **Access policy**: administrator
 // @tags users
 // @security jwt
-// @accept json
 // @produce json
 // @param id path int true "User identifier"
 // @success 204 "Success"

api/http/handler/users/user_inspect.go

@@ -16,7 +16,7 @@ import (
 // @summary Inspect a user
 // @description Retrieve details about a user.
 // @description User passwords are filtered out, and should never be accessible.
-// @description **Access policy**: administrator
+// @description **Access policy**: authenticated
 // @tags users
 // @security jwt
 // @produce json

api/http/handler/users/user_memberships.go

@@ -14,7 +14,7 @@ import (
 // @id UserMembershipsInspect
 // @summary Inspect a user memberships
 // @description Inspect a user memberships.
-// @description **Access policy**: authenticated
+// @description **Access policy**: restricted
 // @tags users
 // @security jwt
 // @produce json

api/http/handler/webhooks/webhook_create.go

@@ -33,7 +33,7 @@ func (payload *webhookCreatePayload) Validate(r *http.Request) error {
 }
 
 // @summary Create a webhook
-// @description
+// @description **Access policy**: authenticated
 // @security jwt
 // @tags webhooks
 // @accept json

api/http/handler/webhooks/webhook_delete.go

@@ -10,11 +10,9 @@ import (
 )
 
 // @summary Delete a webhook
-// @description
+// @description **Access policy**: authenticated
 // @security jwt
 // @tags webhooks
-// @accept json
-// @produce json
 // @param id path int true "Webhook id"
 // @success 202 "Webhook deleted"
 // @failure 400