fix(compose): fix support for ECR BE-11392 (#150)

Co-authored-by: andres-portainer <andres-portainer@users.noreply.github.com>

.air.toml

@@ -1,52 +0,0 @@
-root = "."
-testdata_dir = "testdata"
-tmp_dir = ".tmp"
-
-[build]
-  args_bin = []
-  bin = "./dist/portainer"
-  cmd = "SKIP_GO_GET=true make build-server"
-  delay = 1000
-  exclude_dir = []
-  exclude_file = []
-  exclude_regex = ["_test.go"]
-  exclude_unchanged = false
-  follow_symlink = false
-  full_bin = "./dist/portainer --log-level=DEBUG"
-  include_dir = ["api"]
-  include_ext = ["go"]
-  include_file = []
-  kill_delay = "0s"
-  log = "build-errors.log"
-  poll = false
-  poll_interval = 0
-  post_cmd = []
-  pre_cmd = []
-  rerun = false
-  rerun_delay = 500
-  send_interrupt = false
-  stop_on_error = false
-
-[color]
-  app = ""
-  build = "yellow"
-  main = "magenta"
-  runner = "green"
-  watcher = "cyan"
-
-[log]
-  main_only = false
-  silent = false
-  time = false
-
-[misc]
-  clean_on_exit = false
-
-[proxy]
-  app_port = 0
-  enabled = false
-  proxy_port = 0
-
-[screen]
-  clear_on_rebuild = false
-  keep_scroll = true

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -11,8 +11,6 @@ body:
         The issue tracker is for reporting bugs. If you have an [idea for a new feature](https://github.com/orgs/portainer/discussions/categories/ideas) or a [general question about Portainer](https://github.com/orgs/portainer/discussions/categories/help) please post in our [GitHub Discussions](https://github.com/orgs/portainer/discussions).
         
         You can also ask for help in our [community Slack channel](https://join.slack.com/t/portainer/shared_invite/zt-txh3ljab-52QHTyjCqbe5RibC2lcjKA).
-
-        Please note that we only provide support for current versions of Portainer. You can find a list of supported versions in our [lifecycle policy](https://docs.portainer.io/start/lifecycle).
         
         **DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS**.
 
@@ -92,20 +90,11 @@ body:
   - type: dropdown
     attributes:
       label: Portainer version
-      description: We only provide support for current versions of Portainer as per the lifecycle policy linked above. If you are on an older version of Portainer we recommend [upgrading first](https://docs.portainer.io/start/upgrade) in case your bug has already been fixed.
+      description: We only provide support for the most recent version of Portainer and the previous 3 versions. If you are on an older version of Portainer we recommend [upgrading first](https://docs.portainer.io/start/upgrade) in case your bug has already been fixed.
       multiple: false
       options:
-        - '2.27.1'
-        - '2.27.0'
-        - '2.26.1'
-        - '2.26.0'
-        - '2.25.1'
-        - '2.25.0'
-        - '2.24.1'
-        - '2.24.0'
         - '2.23.0'
         - '2.22.0'
-        - '2.21.5'
         - '2.21.4'
         - '2.21.3'
         - '2.21.2'
@@ -121,6 +110,15 @@ body:
         - '2.19.2'
         - '2.19.1'
         - '2.19.0'
+        - '2.18.4'
+        - '2.18.3'
+        - '2.18.2'
+        - '2.18.1'
+        - '2.17.1'
+        - '2.17.0'
+        - '2.16.2'
+        - '2.16.1'
+        - '2.16.0'
     validations:
       required: true
 

.godir

@@ -0,0 +1 @@
+portainer

.golangci.yaml

@@ -20,6 +20,8 @@ linters-settings:
         deny:
           - pkg: 'encoding/json'
             desc: 'use github.com/segmentio/encoding/json'
+          - pkg: 'github.com/sirupsen/logrus'
+            desc: 'logging is allowed only by github.com/rs/zerolog'
           - pkg: 'golang.org/x/exp'
             desc: 'exp is not allowed'
           - pkg: 'github.com/portainer/libcrypto'

Makefile

@@ -17,13 +17,11 @@ GOTESTSUM=go run gotest.tools/gotestsum@latest
 
 
 ##@ Building
-.PHONY: all init-dist build-storybook build build-client build-server build-image devops
+.PHONY: init-dist build-storybook build build-client build-server build-image devops
 init-dist:
 	@mkdir -p dist
 
-all: tidy deps build-server build-client ## Build the client, server and download external dependancies (doesn't build an image)
-
-build-all: all ## Alias for the 'all' target (used by CI)
+build-all: deps build-server build-client ## Build the client, server and download external dependancies (doesn't build an image)
 
 build-client: init-dist ## Build the client
 	export NODE_ENV=$(ENV) && yarn build --config $(WEBPACK_CONFIG)
@@ -52,7 +50,7 @@ client-deps: ## Install client dependencies
 	yarn
 
 tidy: ## Tidy up the go.mod file
-	@go mod tidy
+	cd api && go mod tidy
 
 
 ##@ Cleanup
@@ -67,10 +65,10 @@ clean: ## Remove all build and download artifacts
 test: test-server test-client ## Run all tests
 
 test-client: ## Run client tests
-	yarn test $(ARGS) --coverage
+	yarn test $(ARGS)
 
 test-server:	## Run server tests
-	$(GOTESTSUM) --format pkgname-and-test-fails --format-hide-empty-pkg --hide-summary skipped -- -cover -covermode=atomic -coverprofile=coverage.out ./...
+	$(GOTESTSUM) --format pkgname-and-test-fails --format-hide-empty-pkg --hide-summary skipped -- -cover  ./...
 
 ##@ Dev
 .PHONY: dev dev-client dev-server

api/backup/backup.go

@@ -21,7 +21,6 @@ const rwxr__r__ os.FileMode = 0o744
 
 var filesToBackup = []string{
 	"certs",
-	"chisel",
 	"compose",
 	"config.json",
 	"custom_templates",
@@ -31,13 +30,40 @@ var filesToBackup = []string{
 	"portainer.key",
 	"portainer.pub",
 	"tls",
+	"chisel",
 }
 
 // Creates a tar.gz system archive and encrypts it if password is not empty. Returns a path to the archive file.
 func CreateBackupArchive(password string, gate *offlinegate.OfflineGate, datastore dataservices.DataStore, filestorePath string) (string, error) {
-	backupDirPath, err := backupDatabaseAndFilesystem(gate, datastore, filestorePath)
-	if err != nil {
-		return "", err
+	unlock := gate.Lock()
+	defer unlock()
+
+	backupDirPath := filepath.Join(filestorePath, "backup", time.Now().Format("2006-01-02_15-04-05"))
+	if err := os.MkdirAll(backupDirPath, rwxr__r__); err != nil {
+		return "", errors.Wrap(err, "Failed to create backup dir")
+	}
+
+	{
+		// new export
+		exportFilename := path.Join(backupDirPath, fmt.Sprintf("export-%d.json", time.Now().Unix()))
+
+		err := datastore.Export(exportFilename)
+		if err != nil {
+			log.Error().Err(err).Str("filename", exportFilename).Msg("failed to export")
+		} else {
+			log.Debug().Str("filename", exportFilename).Msg("file exported")
+		}
+	}
+
+	if err := backupDb(backupDirPath, datastore); err != nil {
+		return "", errors.Wrap(err, "Failed to backup database")
+	}
+
+	for _, filename := range filesToBackup {
+		err := filesystem.CopyPath(filepath.Join(filestorePath, filename), backupDirPath)
+		if err != nil {
+			return "", errors.Wrap(err, "Failed to create backup file")
+		}
 	}
 
 	archivePath, err := archive.TarGzDir(backupDirPath)
@@ -55,37 +81,6 @@ func CreateBackupArchive(password string, gate *offlinegate.OfflineGate, datasto
 	return archivePath, nil
 }
 
-func backupDatabaseAndFilesystem(gate *offlinegate.OfflineGate, datastore dataservices.DataStore, filestorePath string) (string, error) {
-	unlock := gate.Lock()
-	defer unlock()
-
-	backupDirPath := filepath.Join(filestorePath, "backup", time.Now().Format("2006-01-02_15-04-05"))
-	if err := os.MkdirAll(backupDirPath, rwxr__r__); err != nil {
-		return "", errors.Wrap(err, "Failed to create backup dir")
-	}
-
-	// new export
-	exportFilename := path.Join(backupDirPath, fmt.Sprintf("export-%d.json", time.Now().Unix()))
-
-	if err := datastore.Export(exportFilename); err != nil {
-		log.Error().Err(err).Str("filename", exportFilename).Msg("failed to export")
-	} else {
-		log.Debug().Str("filename", exportFilename).Msg("file exported")
-	}
-
-	if err := backupDb(backupDirPath, datastore); err != nil {
-		return "", errors.Wrap(err, "Failed to backup database")
-	}
-
-	for _, filename := range filesToBackup {
-		if err := filesystem.CopyPath(filepath.Join(filestorePath, filename), backupDirPath); err != nil {
-			return "", errors.Wrap(err, "Failed to create backup file")
-		}
-	}
-
-	return backupDirPath, nil
-}
-
 func backupDb(backupDirPath string, datastore dataservices.DataStore) error {
 	dbFileName := datastore.Connection().GetDatabaseFileName()
 	_, err := datastore.Backup(filepath.Join(backupDirPath, dbFileName))

api/build/variables.go

@@ -0,0 +1,12 @@
+package build
+
+import "runtime"
+
+// Variables to be set during the build time
+var BuildNumber string
+var ImageTag string
+var NodejsVersion string
+var YarnVersion string
+var WebpackVersion string
+var GoVersion string = runtime.Version()
+var GitCommit string

api/cli/cli.go

@@ -59,7 +59,6 @@ func CLIFlags() *portainer.CLIFlags {
 		SecretKeyName:             kingpin.Flag("secret-key-name", "Secret key name for encryption and will be used as /run/secrets/<secret-key-name>.").Default(defaultSecretKeyName).String(),
 		LogLevel:                  kingpin.Flag("log-level", "Set the minimum logging level to show").Default("INFO").Enum("DEBUG", "INFO", "WARN", "ERROR"),
 		LogMode:                   kingpin.Flag("log-mode", "Set the logging output mode").Default("PRETTY").Enum("NOCOLOR", "PRETTY", "JSON"),
-		KubectlShellImage:         kingpin.Flag("kubectl-shell-image", "Kubectl shell image").Envar(portainer.KubectlShellImageEnvVar).Default(portainer.DefaultKubectlShellImage).String(),
 	}
 }
 

api/cli/confirm.go

@@ -19,5 +19,7 @@ func Confirm(message string) (bool, error) {
 	}
 
 	answer = strings.ReplaceAll(answer, "\n", "")
-	return strings.EqualFold(answer, "y") || strings.EqualFold(answer, "yes"), nil
+	answer = strings.ToLower(answer)
+
+	return answer == "y" || answer == "yes", nil
 }

api/cmd/portainer/main.go

@@ -10,6 +10,7 @@ import (
 
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/apikey"
+	"github.com/portainer/portainer/api/build"
 	"github.com/portainer/portainer/api/chisel"
 	"github.com/portainer/portainer/api/cli"
 	"github.com/portainer/portainer/api/crypto"
@@ -46,7 +47,6 @@ import (
 	"github.com/portainer/portainer/api/platform"
 	"github.com/portainer/portainer/api/scheduler"
 	"github.com/portainer/portainer/api/stacks/deployments"
-	"github.com/portainer/portainer/pkg/build"
 	"github.com/portainer/portainer/pkg/featureflags"
 	"github.com/portainer/portainer/pkg/libhelm"
 	"github.com/portainer/portainer/pkg/libstack/compose"
@@ -93,7 +93,7 @@ func initDataStore(flags *portainer.CLIFlags, secretKey []byte, fileService port
 		log.Fatal().Msg("failed creating database connection: expecting a boltdb database type but a different one was received")
 	}
 
-	store := datastore.NewStore(flags, fileService, connection)
+	store := datastore.NewStore(*flags.Data, fileService, connection)
 
 	isNew, err := store.Open()
 	if err != nil {
@@ -120,7 +120,7 @@ func initDataStore(flags *portainer.CLIFlags, secretKey []byte, fileService port
 			log.Fatal().Err(err).Msg("failed generating instance id")
 		}
 
-		migratorInstance := migrator.NewMigrator(&migrator.MigratorParameters{Flags: flags})
+		migratorInstance := migrator.NewMigrator(&migrator.MigratorParameters{})
 		migratorCount := migratorInstance.GetMigratorCountOfCurrentAPIVersion()
 
 		// from MigrateData
@@ -238,10 +238,10 @@ func updateSettingsFromFlags(dataStore dataservices.DataStore, flags *portainer.
 		return err
 	}
 
-	settings.SnapshotInterval = cmp.Or(*flags.SnapshotInterval, settings.SnapshotInterval)
-	settings.LogoURL = cmp.Or(*flags.Logo, settings.LogoURL)
-	settings.EnableEdgeComputeFeatures = cmp.Or(*flags.EnableEdgeComputeFeatures, settings.EnableEdgeComputeFeatures)
-	settings.TemplatesURL = cmp.Or(*flags.Templates, settings.TemplatesURL)
+	settings.SnapshotInterval = *cmp.Or(flags.SnapshotInterval, &settings.SnapshotInterval)
+	settings.LogoURL = *cmp.Or(flags.Logo, &settings.LogoURL)
+	settings.EnableEdgeComputeFeatures = *cmp.Or(flags.EnableEdgeComputeFeatures, &settings.EnableEdgeComputeFeatures)
+	settings.TemplatesURL = *cmp.Or(flags.Templates, &settings.TemplatesURL)
 
 	if *flags.Labels != nil {
 		settings.BlackListedLabels = *flags.Labels

api/connection.go

@@ -40,7 +40,6 @@ type Connection interface {
 	GetDatabaseFileName() string
 	GetDatabaseFilePath() string
 	GetStorePath() string
-	GetDatabaseFileSize() (int64, error)
 
 	IsEncryptedStore() bool
 	NeedsEncryptionMigration() (bool, error)

api/database/boltdb/db.go

@@ -62,15 +62,6 @@ func (connection *DbConnection) GetStorePath() string {
 	return connection.Path
 }
 
-func (connection *DbConnection) GetDatabaseFileSize() (int64, error) {
-	file, err := os.Stat(connection.GetDatabaseFilePath())
-	if err != nil {
-		return 0, fmt.Errorf("Failed to stat database file path: %s err: %w", connection.GetDatabaseFilePath(), err)
-	}
-
-	return file.Size(), nil
-}
-
 func (connection *DbConnection) SetEncrypted(flag bool) {
 	connection.isEncrypted = flag
 }

api/database/boltdb/json_test.go

@@ -10,7 +10,7 @@ import (
 )
 
 const (
-	jsonobject = `{"LogoURL":"","BlackListedLabels":[],"AuthenticationMethod":1,"InternalAuthSettings": {"RequiredPasswordLength": 12}"LDAPSettings":{"AnonymousMode":true,"ReaderDN":"","URL":"","TLSConfig":{"TLS":false,"TLSSkipVerify":false},"StartTLS":false,"SearchSettings":[{"BaseDN":"","Filter":"","UserNameAttribute":""}],"GroupSearchSettings":[{"GroupBaseDN":"","GroupFilter":"","GroupAttribute":""}],"AutoCreateUsers":true},"OAuthSettings":{"ClientID":"","AccessTokenURI":"","AuthorizationURI":"","ResourceURI":"","RedirectURI":"","UserIdentifier":"","Scopes":"","OAuthAutoCreateUsers":false,"DefaultTeamID":0,"SSO":true,"LogoutURI":"","KubeSecretKey":"j0zLVtY/lAWBk62ByyF0uP80SOXaitsABP0TTJX8MhI="},"OpenAMTConfiguration":{"Enabled":false,"MPSServer":"","MPSUser":"","MPSPassword":"","MPSToken":"","CertFileContent":"","CertFileName":"","CertFilePassword":"","DomainName":""},"FeatureFlagSettings":{},"SnapshotInterval":"5m","TemplatesURL":"https://raw.githubusercontent.com/portainer/templates/master/templates-2.0.json","EdgeAgentCheckinInterval":5,"EnableEdgeComputeFeatures":false,"UserSessionTimeout":"8h","KubeconfigExpiry":"0","EnableTelemetry":true,"HelmRepositoryURL":"https://kubernetes.github.io/ingress-nginx","KubectlShellImage":"portainer/kubectl-shell","DisplayDonationHeader":false,"DisplayExternalContributors":false,"EnableHostManagementFeatures":false,"AllowVolumeBrowserForRegularUsers":false,"AllowBindMountsForRegularUsers":false,"AllowPrivilegedModeForRegularUsers":false,"AllowHostNamespaceForRegularUsers":false,"AllowStackManagementForRegularUsers":false,"AllowDeviceMappingForRegularUsers":false,"AllowContainerCapabilitiesForRegularUsers":false}`
+	jsonobject = `{"LogoURL":"","BlackListedLabels":[],"AuthenticationMethod":1,"InternalAuthSettings": {"RequiredPasswordLength": 12}"LDAPSettings":{"AnonymousMode":true,"ReaderDN":"","URL":"","TLSConfig":{"TLS":false,"TLSSkipVerify":false},"StartTLS":false,"SearchSettings":[{"BaseDN":"","Filter":"","UserNameAttribute":""}],"GroupSearchSettings":[{"GroupBaseDN":"","GroupFilter":"","GroupAttribute":""}],"AutoCreateUsers":true},"OAuthSettings":{"ClientID":"","AccessTokenURI":"","AuthorizationURI":"","ResourceURI":"","RedirectURI":"","UserIdentifier":"","Scopes":"","OAuthAutoCreateUsers":false,"DefaultTeamID":0,"SSO":true,"LogoutURI":"","KubeSecretKey":"j0zLVtY/lAWBk62ByyF0uP80SOXaitsABP0TTJX8MhI="},"OpenAMTConfiguration":{"Enabled":false,"MPSServer":"","MPSUser":"","MPSPassword":"","MPSToken":"","CertFileContent":"","CertFileName":"","CertFilePassword":"","DomainName":""},"FeatureFlagSettings":{},"SnapshotInterval":"5m","TemplatesURL":"https://raw.githubusercontent.com/portainer/templates/master/templates-2.0.json","EdgeAgentCheckinInterval":5,"EnableEdgeComputeFeatures":false,"UserSessionTimeout":"8h","KubeconfigExpiry":"0","EnableTelemetry":true,"HelmRepositoryURL":"https://charts.bitnami.com/bitnami","KubectlShellImage":"portainer/kubectl-shell","DisplayDonationHeader":false,"DisplayExternalContributors":false,"EnableHostManagementFeatures":false,"AllowVolumeBrowserForRegularUsers":false,"AllowBindMountsForRegularUsers":false,"AllowPrivilegedModeForRegularUsers":false,"AllowHostNamespaceForRegularUsers":false,"AllowStackManagementForRegularUsers":false,"AllowDeviceMappingForRegularUsers":false,"AllowContainerCapabilitiesForRegularUsers":false}`
 	passphrase = "my secret key"
 )
 

api/dataservices/edgestack/edgestack.go

@@ -15,7 +15,7 @@ type Service struct {
 	connection          portainer.Connection
 	idxVersion          map[portainer.EdgeStackID]int
 	mu                  sync.RWMutex
-	cacheInvalidationFn func(portainer.Transaction, portainer.EdgeStackID)
+	cacheInvalidationFn func(portainer.EdgeStackID)
 }
 
 func (service *Service) BucketName() string {
@@ -23,7 +23,7 @@ func (service *Service) BucketName() string {
 }
 
 // NewService creates a new instance of a service.
-func NewService(connection portainer.Connection, cacheInvalidationFn func(portainer.Transaction, portainer.EdgeStackID)) (*Service, error) {
+func NewService(connection portainer.Connection, cacheInvalidationFn func(portainer.EdgeStackID)) (*Service, error) {
 	err := connection.SetServiceName(BucketName)
 	if err != nil {
 		return nil, err
@@ -36,7 +36,7 @@ func NewService(connection portainer.Connection, cacheInvalidationFn func(portai
 	}
 
 	if s.cacheInvalidationFn == nil {
-		s.cacheInvalidationFn = func(portainer.Transaction, portainer.EdgeStackID) {}
+		s.cacheInvalidationFn = func(portainer.EdgeStackID) {}
 	}
 
 	es, err := s.EdgeStacks()
@@ -106,7 +106,7 @@ func (service *Service) Create(id portainer.EdgeStackID, edgeStack *portainer.Ed
 
 	service.mu.Lock()
 	service.idxVersion[id] = edgeStack.Version
-	service.cacheInvalidationFn(service.connection, id)
+	service.cacheInvalidationFn(id)
 	service.mu.Unlock()
 
 	return nil
@@ -125,7 +125,7 @@ func (service *Service) UpdateEdgeStack(ID portainer.EdgeStackID, edgeStack *por
 	}
 
 	service.idxVersion[ID] = edgeStack.Version
-	service.cacheInvalidationFn(service.connection, ID)
+	service.cacheInvalidationFn(ID)
 
 	return nil
 }
@@ -142,7 +142,7 @@ func (service *Service) UpdateEdgeStackFunc(ID portainer.EdgeStackID, updateFunc
 		updateFunc(edgeStack)
 
 		service.idxVersion[ID] = edgeStack.Version
-		service.cacheInvalidationFn(service.connection, ID)
+		service.cacheInvalidationFn(ID)
 	})
 }
 
@@ -165,7 +165,7 @@ func (service *Service) DeleteEdgeStack(ID portainer.EdgeStackID) error {
 
 	delete(service.idxVersion, ID)
 
-	service.cacheInvalidationFn(service.connection, ID)
+	service.cacheInvalidationFn(ID)
 
 	return nil
 }

api/dataservices/edgestack/tx.go

@@ -44,7 +44,8 @@ func (service ServiceTx) EdgeStack(ID portainer.EdgeStackID) (*portainer.EdgeSta
 	var stack portainer.EdgeStack
 	identifier := service.service.connection.ConvertToKey(int(ID))
 
-	if err := service.tx.GetObject(BucketName, identifier, &stack); err != nil {
+	err := service.tx.GetObject(BucketName, identifier, &stack)
+	if err != nil {
 		return nil, err
 	}
 
@@ -64,17 +65,18 @@ func (service ServiceTx) EdgeStackVersion(ID portainer.EdgeStackID) (int, bool)
 func (service ServiceTx) Create(id portainer.EdgeStackID, edgeStack *portainer.EdgeStack) error {
 	edgeStack.ID = id
 
-	if err := service.tx.CreateObjectWithId(
+	err := service.tx.CreateObjectWithId(
 		BucketName,
 		int(edgeStack.ID),
 		edgeStack,
-	); err != nil {
+	)
+	if err != nil {
 		return err
 	}
 
 	service.service.mu.Lock()
 	service.service.idxVersion[id] = edgeStack.Version
-	service.service.cacheInvalidationFn(service.tx, id)
+	service.service.cacheInvalidationFn(id)
 	service.service.mu.Unlock()
 
 	return nil
@@ -87,12 +89,13 @@ func (service ServiceTx) UpdateEdgeStack(ID portainer.EdgeStackID, edgeStack *po
 
 	identifier := service.service.connection.ConvertToKey(int(ID))
 
-	if err := service.tx.UpdateObject(BucketName, identifier, edgeStack); err != nil {
+	err := service.tx.UpdateObject(BucketName, identifier, edgeStack)
+	if err != nil {
 		return err
 	}
 
 	service.service.idxVersion[ID] = edgeStack.Version
-	service.service.cacheInvalidationFn(service.tx, ID)
+	service.service.cacheInvalidationFn(ID)
 
 	return nil
 }
@@ -116,13 +119,14 @@ func (service ServiceTx) DeleteEdgeStack(ID portainer.EdgeStackID) error {
 
 	identifier := service.service.connection.ConvertToKey(int(ID))
 
-	if err := service.tx.DeleteObject(BucketName, identifier); err != nil {
+	err := service.tx.DeleteObject(BucketName, identifier)
+	if err != nil {
 		return err
 	}
 
 	delete(service.service.idxVersion, ID)
 
-	service.service.cacheInvalidationFn(service.tx, ID)
+	service.service.cacheInvalidationFn(ID)
 
 	return nil
 }

api/dataservices/endpointrelation/endpointrelation.go

@@ -1,8 +1,6 @@
 package endpointrelation
 
 import (
-	"sync"
-
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/internal/edge/cache"
@@ -15,15 +13,11 @@ const BucketName = "endpoint_relations"
 
 // Service represents a service for managing environment(endpoint) relation data.
 type Service struct {
-	connection             portainer.Connection
-	updateStackFn          func(ID portainer.EdgeStackID, updateFunc func(edgeStack *portainer.EdgeStack)) error
-	updateStackFnTx        func(tx portainer.Transaction, ID portainer.EdgeStackID, updateFunc func(edgeStack *portainer.EdgeStack)) error
-	endpointRelationsCache []portainer.EndpointRelation
-	mu                     sync.Mutex
+	connection      portainer.Connection
+	updateStackFn   func(ID portainer.EdgeStackID, updateFunc func(edgeStack *portainer.EdgeStack)) error
+	updateStackFnTx func(tx portainer.Transaction, ID portainer.EdgeStackID, updateFunc func(edgeStack *portainer.EdgeStack)) error
 }
 
-var _ dataservices.EndpointRelationService = &Service{}
-
 func (service *Service) BucketName() string {
 	return BucketName
 }
@@ -82,10 +76,6 @@ func (service *Service) Create(endpointRelation *portainer.EndpointRelation) err
 	err := service.connection.CreateObjectWithId(BucketName, int(endpointRelation.EndpointID), endpointRelation)
 	cache.Del(endpointRelation.EndpointID)
 
-	service.mu.Lock()
-	service.endpointRelationsCache = nil
-	service.mu.Unlock()
-
 	return err
 }
 
@@ -102,27 +92,11 @@ func (service *Service) UpdateEndpointRelation(endpointID portainer.EndpointID,
 
 	updatedRelationState, _ := service.EndpointRelation(endpointID)
 
-	service.mu.Lock()
-	service.endpointRelationsCache = nil
-	service.mu.Unlock()
-
 	service.updateEdgeStacksAfterRelationChange(previousRelationState, updatedRelationState)
 
 	return nil
 }
 
-func (service *Service) AddEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error {
-	return service.connection.ViewTx(func(tx portainer.Transaction) error {
-		return service.Tx(tx).AddEndpointRelationsForEdgeStack(endpointIDs, edgeStackID)
-	})
-}
-
-func (service *Service) RemoveEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error {
-	return service.connection.ViewTx(func(tx portainer.Transaction) error {
-		return service.Tx(tx).RemoveEndpointRelationsForEdgeStack(endpointIDs, edgeStackID)
-	})
-}
-
 // DeleteEndpointRelation deletes an Environment(Endpoint) relation object
 func (service *Service) DeleteEndpointRelation(endpointID portainer.EndpointID) error {
 	deletedRelation, _ := service.EndpointRelation(endpointID)
@@ -134,15 +108,27 @@ func (service *Service) DeleteEndpointRelation(endpointID portainer.EndpointID)
 		return err
 	}
 
-	service.mu.Lock()
-	service.endpointRelationsCache = nil
-	service.mu.Unlock()
-
 	service.updateEdgeStacksAfterRelationChange(deletedRelation, nil)
 
 	return nil
 }
 
+func (service *Service) InvalidateEdgeCacheForEdgeStack(edgeStackID portainer.EdgeStackID) {
+	rels, err := service.EndpointRelations()
+	if err != nil {
+		log.Error().Err(err).Msg("cannot retrieve endpoint relations")
+		return
+	}
+
+	for _, rel := range rels {
+		for id := range rel.EdgeStacks {
+			if edgeStackID == id {
+				cache.Del(rel.EndpointID)
+			}
+		}
+	}
+}
+
 func (service *Service) updateEdgeStacksAfterRelationChange(previousRelationState *portainer.EndpointRelation, updatedRelationState *portainer.EndpointRelation) {
 	relations, _ := service.EndpointRelations()
 

api/dataservices/endpointrelation/tx.go

@@ -13,8 +13,6 @@ type ServiceTx struct {
 	tx      portainer.Transaction
 }
 
-var _ dataservices.EndpointRelationService = &ServiceTx{}
-
 func (service ServiceTx) BucketName() string {
 	return BucketName
 }
@@ -47,10 +45,6 @@ func (service ServiceTx) Create(endpointRelation *portainer.EndpointRelation) er
 	err := service.tx.CreateObjectWithId(BucketName, int(endpointRelation.EndpointID), endpointRelation)
 	cache.Del(endpointRelation.EndpointID)
 
-	service.service.mu.Lock()
-	service.service.endpointRelationsCache = nil
-	service.service.mu.Unlock()
-
 	return err
 }
 
@@ -67,67 +61,11 @@ func (service ServiceTx) UpdateEndpointRelation(endpointID portainer.EndpointID,
 
 	updatedRelationState, _ := service.EndpointRelation(endpointID)
 
-	service.service.mu.Lock()
-	service.service.endpointRelationsCache = nil
-	service.service.mu.Unlock()
-
 	service.updateEdgeStacksAfterRelationChange(previousRelationState, updatedRelationState)
 
 	return nil
 }
 
-func (service ServiceTx) AddEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error {
-	for _, endpointID := range endpointIDs {
-		rel, err := service.EndpointRelation(endpointID)
-		if err != nil {
-			return err
-		}
-
-		rel.EdgeStacks[edgeStackID] = true
-
-		identifier := service.service.connection.ConvertToKey(int(endpointID))
-		err = service.tx.UpdateObject(BucketName, identifier, rel)
-		cache.Del(endpointID)
-		if err != nil {
-			return err
-		}
-	}
-
-	if err := service.service.updateStackFnTx(service.tx, edgeStackID, func(edgeStack *portainer.EdgeStack) {
-		edgeStack.NumDeployments += len(endpointIDs)
-	}); err != nil {
-		log.Error().Err(err).Msg("could not update the number of deployments")
-	}
-
-	return nil
-}
-
-func (service ServiceTx) RemoveEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error {
-	for _, endpointID := range endpointIDs {
-		rel, err := service.EndpointRelation(endpointID)
-		if err != nil {
-			return err
-		}
-
-		delete(rel.EdgeStacks, edgeStackID)
-
-		identifier := service.service.connection.ConvertToKey(int(endpointID))
-		err = service.tx.UpdateObject(BucketName, identifier, rel)
-		cache.Del(endpointID)
-		if err != nil {
-			return err
-		}
-	}
-
-	if err := service.service.updateStackFnTx(service.tx, edgeStackID, func(edgeStack *portainer.EdgeStack) {
-		edgeStack.NumDeployments -= len(endpointIDs)
-	}); err != nil {
-		log.Error().Err(err).Msg("could not update the number of deployments")
-	}
-
-	return nil
-}
-
 // DeleteEndpointRelation deletes an Environment(Endpoint) relation object
 func (service ServiceTx) DeleteEndpointRelation(endpointID portainer.EndpointID) error {
 	deletedRelation, _ := service.EndpointRelation(endpointID)
@@ -139,44 +77,27 @@ func (service ServiceTx) DeleteEndpointRelation(endpointID portainer.EndpointID)
 		return err
 	}
 
-	service.service.mu.Lock()
-	service.service.endpointRelationsCache = nil
-	service.service.mu.Unlock()
-
 	service.updateEdgeStacksAfterRelationChange(deletedRelation, nil)
 
 	return nil
 }
 
 func (service ServiceTx) InvalidateEdgeCacheForEdgeStack(edgeStackID portainer.EdgeStackID) {
-	rels, err := service.cachedEndpointRelations()
+	rels, err := service.EndpointRelations()
 	if err != nil {
 		log.Error().Err(err).Msg("cannot retrieve endpoint relations")
 		return
 	}
 
 	for _, rel := range rels {
-		if _, ok := rel.EdgeStacks[edgeStackID]; ok {
-			cache.Del(rel.EndpointID)
+		for id := range rel.EdgeStacks {
+			if edgeStackID == id {
+				cache.Del(rel.EndpointID)
+			}
 		}
 	}
 }
 
-func (service ServiceTx) cachedEndpointRelations() ([]portainer.EndpointRelation, error) {
-	service.service.mu.Lock()
-	defer service.service.mu.Unlock()
-
-	if service.service.endpointRelationsCache == nil {
-		var err error
-		service.service.endpointRelationsCache, err = service.EndpointRelations()
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	return service.service.endpointRelationsCache, nil
-}
-
 func (service ServiceTx) updateEdgeStacksAfterRelationChange(previousRelationState *portainer.EndpointRelation, updatedRelationState *portainer.EndpointRelation) {
 	relations, _ := service.EndpointRelations()
 
@@ -212,7 +133,6 @@ func (service ServiceTx) updateEdgeStacksAfterRelationChange(previousRelationSta
 		}
 
 		numDeployments := 0
-
 		for _, r := range relations {
 			for sId, enabled := range r.EdgeStacks {
 				if enabled && sId == refStackId {

api/dataservices/interface.go

@@ -115,8 +115,6 @@ type (
 		EndpointRelation(EndpointID portainer.EndpointID) (*portainer.EndpointRelation, error)
 		Create(endpointRelation *portainer.EndpointRelation) error
 		UpdateEndpointRelation(EndpointID portainer.EndpointID, endpointRelation *portainer.EndpointRelation) error
-		AddEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error
-		RemoveEndpointRelationsForEdgeStack(endpointIDs []portainer.EndpointID, edgeStackID portainer.EdgeStackID) error
 		DeleteEndpointRelation(EndpointID portainer.EndpointID) error
 		BucketName() string
 	}

api/datastore/datastore.go

@@ -16,9 +16,8 @@ import (
 )
 
 // NewStore initializes a new Store and the associated services
-func NewStore(cliFlags *portainer.CLIFlags, fileService portainer.FileService, connection portainer.Connection) *Store {
+func NewStore(storePath string, fileService portainer.FileService, connection portainer.Connection) *Store {
 	return &Store{
-		flags:       cliFlags,
 		fileService: fileService,
 		connection:  connection,
 	}

api/datastore/init.go

@@ -57,7 +57,7 @@ func (store *Store) checkOrCreateDefaultSettings() error {
 			HelmRepositoryURL:        portainer.DefaultHelmRepositoryURL,
 			UserSessionTimeout:       portainer.DefaultUserSessionTimeout,
 			KubeconfigExpiry:         portainer.DefaultKubeconfigExpiry,
-			KubectlShellImage:        *store.flags.KubectlShellImage,
+			KubectlShellImage:        portainer.DefaultKubectlShellImage,
 
 			IsDockerDesktopExtension: isDDExtention,
 		}

api/datastore/migrate_data.go

@@ -32,7 +32,7 @@ func (store *Store) MigrateData() error {
 		return errors.Wrap(err, "while migrating legacy version")
 	}
 
-	migratorParams := store.newMigratorParameters(version, store.flags)
+	migratorParams := store.newMigratorParameters(version)
 	migrator := migrator.NewMigrator(migratorParams)
 
 	if !migrator.NeedsMigration() {
@@ -62,9 +62,8 @@ func (store *Store) MigrateData() error {
 	return nil
 }
 
-func (store *Store) newMigratorParameters(version *models.Version, flags *portainer.CLIFlags) *migrator.MigratorParameters {
+func (store *Store) newMigratorParameters(version *models.Version) *migrator.MigratorParameters {
 	return &migrator.MigratorParameters{
-		Flags:                   flags,
 		CurrentDBVersion:        version,
 		EndpointGroupService:    store.EndpointGroupService,
 		EndpointService:         store.EndpointService,

api/datastore/migrate_data_test.go

@@ -109,7 +109,7 @@ func TestMigrateData(t *testing.T) {
 			t.FailNow()
 		}
 
-		migratorParams := store.newMigratorParameters(v, store.flags)
+		migratorParams := store.newMigratorParameters(v)
 		m := migrator.NewMigrator(migratorParams)
 		latestMigrations := m.LatestMigrations()
 

api/datastore/migrate_dbversion29_test.go

@@ -48,7 +48,6 @@ func TestMigrateSettings(t *testing.T) {
 	}
 
 	m := migrator.NewMigrator(&migrator.MigratorParameters{
-		Flags:                   store.flags,
 		EndpointGroupService:    store.EndpointGroupService,
 		EndpointService:         store.EndpointService,
 		EndpointRelationService: store.EndpointRelationService,

api/datastore/migrator/migrate_dbversion32.go

@@ -1,6 +1,8 @@
 package migrator
 
 import (
+	portainer "github.com/portainer/portainer/api"
+
 	"github.com/rs/zerolog/log"
 )
 
@@ -18,7 +20,7 @@ func (m *Migrator) migrateSettingsToDB33() error {
 	}
 
 	log.Info().Msg("setting default kubectl shell image")
-	settings.KubectlShellImage = *m.flags.KubectlShellImage
+	settings.KubectlShellImage = portainer.DefaultKubectlShellImage
 
 	return m.settingsService.UpdateSettings(settings)
 }

api/datastore/migrator/migrator.go

@@ -33,7 +33,6 @@ import (
 type (
 	// Migrator defines a service to migrate data after a Portainer version update.
 	Migrator struct {
-		flags            *portainer.CLIFlags
 		currentDBVersion *models.Version
 		migrations       []Migrations
 
@@ -63,7 +62,6 @@ type (
 
 	// MigratorParameters represents the required parameters to create a new Migrator instance.
 	MigratorParameters struct {
-		Flags                   *portainer.CLIFlags
 		CurrentDBVersion        *models.Version
 		EndpointGroupService    *endpointgroup.Service
 		EndpointService         *endpoint.Service
@@ -93,7 +91,6 @@ type (
 // NewMigrator creates a new Migrator.
 func NewMigrator(parameters *MigratorParameters) *Migrator {
 	migrator := &Migrator{
-		flags:                   parameters.Flags,
 		currentDBVersion:        parameters.CurrentDBVersion,
 		endpointGroupService:    parameters.EndpointGroupService,
 		endpointService:         parameters.EndpointService,

api/datastore/postinit/migrate_post_init.go

@@ -11,7 +11,6 @@ import (
 	"github.com/portainer/portainer/api/internal/endpointutils"
 	"github.com/portainer/portainer/api/kubernetes/cli"
 	"github.com/portainer/portainer/api/pendingactions/actions"
-	"github.com/portainer/portainer/pkg/endpoints"
 
 	"github.com/rs/zerolog/log"
 )
@@ -50,29 +49,17 @@ func (postInitMigrator *PostInitMigrator) PostInitMigrate() error {
 
 	for _, environment := range environments {
 		// edge environments will run after the server starts, in pending actions
-		if endpoints.IsEdgeEndpoint(&environment) {
-			// Skip edge environments that do not have direct connectivity
-			if !endpoints.HasDirectConnectivity(&environment) {
-				continue
-			}
-
-			log.Info().
-				Int("endpoint_id", int(environment.ID)).
-				Msg("adding pending action 'PostInitMigrateEnvironment' for environment")
-
-			if err := postInitMigrator.createPostInitMigrationPendingAction(environment.ID); err != nil {
-				log.Error().
-					Err(err).
-					Int("endpoint_id", int(environment.ID)).
-					Msg("error creating pending action for environment")
+		if endpointutils.IsEdgeEndpoint(&environment) {
+			log.Info().Msgf("Adding pending action 'PostInitMigrateEnvironment' for environment %d", environment.ID)
+			err = postInitMigrator.createPostInitMigrationPendingAction(environment.ID)
+			if err != nil {
+				log.Error().Err(err).Msgf("Error creating pending action for environment %d", environment.ID)
 			}
 		} else {
-			// Non-edge environments will run before the server starts.
-			if err := postInitMigrator.MigrateEnvironment(&environment); err != nil {
-				log.Error().
-					Err(err).
-					Int("endpoint_id", int(environment.ID)).
-					Msg("error running post-init migrations for non-edge environment")
+			// non-edge environments will run before the server starts.
+			err = postInitMigrator.MigrateEnvironment(&environment)
+			if err != nil {
+				log.Error().Err(err).Msgf("Error running post-init migrations for non-edge environment %d", environment.ID)
 			}
 		}
 

api/datastore/services.go

@@ -42,7 +42,6 @@ import (
 // Store defines the implementation of portainer.DataStore using
 // BoltDB as the storage system.
 type Store struct {
-	flags      *portainer.CLIFlags
 	connection portainer.Connection
 
 	fileService               portainer.FileService
@@ -100,9 +99,7 @@ func (store *Store) initServices() error {
 	}
 	store.EndpointRelationService = endpointRelationService
 
-	edgeStackService, err := edgestack.NewService(store.connection, func(tx portainer.Transaction, ID portainer.EdgeStackID) {
-		endpointRelationService.Tx(tx).InvalidateEdgeCacheForEdgeStack(ID)
-	})
+	edgeStackService, err := edgestack.NewService(store.connection, endpointRelationService.InvalidateEdgeCacheForEdgeStack)
 	if err != nil {
 		return err
 	}

api/datastore/test_data/output_24_to_latest.json

@@ -605,12 +605,12 @@
     "GlobalDeploymentOptions": {
       "hideStacksFunctionality": false
     },
-    "HelmRepositoryURL": "",
+    "HelmRepositoryURL": "https://charts.bitnami.com/bitnami",
     "InternalAuthSettings": {
       "RequiredPasswordLength": 12
     },
     "KubeconfigExpiry": "0",
-    "KubectlShellImage": "portainer/kubectl-shell:2.27.1",
+    "KubectlShellImage": "portainer/kubectl-shell:2.24.0",
     "LDAPSettings": {
       "AnonymousMode": true,
       "AutoCreateUsers": true,
@@ -672,7 +672,6 @@
     {
       "Docker": {
         "ContainerCount": 0,
-        "DiagnosticsData": {},
         "DockerSnapshotRaw": {
           "Containers": null,
           "Images": null,
@@ -943,7 +942,7 @@
     }
   ],
   "version": {
-    "VERSION": "{\"SchemaVersion\":\"2.27.1\",\"MigratorCount\":0,\"Edition\":1,\"InstanceID\":\"463d5c47-0ea5-4aca-85b1-405ceefee254\"}"
+    "VERSION": "{\"SchemaVersion\":\"2.24.0\",\"MigratorCount\":0,\"Edition\":1,\"InstanceID\":\"463d5c47-0ea5-4aca-85b1-405ceefee254\"}"
   },
   "webhooks": null
 }

api/datastore/teststore.go

@@ -29,10 +29,6 @@ func MustNewTestStore(t testing.TB, init, secure bool) (bool, *Store) {
 func NewTestStore(t testing.TB, init, secure bool) (bool, *Store, func(), error) {
 	// Creates unique temp directory in a concurrency friendly manner.
 	storePath := t.TempDir()
-	defaultKubectlShellImage := portainer.DefaultKubectlShellImage
-	flags := &portainer.CLIFlags{
-		KubectlShellImage: &defaultKubectlShellImage,
-	}
 
 	fileService, err := filesystem.NewService(storePath, "")
 	if err != nil {
@@ -49,7 +45,7 @@ func NewTestStore(t testing.TB, init, secure bool) (bool, *Store, func(), error)
 		panic(err)
 	}
 
-	store := NewStore(flags, fileService, connection)
+	store := NewStore(storePath, fileService, connection)
 	newStore, err := store.Open()
 	if err != nil {
 		return newStore, nil, nil, err

api/docker/client/client.go

@@ -3,8 +3,8 @@ package client
 import (
 	"bytes"
 	"errors"
-	"fmt"
 	"io"
+	"maps"
 	"net/http"
 	"strings"
 	"time"
@@ -141,6 +141,7 @@ func createAgentClient(endpoint *portainer.Endpoint, endpointURL string, signatu
 
 type NodeNameTransport struct {
 	*http.Transport
+	nodeNames map[string]string
 }
 
 func (t *NodeNameTransport) RoundTrip(req *http.Request) (*http.Response, error) {
@@ -175,19 +176,18 @@ func (t *NodeNameTransport) RoundTrip(req *http.Request) (*http.Response, error)
 		return resp, nil
 	}
 
-	nodeNames, ok := req.Context().Value("nodeNames").(map[string]string)
-	if ok {
-		for idx, r := range rs {
-			// as there is no way to differentiate the same image available in multiple nodes only by their ID
-			// we append the index of the image in the payload response to match the node name later
-			// from the image.Summary[] list returned by docker's client.ImageList()
-			nodeNames[fmt.Sprintf("%s-%d", r.ID, idx)] = r.Portainer.Agent.NodeName
-		}
+	t.nodeNames = make(map[string]string)
+	for _, r := range rs {
+		t.nodeNames[r.ID] = r.Portainer.Agent.NodeName
 	}
 
 	return resp, err
 }
 
+func (t *NodeNameTransport) NodeNames() map[string]string {
+	return maps.Clone(t.nodeNames)
+}
+
 func httpClient(endpoint *portainer.Endpoint, timeout *time.Duration) (*http.Client, error) {
 	transport := &NodeNameTransport{
 		Transport: &http.Transport{},

api/docker/images/puller.go

@@ -6,7 +6,7 @@ import (
 
 	"github.com/portainer/portainer/api/dataservices"
 
-	"github.com/docker/docker/api/types/image"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
 	"github.com/rs/zerolog/log"
 )
@@ -25,18 +25,18 @@ func NewPuller(client *client.Client, registryClient *RegistryClient, dataStore
 	}
 }
 
-func (puller *Puller) Pull(ctx context.Context, img Image) error {
-	log.Debug().Str("image", img.FullName()).Msg("starting to pull the image")
+func (puller *Puller) Pull(ctx context.Context, image Image) error {
+	log.Debug().Str("image", image.FullName()).Msg("starting to pull the image")
 
-	registryAuth, err := puller.registryClient.EncodedRegistryAuth(img)
+	registryAuth, err := puller.registryClient.EncodedRegistryAuth(image)
 	if err != nil {
 		log.Debug().
-			Str("image", img.FullName()).
+			Str("image", image.FullName()).
 			Err(err).
 			Msg("failed to get an encoded registry auth via image, try to pull image without registry auth")
 	}
 
-	out, err := puller.client.ImagePull(ctx, img.FullName(), image.PullOptions{
+	out, err := puller.client.ImagePull(ctx, image.FullName(), types.ImagePullOptions{
 		RegistryAuth: registryAuth,
 	})
 	if err != nil {

api/docker/snapshot.go

@@ -1,9 +1,20 @@
 package docker
 
 import (
+	"context"
+	"strings"
+	"time"
+
 	portainer "github.com/portainer/portainer/api"
 	dockerclient "github.com/portainer/portainer/api/docker/client"
-	"github.com/portainer/portainer/pkg/snapshot"
+	"github.com/portainer/portainer/api/docker/consts"
+
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/container"
+	_container "github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/volume"
+	"github.com/docker/docker/client"
+	"github.com/rs/zerolog/log"
 )
 
 // Snapshotter represents a service used to create environment(endpoint) snapshots
@@ -26,5 +37,247 @@ func (snapshotter *Snapshotter) CreateSnapshot(endpoint *portainer.Endpoint) (*p
 	}
 	defer cli.Close()
 
-	return snapshot.CreateDockerSnapshot(cli)
+	return snapshot(cli, endpoint)
+}
+
+func snapshot(cli *client.Client, endpoint *portainer.Endpoint) (*portainer.DockerSnapshot, error) {
+	if _, err := cli.Ping(context.Background()); err != nil {
+		return nil, err
+	}
+
+	snapshot := &portainer.DockerSnapshot{
+		StackCount: 0,
+	}
+
+	if err := snapshotInfo(snapshot, cli); err != nil {
+		log.Warn().Str("environment", endpoint.Name).Err(err).Msg("unable to snapshot engine information")
+	}
+
+	if snapshot.Swarm {
+		if err := snapshotSwarmServices(snapshot, cli); err != nil {
+			log.Warn().Str("environment", endpoint.Name).Err(err).Msg("unable to snapshot Swarm services")
+		}
+
+		if err := snapshotNodes(snapshot, cli); err != nil {
+			log.Warn().Str("environment", endpoint.Name).Err(err).Msg("unable to snapshot Swarm nodes")
+		}
+	}
+
+	if err := snapshotContainers(snapshot, cli); err != nil {
+		log.Warn().Str("environment", endpoint.Name).Err(err).Msg("unable to snapshot containers")
+	}
+
+	if err := snapshotImages(snapshot, cli); err != nil {
+		log.Warn().Str("environment", endpoint.Name).Err(err).Msg("unable to snapshot images")
+	}
+
+	if err := snapshotVolumes(snapshot, cli); err != nil {
+		log.Warn().Str("environment", endpoint.Name).Err(err).Msg("unable to snapshot volumes")
+	}
+
+	if err := snapshotNetworks(snapshot, cli); err != nil {
+		log.Warn().Str("environment", endpoint.Name).Err(err).Msg("unable to snapshot networks")
+	}
+
+	if err := snapshotVersion(snapshot, cli); err != nil {
+		log.Warn().Str("environment", endpoint.Name).Err(err).Msg("unable to snapshot engine version")
+	}
+
+	snapshot.Time = time.Now().Unix()
+
+	return snapshot, nil
+}
+
+func snapshotInfo(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+	info, err := cli.Info(context.Background())
+	if err != nil {
+		return err
+	}
+
+	snapshot.Swarm = info.Swarm.ControlAvailable
+	snapshot.DockerVersion = info.ServerVersion
+	snapshot.TotalCPU = info.NCPU
+	snapshot.TotalMemory = info.MemTotal
+	snapshot.SnapshotRaw.Info = info
+
+	return nil
+}
+
+func snapshotNodes(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+	nodes, err := cli.NodeList(context.Background(), types.NodeListOptions{})
+	if err != nil {
+		return err
+	}
+
+	var nanoCpus int64
+	var totalMem int64
+
+	for _, node := range nodes {
+		nanoCpus += node.Description.Resources.NanoCPUs
+		totalMem += node.Description.Resources.MemoryBytes
+	}
+
+	snapshot.TotalCPU = int(nanoCpus / 1e9)
+	snapshot.TotalMemory = totalMem
+	snapshot.NodeCount = len(nodes)
+
+	return nil
+}
+
+func snapshotSwarmServices(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+	stacks := make(map[string]struct{})
+
+	services, err := cli.ServiceList(context.Background(), types.ServiceListOptions{})
+	if err != nil {
+		return err
+	}
+
+	for _, service := range services {
+		for k, v := range service.Spec.Labels {
+			if k == "com.docker.stack.namespace" {
+				stacks[v] = struct{}{}
+			}
+		}
+	}
+
+	snapshot.ServiceCount = len(services)
+	snapshot.StackCount += len(stacks)
+
+	return nil
+}
+
+func snapshotContainers(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+	containers, err := cli.ContainerList(context.Background(), container.ListOptions{All: true})
+	if err != nil {
+		return err
+	}
+
+	stacks := make(map[string]struct{})
+	gpuUseSet := make(map[string]struct{})
+	gpuUseAll := false
+
+	for _, container := range containers {
+		if container.State == "running" {
+			// Snapshot GPUs
+			response, err := cli.ContainerInspect(context.Background(), container.ID)
+			if err != nil {
+				// Inspect a container will fail when the container runs on a different
+				// Swarm node, so it is better to log the error instead of return error
+				// when the Swarm mode is enabled
+				if !snapshot.Swarm {
+					return err
+				} else {
+					if !strings.Contains(err.Error(), "No such container") {
+						return err
+					}
+					// It is common to have containers running on different Swarm nodes,
+					// so we just log the error in the debug level
+					log.Debug().Str("container", container.ID).Err(err).Msg("unable to inspect container in other Swarm nodes")
+				}
+			} else {
+				var gpuOptions *_container.DeviceRequest = nil
+				for _, deviceRequest := range response.HostConfig.Resources.DeviceRequests {
+					if deviceRequest.Driver == "nvidia" || deviceRequest.Capabilities[0][0] == "gpu" {
+						gpuOptions = &deviceRequest
+					}
+				}
+
+				if gpuOptions != nil {
+					if gpuOptions.Count == -1 {
+						gpuUseAll = true
+					}
+
+					for _, id := range gpuOptions.DeviceIDs {
+						gpuUseSet[id] = struct{}{}
+					}
+				}
+			}
+		}
+
+		for k, v := range container.Labels {
+			if k == consts.ComposeStackNameLabel {
+				stacks[v] = struct{}{}
+			}
+		}
+	}
+
+	gpuUseList := make([]string, 0, len(gpuUseSet))
+	for gpuUse := range gpuUseSet {
+		gpuUseList = append(gpuUseList, gpuUse)
+	}
+
+	snapshot.GpuUseAll = gpuUseAll
+	snapshot.GpuUseList = gpuUseList
+
+	stats := CalculateContainerStats(containers)
+
+	snapshot.ContainerCount = stats.Total
+	snapshot.RunningContainerCount = stats.Running
+	snapshot.StoppedContainerCount = stats.Stopped
+	snapshot.HealthyContainerCount = stats.Healthy
+	snapshot.UnhealthyContainerCount = stats.Unhealthy
+	snapshot.StackCount += len(stacks)
+
+	for _, container := range containers {
+		snapshot.SnapshotRaw.Containers = append(snapshot.SnapshotRaw.Containers, portainer.DockerContainerSnapshot{Container: container})
+	}
+
+	return nil
+}
+
+func snapshotImages(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+	images, err := cli.ImageList(context.Background(), types.ImageListOptions{})
+	if err != nil {
+		return err
+	}
+
+	snapshot.ImageCount = len(images)
+	snapshot.SnapshotRaw.Images = images
+
+	return nil
+}
+
+func snapshotVolumes(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+	volumes, err := cli.VolumeList(context.Background(), volume.ListOptions{})
+	if err != nil {
+		return err
+	}
+
+	snapshot.VolumeCount = len(volumes.Volumes)
+	snapshot.SnapshotRaw.Volumes = volumes
+
+	return nil
+}
+
+func snapshotNetworks(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+	networks, err := cli.NetworkList(context.Background(), types.NetworkListOptions{})
+	if err != nil {
+		return err
+	}
+
+	snapshot.SnapshotRaw.Networks = networks
+
+	return nil
+}
+
+func snapshotVersion(snapshot *portainer.DockerSnapshot, cli *client.Client) error {
+	version, err := cli.ServerVersion(context.Background())
+	if err != nil {
+		return err
+	}
+
+	snapshot.SnapshotRaw.Version = version
+	snapshot.IsPodman = isPodman(version)
+	return nil
+}
+
+// isPodman checks if the version is for Podman by checking if any of the components contain "podman".
+// If it's podman, a component name should be "Podman Engine"
+func isPodman(version types.Version) bool {
+	for _, component := range version.Components {
+		if strings.Contains(strings.ToLower(component.Name), "podman") {
+			return true
+		}
+	}
+	return false
 }

api/edge/edge.go

@@ -58,20 +58,6 @@ type (
 		// Used only for EE async edge agent
 		// ReadyRePullImage is a flag to indicate whether the auto update is trigger to re-pull image
 		ReadyRePullImage bool
-
-		DeployerOptionsPayload DeployerOptionsPayload
-	}
-
-	DeployerOptionsPayload struct {
-		// Prune is a flag indicating if the agent must prune the containers or not when creating/updating an edge stack
-		// This flag drives `docker compose up --remove-orphans` and `docker stack up --prune` options
-		// Used only for EE
-		Prune bool
-		// RemoveVolumes is a flag indicating if the agent must remove the named volumes declared
-		// in the compose file and anonymouse volumes attached to containers
-		// This flag drives `docker compose down --volumes` option
-		// Used only for EE
-		RemoveVolumes bool
 	}
 
 	// RegistryCredentials holds the credentials for a Docker registry.

api/exec/swarm_stack.go

@@ -127,7 +127,7 @@ func (manager *SwarmStackManager) Remove(stack *portainer.Stack, endpoint *porta
 		return err
 	}
 
-	args = append(args, "stack", "rm", "--detach=false", stack.Name)
+	args = append(args, "stack", "rm", stack.Name)
 
 	return runCommandAndCaptureStdErr(command, args, nil, "")
 }
@@ -199,7 +199,7 @@ func (manager *SwarmStackManager) updateDockerCLIConfiguration(configPath string
 
 	config, err := manager.retrieveConfigurationFromDisk(configFilePath)
 	if err != nil {
-		log.Warn().Err(err).Msg("unable to retrieve the Swarm configuration from disk, proceeding without it")
+		return err
 	}
 
 	signature, err := manager.signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)

api/filesystem/filesystem.go

@@ -841,11 +841,11 @@ func (service *Service) GetDefaultSSLCertsPath() (string, string) {
 }
 
 func defaultMTLSCertPathUnderFileStore() (string, string, string) {
-	caCertPath := JoinPaths(SSLCertPath, MTLSCACertFilename)
 	certPath := JoinPaths(SSLCertPath, MTLSCertFilename)
+	caCertPath := JoinPaths(SSLCertPath, MTLSCACertFilename)
 	keyPath := JoinPaths(SSLCertPath, MTLSKeyFilename)
 
-	return caCertPath, certPath, keyPath
+	return certPath, caCertPath, keyPath
 }
 
 // GetDefaultChiselPrivateKeyPath returns the chisle private key path
@@ -1014,45 +1014,26 @@ func CreateFile(path string, r io.Reader) error {
 	return err
 }
 
-func (service *Service) StoreMTLSCertificates(caCert, cert, key []byte) (string, string, string, error) {
-	caCertPath, certPath, keyPath := defaultMTLSCertPathUnderFileStore()
+func (service *Service) StoreMTLSCertificates(cert, caCert, key []byte) (string, string, string, error) {
+	certPath, caCertPath, keyPath := defaultMTLSCertPathUnderFileStore()
 
-	r := bytes.NewReader(caCert)
-	if err := service.createFileInStore(caCertPath, r); err != nil {
+	r := bytes.NewReader(cert)
+	err := service.createFileInStore(certPath, r)
+	if err != nil {
 		return "", "", "", err
 	}
 
-	r = bytes.NewReader(cert)
-	if err := service.createFileInStore(certPath, r); err != nil {
+	r = bytes.NewReader(caCert)
+	err = service.createFileInStore(caCertPath, r)
+	if err != nil {
 		return "", "", "", err
 	}
 
 	r = bytes.NewReader(key)
-	if err := service.createFileInStore(keyPath, r); err != nil {
+	err = service.createFileInStore(keyPath, r)
+	if err != nil {
 		return "", "", "", err
 	}
 
-	return service.wrapFileStore(caCertPath), service.wrapFileStore(certPath), service.wrapFileStore(keyPath), nil
-}
-
-func (service *Service) GetMTLSCertificates() (string, string, string, error) {
-	caCertPath, certPath, keyPath := defaultMTLSCertPathUnderFileStore()
-
-	caCertPath = service.wrapFileStore(caCertPath)
-	certPath = service.wrapFileStore(certPath)
-	keyPath = service.wrapFileStore(keyPath)
-
-	paths := [...]string{caCertPath, certPath, keyPath}
-	for _, path := range paths {
-		exists, err := service.FileExists(path)
-		if err != nil {
-			return "", "", "", err
-		}
-
-		if !exists {
-			return "", "", "", fmt.Errorf("file %s does not exist", path)
-		}
-	}
-
-	return caCertPath, certPath, keyPath, nil
+	return service.wrapFileStore(certPath), service.wrapFileStore(caCertPath), service.wrapFileStore(keyPath), nil
 }

api/filesystem/serialize_per_dev_configs.go

@@ -44,10 +44,11 @@ func deduplicate(dirEntries []DirEntry) []DirEntry {
 
 // FilterDirForPerDevConfigs filers the given dirEntries, returns entries for the given device
 // For given configPath A/B/C, return entries:
-//  1. all entries outside of dir A/B/C
-//  2. For filterType file:
+//  1. all entries outside of dir A
+//  2. dir entries A, A/B, A/B/C
+//  3. For filterType file:
 //     file entries: A/B/C/<deviceName> and A/B/C/<deviceName>.*
-//  3. For filterType dir:
+//  4. For filterType dir:
 //     dir entry:   A/B/C/<deviceName>
 //     all entries: A/B/C/<deviceName>/*
 func FilterDirForPerDevConfigs(dirEntries []DirEntry, deviceName, configPath string, filterType portainer.PerDevConfigsFilterType) []DirEntry {
@@ -65,7 +66,12 @@ func FilterDirForPerDevConfigs(dirEntries []DirEntry, deviceName, configPath str
 func shouldIncludeEntry(dirEntry DirEntry, deviceName, configPath string, filterType portainer.PerDevConfigsFilterType) bool {
 
 	// Include all entries outside of dir A
-	if !isInConfigDir(dirEntry, configPath) {
+	if !isInConfigRootDir(dirEntry, configPath) {
+		return true
+	}
+
+	// Include dir entries A, A/B, A/B/C
+	if isParentDir(dirEntry, configPath) {
 		return true
 	}
 
@@ -84,9 +90,21 @@ func shouldIncludeEntry(dirEntry DirEntry, deviceName, configPath string, filter
 	return false
 }
 
-func isInConfigDir(dirEntry DirEntry, configPath string) bool {
-	// return true if entry name starts with "A/B"
-	return strings.HasPrefix(dirEntry.Name, appendTailSeparator(configPath))
+func isInConfigRootDir(dirEntry DirEntry, configPath string) bool {
+	// get the first element of the configPath
+	rootDir := strings.Split(configPath, string(os.PathSeparator))[0]
+
+	// return true if entry name starts with "A/"
+	return strings.HasPrefix(dirEntry.Name, appendTailSeparator(rootDir))
+}
+
+func isParentDir(dirEntry DirEntry, configPath string) bool {
+	if dirEntry.IsFile {
+		return false
+	}
+
+	// return true for dir entries A, A/B, A/B/C
+	return strings.HasPrefix(appendTailSeparator(configPath), appendTailSeparator(dirEntry.Name))
 }
 
 func shouldIncludeFile(dirEntry DirEntry, deviceName, configPath string) bool {

api/filesystem/serialize_per_dev_configs_test.go

@@ -90,24 +90,3 @@ func TestMultiFilterDirForPerDevConfigs(t *testing.T) {
 		})
 	}
 }
-
-func TestIsInConfigDir(t *testing.T) {
-	f := func(dirEntry DirEntry, configPath string, expect bool) {
-		t.Helper()
-
-		actual := isInConfigDir(dirEntry, configPath)
-		assert.Equal(t, expect, actual)
-	}
-
-	f(DirEntry{Name: "edge-configs"}, "edge-configs", false)
-	f(DirEntry{Name: "edge-configs_backup"}, "edge-configs", false)
-	f(DirEntry{Name: "edge-configs/standalone-edge-agent-standard"}, "edge-configs", true)
-	f(DirEntry{Name: "parent/edge-configs/"}, "edge-configs", false)
-	f(DirEntry{Name: "edgestacktest"}, "edgestacktest/edge-configs", false)
-	f(DirEntry{Name: "edgestacktest/edgeconfigs-test.yaml"}, "edgestacktest/edge-configs", false)
-	f(DirEntry{Name: "edgestacktest/file1.conf"}, "edgestacktest/edge-configs", false)
-	f(DirEntry{Name: "edgeconfigs-test.yaml"}, "edgestacktest/edge-configs", false)
-	f(DirEntry{Name: "edgestacktest/edge-configs"}, "edgestacktest/edge-configs", false)
-	f(DirEntry{Name: "edgestacktest/edge-configs/standalone-edge-agent-async"}, "edgestacktest/edge-configs", true)
-	f(DirEntry{Name: "edgestacktest/edge-configs/abc.txt"}, "edgestacktest/edge-configs", true)
-}

api/hostmanagement/openamt/deviceActions.go

@@ -44,13 +44,13 @@ func (service *Service) executeDeviceAction(configuration portainer.OpenAMTConfi
 }
 
 func parseAction(actionRaw string) (portainer.PowerState, error) {
-	if strings.EqualFold(actionRaw, "power on") {
+	switch strings.ToLower(actionRaw) {
+	case "power on":
 		return powerOnState, nil
-	} else if strings.EqualFold(actionRaw, "power off") {
+	case "power off":
 		return powerOffState, nil
-	} else if strings.EqualFold(actionRaw, "restart") {
+	case "restart":
 		return restartState, nil
 	}
-
 	return 0, fmt.Errorf("unsupported device action %s", actionRaw)
 }

api/http/csrf/csrf.go

@@ -13,12 +13,6 @@ import (
 	"github.com/urfave/negroni"
 )
 
-const csrfSkipHeader = "X-CSRF-Token-Skip"
-
-func SkipCSRFToken(w http.ResponseWriter) {
-	w.Header().Set(csrfSkipHeader, "1")
-}
-
 func WithProtect(handler http.Handler) (http.Handler, error) {
 	// IsDockerDesktopExtension is used to check if we should skip csrf checks in the request bouncer (ShouldSkipCSRFCheck)
 	// DOCKER_EXTENSION is set to '1' in build/docker-extension/docker-compose.yml
@@ -48,14 +42,10 @@ func withSendCSRFToken(handler http.Handler) http.Handler {
 		sw := negroni.NewResponseWriter(w)
 
 		sw.Before(func(sw negroni.ResponseWriter) {
-			if len(sw.Header().Get(csrfSkipHeader)) > 0 {
-				sw.Header().Del(csrfSkipHeader)
-
-				return
-			}
-
-			if statusCode := sw.Status(); statusCode >= 200 && statusCode < 300 {
-				sw.Header().Set("X-CSRF-Token", gorillacsrf.Token(r))
+			statusCode := sw.Status()
+			if statusCode >= 200 && statusCode < 300 {
+				csrfToken := gorillacsrf.Token(r)
+				sw.Header().Set("X-CSRF-Token", csrfToken)
 			}
 		})
 

api/http/handler/customtemplates/customtemplate_create.go

@@ -482,3 +482,28 @@ func (handler *Handler) createCustomTemplateFromFileUpload(r *http.Request) (*po
 
 	return customTemplate, nil
 }
+
+// @id CustomTemplateCreate
+// @summary Create a custom template
+// @description Create a custom template.
+// @description **Access policy**: authenticated
+// @tags custom_templates
+// @security ApiKeyAuth
+// @security jwt
+// @accept json,multipart/form-data
+// @produce json
+// @param method query string true "method for creating template" Enums(string, file, repository)
+// @param body body object true "for body documentation see the relevant /custom_templates/{method} endpoint"
+// @success 200 {object} portainer.CustomTemplate
+// @failure 400 "Invalid request"
+// @failure 500 "Server error"
+// @deprecated
+// @router /custom_templates [post]
+func deprecatedCustomTemplateCreateUrlParser(w http.ResponseWriter, r *http.Request) (string, *httperror.HandlerError) {
+	method, err := request.RetrieveQueryParameter(r, "method", false)
+	if err != nil {
+		return "", httperror.BadRequest("Invalid query parameter: method", err)
+	}
+
+	return "/custom_templates/create/" + method, nil
+}

api/http/handler/customtemplates/handler.go

@@ -7,6 +7,7 @@ import (
 	"github.com/gorilla/mux"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
+	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/security"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 )
@@ -32,6 +33,7 @@ func NewHandler(bouncer security.BouncerService, dataStore dataservices.DataStor
 
 	h.Handle("/custom_templates/create/{method}",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateCreate))).Methods(http.MethodPost)
+	h.Handle("/custom_templates", middlewares.Deprecated(h, deprecatedCustomTemplateCreateUrlParser)).Methods(http.MethodPost) // Deprecated
 	h.Handle("/custom_templates",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.customTemplateList))).Methods(http.MethodGet)
 	h.Handle("/custom_templates/{id}",

api/http/handler/docker/images/images_list.go

@@ -1,19 +1,18 @@
 package images
 
 import (
-	"context"
-	"fmt"
 	"net/http"
 	"strings"
 
+	"github.com/portainer/portainer/api/docker/client"
 	"github.com/portainer/portainer/api/http/handler/docker/utils"
 	"github.com/portainer/portainer/api/set"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
 
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/image"
 )
 
 type ImageResponse struct {
@@ -47,16 +46,17 @@ func (handler *Handler) imagesList(w http.ResponseWriter, r *http.Request) *http
 		return httpErr
 	}
 
-	nodeNames := make(map[string]string)
-
-	// Pass the node names map to the context so the custom NodeNameTransport can use it
-	ctx := context.WithValue(r.Context(), "nodeNames", nodeNames)
-
-	images, err := cli.ImageList(ctx, image.ListOptions{})
+	images, err := cli.ImageList(r.Context(), types.ImageListOptions{})
 	if err != nil {
 		return httperror.InternalServerError("Unable to retrieve Docker images", err)
 	}
 
+	// Extract the node name from the custom transport
+	nodeNames := make(map[string]string)
+	if t, ok := cli.HTTPClient().Transport.(*client.NodeNameTransport); ok {
+		nodeNames = t.NodeNames()
+	}
+
 	withUsage, err := request.RetrieveBooleanQueryParameter(r, "withUsage", true)
 	if err != nil {
 		return httperror.BadRequest("Invalid query parameter: withUsage", err)
@@ -85,12 +85,8 @@ func (handler *Handler) imagesList(w http.ResponseWriter, r *http.Request) *http
 		}
 
 		imagesList[i] = ImageResponse{
-			Created: image.Created,
-			// Only works if the order of `images` is not changed between unmarshaling the agent's response
-			// in NodeNameTransport.RoundTrip()  (api/docker/client/client.go)
-			// and docker's cli.ImageList()
-			// As both functions unmarshal the same response body, the resulting array will be ordered the same way.
-			NodeName: nodeNames[fmt.Sprintf("%s-%d", image.ID, i)],
+			Created:  image.Created,
+			NodeName: nodeNames[image.ID],
 			ID:       image.ID,
 			Size:     image.Size,
 			Tags:     image.RepoTags,

api/http/handler/edgegroups/edgegroup_update.go

@@ -167,7 +167,7 @@ func (handler *Handler) edgeGroupUpdate(w http.ResponseWriter, r *http.Request)
 
 func (handler *Handler) updateEndpointStacks(tx dataservices.DataStoreTx, endpoint *portainer.Endpoint, edgeGroups []portainer.EdgeGroup, edgeStacks []portainer.EdgeStack) error {
 	relation, err := tx.EndpointRelation().EndpointRelation(endpoint.ID)
-	if err != nil && !handler.DataStore.IsErrObjectNotFound(err) {
+	if err != nil {
 		return err
 	}
 
@@ -183,12 +183,6 @@ func (handler *Handler) updateEndpointStacks(tx dataservices.DataStoreTx, endpoi
 		edgeStackSet[edgeStackID] = true
 	}
 
-	if relation == nil {
-		relation = &portainer.EndpointRelation{
-			EndpointID: endpoint.ID,
-			EdgeStacks: make(map[portainer.EdgeStackID]bool),
-		}
-	}
 	relation.EdgeStacks = edgeStackSet
 
 	return tx.EndpointRelation().UpdateEndpointRelation(endpoint.ID, relation)

api/http/handler/edgejobs/edgejob_create.go

@@ -271,3 +271,26 @@ func (handler *Handler) addAndPersistEdgeJob(tx dataservices.DataStoreTx, edgeJo
 
 	return tx.EdgeJob().CreateWithID(edgeJob.ID, edgeJob)
 }
+
+// @id EdgeJobCreate
+// @summary Create an EdgeJob
+// @description **Access policy**: administrator
+// @tags edge_jobs
+// @security ApiKeyAuth
+// @security jwt
+// @produce json
+// @param method query string true "Creation Method" Enums(file, string)
+// @param body body object true "for body documentation see the relevant /edge_jobs/create/{method} endpoint"
+// @success 200 {object} portainer.EdgeGroup
+// @failure 503 "Edge compute features are disabled"
+// @failure 500
+// @deprecated
+// @router /edge_jobs [post]
+func deprecatedEdgeJobCreateUrlParser(w http.ResponseWriter, r *http.Request) (string, *httperror.HandlerError) {
+	method, err := request.RetrieveQueryParameter(r, "method", false)
+	if err != nil {
+		return "", httperror.BadRequest("Invalid query parameter: method. Valid values are: file or string", err)
+	}
+
+	return "/edge_jobs/create/" + method, nil
+}

api/http/handler/edgejobs/handler.go

@@ -6,6 +6,7 @@ import (
 
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
+	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/security"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/response"
@@ -29,6 +30,8 @@ func NewHandler(bouncer security.BouncerService) *Handler {
 
 	h.Handle("/edge_jobs",
 		bouncer.AdminAccess(bouncer.EdgeComputeOperation(httperror.LoggerHandler(h.edgeJobList)))).Methods(http.MethodGet)
+	h.Handle("/edge_jobs",
+		bouncer.AdminAccess(bouncer.EdgeComputeOperation(middlewares.Deprecated(h, deprecatedEdgeJobCreateUrlParser)))).Methods(http.MethodPost)
 	h.Handle("/edge_jobs/create/{method}",
 		bouncer.AdminAccess(bouncer.EdgeComputeOperation(httperror.LoggerHandler(h.edgeJobCreate)))).Methods(http.MethodPost)
 	h.Handle("/edge_jobs/{id}",

api/http/handler/edgestacks/edgestack_create.go

@@ -55,3 +55,26 @@ func (handler *Handler) createSwarmStack(tx dataservices.DataStoreTx, method str
 
 	return nil, httperrors.NewInvalidPayloadError("Invalid value for query parameter: method. Value must be one of: string, repository or file")
 }
+
+// @id EdgeStackCreate
+// @summary Create an EdgeStack
+// @description **Access policy**: administrator
+// @tags edge_stacks
+// @security ApiKeyAuth
+// @security jwt
+// @produce json
+// @param method query string true "Creation Method" Enums(file,string,repository)
+// @param body body object true "for body documentation see the relevant /edge_stacks/create/{method} endpoint"
+// @success 200 {object} portainer.EdgeStack
+// @failure 500
+// @failure 503 "Edge compute features are disabled"
+// @deprecated
+// @router /edge_stacks [post]
+func deprecatedEdgeStackCreateUrlParser(w http.ResponseWriter, r *http.Request) (string, *httperror.HandlerError) {
+	method, err := request.RetrieveQueryParameter(r, "method", false)
+	if err != nil {
+		return "", httperror.BadRequest("Invalid query parameter: method. Valid values are: file or string", err)
+	}
+
+	return "/edge_stacks/create/" + method, nil
+}

api/http/handler/edgestacks/edgestack_create_file.go

@@ -6,18 +6,12 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
 	httperrors "github.com/portainer/portainer/api/http/errors"
-	"github.com/portainer/portainer/pkg/edge"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 
 	"github.com/pkg/errors"
 )
 
 type edgeStackFromFileUploadPayload struct {
-	// Name of the stack
-	// Max length: 255
-	// Name must only contains lowercase characters, numbers, hyphens, or underscores
-	// Name must start with a lowercase character or number
-	// Example: stack-name or stack_123 or stackName
 	Name             string
 	StackFileContent []byte
 	EdgeGroups       []portainer.EdgeGroupID
@@ -38,10 +32,6 @@ func (payload *edgeStackFromFileUploadPayload) Validate(r *http.Request) error {
 	}
 	payload.Name = name
 
-	if !edge.IsValidEdgeStackName(payload.Name) {
-		return httperrors.NewInvalidPayloadError("Invalid stack name. Stack name must only consist of lowercase alpha characters, numbers, hyphens, or underscores as well as start with a lowercase character or number")
-	}
-
 	composeFileContent, _, err := request.RetrieveMultiPartFormFile(r, "file")
 	if err != nil {
 		return httperrors.NewInvalidPayloadError("Invalid Compose file. Ensure that the Compose file is uploaded correctly")
@@ -85,7 +75,7 @@ func (payload *edgeStackFromFileUploadPayload) Validate(r *http.Request) error {
 // @security jwt
 // @accept multipart/form-data
 // @produce json
-// @param Name formData string true "Name of the stack. it must only consist of lowercase alphanumeric characters, hyphens, or underscores as well as start with a letter or number"
+// @param Name formData string true "Name of the stack"
 // @param file formData file true "Content of the Stack file"
 // @param EdgeGroups formData string true "JSON stringified array of Edge Groups ids"
 // @param DeploymentType formData int true "deploy type 0 - 'compose', 1 - 'kubernetes'"

api/http/handler/edgestacks/edgestack_create_git.go

@@ -9,7 +9,6 @@ import (
 	"github.com/portainer/portainer/api/filesystem"
 	gittypes "github.com/portainer/portainer/api/git/types"
 	httperrors "github.com/portainer/portainer/api/http/errors"
-	"github.com/portainer/portainer/pkg/edge"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 
 	"github.com/asaskevich/govalidator"
@@ -18,11 +17,7 @@ import (
 
 type edgeStackFromGitRepositoryPayload struct {
 	// Name of the stack
-	// Max length: 255
-	// Name must only contains lowercase characters, numbers, hyphens, or underscores
-	// Name must start with a lowercase character or number
-	// Example: stack-name or stack_123 or stackName
-	Name string `example:"stack-name" validate:"required"`
+	Name string `example:"myStack" validate:"required"`
 	// URL of a Git repository hosting the Stack file
 	RepositoryURL string `example:"https://github.com/openfaas/faas" validate:"required"`
 	// Reference name of a Git repository hosting the Stack file
@@ -55,10 +50,6 @@ func (payload *edgeStackFromGitRepositoryPayload) Validate(r *http.Request) erro
 		return httperrors.NewInvalidPayloadError("Invalid stack name")
 	}
 
-	if !edge.IsValidEdgeStackName(payload.Name) {
-		return httperrors.NewInvalidPayloadError("Invalid stack name. Stack name must only consist of lowercase alpha characters, numbers, hyphens, or underscores as well as start with a lowercase character or number")
-	}
-
 	if len(payload.RepositoryURL) == 0 || !govalidator.IsURL(payload.RepositoryURL) {
 		return httperrors.NewInvalidPayloadError("Invalid repository URL. Must correspond to a valid URL format")
 	}

api/http/handler/edgestacks/edgestack_create_string.go

@@ -8,7 +8,6 @@ import (
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/filesystem"
 	httperrors "github.com/portainer/portainer/api/http/errors"
-	"github.com/portainer/portainer/pkg/edge"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 
 	"github.com/pkg/errors"
@@ -16,11 +15,7 @@ import (
 
 type edgeStackFromStringPayload struct {
 	// Name of the stack
-	// Max length: 255
-	// Name must only contains lowercase characters, numbers, hyphens, or underscores
-	// Name must start with a lowercase character or number
-	// Example: stack-name or stack_123 or stackName
-	Name string `example:"stack-name" validate:"required"`
+	Name string `example:"myStack" validate:"required"`
 	// Content of the Stack file
 	StackFileContent string `example:"version: 3\n services:\n web:\n image:nginx" validate:"required"`
 	// List of identifiers of EdgeGroups
@@ -41,10 +36,6 @@ func (payload *edgeStackFromStringPayload) Validate(r *http.Request) error {
 		return httperrors.NewInvalidPayloadError("Invalid stack name")
 	}
 
-	if !edge.IsValidEdgeStackName(payload.Name) {
-		return httperrors.NewInvalidPayloadError("Invalid stack name. Stack name must only consist of lowercase alpha characters, numbers, hyphens, or underscores as well as start with a lowercase character or number")
-	}
-
 	if len(payload.StackFileContent) == 0 {
 		return httperrors.NewInvalidPayloadError("Invalid stack file content")
 	}

api/http/handler/edgestacks/edgestack_create_test.go

@@ -43,7 +43,7 @@ func TestCreateAndInspect(t *testing.T) {
 	}
 
 	payload := edgeStackFromStringPayload{
-		Name:             "test-stack",
+		Name:             "Test Stack",
 		StackFileContent: "stack content",
 		EdgeGroups:       []portainer.EdgeGroupID{1},
 		DeploymentType:   portainer.EdgeStackDeploymentCompose,
@@ -161,7 +161,7 @@ func TestCreateWithInvalidPayload(t *testing.T) {
 		{
 			Name: "EdgeStackDeploymentKubernetes with Docker endpoint",
 			Payload: edgeStackFromStringPayload{
-				Name:             "stack-name",
+				Name:             "Stack name",
 				StackFileContent: "content",
 				EdgeGroups:       []portainer.EdgeGroupID{1},
 				DeploymentType:   portainer.EdgeStackDeploymentKubernetes,
@@ -172,7 +172,7 @@ func TestCreateWithInvalidPayload(t *testing.T) {
 		{
 			Name: "Empty Stack File Content",
 			Payload: edgeStackFromStringPayload{
-				Name:             "stack-name",
+				Name:             "Stack name",
 				StackFileContent: "",
 				EdgeGroups:       []portainer.EdgeGroupID{1},
 				DeploymentType:   portainer.EdgeStackDeploymentCompose,
@@ -183,7 +183,7 @@ func TestCreateWithInvalidPayload(t *testing.T) {
 		{
 			Name: "Clone Git repository error",
 			Payload: edgeStackFromGitRepositoryPayload{
-				Name:                     "stack-name",
+				Name:                     "Stack name",
 				RepositoryURL:            "github.com/portainer/portainer",
 				RepositoryReferenceName:  "ref name",
 				RepositoryAuthentication: false,

api/http/handler/edgestacks/edgestack_delete.go

@@ -3,7 +3,6 @@ package edgestacks
 import (
 	"errors"
 	"net/http"
-	"strconv"
 
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
@@ -53,14 +52,10 @@ func (handler *Handler) deleteEdgeStack(tx dataservices.DataStoreTx, edgeStackID
 		return httperror.InternalServerError("Unable to find an edge stack with the specified identifier inside the database", err)
 	}
 
-	if err := handler.edgeStacksService.DeleteEdgeStack(tx, edgeStack.ID, edgeStack.EdgeGroups); err != nil {
+	err = handler.edgeStacksService.DeleteEdgeStack(tx, edgeStack.ID, edgeStack.EdgeGroups)
+	if err != nil {
 		return httperror.InternalServerError("Unable to delete edge stack", err)
 	}
 
-	stackFolder := handler.FileService.GetEdgeStackProjectPath(strconv.Itoa(int(edgeStack.ID)))
-	if err := handler.FileService.RemoveDirectory(stackFolder); err != nil {
-		return httperror.InternalServerError("Unable to remove edge stack project folder", err)
-	}
-
 	return nil
 }

api/http/handler/edgestacks/edgestack_delete_test.go

@@ -1,14 +1,12 @@
 package edgestacks
 
 import (
-	"bytes"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"testing"
 
 	portainer "github.com/portainer/portainer/api"
-	"github.com/stretchr/testify/assert"
 
 	"github.com/segmentio/encoding/json"
 )
@@ -103,52 +101,3 @@ func TestDeleteInvalidEdgeStack(t *testing.T) {
 		})
 	}
 }
-
-func TestDeleteEdgeStack_RemoveProjectFolder(t *testing.T) {
-	handler, rawAPIKey := setupHandler(t)
-
-	edgeGroup := createEdgeGroup(t, handler.DataStore)
-
-	payload := edgeStackFromStringPayload{
-		Name:             "test-stack",
-		DeploymentType:   portainer.EdgeStackDeploymentCompose,
-		EdgeGroups:       []portainer.EdgeGroupID{edgeGroup.ID},
-		StackFileContent: "version: '3.7'\nservices:\n  test:\n    image: test",
-	}
-
-	var buf bytes.Buffer
-	if err := json.NewEncoder(&buf).Encode(payload); err != nil {
-		t.Fatal("error encoding payload:", err)
-	}
-
-	// Create
-	req, err := http.NewRequest(http.MethodPost, "/edge_stacks/create/string", &buf)
-	if err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec := httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusOK {
-		t.Fatalf("expected a %d response, found: %d", http.StatusNoContent, rec.Code)
-	}
-
-	assert.DirExists(t, handler.FileService.GetEdgeStackProjectPath("1"))
-
-	// Delete
-	if req, err = http.NewRequest(http.MethodDelete, "/edge_stacks/1", nil); err != nil {
-		t.Fatal("request error:", err)
-	}
-
-	req.Header.Add("x-api-key", rawAPIKey)
-	rec = httptest.NewRecorder()
-	handler.ServeHTTP(rec, req)
-
-	if rec.Code != http.StatusNoContent {
-		t.Fatalf("expected a %d response, found: %d", http.StatusNoContent, rec.Code)
-	}
-
-	assert.NoDirExists(t, handler.FileService.GetEdgeStackProjectPath("1"))
-}

api/http/handler/edgestacks/edgestack_file.go

@@ -34,7 +34,7 @@ func (handler *Handler) edgeStackFile(w http.ResponseWriter, r *http.Request) *h
 
 	stack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(stackID))
 	if err != nil {
-		return handlerDBErr(err, "Unable to find an edge stack with the specified identifier inside the database")
+		return handler.handlerDBErr(err, "Unable to find an edge stack with the specified identifier inside the database")
 	}
 
 	fileName := stack.EntryPoint

api/http/handler/edgestacks/edgestack_inspect.go

@@ -30,7 +30,7 @@ func (handler *Handler) edgeStackInspect(w http.ResponseWriter, r *http.Request)
 
 	edgeStack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(edgeStackID))
 	if err != nil {
-		return handlerDBErr(err, "Unable to find an edge stack with the specified identifier inside the database")
+		return handler.handlerDBErr(err, "Unable to find an edge stack with the specified identifier inside the database")
 	}
 
 	return response.JSON(w, edgeStack)

api/http/handler/edgestacks/edgestack_status_delete.go

@@ -0,0 +1,87 @@
+package edgestacks
+
+import (
+	"errors"
+	"net/http"
+	"time"
+
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/dataservices"
+	"github.com/portainer/portainer/api/http/middlewares"
+	httperror "github.com/portainer/portainer/pkg/libhttp/error"
+	"github.com/portainer/portainer/pkg/libhttp/request"
+	"github.com/portainer/portainer/pkg/libhttp/response"
+)
+
+// @id EdgeStackStatusDelete
+// @summary Delete an EdgeStack status
+// @description Authorized only if the request is done by an Edge Environment(Endpoint)
+// @tags edge_stacks
+// @produce json
+// @param id path int true "EdgeStack Id"
+// @param environmentId path int true "Environment identifier"
+// @success 200 {object} portainer.EdgeStack
+// @failure 500
+// @failure 400
+// @failure 404
+// @failure 403
+// @deprecated
+// @router /edge_stacks/{id}/status/{environmentId} [delete]
+func (handler *Handler) edgeStackStatusDelete(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	stackID, err := request.RetrieveNumericRouteVariableValue(r, "id")
+	if err != nil {
+		return httperror.BadRequest("Invalid stack identifier route variable", err)
+	}
+
+	endpoint, err := middlewares.FetchEndpoint(r)
+	if err != nil {
+		return httperror.InternalServerError("Unable to retrieve a valid endpoint from the handler context", err)
+	}
+
+	err = handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint)
+	if err != nil {
+		return httperror.Forbidden("Permission denied to access environment", err)
+	}
+
+	var stack *portainer.EdgeStack
+	err = handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
+		stack, err = handler.deleteEdgeStackStatus(tx, portainer.EdgeStackID(stackID), endpoint)
+		return err
+	})
+	if err != nil {
+		var httpErr *httperror.HandlerError
+		if errors.As(err, &httpErr) {
+			return httpErr
+		}
+
+		return httperror.InternalServerError("Unexpected error", err)
+	}
+
+	return response.JSON(w, stack)
+}
+
+func (handler *Handler) deleteEdgeStackStatus(tx dataservices.DataStoreTx, stackID portainer.EdgeStackID, endpoint *portainer.Endpoint) (*portainer.EdgeStack, error) {
+	stack, err := tx.EdgeStack().EdgeStack(stackID)
+	if err != nil {
+		return nil, handler.handlerDBErr(err, "Unable to find a stack with the specified identifier inside the database")
+	}
+
+	environmentStatus, ok := stack.Status[endpoint.ID]
+	if !ok {
+		environmentStatus = portainer.EdgeStackStatus{}
+	}
+
+	environmentStatus.Status = append(environmentStatus.Status, portainer.EdgeStackDeploymentStatus{
+		Time: time.Now().Unix(),
+		Type: portainer.EdgeStackStatusRemoved,
+	})
+
+	stack.Status[endpoint.ID] = environmentStatus
+
+	err = tx.EdgeStack().UpdateEdgeStack(stack.ID, stack)
+	if err != nil {
+		return nil, httperror.InternalServerError("Unable to persist the stack changes inside the database", err)
+	}
+
+	return stack, nil
+}

api/http/handler/edgestacks/edgestack_status_delete_test.go

@@ -0,0 +1,30 @@
+package edgestacks
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	portainer "github.com/portainer/portainer/api"
+)
+
+func TestDeleteStatus(t *testing.T) {
+	handler, _ := setupHandler(t)
+
+	endpoint := createEndpoint(t, handler.DataStore)
+	edgeStack := createEdgeStack(t, handler.DataStore, endpoint.ID)
+
+	req, err := http.NewRequest(http.MethodDelete, fmt.Sprintf("/edge_stacks/%d/status/%d", edgeStack.ID, endpoint.ID), nil)
+	if err != nil {
+		t.Fatal("request error:", err)
+	}
+
+	req.Header.Set(portainer.PortainerAgentEdgeIDHeader, endpoint.EdgeID)
+	rec := httptest.NewRecorder()
+	handler.ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf("expected a %d response, found: %d", http.StatusOK, rec.Code)
+	}
+}

api/http/handler/edgestacks/edgestack_status_update.go

@@ -4,11 +4,10 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-	"slices"
-	"strconv"
 	"time"
 
 	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/dataservices"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
@@ -21,7 +20,6 @@ type updateStatusPayload struct {
 	Status     *portainer.EdgeStackStatusType
 	EndpointID portainer.EndpointID
 	Time       int64
-	Version    int
 }
 
 func (payload *updateStatusPayload) Validate(r *http.Request) error {
@@ -69,21 +67,11 @@ func (handler *Handler) edgeStackStatusUpdate(w http.ResponseWriter, r *http.Req
 		return httperror.BadRequest("Invalid request payload", fmt.Errorf("edge polling error: %w. Environment ID: %d", err, payload.EndpointID))
 	}
 
-	endpoint, err := handler.DataStore.Endpoint().Endpoint(payload.EndpointID)
-	if err != nil {
-		return handlerDBErr(fmt.Errorf("unable to find the environment from the database: %w. Environment ID: %d", err, payload.EndpointID), "unable to find the environment")
-	}
-
-	if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
-		return httperror.Forbidden("Permission denied to access environment", fmt.Errorf("unauthorized edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
-	}
-
-	updateFn := func(stack *portainer.EdgeStack) (*portainer.EdgeStack, error) {
-		return handler.updateEdgeStackStatus(stack, stack.ID, payload)
-	}
-
-	stack, err := handler.stackCoordinator.UpdateStatus(r, portainer.EdgeStackID(stackID), updateFn)
-	if err != nil {
+	var stack *portainer.EdgeStack
+	if err := handler.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
+		stack, err = handler.updateEdgeStackStatus(tx, r, portainer.EdgeStackID(stackID), payload)
+		return err
+	}); err != nil {
 		var httpErr *httperror.HandlerError
 		if errors.As(err, &httpErr) {
 			return httpErr
@@ -92,16 +80,32 @@ func (handler *Handler) edgeStackStatusUpdate(w http.ResponseWriter, r *http.Req
 		return httperror.InternalServerError("Unexpected error", err)
 	}
 
-	if ok, _ := strconv.ParseBool(r.Header.Get("X-Portainer-No-Body")); ok {
-		return nil
-	}
-
 	return response.JSON(w, stack)
 }
 
-func (handler *Handler) updateEdgeStackStatus(stack *portainer.EdgeStack, stackID portainer.EdgeStackID, payload updateStatusPayload) (*portainer.EdgeStack, error) {
-	if payload.Version > 0 && payload.Version < stack.Version {
-		return stack, nil
+func (handler *Handler) updateEdgeStackStatus(tx dataservices.DataStoreTx, r *http.Request, stackID portainer.EdgeStackID, payload updateStatusPayload) (*portainer.EdgeStack, error) {
+	stack, err := tx.EdgeStack().EdgeStack(stackID)
+	if err != nil {
+		if dataservices.IsErrObjectNotFound(err) {
+			// skip error because agent tries to report on deleted stack
+			log.Debug().
+				Err(err).
+				Int("stackID", int(stackID)).
+				Int("status", int(*payload.Status)).
+				Msg("Unable to find a stack inside the database, skipping error")
+			return nil, nil
+		}
+
+		return nil, fmt.Errorf("unable to retrieve Edge stack from the database: %w. Environment ID: %d", err, payload.EndpointID)
+	}
+
+	endpoint, err := tx.Endpoint().Endpoint(payload.EndpointID)
+	if err != nil {
+		return nil, handler.handlerDBErr(fmt.Errorf("unable to find the environment from the database: %w. Environment ID: %d", err, payload.EndpointID), "unable to find the environment")
+	}
+
+	if err := handler.requestBouncer.AuthorizedEdgeEndpointOperation(r, endpoint); err != nil {
+		return nil, httperror.Forbidden("Permission denied to access environment", fmt.Errorf("unauthorized edge endpoint operation: %w. Environment name: %s", err, endpoint.Name))
 	}
 
 	status := *payload.Status
@@ -119,6 +123,10 @@ func (handler *Handler) updateEdgeStackStatus(stack *portainer.EdgeStack, stackI
 
 	updateEnvStatus(payload.EndpointID, stack, deploymentStatus)
 
+	if err := tx.EdgeStack().UpdateEdgeStack(stackID, stack); err != nil {
+		return nil, handler.handlerDBErr(fmt.Errorf("unable to update Edge stack to the database: %w. Environment name: %s", err, endpoint.Name), "unable to update Edge stack")
+	}
+
 	return stack, nil
 }
 
@@ -137,11 +145,7 @@ func updateEnvStatus(environmentId portainer.EndpointID, stack *portainer.EdgeSt
 		}
 	}
 
-	if containsStatus := slices.ContainsFunc(environmentStatus.Status, func(e portainer.EdgeStackDeploymentStatus) bool {
-		return e.Type == deploymentStatus.Type
-	}); !containsStatus {
-		environmentStatus.Status = append(environmentStatus.Status, deploymentStatus)
-	}
+	environmentStatus.Status = append(environmentStatus.Status, deploymentStatus)
 
 	stack.Status[environmentId] = environmentStatus
 }

api/http/handler/edgestacks/edgestack_status_update_coordinator.go

@@ -1,155 +0,0 @@
-package edgestacks
-
-import (
-	"errors"
-	"fmt"
-	"net/http"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
-
-	"github.com/rs/zerolog/log"
-)
-
-type statusRequest struct {
-	respCh   chan statusResponse
-	stackID  portainer.EdgeStackID
-	updateFn statusUpdateFn
-}
-
-type statusResponse struct {
-	Stack *portainer.EdgeStack
-	Error error
-}
-
-type statusUpdateFn func(*portainer.EdgeStack) (*portainer.EdgeStack, error)
-
-type EdgeStackStatusUpdateCoordinator struct {
-	updateCh  chan statusRequest
-	dataStore dataservices.DataStore
-}
-
-var errAnotherStackUpdateInProgress = errors.New("another stack update is in progress")
-
-func NewEdgeStackStatusUpdateCoordinator(dataStore dataservices.DataStore) *EdgeStackStatusUpdateCoordinator {
-	return &EdgeStackStatusUpdateCoordinator{
-		updateCh:  make(chan statusRequest),
-		dataStore: dataStore,
-	}
-}
-
-func (c *EdgeStackStatusUpdateCoordinator) Start() {
-	for {
-		c.loop()
-	}
-}
-
-func (c *EdgeStackStatusUpdateCoordinator) loop() {
-	u := <-c.updateCh
-
-	respChs := []chan statusResponse{u.respCh}
-
-	var stack *portainer.EdgeStack
-
-	err := c.dataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
-		// 1. Load the edge stack
-		var err error
-
-		stack, err = loadEdgeStack(tx, u.stackID)
-		if err != nil {
-			return err
-		}
-
-		// Return early when the agent tries to update the status on a deleted stack
-		if stack == nil {
-			return nil
-		}
-
-		// 2. Mutate the edge stack opportunistically until there are no more pending updates
-		for {
-			stack, err = u.updateFn(stack)
-			if err != nil {
-				return err
-			}
-
-			if m, ok := c.getNextUpdate(stack.ID); ok {
-				u = m
-			} else {
-				break
-			}
-
-			respChs = append(respChs, u.respCh)
-		}
-
-		// 3. Save the changes back to the database
-		if err := tx.EdgeStack().UpdateEdgeStack(stack.ID, stack); err != nil {
-			return handlerDBErr(fmt.Errorf("unable to update Edge stack: %w.", err), "Unable to persist the stack changes inside the database")
-		}
-
-		return nil
-	})
-
-	// 4. Send back the responses
-	for _, ch := range respChs {
-		ch <- statusResponse{Stack: stack, Error: err}
-	}
-}
-
-func loadEdgeStack(tx dataservices.DataStoreTx, stackID portainer.EdgeStackID) (*portainer.EdgeStack, error) {
-	stack, err := tx.EdgeStack().EdgeStack(stackID)
-	if err != nil {
-		if dataservices.IsErrObjectNotFound(err) {
-			// Skip the error when the agent tries to update the status on a deleted stack
-			log.Debug().
-				Err(err).
-				Int("stackID", int(stackID)).
-				Msg("Unable to find a stack inside the database, skipping error")
-
-			return nil, nil
-		}
-
-		return nil, fmt.Errorf("unable to retrieve Edge stack from the database: %w.", err)
-	}
-
-	return stack, nil
-}
-
-func (c *EdgeStackStatusUpdateCoordinator) getNextUpdate(stackID portainer.EdgeStackID) (statusRequest, bool) {
-	for {
-		select {
-		case u := <-c.updateCh:
-			// Discard the update and let the agent retry
-			if u.stackID != stackID {
-				u.respCh <- statusResponse{Error: errAnotherStackUpdateInProgress}
-
-				continue
-			}
-
-			return u, true
-
-		default:
-			return statusRequest{}, false
-		}
-	}
-}
-
-func (c *EdgeStackStatusUpdateCoordinator) UpdateStatus(r *http.Request, stackID portainer.EdgeStackID, updateFn statusUpdateFn) (*portainer.EdgeStack, error) {
-	respCh := make(chan statusResponse)
-	defer close(respCh)
-
-	msg := statusRequest{
-		respCh:   respCh,
-		stackID:  stackID,
-		updateFn: updateFn,
-	}
-
-	select {
-	case c.updateCh <- msg:
-		r := <-respCh
-
-		return r.Stack, r.Error
-
-	case <-r.Context().Done():
-		return nil, r.Context().Err()
-	}
-}

api/http/handler/edgestacks/edgestack_test.go

@@ -51,14 +51,10 @@ func setupHandler(t *testing.T) (*Handler, string) {
 		t.Fatal(err)
 	}
 
-	coord := NewEdgeStackStatusUpdateCoordinator(store)
-	go coord.Start()
-
 	handler := NewHandler(
 		security.NewRequestBouncer(store, jwtService, apiKeyService),
 		store,
 		edgestacks.NewService(store),
-		coord,
 	)
 
 	handler.FileService = fs
@@ -148,15 +144,3 @@ func createEdgeStack(t *testing.T, store dataservices.DataStore, endpointID port
 
 	return edgeStack
 }
-
-func createEdgeGroup(t *testing.T, store dataservices.DataStore) portainer.EdgeGroup {
-	edgeGroup := portainer.EdgeGroup{
-		ID:   1,
-		Name: "EdgeGroup 1",
-	}
-
-	if err := store.EdgeGroup().Create(&edgeGroup); err != nil {
-		t.Fatal(err)
-	}
-	return edgeGroup
-}

api/http/handler/edgestacks/edgestack_update.go

@@ -80,7 +80,7 @@ func (handler *Handler) edgeStackUpdate(w http.ResponseWriter, r *http.Request)
 func (handler *Handler) updateEdgeStack(tx dataservices.DataStoreTx, stackID portainer.EdgeStackID, payload updateEdgeStackPayload) (*portainer.EdgeStack, error) {
 	stack, err := tx.EdgeStack().EdgeStack(stackID)
 	if err != nil {
-		return nil, handlerDBErr(err, "Unable to find a stack with the specified identifier inside the database")
+		return nil, handler.handlerDBErr(err, "Unable to find a stack with the specified identifier inside the database")
 	}
 
 	relationConfig, err := edge.FetchEndpointRelationsConfig(tx)
@@ -107,7 +107,7 @@ func (handler *Handler) updateEdgeStack(tx dataservices.DataStoreTx, stackID por
 
 	hasWrongType, err := hasWrongEnvironmentType(tx.Endpoint(), relatedEndpointIds, payload.DeploymentType)
 	if err != nil {
-		return nil, httperror.InternalServerError("unable to check for existence of non fitting environments: %w", err)
+		return nil, httperror.BadRequest("unable to check for existence of non fitting environments: %w", err)
 	}
 	if hasWrongType {
 		return nil, httperror.BadRequest("edge stack with config do not match the environment type", nil)
@@ -138,19 +138,48 @@ func (handler *Handler) handleChangeEdgeGroups(tx dataservices.DataStoreTx, edge
 		return nil, nil, errors.WithMessage(err, "Unable to retrieve edge stack related environments from database")
 	}
 
-	oldRelatedEnvironmentsSet := set.ToSet(oldRelatedEnvironmentIDs)
-	newRelatedEnvironmentsSet := set.ToSet(newRelatedEnvironmentIDs)
+	oldRelatedSet := set.ToSet(oldRelatedEnvironmentIDs)
+	newRelatedSet := set.ToSet(newRelatedEnvironmentIDs)
 
-	relatedEnvironmentsToAdd := newRelatedEnvironmentsSet.Difference(oldRelatedEnvironmentsSet)
-	relatedEnvironmentsToRemove := oldRelatedEnvironmentsSet.Difference(newRelatedEnvironmentsSet)
-
-	if len(relatedEnvironmentsToRemove) > 0 {
-		tx.EndpointRelation().RemoveEndpointRelationsForEdgeStack(relatedEnvironmentsToRemove.Keys(), edgeStackID)
+	endpointsToRemove := set.Set[portainer.EndpointID]{}
+	for endpointID := range oldRelatedSet {
+		if !newRelatedSet[endpointID] {
+			endpointsToRemove[endpointID] = true
+		}
 	}
 
-	if len(relatedEnvironmentsToAdd) > 0 {
-		tx.EndpointRelation().AddEndpointRelationsForEdgeStack(relatedEnvironmentsToAdd.Keys(), edgeStackID)
+	for endpointID := range endpointsToRemove {
+		relation, err := tx.EndpointRelation().EndpointRelation(endpointID)
+		if err != nil {
+			return nil, nil, errors.WithMessage(err, "Unable to find environment relation in database")
+		}
+
+		delete(relation.EdgeStacks, edgeStackID)
+
+		if err := tx.EndpointRelation().UpdateEndpointRelation(endpointID, relation); err != nil {
+			return nil, nil, errors.WithMessage(err, "Unable to persist environment relation in database")
+		}
 	}
 
-	return newRelatedEnvironmentIDs, relatedEnvironmentsToAdd, nil
+	endpointsToAdd := set.Set[portainer.EndpointID]{}
+	for endpointID := range newRelatedSet {
+		if !oldRelatedSet[endpointID] {
+			endpointsToAdd[endpointID] = true
+		}
+	}
+
+	for endpointID := range endpointsToAdd {
+		relation, err := tx.EndpointRelation().EndpointRelation(endpointID)
+		if err != nil {
+			return nil, nil, errors.WithMessage(err, "Unable to find environment relation in database")
+		}
+
+		relation.EdgeStacks[edgeStackID] = true
+
+		if err := tx.EndpointRelation().UpdateEndpointRelation(endpointID, relation); err != nil {
+			return nil, nil, errors.WithMessage(err, "Unable to persist environment relation in database")
+		}
+	}
+
+	return newRelatedEnvironmentIDs, endpointsToAdd, nil
 }

api/http/handler/edgestacks/handler.go

@@ -22,21 +22,21 @@ type Handler struct {
 	GitService         portainer.GitService
 	edgeStacksService  *edgestackservice.Service
 	KubernetesDeployer portainer.KubernetesDeployer
-	stackCoordinator   *EdgeStackStatusUpdateCoordinator
 }
 
 // NewHandler creates a handler to manage environment(endpoint) group operations.
-func NewHandler(bouncer security.BouncerService, dataStore dataservices.DataStore, edgeStacksService *edgestackservice.Service, stackCoordinator *EdgeStackStatusUpdateCoordinator) *Handler {
+func NewHandler(bouncer security.BouncerService, dataStore dataservices.DataStore, edgeStacksService *edgestackservice.Service) *Handler {
 	h := &Handler{
 		Router:            mux.NewRouter(),
 		requestBouncer:    bouncer,
 		DataStore:         dataStore,
 		edgeStacksService: edgeStacksService,
-		stackCoordinator:  stackCoordinator,
 	}
 
 	h.Handle("/edge_stacks/create/{method}",
 		bouncer.AdminAccess(bouncer.EdgeComputeOperation(httperror.LoggerHandler(h.edgeStackCreate)))).Methods(http.MethodPost)
+	h.Handle("/edge_stacks",
+		bouncer.AdminAccess(bouncer.EdgeComputeOperation(middlewares.Deprecated(h, deprecatedEdgeStackCreateUrlParser)))).Methods(http.MethodPost) // Deprecated
 	h.Handle("/edge_stacks",
 		bouncer.AdminAccess(bouncer.EdgeComputeOperation(httperror.LoggerHandler(h.edgeStackList)))).Methods(http.MethodGet)
 	h.Handle("/edge_stacks/{id}",
@@ -53,13 +53,15 @@ func NewHandler(bouncer security.BouncerService, dataStore dataservices.DataStor
 	edgeStackStatusRouter := h.NewRoute().Subrouter()
 	edgeStackStatusRouter.Use(middlewares.WithEndpoint(h.DataStore.Endpoint(), "endpoint_id"))
 
+	edgeStackStatusRouter.PathPrefix("/edge_stacks/{id}/status/{endpoint_id}").Handler(bouncer.PublicAccess(httperror.LoggerHandler(h.edgeStackStatusDelete))).Methods(http.MethodDelete)
+
 	return h
 }
 
-func handlerDBErr(err error, msg string) *httperror.HandlerError {
+func (handler *Handler) handlerDBErr(err error, msg string) *httperror.HandlerError {
 	httpErr := httperror.InternalServerError(msg, err)
 
-	if dataservices.IsErrObjectNotFound(err) {
+	if handler.DataStore.IsErrObjectNotFound(err) {
 		httpErr.StatusCode = http.StatusNotFound
 	}
 

api/http/handler/edgetemplates/edgetemplate_list.go

@@ -0,0 +1,71 @@
+package edgetemplates
+
+import (
+	"net/http"
+	"slices"
+
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/http/client"
+	httperror "github.com/portainer/portainer/pkg/libhttp/error"
+	"github.com/portainer/portainer/pkg/libhttp/response"
+
+	"github.com/segmentio/encoding/json"
+)
+
+type templateFileFormat struct {
+	Version   string               `json:"version"`
+	Templates []portainer.Template `json:"templates"`
+}
+
+// @id EdgeTemplateList
+// @deprecated
+// @summary Fetches the list of Edge Templates
+// @description **Access policy**: administrator
+// @tags edge_templates
+// @security ApiKeyAuth
+// @security jwt
+// @accept json
+// @produce json
+// @success 200 {array} portainer.Template
+// @failure 500
+// @router /edge_templates [get]
+func (handler *Handler) edgeTemplateList(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	settings, err := handler.DataStore.Settings().Settings()
+	if err != nil {
+		return httperror.InternalServerError("Unable to retrieve settings from the database", err)
+	}
+
+	url := portainer.DefaultTemplatesURL
+	if settings.TemplatesURL != "" {
+		url = settings.TemplatesURL
+	}
+
+	var templateData []byte
+	templateData, err = client.Get(url, 10)
+	if err != nil {
+		return httperror.InternalServerError("Unable to retrieve external templates", err)
+	}
+
+	var templateFile templateFileFormat
+
+	err = json.Unmarshal(templateData, &templateFile)
+	if err != nil {
+		return httperror.InternalServerError("Unable to parse template file", err)
+	}
+
+	// We only support version 3 of the template format
+	// this is only a temporary fix until we have custom edge templates
+	if templateFile.Version != "3" {
+		return httperror.InternalServerError("Unsupported template version", nil)
+	}
+
+	filteredTemplates := make([]portainer.Template, 0)
+
+	for _, template := range templateFile.Templates {
+		if slices.Contains(template.Categories, "edge") && slices.Contains([]portainer.TemplateType{portainer.ComposeStackTemplate, portainer.SwarmStackTemplate}, template.Type) {
+			filteredTemplates = append(filteredTemplates, template)
+		}
+	}
+
+	return response.JSON(w, filteredTemplates)
+}

api/http/handler/edgetemplates/handler.go

@@ -0,0 +1,32 @@
+package edgetemplates
+
+import (
+	"net/http"
+
+	"github.com/portainer/portainer/api/dataservices"
+	"github.com/portainer/portainer/api/http/middlewares"
+	"github.com/portainer/portainer/api/http/security"
+	httperror "github.com/portainer/portainer/pkg/libhttp/error"
+
+	"github.com/gorilla/mux"
+)
+
+// Handler is the HTTP handler used to handle edge environment(endpoint) operations.
+type Handler struct {
+	*mux.Router
+	requestBouncer security.BouncerService
+	DataStore      dataservices.DataStore
+}
+
+// NewHandler creates a handler to manage environment(endpoint) operations.
+func NewHandler(bouncer security.BouncerService) *Handler {
+	h := &Handler{
+		Router:         mux.NewRouter(),
+		requestBouncer: bouncer,
+	}
+
+	h.Handle("/edge_templates",
+		bouncer.AdminAccess(middlewares.Deprecated(httperror.LoggerHandler(h.edgeTemplateList), func(w http.ResponseWriter, r *http.Request) (string, *httperror.HandlerError) { return "", nil }))).Methods(http.MethodGet)
+
+	return h
+}

api/http/handler/endpointedge/endpointedge_stack_inspect.go

@@ -1,10 +1,8 @@
 package endpointedge
 
 import (
-	"errors"
 	"fmt"
 	"net/http"
-	"strconv"
 
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/edge"
@@ -15,12 +13,8 @@ import (
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
-
-	"golang.org/x/sync/singleflight"
 )
 
-var edgeStackSingleFlightGroup = singleflight.Group{}
-
 // @summary Inspect an Edge Stack for an Environment(Endpoint)
 // @description **Access policy**: public
 // @tags edge, endpoints, edge_stacks
@@ -48,26 +42,13 @@ func (handler *Handler) endpointEdgeStackInspect(w http.ResponseWriter, r *http.
 		return httperror.BadRequest("Invalid edge stack identifier route variable", fmt.Errorf("invalid Edge stack route variable: %w. Environment name: %s", err, endpoint.Name))
 	}
 
-	s, err, _ := edgeStackSingleFlightGroup.Do(strconv.Itoa(edgeStackID), func() (any, error) {
-		edgeStack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(edgeStackID))
-		if handler.DataStore.IsErrObjectNotFound(err) {
-			return nil, httperror.NotFound("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("unable to find the Edge stack from database: %w. Environment name: %s", err, endpoint.Name))
-		}
-
-		return edgeStack, err
-	})
-	if err != nil {
-		var httpErr *httperror.HandlerError
-		if errors.As(err, &httpErr) {
-			return httpErr
-		}
-
-		return httperror.InternalServerError("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("failed to find Edge stack from the database: %w. Environment name: %s", err, endpoint.Name))
+	edgeStack, err := handler.DataStore.EdgeStack().EdgeStack(portainer.EdgeStackID(edgeStackID))
+	if handler.DataStore.IsErrObjectNotFound(err) {
+		return httperror.NotFound("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("unable to find the Edge stack from database: %w. Environment name: %s", err, endpoint.Name))
+	} else if err != nil {
+		return httperror.InternalServerError("Unable to find an edge stack with the specified identifier inside the database", fmt.Errorf("failed to find the Edge stack from database: %w. Environment name: %s", err, endpoint.Name))
 	}
 
-	// WARNING: this variable must not be mutated
-	edgeStack := s.(*portainer.EdgeStack)
-
 	fileName := edgeStack.EntryPoint
 	if endpointutils.IsDockerEndpoint(endpoint) {
 		if fileName == "" {

api/http/handler/endpointedge/endpointedge_status_inspect.go

@@ -264,9 +264,6 @@ func (handler *Handler) buildSchedules(tx dataservices.DataStoreTx, endpointID p
 func (handler *Handler) buildEdgeStacks(tx dataservices.DataStoreTx, endpointID portainer.EndpointID) ([]stackStatusResponse, *httperror.HandlerError) {
 	relation, err := tx.EndpointRelation().EndpointRelation(endpointID)
 	if err != nil {
-		if tx.IsErrObjectNotFound(err) {
-			return nil, nil
-		}
 		return nil, httperror.InternalServerError("Unable to retrieve relation object from the database", err)
 	}
 

api/http/handler/endpointgroups/endpoints.go

@@ -21,17 +21,10 @@ func (handler *Handler) updateEndpointRelations(tx dataservices.DataStoreTx, end
 	}
 
 	endpointRelation, err := tx.EndpointRelation().EndpointRelation(endpoint.ID)
-	if err != nil && !tx.IsErrObjectNotFound(err) {
+	if err != nil {
 		return err
 	}
 
-	if endpointRelation == nil {
-		endpointRelation = &portainer.EndpointRelation{
-			EndpointID: endpoint.ID,
-			EdgeStacks: make(map[portainer.EdgeStackID]bool),
-		}
-	}
-
 	edgeGroups, err := tx.EdgeGroup().ReadAll()
 	if err != nil {
 		return err
@@ -39,9 +32,6 @@ func (handler *Handler) updateEndpointRelations(tx dataservices.DataStoreTx, end
 
 	edgeStacks, err := tx.EdgeStack().EdgeStacks()
 	if err != nil {
-		if tx.IsErrObjectNotFound(err) {
-			return nil
-		}
 		return err
 	}
 

api/http/handler/endpoints/endpoint_delete.go

@@ -91,7 +91,7 @@ func (handler *Handler) endpointDelete(w http.ResponseWriter, r *http.Request) *
 // @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
 // @failure 403 "Unauthorized access or operation not allowed."
 // @failure 500 "Server error occurred while attempting to delete the specified environments."
-// @router /endpoints/delete [post]
+// @router /endpoints [delete]
 func (handler *Handler) endpointDeleteBatch(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
 	var p endpointDeleteBatchPayload
 	if err := request.DecodeAndValidateJSONPayload(r, &p); err != nil {
@@ -127,27 +127,6 @@ func (handler *Handler) endpointDeleteBatch(w http.ResponseWriter, r *http.Reque
 	return response.Empty(w)
 }
 
-// @id EndpointDeleteBatchDeprecated
-// @summary Remove multiple environments
-// @deprecated
-// @description Deprecated: use the `POST` endpoint instead.
-// @description Remove multiple environments and optionally clean-up associated resources.
-// @description **Access policy**: Administrator only.
-// @tags endpoints
-// @security ApiKeyAuth || jwt
-// @accept json
-// @produce json
-// @param body body endpointDeleteBatchPayload true "List of environments to delete, with optional deleteCluster flag to clean-up associated resources (cloud environments only)"
-// @success 204 "Environment(s) successfully deleted."
-// @failure 207 {object} endpointDeleteBatchPartialResponse "Partial success. Some environments were deleted successfully, while others failed."
-// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
-// @failure 403 "Unauthorized access or operation not allowed."
-// @failure 500 "Server error occurred while attempting to delete the specified environments."
-// @router /endpoints [delete]
-func (handler *Handler) endpointDeleteBatchDeprecated(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	return handler.endpointDeleteBatch(w, r)
-}
-
 func (handler *Handler) deleteEndpoint(tx dataservices.DataStoreTx, endpointID portainer.EndpointID, deleteCluster bool) error {
 	endpoint, err := tx.Endpoint().Endpoint(endpointID)
 	if tx.IsErrObjectNotFound(err) {

api/http/handler/endpoints/handler.go

@@ -68,8 +68,8 @@ func NewHandler(bouncer security.BouncerService) *Handler {
 		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointUpdate))).Methods(http.MethodPut)
 	h.Handle("/endpoints/{id}",
 		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointDelete))).Methods(http.MethodDelete)
-	h.Handle("/endpoints/delete",
-		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointDeleteBatch))).Methods(http.MethodPost)
+	h.Handle("/endpoints",
+		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointDeleteBatch))).Methods(http.MethodDelete)
 	h.Handle("/endpoints/{id}/dockerhub/{registryId}",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.endpointDockerhubStatus))).Methods(http.MethodGet)
 	h.Handle("/endpoints/{id}/snapshot",
@@ -85,7 +85,6 @@ func NewHandler(bouncer security.BouncerService) *Handler {
 
 	// DEPRECATED
 	h.Handle("/endpoints/{id}/status", bouncer.PublicAccess(httperror.LoggerHandler(h.endpointStatusInspect))).Methods(http.MethodGet)
-	h.Handle("/endpoints", bouncer.AdminAccess(httperror.LoggerHandler(h.endpointDeleteBatchDeprecated))).Methods(http.MethodDelete)
 
 	return h
 }

api/http/handler/endpoints/update_edge_relations.go

@@ -23,7 +23,6 @@ func (handler *Handler) updateEdgeRelations(tx dataservices.DataStoreTx, endpoin
 
 		relation = &portainer.EndpointRelation{
 			EndpointID: endpoint.ID,
-			EdgeStacks: map[portainer.EdgeStackID]bool{},
 		}
 		if err := tx.EndpointRelation().Create(relation); err != nil {
 			return errors.WithMessage(err, "Unable to create environment relation inside the database")

api/http/handler/file/handler.go

@@ -7,7 +7,7 @@ import (
 	"github.com/portainer/portainer/api/http/security"
 	"github.com/portainer/portainer/pkg/featureflags"
 
-	"github.com/klauspost/compress/gzhttp"
+	"github.com/gorilla/handlers"
 )
 
 // Handler represents an HTTP API handler for managing static files.
@@ -20,7 +20,7 @@ type Handler struct {
 func NewHandler(assetPublicPath string, wasInstanceDisabled func() bool) *Handler {
 	h := &Handler{
 		Handler: security.MWSecureHeaders(
-			gzhttp.GzipHandler(http.FileServer(http.Dir(assetPublicPath))),
+			handlers.CompressHandler(http.FileServer(http.Dir(assetPublicPath))),
 			featureflags.IsEnabled("hsts"),
 			featureflags.IsEnabled("csp"),
 		),

api/http/handler/handler.go

@@ -11,6 +11,7 @@ import (
 	"github.com/portainer/portainer/api/http/handler/edgegroups"
 	"github.com/portainer/portainer/api/http/handler/edgejobs"
 	"github.com/portainer/portainer/api/http/handler/edgestacks"
+	"github.com/portainer/portainer/api/http/handler/edgetemplates"
 	"github.com/portainer/portainer/api/http/handler/endpointedge"
 	"github.com/portainer/portainer/api/http/handler/endpointgroups"
 	"github.com/portainer/portainer/api/http/handler/endpointproxy"
@@ -49,6 +50,7 @@ type Handler struct {
 	EdgeGroupsHandler      *edgegroups.Handler
 	EdgeJobsHandler        *edgejobs.Handler
 	EdgeStacksHandler      *edgestacks.Handler
+	EdgeTemplatesHandler   *edgetemplates.Handler
 	EndpointEdgeHandler    *endpointedge.Handler
 	EndpointGroupHandler   *endpointgroups.Handler
 	EndpointHandler        *endpoints.Handler
@@ -81,7 +83,7 @@ type Handler struct {
 }
 
 // @title PortainerCE API
-// @version 2.27.1
+// @version 2.24.0
 // @description.markdown api-description.md
 // @termsOfService
 
@@ -188,6 +190,8 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		http.StripPrefix("/api", h.EdgeGroupsHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/edge_jobs"):
 		http.StripPrefix("/api", h.EdgeJobsHandler).ServeHTTP(w, r)
+	case strings.HasPrefix(r.URL.Path, "/api/edge_templates"):
+		http.StripPrefix("/api", h.EdgeTemplatesHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/endpoint_groups"):
 		http.StripPrefix("/api", h.EndpointGroupHandler).ServeHTTP(w, r)
 	case strings.HasPrefix(r.URL.Path, "/api/kubernetes"):

api/http/handler/helm/handler.go

@@ -53,6 +53,12 @@ func NewHandler(bouncer security.BouncerService, dataStore dataservices.DataStor
 	h.Handle("/{id}/kubernetes/helm",
 		httperror.LoggerHandler(h.helmInstall)).Methods(http.MethodPost)
 
+	// Deprecated
+	h.Handle("/{id}/kubernetes/helm/repositories",
+		httperror.LoggerHandler(h.userGetHelmRepos)).Methods(http.MethodGet)
+	h.Handle("/{id}/kubernetes/helm/repositories",
+		httperror.LoggerHandler(h.userCreateHelmRepo)).Methods(http.MethodPost)
+
 	return h
 }
 

api/http/handler/helm/helm_install_test.go

@@ -45,7 +45,7 @@ func Test_helmInstall(t *testing.T) {
 	is.NotNil(h, "Handler should not fail")
 
 	// Install a single chart.  We expect to get these values back
-	options := options.InstallOptions{Name: "nginx-1", Chart: "nginx", Namespace: "default", Repo: "https://kubernetes.github.io/ingress-nginx"}
+	options := options.InstallOptions{Name: "nginx-1", Chart: "nginx", Namespace: "default", Repo: "https://charts.bitnami.com/bitnami"}
 	optdata, err := json.Marshal(options)
 	is.NoError(err)
 

api/http/handler/helm/helm_repo_search_test.go

@@ -20,7 +20,7 @@ func Test_helmRepoSearch(t *testing.T) {
 
 	assert.NotNil(t, h, "Handler should not fail")
 
-	repos := []string{"https://kubernetes.github.io/ingress-nginx", "https://portainer.github.io/k8s"}
+	repos := []string{"https://charts.bitnami.com/bitnami", "https://portainer.github.io/k8s"}
 
 	for _, repo := range repos {
 		t.Run(repo, func(t *testing.T) {

api/http/handler/helm/helm_show_test.go

@@ -31,7 +31,7 @@ func Test_helmShow(t *testing.T) {
 		t.Run(cmd, func(t *testing.T) {
 			is.NotNil(h, "Handler should not fail")
 
-			repoUrlEncoded := url.QueryEscape("https://kubernetes.github.io/ingress-nginx")
+			repoUrlEncoded := url.QueryEscape("https://charts.bitnami.com/bitnami")
 			chart := "nginx"
 			req := httptest.NewRequest("GET", fmt.Sprintf("/templates/helm/%s?repo=%s&chart=%s", cmd, repoUrlEncoded, chart), nil)
 			rr := httptest.NewRecorder()

api/http/handler/helm/user_helm_repos.go

@@ -0,0 +1,127 @@
+package helm
+
+import (
+	"net/http"
+	"strings"
+
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/pkg/libhelm"
+	httperror "github.com/portainer/portainer/pkg/libhttp/error"
+	"github.com/portainer/portainer/pkg/libhttp/request"
+	"github.com/portainer/portainer/pkg/libhttp/response"
+
+	"github.com/pkg/errors"
+)
+
+type helmUserRepositoryResponse struct {
+	GlobalRepository string                         `json:"GlobalRepository"`
+	UserRepositories []portainer.HelmUserRepository `json:"UserRepositories"`
+}
+
+type addHelmRepoUrlPayload struct {
+	URL string `json:"url"`
+}
+
+func (p *addHelmRepoUrlPayload) Validate(_ *http.Request) error {
+	return libhelm.ValidateHelmRepositoryURL(p.URL, nil)
+}
+
+// @id HelmUserRepositoryCreateDeprecated
+// @summary Create a user helm repository
+// @description Create a user helm repository.
+// @description **Access policy**: authenticated
+// @tags helm
+// @security ApiKeyAuth
+// @security jwt
+// @accept json
+// @produce json
+// @param id path int true "Environment(Endpoint) identifier"
+// @param payload body addHelmRepoUrlPayload true "Helm Repository"
+// @success 200 {object} portainer.HelmUserRepository "Success"
+// @failure 400 "Invalid request"
+// @failure 403 "Permission denied"
+// @failure 500 "Server error"
+// @deprecated
+// @router /endpoints/{id}/kubernetes/helm/repositories [post]
+func (handler *Handler) userCreateHelmRepo(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	tokenData, err := security.RetrieveTokenData(r)
+	if err != nil {
+		return httperror.InternalServerError("Unable to retrieve user authentication token", err)
+	}
+	userID := tokenData.ID
+
+	p := new(addHelmRepoUrlPayload)
+	err = request.DecodeAndValidateJSONPayload(r, p)
+	if err != nil {
+		return httperror.BadRequest("Invalid Helm repository URL", err)
+	}
+
+	// lowercase, remove trailing slash
+	p.URL = strings.TrimSuffix(strings.ToLower(p.URL), "/")
+
+	records, err := handler.dataStore.HelmUserRepository().HelmUserRepositoryByUserID(userID)
+	if err != nil {
+		return httperror.InternalServerError("Unable to access the DataStore", err)
+	}
+
+	// check if repo already exists - by doing case insensitive comparison
+	for _, record := range records {
+		if strings.EqualFold(record.URL, p.URL) {
+			errMsg := "Helm repo already registered for user"
+			return httperror.BadRequest(errMsg, errors.New(errMsg))
+		}
+	}
+
+	record := portainer.HelmUserRepository{
+		UserID: userID,
+		URL:    p.URL,
+	}
+
+	err = handler.dataStore.HelmUserRepository().Create(&record)
+	if err != nil {
+		return httperror.InternalServerError("Unable to save a user Helm repository URL", err)
+	}
+
+	return response.JSON(w, record)
+}
+
+// @id HelmUserRepositoriesListDeprecated
+// @summary List a users helm repositories
+// @description Inspect a user helm repositories.
+// @description **Access policy**: authenticated
+// @tags helm
+// @security ApiKeyAuth
+// @security jwt
+// @produce json
+// @param id path int true "User identifier"
+// @success 200 {object} helmUserRepositoryResponse "Success"
+// @failure 400 "Invalid request"
+// @failure 403 "Permission denied"
+// @failure 500 "Server error"
+// @deprecated
+// @router /endpoints/{id}/kubernetes/helm/repositories [get]
+func (handler *Handler) userGetHelmRepos(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	tokenData, err := security.RetrieveTokenData(r)
+	if err != nil {
+		return httperror.InternalServerError("Unable to retrieve user authentication token", err)
+	}
+	userID := tokenData.ID
+
+	settings, err := handler.dataStore.Settings().Settings()
+	if err != nil {
+		return httperror.InternalServerError("Unable to retrieve settings from the database", err)
+	}
+
+	userRepos, err := handler.dataStore.HelmUserRepository().HelmUserRepositoryByUserID(userID)
+	if err != nil {
+		return httperror.InternalServerError("Unable to get user Helm repositories", err)
+	}
+
+	resp := helmUserRepositoryResponse{
+		GlobalRepository: settings.HelmRepositoryURL,
+		UserRepositories: userRepos,
+	}
+
+	return response.JSON(w, resp)
+}

api/http/handler/hostmanagement/openamt/amtrpc.go

@@ -13,9 +13,9 @@ import (
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
 
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
-	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/client"
 	"github.com/rs/zerolog/log"
@@ -131,7 +131,7 @@ func (handler *Handler) PullAndRunContainer(ctx context.Context, endpoint *porta
 // TODO: add k8s implementation
 // TODO: work out registry auth
 func pullImage(ctx context.Context, docker *client.Client, imageName string) error {
-	out, err := docker.ImagePull(ctx, imageName, image.PullOptions{})
+	out, err := docker.ImagePull(ctx, imageName, types.ImagePullOptions{})
 	if err != nil {
 		log.Error().Str("image_name", imageName).Err(err).Msg("could not pull image from registry")
 

api/http/handler/kubernetes/cron_job.go

@@ -1,78 +0,0 @@
-package kubernetes
-
-import (
-	"net/http"
-
-	models "github.com/portainer/portainer/api/http/models/kubernetes"
-	httperror "github.com/portainer/portainer/pkg/libhttp/error"
-	"github.com/portainer/portainer/pkg/libhttp/request"
-	"github.com/portainer/portainer/pkg/libhttp/response"
-	"github.com/rs/zerolog/log"
-)
-
-// @id GetKubernetesCronJobs
-// @summary Get a list of kubernetes Cron Jobs
-// @description Get a list of kubernetes Cron Jobs that the user has access to.
-// @description **Access policy**: Authenticated user.
-// @tags kubernetes
-// @security ApiKeyAuth || jwt
-// @produce json
-// @param id path int true "Environment identifier"
-// @success 200 {array} models.K8sCronJob "Success"
-// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
-// @failure 401 "Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions."
-// @failure 403 "Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions."
-// @failure 404 "Unable to find an environment with the specified identifier."
-// @failure 500 "Server error occurred while attempting to retrieve the list of Cron Jobs."
-// @router /kubernetes/{id}/cron_jobs [get]
-func (handler *Handler) getAllKubernetesCronJobs(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	cli, httpErr := handler.prepareKubeClient(r)
-	if httpErr != nil {
-		log.Error().Err(httpErr).Str("context", "GetAllKubernetesCronJobs").Msg("Unable to prepare kube client")
-		return httperror.InternalServerError("unable to prepare kube client. Error: ", httpErr)
-	}
-
-	cronJobs, err := cli.GetCronJobs("")
-	if err != nil {
-		log.Error().Err(err).Str("context", "GetAllKubernetesCronJobs").Msg("Unable to fetch Cron Jobs across all namespaces")
-		return httperror.InternalServerError("unable to fetch Cron Jobs. Error: ", err)
-	}
-
-	return response.JSON(w, cronJobs)
-}
-
-// @id DeleteCronJobs
-// @summary Delete Cron Jobs
-// @description Delete the provided list of Cron Jobs.
-// @description **Access policy**: Authenticated user.
-// @tags kubernetes
-// @security ApiKeyAuth || jwt
-// @accept json
-// @param id path int true "Environment identifier"
-// @param payload body models.K8sCronJobDeleteRequests true "A map where the key is the namespace and the value is an array of Cron Jobs to delete"
-// @success 204 "Success"
-// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
-// @failure 401 "Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions."
-// @failure 403 "Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions."
-// @failure 404 "Unable to find an environment with the specified identifier or unable to find a specific service account."
-// @failure 500 "Server error occurred while attempting to delete Cron Jobs."
-// @router /kubernetes/{id}/cron_jobs/delete [POST]
-func (handler *Handler) deleteKubernetesCronJobs(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	var payload models.K8sCronJobDeleteRequests
-	err := request.DecodeAndValidateJSONPayload(r, &payload)
-	if err != nil {
-		return httperror.BadRequest("Invalid request payload", err)
-	}
-
-	cli, handlerErr := handler.getProxyKubeClient(r)
-	if handlerErr != nil {
-		return handlerErr
-	}
-
-	err = cli.DeleteCronJobs(payload)
-	if err != nil {
-		return httperror.InternalServerError("Unable to delete Cron Jobs", err)
-	}
-
-	return response.Empty(w)
-}

api/http/handler/kubernetes/deprecated_routes.go

@@ -1,51 +0,0 @@
-package kubernetes
-
-import (
-	"bytes"
-	"io"
-	"net/http"
-
-	models "github.com/portainer/portainer/api/http/models/kubernetes"
-	httperror "github.com/portainer/portainer/pkg/libhttp/error"
-	"github.com/portainer/portainer/pkg/libhttp/request"
-)
-
-// @id UpdateKubernetesNamespaceDeprecated
-// @summary Update a namespace
-// @description Update a namespace within the given environment.
-// @description **Access policy**: Authenticated user.
-// @tags kubernetes
-// @security ApiKeyAuth || jwt
-// @accept json
-// @produce json
-// @param id path int true "Environment identifier"
-// @param namespace path string true "Namespace"
-// @param body body models.K8sNamespaceDetails true "Namespace details"
-// @success 200 {object} portainer.K8sNamespaceInfo "Success"
-// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
-// @failure 401 "Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions."
-// @failure 403 "Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions."
-// @failure 404 "Unable to find an environment with the specified identifier or unable to find a specific namespace."
-// @failure 500 "Server error occurred while attempting to update the namespace."
-// @router /kubernetes/{id}/namespaces [put]
-func deprecatedNamespaceParser(w http.ResponseWriter, r *http.Request) (string, *httperror.HandlerError) {
-	environmentId, err := request.RetrieveRouteVariableValue(r, "id")
-	if err != nil {
-		return "", httperror.BadRequest("Invalid query parameter: id", err)
-	}
-
-	// Restore the original body for further use
-	bodyBytes, err := io.ReadAll(r.Body)
-	r.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
-
-	payload := models.K8sNamespaceDetails{}
-	err = request.DecodeAndValidateJSONPayload(r, &payload)
-	if err != nil {
-		return "", httperror.BadRequest("Invalid request. Unable to parse namespace payload", err)
-	}
-	namespaceName := payload.Name
-
-	r.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
-
-	return "/kubernetes/" + environmentId + "/namespaces/" + namespaceName, nil
-}

api/http/handler/kubernetes/handler.go

@@ -55,10 +55,6 @@ func NewHandler(bouncer security.BouncerService, authorizationService *authoriza
 	endpointRouter.Handle("/applications/count", httperror.LoggerHandler(h.getAllKubernetesApplicationsCount)).Methods(http.MethodGet)
 	endpointRouter.Handle("/configmaps", httperror.LoggerHandler(h.GetAllKubernetesConfigMaps)).Methods(http.MethodGet)
 	endpointRouter.Handle("/configmaps/count", httperror.LoggerHandler(h.getAllKubernetesConfigMapsCount)).Methods(http.MethodGet)
-	endpointRouter.Handle("/cron_jobs", httperror.LoggerHandler(h.getAllKubernetesCronJobs)).Methods(http.MethodGet)
-	endpointRouter.Handle("/cron_jobs/delete", httperror.LoggerHandler(h.deleteKubernetesCronJobs)).Methods(http.MethodPost)
-	endpointRouter.Handle("/jobs", httperror.LoggerHandler(h.getAllKubernetesJobs)).Methods(http.MethodGet)
-	endpointRouter.Handle("/jobs/delete", httperror.LoggerHandler(h.deleteKubernetesJobs)).Methods(http.MethodPost)
 	endpointRouter.Handle("/cluster_roles", httperror.LoggerHandler(h.getAllKubernetesClusterRoles)).Methods(http.MethodGet)
 	endpointRouter.Handle("/cluster_roles/delete", httperror.LoggerHandler(h.deleteClusterRoles)).Methods(http.MethodPost)
 	endpointRouter.Handle("/cluster_role_bindings", httperror.LoggerHandler(h.getAllKubernetesClusterRoleBindings)).Methods(http.MethodGet)
@@ -85,11 +81,11 @@ func NewHandler(bouncer security.BouncerService, authorizationService *authoriza
 	endpointRouter.Handle("/services/delete", httperror.LoggerHandler(h.deleteKubernetesServices)).Methods(http.MethodPost)
 	endpointRouter.Handle("/rbac_enabled", httperror.LoggerHandler(h.getKubernetesRBACStatus)).Methods(http.MethodGet)
 	endpointRouter.Handle("/namespaces", httperror.LoggerHandler(h.createKubernetesNamespace)).Methods(http.MethodPost)
+	endpointRouter.Handle("/namespaces", httperror.LoggerHandler(h.updateKubernetesNamespace)).Methods(http.MethodPut)
 	endpointRouter.Handle("/namespaces", httperror.LoggerHandler(h.deleteKubernetesNamespace)).Methods(http.MethodDelete)
 	endpointRouter.Handle("/namespaces", httperror.LoggerHandler(h.getKubernetesNamespaces)).Methods(http.MethodGet)
 	endpointRouter.Handle("/namespaces/count", httperror.LoggerHandler(h.getKubernetesNamespacesCount)).Methods(http.MethodGet)
 	endpointRouter.Handle("/namespaces/{namespace}", httperror.LoggerHandler(h.getKubernetesNamespace)).Methods(http.MethodGet)
-	endpointRouter.Handle("/namespaces/{namespace}", httperror.LoggerHandler(h.updateKubernetesNamespace)).Methods(http.MethodPut)
 	endpointRouter.Handle("/volumes", httperror.LoggerHandler(h.GetAllKubernetesVolumes)).Methods(http.MethodGet)
 	endpointRouter.Handle("/volumes/count", httperror.LoggerHandler(h.getAllKubernetesVolumesCount)).Methods(http.MethodGet)
 	endpointRouter.Handle("/service_accounts", httperror.LoggerHandler(h.getAllKubernetesServiceAccounts)).Methods(http.MethodGet)
@@ -119,12 +115,8 @@ func NewHandler(bouncer security.BouncerService, authorizationService *authoriza
 	namespaceRouter.Handle("/services", httperror.LoggerHandler(h.createKubernetesService)).Methods(http.MethodPost)
 	namespaceRouter.Handle("/services", httperror.LoggerHandler(h.updateKubernetesService)).Methods(http.MethodPut)
 	namespaceRouter.Handle("/services", httperror.LoggerHandler(h.getKubernetesServicesByNamespace)).Methods(http.MethodGet)
-	namespaceRouter.Handle("/volumes", httperror.LoggerHandler(h.GetKubernetesVolumesInNamespace)).Methods(http.MethodGet)
 	namespaceRouter.Handle("/volumes/{volume}", httperror.LoggerHandler(h.getKubernetesVolume)).Methods(http.MethodGet)
 
-	// Deprecated
-	endpointRouter.Handle("/namespaces", middlewares.Deprecated(endpointRouter, deprecatedNamespaceParser)).Methods(http.MethodPut)
-
 	return h
 }
 
@@ -214,17 +206,7 @@ func (handler *Handler) kubeClientMiddleware(next http.Handler) http.Handler {
 				return
 			}
 
-			teamMemberships, err := handler.DataStore.TeamMembership().TeamMembershipsByUserID(user.ID)
-			if err != nil {
-				httperror.WriteError(w, http.StatusInternalServerError, "an error occurred during the KubeClientMiddleware operation, unable to get team memberships for user: ", err)
-				return
-			}
-			teamIDs := []int{}
-			for _, membership := range teamMemberships {
-				teamIDs = append(teamIDs, int(membership.TeamID))
-			}
-
-			nonAdminNamespaces, err = pcli.GetNonAdminNamespaces(int(user.ID), teamIDs, endpoint.Kubernetes.Configuration.RestrictDefaultNamespace)
+			nonAdminNamespaces, err = pcli.GetNonAdminNamespaces(int(user.ID), endpoint.Kubernetes.Configuration.RestrictDefaultNamespace)
 			if err != nil {
 				httperror.WriteError(w, http.StatusInternalServerError, "an error occurred during the KubeClientMiddleware operation, unable to retrieve non-admin namespaces. Error: ", err)
 				return

api/http/handler/kubernetes/job.go

@@ -1,85 +0,0 @@
-package kubernetes
-
-import (
-	"net/http"
-
-	models "github.com/portainer/portainer/api/http/models/kubernetes"
-	httperror "github.com/portainer/portainer/pkg/libhttp/error"
-	"github.com/portainer/portainer/pkg/libhttp/request"
-	"github.com/portainer/portainer/pkg/libhttp/response"
-	"github.com/rs/zerolog/log"
-)
-
-// @id GetKubernetesJobs
-// @summary Get a list of kubernetes Jobs
-// @description Get a list of kubernetes Jobs that the user has access to.
-// @description **Access policy**: Authenticated user.
-// @tags kubernetes
-// @security ApiKeyAuth || jwt
-// @produce json
-// @param id path int true "Environment identifier"
-// @param includeCronJobChildren query bool false "Whether to include Jobs that have a cronjob owner"
-// @success 200 {array} models.K8sJob "Success"
-// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
-// @failure 401 "Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions."
-// @failure 403 "Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions."
-// @failure 404 "Unable to find an environment with the specified identifier."
-// @failure 500 "Server error occurred while attempting to retrieve the list of Jobs."
-// @router /kubernetes/{id}/jobs [get]
-func (handler *Handler) getAllKubernetesJobs(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	includeCronJobChildren, err := request.RetrieveBooleanQueryParameter(r, "includeCronJobChildren", true)
-	if err != nil {
-		log.Error().Err(err).Str("context", "GetAllKubernetesJobs").Msg("Invalid query parameter includeCronJobChildren")
-		return httperror.BadRequest("an error occurred during the GetAllKubernetesJobs operation, invalid query parameter includeCronJobChildren. Error: ", err)
-	}
-
-	cli, httpErr := handler.prepareKubeClient(r)
-	if httpErr != nil {
-		log.Error().Err(httpErr).Str("context", "GetAllKubernetesJobs").Msg("Unable to prepare kube client")
-		return httperror.InternalServerError("unable to prepare kube client. Error: ", httpErr)
-	}
-
-	jobs, err := cli.GetJobs("", includeCronJobChildren)
-	if err != nil {
-		log.Error().Err(err).Str("context", "GetAllKubernetesJobs").Msg("Unable to fetch Jobs across all namespaces")
-		return httperror.InternalServerError("unable to fetch Jobs. Error: ", err)
-	}
-
-	return response.JSON(w, jobs)
-}
-
-// @id DeleteJobs
-// @summary Delete Jobs
-// @description Delete the provided list of Jobs.
-// @description **Access policy**: Authenticated user.
-// @tags kubernetes
-// @security ApiKeyAuth || jwt
-// @accept json
-// @param id path int true "Environment identifier"
-// @param payload body models.K8sJobDeleteRequests true "A map where the key is the namespace and the value is an array of Jobs to delete"
-// @success 204 "Success"
-// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
-// @failure 401 "Unauthorized access - the user is not authenticated or does not have the necessary permissions. Ensure that you have provided a valid API key or JWT token, and that you have the required permissions."
-// @failure 403 "Permission denied - the user is authenticated but does not have the necessary permissions to access the requested resource or perform the specified operation. Check your user roles and permissions."
-// @failure 404 "Unable to find an environment with the specified identifier or unable to find a specific service account."
-// @failure 500 "Server error occurred while attempting to delete Jobs."
-// @router /kubernetes/{id}/jobs/delete [POST]
-func (handler *Handler) deleteKubernetesJobs(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	var payload models.K8sJobDeleteRequests
-	err := request.DecodeAndValidateJSONPayload(r, &payload)
-	if err != nil {
-		return httperror.BadRequest("Invalid request payload", err)
-	}
-
-	cli, handlerErr := handler.getProxyKubeClient(r)
-	if handlerErr != nil {
-		return handlerErr
-	}
-
-	err = cli.DeleteJobs(payload)
-	if err != nil {
-		return httperror.InternalServerError("Unable to delete Jobs", err)
-	}
-
-	return response.Empty(w)
-}

api/http/handler/kubernetes/volumes.go

@@ -27,7 +27,7 @@ import (
 // @failure 500 "Server error occurred while attempting to retrieve kubernetes volumes."
 // @router /kubernetes/{id}/volumes [get]
 func (handler *Handler) GetAllKubernetesVolumes(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	volumes, err := handler.getKubernetesVolumes(r, "")
+	volumes, err := handler.getKubernetesVolumes(r)
 	if err != nil {
 		return err
 	}
@@ -49,7 +49,7 @@ func (handler *Handler) GetAllKubernetesVolumes(w http.ResponseWriter, r *http.R
 // @failure 500 "Server error occurred while attempting to retrieve kubernetes volumes count."
 // @router /kubernetes/{id}/volumes/count [get]
 func (handler *Handler) getAllKubernetesVolumesCount(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	volumes, err := handler.getKubernetesVolumes(r, "")
+	volumes, err := handler.getKubernetesVolumes(r)
 	if err != nil {
 		return err
 	}
@@ -57,36 +57,6 @@ func (handler *Handler) getAllKubernetesVolumesCount(w http.ResponseWriter, r *h
 	return response.JSON(w, len(volumes))
 }
 
-// @id GetKubernetesVolumesInNamespace
-// @summary Get Kubernetes volumes within a namespace in the given Portainer environment
-// @description Get a list of kubernetes volumes within the specified namespace in the given environment (Endpoint). The Endpoint ID must be a valid Portainer environment identifier.
-// @description **Access policy**: Authenticated user.
-// @tags kubernetes
-// @security ApiKeyAuth || jwt
-// @produce json
-// @param id path int true "Environment identifier"
-// @param namespace path string true "Namespace identifier"
-// @param withApplications query boolean false "When set to True, include the applications that are using the volumes. It is set to false by default"
-// @success 200 {object} map[string]kubernetes.K8sVolumeInfo "Success"
-// @failure 400 "Invalid request payload, such as missing required fields or fields not meeting validation criteria."
-// @failure 403 "Unauthorized access or operation not allowed."
-// @failure 500 "Server error occurred while attempting to retrieve kubernetes volumes in the namespace."
-// @router /kubernetes/{id}/namespaces/{namespace}/volumes [get]
-func (handler *Handler) GetKubernetesVolumesInNamespace(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
-	namespace, err := request.RetrieveRouteVariableValue(r, "namespace")
-	if err != nil {
-		log.Error().Err(err).Str("context", "GetKubernetesVolumesInNamespace").Msg("Unable to retrieve namespace identifier")
-		return httperror.BadRequest("Invalid namespace identifier", err)
-	}
-
-	volumes, httpErr := handler.getKubernetesVolumes(r, namespace)
-	if httpErr != nil {
-		return httpErr
-	}
-
-	return response.JSON(w, volumes)
-}
-
 // @id GetKubernetesVolume
 // @summary Get a Kubernetes volume within the given Portainer environment
 // @description Get a Kubernetes volume within the given environment (Endpoint). The Endpoint ID must be a valid Portainer environment identifier.
@@ -139,7 +109,7 @@ func (handler *Handler) getKubernetesVolume(w http.ResponseWriter, r *http.Reque
 	return response.JSON(w, volume)
 }
 
-func (handler *Handler) getKubernetesVolumes(r *http.Request, namespace string) ([]models.K8sVolumeInfo, *httperror.HandlerError) {
+func (handler *Handler) getKubernetesVolumes(r *http.Request) ([]models.K8sVolumeInfo, *httperror.HandlerError) {
 	withApplications, err := request.RetrieveBooleanQueryParameter(r, "withApplications", true)
 	if err != nil {
 		log.Error().Err(err).Str("context", "GetKubernetesVolumes").Bool("withApplications", withApplications).Msg("Unable to parse query parameter")
@@ -152,7 +122,7 @@ func (handler *Handler) getKubernetesVolumes(r *http.Request, namespace string)
 		return nil, httperror.InternalServerError("Failed to prepare Kubernetes client", httpErr)
 	}
 
-	volumes, err := cli.GetVolumes(namespace)
+	volumes, err := cli.GetVolumes("")
 	if err != nil {
 		if k8serrors.IsUnauthorized(err) {
 			log.Error().Err(err).Str("context", "GetKubernetesVolumes").Msg("Unauthorized access")

api/http/handler/registries/registry_list.go

@@ -36,9 +36,5 @@ func (handler *Handler) registryList(w http.ResponseWriter, r *http.Request) *ht
 		return httperror.InternalServerError("Unable to retrieve registries from the database", err)
 	}
 
-	for idx := range registries {
-		hideFields(&registries[idx], false)
-	}
-
 	return response.JSON(w, registries)
 }

api/http/handler/settings/settings_update.go

@@ -46,7 +46,7 @@ type settingsUpdatePayload struct {
 	// Whether telemetry is enabled
 	EnableTelemetry *bool `example:"false"`
 	// Helm repository URL
-	HelmRepositoryURL *string `example:"https://kubernetes.github.io/ingress-nginx"`
+	HelmRepositoryURL *string `example:"https://charts.bitnami.com/bitnami"`
 	// Kubectl Shell Image
 	KubectlShellImage *string `example:"portainer/kubectl-shell:latest"`
 	// TrustOnFirstConnect makes Portainer accepting edge agent connection by default

api/http/handler/stacks/handler.go

@@ -11,6 +11,7 @@ import (
 	"github.com/portainer/portainer/api/dataservices"
 	dockerclient "github.com/portainer/portainer/api/docker/client"
 	"github.com/portainer/portainer/api/docker/consts"
+	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/security"
 	"github.com/portainer/portainer/api/internal/authorization"
 	"github.com/portainer/portainer/api/internal/endpointutils"
@@ -61,6 +62,8 @@ func NewHandler(bouncer security.BouncerService) *Handler {
 
 	h.Handle("/stacks/create/{type}/{method}",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.stackCreate))).Methods(http.MethodPost)
+	h.Handle("/stacks",
+		bouncer.AuthenticatedAccess(middlewares.Deprecated(h, deprecatedStackCreateUrlParser))).Methods(http.MethodPost) // Deprecated
 	h.Handle("/stacks",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.stackList))).Methods(http.MethodGet)
 	h.Handle("/stacks/{id}",

api/http/handler/stacks/stack_create.go

@@ -1,6 +1,7 @@
 package stacks
 
 import (
+	"fmt"
 	"net/http"
 
 	portainer "github.com/portainer/portainer/api"
@@ -140,3 +141,53 @@ func (handler *Handler) decorateStackResponse(w http.ResponseWriter, stack *port
 
 	return response.JSON(w, stack)
 }
+
+func getStackTypeFromQueryParameter(r *http.Request) (string, error) {
+	stackType, err := request.RetrieveNumericQueryParameter(r, "type", false)
+	if err != nil {
+		return "", err
+	}
+
+	switch stackType {
+	case 1:
+		return "swarm", nil
+	case 2:
+		return "standalone", nil
+	case 3:
+		return "kubernetes", nil
+	}
+
+	return "", errors.New(request.ErrInvalidQueryParameter)
+}
+
+// @id StackCreate
+// @summary Deploy a new stack
+// @description Deploy a new stack into a Docker environment(endpoint) specified via the environment(endpoint) identifier.
+// @description **Access policy**: authenticated
+// @tags stacks
+// @security ApiKeyAuth
+// @security jwt
+// @accept json,multipart/form-data
+// @produce json
+// @param type query int true "Stack deployment type. Possible values: 1 (Swarm stack), 2 (Compose stack) or 3 (Kubernetes stack)." Enums(1,2,3)
+// @param method query string true "Stack deployment method. Possible values: file, string, repository or url." Enums(string, file, repository, url)
+// @param endpointId query int true "Identifier of the environment(endpoint) that will be used to deploy the stack"
+// @param body body object true "for body documentation see the relevant /stacks/create/{type}/{method} endpoint"
+// @success 200 {object} portainer.Stack
+// @failure 400 "Invalid request"
+// @failure 500 "Server error"
+// @deprecated
+// @router /stacks [post]
+func deprecatedStackCreateUrlParser(w http.ResponseWriter, r *http.Request) (string, *httperror.HandlerError) {
+	method, err := request.RetrieveQueryParameter(r, "method", false)
+	if err != nil {
+		return "", httperror.BadRequest("Invalid query parameter: method. Valid values are: file or string", err)
+	}
+
+	stackType, err := getStackTypeFromQueryParameter(r)
+	if err != nil {
+		return "", httperror.BadRequest("Invalid query parameter: type", err)
+	}
+
+	return fmt.Sprintf("/stacks/create/%s/%s", stackType, method), nil
+}

api/http/handler/system/handler.go

@@ -59,6 +59,10 @@ func NewHandler(bouncer security.BouncerService,
 	// Deprecated /status endpoint, will be removed in the future.
 	h.Handle("/status",
 		bouncer.PublicAccess(httperror.LoggerHandler(h.statusInspectDeprecated))).Methods(http.MethodGet)
+	h.Handle("/status/version",
+		bouncer.AuthenticatedAccess(http.HandlerFunc(h.versionDeprecated))).Methods(http.MethodGet)
+	h.Handle("/status/nodes",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.statusNodesCountDeprecated))).Methods(http.MethodGet)
 
 	return h
 }

api/http/handler/system/nodes_count.go

@@ -3,11 +3,12 @@ package system
 import (
 	"net/http"
 
-	portainer "github.com/portainer/portainer/api"
 	statusutil "github.com/portainer/portainer/api/internal/nodes"
 	"github.com/portainer/portainer/api/internal/snapshot"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/response"
+
+	"github.com/rs/zerolog/log"
 )
 
 type nodesCountResponse struct {
@@ -30,15 +31,32 @@ func (handler *Handler) systemNodesCount(w http.ResponseWriter, r *http.Request)
 		return httperror.InternalServerError("Failed to get environment list", err)
 	}
 
-	var nodes int
-
-	for _, endpoint := range endpoints {
-		if err := snapshot.FillSnapshotData(handler.dataStore, &endpoint); err != nil {
+	for i := range endpoints {
+		err = snapshot.FillSnapshotData(handler.dataStore, &endpoints[i])
+		if err != nil {
 			return httperror.InternalServerError("Unable to add snapshot data", err)
 		}
-
-		nodes += statusutil.NodesCount([]portainer.Endpoint{endpoint})
 	}
 
+	nodes := statusutil.NodesCount(endpoints)
+
 	return response.JSON(w, &nodesCountResponse{Nodes: nodes})
 }
+
+// @id statusNodesCount
+// @summary Retrieve the count of nodes
+// @deprecated
+// @description Deprecated: use the `/system/nodes` endpoint instead.
+// @description **Access policy**: authenticated
+// @security ApiKeyAuth
+// @security jwt
+// @tags status
+// @produce json
+// @success 200 {object} nodesCountResponse "Success"
+// @failure 500 "Server error"
+// @router /status/nodes [get]
+func (handler *Handler) statusNodesCountDeprecated(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	log.Warn().Msg("The /status/nodes endpoint is deprecated, please use the /system/nodes endpoint instead")
+
+	return handler.systemNodesCount(w, r)
+}

api/http/handler/system/system_info.go

@@ -3,7 +3,6 @@ package system
 import (
 	"net/http"
 
-	"github.com/pkg/errors"
 	"github.com/portainer/portainer/api/internal/endpointutils"
 	plf "github.com/portainer/portainer/api/platform"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
@@ -47,12 +46,7 @@ func (handler *Handler) systemInfo(w http.ResponseWriter, r *http.Request) *http
 
 	platform, err := handler.platformService.GetPlatform()
 	if err != nil {
-		if !errors.Is(err, plf.ErrNoLocalEnvironment) {
-			return httperror.InternalServerError("Failed to get platform", err)
-		}
-		// If no local environment is detected, we assume the platform is Docker
-		// UI will stop showing the upgrade banner
-		platform = plf.PlatformDocker
+		return httperror.InternalServerError("Failed to get platform", err)
 	}
 
 	return response.JSON(w, &systemInfoResponse{

api/http/handler/system/system_upgrade.go

@@ -4,7 +4,6 @@ import (
 	"net/http"
 	"regexp"
 
-	ceplf "github.com/portainer/portainer/api/platform"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
 	"github.com/portainer/portainer/pkg/libhttp/response"
@@ -46,9 +45,6 @@ func (handler *Handler) systemUpgrade(w http.ResponseWriter, r *http.Request) *h
 
 	environment, err := handler.platformService.GetLocalEnvironment()
 	if err != nil {
-		if errors.Is(err, ceplf.ErrNoLocalEnvironment) {
-			return httperror.NotFound("The system upgrade feature is disabled because no local environment was detected.", err)
-		}
 		return httperror.InternalServerError("Failed to get local environment", err)
 	}
 
@@ -57,7 +53,8 @@ func (handler *Handler) systemUpgrade(w http.ResponseWriter, r *http.Request) *h
 		return httperror.InternalServerError("Failed to get platform", err)
 	}
 
-	if err := handler.upgradeService.Upgrade(platform, environment, payload.License); err != nil {
+	err = handler.upgradeService.Upgrade(platform, environment, payload.License)
+	if err != nil {
 		return httperror.InternalServerError("Failed to upgrade Portainer", err)
 	}
 

api/http/handler/system/version.go

@@ -2,11 +2,12 @@ package system
 
 import (
 	"net/http"
+	"os"
 
 	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/build"
 	"github.com/portainer/portainer/api/http/client"
 	"github.com/portainer/portainer/api/http/security"
-	"github.com/portainer/portainer/pkg/build"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/response"
 
@@ -22,12 +23,20 @@ type versionResponse struct {
 	LatestVersion string `json:"LatestVersion" example:"2.0.0"`
 
 	ServerVersion   string
-	VersionSupport  string `json:"VersionSupport" example:"STS/LTS"`
 	ServerEdition   string `json:"ServerEdition" example:"CE/EE"`
 	DatabaseVersion string
-	Build           build.BuildInfo
-	Dependencies    build.DependenciesInfo
-	Runtime         build.RuntimeInfo
+	Build           BuildInfo
+}
+
+type BuildInfo struct {
+	BuildNumber    string
+	ImageTag       string
+	NodejsVersion  string
+	YarnVersion    string
+	WebpackVersion string
+	GoVersion      string
+	GitCommit      string
+	Env            []string `json:",omitempty"`
 }
 
 // @id systemVersion
@@ -48,15 +57,21 @@ func (handler *Handler) version(w http.ResponseWriter, r *http.Request) *httperr
 
 	result := &versionResponse{
 		ServerVersion:   portainer.APIVersion,
-		VersionSupport:  portainer.APIVersionSupport,
 		DatabaseVersion: portainer.APIVersion,
 		ServerEdition:   portainer.Edition.GetEditionLabel(),
-		Build:           build.GetBuildInfo(),
-		Dependencies:    build.GetDependenciesInfo(),
+		Build: BuildInfo{
+			BuildNumber:    build.BuildNumber,
+			ImageTag:       build.ImageTag,
+			NodejsVersion:  build.NodejsVersion,
+			YarnVersion:    build.YarnVersion,
+			WebpackVersion: build.WebpackVersion,
+			GoVersion:      build.GoVersion,
+			GitCommit:      build.GitCommit,
+		},
 	}
 
 	if isAdmin {
-		result.Runtime = build.GetRuntimeInfo()
+		result.Build.Env = os.Environ()
 	}
 
 	latestVersion := GetLatestVersion()
@@ -106,3 +121,21 @@ func HasNewerVersion(currentVersion, latestVersion string) bool {
 
 	return currentVersionSemver.LessThan(*latestVersionSemver)
 }
+
+// @id Version
+// @summary Check for portainer updates
+// @deprecated
+// @description Deprecated: use the `/system/version` endpoint instead.
+// @description Check if portainer has an update available
+// @description **Access policy**: authenticated
+// @security ApiKeyAuth
+// @security jwt
+// @tags status
+// @produce json
+// @success 200 {object} versionResponse "Success"
+// @router /status/version [get]
+func (handler *Handler) versionDeprecated(w http.ResponseWriter, r *http.Request) {
+	log.Warn().Msg("The /status/version endpoint is deprecated, please use the /system/version endpoint instead")
+
+	handler.version(w, r)
+}

api/http/handler/tags/tag_delete.go

@@ -133,17 +133,10 @@ func deleteTag(tx dataservices.DataStoreTx, tagID portainer.TagID) error {
 
 func updateEndpointRelations(tx dataservices.DataStoreTx, endpoint portainer.Endpoint, edgeGroups []portainer.EdgeGroup, edgeStacks []portainer.EdgeStack) error {
 	endpointRelation, err := tx.EndpointRelation().EndpointRelation(endpoint.ID)
-	if err != nil && !tx.IsErrObjectNotFound(err) {
+	if err != nil {
 		return err
 	}
 
-	if endpointRelation == nil {
-		endpointRelation = &portainer.EndpointRelation{
-			EndpointID: endpoint.ID,
-			EdgeStacks: make(map[portainer.EdgeStackID]bool),
-		}
-	}
-
 	endpointGroup, err := tx.EndpointGroup().Read(endpoint.GroupID)
 	if err != nil {
 		return err
@@ -154,7 +147,6 @@ func updateEndpointRelations(tx dataservices.DataStoreTx, endpoint portainer.End
 	for _, edgeStackID := range endpointStacks {
 		stacksSet[edgeStackID] = true
 	}
-
 	endpointRelation.EdgeStacks = stacksSet
 
 	return tx.EndpointRelation().UpdateEndpointRelation(endpoint.ID, endpointRelation)

api/http/handler/templates/handler.go

@@ -29,5 +29,7 @@ func NewHandler(bouncer security.BouncerService) *Handler {
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.templateList))).Methods(http.MethodGet)
 	h.Handle("/templates/{id}/file",
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.templateFile))).Methods(http.MethodPost)
+	h.Handle("/templates/file",
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.templateFileOld))).Methods(http.MethodPost)
 	return h
 }

api/http/handler/templates/template_file_old.go

@@ -0,0 +1,93 @@
+package templates
+
+import (
+	"errors"
+	"net/http"
+
+	httperror "github.com/portainer/portainer/pkg/libhttp/error"
+	"github.com/portainer/portainer/pkg/libhttp/request"
+	"github.com/portainer/portainer/pkg/libhttp/response"
+	"github.com/rs/zerolog/log"
+)
+
+type filePayload struct {
+	// URL of a git repository where the file is stored
+	RepositoryURL string `example:"https://github.com/portainer/portainer-compose" validate:"required"`
+	// Path to the file inside the git repository
+	ComposeFilePathInRepository string `example:"./subfolder/docker-compose.yml" validate:"required"`
+}
+
+func (payload *filePayload) Validate(r *http.Request) error {
+	if len(payload.RepositoryURL) == 0 {
+		return errors.New("Invalid repository url")
+	}
+
+	if len(payload.ComposeFilePathInRepository) == 0 {
+		return errors.New("Invalid file path")
+	}
+
+	return nil
+}
+
+func (handler *Handler) ifRequestedTemplateExists(payload *filePayload) *httperror.HandlerError {
+	response, httpErr := handler.fetchTemplates()
+	if httpErr != nil {
+		return httpErr
+	}
+
+	for _, t := range response.Templates {
+		if t.Repository.URL == payload.RepositoryURL && t.Repository.StackFile == payload.ComposeFilePathInRepository {
+			return nil
+		}
+	}
+	return httperror.InternalServerError("Invalid template", errors.New("requested template does not exist"))
+}
+
+// @id TemplateFileOld
+// @summary Get a template's file
+// @deprecated
+// @description Get a template's file
+// @description **Access policy**: authenticated
+// @tags templates
+// @security ApiKeyAuth
+// @security jwt
+// @accept json
+// @produce json
+// @param body body filePayload true "File details"
+// @success 200 {object} fileResponse "Success"
+// @failure 400 "Invalid request"
+// @failure 500 "Server error"
+// @router /templates/file [post]
+func (handler *Handler) templateFileOld(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	log.Warn().Msg("This api is deprecated. Please use /templates/{id}/file instead")
+
+	var payload filePayload
+	err := request.DecodeAndValidateJSONPayload(r, &payload)
+	if err != nil {
+		return httperror.BadRequest("Invalid request payload", err)
+	}
+
+	if err := handler.ifRequestedTemplateExists(&payload); err != nil {
+		return err
+	}
+
+	projectPath, err := handler.FileService.GetTemporaryPath()
+	if err != nil {
+		return httperror.InternalServerError("Unable to create temporary folder", err)
+	}
+
+	defer handler.cleanUp(projectPath)
+
+	err = handler.GitService.CloneRepository(projectPath, payload.RepositoryURL, "", "", "", false)
+	if err != nil {
+		return httperror.InternalServerError("Unable to clone git repository", err)
+	}
+
+	fileContent, err := handler.FileService.GetFileContent(projectPath, payload.ComposeFilePathInRepository)
+	if err != nil {
+		return httperror.InternalServerError("Failed loading file content", err)
+	}
+
+	return response.JSON(w, fileResponse{FileContent: string(fileContent)})
+
+}

api/http/handler/webhooks/webhook_execute.go

@@ -13,7 +13,6 @@ import (
 	"github.com/portainer/portainer/pkg/libhttp/response"
 
 	dockertypes "github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/image"
 )
 
 // @summary Execute a webhook
@@ -80,16 +79,16 @@ func (handler *Handler) executeServiceWebhook(
 
 	service.Spec.TaskTemplate.ForceUpdate++
 
-	imageName := strings.Split(service.Spec.TaskTemplate.ContainerSpec.Image, "@sha")[0]
-	service.Spec.TaskTemplate.ContainerSpec.Image = imageName
+	var imageName = strings.Split(service.Spec.TaskTemplate.ContainerSpec.Image, "@sha")[0]
 
 	if imageTag != "" {
-		tagIndex := strings.LastIndex(imageName, ":")
+		var tagIndex = strings.LastIndex(imageName, ":")
 		if tagIndex == -1 {
 			tagIndex = len(imageName)
 		}
-
 		service.Spec.TaskTemplate.ContainerSpec.Image = imageName[:tagIndex] + ":" + imageTag
+	} else {
+		service.Spec.TaskTemplate.ContainerSpec.Image = imageName
 	}
 
 	serviceUpdateOptions := dockertypes.ServiceUpdateOptions{
@@ -110,9 +109,8 @@ func (handler *Handler) executeServiceWebhook(
 			}
 		}
 	}
-
 	if imageTag != "" {
-		rc, err := dockerClient.ImagePull(context.Background(), service.Spec.TaskTemplate.ContainerSpec.Image, image.PullOptions{RegistryAuth: serviceUpdateOptions.EncodedRegistryAuth})
+		rc, err := dockerClient.ImagePull(context.Background(), service.Spec.TaskTemplate.ContainerSpec.Image, dockertypes.ImagePullOptions{RegistryAuth: serviceUpdateOptions.EncodedRegistryAuth})
 		if err != nil {
 			return httperror.NotFound("Error pulling image with the specified tag", err)
 		}

api/http/models/kubernetes/cron_jobs.go

@@ -1,36 +0,0 @@
-package kubernetes
-
-import (
-	"errors"
-	"net/http"
-)
-
-type K8sCronJob struct {
-	Id        string   `json:"Id"`
-	Name      string   `json:"Name"`
-	Namespace string   `json:"Namespace"`
-	Command   string   `json:"Command"`
-	Schedule  string   `json:"Schedule"`
-	Timezone  string   `json:"Timezone"`
-	Suspend   bool     `json:"Suspend"`
-	Jobs      []K8sJob `json:"Jobs"`
-	IsSystem  bool     `json:"IsSystem"`
-}
-
-type (
-	K8sCronJobDeleteRequests map[string][]string
-)
-
-func (r K8sCronJobDeleteRequests) Validate(request *http.Request) error {
-	if len(r) == 0 {
-		return errors.New("missing deletion request list in payload")
-	}
-
-	for ns := range r {
-		if len(ns) == 0 {
-			return errors.New("deletion given with empty namespace")
-		}
-	}
-
-	return nil
-}

api/http/models/kubernetes/jobs.go

@@ -1,44 +0,0 @@
-package kubernetes
-
-import (
-	"errors"
-	"net/http"
-
-	corev1 "k8s.io/api/core/v1"
-)
-
-// K8sJob struct
-type K8sJob struct {
-	ID           string           `json:"Id"`
-	Namespace    string           `json:"Namespace"`
-	Name         string           `json:"Name"`
-	PodName      string           `json:"PodName"`
-	Container    corev1.Container `json:"Container,omitempty"`
-	Command      string           `json:"Command,omitempty"`
-	BackoffLimit int32            `json:"BackoffLimit,omitempty"`
-	Completions  int32            `json:"Completions,omitempty"`
-	StartTime    string           `json:"StartTime"`
-	FinishTime   string           `json:"FinishTime"`
-	Duration     string           `json:"Duration"`
-	Status       string           `json:"Status"`
-	FailedReason string           `json:"FailedReason"`
-	IsSystem     bool             `json:"IsSystem"`
-}
-
-type (
-	K8sJobDeleteRequests map[string][]string
-)
-
-func (r K8sJobDeleteRequests) Validate(request *http.Request) error {
-	if len(r) == 0 {
-		return errors.New("missing deletion request list in payload")
-	}
-
-	for ns := range r {
-		if len(ns) == 0 {
-			return errors.New("deletion given with empty namespace")
-		}
-	}
-
-	return nil
-}

api/http/offlinegate/offlinegate.go

@@ -41,13 +41,11 @@ func (o *OfflineGate) WaitingMiddleware(timeout time.Duration, next http.Handler
 		}
 
 		if !o.lock.RTryLockWithTimeout(timeout) {
-			log.Error().Str("url", r.URL.Path).Msg("request timed out while waiting for the backup process to finish")
-			httperror.WriteError(w, http.StatusRequestTimeout, "Request timed out while waiting for the backup process to finish", http.ErrHandlerTimeout)
+			log.Error().Msg("timeout waiting for the offline gate to signal")
+			httperror.WriteError(w, http.StatusRequestTimeout, "Timeout waiting for the offline gate to signal", http.ErrHandlerTimeout)
 			return
 		}
-
-		defer o.lock.RUnlock()
-
 		next.ServeHTTP(w, r)
+		o.lock.RUnlock()
 	})
 }

api/http/offlinegate/offlinegate_test.go

@@ -9,7 +9,6 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )
 
 func Test_canLockAndUnlock(t *testing.T) {
@@ -147,30 +146,3 @@ func Test_waitingMiddleware_mayTimeout_whenLockedForTooLong(t *testing.T) {
 
 	assert.Equal(t, http.StatusRequestTimeout, response.Result().StatusCode, "Request support to timeout waiting for the gate")
 }
-
-func Test_waitingMiddleware_handlerPanics(t *testing.T) {
-	o := NewOfflineGate()
-
-	request := httptest.NewRequest(http.MethodPost, "/", nil)
-	response := httptest.NewRecorder()
-
-	wg := sync.WaitGroup{}
-	wg.Add(1)
-
-	go func() {
-		defer func() {
-			recover()
-
-			wg.Done()
-		}()
-
-		o.WaitingMiddleware(time.Second, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			panic("panic")
-		})).ServeHTTP(response, request)
-	}()
-
-	wg.Wait()
-
-	require.True(t, o.lock.TryLock())
-	o.lock.Unlock()
-}