2018-06-11 13:13:19 +00:00
package endpointgroups
import (
2023-05-16 17:47:31 +00:00
"errors"
2018-06-11 13:13:19 +00:00
"net/http"
2019-10-07 02:42:01 +00:00
"reflect"
2018-06-11 13:13:19 +00:00
2021-02-23 03:21:39 +00:00
portainer "github.com/portainer/portainer/api"
2023-05-16 17:47:31 +00:00
"github.com/portainer/portainer/api/dataservices"
2020-06-16 07:58:16 +00:00
"github.com/portainer/portainer/api/internal/tag"
2023-09-01 22:27:02 +00:00
httperror "github.com/portainer/portainer/pkg/libhttp/error"
"github.com/portainer/portainer/pkg/libhttp/request"
"github.com/portainer/portainer/pkg/libhttp/response"
2023-09-04 23:03:43 +00:00
"github.com/rs/zerolog/log"
2018-06-11 13:13:19 +00:00
)
type endpointGroupUpdatePayload struct {
2021-09-20 00:14:22 +00:00
// Environment(Endpoint) group name
Name string ` example:"my-environment-group" `
// Environment(Endpoint) group description
2021-02-23 03:21:39 +00:00
Description string ` example:"description" `
2021-09-20 00:14:22 +00:00
// List of tag identifiers associated to the environment(endpoint) group
2021-02-23 03:21:39 +00:00
TagIDs [ ] portainer . TagID ` example:"3,4" `
2019-07-20 23:28:11 +00:00
UserAccessPolicies portainer . UserAccessPolicies
TeamAccessPolicies portainer . TeamAccessPolicies
2018-06-11 13:13:19 +00:00
}
func ( payload * endpointGroupUpdatePayload ) Validate ( r * http . Request ) error {
return nil
}
2021-02-23 03:21:39 +00:00
// @id EndpointGroupUpdate
2021-09-20 00:14:22 +00:00
// @summary Update an environment(endpoint) group
// @description Update an environment(endpoint) group.
2021-02-23 03:21:39 +00:00
// @description **Access policy**: administrator
// @tags endpoint_groups
2021-11-30 02:31:16 +00:00
// @security ApiKeyAuth
2021-02-23 03:21:39 +00:00
// @security jwt
// @accept json
// @produce json
// @param id path int true "EndpointGroup identifier"
// @param body body endpointGroupUpdatePayload true "EndpointGroup details"
// @success 200 {object} portainer.EndpointGroup "Success"
// @failure 400 "Invalid request"
// @failure 404 "EndpointGroup not found"
// @failure 500 "Server error"
2021-09-13 03:42:53 +00:00
// @router /endpoint_groups/{id} [put]
2018-06-11 13:13:19 +00:00
func ( handler * Handler ) endpointGroupUpdate ( w http . ResponseWriter , r * http . Request ) * httperror . HandlerError {
endpointGroupID , err := request . RetrieveNumericRouteVariableValue ( r , "id" )
if err != nil {
2022-09-14 23:42:39 +00:00
return httperror . BadRequest ( "Invalid environment group identifier route variable" , err )
2018-06-11 13:13:19 +00:00
}
var payload endpointGroupUpdatePayload
err = request . DecodeAndValidateJSONPayload ( r , & payload )
if err != nil {
2022-09-14 23:42:39 +00:00
return httperror . BadRequest ( "Invalid request payload" , err )
2018-06-11 13:13:19 +00:00
}
2023-05-16 17:47:31 +00:00
var endpointGroup * portainer . EndpointGroup
2023-09-05 23:27:20 +00:00
err = handler . DataStore . UpdateTx ( func ( tx dataservices . DataStoreTx ) error {
endpointGroup , err = handler . updateEndpointGroup ( tx , portainer . EndpointGroupID ( endpointGroupID ) , payload )
return err
} )
2023-05-16 17:47:31 +00:00
if err != nil {
var httpErr * httperror . HandlerError
if errors . As ( err , & httpErr ) {
return httpErr
}
return httperror . InternalServerError ( "Unexpected error" , err )
}
return response . JSON ( w , endpointGroup )
}
func ( handler * Handler ) updateEndpointGroup ( tx dataservices . DataStoreTx , endpointGroupID portainer . EndpointGroupID , payload endpointGroupUpdatePayload ) ( * portainer . EndpointGroup , error ) {
2023-06-22 21:28:07 +00:00
endpointGroup , err := tx . EndpointGroup ( ) . Read ( portainer . EndpointGroupID ( endpointGroupID ) )
2023-05-16 17:47:31 +00:00
if tx . IsErrObjectNotFound ( err ) {
return nil , httperror . NotFound ( "Unable to find an environment group with the specified identifier inside the database" , err )
2018-06-11 13:13:19 +00:00
} else if err != nil {
2023-05-16 17:47:31 +00:00
return nil , httperror . InternalServerError ( "Unable to find an environment group with the specified identifier inside the database" , err )
2018-06-11 13:13:19 +00:00
}
if payload . Name != "" {
endpointGroup . Name = payload . Name
}
if payload . Description != "" {
endpointGroup . Description = payload . Description
}
2020-05-14 02:14:28 +00:00
tagsChanged := false
2020-03-29 09:54:14 +00:00
if payload . TagIDs != nil {
2020-06-16 07:58:16 +00:00
payloadTagSet := tag . Set ( payload . TagIDs )
endpointGroupTagSet := tag . Set ( ( endpointGroup . TagIDs ) )
union := tag . Union ( payloadTagSet , endpointGroupTagSet )
intersection := tag . Intersection ( payloadTagSet , endpointGroupTagSet )
2020-05-14 02:14:28 +00:00
tagsChanged = len ( union ) > len ( intersection )
if tagsChanged {
2020-06-16 07:58:16 +00:00
removeTags := tag . Difference ( endpointGroupTagSet , payloadTagSet )
2020-05-14 02:14:28 +00:00
for tagID := range removeTags {
2023-06-22 21:28:07 +00:00
tag , err := tx . Tag ( ) . Read ( tagID )
2023-05-16 17:47:31 +00:00
if err != nil {
return nil , httperror . InternalServerError ( "Unable to find a tag inside the database" , err )
}
delete ( tag . EndpointGroups , endpointGroup . ID )
2023-06-22 21:28:07 +00:00
err = tx . Tag ( ) . Update ( tagID , tag )
2023-05-16 17:47:31 +00:00
if err != nil {
return nil , httperror . InternalServerError ( "Unable to persist tag changes inside the database" , err )
2020-05-14 02:14:28 +00:00
}
}
endpointGroup . TagIDs = payload . TagIDs
for _ , tagID := range payload . TagIDs {
2023-06-22 21:28:07 +00:00
tag , err := tx . Tag ( ) . Read ( tagID )
2023-05-16 17:47:31 +00:00
if err != nil {
return nil , httperror . InternalServerError ( "Unable to find a tag inside the database" , err )
}
tag . EndpointGroups [ endpointGroup . ID ] = true
2023-06-22 21:28:07 +00:00
err = tx . Tag ( ) . Update ( tagID , tag )
2023-05-16 17:47:31 +00:00
if err != nil {
return nil , httperror . InternalServerError ( "Unable to persist tag changes inside the database" , err )
2020-05-14 02:14:28 +00:00
}
}
}
2018-06-15 07:18:25 +00:00
}
2018-06-11 13:13:19 +00:00
2021-06-16 08:15:29 +00:00
updateAuthorizations := false
2019-10-07 02:42:01 +00:00
if payload . UserAccessPolicies != nil && ! reflect . DeepEqual ( payload . UserAccessPolicies , endpointGroup . UserAccessPolicies ) {
2019-05-24 06:04:58 +00:00
endpointGroup . UserAccessPolicies = payload . UserAccessPolicies
2021-06-16 08:15:29 +00:00
updateAuthorizations = true
2019-05-24 06:04:58 +00:00
}
2019-10-07 02:42:01 +00:00
if payload . TeamAccessPolicies != nil && ! reflect . DeepEqual ( payload . TeamAccessPolicies , endpointGroup . TeamAccessPolicies ) {
2019-05-24 06:04:58 +00:00
endpointGroup . TeamAccessPolicies = payload . TeamAccessPolicies
2021-06-16 08:15:29 +00:00
updateAuthorizations = true
}
if updateAuthorizations {
2023-05-16 17:47:31 +00:00
endpoints , err := tx . Endpoint ( ) . Endpoints ( )
2021-06-16 08:15:29 +00:00
if err != nil {
2023-05-16 17:47:31 +00:00
return nil , httperror . InternalServerError ( "Unable to retrieve environments from the database" , err )
2021-06-16 08:15:29 +00:00
}
for _ , endpoint := range endpoints {
if endpoint . GroupID == endpointGroup . ID {
if endpoint . Type == portainer . KubernetesLocalEnvironment || endpoint . Type == portainer . AgentOnKubernetesEnvironment || endpoint . Type == portainer . EdgeAgentOnKubernetesEnvironment {
2023-05-16 17:47:31 +00:00
err = handler . AuthorizationService . CleanNAPWithOverridePolicies ( tx , & endpoint , endpointGroup )
2021-06-16 08:15:29 +00:00
if err != nil {
2023-09-04 23:03:43 +00:00
// Update flag with endpoint and continue
2023-09-22 04:06:20 +00:00
go func ( endpointID portainer . EndpointID , endpointGroupID portainer . EndpointGroupID ) {
err := handler . PendingActionsService . Create ( portainer . PendingActions {
EndpointID : endpointID ,
Action : "CleanNAPWithOverridePolicies" ,
ActionData : endpointGroupID ,
} )
if err != nil {
log . Error ( ) . Err ( err ) . Msgf ( "Unable to create pending action to clean NAP with override policies for endpoint (%d) and endpoint group (%d)." , endpointID , endpointGroupID )
}
} ( endpoint . ID , endpointGroup . ID )
2021-06-16 08:15:29 +00:00
}
}
}
}
2018-06-11 13:13:19 +00:00
}
2023-06-22 21:28:07 +00:00
err = tx . EndpointGroup ( ) . Update ( endpointGroup . ID , endpointGroup )
2018-06-11 13:13:19 +00:00
if err != nil {
2023-05-16 17:47:31 +00:00
return nil , httperror . InternalServerError ( "Unable to persist environment group changes inside the database" , err )
2018-06-11 13:13:19 +00:00
}
2020-05-14 02:14:28 +00:00
if tagsChanged {
2023-05-16 17:47:31 +00:00
endpoints , err := tx . Endpoint ( ) . Endpoints ( )
2020-05-14 02:14:28 +00:00
if err != nil {
2023-05-16 17:47:31 +00:00
return nil , httperror . InternalServerError ( "Unable to retrieve environments from the database" , err )
2020-05-14 02:14:28 +00:00
}
for _ , endpoint := range endpoints {
if endpoint . GroupID == endpointGroup . ID {
2023-05-16 17:47:31 +00:00
err = handler . updateEndpointRelations ( tx , & endpoint , endpointGroup )
2020-05-14 02:14:28 +00:00
if err != nil {
2023-05-16 17:47:31 +00:00
return nil , httperror . InternalServerError ( "Unable to persist environment relations changes inside the database" , err )
2020-05-14 02:14:28 +00:00
}
}
}
}
2023-05-16 17:47:31 +00:00
return endpointGroup , nil
2018-06-11 13:13:19 +00:00
}
