diff --git a/api/.golangci.yaml b/api/.golangci.yaml index 5b885de19..71f4fef05 100644 --- a/api/.golangci.yaml +++ b/api/.golangci.yaml @@ -8,6 +8,8 @@ linters: - govet - errorlint - exportloopref + - ineffassign + linters-settings: depguard: rules: diff --git a/api/cmd/portainer/main.go b/api/cmd/portainer/main.go index 1b865581d..0d1dc7b0c 100644 --- a/api/cmd/portainer/main.go +++ b/api/cmd/portainer/main.go @@ -455,6 +455,9 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server { dockerClientFactory := initDockerClientFactory(digitalSignatureService, reverseTunnelService) kubernetesClientFactory, err := initKubernetesClientFactory(digitalSignatureService, reverseTunnelService, dataStore, instanceID, *flags.AddrHTTPS, settings.UserSessionTimeout) + if err != nil { + log.Fatal().Err(err).Msg("failed initializing kubernetes client factory") + } authorizationService := authorization.NewService(dataStore) authorizationService.K8sClientFactory = kubernetesClientFactory diff --git a/api/datastore/migrator/migrate_dbversion20.go b/api/datastore/migrator/migrate_dbversion20.go index 1f02b8885..56b1d87c8 100644 --- a/api/datastore/migrator/migrate_dbversion20.go +++ b/api/datastore/migrator/migrate_dbversion20.go @@ -1,6 +1,8 @@ package migrator import ( + "fmt" + portainer "github.com/portainer/portainer/api" "github.com/portainer/portainer/api/internal/authorization" @@ -56,6 +58,9 @@ func (m *Migrator) updateUsersAndRolesToDBVersion22() error { endpointAdministratorRole.Authorizations = authorization.DefaultEndpointAuthorizationsForEndpointAdministratorRole() err = m.roleService.Update(endpointAdministratorRole.ID, endpointAdministratorRole) + if err != nil { + return fmt.Errorf("failed to update Administrator role: %w", err) + } helpDeskRole, err := m.roleService.Read(portainer.RoleID(2)) if err != nil { @@ -65,6 +70,9 @@ func (m *Migrator) updateUsersAndRolesToDBVersion22() error { helpDeskRole.Authorizations = authorization.DefaultEndpointAuthorizationsForHelpDeskRole(settings.AllowVolumeBrowserForRegularUsers) err = m.roleService.Update(helpDeskRole.ID, helpDeskRole) + if err != nil { + return fmt.Errorf("failed to update Help Desk role: %w", err) + } standardUserRole, err := m.roleService.Read(portainer.RoleID(3)) if err != nil { @@ -74,6 +82,9 @@ func (m *Migrator) updateUsersAndRolesToDBVersion22() error { standardUserRole.Authorizations = authorization.DefaultEndpointAuthorizationsForStandardUserRole(settings.AllowVolumeBrowserForRegularUsers) err = m.roleService.Update(standardUserRole.ID, standardUserRole) + if err != nil { + return fmt.Errorf("failed to update Standard User Role role: %w", err) + } readOnlyUserRole, err := m.roleService.Read(portainer.RoleID(4)) if err != nil { @@ -84,7 +95,7 @@ func (m *Migrator) updateUsersAndRolesToDBVersion22() error { err = m.roleService.Update(readOnlyUserRole.ID, readOnlyUserRole) if err != nil { - return err + return fmt.Errorf("failed to update Readonly User Role role: %w", err) } return m.authorizationService.UpdateUsersAuthorizations() diff --git a/api/http/security/bouncer_test.go b/api/http/security/bouncer_test.go index 20220e588..126a6c6f8 100644 --- a/api/http/security/bouncer_test.go +++ b/api/http/security/bouncer_test.go @@ -344,6 +344,7 @@ func Test_apiKeyLookup(t *testing.T) { req.Header.Add("x-api-key", rawAPIKey) token, err := bouncer.apiKeyLookup(req) + is.NoError(err) expectedToken := &portainer.TokenData{ID: user.ID, Username: user.Username, Role: portainer.StandardUserRole} is.Equal(expectedToken, token) @@ -358,6 +359,7 @@ func Test_apiKeyLookup(t *testing.T) { req.Header.Add("x-api-key", rawAPIKey) token, err := bouncer.apiKeyLookup(req) + is.NoError(err) expectedToken := &portainer.TokenData{ID: user.ID, Username: user.Username, Role: portainer.StandardUserRole} is.Equal(expectedToken, token) @@ -372,6 +374,7 @@ func Test_apiKeyLookup(t *testing.T) { req.Header.Add("x-api-key", rawAPIKey) token, err := bouncer.apiKeyLookup(req) + is.NoError(err) expectedToken := &portainer.TokenData{ID: user.ID, Username: user.Username, Role: portainer.StandardUserRole} is.Equal(expectedToken, token) diff --git a/api/kubernetes/cli/client.go b/api/kubernetes/cli/client.go index cf6993097..a578dad81 100644 --- a/api/kubernetes/cli/client.go +++ b/api/kubernetes/cli/client.go @@ -242,6 +242,10 @@ func (factory *ClientFactory) buildEdgeConfig(endpoint *portainer.Endpoint) (*re } signature, err := factory.signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage) + if err != nil { + return nil, err + } + config.Insecure = true config.QPS = DefaultKubeClientQPS config.Burst = DefaultKubeClientBurst