github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(polling): reorder operations to avoid updating untrusted environments EE-5700 (#9155)

pull/9157/head
andres-portainer 2023-07-05 17:26:52 -03:00 committed by GitHub
parent e4ae4d5312
commit 91088a5e0f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
api/http/handler/endpointedge/endpoint_edgestatus_inspect.go
View File

@ -83,13 +83,13 @@ func (handler *Handler) endpointEdgeStatusInspect(w http.ResponseWriter, r *http
} }
if _, ok := handler.DataStore.Endpoint().Heartbeat(portainer.EndpointID(endpointID)); !ok { if _, ok := handler.DataStore.Endpoint().Heartbeat(portainer.EndpointID(endpointID)); !ok {
// EE-5910 // EE-5190
return httperror.Forbidden("Permission denied to access environment", errors.New("the device has not been trusted yet")) return httperror.Forbidden("Permission denied to access environment", errors.New("the device has not been trusted yet"))
} }
endpoint, err := handler.DataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID)) endpoint, err := handler.DataStore.Endpoint().Endpoint(portainer.EndpointID(endpointID))
if err != nil { if err != nil {
// EE-5910 // EE-5190
return httperror.Forbidden("Permission denied to access environment", errors.New("the device has not been trusted yet")) return httperror.Forbidden("Permission denied to access environment", errors.New("the device has not been trusted yet"))
} }
@ -126,6 +126,11 @@ func (handler *Handler) inspectStatus(tx dataservices.DataStoreTx, r *http.Reque
return nil, err return nil, err
} }
err = handler.requestBouncer.TrustedEdgeEnvironmentAccess(tx, endpoint)
if err != nil {
return nil, httperror.Forbidden("Permission denied to access environment", err)
}
if endpoint.EdgeID == "" { if endpoint.EdgeID == "" {
edgeIdentifier := r.Header.Get(portainer.PortainerAgentEdgeIDHeader) edgeIdentifier := r.Header.Get(portainer.PortainerAgentEdgeIDHeader)
endpoint.EdgeID = edgeIdentifier endpoint.EdgeID = edgeIdentifier
@ -144,12 +149,7 @@ func (handler *Handler) inspectStatus(tx dataservices.DataStoreTx, r *http.Reque
err = tx.Endpoint().UpdateEndpoint(endpoint.ID, endpoint) err = tx.Endpoint().UpdateEndpoint(endpoint.ID, endpoint)
if err != nil { if err != nil {
return nil, httperror.InternalServerError("Unable to Unable to persist environment changes inside the database", err) return nil, httperror.InternalServerError("Unable to persist environment changes inside the database", err)
}
err = handler.requestBouncer.TrustedEdgeEnvironmentAccess(tx, endpoint)
if err != nil {
return nil, httperror.Forbidden("Permission denied to access environment", err)
} }
checkinInterval := endpoint.EdgeCheckinInterval checkinInterval := endpoint.EdgeCheckinInterval
@ -237,6 +237,7 @@ func (handler *Handler) buildSchedules(endpointID portainer.EndpointID, tunnel p
schedules = append(schedules, schedule) schedules = append(schedules, schedule)
} }
return schedules, nil return schedules, nil
} }