fix(kubernetes): kube env permissions when down [EE-5427] (#10327)

2025-08-02 20:35:25 +02:00 · 2023-09-19 08:57:27 +12:00 · 2023-09-19 08:57:27 +12:00 · 14853f6da0
commit 14853f6da0
parent cc37ccfe4d
18 changed files with 282 additions and 103 deletions
--- a/api/http/handler/endpointgroups/endpointgroup_update.go
+++ b/api/http/handler/endpointgroups/endpointgroup_update.go
@ -7,7 +7,6 @@ import (

 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
-	"github.com/portainer/portainer/api/http/utils"
 	"github.com/portainer/portainer/api/internal/tag"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/request"
@ -156,9 +155,12 @@ func (handler *Handler) updateEndpointGroup(tx dataservices.DataStoreTx, endpoin
 					err = handler.AuthorizationService.CleanNAPWithOverridePolicies(tx, &endpoint, endpointGroup)
 					if err != nil {
 						// Update flag with endpoint and continue
-						endpoint.PendingActions = utils.GetUpdatedEndpointPendingActions(&endpoint, "CleanNAPWithOverridePolicies", endpointGroup.ID)
-						err = tx.Endpoint().UpdateEndpoint(endpoint.ID, &endpoint)
-						log.Warn().Err(err).Msgf("Unable to update user authorizations for endpoint (%d) and endpopint group (%d)", endpoint.ID, endpointGroup.ID)
+						handler.PendingActionsService.Create(portainer.PendingActions{
+							EndpointID: endpoint.ID,
+							Action:     "CleanNAPWithOverridePolicies",
+							ActionData: endpointGroup.ID,
+						})
+						log.Warn().Err(err).Msgf("Unable to update user authorizations for endpoint (%d) and endpoint group (%d).", endpoint.ID, endpointGroup.ID)
 					}
 				}
 			}
--- a/api/http/handler/endpointgroups/handler.go
+++ b/api/http/handler/endpointgroups/handler.go
@ -6,6 +6,7 @@ import (
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/http/security"
 	"github.com/portainer/portainer/api/internal/authorization"
+	"github.com/portainer/portainer/api/pendingactions"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"

 	"github.com/gorilla/mux"
@ -14,8 +15,9 @@ import (
 // Handler is the HTTP handler used to handle environment(endpoint) group operations.
 type Handler struct {
 	*mux.Router
-	AuthorizationService *authorization.Service
-	DataStore            dataservices.DataStore
+	AuthorizationService  *authorization.Service
+	DataStore             dataservices.DataStore
+	PendingActionsService *pendingactions.PendingActionsService
 }

 // NewHandler creates a handler to manage environment(endpoint) group operations.