feat(home): filter by connection type and agent version [EE-3373] (#7085)

2025-07-24 15:59:41 +02:00 · 2022-08-11 07:32:12 +03:00 · 2022-08-11 07:32:12 +03:00 · 5ee570e075
commit 5ee570e075
parent 9666c21b8a
31 changed files with 828 additions and 323 deletions
--- a/api/http/handler/endpointedge/endpoint_edgestatus_inspect.go
+++ b/api/http/handler/endpointedge/endpoint_edgestatus_inspect.go
@ -85,6 +85,9 @@ func (handler *Handler) endpointEdgeStatusInspect(w http.ResponseWriter, r *http
 		endpoint.Type = agentPlatform
 	}

+	version := r.Header.Get(portainer.PortainerAgentHeader)
+	endpoint.Agent.Version = version
+
 	endpoint.LastCheckInDate = time.Now().Unix()

 	err = handler.DataStore.Endpoint().UpdateEndpoint(endpoint.ID, endpoint)
--- a/api/http/handler/endpoints/endpoint_agent_versions.go
+++ b/api/http/handler/endpoints/endpoint_agent_versions.go
@ -0,0 +1,50 @@
+package endpoints
+
+import (
+	"net/http"
+
+	httperror "github.com/portainer/libhttp/error"
+	"github.com/portainer/libhttp/response"
+	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/set"
+)
+
+// @id AgentVersions
+// @summary List agent versions
+// @description List all agent versions based on the current user authorizations and query parameters.
+// @description **Access policy**: restricted
+// @tags endpoints
+// @security ApiKeyAuth
+// @security jwt
+// @produce json
+// @success 200 {array} string "List of available agent versions"
+// @failure 500 "Server error"
+// @router /endpoints/agent_versions [get]
+
+func (handler *Handler) agentVersions(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
+	endpointGroups, err := handler.DataStore.EndpointGroup().EndpointGroups()
+	if err != nil {
+		return httperror.InternalServerError("Unable to retrieve environment groups from the database", err)
+	}
+
+	endpoints, err := handler.DataStore.Endpoint().Endpoints()
+	if err != nil {
+		return httperror.InternalServerError("Unable to retrieve environments from the database", err)
+	}
+
+	securityContext, err := security.RetrieveRestrictedRequestContext(r)
+	if err != nil {
+		return httperror.InternalServerError("Unable to retrieve info from request context", err)
+	}
+
+	filteredEndpoints := security.FilterEndpoints(endpoints, endpointGroups, securityContext)
+
+	agentVersions := set.Set[string]{}
+	for _, endpoint := range filteredEndpoints {
+		if endpoint.Agent.Version != "" {
+			agentVersions[endpoint.Agent.Version] = true
+		}
+	}
+
+	return response.JSON(w, agentVersions.Keys())
+}
--- a/api/http/handler/endpoints/endpoint_create.go
+++ b/api/http/handler/endpoints/endpoint_create.go
@ -1,20 +1,19 @@
 package endpoints

 import (
+	"crypto/tls"
 	"errors"
-	"fmt"
 	"net/http"
-	"net/url"
 	"runtime"
 	"strconv"
 	"strings"
-	"time"

 	"github.com/gofrs/uuid"
 	httperror "github.com/portainer/libhttp/error"
 	"github.com/portainer/libhttp/request"
 	"github.com/portainer/libhttp/response"
 	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/agent"
 	"github.com/portainer/portainer/api/crypto"
 	"github.com/portainer/portainer/api/http/client"
 	"github.com/portainer/portainer/api/internal/edge"
@ -245,6 +244,7 @@ func (handler *Handler) endpointCreate(w http.ResponseWriter, r *http.Request) *
 }

 func (handler *Handler) createEndpoint(payload *endpointCreatePayload) (*portainer.Endpoint, *httperror.HandlerError) {
+	var err error
 	switch payload.EndpointCreationType {
 	case azureEnvironment:
 		return handler.createAzureEndpoint(payload)
@ -257,15 +257,25 @@ func (handler *Handler) createEndpoint(payload *endpointCreatePayload) (*portain
 	}

 	endpointType := portainer.DockerEnvironment
+	var agentVersion string
 	if payload.EndpointCreationType == agentEnvironment {

 		payload.URL = "tcp://" + normalizeAgentAddress(payload.URL)

-		agentPlatform, err := handler.pingAndCheckPlatform(payload)
+		var tlsConfig *tls.Config
+		if payload.TLS {
+			tlsConfig, err = crypto.CreateTLSConfigurationFromBytes(payload.TLSCACertFile, payload.TLSCertFile, payload.TLSKeyFile, payload.TLSSkipVerify, payload.TLSSkipClientVerify)
+			if err != nil {
+				return nil, httperror.InternalServerError("Unable to create TLS configuration", err)
+			}
+		}
+
+		agentPlatform, version, err := agent.GetAgentVersionAndPlatform(payload.URL, tlsConfig)
 		if err != nil {
 			return nil, &httperror.HandlerError{http.StatusInternalServerError, "Unable to get environment type", err}
 		}

+		agentVersion = version
 		if agentPlatform == portainer.AgentPlatformDocker {
 			endpointType = portainer.AgentOnDockerEnvironment
 		} else if agentPlatform == portainer.AgentPlatformKubernetes {
@ -275,7 +285,7 @@ func (handler *Handler) createEndpoint(payload *endpointCreatePayload) (*portain
 	}

 	if payload.TLS {
-		return handler.createTLSSecuredEndpoint(payload, endpointType)
+		return handler.createTLSSecuredEndpoint(payload, endpointType, agentVersion)
 	}
 	return handler.createUnsecuredEndpoint(payload)
 }
@ -447,7 +457,7 @@ func (handler *Handler) createKubernetesEndpoint(payload *endpointCreatePayload)
 	return endpoint, nil
 }

-func (handler *Handler) createTLSSecuredEndpoint(payload *endpointCreatePayload, endpointType portainer.EndpointType) (*portainer.Endpoint, *httperror.HandlerError) {
+func (handler *Handler) createTLSSecuredEndpoint(payload *endpointCreatePayload, endpointType portainer.EndpointType, agentVersion string) (*portainer.Endpoint, *httperror.HandlerError) {
 	endpointID := handler.DataStore.Endpoint().GetNextIdentifier()
 	endpoint := &portainer.Endpoint{
 		ID:        portainer.EndpointID(endpointID),
@ -470,6 +480,8 @@ func (handler *Handler) createTLSSecuredEndpoint(payload *endpointCreatePayload,
 		IsEdgeDevice:       payload.IsEdgeDevice,
 	}

+	endpoint.Agent.Version = agentVersion
+
 	err := handler.storeTLSFiles(endpoint, payload)
 	if err != nil {
 		return nil, err
@ -563,58 +575,3 @@ func (handler *Handler) storeTLSFiles(endpoint *portainer.Endpoint, payload *end

 	return nil
 }
-
-func (handler *Handler) pingAndCheckPlatform(payload *endpointCreatePayload) (portainer.AgentPlatform, error) {
-	httpCli := &http.Client{
-		Timeout: 3 * time.Second,
-	}
-
-	if payload.TLS {
-		tlsConfig, err := crypto.CreateTLSConfigurationFromBytes(payload.TLSCACertFile, payload.TLSCertFile, payload.TLSKeyFile, payload.TLSSkipVerify, payload.TLSSkipClientVerify)
-		if err != nil {
-			return 0, err
-		}
-
-		httpCli.Transport = &http.Transport{
-			TLSClientConfig: tlsConfig,
-		}
-	}
-
-	url, err := url.Parse(fmt.Sprintf("%s/ping", payload.URL))
-	if err != nil {
-		return 0, err
-	}
-
-	url.Scheme = "https"
-
-	req, err := http.NewRequest(http.MethodGet, url.String(), nil)
-	if err != nil {
-		return 0, err
-	}
-
-	resp, err := httpCli.Do(req)
-	if err != nil {
-		return 0, err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusNoContent {
-		return 0, fmt.Errorf("Failed request with status %d", resp.StatusCode)
-	}
-
-	agentPlatformHeader := resp.Header.Get(portainer.HTTPResponseAgentPlatform)
-	if agentPlatformHeader == "" {
-		return 0, errors.New("Agent Platform Header is missing")
-	}
-
-	agentPlatformNumber, err := strconv.Atoi(agentPlatformHeader)
-	if err != nil {
-		return 0, err
-	}
-
-	if agentPlatformNumber == 0 {
-		return 0, errors.New("Agent platform is invalid")
-	}
-
-	return portainer.AgentPlatform(agentPlatformNumber), nil
-}
--- a/api/http/handler/endpoints/endpoint_list.go
+++ b/api/http/handler/endpoints/endpoint_list.go
@ -41,6 +41,7 @@ const (
 // @param tagsPartialMatch query bool false "If true, will return environment(endpoint) which has one of tagIds, if false (or missing) will return only environments(endpoints) that has all the tags"
 // @param endpointIds query []int false "will return only these environments(endpoints)"
 // @param provisioned query bool false "If true, will return environment(endpoint) that were provisioned"
+// @param agentVersions query []string false "will return only environments with on of these agent versions"
 // @param edgeDevice query bool false "if exists true show only edge devices, false show only regular edge endpoints. if missing, will show both types (relevant only for edge endpoints)"
 // @param edgeDeviceUntrusted query bool false "if true, show only untrusted endpoints, if false show only trusted (relevant only for edge devices, and if edgeDevice is true)"
 // @param name query string false "will return only environments(endpoints) with this name"
--- a/api/http/handler/endpoints/endpoint_list_test.go
+++ b/api/http/handler/endpoints/endpoint_list_test.go
@ -21,6 +21,89 @@ type endpointListTest struct {
 	expected []portainer.EndpointID
 }

+func Test_EndpointList_AgentVersion(t *testing.T) {
+
+	version1Endpoint := portainer.Endpoint{
+		ID:      1,
+		GroupID: 1,
+		Type:    portainer.AgentOnDockerEnvironment,
+		Agent: struct {
+			Version string "example:\"1.0.0\""
+		}{
+			Version: "1.0.0",
+		},
+	}
+	version2Endpoint := portainer.Endpoint{ID: 2, GroupID: 1, Type: portainer.AgentOnDockerEnvironment, Agent: struct {
+		Version string "example:\"1.0.0\""
+	}{Version: "2.0.0"}}
+	noVersionEndpoint := portainer.Endpoint{ID: 3, Type: portainer.AgentOnDockerEnvironment, GroupID: 1}
+	notAgentEnvironments := portainer.Endpoint{ID: 4, Type: portainer.DockerEnvironment, GroupID: 1}
+
+	handler, teardown := setup(t, []portainer.Endpoint{
+		notAgentEnvironments,
+		version1Endpoint,
+		version2Endpoint,
+		noVersionEndpoint,
+	})
+
+	defer teardown()
+
+	type endpointListAgentVersionTest struct {
+		endpointListTest
+		filter []string
+	}
+
+	tests := []endpointListAgentVersionTest{
+		{
+			endpointListTest{
+				"should show version 1 agent endpoints and non-agent endpoints",
+				[]portainer.EndpointID{version1Endpoint.ID, notAgentEnvironments.ID},
+			},
+			[]string{version1Endpoint.Agent.Version},
+		},
+		{
+			endpointListTest{
+				"should show version 2 endpoints and non-agent endpoints",
+				[]portainer.EndpointID{version2Endpoint.ID, notAgentEnvironments.ID},
+			},
+			[]string{version2Endpoint.Agent.Version},
+		},
+		{
+			endpointListTest{
+				"should show version 1 and 2 endpoints and non-agent endpoints",
+				[]portainer.EndpointID{version2Endpoint.ID, notAgentEnvironments.ID, version1Endpoint.ID},
+			},
+			[]string{version2Endpoint.Agent.Version, version1Endpoint.Agent.Version},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.title, func(t *testing.T) {
+			is := assert.New(t)
+			query := ""
+			for _, filter := range test.filter {
+				query += fmt.Sprintf("agentVersions[]=%s&", filter)
+			}
+
+			req := buildEndpointListRequest(query)
+
+			resp, err := doEndpointListRequest(req, handler, is)
+			is.NoError(err)
+
+			is.Equal(len(test.expected), len(resp))
+
+			respIds := []portainer.EndpointID{}
+
+			for _, endpoint := range resp {
+				respIds = append(respIds, endpoint.ID)
+			}
+
+			is.ElementsMatch(test.expected, respIds)
+		})
+	}
+
+}
+
 func Test_endpointList_edgeDeviceFilter(t *testing.T) {

 	trustedEdgeDevice := portainer.Endpoint{ID: 1, UserTrusted: true, IsEdgeDevice: true, GroupID: 1, Type: portainer.EdgeAgentOnDockerEnvironment}
@ -48,7 +131,7 @@ func Test_endpointList_edgeDeviceFilter(t *testing.T) {
 	tests := []endpointListEdgeDeviceTest{
 		{
 			endpointListTest: endpointListTest{
-				"should show all endpoints expect of the untrusted devices",
+				"should show all endpoints except of the untrusted devices",
 				[]portainer.EndpointID{trustedEdgeDevice.ID, regularUntrustedEdgeEndpoint.ID, regularTrustedEdgeEndpoint.ID, regularEndpoint.ID},
 			},
 			edgeDevice: nil,
--- a/api/http/handler/endpoints/endpoint_snapshot.go
+++ b/api/http/handler/endpoints/endpoint_snapshot.go
@ -55,6 +55,7 @@ func (handler *Handler) endpointSnapshot(w http.ResponseWriter, r *http.Request)

 	latestEndpointReference.Snapshots = endpoint.Snapshots
 	latestEndpointReference.Kubernetes.Snapshots = endpoint.Kubernetes.Snapshots
+	latestEndpointReference.Agent.Version = endpoint.Agent.Version

 	err = handler.DataStore.Endpoint().UpdateEndpoint(latestEndpointReference.ID, latestEndpointReference)
 	if err != nil {
--- a/api/http/handler/endpoints/endpoint_snapshots.go
+++ b/api/http/handler/endpoints/endpoint_snapshots.go
@ -47,6 +47,7 @@ func (handler *Handler) endpointSnapshots(w http.ResponseWriter, r *http.Request

 		latestEndpointReference.Snapshots = endpoint.Snapshots
 		latestEndpointReference.Kubernetes.Snapshots = endpoint.Kubernetes.Snapshots
+		latestEndpointReference.Agent.Version = endpoint.Agent.Version

 		err = handler.DataStore.Endpoint().UpdateEndpoint(latestEndpointReference.ID, latestEndpointReference)
 		if err != nil {
--- a/api/http/handler/endpoints/filter.go
+++ b/api/http/handler/endpoints/filter.go
@ -25,6 +25,7 @@ type EnvironmentsQuery struct {
 	edgeDevice          *bool
 	edgeDeviceUntrusted bool
 	name                string
+	agentVersions       []string
 }

 func parseQuery(r *http.Request) (EnvironmentsQuery, error) {
@ -60,6 +61,8 @@ func parseQuery(r *http.Request) (EnvironmentsQuery, error) {
 		return EnvironmentsQuery{}, err
 	}

+	agentVersions := getArrayQueryParameter(r, "agentVersions")
+
 	name, _ := request.RetrieveQueryParameter(r, "name", true)

 	edgeDeviceParam, _ := request.RetrieveQueryParameter(r, "edgeDevice", true)
@ -82,6 +85,7 @@ func parseQuery(r *http.Request) (EnvironmentsQuery, error) {
 		edgeDevice:          edgeDevice,
 		edgeDeviceUntrusted: edgeDeviceUntrusted,
 		name:                name,
+		agentVersions:       agentVersions,
 	}, nil
 }

@ -135,6 +139,12 @@ func (handler *Handler) filterEndpointsByQuery(filteredEndpoints []portainer.End
 		filteredEndpoints = filteredEndpointsByTags(filteredEndpoints, query.tagIds, groups, query.tagsPartialMatch)
 	}

+	if len(query.agentVersions) > 0 {
+		filteredEndpoints = filter(filteredEndpoints, func(endpoint portainer.Endpoint) bool {
+			return !endpointutils.IsAgentEndpoint(&endpoint) || contains(query.agentVersions, endpoint.Agent.Version)
+		})
+	}
+
 	return filteredEndpoints, totalAvailableEndpoints, nil
 }

@ -413,3 +423,13 @@ func getNumberArrayQueryParameter[T ~int](r *http.Request, parameter string) ([]

 	return result, nil
 }
+
+func contains(strings []string, param string) bool {
+	for _, str := range strings {
+		if str == param {
+			return true
+		}
+	}
+
+	return false
+}
--- a/api/http/handler/endpoints/filter_test.go
+++ b/api/http/handler/endpoints/filter_test.go
@ -16,6 +16,64 @@ type filterTest struct {
 	query    EnvironmentsQuery
 }

+func Test_Filter_AgentVersion(t *testing.T) {
+
+	version1Endpoint := portainer.Endpoint{ID: 1, GroupID: 1,
+		Type: portainer.AgentOnDockerEnvironment,
+		Agent: struct {
+			Version string "example:\"1.0.0\""
+		}{Version: "1.0.0"}}
+	version2Endpoint := portainer.Endpoint{ID: 2, GroupID: 1,
+		Type: portainer.AgentOnDockerEnvironment,
+		Agent: struct {
+			Version string "example:\"1.0.0\""
+		}{Version: "2.0.0"}}
+	noVersionEndpoint := portainer.Endpoint{ID: 3, GroupID: 1,
+		Type: portainer.AgentOnDockerEnvironment,
+	}
+	notAgentEnvironments := portainer.Endpoint{ID: 4, Type: portainer.DockerEnvironment, GroupID: 1}
+
+	endpoints := []portainer.Endpoint{
+		version1Endpoint,
+		version2Endpoint,
+		noVersionEndpoint,
+		notAgentEnvironments,
+	}
+
+	handler, teardown := setupFilterTest(t, endpoints)
+
+	defer teardown()
+
+	tests := []filterTest{
+		{
+			"should show version 1 endpoints",
+			[]portainer.EndpointID{version1Endpoint.ID},
+			EnvironmentsQuery{
+				agentVersions: []string{version1Endpoint.Agent.Version},
+				types:         []portainer.EndpointType{portainer.AgentOnDockerEnvironment},
+			},
+		},
+		{
+			"should show version 2 endpoints",
+			[]portainer.EndpointID{version2Endpoint.ID},
+			EnvironmentsQuery{
+				agentVersions: []string{version2Endpoint.Agent.Version},
+				types:         []portainer.EndpointType{portainer.AgentOnDockerEnvironment},
+			},
+		},
+		{
+			"should show version 1 and 2 endpoints",
+			[]portainer.EndpointID{version2Endpoint.ID, version1Endpoint.ID},
+			EnvironmentsQuery{
+				agentVersions: []string{version2Endpoint.Agent.Version, version1Endpoint.Agent.Version},
+				types:         []portainer.EndpointType{portainer.AgentOnDockerEnvironment},
+			},
+		},
+	}
+
+	runTests(tests, t, handler, endpoints)
+}
+
 func Test_Filter_edgeDeviceFilter(t *testing.T) {

 	trustedEdgeDevice := portainer.Endpoint{ID: 1, UserTrusted: true, IsEdgeDevice: true, GroupID: 1, Type: portainer.EdgeAgentOnDockerEnvironment}
--- a/api/http/handler/endpoints/handler.go
+++ b/api/http/handler/endpoints/handler.go
@ -67,6 +67,9 @@ func NewHandler(bouncer requestBouncer, demoService *demo.Service) *Handler {
 		bouncer.AdminAccess(httperror.LoggerHandler(h.endpointSnapshots))).Methods(http.MethodPost)
 	h.Handle("/endpoints",
 		bouncer.RestrictedAccess(httperror.LoggerHandler(h.endpointList))).Methods(http.MethodGet)
+	h.Handle("/endpoints/agent_versions",
+		bouncer.RestrictedAccess(httperror.LoggerHandler(h.agentVersions))).Methods(http.MethodGet)
+
 	h.Handle("/endpoints/{id}",
 		bouncer.RestrictedAccess(httperror.LoggerHandler(h.endpointInspect))).Methods(http.MethodGet)
 	h.Handle("/endpoints/{id}",