From 66119a8b5719189eb23518b7b89f8b0ecc1021f5 Mon Sep 17 00:00:00 2001
From: andres-portainer <91705312+andres-portainer@users.noreply.github.com>
Date: Tue, 23 Jul 2024 18:43:31 -0300
Subject: [PATCH] fix(snapshots): remove the attempt to snapshot untrusted
 environments EE-7407 (#12044)

---
 api/chisel/service_test.go        | 7 ++++---
 api/chisel/tunnel.go              | 2 +-
 api/internal/snapshot/snapshot.go | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/api/chisel/service_test.go b/api/chisel/service_test.go
index 2e4919073..918c7bf1e 100644
--- a/api/chisel/service_test.go
+++ b/api/chisel/service_test.go
@@ -15,9 +15,10 @@ import (
 
 func TestPingAgentPanic(t *testing.T) {
 	endpoint := &portainer.Endpoint{
-		ID:     1,
-		EdgeID: "test-edge-id",
-		Type:   portainer.EdgeAgentOnDockerEnvironment,
+		ID:          1,
+		EdgeID:      "test-edge-id",
+		Type:        portainer.EdgeAgentOnDockerEnvironment,
+		UserTrusted: true,
 	}
 
 	_, store := datastore.MustNewTestStore(t, true, true)
diff --git a/api/chisel/tunnel.go b/api/chisel/tunnel.go
index c8374a3e3..5533978a8 100644
--- a/api/chisel/tunnel.go
+++ b/api/chisel/tunnel.go
@@ -40,7 +40,7 @@ func (s *Service) Open(endpoint *portainer.Endpoint) error {
 		return ErrAsyncEnv
 	}
 
-	if endpoint.ID == 0 || endpoint.EdgeID == "" {
+	if endpoint.ID == 0 || endpoint.EdgeID == "" || !endpoint.UserTrusted {
 		return ErrInvalidEnv
 	}
 
diff --git a/api/internal/snapshot/snapshot.go b/api/internal/snapshot/snapshot.go
index beb54cc8f..1d648d199 100644
--- a/api/internal/snapshot/snapshot.go
+++ b/api/internal/snapshot/snapshot.go
@@ -64,7 +64,7 @@ func NewBackgroundSnapshotter(dataStore dataservices.DataStore, tunnelService po
 		}
 
 		for _, e := range endpoints {
-			if !endpointutils.IsEdgeEndpoint(&e) || e.Edge.AsyncMode {
+			if !endpointutils.IsEdgeEndpoint(&e) || e.Edge.AsyncMode || !e.UserTrusted {
 				continue
 			}