chore(release): bump version to 2.30.1 (#748)

api/datastore/test_data/output_24_to_latest.json

@@ -610,7 +610,7 @@
       "RequiredPasswordLength": 12
     },
     "KubeconfigExpiry": "0",
-    "KubectlShellImage": "portainer/kubectl-shell:2.30.0",
+    "KubectlShellImage": "portainer/kubectl-shell:2.30.1",
     "LDAPSettings": {
       "AnonymousMode": true,
       "AutoCreateUsers": true,
@@ -943,7 +943,7 @@
     }
   ],
   "version": {
-    "VERSION": "{\"SchemaVersion\":\"2.30.0\",\"MigratorCount\":0,\"Edition\":1,\"InstanceID\":\"463d5c47-0ea5-4aca-85b1-405ceefee254\"}"
+    "VERSION": "{\"SchemaVersion\":\"2.30.1\",\"MigratorCount\":0,\"Edition\":1,\"InstanceID\":\"463d5c47-0ea5-4aca-85b1-405ceefee254\"}"
   },
   "webhooks": null
 }

api/http/handler/handler.go

@@ -81,7 +81,7 @@ type Handler struct {
 }
 
 // @title PortainerCE API
-// @version 2.30.0
+// @version 2.30.1
 // @description.markdown api-description.md
 // @termsOfService
 

api/http/handler/motd/motd.go

@@ -7,7 +7,9 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/http/client"
 	"github.com/portainer/portainer/pkg/libcrypto"
+	libclient "github.com/portainer/portainer/pkg/libhttp/client"
 	"github.com/portainer/portainer/pkg/libhttp/response"
+	"github.com/rs/zerolog/log"
 
 	"github.com/segmentio/encoding/json"
 )
@@ -37,6 +39,12 @@ type motdData struct {
 // @success 200 {object} motdResponse
 // @router /motd [get]
 func (handler *Handler) motd(w http.ResponseWriter, r *http.Request) {
+	if err := libclient.ExternalRequestDisabled(portainer.MessageOfTheDayURL); err != nil {
+		log.Debug().Err(err).Msg("External request disabled: MOTD")
+		response.JSON(w, &motdResponse{Message: ""})
+		return
+	}
+
 	motd, err := client.Get(portainer.MessageOfTheDayURL, 0)
 	if err != nil {
 		response.JSON(w, &motdResponse{Message: ""})

api/http/handler/system/version.go

@@ -7,6 +7,7 @@ import (
 	"github.com/portainer/portainer/api/http/client"
 	"github.com/portainer/portainer/api/http/security"
 	"github.com/portainer/portainer/pkg/build"
+	libclient "github.com/portainer/portainer/pkg/libhttp/client"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
 	"github.com/portainer/portainer/pkg/libhttp/response"
 
@@ -69,10 +70,14 @@ func (handler *Handler) version(w http.ResponseWriter, r *http.Request) *httperr
 }
 
 func GetLatestVersion() string {
+	if err := libclient.ExternalRequestDisabled(portainer.VersionCheckURL); err != nil {
+		log.Debug().Err(err).Msg("External request disabled: Version check")
+		return ""
+	}
+
 	motd, err := client.Get(portainer.VersionCheckURL, 5)
 	if err != nil {
 		log.Debug().Err(err).Msg("couldn't fetch latest Portainer release version")
-
 		return ""
 	}
 

api/http/handler/templates/utils_fetch_templates.go

@@ -4,7 +4,9 @@ import (
 	"net/http"
 
 	portainer "github.com/portainer/portainer/api"
+	libclient "github.com/portainer/portainer/pkg/libhttp/client"
 	httperror "github.com/portainer/portainer/pkg/libhttp/error"
+	"github.com/rs/zerolog/log"
 	"github.com/segmentio/encoding/json"
 )
 
@@ -24,13 +26,20 @@ func (handler *Handler) fetchTemplates() (*listResponse, *httperror.HandlerError
 		templatesURL = portainer.DefaultTemplatesURL
 	}
 
+	var body *listResponse
+	if err := libclient.ExternalRequestDisabled(templatesURL); err != nil {
+		if templatesURL == portainer.DefaultTemplatesURL {
+			log.Debug().Err(err).Msg("External request disabled: Default templates")
+			return body, nil
+		}
+	}
+
 	resp, err := http.Get(templatesURL)
 	if err != nil {
 		return nil, httperror.InternalServerError("Unable to retrieve templates via the network", err)
 	}
 	defer resp.Body.Close()
 
-	var body *listResponse
 	err = json.NewDecoder(resp.Body).Decode(&body)
 	if err != nil {
 		return nil, httperror.InternalServerError("Unable to parse template file", err)

api/portainer.go

@@ -1638,7 +1638,7 @@ type (
 
 const (
 	// APIVersion is the version number of the Portainer API
-	APIVersion = "2.30.0"
+	APIVersion = "2.30.1"
 	// Support annotation for the API version ("STS" for Short-Term Support or "LTS" for Long-Term Support)
 	APIVersionSupport = "STS"
 	// Edition is what this edition of Portainer is called
@@ -1692,6 +1692,11 @@ const (
 	KubectlShellImageEnvVar = "KUBECTL_SHELL_IMAGE"
 	// PullLimitCheckDisabledEnvVar is the environment variable used to disable the pull limit check
 	PullLimitCheckDisabledEnvVar = "PULL_LIMIT_CHECK_DISABLED"
+	// LicenseServerBaseURL represents the base URL of the API used to validate
+	// an extension license.
+	LicenseServerBaseURL = "https://api.portainer.io"
+	// URL to validate licenses along with system metadata.
+	LicenseCheckInURL = LicenseServerBaseURL + "/licenses/checkin"
 )
 
 // List of supported features

package.json

@@ -2,7 +2,7 @@
   "author": "Portainer.io",
   "name": "portainer",
   "homepage": "http://portainer.io",
-  "version": "2.30.0",
+  "version": "2.30.1",
   "repository": {
     "type": "git",
     "url": "git@github.com:portainer/portainer.git"

pkg/libhttp/client/client.go

@@ -0,0 +1,22 @@
+package client
+
+import (
+	"errors"
+
+	"github.com/portainer/portainer/pkg/featureflags"
+)
+
+var (
+	ErrExternalRequestsBlocked = errors.New("external requests are blocked by feature flag")
+)
+
+// DisableExternalRequest is the feature flag name for blocking outbound requests
+const DisableExternalRequests = "disable-external-requests"
+
+func ExternalRequestDisabled(url string) error {
+	if featureflags.IsEnabled(DisableExternalRequests) {
+		return ErrExternalRequestsBlocked
+	}
+
+	return nil
+}