From 75f020f53c8b289da9d9693a602b2d0672c4a4c2 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Thu, 19 Jan 2023 14:54:18 -0500
Subject: [PATCH] Have apiarmed continuous be properly respected for shared
 secret

Remote media was erroneously being invalidated, despite user opting
out of the strict security.
---
 confluent_server/confluent/credserver.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/confluent_server/confluent/credserver.py b/confluent_server/confluent/credserver.py
index 56bda2c4..c569bc4d 100644
--- a/confluent_server/confluent/credserver.py
+++ b/confluent_server/confluent/credserver.py
@@ -79,14 +79,14 @@ class CredServer(object):
                 hmackey = hmackey.get(nodename, {}).get('secret.selfapiarmtoken', {}).get('value', None)
             elif tlv[1]:
                 client.recv(tlv[1])
+            apimats = self.cfm.get_node_attributes(nodename,
+                    ['deployment.apiarmed', 'deployment.sealedapikey'])
+            apiarmed = apimats.get(nodename, {}).get('deployment.apiarmed', {}).get(
+                    'value', None)
             if not hmackey:
                 if not address_is_somewhat_trusted(peer[0], nodename, self.cfm):
                     client.close()
                     return
-                apimats = self.cfm.get_node_attributes(nodename,
-                    ['deployment.apiarmed', 'deployment.sealedapikey'])
-                apiarmed = apimats.get(nodename, {}).get('deployment.apiarmed', {}).get(
-                    'value', None)
                 if not apiarmed:
                     if apimats.get(nodename, {}).get(
                         'deployment.sealedapikey', {}).get('value', None):