diff options
| author | Daniil Baturin <daniil@vyos.io> | 2023-11-29 15:04:27 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-29 15:04:27 +0000 |
| commit | a29aba5d92ad210b95226acfe756794d59068fc3 (patch) | |
| tree | ca43c2b951f76823bc071b368a50ea1bdcb97b72 | |
| parent | a54fe17d7e2bc3ab5834e439d90effc247306fc2 (diff) | |
| parent | e7efd65483e7f6e1902a9ab88f8453d5fbb63c09 (diff) | |
| download | vyos-1x-a29aba5d92ad210b95226acfe756794d59068fc3.tar.gz vyos-1x-a29aba5d92ad210b95226acfe756794d59068fc3.zip | |
Merge pull request #2538 from c-po/crux-pr-2522-fixup
https api: T5772: fix Python version not supporting f-ormated strings and dict parsing
| -rw-r--r-- | python/vyos/defaults.py | 2 | ||||
| -rwxr-xr-x | src/conf_mode/https.py | 43 |
2 files changed, 24 insertions, 21 deletions
diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py index f51e4ddda..d7a4690ee 100644 --- a/python/vyos/defaults.py +++ b/python/vyos/defaults.py @@ -37,7 +37,7 @@ api_data = { 'port' : '8080', 'strict' : 'false', 'debug' : 'false', - 'api_keys' : [ {"id": "testapp", "key": "qwerty"} ] + 'api_keys' : [], } vyos_cert_data = { diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index 349cec888..af0e85af5 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -136,6 +136,14 @@ def get_config(): if conf.exists('api port'): port = conf.return_value('api port') api_data['port'] = port + if conf.exists('api keys id'): + for id in conf.list_nodes('api keys id'): + tmp = {"id": id} + if conf.exists('api keys id ' + id + ' key'): + key = conf.return_value('api keys id ' + id + ' key') + tmp.update({'key':key}) + api_data['api_keys'].append(tmp) + if api_data: for block in server_block_list: block['api'] = api_data @@ -144,28 +152,23 @@ def get_config(): return https def verify(https): + if https is None: + return None + # Verify API server settings, if present - if 'api' in https: - keys = dict_search('api.keys.id', https) - gql_auth_type = dict_search('api.graphql.authentication.type', https) - - # If "api graphql" is not defined and `gql_auth_type` is None, - # there's certainly no JWT auth option, and keys are required - jwt_auth = (gql_auth_type == "token") - - # Check for incomplete key configurations in every case - valid_keys_exist = False - if keys: - for k in keys: - if 'key' not in keys[k]: - raise ConfigError(f'Missing HTTPS API key string for key id "{k}"') + if 'server_block_list' in https: + for server in https['server_block_list']: + if 'api' in server: + keys = dict_search('api.api_keys', server) + + # Check for incomplete key configurations in every case + valid_keys_exist = False + if keys: + for k in keys: + if 'key' not in k: + raise ConfigError('Missing HTTPS API key string for key id: ' + k['id']) else: - valid_keys_exist = True - - # If only key-based methods are enabled, - # fail the commit if no valid key configurations are found - if (not valid_keys_exist) and (not jwt_auth): - raise ConfigError('At least one HTTPS API key is required unless GraphQL token authentication is enabled') + raise ConfigError('At least one HTTPS API key is required!') return None |