diff options
| author | Daniil Baturin <daniil@vyos.io> | 2023-12-04 18:09:51 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-04 18:09:51 +0000 |
| commit | 5d42ac22b2dd152327ed7c12d13faf01268dd363 (patch) | |
| tree | 9a30ee97a97a700a406916296e35f9c35bba6cb9 /src/conf_mode/https.py | |
| parent | d8fe1088d647fc821e523686c78927ad017d3c4a (diff) | |
| parent | 7c6de792279350c980160096887524836b44be47 (diff) | |
| download | vyos-1x-5d42ac22b2dd152327ed7c12d13faf01268dd363.tar.gz vyos-1x-5d42ac22b2dd152327ed7c12d13faf01268dd363.zip | |
Merge pull request #2570 from dmbaturin/https-api-keys-fix1.3.5
https: T5772: Move API key check to http-api.py
Diffstat (limited to 'src/conf_mode/https.py')
| -rwxr-xr-x | src/conf_mode/https.py | 27 |
1 files changed, 1 insertions, 26 deletions
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index f02e32cd1..1e58bb1e4 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2023 VyOS maintainers and contributors +# Copyright (C) 2019-2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -25,7 +25,6 @@ from vyos.config import Config from vyos.configverify import verify_vrf from vyos import ConfigError from vyos.util import call -from vyos.util import dict_search from vyos.template import render from vyos import airbag @@ -161,30 +160,6 @@ def verify(https): "matching the 'certbot domain-name' is required.") verify_vrf(https) - - # Verify API server settings, if present - if 'api' in https: - keys = dict_search('api.keys.id', https) - gql_auth_type = dict_search('api.graphql.authentication.type', https) - - # If "api graphql" is not defined and `gql_auth_type` is None, - # there's certainly no JWT auth option, and keys are required - jwt_auth = (gql_auth_type == "token") - - # Check for incomplete key configurations in every case - valid_keys_exist = False - if keys: - for k in keys: - if 'key' not in keys[k]: - raise ConfigError(f'Missing HTTPS API key string for key id "{k}"') - else: - valid_keys_exist = True - - # If only key-based methods are enabled, - # fail the commit if no valid key configurations are found - if (not valid_keys_exist) and (not jwt_auth): - raise ConfigError('At least one HTTPS API key is required unless GraphQL token authentication is enabled') - return None def generate(https): |