summaryrefslogtreecommitdiff
path: root/src/conf_mode
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-11-23 17:20:41 +0100
committerChristian Breunig <christian@breunig.cc>2023-11-23 17:20:41 +0100
commite7efd65483e7f6e1902a9ab88f8453d5fbb63c09 (patch)
treeca43c2b951f76823bc071b368a50ea1bdcb97b72 /src/conf_mode
parenta54fe17d7e2bc3ab5834e439d90effc247306fc2 (diff)
downloadvyos-1x-e7efd65483e7f6e1902a9ab88f8453d5fbb63c09.tar.gz
vyos-1x-e7efd65483e7f6e1902a9ab88f8453d5fbb63c09.zip
https api: T5772: fix Python version not supporting f-ormated strings and dict parsing
cpo@LR3.wue3# commit [ service https ] At least one HTTPS API key is required! [[service https]] failed [[service https api]] failed cpo@LR3.wue3# set service https api keys id foo [edit] cpo@LR3.wue3# commit [ service https ] Missing HTTPS API key string for key id: foo
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-xsrc/conf_mode/https.py43
1 files changed, 23 insertions, 20 deletions
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 349cec888..af0e85af5 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -136,6 +136,14 @@ def get_config():
if conf.exists('api port'):
port = conf.return_value('api port')
api_data['port'] = port
+ if conf.exists('api keys id'):
+ for id in conf.list_nodes('api keys id'):
+ tmp = {"id": id}
+ if conf.exists('api keys id ' + id + ' key'):
+ key = conf.return_value('api keys id ' + id + ' key')
+ tmp.update({'key':key})
+ api_data['api_keys'].append(tmp)
+
if api_data:
for block in server_block_list:
block['api'] = api_data
@@ -144,28 +152,23 @@ def get_config():
return https
def verify(https):
+ if https is None:
+ return None
+
# Verify API server settings, if present
- if 'api' in https:
- keys = dict_search('api.keys.id', https)
- gql_auth_type = dict_search('api.graphql.authentication.type', https)
-
- # If "api graphql" is not defined and `gql_auth_type` is None,
- # there's certainly no JWT auth option, and keys are required
- jwt_auth = (gql_auth_type == "token")
-
- # Check for incomplete key configurations in every case
- valid_keys_exist = False
- if keys:
- for k in keys:
- if 'key' not in keys[k]:
- raise ConfigError(f'Missing HTTPS API key string for key id "{k}"')
+ if 'server_block_list' in https:
+ for server in https['server_block_list']:
+ if 'api' in server:
+ keys = dict_search('api.api_keys', server)
+
+ # Check for incomplete key configurations in every case
+ valid_keys_exist = False
+ if keys:
+ for k in keys:
+ if 'key' not in k:
+ raise ConfigError('Missing HTTPS API key string for key id: ' + k['id'])
else:
- valid_keys_exist = True
-
- # If only key-based methods are enabled,
- # fail the commit if no valid key configurations are found
- if (not valid_keys_exist) and (not jwt_auth):
- raise ConfigError('At least one HTTPS API key is required unless GraphQL token authentication is enabled')
+ raise ConfigError('At least one HTTPS API key is required!')
return None