diff options
25 files changed, 229 insertions, 194 deletions
diff --git a/interface-definitions/include/certificate-ca.xml.i b/interface-definitions/include/certificate-ca.xml.i index b97378658..f42e2ebbd 100644 --- a/interface-definitions/include/certificate-ca.xml.i +++ b/interface-definitions/include/certificate-ca.xml.i @@ -7,7 +7,7 @@ <description>File in /config/auth directory</description> </valueHelp> <constraint> - <validator name="file-exists" argument="--directory /config/auth"/> + <validator name="file-exists" argument="--directory /config/auth --error"/> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/certificate-key.xml.i b/interface-definitions/include/certificate-key.xml.i index 1db9dd069..7d5c2dc03 100644 --- a/interface-definitions/include/certificate-key.xml.i +++ b/interface-definitions/include/certificate-key.xml.i @@ -7,7 +7,7 @@ <description>File in /config/auth directory</description> </valueHelp> <constraint> - <validator name="file-exists" argument="--directory /config/auth"/> + <validator name="file-exists" argument="--directory /config/auth --error"/> </constraint> </properties> </leafNode> diff --git a/interface-definitions/include/certificate.xml.i b/interface-definitions/include/certificate.xml.i index fb5be45cc..3598075a9 100644 --- a/interface-definitions/include/certificate.xml.i +++ b/interface-definitions/include/certificate.xml.i @@ -7,7 +7,7 @@ <description>File in /config/auth directory</description> </valueHelp> <constraint> - <validator name="file-exists" argument="--directory /config/auth"/> + <validator name="file-exists" argument="--directory /config/auth --error"/> </constraint> </properties> </leafNode> diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py index 492d01c4d..ccac0820d 100755 --- a/smoketest/scripts/cli/test_vpn_openconnect.py +++ b/smoketest/scripts/cli/test_vpn_openconnect.py @@ -17,13 +17,16 @@ import unittest from base_vyostest_shim import VyOSUnitTestSHIM - from vyos.util import process_named_running +from vyos.util import cmd +from os import path, mkdir OCSERV_CONF = '/run/ocserv/ocserv.conf' -base_path = ['vpn', 'openconnect'] -cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' -cert_key = '/etc/ssl/private/ssl-cert-snakeoil.key' +base_path = ['vpn', 'openconnect'] +cert_dir = '/config/auth/' +ca_cert = f'{cert_dir}ca.crt' +ssl_cert = f'{cert_dir}server.crt' +ssl_key = f'{cert_dir}server.key' class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase): def tearDown(self): @@ -38,9 +41,9 @@ class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ["authentication", "local-users", "username", user, "password", password]) self.cli_set(base_path + ["authentication", "mode", "local"]) self.cli_set(base_path + ["network-settings", "client-ip-settings", "subnet", "192.0.2.0/24"]) - self.cli_set(base_path + ["ssl", "ca-cert-file", cert]) - self.cli_set(base_path + ["ssl", "cert-file", cert]) - self.cli_set(base_path + ["ssl", "key-file", cert_key]) + self.cli_set(base_path + ["ssl", "ca-cert-file", ca_cert]) + self.cli_set(base_path + ["ssl", "cert-file", ssl_cert]) + self.cli_set(base_path + ["ssl", "key-file", ssl_key]) self.cli_commit() @@ -48,4 +51,21 @@ class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase): self.assertTrue(process_named_running('ocserv-main')) if __name__ == '__main__': + if not path.exists(cert_dir): + mkdir(cert_dir) + + # Our SSL certificates need a subject ... + subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos/' \ + 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/' + + # Generate mandatory SSL certificate + tmp = f'openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 '\ + f'-keyout {ssl_key} -out {ssl_cert} -subj {subject}' + cmd(tmp) + + # Generate "CA" + tmp = f'openssl req -new -x509 -key {ssl_key} -out {ca_cert} '\ + f'-subj {subject}' + cmd(tmp) + unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_vpn_sstp.py b/smoketest/scripts/cli/test_vpn_sstp.py index 033338685..b7b7729b2 100755 --- a/smoketest/scripts/cli/test_vpn_sstp.py +++ b/smoketest/scripts/cli/test_vpn_sstp.py @@ -18,10 +18,12 @@ import unittest from base_accel_ppp_test import BasicAccelPPPTest from vyos.util import cmd +from os import path, mkdir -ca_cert = '/tmp/ca.crt' -ssl_cert = '/tmp/server.crt' -ssl_key = '/tmp/server.key' +cert_dir = '/config/auth/' +ca_cert = f'{cert_dir}ca.crt' +ssl_cert = f'{cert_dir}server.crt' +ssl_key = f'{cert_dir}server.key' class TestVPNSSTPServer(BasicAccelPPPTest.TestCase): def setUp(self): @@ -41,6 +43,9 @@ class TestVPNSSTPServer(BasicAccelPPPTest.TestCase): super().basic_config() if __name__ == '__main__': + if not path.exists(cert_dir): + mkdir(cert_dir) + # Our SSL certificates need a subject ... subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos/' \ 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/' diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py index 070009722..215dfb37a 100755 --- a/src/conf_mode/vpn_sstp.py +++ b/src/conf_mode/vpn_sstp.py @@ -56,24 +56,13 @@ def verify(sstp): # # SSL certificate checks # - tmp = dict_search('ssl.ca_cert_file', sstp) - if tmp: - if not os.path.isfile(tmp): - raise ConfigError(f'SSL CA certificate "{tmp}" does not exist!') - tmp = dict_search('ssl.cert_file', sstp) if not tmp: raise ConfigError(f'SSL public key file required!') - else: - if not os.path.isfile(tmp): - raise ConfigError(f'SSL public key "{tmp}" does not exist!') tmp = dict_search('ssl.key_file', sstp) if not tmp: raise ConfigError(f'SSL private key file required!') - else: - if not os.path.isfile(tmp): - raise ConfigError(f'SSL private key "{tmp}" does not exist!') def generate(sstp): if not sstp: diff --git a/src/services/api/graphql/README.graphql b/src/services/api/graphql/README.graphql index c91b70782..29f58f709 100644 --- a/src/services/api/graphql/README.graphql +++ b/src/services/api/graphql/README.graphql @@ -10,7 +10,7 @@ to run with that address as default router by requesting these 'mutations' in the GraphQL playground: mutation { - createInterfaceEthernet (data: {interface: "eth1", + CreateInterfaceEthernet (data: {interface: "eth1", address: "192.168.0.1/24", description: "BOB"}) { success @@ -22,7 +22,7 @@ mutation { } mutation { - createDhcpServer(data: {sharedNetworkName: "BOB", + CreateDhcpServer(data: {sharedNetworkName: "BOB", subnet: "192.168.0.0/24", defaultRouter: "192.168.0.1", nameServer: "192.168.0.1", @@ -42,8 +42,10 @@ mutation { } } +To save the configuration, use the following mutation: + mutation { - saveConfigFile(data: {fileName: "/config/config.boot"}) { + SaveConfigFile(data: {fileName: "/config/config.boot"}) { success errors data { @@ -52,11 +54,17 @@ mutation { } } -N.B. fileName can be empty (fileName: "") or data can be empty (data: {}) to save to -/config/config.boot; to save to an alternative path, specify fileName. +N.B. fileName can be empty (fileName: "") or data can be empty (data: {}) to +save to /config/config.boot; to save to an alternative path, specify +fileName. + +Similarly, using the same 'endpoint' (meaning the form of the request and +resolver; the actual enpoint for all GraphQL requests is +https://hostname/graphql), one can load an arbitrary config file from a +path. mutation { - loadConfigFile(data: {fileName: "/home/vyos/config.boot"}) { + LoadConfigFile(data: {fileName: "/home/vyos/config.boot"}) { success errors data { @@ -81,22 +89,23 @@ What's here: services ├── api │ └── graphql +│ ├── bindings.py │ ├── graphql │ │ ├── directives.py │ │ ├── __init__.py │ │ ├── mutations.py │ │ └── schema +│ │ ├── config_file.graphql │ │ ├── dhcp_server.graphql │ │ ├── interface_ethernet.graphql │ │ └── schema.graphql +│ ├── README.graphql │ ├── recipes -│ │ ├── dhcp_server.py │ │ ├── __init__.py -│ │ ├── interface_ethernet.py -│ │ ├── recipe.py +│ │ ├── session.py │ │ └── templates -│ │ ├── dhcp_server.tmpl -│ │ └── interface_ethernet.tmpl +│ │ ├── create_dhcp_server.tmpl +│ │ └── create_interface_ethernet.tmpl │ └── state.py ├── vyos-configd ├── vyos-hostsd @@ -114,13 +123,14 @@ the Ur-data; the GraphQL schema is produced from those files, located in Resolvers for the schema Mutation fields are dynamically generated using a 'directive' added to the respective schema field. The directive, -'@generate', is handled by the class 'DataDirective' in -'api/graphql/graphql/directives.py', which calls the 'make_resolver' function in -'api/graphql/graphql/mutations.py'; the produced resolver calls the appropriate -wrapper in 'api/graphql/recipes', with base class doing the (overridable) -configuration steps of calling all defined 'set'/'delete' commands. - -Integrating the above with vyos-http-api-server is ~10 lines of code. +'@configure', is handled by the class 'ConfigureDirective' in +'api/graphql/graphql/directives.py', which calls the +'make_configure_resolver' function in 'api/graphql/graphql/mutations.py'; +the produced resolver calls the appropriate wrapper in +'api/graphql/recipes', with base class doing the (overridable) configuration +steps of calling all defined 'set'/'delete' commands. + +Integrating the above with vyos-http-api-server is 4 lines of code. What needs to be done: diff --git a/src/services/api/graphql/bindings.py b/src/services/api/graphql/bindings.py index c123f68d8..1fbe13d0c 100644 --- a/src/services/api/graphql/bindings.py +++ b/src/services/api/graphql/bindings.py @@ -1,7 +1,6 @@ import vyos.defaults from . graphql.mutations import mutation -from . graphql.directives import DataDirective, ConfigFileDirective - +from . graphql.directives import directives_dict from ariadne import make_executable_schema, load_schema_from_path, snake_case_fallback_resolvers def generate_schema(): @@ -9,6 +8,6 @@ def generate_schema(): type_defs = load_schema_from_path(api_schema_dir) - schema = make_executable_schema(type_defs, mutation, snake_case_fallback_resolvers, directives={"generate": DataDirective, "configfile": ConfigFileDirective}) + schema = make_executable_schema(type_defs, mutation, snake_case_fallback_resolvers, directives=directives_dict) return schema diff --git a/src/services/api/graphql/graphql/directives.py b/src/services/api/graphql/graphql/directives.py index 85d514de4..f5cd88acd 100644 --- a/src/services/api/graphql/graphql/directives.py +++ b/src/services/api/graphql/graphql/directives.py @@ -1,12 +1,11 @@ from ariadne import SchemaDirectiveVisitor, ObjectType -from . mutations import make_resolver, make_config_file_resolver +from . mutations import make_configure_resolver, make_config_file_resolver -class DataDirective(SchemaDirectiveVisitor): - """ - Class providing implementation of 'generate' directive in schema. +def non(arg): + pass - """ - def visit_field_definition(self, field, object_type): +class VyosDirective(SchemaDirectiveVisitor): + def visit_field_definition(self, field, object_type, make_resolver=non): name = f'{field.type}' # field.type contains the return value of the mutation; trim value # to produce canonical name @@ -16,17 +15,23 @@ class DataDirective(SchemaDirectiveVisitor): field.resolve = func return field -class ConfigFileDirective(SchemaDirectiveVisitor): + +class ConfigureDirective(VyosDirective): + """ + Class providing implementation of 'configure' directive in schema. + + """ + def visit_field_definition(self, field, object_type): + super().visit_field_definition(field, object_type, + make_resolver=make_configure_resolver) + +class ConfigFileDirective(VyosDirective): """ Class providing implementation of 'configfile' directive in schema. """ def visit_field_definition(self, field, object_type): - name = f'{field.type}' - # field.type contains the return value of the mutation; trim value - # to produce canonical name - name = name.replace('Result', '', 1) + super().visit_field_definition(field, object_type, + make_resolver=make_config_file_resolver) - func = make_config_file_resolver(name) - field.resolve = func - return field +directives_dict = {"configure": ConfigureDirective, "configfile": ConfigFileDirective} diff --git a/src/services/api/graphql/graphql/mutations.py b/src/services/api/graphql/graphql/mutations.py index 2eb0a0b4a..8a28b13d7 100644 --- a/src/services/api/graphql/graphql/mutations.py +++ b/src/services/api/graphql/graphql/mutations.py @@ -6,10 +6,11 @@ from graphql import GraphQLResolveInfo from makefun import with_signature from .. import state +from api.graphql.recipes.session import Session mutation = ObjectType("Mutation") -def make_resolver(mutation_name): +def make_resolver(mutation_name, class_name, session_func): """Dynamically generate a resolver for the mutation named in the schema by 'mutation_name'. @@ -19,52 +20,9 @@ def make_resolver(mutation_name): functools.wraps. :raise Exception: - encapsulating ConfigErrors, or internal errors + raising ConfigErrors, or internal errors """ - class_name = mutation_name.replace('create', '', 1).replace('delete', '', 1) - func_base_name = convert_camel_case_to_snake(class_name) - resolver_name = f'resolve_create_{func_base_name}' - func_sig = '(obj: Any, info: GraphQLResolveInfo, data: Dict)' - - @mutation.field(mutation_name) - @convert_kwargs_to_snake_case - @with_signature(func_sig, func_name=resolver_name) - async def func_impl(*args, **kwargs): - try: - if 'data' not in kwargs: - return { - "success": False, - "errors": ['missing data'] - } - - data = kwargs['data'] - session = state.settings['app'].state.vyos_session - - mod = import_module(f'api.graphql.recipes.{func_base_name}') - klass = getattr(mod, class_name) - k = klass(session, data) - k.configure() - - return { - "success": True, - "data": data - } - except Exception as error: - return { - "success": False, - "errors": [str(error)] - } - return func_impl - -def make_config_file_resolver(mutation_name): - op = '' - if 'save' in mutation_name: - op = 'save' - elif 'load' in mutation_name: - op = 'load' - - class_name = mutation_name.replace('save', '', 1).replace('load', '', 1) func_base_name = convert_camel_case_to_snake(class_name) resolver_name = f'resolve_{func_base_name}' func_sig = '(obj: Any, info: GraphQLResolveInfo, data: Dict)' @@ -83,18 +41,17 @@ def make_config_file_resolver(mutation_name): data = kwargs['data'] session = state.settings['app'].state.vyos_session - mod = import_module(f'api.graphql.recipes.{func_base_name}') - klass = getattr(mod, class_name) + # one may override the session functions with a local subclass + try: + mod = import_module(f'api.graphql.recipes.{func_base_name}') + klass = getattr(mod, class_name) + except ImportError: + # otherwise, dynamically generate subclass to invoke subclass + # name based templates + klass = type(class_name, (Session,), {}) k = klass(session, data) - if op == 'save': - k.save() - elif op == 'load': - k.load() - else: - return { - "success": False, - "errors": ["Input must be saveConfigFile | loadConfigFile"] - } + method = getattr(k, session_func) + method() return { "success": True, @@ -107,3 +64,17 @@ def make_config_file_resolver(mutation_name): } return func_impl + +def make_configure_resolver(mutation_name): + class_name = mutation_name + return make_resolver(mutation_name, class_name, 'configure') + +def make_config_file_resolver(mutation_name): + if 'Save' in mutation_name: + class_name = mutation_name.replace('Save', '', 1) + return make_resolver(mutation_name, class_name, 'save') + elif 'Load' in mutation_name: + class_name = mutation_name.replace('Load', '', 1) + return make_resolver(mutation_name, class_name, 'load') + else: + raise Exception diff --git a/src/services/api/graphql/graphql/schema/config_file.graphql b/src/services/api/graphql/graphql/schema/config_file.graphql index 3096cf743..31ab26b9e 100644 --- a/src/services/api/graphql/graphql/schema/config_file.graphql +++ b/src/services/api/graphql/graphql/schema/config_file.graphql @@ -1,27 +1,27 @@ -input saveConfigFileInput { +input SaveConfigFileInput { fileName: String } -type saveConfigFile { +type SaveConfigFile { fileName: String } -type saveConfigFileResult { - data: saveConfigFile +type SaveConfigFileResult { + data: SaveConfigFile success: Boolean! errors: [String] } -input loadConfigFileInput { +input LoadConfigFileInput { fileName: String! } -type loadConfigFile { +type LoadConfigFile { fileName: String! } -type loadConfigFileResult { - data: loadConfigFile +type LoadConfigFileResult { + data: LoadConfigFile success: Boolean! errors: [String] } diff --git a/src/services/api/graphql/graphql/schema/dhcp_server.graphql b/src/services/api/graphql/graphql/schema/dhcp_server.graphql index 9f741a0a5..25f091bfa 100644 --- a/src/services/api/graphql/graphql/schema/dhcp_server.graphql +++ b/src/services/api/graphql/graphql/schema/dhcp_server.graphql @@ -1,4 +1,4 @@ -input dhcpServerConfigInput { +input DhcpServerConfigInput { sharedNetworkName: String subnet: String defaultRouter: String @@ -13,7 +13,7 @@ input dhcpServerConfigInput { dnsForwardingListenAddress: String } -type dhcpServerConfig { +type DhcpServerConfig { sharedNetworkName: String subnet: String defaultRouter: String @@ -28,8 +28,8 @@ type dhcpServerConfig { dnsForwardingListenAddress: String } -type createDhcpServerResult { - data: dhcpServerConfig +type CreateDhcpServerResult { + data: DhcpServerConfig success: Boolean! errors: [String] } diff --git a/src/services/api/graphql/graphql/schema/firewall_group.graphql b/src/services/api/graphql/graphql/schema/firewall_group.graphql new file mode 100644 index 000000000..efe7de632 --- /dev/null +++ b/src/services/api/graphql/graphql/schema/firewall_group.graphql @@ -0,0 +1,47 @@ +input CreateFirewallAddressGroupInput { + name: String! + address: [String] +} + +type CreateFirewallAddressGroup { + name: String! + address: [String] +} + +type CreateFirewallAddressGroupResult { + data: CreateFirewallAddressGroup + success: Boolean! + errors: [String] +} + +input UpdateFirewallAddressGroupMembersInput { + name: String! + address: [String!]! +} + +type UpdateFirewallAddressGroupMembers { + name: String! + address: [String!]! +} + +type UpdateFirewallAddressGroupMembersResult { + data: UpdateFirewallAddressGroupMembers + success: Boolean! + errors: [String] +} + +input RemoveFirewallAddressGroupMembersInput { + name: String! + address: [String!]! +} + +type RemoveFirewallAddressGroupMembers { + name: String! + address: [String!]! +} + +type RemoveFirewallAddressGroupMembersResult { + data: RemoveFirewallAddressGroupMembers + success: Boolean! + errors: [String] +} diff --git a/src/services/api/graphql/graphql/schema/interface_ethernet.graphql b/src/services/api/graphql/graphql/schema/interface_ethernet.graphql index fdcf97bad..32438b315 100644 --- a/src/services/api/graphql/graphql/schema/interface_ethernet.graphql +++ b/src/services/api/graphql/graphql/schema/interface_ethernet.graphql @@ -1,18 +1,18 @@ -input interfaceEthernetConfigInput { +input InterfaceEthernetConfigInput { interface: String address: String replace: Boolean = true description: String } -type interfaceEthernetConfig { +type InterfaceEthernetConfig { interface: String address: String description: String } -type createInterfaceEthernetResult { - data: interfaceEthernetConfig +type CreateInterfaceEthernetResult { + data: InterfaceEthernetConfig success: Boolean! errors: [String] } diff --git a/src/services/api/graphql/graphql/schema/schema.graphql b/src/services/api/graphql/graphql/schema/schema.graphql index 70fe0d726..9e97a0d60 100644 --- a/src/services/api/graphql/graphql/schema/schema.graphql +++ b/src/services/api/graphql/graphql/schema/schema.graphql @@ -7,12 +7,15 @@ type Query { _dummy: String } -directive @generate on FIELD_DEFINITION +directive @configure on FIELD_DEFINITION directive @configfile on FIELD_DEFINITION type Mutation { - createDhcpServer(data: dhcpServerConfigInput) : createDhcpServerResult @generate - createInterfaceEthernet(data: interfaceEthernetConfigInput) : createInterfaceEthernetResult @generate - saveConfigFile(data: saveConfigFileInput) : saveConfigFileResult @configfile - loadConfigFile(data: loadConfigFileInput) : loadConfigFileResult @configfile + CreateDhcpServer(data: DhcpServerConfigInput) : CreateDhcpServerResult @configure + CreateInterfaceEthernet(data: InterfaceEthernetConfigInput) : CreateInterfaceEthernetResult @configure + CreateFirewallAddressGroup(data: CreateFirewallAddressGroupInput) : CreateFirewallAddressGroupResult @configure + UpdateFirewallAddressGroupMembers(data: UpdateFirewallAddressGroupMembersInput) : UpdateFirewallAddressGroupMembersResult @configure + RemoveFirewallAddressGroupMembers(data: RemoveFirewallAddressGroupMembersInput) : RemoveFirewallAddressGroupMembersResult @configure + SaveConfigFile(data: SaveConfigFileInput) : SaveConfigFileResult @configfile + LoadConfigFile(data: LoadConfigFileInput) : LoadConfigFileResult @configfile } diff --git a/src/services/api/graphql/recipes/config_file.py b/src/services/api/graphql/recipes/config_file.py deleted file mode 100644 index 850e5326e..000000000 --- a/src/services/api/graphql/recipes/config_file.py +++ /dev/null @@ -1,16 +0,0 @@ - -from . recipe import Recipe - -class ConfigFile(Recipe): - def __init__(self, session, command_file): - super().__init__(session, command_file) - - # Define any custom processing of parameters here by overriding - # save/load: - # - # def save(self): - # self.data = transform_data(self.data) - # super().save() - # def load(self): - # self.data = transform_data(self.data) - # super().load() diff --git a/src/services/api/graphql/recipes/dhcp_server.py b/src/services/api/graphql/recipes/dhcp_server.py deleted file mode 100644 index 3edb3028e..000000000 --- a/src/services/api/graphql/recipes/dhcp_server.py +++ /dev/null @@ -1,13 +0,0 @@ - -from . recipe import Recipe - -class DhcpServer(Recipe): - def __init__(self, session, command_file): - super().__init__(session, command_file) - - # Define any custom processing of parameters here by overriding - # configure: - # - # def configure(self): - # self.data = transform_data(self.data) - # super().configure() diff --git a/src/services/api/graphql/recipes/interface_ethernet.py b/src/services/api/graphql/recipes/interface_ethernet.py deleted file mode 100644 index f88f5924f..000000000 --- a/src/services/api/graphql/recipes/interface_ethernet.py +++ /dev/null @@ -1,13 +0,0 @@ - -from . recipe import Recipe - -class InterfaceEthernet(Recipe): - def __init__(self, session, command_file): - super().__init__(session, command_file) - - # Define any custom processing of parameters here by overriding - # configure: - # - # def configure(self): - # self.data = transform_data(self.data) - # super().configure() diff --git a/src/services/api/graphql/recipes/remove_firewall_address_group_members.py b/src/services/api/graphql/recipes/remove_firewall_address_group_members.py new file mode 100644 index 000000000..cde30c27a --- /dev/null +++ b/src/services/api/graphql/recipes/remove_firewall_address_group_members.py @@ -0,0 +1,21 @@ + +from . session import Session + +class RemoveFirewallAddressGroupMembers(Session): + def __init__(self, session, data): + super().__init__(session, data) + + # Define any custom processing of parameters here by overriding + # configure: + # + # def configure(self): + # self._data = transform_data(self._data) + # super().configure() + # self.clean_up() + + def configure(self): + super().configure() + + group_name = self._data['name'] + path = ['firewall', 'group', 'address-group', group_name] + self.delete_path_if_childless(path) diff --git a/src/services/api/graphql/recipes/recipe.py b/src/services/api/graphql/recipes/session.py index 91d8bd67a..b96cc1753 100644 --- a/src/services/api/graphql/recipes/recipe.py +++ b/src/services/api/graphql/recipes/session.py @@ -1,27 +1,17 @@ from ariadne import convert_camel_case_to_snake import vyos.defaults +from vyos.config import Config from vyos.template import render -class Recipe(object): +class Session(object): def __init__(self, session, data): self._session = session - self.data = data + self._data = data self._name = convert_camel_case_to_snake(type(self).__name__) - @property - def data(self): - return self.__data - - @data.setter - def data(self, data): - if isinstance(data, dict): - self.__data = data - else: - raise ValueError("data must be of type dict") - def configure(self): session = self._session - data = self.data + data = self._data func_base_name = self._name tmpl_file = f'{func_base_name}.tmpl' @@ -46,9 +36,16 @@ class Recipe(object): except Exception as error: raise error + def delete_path_if_childless(self, path): + session = self._session + config = Config(session.get_session_env()) + if not config.list_nodes(path): + session.delete(path) + session.commit() + def save(self): session = self._session - data = self.data + data = self._data if 'file_name' not in data or not data['file_name']: data['file_name'] = '/config/config.boot' @@ -59,7 +56,7 @@ class Recipe(object): def load(self): session = self._session - data = self.data + data = self._data try: session.load_config(data['file_name']) diff --git a/src/services/api/graphql/recipes/templates/dhcp_server.tmpl b/src/services/api/graphql/recipes/templates/create_dhcp_server.tmpl index 70de43183..70de43183 100644 --- a/src/services/api/graphql/recipes/templates/dhcp_server.tmpl +++ b/src/services/api/graphql/recipes/templates/create_dhcp_server.tmpl diff --git a/src/services/api/graphql/recipes/templates/create_firewall_address_group.tmpl b/src/services/api/graphql/recipes/templates/create_firewall_address_group.tmpl new file mode 100644 index 000000000..a890d0086 --- /dev/null +++ b/src/services/api/graphql/recipes/templates/create_firewall_address_group.tmpl @@ -0,0 +1,4 @@ +set firewall group address-group {{ name }} +{% for add in address %} +set firewall group address-group {{ name }} address {{ add }} +{% endfor %} diff --git a/src/services/api/graphql/recipes/templates/interface_ethernet.tmpl b/src/services/api/graphql/recipes/templates/create_interface_ethernet.tmpl index d9d7ed691..d9d7ed691 100644 --- a/src/services/api/graphql/recipes/templates/interface_ethernet.tmpl +++ b/src/services/api/graphql/recipes/templates/create_interface_ethernet.tmpl diff --git a/src/services/api/graphql/recipes/templates/remove_firewall_address_group_members.tmpl b/src/services/api/graphql/recipes/templates/remove_firewall_address_group_members.tmpl new file mode 100644 index 000000000..458f3e5fc --- /dev/null +++ b/src/services/api/graphql/recipes/templates/remove_firewall_address_group_members.tmpl @@ -0,0 +1,3 @@ +{% for add in address %} +delete firewall group address-group {{ name }} address {{ add }} +{% endfor %} diff --git a/src/services/api/graphql/recipes/templates/update_firewall_address_group_members.tmpl b/src/services/api/graphql/recipes/templates/update_firewall_address_group_members.tmpl new file mode 100644 index 000000000..f56c61231 --- /dev/null +++ b/src/services/api/graphql/recipes/templates/update_firewall_address_group_members.tmpl @@ -0,0 +1,3 @@ +{% for add in address %} +set firewall group address-group {{ name }} address {{ add }} +{% endfor %} |