summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--interface-definitions/include/certificate-ca.xml.i2
-rw-r--r--interface-definitions/include/certificate-key.xml.i2
-rw-r--r--interface-definitions/include/certificate.xml.i2
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_openconnect.py34
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_sstp.py11
-rwxr-xr-xsrc/conf_mode/vpn_sstp.py11
-rw-r--r--src/services/api/graphql/README.graphql46
-rw-r--r--src/services/api/graphql/bindings.py5
-rw-r--r--src/services/api/graphql/graphql/directives.py33
-rw-r--r--src/services/api/graphql/graphql/mutations.py83
-rw-r--r--src/services/api/graphql/graphql/schema/config_file.graphql16
-rw-r--r--src/services/api/graphql/graphql/schema/dhcp_server.graphql8
-rw-r--r--src/services/api/graphql/graphql/schema/firewall_group.graphql47
-rw-r--r--src/services/api/graphql/graphql/schema/interface_ethernet.graphql8
-rw-r--r--src/services/api/graphql/graphql/schema/schema.graphql13
-rw-r--r--src/services/api/graphql/recipes/config_file.py16
-rw-r--r--src/services/api/graphql/recipes/dhcp_server.py13
-rw-r--r--src/services/api/graphql/recipes/interface_ethernet.py13
-rw-r--r--src/services/api/graphql/recipes/remove_firewall_address_group_members.py21
-rw-r--r--src/services/api/graphql/recipes/session.py (renamed from src/services/api/graphql/recipes/recipe.py)29
-rw-r--r--src/services/api/graphql/recipes/templates/create_dhcp_server.tmpl (renamed from src/services/api/graphql/recipes/templates/dhcp_server.tmpl)0
-rw-r--r--src/services/api/graphql/recipes/templates/create_firewall_address_group.tmpl4
-rw-r--r--src/services/api/graphql/recipes/templates/create_interface_ethernet.tmpl (renamed from src/services/api/graphql/recipes/templates/interface_ethernet.tmpl)0
-rw-r--r--src/services/api/graphql/recipes/templates/remove_firewall_address_group_members.tmpl3
-rw-r--r--src/services/api/graphql/recipes/templates/update_firewall_address_group_members.tmpl3
25 files changed, 229 insertions, 194 deletions
diff --git a/interface-definitions/include/certificate-ca.xml.i b/interface-definitions/include/certificate-ca.xml.i
index b97378658..f42e2ebbd 100644
--- a/interface-definitions/include/certificate-ca.xml.i
+++ b/interface-definitions/include/certificate-ca.xml.i
@@ -7,7 +7,7 @@
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
- <validator name="file-exists" argument="--directory /config/auth"/>
+ <validator name="file-exists" argument="--directory /config/auth --error"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/certificate-key.xml.i b/interface-definitions/include/certificate-key.xml.i
index 1db9dd069..7d5c2dc03 100644
--- a/interface-definitions/include/certificate-key.xml.i
+++ b/interface-definitions/include/certificate-key.xml.i
@@ -7,7 +7,7 @@
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
- <validator name="file-exists" argument="--directory /config/auth"/>
+ <validator name="file-exists" argument="--directory /config/auth --error"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/certificate.xml.i b/interface-definitions/include/certificate.xml.i
index fb5be45cc..3598075a9 100644
--- a/interface-definitions/include/certificate.xml.i
+++ b/interface-definitions/include/certificate.xml.i
@@ -7,7 +7,7 @@
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
- <validator name="file-exists" argument="--directory /config/auth"/>
+ <validator name="file-exists" argument="--directory /config/auth --error"/>
</constraint>
</properties>
</leafNode>
diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py
index 492d01c4d..ccac0820d 100755
--- a/smoketest/scripts/cli/test_vpn_openconnect.py
+++ b/smoketest/scripts/cli/test_vpn_openconnect.py
@@ -17,13 +17,16 @@
import unittest
from base_vyostest_shim import VyOSUnitTestSHIM
-
from vyos.util import process_named_running
+from vyos.util import cmd
+from os import path, mkdir
OCSERV_CONF = '/run/ocserv/ocserv.conf'
-base_path = ['vpn', 'openconnect']
-cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
-cert_key = '/etc/ssl/private/ssl-cert-snakeoil.key'
+base_path = ['vpn', 'openconnect']
+cert_dir = '/config/auth/'
+ca_cert = f'{cert_dir}ca.crt'
+ssl_cert = f'{cert_dir}server.crt'
+ssl_key = f'{cert_dir}server.key'
class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase):
def tearDown(self):
@@ -38,9 +41,9 @@ class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ["authentication", "local-users", "username", user, "password", password])
self.cli_set(base_path + ["authentication", "mode", "local"])
self.cli_set(base_path + ["network-settings", "client-ip-settings", "subnet", "192.0.2.0/24"])
- self.cli_set(base_path + ["ssl", "ca-cert-file", cert])
- self.cli_set(base_path + ["ssl", "cert-file", cert])
- self.cli_set(base_path + ["ssl", "key-file", cert_key])
+ self.cli_set(base_path + ["ssl", "ca-cert-file", ca_cert])
+ self.cli_set(base_path + ["ssl", "cert-file", ssl_cert])
+ self.cli_set(base_path + ["ssl", "key-file", ssl_key])
self.cli_commit()
@@ -48,4 +51,21 @@ class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase):
self.assertTrue(process_named_running('ocserv-main'))
if __name__ == '__main__':
+ if not path.exists(cert_dir):
+ mkdir(cert_dir)
+
+ # Our SSL certificates need a subject ...
+ subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos/' \
+ 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/'
+
+ # Generate mandatory SSL certificate
+ tmp = f'openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 '\
+ f'-keyout {ssl_key} -out {ssl_cert} -subj {subject}'
+ cmd(tmp)
+
+ # Generate "CA"
+ tmp = f'openssl req -new -x509 -key {ssl_key} -out {ca_cert} '\
+ f'-subj {subject}'
+ cmd(tmp)
+
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_vpn_sstp.py b/smoketest/scripts/cli/test_vpn_sstp.py
index 033338685..b7b7729b2 100755
--- a/smoketest/scripts/cli/test_vpn_sstp.py
+++ b/smoketest/scripts/cli/test_vpn_sstp.py
@@ -18,10 +18,12 @@ import unittest
from base_accel_ppp_test import BasicAccelPPPTest
from vyos.util import cmd
+from os import path, mkdir
-ca_cert = '/tmp/ca.crt'
-ssl_cert = '/tmp/server.crt'
-ssl_key = '/tmp/server.key'
+cert_dir = '/config/auth/'
+ca_cert = f'{cert_dir}ca.crt'
+ssl_cert = f'{cert_dir}server.crt'
+ssl_key = f'{cert_dir}server.key'
class TestVPNSSTPServer(BasicAccelPPPTest.TestCase):
def setUp(self):
@@ -41,6 +43,9 @@ class TestVPNSSTPServer(BasicAccelPPPTest.TestCase):
super().basic_config()
if __name__ == '__main__':
+ if not path.exists(cert_dir):
+ mkdir(cert_dir)
+
# Our SSL certificates need a subject ...
subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos/' \
'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/'
diff --git a/src/conf_mode/vpn_sstp.py b/src/conf_mode/vpn_sstp.py
index 070009722..215dfb37a 100755
--- a/src/conf_mode/vpn_sstp.py
+++ b/src/conf_mode/vpn_sstp.py
@@ -56,24 +56,13 @@ def verify(sstp):
#
# SSL certificate checks
#
- tmp = dict_search('ssl.ca_cert_file', sstp)
- if tmp:
- if not os.path.isfile(tmp):
- raise ConfigError(f'SSL CA certificate "{tmp}" does not exist!')
-
tmp = dict_search('ssl.cert_file', sstp)
if not tmp:
raise ConfigError(f'SSL public key file required!')
- else:
- if not os.path.isfile(tmp):
- raise ConfigError(f'SSL public key "{tmp}" does not exist!')
tmp = dict_search('ssl.key_file', sstp)
if not tmp:
raise ConfigError(f'SSL private key file required!')
- else:
- if not os.path.isfile(tmp):
- raise ConfigError(f'SSL private key "{tmp}" does not exist!')
def generate(sstp):
if not sstp:
diff --git a/src/services/api/graphql/README.graphql b/src/services/api/graphql/README.graphql
index c91b70782..29f58f709 100644
--- a/src/services/api/graphql/README.graphql
+++ b/src/services/api/graphql/README.graphql
@@ -10,7 +10,7 @@ to run with that address as default router by requesting these 'mutations'
in the GraphQL playground:
mutation {
- createInterfaceEthernet (data: {interface: "eth1",
+ CreateInterfaceEthernet (data: {interface: "eth1",
address: "192.168.0.1/24",
description: "BOB"}) {
success
@@ -22,7 +22,7 @@ mutation {
}
mutation {
- createDhcpServer(data: {sharedNetworkName: "BOB",
+ CreateDhcpServer(data: {sharedNetworkName: "BOB",
subnet: "192.168.0.0/24",
defaultRouter: "192.168.0.1",
nameServer: "192.168.0.1",
@@ -42,8 +42,10 @@ mutation {
}
}
+To save the configuration, use the following mutation:
+
mutation {
- saveConfigFile(data: {fileName: "/config/config.boot"}) {
+ SaveConfigFile(data: {fileName: "/config/config.boot"}) {
success
errors
data {
@@ -52,11 +54,17 @@ mutation {
}
}
-N.B. fileName can be empty (fileName: "") or data can be empty (data: {}) to save to
-/config/config.boot; to save to an alternative path, specify fileName.
+N.B. fileName can be empty (fileName: "") or data can be empty (data: {}) to
+save to /config/config.boot; to save to an alternative path, specify
+fileName.
+
+Similarly, using the same 'endpoint' (meaning the form of the request and
+resolver; the actual enpoint for all GraphQL requests is
+https://hostname/graphql), one can load an arbitrary config file from a
+path.
mutation {
- loadConfigFile(data: {fileName: "/home/vyos/config.boot"}) {
+ LoadConfigFile(data: {fileName: "/home/vyos/config.boot"}) {
success
errors
data {
@@ -81,22 +89,23 @@ What's here:
services
├── api
│   └── graphql
+│   ├── bindings.py
│   ├── graphql
│   │   ├── directives.py
│   │   ├── __init__.py
│   │   ├── mutations.py
│   │   └── schema
+│   │   ├── config_file.graphql
│   │   ├── dhcp_server.graphql
│   │   ├── interface_ethernet.graphql
│   │   └── schema.graphql
+│   ├── README.graphql
│   ├── recipes
-│   │   ├── dhcp_server.py
│   │   ├── __init__.py
-│   │   ├── interface_ethernet.py
-│   │   ├── recipe.py
+│   │   ├── session.py
│   │   └── templates
-│   │   ├── dhcp_server.tmpl
-│   │   └── interface_ethernet.tmpl
+│   │   ├── create_dhcp_server.tmpl
+│   │   └── create_interface_ethernet.tmpl
│   └── state.py
├── vyos-configd
├── vyos-hostsd
@@ -114,13 +123,14 @@ the Ur-data; the GraphQL schema is produced from those files, located in
Resolvers for the schema Mutation fields are dynamically generated using a
'directive' added to the respective schema field. The directive,
-'@generate', is handled by the class 'DataDirective' in
-'api/graphql/graphql/directives.py', which calls the 'make_resolver' function in
-'api/graphql/graphql/mutations.py'; the produced resolver calls the appropriate
-wrapper in 'api/graphql/recipes', with base class doing the (overridable)
-configuration steps of calling all defined 'set'/'delete' commands.
-
-Integrating the above with vyos-http-api-server is ~10 lines of code.
+'@configure', is handled by the class 'ConfigureDirective' in
+'api/graphql/graphql/directives.py', which calls the
+'make_configure_resolver' function in 'api/graphql/graphql/mutations.py';
+the produced resolver calls the appropriate wrapper in
+'api/graphql/recipes', with base class doing the (overridable) configuration
+steps of calling all defined 'set'/'delete' commands.
+
+Integrating the above with vyos-http-api-server is 4 lines of code.
What needs to be done:
diff --git a/src/services/api/graphql/bindings.py b/src/services/api/graphql/bindings.py
index c123f68d8..1fbe13d0c 100644
--- a/src/services/api/graphql/bindings.py
+++ b/src/services/api/graphql/bindings.py
@@ -1,7 +1,6 @@
import vyos.defaults
from . graphql.mutations import mutation
-from . graphql.directives import DataDirective, ConfigFileDirective
-
+from . graphql.directives import directives_dict
from ariadne import make_executable_schema, load_schema_from_path, snake_case_fallback_resolvers
def generate_schema():
@@ -9,6 +8,6 @@ def generate_schema():
type_defs = load_schema_from_path(api_schema_dir)
- schema = make_executable_schema(type_defs, mutation, snake_case_fallback_resolvers, directives={"generate": DataDirective, "configfile": ConfigFileDirective})
+ schema = make_executable_schema(type_defs, mutation, snake_case_fallback_resolvers, directives=directives_dict)
return schema
diff --git a/src/services/api/graphql/graphql/directives.py b/src/services/api/graphql/graphql/directives.py
index 85d514de4..f5cd88acd 100644
--- a/src/services/api/graphql/graphql/directives.py
+++ b/src/services/api/graphql/graphql/directives.py
@@ -1,12 +1,11 @@
from ariadne import SchemaDirectiveVisitor, ObjectType
-from . mutations import make_resolver, make_config_file_resolver
+from . mutations import make_configure_resolver, make_config_file_resolver
-class DataDirective(SchemaDirectiveVisitor):
- """
- Class providing implementation of 'generate' directive in schema.
+def non(arg):
+ pass
- """
- def visit_field_definition(self, field, object_type):
+class VyosDirective(SchemaDirectiveVisitor):
+ def visit_field_definition(self, field, object_type, make_resolver=non):
name = f'{field.type}'
# field.type contains the return value of the mutation; trim value
# to produce canonical name
@@ -16,17 +15,23 @@ class DataDirective(SchemaDirectiveVisitor):
field.resolve = func
return field
-class ConfigFileDirective(SchemaDirectiveVisitor):
+
+class ConfigureDirective(VyosDirective):
+ """
+ Class providing implementation of 'configure' directive in schema.
+
+ """
+ def visit_field_definition(self, field, object_type):
+ super().visit_field_definition(field, object_type,
+ make_resolver=make_configure_resolver)
+
+class ConfigFileDirective(VyosDirective):
"""
Class providing implementation of 'configfile' directive in schema.
"""
def visit_field_definition(self, field, object_type):
- name = f'{field.type}'
- # field.type contains the return value of the mutation; trim value
- # to produce canonical name
- name = name.replace('Result', '', 1)
+ super().visit_field_definition(field, object_type,
+ make_resolver=make_config_file_resolver)
- func = make_config_file_resolver(name)
- field.resolve = func
- return field
+directives_dict = {"configure": ConfigureDirective, "configfile": ConfigFileDirective}
diff --git a/src/services/api/graphql/graphql/mutations.py b/src/services/api/graphql/graphql/mutations.py
index 2eb0a0b4a..8a28b13d7 100644
--- a/src/services/api/graphql/graphql/mutations.py
+++ b/src/services/api/graphql/graphql/mutations.py
@@ -6,10 +6,11 @@ from graphql import GraphQLResolveInfo
from makefun import with_signature
from .. import state
+from api.graphql.recipes.session import Session
mutation = ObjectType("Mutation")
-def make_resolver(mutation_name):
+def make_resolver(mutation_name, class_name, session_func):
"""Dynamically generate a resolver for the mutation named in the
schema by 'mutation_name'.
@@ -19,52 +20,9 @@ def make_resolver(mutation_name):
functools.wraps.
:raise Exception:
- encapsulating ConfigErrors, or internal errors
+ raising ConfigErrors, or internal errors
"""
- class_name = mutation_name.replace('create', '', 1).replace('delete', '', 1)
- func_base_name = convert_camel_case_to_snake(class_name)
- resolver_name = f'resolve_create_{func_base_name}'
- func_sig = '(obj: Any, info: GraphQLResolveInfo, data: Dict)'
-
- @mutation.field(mutation_name)
- @convert_kwargs_to_snake_case
- @with_signature(func_sig, func_name=resolver_name)
- async def func_impl(*args, **kwargs):
- try:
- if 'data' not in kwargs:
- return {
- "success": False,
- "errors": ['missing data']
- }
-
- data = kwargs['data']
- session = state.settings['app'].state.vyos_session
-
- mod = import_module(f'api.graphql.recipes.{func_base_name}')
- klass = getattr(mod, class_name)
- k = klass(session, data)
- k.configure()
-
- return {
- "success": True,
- "data": data
- }
- except Exception as error:
- return {
- "success": False,
- "errors": [str(error)]
- }
- return func_impl
-
-def make_config_file_resolver(mutation_name):
- op = ''
- if 'save' in mutation_name:
- op = 'save'
- elif 'load' in mutation_name:
- op = 'load'
-
- class_name = mutation_name.replace('save', '', 1).replace('load', '', 1)
func_base_name = convert_camel_case_to_snake(class_name)
resolver_name = f'resolve_{func_base_name}'
func_sig = '(obj: Any, info: GraphQLResolveInfo, data: Dict)'
@@ -83,18 +41,17 @@ def make_config_file_resolver(mutation_name):
data = kwargs['data']
session = state.settings['app'].state.vyos_session
- mod = import_module(f'api.graphql.recipes.{func_base_name}')
- klass = getattr(mod, class_name)
+ # one may override the session functions with a local subclass
+ try:
+ mod = import_module(f'api.graphql.recipes.{func_base_name}')
+ klass = getattr(mod, class_name)
+ except ImportError:
+ # otherwise, dynamically generate subclass to invoke subclass
+ # name based templates
+ klass = type(class_name, (Session,), {})
k = klass(session, data)
- if op == 'save':
- k.save()
- elif op == 'load':
- k.load()
- else:
- return {
- "success": False,
- "errors": ["Input must be saveConfigFile | loadConfigFile"]
- }
+ method = getattr(k, session_func)
+ method()
return {
"success": True,
@@ -107,3 +64,17 @@ def make_config_file_resolver(mutation_name):
}
return func_impl
+
+def make_configure_resolver(mutation_name):
+ class_name = mutation_name
+ return make_resolver(mutation_name, class_name, 'configure')
+
+def make_config_file_resolver(mutation_name):
+ if 'Save' in mutation_name:
+ class_name = mutation_name.replace('Save', '', 1)
+ return make_resolver(mutation_name, class_name, 'save')
+ elif 'Load' in mutation_name:
+ class_name = mutation_name.replace('Load', '', 1)
+ return make_resolver(mutation_name, class_name, 'load')
+ else:
+ raise Exception
diff --git a/src/services/api/graphql/graphql/schema/config_file.graphql b/src/services/api/graphql/graphql/schema/config_file.graphql
index 3096cf743..31ab26b9e 100644
--- a/src/services/api/graphql/graphql/schema/config_file.graphql
+++ b/src/services/api/graphql/graphql/schema/config_file.graphql
@@ -1,27 +1,27 @@
-input saveConfigFileInput {
+input SaveConfigFileInput {
fileName: String
}
-type saveConfigFile {
+type SaveConfigFile {
fileName: String
}
-type saveConfigFileResult {
- data: saveConfigFile
+type SaveConfigFileResult {
+ data: SaveConfigFile
success: Boolean!
errors: [String]
}
-input loadConfigFileInput {
+input LoadConfigFileInput {
fileName: String!
}
-type loadConfigFile {
+type LoadConfigFile {
fileName: String!
}
-type loadConfigFileResult {
- data: loadConfigFile
+type LoadConfigFileResult {
+ data: LoadConfigFile
success: Boolean!
errors: [String]
}
diff --git a/src/services/api/graphql/graphql/schema/dhcp_server.graphql b/src/services/api/graphql/graphql/schema/dhcp_server.graphql
index 9f741a0a5..25f091bfa 100644
--- a/src/services/api/graphql/graphql/schema/dhcp_server.graphql
+++ b/src/services/api/graphql/graphql/schema/dhcp_server.graphql
@@ -1,4 +1,4 @@
-input dhcpServerConfigInput {
+input DhcpServerConfigInput {
sharedNetworkName: String
subnet: String
defaultRouter: String
@@ -13,7 +13,7 @@ input dhcpServerConfigInput {
dnsForwardingListenAddress: String
}
-type dhcpServerConfig {
+type DhcpServerConfig {
sharedNetworkName: String
subnet: String
defaultRouter: String
@@ -28,8 +28,8 @@ type dhcpServerConfig {
dnsForwardingListenAddress: String
}
-type createDhcpServerResult {
- data: dhcpServerConfig
+type CreateDhcpServerResult {
+ data: DhcpServerConfig
success: Boolean!
errors: [String]
}
diff --git a/src/services/api/graphql/graphql/schema/firewall_group.graphql b/src/services/api/graphql/graphql/schema/firewall_group.graphql
new file mode 100644
index 000000000..efe7de632
--- /dev/null
+++ b/src/services/api/graphql/graphql/schema/firewall_group.graphql
@@ -0,0 +1,47 @@
+input CreateFirewallAddressGroupInput {
+ name: String!
+ address: [String]
+}
+
+type CreateFirewallAddressGroup {
+ name: String!
+ address: [String]
+}
+
+type CreateFirewallAddressGroupResult {
+ data: CreateFirewallAddressGroup
+ success: Boolean!
+ errors: [String]
+}
+
+input UpdateFirewallAddressGroupMembersInput {
+ name: String!
+ address: [String!]!
+}
+
+type UpdateFirewallAddressGroupMembers {
+ name: String!
+ address: [String!]!
+}
+
+type UpdateFirewallAddressGroupMembersResult {
+ data: UpdateFirewallAddressGroupMembers
+ success: Boolean!
+ errors: [String]
+}
+
+input RemoveFirewallAddressGroupMembersInput {
+ name: String!
+ address: [String!]!
+}
+
+type RemoveFirewallAddressGroupMembers {
+ name: String!
+ address: [String!]!
+}
+
+type RemoveFirewallAddressGroupMembersResult {
+ data: RemoveFirewallAddressGroupMembers
+ success: Boolean!
+ errors: [String]
+}
diff --git a/src/services/api/graphql/graphql/schema/interface_ethernet.graphql b/src/services/api/graphql/graphql/schema/interface_ethernet.graphql
index fdcf97bad..32438b315 100644
--- a/src/services/api/graphql/graphql/schema/interface_ethernet.graphql
+++ b/src/services/api/graphql/graphql/schema/interface_ethernet.graphql
@@ -1,18 +1,18 @@
-input interfaceEthernetConfigInput {
+input InterfaceEthernetConfigInput {
interface: String
address: String
replace: Boolean = true
description: String
}
-type interfaceEthernetConfig {
+type InterfaceEthernetConfig {
interface: String
address: String
description: String
}
-type createInterfaceEthernetResult {
- data: interfaceEthernetConfig
+type CreateInterfaceEthernetResult {
+ data: InterfaceEthernetConfig
success: Boolean!
errors: [String]
}
diff --git a/src/services/api/graphql/graphql/schema/schema.graphql b/src/services/api/graphql/graphql/schema/schema.graphql
index 70fe0d726..9e97a0d60 100644
--- a/src/services/api/graphql/graphql/schema/schema.graphql
+++ b/src/services/api/graphql/graphql/schema/schema.graphql
@@ -7,12 +7,15 @@ type Query {
_dummy: String
}
-directive @generate on FIELD_DEFINITION
+directive @configure on FIELD_DEFINITION
directive @configfile on FIELD_DEFINITION
type Mutation {
- createDhcpServer(data: dhcpServerConfigInput) : createDhcpServerResult @generate
- createInterfaceEthernet(data: interfaceEthernetConfigInput) : createInterfaceEthernetResult @generate
- saveConfigFile(data: saveConfigFileInput) : saveConfigFileResult @configfile
- loadConfigFile(data: loadConfigFileInput) : loadConfigFileResult @configfile
+ CreateDhcpServer(data: DhcpServerConfigInput) : CreateDhcpServerResult @configure
+ CreateInterfaceEthernet(data: InterfaceEthernetConfigInput) : CreateInterfaceEthernetResult @configure
+ CreateFirewallAddressGroup(data: CreateFirewallAddressGroupInput) : CreateFirewallAddressGroupResult @configure
+ UpdateFirewallAddressGroupMembers(data: UpdateFirewallAddressGroupMembersInput) : UpdateFirewallAddressGroupMembersResult @configure
+ RemoveFirewallAddressGroupMembers(data: RemoveFirewallAddressGroupMembersInput) : RemoveFirewallAddressGroupMembersResult @configure
+ SaveConfigFile(data: SaveConfigFileInput) : SaveConfigFileResult @configfile
+ LoadConfigFile(data: LoadConfigFileInput) : LoadConfigFileResult @configfile
}
diff --git a/src/services/api/graphql/recipes/config_file.py b/src/services/api/graphql/recipes/config_file.py
deleted file mode 100644
index 850e5326e..000000000
--- a/src/services/api/graphql/recipes/config_file.py
+++ /dev/null
@@ -1,16 +0,0 @@
-
-from . recipe import Recipe
-
-class ConfigFile(Recipe):
- def __init__(self, session, command_file):
- super().__init__(session, command_file)
-
- # Define any custom processing of parameters here by overriding
- # save/load:
- #
- # def save(self):
- # self.data = transform_data(self.data)
- # super().save()
- # def load(self):
- # self.data = transform_data(self.data)
- # super().load()
diff --git a/src/services/api/graphql/recipes/dhcp_server.py b/src/services/api/graphql/recipes/dhcp_server.py
deleted file mode 100644
index 3edb3028e..000000000
--- a/src/services/api/graphql/recipes/dhcp_server.py
+++ /dev/null
@@ -1,13 +0,0 @@
-
-from . recipe import Recipe
-
-class DhcpServer(Recipe):
- def __init__(self, session, command_file):
- super().__init__(session, command_file)
-
- # Define any custom processing of parameters here by overriding
- # configure:
- #
- # def configure(self):
- # self.data = transform_data(self.data)
- # super().configure()
diff --git a/src/services/api/graphql/recipes/interface_ethernet.py b/src/services/api/graphql/recipes/interface_ethernet.py
deleted file mode 100644
index f88f5924f..000000000
--- a/src/services/api/graphql/recipes/interface_ethernet.py
+++ /dev/null
@@ -1,13 +0,0 @@
-
-from . recipe import Recipe
-
-class InterfaceEthernet(Recipe):
- def __init__(self, session, command_file):
- super().__init__(session, command_file)
-
- # Define any custom processing of parameters here by overriding
- # configure:
- #
- # def configure(self):
- # self.data = transform_data(self.data)
- # super().configure()
diff --git a/src/services/api/graphql/recipes/remove_firewall_address_group_members.py b/src/services/api/graphql/recipes/remove_firewall_address_group_members.py
new file mode 100644
index 000000000..cde30c27a
--- /dev/null
+++ b/src/services/api/graphql/recipes/remove_firewall_address_group_members.py
@@ -0,0 +1,21 @@
+
+from . session import Session
+
+class RemoveFirewallAddressGroupMembers(Session):
+ def __init__(self, session, data):
+ super().__init__(session, data)
+
+ # Define any custom processing of parameters here by overriding
+ # configure:
+ #
+ # def configure(self):
+ # self._data = transform_data(self._data)
+ # super().configure()
+ # self.clean_up()
+
+ def configure(self):
+ super().configure()
+
+ group_name = self._data['name']
+ path = ['firewall', 'group', 'address-group', group_name]
+ self.delete_path_if_childless(path)
diff --git a/src/services/api/graphql/recipes/recipe.py b/src/services/api/graphql/recipes/session.py
index 91d8bd67a..b96cc1753 100644
--- a/src/services/api/graphql/recipes/recipe.py
+++ b/src/services/api/graphql/recipes/session.py
@@ -1,27 +1,17 @@
from ariadne import convert_camel_case_to_snake
import vyos.defaults
+from vyos.config import Config
from vyos.template import render
-class Recipe(object):
+class Session(object):
def __init__(self, session, data):
self._session = session
- self.data = data
+ self._data = data
self._name = convert_camel_case_to_snake(type(self).__name__)
- @property
- def data(self):
- return self.__data
-
- @data.setter
- def data(self, data):
- if isinstance(data, dict):
- self.__data = data
- else:
- raise ValueError("data must be of type dict")
-
def configure(self):
session = self._session
- data = self.data
+ data = self._data
func_base_name = self._name
tmpl_file = f'{func_base_name}.tmpl'
@@ -46,9 +36,16 @@ class Recipe(object):
except Exception as error:
raise error
+ def delete_path_if_childless(self, path):
+ session = self._session
+ config = Config(session.get_session_env())
+ if not config.list_nodes(path):
+ session.delete(path)
+ session.commit()
+
def save(self):
session = self._session
- data = self.data
+ data = self._data
if 'file_name' not in data or not data['file_name']:
data['file_name'] = '/config/config.boot'
@@ -59,7 +56,7 @@ class Recipe(object):
def load(self):
session = self._session
- data = self.data
+ data = self._data
try:
session.load_config(data['file_name'])
diff --git a/src/services/api/graphql/recipes/templates/dhcp_server.tmpl b/src/services/api/graphql/recipes/templates/create_dhcp_server.tmpl
index 70de43183..70de43183 100644
--- a/src/services/api/graphql/recipes/templates/dhcp_server.tmpl
+++ b/src/services/api/graphql/recipes/templates/create_dhcp_server.tmpl
diff --git a/src/services/api/graphql/recipes/templates/create_firewall_address_group.tmpl b/src/services/api/graphql/recipes/templates/create_firewall_address_group.tmpl
new file mode 100644
index 000000000..a890d0086
--- /dev/null
+++ b/src/services/api/graphql/recipes/templates/create_firewall_address_group.tmpl
@@ -0,0 +1,4 @@
+set firewall group address-group {{ name }}
+{% for add in address %}
+set firewall group address-group {{ name }} address {{ add }}
+{% endfor %}
diff --git a/src/services/api/graphql/recipes/templates/interface_ethernet.tmpl b/src/services/api/graphql/recipes/templates/create_interface_ethernet.tmpl
index d9d7ed691..d9d7ed691 100644
--- a/src/services/api/graphql/recipes/templates/interface_ethernet.tmpl
+++ b/src/services/api/graphql/recipes/templates/create_interface_ethernet.tmpl
diff --git a/src/services/api/graphql/recipes/templates/remove_firewall_address_group_members.tmpl b/src/services/api/graphql/recipes/templates/remove_firewall_address_group_members.tmpl
new file mode 100644
index 000000000..458f3e5fc
--- /dev/null
+++ b/src/services/api/graphql/recipes/templates/remove_firewall_address_group_members.tmpl
@@ -0,0 +1,3 @@
+{% for add in address %}
+delete firewall group address-group {{ name }} address {{ add }}
+{% endfor %}
diff --git a/src/services/api/graphql/recipes/templates/update_firewall_address_group_members.tmpl b/src/services/api/graphql/recipes/templates/update_firewall_address_group_members.tmpl
new file mode 100644
index 000000000..f56c61231
--- /dev/null
+++ b/src/services/api/graphql/recipes/templates/update_firewall_address_group_members.tmpl
@@ -0,0 +1,3 @@
+{% for add in address %}
+set firewall group address-group {{ name }} address {{ add }}
+{% endfor %}