diff options
| -rw-r--r-- | python/vyos/defaults.py | 2 | ||||
| -rw-r--r-- | python/vyos/util.py | 19 | ||||
| -rwxr-xr-x | src/conf_mode/http-api.py | 13 | ||||
| -rwxr-xr-x | src/conf_mode/https.py | 28 | ||||
| -rwxr-xr-x | src/services/vyos-http-api-server | 1 |
5 files changed, 14 insertions, 49 deletions
diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py index d7a4690ee..5d17b6b0c 100644 --- a/python/vyos/defaults.py +++ b/python/vyos/defaults.py @@ -37,7 +37,7 @@ api_data = { 'port' : '8080', 'strict' : 'false', 'debug' : 'false', - 'api_keys' : [], + 'api_keys' : [ ] } vyos_cert_data = { diff --git a/python/vyos/util.py b/python/vyos/util.py index bac327018..3ffd025b9 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -237,22 +237,3 @@ def process_named_running(name): if name in p.name(): return p.pid return None - -def dict_search(path, dict_object): - """ Traverse Python dictionary (dict_object) delimited by dot (.). - Return value of key if found, None otherwise. - This is faster implementation then jmespath.search('foo.bar', dict_object)""" - if not isinstance(dict_object, dict) or not path: - return None - - parts = path.split('.') - inside = parts[:-1] - if not inside: - if path not in dict_object: - return None - return dict_object[path] - c = dict_object - for p in parts[:-1]: - c = c.get(p, {}) - return c.get(parts[-1], None) - diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py index 9c062f0aa..7a8ca883e 100755 --- a/src/conf_mode/http-api.py +++ b/src/conf_mode/http-api.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019 VyOS maintainers and contributors +# Copyright (C) 2019-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -59,10 +59,21 @@ def get_config(): key = conf.return_value('keys id {0} key'.format(name)) new_key = { 'id': name, 'key': key } http_api['api_keys'].append(new_key) + else: + raise ConfigError('Missing HTTPS API key string for key id "{}"'.format(name)) return http_api def verify(http_api): + if not http_api: + return None + + # Verify API server settings, if present + keys = http_api['api_keys'] + + if not keys: + raise ConfigError('At least one HTTPS API key is required') + return None def generate(http_api): diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index af0e85af5..078c2d5f5 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -23,7 +23,6 @@ import jinja2 import vyos.defaults from vyos.config import Config -from vyos.util import dict_search from vyos import ConfigError config_file = '/etc/nginx/sites-available/default' @@ -136,14 +135,6 @@ def get_config(): if conf.exists('api port'): port = conf.return_value('api port') api_data['port'] = port - if conf.exists('api keys id'): - for id in conf.list_nodes('api keys id'): - tmp = {"id": id} - if conf.exists('api keys id ' + id + ' key'): - key = conf.return_value('api keys id ' + id + ' key') - tmp.update({'key':key}) - api_data['api_keys'].append(tmp) - if api_data: for block in server_block_list: block['api'] = api_data @@ -152,27 +143,8 @@ def get_config(): return https def verify(https): - if https is None: - return None - - # Verify API server settings, if present - if 'server_block_list' in https: - for server in https['server_block_list']: - if 'api' in server: - keys = dict_search('api.api_keys', server) - - # Check for incomplete key configurations in every case - valid_keys_exist = False - if keys: - for k in keys: - if 'key' not in k: - raise ConfigError('Missing HTTPS API key string for key id: ' + k['id']) - else: - raise ConfigError('At least one HTTPS API key is required!') - return None - def generate(https): if https is None: return None diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server index ecbfe670c..99de6a911 100755 --- a/src/services/vyos-http-api-server +++ b/src/services/vyos-http-api-server @@ -24,6 +24,7 @@ import traceback import threading import vyos.config +import vyos.configtree import bottle |