diff options
| -rwxr-xr-x | smoketest/scripts/cli/test_service_tftp-server.py | 41 | ||||
| -rwxr-xr-x | src/conf_mode/https.py | 27 | ||||
| -rwxr-xr-x | src/helpers/vyos-load-config.py | 2 |
3 files changed, 27 insertions, 43 deletions
diff --git a/smoketest/scripts/cli/test_service_tftp-server.py b/smoketest/scripts/cli/test_service_tftp-server.py index 642b6af88..850c012ff 100755 --- a/smoketest/scripts/cli/test_service_tftp-server.py +++ b/smoketest/scripts/cli/test_service_tftp-server.py @@ -31,7 +31,6 @@ base_path = ['service', 'tftp-server'] dummy_if_path = ['interfaces', 'dummy', 'dum69'] address_ipv4 = '192.0.2.1' address_ipv6 = '2001:db8::1' -vrf = 'mgmt' class TestServiceTFTPD(VyOSUnitTestSHIM.TestCase): @classmethod @@ -121,45 +120,5 @@ class TestServiceTFTPD(VyOSUnitTestSHIM.TestCase): count += 1 self.assertEqual(count, len(address)) - def test_03_tftpd_vrf(self): - directory = '/tmp' - port = '69' # default port - - self.cli_set(base_path + ['allow-upload']) - self.cli_set(base_path + ['directory', directory]) - self.cli_set(base_path + ['listen-address', address_ipv4, 'vrf', vrf]) - - # VRF does yet not exist - an error must be thrown - with self.assertRaises(ConfigSessionError): - self.cli_commit() - - self.cli_set(['vrf', 'name', vrf, 'table', '1338']) - self.cli_set(dummy_if_path + ['vrf', vrf]) - - # commit changes - self.cli_commit() - - config = read_file('/etc/default/tftpd0') - # verify listen IP address - self.assertIn(f'{address_ipv4}:{port} -4', config) - # verify directory - self.assertIn(directory, config) - # verify upload - self.assertIn('--create --umask 000', config) - - # Check for process in VRF - count = 0 - while count < 10: - count += 1 - tmp = cmd(f'ip vrf pids {vrf}') - print(tmp) - if tmp: break - sleep(1) - self.assertIn(PROCESS_NAME, tmp) - - # delete VRF - self.cli_delete(dummy_if_path + ['vrf']) - self.cli_delete(['vrf', 'name', vrf]) - if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index 1e58bb1e4..f02e32cd1 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2020 VyOS maintainers and contributors +# Copyright (C) 2019-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -25,6 +25,7 @@ from vyos.config import Config from vyos.configverify import verify_vrf from vyos import ConfigError from vyos.util import call +from vyos.util import dict_search from vyos.template import render from vyos import airbag @@ -160,6 +161,30 @@ def verify(https): "matching the 'certbot domain-name' is required.") verify_vrf(https) + + # Verify API server settings, if present + if 'api' in https: + keys = dict_search('api.keys.id', https) + gql_auth_type = dict_search('api.graphql.authentication.type', https) + + # If "api graphql" is not defined and `gql_auth_type` is None, + # there's certainly no JWT auth option, and keys are required + jwt_auth = (gql_auth_type == "token") + + # Check for incomplete key configurations in every case + valid_keys_exist = False + if keys: + for k in keys: + if 'key' not in keys[k]: + raise ConfigError(f'Missing HTTPS API key string for key id "{k}"') + else: + valid_keys_exist = True + + # If only key-based methods are enabled, + # fail the commit if no valid key configurations are found + if (not valid_keys_exist) and (not jwt_auth): + raise ConfigError('At least one HTTPS API key is required unless GraphQL token authentication is enabled') + return None def generate(https): diff --git a/src/helpers/vyos-load-config.py b/src/helpers/vyos-load-config.py index e579e81b2..4ec865454 100755 --- a/src/helpers/vyos-load-config.py +++ b/src/helpers/vyos-load-config.py @@ -66,7 +66,7 @@ def get_local_config(filename): return config_str -if any(x in file_name for x in protocols): +if any(file_name.startswith(f'{x}://') for x in protocols): config_string = vyos.remote.get_remote_config(file_name) if not config_string: sys.exit(f"No such config file at '{file_name}'") |