From a148b81659afb02947594cc9255b3162069f86f5 Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Mon, 4 Dec 2023 15:36:57 +0000
Subject: Revert "https api: T5772: check if keys are configured"

This reverts commit 57ba2fa91573ad2ecd03f0c2eb89507dfc397f1e.
---
 src/conf_mode/https.py | 27 +--------------------------
 1 file changed, 1 insertion(+), 26 deletions(-)

diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index f02e32cd1..1e58bb1e4 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019-2023 VyOS maintainers and contributors
+# Copyright (C) 2019-2020 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -25,7 +25,6 @@ from vyos.config import Config
 from vyos.configverify import verify_vrf
 from vyos import ConfigError
 from vyos.util import call
-from vyos.util import dict_search
 from vyos.template import render
 
 from vyos import airbag
@@ -161,30 +160,6 @@ def verify(https):
                           "matching the 'certbot domain-name' is required.")
 
     verify_vrf(https)
-
-    # Verify API server settings, if present
-    if 'api' in https:
-        keys = dict_search('api.keys.id', https)
-        gql_auth_type = dict_search('api.graphql.authentication.type', https)
-
-        # If "api graphql" is not defined and `gql_auth_type` is None,
-        # there's certainly no JWT auth option, and keys are required
-        jwt_auth = (gql_auth_type == "token")
-
-        # Check for incomplete key configurations in every case
-        valid_keys_exist = False
-        if keys:
-            for k in keys:
-                if 'key' not in keys[k]:
-                    raise ConfigError(f'Missing HTTPS API key string for key id "{k}"')
-                else:
-                    valid_keys_exist = True
-
-        # If only key-based methods are enabled,
-        # fail the commit if no valid key configurations are found
-        if (not valid_keys_exist) and (not jwt_auth):
-            raise ConfigError('At least one HTTPS API key is required unless GraphQL token authentication is enabled')
-
     return None
 
 def generate(https):
-- 
cgit v1.2.3


From 976c800c4ba5bd1f4856ea2fa112e89af979bacf Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Mon, 4 Dec 2023 15:38:11 +0000
Subject: https: T5772: require that at least one valid API key is present

---
 src/conf_mode/http-api.py | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py
index 2ade3476d..dc75e79b7 100755
--- a/src/conf_mode/http-api.py
+++ b/src/conf_mode/http-api.py
@@ -94,15 +94,18 @@ def get_config(config=None):
                 key = conf.return_value('keys id {0} key'.format(name))
                 new_key = { 'id': name, 'key': key }
                 http_api['api_keys'].append(new_key)
-                keys_added = True
-
-    if keys_added and default_key:
-        if default_key in http_api['api_keys']:
-            http_api['api_keys'].remove(default_key)
+            else:
+                raise ConfigError(f'Missing HTTPS API key string for key id "{name}"')
 
     return http_api
 
 def verify(http_api):
+    # Verify API server settings, if present
+    keys = http_api['api_keys']
+
+    if not keys:
+        raise ConfigError('At least one HTTPS API key is required')
+
     return None
 
 def generate(http_api):
-- 
cgit v1.2.3


From 7c6de792279350c980160096887524836b44be47 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Mon, 4 Dec 2023 11:16:25 -0600
Subject: https: T5772: return from verify if None
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

​

Signed-off-by: Daniil Baturin <daniil@baturin.org>
---
 src/conf_mode/http-api.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py
index dc75e79b7..d96dbc789 100755
--- a/src/conf_mode/http-api.py
+++ b/src/conf_mode/http-api.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019-2021 VyOS maintainers and contributors
+# Copyright (C) 2019-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -38,7 +38,7 @@ vyos_conf_scripts_dir=vyos.defaults.directories['conf_mode']
 
 def get_config(config=None):
     http_api = deepcopy(vyos.defaults.api_data)
-    x = http_api.get('api_keys')
+    x = http_api.get('api_keys', [])
     if not x:
         default_key = None
     else:
@@ -100,13 +100,15 @@ def get_config(config=None):
     return http_api
 
 def verify(http_api):
+    if http_api is None:
+        return
     # Verify API server settings, if present
     keys = http_api['api_keys']
 
     if not keys:
         raise ConfigError('At least one HTTPS API key is required')
 
-    return None
+    return
 
 def generate(http_api):
     if http_api is None:
-- 
cgit v1.2.3