From 7bd6047901167352770b31fe47031363cad5b94d Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Mon, 4 Dec 2023 15:48:15 +0000
Subject: Revert "https api: T5772: fix Python version not supporting f-ormated
 strings and dict parsing"

This reverts commit e7efd65483e7f6e1902a9ab88f8453d5fbb63c09.
---
 python/vyos/defaults.py |  2 +-
 src/conf_mode/https.py  | 43 ++++++++++++++++++++-----------------------
 2 files changed, 21 insertions(+), 24 deletions(-)

diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index d7a4690ee..f51e4ddda 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -37,7 +37,7 @@ api_data = {
     'port' : '8080',
     'strict' : 'false',
     'debug' : 'false',
-    'api_keys' : [],
+    'api_keys' : [ {"id": "testapp", "key": "qwerty"} ]
 }
 
 vyos_cert_data = {
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index af0e85af5..349cec888 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -136,14 +136,6 @@ def get_config():
         if conf.exists('api port'):
             port = conf.return_value('api port')
             api_data['port'] = port
-        if conf.exists('api keys id'):
-            for id in conf.list_nodes('api keys id'):
-                tmp = {"id": id}
-                if conf.exists('api keys id ' + id + ' key'):
-                    key = conf.return_value('api keys id ' + id + ' key')
-                    tmp.update({'key':key})
-                api_data['api_keys'].append(tmp)
-
     if api_data:
         for block in server_block_list:
             block['api'] = api_data
@@ -152,23 +144,28 @@ def get_config():
     return https
 
 def verify(https):
-    if https is None:
-        return None
-
     # Verify API server settings, if present
-    if 'server_block_list' in https:
-        for server in https['server_block_list']:
-            if 'api' in server:
-                keys = dict_search('api.api_keys', server)
-
-                # Check for incomplete key configurations in every case
-                valid_keys_exist = False
-                if keys:
-                    for k in keys:
-                        if 'key' not in k:
-                            raise ConfigError('Missing HTTPS API key string for key id: ' + k['id'])
+    if 'api' in https:
+        keys = dict_search('api.keys.id', https)
+        gql_auth_type = dict_search('api.graphql.authentication.type', https)
+
+        # If "api graphql" is not defined and `gql_auth_type` is None,
+        # there's certainly no JWT auth option, and keys are required
+        jwt_auth = (gql_auth_type == "token")
+
+        # Check for incomplete key configurations in every case
+        valid_keys_exist = False
+        if keys:
+            for k in keys:
+                if 'key' not in keys[k]:
+                    raise ConfigError(f'Missing HTTPS API key string for key id "{k}"')
                 else:
-                    raise ConfigError('At least one HTTPS API key is required!')
+                    valid_keys_exist = True
+
+        # If only key-based methods are enabled,
+        # fail the commit if no valid key configurations are found
+        if (not valid_keys_exist) and (not jwt_auth):
+            raise ConfigError('At least one HTTPS API key is required unless GraphQL token authentication is enabled')
 
     return None
 
-- 
cgit v1.2.3


From f67173b41e4bf55e740313c588cb94d278b0b109 Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Mon, 4 Dec 2023 15:48:23 +0000
Subject: Revert "https api: T5772: check if keys are configured unless PAM
 auth is enabled for GraphQL"

This reverts commit 1b7e8f9ff7a86125ca7c8a2035650d5203dc54c5.
---
 python/vyos/util.py    | 19 -------------------
 src/conf_mode/https.py | 25 -------------------------
 2 files changed, 44 deletions(-)

diff --git a/python/vyos/util.py b/python/vyos/util.py
index bac327018..3ffd025b9 100644
--- a/python/vyos/util.py
+++ b/python/vyos/util.py
@@ -237,22 +237,3 @@ def process_named_running(name):
         if name in p.name():
             return p.pid
     return None
-
-def dict_search(path, dict_object):
-    """ Traverse Python dictionary (dict_object) delimited by dot (.).
-    Return value of key if found, None otherwise.
-    This is faster implementation then jmespath.search('foo.bar', dict_object)"""
-    if not isinstance(dict_object, dict) or not path:
-        return None
-
-    parts = path.split('.')
-    inside = parts[:-1]
-    if not inside:
-        if path not in dict_object:
-            return None
-        return dict_object[path]
-    c = dict_object
-    for p in parts[:-1]:
-        c = c.get(p, {})
-    return c.get(parts[-1], None)
-
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 349cec888..078c2d5f5 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -23,7 +23,6 @@ import jinja2
 
 import vyos.defaults
 from vyos.config import Config
-from vyos.util import dict_search
 from vyos import ConfigError
 
 config_file = '/etc/nginx/sites-available/default'
@@ -144,32 +143,8 @@ def get_config():
     return https
 
 def verify(https):
-    # Verify API server settings, if present
-    if 'api' in https:
-        keys = dict_search('api.keys.id', https)
-        gql_auth_type = dict_search('api.graphql.authentication.type', https)
-
-        # If "api graphql" is not defined and `gql_auth_type` is None,
-        # there's certainly no JWT auth option, and keys are required
-        jwt_auth = (gql_auth_type == "token")
-
-        # Check for incomplete key configurations in every case
-        valid_keys_exist = False
-        if keys:
-            for k in keys:
-                if 'key' not in keys[k]:
-                    raise ConfigError(f'Missing HTTPS API key string for key id "{k}"')
-                else:
-                    valid_keys_exist = True
-
-        # If only key-based methods are enabled,
-        # fail the commit if no valid key configurations are found
-        if (not valid_keys_exist) and (not jwt_auth):
-            raise ConfigError('At least one HTTPS API key is required unless GraphQL token authentication is enabled')
-
     return None
 
-
 def generate(https):
     if https is None:
         return None
-- 
cgit v1.2.3


From cc2872fc3eca6b5612b925b962f227b3b27ec71f Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Mon, 4 Dec 2023 15:48:31 +0000
Subject: https: T5772: require that at least one API key is present

---
 src/conf_mode/http-api.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py
index 9c062f0aa..c0c16cfc0 100755
--- a/src/conf_mode/http-api.py
+++ b/src/conf_mode/http-api.py
@@ -59,10 +59,18 @@ def get_config():
                 key = conf.return_value('keys id {0} key'.format(name))
                 new_key = { 'id': name, 'key': key }
                 http_api['api_keys'].append(new_key)
+            else:
+                raise ConfigError('Missing HTTPS API key string for key id "}"'.format(name))
 
     return http_api
 
 def verify(http_api):
+    # Verify API server settings, if present
+    keys = http_api['api_keys']
+
+    if not keys:
+        raise ConfigError('At least one HTTPS API key is required')
+
     return None
 
 def generate(http_api):
-- 
cgit v1.2.3


From f83fc70fb24f54f331386b102fc21ce4050c4ddf Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Mon, 4 Dec 2023 15:54:10 +0000
Subject: https: T5772: remove the default API key

---
 python/vyos/defaults.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index f51e4ddda..5d17b6b0c 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -37,7 +37,7 @@ api_data = {
     'port' : '8080',
     'strict' : 'false',
     'debug' : 'false',
-    'api_keys' : [ {"id": "testapp", "key": "qwerty"} ]
+    'api_keys' : [ ]
 }
 
 vyos_cert_data = {
-- 
cgit v1.2.3


From 5d6515765efa850493572852cee2cc4400191471 Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Mon, 4 Dec 2023 17:27:58 +0000
Subject: https: T5772: return from verify if HTTPS API is not configured

---
 src/conf_mode/http-api.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py
index c0c16cfc0..7a8ca883e 100755
--- a/src/conf_mode/http-api.py
+++ b/src/conf_mode/http-api.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019 VyOS maintainers and contributors
+# Copyright (C) 2019-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -60,11 +60,14 @@ def get_config():
                 new_key = { 'id': name, 'key': key }
                 http_api['api_keys'].append(new_key)
             else:
-                raise ConfigError('Missing HTTPS API key string for key id "}"'.format(name))
+                raise ConfigError('Missing HTTPS API key string for key id "{}"'.format(name))
 
     return http_api
 
 def verify(http_api):
+    if not http_api:
+        return None
+
     # Verify API server settings, if present
     keys = http_api['api_keys']
 
-- 
cgit v1.2.3


From 692d2e362860255174076c08001ebe04b6035d3f Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Mon, 4 Dec 2023 19:18:56 +0000
Subject: https: Add a missing import of vyos.configtree

---
 src/services/vyos-http-api-server | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
index ecbfe670c..99de6a911 100755
--- a/src/services/vyos-http-api-server
+++ b/src/services/vyos-http-api-server
@@ -24,6 +24,7 @@ import traceback
 import threading
 
 import vyos.config
+import vyos.configtree
 
 import bottle
 
-- 
cgit v1.2.3