From e7efd65483e7f6e1902a9ab88f8453d5fbb63c09 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Thu, 23 Nov 2023 17:20:41 +0100
Subject: https api: T5772: fix Python version not supporting f-ormated strings
 and dict parsing

cpo@LR3.wue3# commit
[ service https ]
At least one HTTPS API key is required!

[[service https]] failed
[[service https api]] failed

cpo@LR3.wue3# set service https api keys id foo
[edit]
cpo@LR3.wue3# commit
[ service https ]
Missing HTTPS API key string for key id: foo
---
 python/vyos/defaults.py |  2 +-
 src/conf_mode/https.py  | 43 +++++++++++++++++++++++--------------------
 2 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index f51e4ddda..d7a4690ee 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -37,7 +37,7 @@ api_data = {
     'port' : '8080',
     'strict' : 'false',
     'debug' : 'false',
-    'api_keys' : [ {"id": "testapp", "key": "qwerty"} ]
+    'api_keys' : [],
 }
 
 vyos_cert_data = {
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 349cec888..af0e85af5 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -136,6 +136,14 @@ def get_config():
         if conf.exists('api port'):
             port = conf.return_value('api port')
             api_data['port'] = port
+        if conf.exists('api keys id'):
+            for id in conf.list_nodes('api keys id'):
+                tmp = {"id": id}
+                if conf.exists('api keys id ' + id + ' key'):
+                    key = conf.return_value('api keys id ' + id + ' key')
+                    tmp.update({'key':key})
+                api_data['api_keys'].append(tmp)
+
     if api_data:
         for block in server_block_list:
             block['api'] = api_data
@@ -144,28 +152,23 @@ def get_config():
     return https
 
 def verify(https):
+    if https is None:
+        return None
+
     # Verify API server settings, if present
-    if 'api' in https:
-        keys = dict_search('api.keys.id', https)
-        gql_auth_type = dict_search('api.graphql.authentication.type', https)
-
-        # If "api graphql" is not defined and `gql_auth_type` is None,
-        # there's certainly no JWT auth option, and keys are required
-        jwt_auth = (gql_auth_type == "token")
-
-        # Check for incomplete key configurations in every case
-        valid_keys_exist = False
-        if keys:
-            for k in keys:
-                if 'key' not in keys[k]:
-                    raise ConfigError(f'Missing HTTPS API key string for key id "{k}"')
+    if 'server_block_list' in https:
+        for server in https['server_block_list']:
+            if 'api' in server:
+                keys = dict_search('api.api_keys', server)
+
+                # Check for incomplete key configurations in every case
+                valid_keys_exist = False
+                if keys:
+                    for k in keys:
+                        if 'key' not in k:
+                            raise ConfigError('Missing HTTPS API key string for key id: ' + k['id'])
                 else:
-                    valid_keys_exist = True
-
-        # If only key-based methods are enabled,
-        # fail the commit if no valid key configurations are found
-        if (not valid_keys_exist) and (not jwt_auth):
-            raise ConfigError('At least one HTTPS API key is required unless GraphQL token authentication is enabled')
+                    raise ConfigError('At least one HTTPS API key is required!')
 
     return None
 
-- 
cgit v1.2.3