2 files changed, 79 insertions, 2 deletions

diff --git a/src/services/vyos-configd b/src/services/vyos-configd
index d797e90cf..3674d9627 100755
--- a/src/services/vyos-configd
+++ b/src/services/vyos-configd
@@ -30,6 +30,7 @@ from vyos.defaults import directories
 from vyos.utils.boot import boot_configuration_complete
 from vyos.configsource import ConfigSourceString
 from vyos.configsource import ConfigSourceError
+from vyos.configdiff import get_commit_scripts
 from vyos.config import Config
 from vyos import ConfigError
 
@@ -220,6 +221,12 @@ def initialization(socket):
     dependent_func: dict[str, list[typing.Callable]] = {}
     setattr(config, 'dependent_func', dependent_func)
 
+    commit_scripts = get_commit_scripts(config)
+    logger.debug(f'commit_scripts: {commit_scripts}')
+
+    scripts_called = []
+    setattr(config, 'scripts_called', scripts_called)
+
     return config
 
 def process_node_data(config, data, last: bool = False) -> int:
@@ -228,6 +235,7 @@ def process_node_data(config, data, last: bool = False) -> int:
         return R_ERROR_DAEMON
 
     script_name = None
+    os.environ['VYOS_TAGNODE_VALUE'] = ''
     args = []
     config.dependency_list.clear()
 
@@ -244,6 +252,12 @@ def process_node_data(config, data, last: bool = False) -> int:
         args = res.group(3).split()
     args.insert(0, f'{script_name}.py')
 
+    tag_value = os.getenv('VYOS_TAGNODE_VALUE', '')
+    tag_ext = f'_{tag_value}' if tag_value else ''
+    script_record = f'{script_name}{tag_ext}'
+    scripts_called = getattr(config, 'scripts_called', [])
+    scripts_called.append(script_record)
+
     if script_name not in include_set:
         return R_PASS
 
@@ -302,11 +316,12 @@ if __name__ == '__main__':
             socket.send(resp.encode())
             config = initialization(socket)
         elif message["type"] == "node":
-            if message["last"]:
-                logger.debug(f'final element of priority queue')
             res = process_node_data(config, message["data"], message["last"])
             response = res.to_bytes(1, byteorder=sys.byteorder)
             logger.debug(f"Sending response {res}")
             socket.send(response)
+            if message["last"] and config:
+                scripts_called = getattr(config, 'scripts_called', [])
+                logger.debug(f'scripts_called: {scripts_called}')
         else:
             logger.critical(f"Unexpected message: {message}")
diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
index 7f5233c6b..97633577d 100755
--- a/src/services/vyos-http-api-server
+++ b/src/services/vyos-http-api-server
@@ -212,6 +212,22 @@ class ImageModel(ApiModel):
             }
         }
 
+class ImportPkiModel(ApiModel):
+    op: StrictStr
+    path: List[StrictStr]
+    passphrase: StrictStr = None
+
+    class Config:
+        schema_extra = {
+            "example": {
+                "key": "id_key",
+                "op": "import_pki",
+                "path": ["op", "mode", "path"],
+                "passphrase": "passphrase",
+            }
+        }
+
+
 class ContainerImageModel(ApiModel):
     op: StrictStr
     name: StrictStr = None
@@ -585,6 +601,14 @@ def _configure_op(data: Union[ConfigureModel, ConfigureListModel,
 
     return success(msg)
 
+def create_path_import_pki_no_prompt(path):
+    correct_paths = ['ca', 'certificate', 'key-pair']
+    if path[1] not in correct_paths:
+        return False
+    path[1] = '--' + path[1].replace('-', '')
+    path[3] = '--key-filename'
+    return path[1:]
+
 @app.post('/configure')
 def configure_op(data: Union[ConfigureModel,
                              ConfigureListModel],
@@ -814,6 +838,44 @@ def reset_op(data: ResetModel):
 
     return success(res)
 
+@app.post('/import-pki')
+def import_pki(data: ImportPkiModel):
+    session = app.state.vyos_session
+
+    op = data.op
+    path = data.path
+
+    lock.acquire()
+
+    try:
+        if op == 'import-pki':
+            # need to get rid or interactive mode for private key
+            if len(path) == 5 and path[3] in ['key-file', 'private-key']:
+                path_no_prompt = create_path_import_pki_no_prompt(path)
+                if not path_no_prompt:
+                    return error(400, f"Invalid command: {' '.join(path)}")
+                if data.passphrase:
+                    path_no_prompt += ['--passphrase', data.passphrase]
+                res = session.import_pki_no_prompt(path_no_prompt)
+            else:
+                res = session.import_pki(path)
+            if not res[0].isdigit():
+                return error(400, res)
+            # commit changes
+            session.commit()
+            res = res.split('. ')[0]
+        else:
+            return error(400, f"'{op}' is not a valid operation")
+    except ConfigSessionError as e:
+        return error(400, str(e))
+    except Exception as e:
+        logger.critical(traceback.format_exc())
+        return error(500, "An internal error occured. Check the logs for details.")
+    finally:
+        lock.release()
+
+    return success(res)
+
 @app.post('/poweroff')
 def poweroff_op(data: PoweroffModel):
     session = app.state.vyos_session