summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2023-12-04 18:09:51 +0000
committerGitHub <noreply@github.com>2023-12-04 18:09:51 +0000
commit5d42ac22b2dd152327ed7c12d13faf01268dd363 (patch)
tree9a30ee97a97a700a406916296e35f9c35bba6cb9
parentd8fe1088d647fc821e523686c78927ad017d3c4a (diff)
parent7c6de792279350c980160096887524836b44be47 (diff)
downloadvyos-1x-5d42ac22b2dd152327ed7c12d13faf01268dd363.tar.gz
vyos-1x-5d42ac22b2dd152327ed7c12d13faf01268dd363.zip
Merge pull request #2570 from dmbaturin/https-api-keys-fix1.3.5
https: T5772: Move API key check to http-api.py
-rwxr-xr-xsrc/conf_mode/http-api.py21
-rwxr-xr-xsrc/conf_mode/https.py27
2 files changed, 14 insertions, 34 deletions
diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py
index 2ade3476d..d96dbc789 100755
--- a/src/conf_mode/http-api.py
+++ b/src/conf_mode/http-api.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2019-2021 VyOS maintainers and contributors
+# Copyright (C) 2019-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -38,7 +38,7 @@ vyos_conf_scripts_dir=vyos.defaults.directories['conf_mode']
def get_config(config=None):
http_api = deepcopy(vyos.defaults.api_data)
- x = http_api.get('api_keys')
+ x = http_api.get('api_keys', [])
if not x:
default_key = None
else:
@@ -94,16 +94,21 @@ def get_config(config=None):
key = conf.return_value('keys id {0} key'.format(name))
new_key = { 'id': name, 'key': key }
http_api['api_keys'].append(new_key)
- keys_added = True
-
- if keys_added and default_key:
- if default_key in http_api['api_keys']:
- http_api['api_keys'].remove(default_key)
+ else:
+ raise ConfigError(f'Missing HTTPS API key string for key id "{name}"')
return http_api
def verify(http_api):
- return None
+ if http_api is None:
+ return
+ # Verify API server settings, if present
+ keys = http_api['api_keys']
+
+ if not keys:
+ raise ConfigError('At least one HTTPS API key is required')
+
+ return
def generate(http_api):
if http_api is None:
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index f02e32cd1..1e58bb1e4 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2019-2023 VyOS maintainers and contributors
+# Copyright (C) 2019-2020 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -25,7 +25,6 @@ from vyos.config import Config
from vyos.configverify import verify_vrf
from vyos import ConfigError
from vyos.util import call
-from vyos.util import dict_search
from vyos.template import render
from vyos import airbag
@@ -161,30 +160,6 @@ def verify(https):
"matching the 'certbot domain-name' is required.")
verify_vrf(https)
-
- # Verify API server settings, if present
- if 'api' in https:
- keys = dict_search('api.keys.id', https)
- gql_auth_type = dict_search('api.graphql.authentication.type', https)
-
- # If "api graphql" is not defined and `gql_auth_type` is None,
- # there's certainly no JWT auth option, and keys are required
- jwt_auth = (gql_auth_type == "token")
-
- # Check for incomplete key configurations in every case
- valid_keys_exist = False
- if keys:
- for k in keys:
- if 'key' not in keys[k]:
- raise ConfigError(f'Missing HTTPS API key string for key id "{k}"')
- else:
- valid_keys_exist = True
-
- # If only key-based methods are enabled,
- # fail the commit if no valid key configurations are found
- if (not valid_keys_exist) and (not jwt_auth):
- raise ConfigError('At least one HTTPS API key is required unless GraphQL token authentication is enabled')
-
return None
def generate(https):