summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2023-12-20 22:01:52 +0200
committerGitHub <noreply@github.com>2023-12-20 22:01:52 +0200
commit7717ed5c70ba8a5dfc1ad2299e449e98b3ef99d2 (patch)
tree940a51bcf0086150ea855aacb3fbcaabdb954468
parentac170ee4bb0af8189e56d5cf55da36815a7f5046 (diff)
parent495bf4732439ebd55edfbf6050af8b2064993d86 (diff)
downloadvyos-1x-7717ed5c70ba8a5dfc1ad2299e449e98b3ef99d2.tar.gz
vyos-1x-7717ed5c70ba8a5dfc1ad2299e449e98b3ef99d2.zip
Merge pull request #2661 from dmbaturin/T5844
Allow the HTTPS API server to start without any configured keys when GraphQL JWT auth is configured
-rwxr-xr-xsrc/conf_mode/https.py6
-rwxr-xr-xsrc/services/vyos-http-api-server6
2 files changed, 9 insertions, 3 deletions
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 40b7de557..3dc5dfc01 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2019-2022 VyOS maintainers and contributors
+# Copyright (C) 2019-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -24,6 +24,7 @@ from time import sleep
import vyos.defaults
import vyos.certbot_util
+from vyos.base import Warning
from vyos.config import Config
from vyos.configdiff import get_config_diff
from vyos.configverify import verify_vrf
@@ -193,6 +194,9 @@ def verify(https):
if (not valid_keys_exist) and (not jwt_auth):
raise ConfigError('At least one HTTPS API key is required unless GraphQL token authentication is enabled')
+ if (not valid_keys_exist) and jwt_auth:
+ Warning(f'API keys are not configured: the classic (non-GraphQL) API will be unavailable.')
+
return None
def generate(https):
diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
index bfd50cc80..b64e58132 100755
--- a/src/services/vyos-http-api-server
+++ b/src/services/vyos-http-api-server
@@ -872,13 +872,15 @@ def initialization(session: ConfigSession, app: FastAPI = app):
global server
try:
server_config = load_server_config()
- keys = flatten_keys(server_config)
except Exception as e:
logger.critical(f'Failed to load the HTTP API server config: {e}')
sys.exit(1)
app.state.vyos_session = session
- app.state.vyos_keys = keys
+ app.state.vyos_keys = []
+
+ if 'keys' in server_config:
+ app.state.vyos_keys = flatten_keys(server_config)
app.state.vyos_debug = bool('debug' in server_config)
app.state.vyos_strict = bool('strict' in server_config)