summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--python/vyos/defaults.py6
-rwxr-xr-xsrc/conf_mode/http-api.py64
-rwxr-xr-xsrc/conf_mode/https.py25
-rwxr-xr-xsrc/services/vyos-http-api-server21
4 files changed, 30 insertions, 86 deletions
diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index b7f39ecb0..2f3580571 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -50,12 +50,6 @@ https_data = {
'listen_addresses' : { '*': ['_'] }
}
-api_data = {
- 'strict' : False,
- 'debug' : False,
- 'api_keys' : [ {'id' : 'testapp', 'key' : 'qwerty'} ]
-}
-
vyos_cert_data = {
'conf' : '/etc/nginx/snippets/vyos-cert.conf',
'crt' : '/etc/ssl/certs/vyos-selfsigned.crt',
diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py
index d8fe3b736..855d444c6 100755
--- a/src/conf_mode/http-api.py
+++ b/src/conf_mode/http-api.py
@@ -19,7 +19,6 @@ import os
import json
from time import sleep
-from copy import deepcopy
import vyos.defaults
@@ -32,29 +31,12 @@ from vyos import ConfigError
from vyos import airbag
airbag.enable()
-api_conf_file = '/etc/vyos/http-api.conf'
+api_config_state = '/tmp/api-config-state'
systemd_service = '/run/systemd/system/vyos-http-api.service'
vyos_conf_scripts_dir=vyos.defaults.directories['conf_mode']
-def _translate_values_to_boolean(d: dict) -> dict:
- for k in list(d):
- if d[k] == {}:
- d[k] = True
- elif isinstance(d[k], dict):
- _translate_values_to_boolean(d[k])
- else:
- pass
-
def get_config(config=None):
- http_api = deepcopy(vyos.defaults.api_data)
- x = http_api.get('api_keys')
- if x is None:
- default_key = None
- else:
- default_key = x[0]
- keys_added = False
-
if config:
conf = config
else:
@@ -69,61 +51,34 @@ def get_config(config=None):
if not conf.exists(base):
return None
- api_dict = conf.get_config_dict(base, key_mangling=('-', '_'),
+ http_api = conf.get_config_dict(base, key_mangling=('-', '_'),
no_tag_node_value_mangle=True,
get_first_key=True,
with_recursive_defaults=True)
- # One needs to 'flatten' the keys dict from the config into the
- # http-api.conf format for api_keys:
- if 'keys' in api_dict:
- api_dict['api_keys'] = []
- for el in list(api_dict['keys'].get('id', {})):
- key = api_dict['keys']['id'][el].get('key', '')
- if key:
- api_dict['api_keys'].append({'id': el, 'key': key})
- del api_dict['keys']
-
# Do we run inside a VRF context?
vrf_path = ['service', 'https', 'vrf']
if conf.exists(vrf_path):
http_api['vrf'] = conf.return_value(vrf_path)
- if 'api_keys' in api_dict:
- keys_added = True
-
- if api_dict.from_defaults(['graphql']):
- del api_dict['graphql']
-
- http_api.update(api_dict)
-
- if keys_added and default_key:
- if default_key in http_api['api_keys']:
- http_api['api_keys'].remove(default_key)
-
- # Finally, translate entries in http_api into boolean settings for
- # backwards compatability of JSON http-api.conf file
- _translate_values_to_boolean(http_api)
+ if http_api.from_defaults(['graphql']):
+ del http_api['graphql']
return http_api
-def verify(http_api):
- return None
+def verify(_http_api):
+ return
def generate(http_api):
if http_api is None:
if os.path.exists(systemd_service):
os.unlink(systemd_service)
- return None
-
- if not os.path.exists('/etc/vyos'):
- os.mkdir('/etc/vyos')
+ return
- with open(api_conf_file, 'w') as f:
+ with open(api_config_state, 'w') as f:
json.dump(http_api, f, indent=2)
render(systemd_service, 'https/vyos-http-api.service.j2', http_api)
- return None
def apply(http_api):
# Reload systemd manager configuration
@@ -143,6 +98,9 @@ def apply(http_api):
call_dependents()
+ if os.path.exists(api_config_state):
+ os.unlink(api_config_state)
+
if __name__ == '__main__':
try:
c = get_config()
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 5cbdd1651..81e510b0d 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -52,7 +52,7 @@ default_server_block = {
'address' : '*',
'port' : '443',
'name' : ['_'],
- 'api' : {},
+ 'api' : False,
'vyos_cert' : {},
'certbot' : False
}
@@ -232,35 +232,18 @@ def generate(https):
# certbot organizes certificates by first domain
sb['certbot_domain_dir'] = cert_domains[0]
- # get api data
-
- api_set = False
- api_data = {}
if 'api' in list(https):
- api_set = True
- api_data = vyos.defaults.api_data
- api_settings = https.get('api', {})
- if api_settings:
- vhosts = https.get('api-restrict', {}).get('virtual-host', [])
- if vhosts:
- api_data['vhost'] = vhosts[:]
-
- if api_data:
- vhost_list = api_data.get('vhost', [])
+ vhost_list = https.get('api-restrict', {}).get('virtual-host', [])
if not vhost_list:
for block in server_block_list:
- block['api'] = api_data
+ block['api'] = True
else:
for block in server_block_list:
if block['id'] in vhost_list:
- block['api'] = api_data
-
- if 'server_block_list' not in https or not https['server_block_list']:
- https['server_block_list'] = [default_server_block]
+ block['api'] = True
data = {
'server_block_list': server_block_list,
- 'api_set': api_set,
'certbot': certbot
}
diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
index 85d7884b6..8a90786e2 100755
--- a/src/services/vyos-http-api-server
+++ b/src/services/vyos-http-api-server
@@ -50,7 +50,7 @@ from vyos.configsession import ConfigSession, ConfigSessionError
import api.graphql.state
-DEFAULT_CONFIG_FILE = '/etc/vyos/http-api.conf'
+api_config_state = '/tmp/api-config-state'
CFG_GROUP = 'vyattacfg'
debug = True
@@ -68,7 +68,7 @@ else:
lock = threading.Lock()
def load_server_config():
- with open(DEFAULT_CONFIG_FILE) as f:
+ with open(api_config_state) as f:
config = json.load(f)
return config
@@ -860,19 +860,28 @@ def shutdown_handler(signum, frame):
logger.info('Server shutdown...')
shutdown = True
+def flatten_keys(d: dict) -> list[dict]:
+ keys_list = []
+ for el in list(d['keys'].get('id', {})):
+ key = d['keys']['id'][el].get('key', '')
+ if key:
+ keys_list.append({'id': el, 'key': key})
+ return keys_list
+
def initialization(session: ConfigSession, app: FastAPI = app):
global server
try:
server_config = load_server_config()
+ keys = flatten_keys(server_config)
except Exception as e:
logger.critical(f'Failed to load the HTTP API server config: {e}')
sys.exit(1)
app.state.vyos_session = session
- app.state.vyos_keys = server_config['api_keys']
+ app.state.vyos_keys = keys
- app.state.vyos_debug = server_config['debug']
- app.state.vyos_strict = server_config['strict']
+ app.state.vyos_debug = bool('debug' in server_config)
+ app.state.vyos_strict = bool('strict' in server_config)
app.state.vyos_origins = server_config.get('cors', {}).get('allow_origin', [])
if 'graphql' in server_config:
app.state.vyos_graphql = True
@@ -881,7 +890,7 @@ def initialization(session: ConfigSession, app: FastAPI = app):
app.state.vyos_introspection = True
else:
app.state.vyos_introspection = False
- # default value is merged in conf_mode http-api.py, if not set
+ # default values if not set explicitly
app.state.vyos_auth_type = server_config['graphql']['authentication']['type']
app.state.vyos_token_exp = server_config['graphql']['authentication']['expiration']
app.state.vyos_secret_len = server_config['graphql']['authentication']['secret_length']