From 006931b8f1926a239bb5be4e27eb40bbe071219c Mon Sep 17 00:00:00 2001 From: John Estabrook Date: Tue, 21 Nov 2023 09:42:48 -0600 Subject: http-api: T5768: remove auxiliary http-api.conf --- python/vyos/defaults.py | 6 ---- src/conf_mode/http-api.py | 64 +++++++-------------------------------- src/conf_mode/https.py | 25 +++------------ src/services/vyos-http-api-server | 21 +++++++++---- 4 files changed, 30 insertions(+), 86 deletions(-) diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py index b7f39ecb0..2f3580571 100644 --- a/python/vyos/defaults.py +++ b/python/vyos/defaults.py @@ -50,12 +50,6 @@ https_data = { 'listen_addresses' : { '*': ['_'] } } -api_data = { - 'strict' : False, - 'debug' : False, - 'api_keys' : [ {'id' : 'testapp', 'key' : 'qwerty'} ] -} - vyos_cert_data = { 'conf' : '/etc/nginx/snippets/vyos-cert.conf', 'crt' : '/etc/ssl/certs/vyos-selfsigned.crt', diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py index d8fe3b736..855d444c6 100755 --- a/src/conf_mode/http-api.py +++ b/src/conf_mode/http-api.py @@ -19,7 +19,6 @@ import os import json from time import sleep -from copy import deepcopy import vyos.defaults @@ -32,29 +31,12 @@ from vyos import ConfigError from vyos import airbag airbag.enable() -api_conf_file = '/etc/vyos/http-api.conf' +api_config_state = '/tmp/api-config-state' systemd_service = '/run/systemd/system/vyos-http-api.service' vyos_conf_scripts_dir=vyos.defaults.directories['conf_mode'] -def _translate_values_to_boolean(d: dict) -> dict: - for k in list(d): - if d[k] == {}: - d[k] = True - elif isinstance(d[k], dict): - _translate_values_to_boolean(d[k]) - else: - pass - def get_config(config=None): - http_api = deepcopy(vyos.defaults.api_data) - x = http_api.get('api_keys') - if x is None: - default_key = None - else: - default_key = x[0] - keys_added = False - if config: conf = config else: @@ -69,61 +51,34 @@ def get_config(config=None): if not conf.exists(base): return None - api_dict = conf.get_config_dict(base, key_mangling=('-', '_'), + http_api = conf.get_config_dict(base, key_mangling=('-', '_'), no_tag_node_value_mangle=True, get_first_key=True, with_recursive_defaults=True) - # One needs to 'flatten' the keys dict from the config into the - # http-api.conf format for api_keys: - if 'keys' in api_dict: - api_dict['api_keys'] = [] - for el in list(api_dict['keys'].get('id', {})): - key = api_dict['keys']['id'][el].get('key', '') - if key: - api_dict['api_keys'].append({'id': el, 'key': key}) - del api_dict['keys'] - # Do we run inside a VRF context? vrf_path = ['service', 'https', 'vrf'] if conf.exists(vrf_path): http_api['vrf'] = conf.return_value(vrf_path) - if 'api_keys' in api_dict: - keys_added = True - - if api_dict.from_defaults(['graphql']): - del api_dict['graphql'] - - http_api.update(api_dict) - - if keys_added and default_key: - if default_key in http_api['api_keys']: - http_api['api_keys'].remove(default_key) - - # Finally, translate entries in http_api into boolean settings for - # backwards compatability of JSON http-api.conf file - _translate_values_to_boolean(http_api) + if http_api.from_defaults(['graphql']): + del http_api['graphql'] return http_api -def verify(http_api): - return None +def verify(_http_api): + return def generate(http_api): if http_api is None: if os.path.exists(systemd_service): os.unlink(systemd_service) - return None - - if not os.path.exists('/etc/vyos'): - os.mkdir('/etc/vyos') + return - with open(api_conf_file, 'w') as f: + with open(api_config_state, 'w') as f: json.dump(http_api, f, indent=2) render(systemd_service, 'https/vyos-http-api.service.j2', http_api) - return None def apply(http_api): # Reload systemd manager configuration @@ -143,6 +98,9 @@ def apply(http_api): call_dependents() + if os.path.exists(api_config_state): + os.unlink(api_config_state) + if __name__ == '__main__': try: c = get_config() diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index 5cbdd1651..81e510b0d 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -52,7 +52,7 @@ default_server_block = { 'address' : '*', 'port' : '443', 'name' : ['_'], - 'api' : {}, + 'api' : False, 'vyos_cert' : {}, 'certbot' : False } @@ -232,35 +232,18 @@ def generate(https): # certbot organizes certificates by first domain sb['certbot_domain_dir'] = cert_domains[0] - # get api data - - api_set = False - api_data = {} if 'api' in list(https): - api_set = True - api_data = vyos.defaults.api_data - api_settings = https.get('api', {}) - if api_settings: - vhosts = https.get('api-restrict', {}).get('virtual-host', []) - if vhosts: - api_data['vhost'] = vhosts[:] - - if api_data: - vhost_list = api_data.get('vhost', []) + vhost_list = https.get('api-restrict', {}).get('virtual-host', []) if not vhost_list: for block in server_block_list: - block['api'] = api_data + block['api'] = True else: for block in server_block_list: if block['id'] in vhost_list: - block['api'] = api_data - - if 'server_block_list' not in https or not https['server_block_list']: - https['server_block_list'] = [default_server_block] + block['api'] = True data = { 'server_block_list': server_block_list, - 'api_set': api_set, 'certbot': certbot } diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server index 85d7884b6..8a90786e2 100755 --- a/src/services/vyos-http-api-server +++ b/src/services/vyos-http-api-server @@ -50,7 +50,7 @@ from vyos.configsession import ConfigSession, ConfigSessionError import api.graphql.state -DEFAULT_CONFIG_FILE = '/etc/vyos/http-api.conf' +api_config_state = '/tmp/api-config-state' CFG_GROUP = 'vyattacfg' debug = True @@ -68,7 +68,7 @@ else: lock = threading.Lock() def load_server_config(): - with open(DEFAULT_CONFIG_FILE) as f: + with open(api_config_state) as f: config = json.load(f) return config @@ -860,19 +860,28 @@ def shutdown_handler(signum, frame): logger.info('Server shutdown...') shutdown = True +def flatten_keys(d: dict) -> list[dict]: + keys_list = [] + for el in list(d['keys'].get('id', {})): + key = d['keys']['id'][el].get('key', '') + if key: + keys_list.append({'id': el, 'key': key}) + return keys_list + def initialization(session: ConfigSession, app: FastAPI = app): global server try: server_config = load_server_config() + keys = flatten_keys(server_config) except Exception as e: logger.critical(f'Failed to load the HTTP API server config: {e}') sys.exit(1) app.state.vyos_session = session - app.state.vyos_keys = server_config['api_keys'] + app.state.vyos_keys = keys - app.state.vyos_debug = server_config['debug'] - app.state.vyos_strict = server_config['strict'] + app.state.vyos_debug = bool('debug' in server_config) + app.state.vyos_strict = bool('strict' in server_config) app.state.vyos_origins = server_config.get('cors', {}).get('allow_origin', []) if 'graphql' in server_config: app.state.vyos_graphql = True @@ -881,7 +890,7 @@ def initialization(session: ConfigSession, app: FastAPI = app): app.state.vyos_introspection = True else: app.state.vyos_introspection = False - # default value is merged in conf_mode http-api.py, if not set + # default values if not set explicitly app.state.vyos_auth_type = server_config['graphql']['authentication']['type'] app.state.vyos_token_exp = server_config['graphql']['authentication']['expiration'] app.state.vyos_secret_len = server_config['graphql']['authentication']['secret_length'] -- cgit v1.2.3