From 7bad0e115ecc25224a0c3a2720a2697442624229 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Wed, 20 Dec 2023 19:50:44 +0000 Subject: https api: T5844: issue a warning about the classic API unavailability when no API keys are set --- src/conf_mode/https.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index 40b7de557..3dc5dfc01 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2022 VyOS maintainers and contributors +# Copyright (C) 2019-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -24,6 +24,7 @@ from time import sleep import vyos.defaults import vyos.certbot_util +from vyos.base import Warning from vyos.config import Config from vyos.configdiff import get_config_diff from vyos.configverify import verify_vrf @@ -193,6 +194,9 @@ def verify(https): if (not valid_keys_exist) and (not jwt_auth): raise ConfigError('At least one HTTPS API key is required unless GraphQL token authentication is enabled') + if (not valid_keys_exist) and jwt_auth: + Warning(f'API keys are not configured: the classic (non-GraphQL) API will be unavailable.') + return None def generate(https): -- cgit v1.2.3 From 495bf4732439ebd55edfbf6050af8b2064993d86 Mon Sep 17 00:00:00 2001 From: Daniil Baturin Date: Wed, 20 Dec 2023 19:51:34 +0000 Subject: https api: T5844: allow the server to start without API keys and use only PAM auth and JWT --- src/services/vyos-http-api-server | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server index bfd50cc80..b64e58132 100755 --- a/src/services/vyos-http-api-server +++ b/src/services/vyos-http-api-server @@ -872,13 +872,15 @@ def initialization(session: ConfigSession, app: FastAPI = app): global server try: server_config = load_server_config() - keys = flatten_keys(server_config) except Exception as e: logger.critical(f'Failed to load the HTTP API server config: {e}') sys.exit(1) app.state.vyos_session = session - app.state.vyos_keys = keys + app.state.vyos_keys = [] + + if 'keys' in server_config: + app.state.vyos_keys = flatten_keys(server_config) app.state.vyos_debug = bool('debug' in server_config) app.state.vyos_strict = bool('strict' in server_config) -- cgit v1.2.3