From 33d5d429f590146ce28a6e992ccb024492bf07f6 Mon Sep 17 00:00:00 2001
From: John Estabrook <jestabro@vyos.io>
Date: Tue, 21 Nov 2023 09:42:48 -0600
Subject: http-api: T5768: remove auxiliary http-api.conf

---
 src/conf_mode/http-api.py | 64 ++++++++---------------------------------------
 src/conf_mode/https.py    | 25 +++---------------
 2 files changed, 15 insertions(+), 74 deletions(-)

(limited to 'src/conf_mode')

diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py
index d8fe3b736..855d444c6 100755
--- a/src/conf_mode/http-api.py
+++ b/src/conf_mode/http-api.py
@@ -19,7 +19,6 @@ import os
 import json
 
 from time import sleep
-from copy import deepcopy
 
 import vyos.defaults
 
@@ -32,29 +31,12 @@ from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
 
-api_conf_file = '/etc/vyos/http-api.conf'
+api_config_state = '/tmp/api-config-state'
 systemd_service = '/run/systemd/system/vyos-http-api.service'
 
 vyos_conf_scripts_dir=vyos.defaults.directories['conf_mode']
 
-def _translate_values_to_boolean(d: dict) -> dict:
-    for k in list(d):
-        if d[k] == {}:
-            d[k] = True
-        elif isinstance(d[k], dict):
-            _translate_values_to_boolean(d[k])
-        else:
-            pass
-
 def get_config(config=None):
-    http_api = deepcopy(vyos.defaults.api_data)
-    x = http_api.get('api_keys')
-    if x is None:
-        default_key = None
-    else:
-        default_key = x[0]
-    keys_added = False
-
     if config:
         conf = config
     else:
@@ -69,61 +51,34 @@ def get_config(config=None):
     if not conf.exists(base):
         return None
 
-    api_dict = conf.get_config_dict(base, key_mangling=('-', '_'),
+    http_api = conf.get_config_dict(base, key_mangling=('-', '_'),
                                     no_tag_node_value_mangle=True,
                                     get_first_key=True,
                                     with_recursive_defaults=True)
 
-    # One needs to 'flatten' the keys dict from the config into the
-    # http-api.conf format for api_keys:
-    if 'keys' in api_dict:
-        api_dict['api_keys'] = []
-        for el in list(api_dict['keys'].get('id', {})):
-            key = api_dict['keys']['id'][el].get('key', '')
-            if key:
-                api_dict['api_keys'].append({'id': el, 'key': key})
-        del api_dict['keys']
-
     # Do we run inside a VRF context?
     vrf_path = ['service', 'https', 'vrf']
     if conf.exists(vrf_path):
         http_api['vrf'] = conf.return_value(vrf_path)
 
-    if 'api_keys' in api_dict:
-        keys_added = True
-
-    if api_dict.from_defaults(['graphql']):
-        del api_dict['graphql']
-
-    http_api.update(api_dict)
-
-    if keys_added and default_key:
-        if default_key in http_api['api_keys']:
-            http_api['api_keys'].remove(default_key)
-
-    # Finally, translate entries in http_api into boolean settings for
-    # backwards compatability of JSON http-api.conf file
-    _translate_values_to_boolean(http_api)
+    if http_api.from_defaults(['graphql']):
+        del http_api['graphql']
 
     return http_api
 
-def verify(http_api):
-    return None
+def verify(_http_api):
+    return
 
 def generate(http_api):
     if http_api is None:
         if os.path.exists(systemd_service):
             os.unlink(systemd_service)
-        return None
-
-    if not os.path.exists('/etc/vyos'):
-        os.mkdir('/etc/vyos')
+        return
 
-    with open(api_conf_file, 'w') as f:
+    with open(api_config_state, 'w') as f:
         json.dump(http_api, f, indent=2)
 
     render(systemd_service, 'https/vyos-http-api.service.j2', http_api)
-    return None
 
 def apply(http_api):
     # Reload systemd manager configuration
@@ -143,6 +98,9 @@ def apply(http_api):
 
     call_dependents()
 
+    if os.path.exists(api_config_state):
+        os.unlink(api_config_state)
+
 if __name__ == '__main__':
     try:
         c = get_config()
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 5cbdd1651..81e510b0d 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -52,7 +52,7 @@ default_server_block = {
     'address'   : '*',
     'port'      : '443',
     'name'      : ['_'],
-    'api'       : {},
+    'api'       : False,
     'vyos_cert' : {},
     'certbot'   : False
 }
@@ -232,35 +232,18 @@ def generate(https):
                     # certbot organizes certificates by first domain
                     sb['certbot_domain_dir'] = cert_domains[0]
 
-    # get api data
-
-    api_set = False
-    api_data = {}
     if 'api' in list(https):
-        api_set = True
-        api_data = vyos.defaults.api_data
-    api_settings = https.get('api', {})
-    if api_settings:
-        vhosts = https.get('api-restrict', {}).get('virtual-host', [])
-        if vhosts:
-            api_data['vhost'] = vhosts[:]
-
-    if api_data:
-        vhost_list = api_data.get('vhost', [])
+        vhost_list = https.get('api-restrict', {}).get('virtual-host', [])
         if not vhost_list:
             for block in server_block_list:
-                block['api'] = api_data
+                block['api'] = True
         else:
             for block in server_block_list:
                 if block['id'] in vhost_list:
-                    block['api'] = api_data
-
-    if 'server_block_list' not in https or not https['server_block_list']:
-        https['server_block_list'] = [default_server_block]
+                    block['api'] = True
 
     data = {
         'server_block_list': server_block_list,
-        'api_set': api_set,
         'certbot': certbot
     }
 
-- 
cgit v1.2.3