http-api: T5768: remove auxiliary http-api.conf

vyos · Dec 1, 2023 · 006931b · 006931b
1 parent 5b7f794
commit 006931b
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 86 deletions.
diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
@@ -50,12 +50,6 @@
     'listen_addresses' : { '*': ['_'] }
 }
 
-api_data = {
-    'strict' : False,
-    'debug' : False,
-    'api_keys' : [ {'id' : 'testapp', 'key' : 'qwerty'} ]
-}
-
 vyos_cert_data = {
     'conf' : '/etc/nginx/snippets/vyos-cert.conf',
     'crt' : '/etc/ssl/certs/vyos-selfsigned.crt',

diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py
@@ -19,7 +19,6 @@
 import json
 
 from time import sleep
-from copy import deepcopy
 
 import vyos.defaults
 
@@ -32,29 +31,12 @@
 from vyos import airbag
 airbag.enable()
 
-api_conf_file = '/etc/vyos/http-api.conf'
+api_config_state = '/tmp/api-config-state'
 systemd_service = '/run/systemd/system/vyos-http-api.service'
 
 vyos_conf_scripts_dir=vyos.defaults.directories['conf_mode']
 
-def _translate_values_to_boolean(d: dict) -> dict:
-    for k in list(d):
-        if d[k] == {}:
-            d[k] = True
-        elif isinstance(d[k], dict):
-            _translate_values_to_boolean(d[k])
-        else:
-            pass
-
 def get_config(config=None):
-    http_api = deepcopy(vyos.defaults.api_data)
-    x = http_api.get('api_keys')
-    if x is None:
-        default_key = None
-    else:
-        default_key = x[0]
-    keys_added = False
-
     if config:
         conf = config
     else:
@@ -69,61 +51,34 @@ def get_config(config=None):
     if not conf.exists(base):
         return None
 
-    api_dict = conf.get_config_dict(base, key_mangling=('-', '_'),
+    http_api = conf.get_config_dict(base, key_mangling=('-', '_'),
                                     no_tag_node_value_mangle=True,
                                     get_first_key=True,
                                     with_recursive_defaults=True)
 
-    # One needs to 'flatten' the keys dict from the config into the
-    # http-api.conf format for api_keys:
-    if 'keys' in api_dict:
-        api_dict['api_keys'] = []
-        for el in list(api_dict['keys'].get('id', {})):
-            key = api_dict['keys']['id'][el].get('key', '')
-            if key:
-                api_dict['api_keys'].append({'id': el, 'key': key})
-        del api_dict['keys']
-
     # Do we run inside a VRF context?
     vrf_path = ['service', 'https', 'vrf']
     if conf.exists(vrf_path):
         http_api['vrf'] = conf.return_value(vrf_path)
 
-    if 'api_keys' in api_dict:
-        keys_added = True
-
-    if api_dict.from_defaults(['graphql']):
-        del api_dict['graphql']
-
-    http_api.update(api_dict)
-
-    if keys_added and default_key:
-        if default_key in http_api['api_keys']:
-            http_api['api_keys'].remove(default_key)
-
-    # Finally, translate entries in http_api into boolean settings for
-    # backwards compatability of JSON http-api.conf file
-    _translate_values_to_boolean(http_api)
+    if http_api.from_defaults(['graphql']):
+        del http_api['graphql']
 
     return http_api
 
-def verify(http_api):
-    return None
+def verify(_http_api):
+    return
 
 def generate(http_api):
     if http_api is None:
         if os.path.exists(systemd_service):
             os.unlink(systemd_service)
-        return None
-
-    if not os.path.exists('/etc/vyos'):
-        os.mkdir('/etc/vyos')
+        return
 
-    with open(api_conf_file, 'w') as f:
+    with open(api_config_state, 'w') as f:
         json.dump(http_api, f, indent=2)
 
     render(systemd_service, 'https/vyos-http-api.service.j2', http_api)
-    return None
 
 def apply(http_api):
     # Reload systemd manager configuration
@@ -143,6 +98,9 @@ def apply(http_api):
 
     call_dependents()
 
+    if os.path.exists(api_config_state):
+        os.unlink(api_config_state)
+
 if __name__ == '__main__':
     try:
         c = get_config()

diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
@@ -52,7 +52,7 @@
     'address'   : '*',
     'port'      : '443',
     'name'      : ['_'],
-    'api'       : {},
+    'api'       : False,
     'vyos_cert' : {},
     'certbot'   : False
 }
@@ -232,35 +232,18 @@ def generate(https):
                     # certbot organizes certificates by first domain
                     sb['certbot_domain_dir'] = cert_domains[0]
 
-    # get api data
-
-    api_set = False
-    api_data = {}
     if 'api' in list(https):
-        api_set = True
-        api_data = vyos.defaults.api_data
-    api_settings = https.get('api', {})
-    if api_settings:
-        vhosts = https.get('api-restrict', {}).get('virtual-host', [])
-        if vhosts:
-            api_data['vhost'] = vhosts[:]
-
-    if api_data:
-        vhost_list = api_data.get('vhost', [])
+        vhost_list = https.get('api-restrict', {}).get('virtual-host', [])
         if not vhost_list:
             for block in server_block_list:
-                block['api'] = api_data
+                block['api'] = True
         else:
             for block in server_block_list:
                 if block['id'] in vhost_list:
-                    block['api'] = api_data
-
-    if 'server_block_list' not in https or not https['server_block_list']:
-        https['server_block_list'] = [default_server_block]
+                    block['api'] = True
 
     data = {
         'server_block_list': server_block_list,
-        'api_set': api_set,
         'certbot': certbot
     }
 

diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
@@ -50,7 +50,7 @@ from vyos.configsession import ConfigSession, ConfigSessionError
 
 import api.graphql.state
 
-DEFAULT_CONFIG_FILE = '/etc/vyos/http-api.conf'
+api_config_state = '/tmp/api-config-state'
 CFG_GROUP = 'vyattacfg'
 
 debug = True
@@ -68,7 +68,7 @@ else:
 lock = threading.Lock()
 
 def load_server_config():
-    with open(DEFAULT_CONFIG_FILE) as f:
+    with open(api_config_state) as f:
         config = json.load(f)
     return config
 
@@ -860,19 +860,28 @@ def shutdown_handler(signum, frame):
     logger.info('Server shutdown...')
     shutdown = True
 
+def flatten_keys(d: dict) -> list[dict]:
+    keys_list = []
+    for el in list(d['keys'].get('id', {})):
+        key = d['keys']['id'][el].get('key', '')
+        if key:
+            keys_list.append({'id': el, 'key': key})
+    return keys_list
+
 def initialization(session: ConfigSession, app: FastAPI = app):
     global server
     try:
         server_config = load_server_config()
+        keys = flatten_keys(server_config)
     except Exception as e:
         logger.critical(f'Failed to load the HTTP API server config: {e}')
         sys.exit(1)
 
     app.state.vyos_session = session
-    app.state.vyos_keys = server_config['api_keys']
+    app.state.vyos_keys = keys
 
-    app.state.vyos_debug = server_config['debug']
-    app.state.vyos_strict = server_config['strict']
+    app.state.vyos_debug = bool('debug' in server_config)
+    app.state.vyos_strict = bool('strict' in server_config)
     app.state.vyos_origins = server_config.get('cors', {}).get('allow_origin', [])
     if 'graphql' in server_config:
         app.state.vyos_graphql = True
@@ -881,7 +890,7 @@ def initialization(session: ConfigSession, app: FastAPI = app):
                 app.state.vyos_introspection = True
             else:
                 app.state.vyos_introspection = False
-            # default value is merged in conf_mode http-api.py, if not set
+            # default values if not set explicitly
             app.state.vyos_auth_type = server_config['graphql']['authentication']['type']
             app.state.vyos_token_exp = server_config['graphql']['authentication']['expiration']
             app.state.vyos_secret_len = server_config['graphql']['authentication']['secret_length']