T5743: HTTPS API ability to import PKI certificates

Add HTTPS API call to import PKI certificaties https://vyos/import-pki
sever-sever · Nov 15, 2023 · e3767cb · e3767cb
1 parent 1afaa42
commit e3767cb
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 1 deletion.
diff --git a/data/templates/https/nginx.default.j2 b/data/templates/https/nginx.default.j2
@@ -36,7 +36,7 @@ server {
         ssl_protocols TLSv1.2 TLSv1.3;
 
         # proxy settings for HTTP API, if enabled; 503, if not
-        location ~ ^/(retrieve|configure|config-file|image|container-image|generate|show|reset|docs|openapi.json|redoc|graphql) {
+        location ~ ^/(retrieve|configure|config-file|image|import-pki|container-image|generate|show|reset|docs|openapi.json|redoc|graphql) {
 {%     if server.api %}
 {%         if server.api.socket %}
                 proxy_pass http://unix:/run/api.sock;

diff --git a/python/vyos/configsession.py b/python/vyos/configsession.py
@@ -31,6 +31,7 @@
 MIGRATE_LOAD_CONFIG = ['/usr/libexec/vyos/vyos-load-config.py']
 SAVE_CONFIG = ['/usr/libexec/vyos/vyos-save-config.py']
 INSTALL_IMAGE = ['/opt/vyatta/sbin/install-image', '--url']
+IMPORT_PKI = ['/opt/vyatta/bin/vyatta-op-cmd-wrapper', 'import']
 REMOVE_IMAGE = ['/opt/vyatta/bin/vyatta-boot-image.pl', '--del']
 GENERATE = ['/opt/vyatta/bin/vyatta-op-cmd-wrapper', 'generate']
 SHOW = ['/opt/vyatta/bin/vyatta-op-cmd-wrapper', 'show']
@@ -208,6 +209,10 @@ def install_image(self, url):
         out = self.__run_command(INSTALL_IMAGE + [url])
         return out
 
+    def import_pki(self, path):
+        out = self.__run_command(IMPORT_PKI + path)
+        return out
+
     def remove_image(self, name):
         out = self.__run_command(REMOVE_IMAGE + [name])
         return out

diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
@@ -184,6 +184,19 @@ class ImageModel(ApiModel):
             }
         }
 
+class ImportPkiModel(ApiModel):
+    op: StrictStr
+    path: List[StrictStr]
+
+    class Config:
+        schema_extra = {
+            "example": {
+                "key": "id_key",
+                "op": "import_pki",
+                "path": ["op", "mode", "path"],
+            }
+        }
+
 class ContainerImageModel(ApiModel):
     op: StrictStr
     name: StrictStr = None
@@ -733,6 +746,26 @@ def reset_op(data: ResetModel):
 
     return success(res)
 
+@app.post('/import-pki')
+def import_pki(data: ImportPkiModel):
+    session = app.state.vyos_session
+
+    op = data.op
+    path = data.path
+
+    try:
+        if op == 'import-pki':
+            res = session.import_pki(path)
+        else:
+            return error(400, f"'{op}' is not a valid operation")
+    except ConfigSessionError as e:
+        return error(400, str(e))
+    except Exception as e:
+        logger.critical(traceback.format_exc())
+        return error(500, "An internal error occured. Check the logs for details.")
+
+    return success(res)
+
 
 ###
 # GraphQL integration