What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12.1.15.1
How are you able to access your server: The webadmin
SSH
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: no
Describe your issue
I’m trying to restrict access to the YunoHost webadmin with an IP allowlist. Setting the IP via CLI fails with an exception; I’d like to know if this is a known bug or my mistake and how to correctly apply it via CLI. Setting the IP in the Webadmin UI works fine.
Context
- Goal: set the webadmin IP allowlist via CLI
- Webadmin Allowlist is enabled
security.webadmin.webadmin_allowlist_enabled:
ask: Enable Webadmin IP allowlist
value: yes
- Used Command trying to set IP (placeholder IP):
sudo yunohost settings set security.webadmin.webadmin_allowlist -v <IP_ADDRESS>
Expected vs actual
- Expected: the allowlist field updates without error
- Actual: the command crashes with `KeyError: ‘webadmin_allowlist_enabled’
Steps to reproduce
- Ensure webadmin allowlist is enabled (works in CLI and the Webadmin UI).
- Run:
sudo yunohost settings set security.webadmin.webadmin_allowlist -v <IP_ADDRESS>
- Observe the
KeyError
What I’ve tried / observations
- Setting the allowlist IP via the Webadmin UI works as expected
- The error only occurs with the CLI setter for
security.webadmin.webadmin_allowlist - Hypothesis: the form/visibility logic expects
webadmin_allowlist_enabledin context but it isn’t provided when setting the value directly via CLI
Questions
- Is this a known issue with the CLI setter for the webadmin allowlist?
- What’s the correct supported way to set the allowlist IP via CLI or API?
Thank you in advance for any guidance or fixes!
Share relevant logs or error messages
$ sudo yunohost settings set security.webadmin.webadmin_allowlist -v <IP_ADRESS>
========================================
>>>> Security
========================================
# Webadmin
Traceback (most recent call last):
File "/usr/bin/yunohost", line 108, in <module>
main()
File "/usr/bin/yunohost", line 97, in main
yunohost.cli(
File "/usr/lib/python3/dist-packages/yunohost/__init__.py", line 59, in cli
ret = moulinette.cli(
^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/moulinette/__init__.py", line 143, in cli
).run(args, output_as=output_as, timeout=timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/moulinette/interfaces/cli.py", line 530, in run
ret = self.actionsmap.process(args, timeout=timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/moulinette/actionsmap.py", line 580, in process
return func(**arguments)
^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/log.py", line 532, in func_wrapper
result = func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/settings.py", line 105, in settings_set
return settings.set(key, value, args, args_file, operation_logger=operation_logger)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/utils/configpanel.py", line 596, in set
self.form = self._ask(
^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/utils/configpanel.py", line 897, in _ask
form = prompt_or_validate_form(
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/utils/form.py", line 2134, in prompt_or_validate_form
if not option.is_visible(context):
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/utils/form.py", line 435, in is_visible
return evaluate_simple_js_expression(self.visible, context=context) # type: ignore
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/utils/form.py", line 224, in evaluate_simple_js_expression
return evaluate_simple_ast(node, context) # type: ignore
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/utils/form.py", line 109, in evaluate_simple_ast
return context[node.id]
~~~~~~~^^^^^^^^^
KeyError: 'webadmin_allowlist_enabled'