Merge branch 'current' into crux

* current:
  T1129: replace quotes when dealing with 'subnet/global-parameters'
  T1129: fix handling of raw DHCP 'subnet-parameters'
  T1159: correct handling of SAs without PFS in "show vpn ipsec sa".
  T1147: Fix SNMP config file generation on newly installed systems
  Initial implementation of declarative config dict retrieval library.
  T1119: 'show vpn ipsec sa' shows tunnel twice in 1.2.0-RC11

3 files changed, 93 insertions, 2 deletions

diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py
new file mode 100644
index 000000000..157011839
--- /dev/null
+++ b/python/vyos/configdict.py
@@ -0,0 +1,80 @@
+# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+A library for retrieving value dicts from VyOS configs in a declarative fashion.
+
+"""
+
+
+def retrieve_config(path_hash, base_path, config):
+    """
+    Retrieves a VyOS config as a dict according to a declarative description
+
+    The description dict, passed in the first argument, must follow this format:
+    ``field_name : <path, type, [inner_options_dict]>``.
+
+    Supported types are: ``str`` (for normal nodes),
+    ``list`` (returns a list of strings, for multi nodes),
+    ``bool`` (returns True if valueless node exists),
+    ``dict`` (for tag nodes, returns a dict indexed by node names,
+    according to description in the third item of the tuple).
+
+    Args:
+        path_hash (dict): Declarative description of the config to retrieve
+        base_path (list): A base path to prepend to all option paths
+        config (vyos.config.Config): A VyOS config object
+
+    Returns:
+        dict: config dict
+    """
+    config_hash = {}
+
+    for k in path_hash:
+
+        if type(path_hash[k]) != tuple:
+            raise ValueError("In field {0}: expected a tuple, got a value {1}".format(k, str(path_hash[k])))
+        if len(path_hash[k]) < 2:
+            raise ValueError("In field {0}: field description must be a tuple of at least two items, path (list) and type".format(k))
+
+        path = path_hash[k][0]
+        if type(path) != list:
+            raise ValueError("In field {0}: path must be a list, not a {1}".format(k, type(path)))
+
+        typ = path_hash[k][1]
+        if type(typ) != type:
+            raise ValueError("In field {0}: type must be a type, not a {1}".format(k, type(typ)))
+
+        path = base_path + path
+
+        path_str = " ".join(path)
+
+        if typ == str:
+            config_hash[k] = config.return_value(path_str)
+        elif typ == list:
+            config_hash[k] = config.return_values(path_str)
+        elif typ == bool:
+            config_hash[k] = config.exists(path_str)
+        elif typ == dict:
+            try:
+                inner_hash = path_hash[k][2]
+            except IndexError:
+                raise ValueError("The type of the \'{0}\' field is dict, but inner options hash is missing from the tuple".format(k))
+            config_hash[k] = {}
+            nodes = config.list_nodes(path_str)
+            for node in nodes:
+                config_hash[k][node] = retrieve_config(inner_hash, path + [node], config)
+
+    return config_hash
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index 560c80e7f..22ada72a8 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -150,6 +150,12 @@ shared-network {{ network.name }} {
         {%- if subnet.domain_name %}
         option domain-name "{{ subnet.domain_name }}";
         {%- endif -%}
+        {%- if subnet.subnet_parameters %}
+        # The following {{ subnet.subnet_parameters | length }} line(s) were added as subnet-parameters in the CLI and have not been validated
+        {%- for param in subnet.subnet_parameters %}
+        {{ param }}
+        {%- endfor -%}
+        {%- endif %}
         {%- if subnet.tftp_server %}
         option tftp-server-name "{{ subnet.tftp_server }}";
         {%- endif -%}
@@ -570,7 +576,7 @@ def get_config():
                     #
                     # deprecate this and issue a warning like we do for DNS forwarding?
                     if conf.exists('subnet-parameters'):
-                        config['subnet_parameters'] = conf.return_values('subnet-parameters')
+                        subnet['subnet_parameters'] = conf.return_values('subnet-parameters')
 
                     # This option is used to identify a TFTP server and, if supported by the client, should have
                     # the same effect as the server-name declaration. BOOTP clients are unlikely to support this
@@ -767,6 +773,11 @@ def generate(dhcp):
 
     tmpl = jinja2.Template(config_tmpl)
     config_text = tmpl.render(dhcp)
+
+    # Please see: https://phabricator.vyos.net/T1129 for quoting of the raw parameters
+    # we can pass to ISC DHCPd
+    config_text = config_text.replace("&quot;",'"')
+
     with open(config_file, 'w') as f:
         f.write(config_text)
 
diff --git a/src/op_mode/show_ipsec_sa.py b/src/op_mode/show_ipsec_sa.py
index 568a5daeb..4c39aba66 100755
--- a/src/op_mode/show_ipsec_sa.py
+++ b/src/op_mode/show_ipsec_sa.py
@@ -32,7 +32,7 @@ def parse_ike_line(s):
 # Get a list of all configured connections
 with open('/etc/ipsec.conf', 'r') as f:
     config = f.read()
-    connections = re.findall(r'conn\s([^\s]+)\s*\n', config)
+    connections = set(re.findall(r'conn\s([^\s]+)\s*\n', config))
     connections = list(filter(lambda s: s != '%default', connections))
 
 status_data = []