diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-09-05 17:17:50 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-09-08 15:05:43 +0000 |
commit | 7cb85a8b49708f5e7b50f5dc8e0414b6a3a0736f (patch) | |
tree | 188a49f0eae071ac23b0466b5cf0a57d5796d8c5 | |
parent | 8e22a2f6f77dc2d10969d8603c59a8834164b903 (diff) | |
download | vyos-1x-7cb85a8b49708f5e7b50f5dc8e0414b6a3a0736f.tar.gz vyos-1x-7cb85a8b49708f5e7b50f5dc8e0414b6a3a0736f.zip |
T5423: Fix for op-mode show vpn ike secrets
We don't use ipsec.secrets anymore
Fix op-mode for "show vpn ike secrets".
Ability to get "RAW" format
(cherry picked from commit 97326920e2907bdb545853887dc54c6a02b76f28)
-rw-r--r-- | op-mode-definitions/vpn-ipsec.xml.in | 2 | ||||
-rwxr-xr-x | src/op_mode/ipsec.py | 39 |
2 files changed, 40 insertions, 1 deletions
diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in index c7ba780a3..b551af2be 100644 --- a/op-mode-definitions/vpn-ipsec.xml.in +++ b/op-mode-definitions/vpn-ipsec.xml.in @@ -177,7 +177,7 @@ <properties> <help>Show all the pre-shared key secrets</help> </properties> - <command>sudo cat /etc/ipsec.secrets | sed 's/#.*//'</command> + <command>${vyos_op_scripts_dir}/ipsec.py show_psk</command> </node> <node name="status"> <properties> diff --git a/src/op_mode/ipsec.py b/src/op_mode/ipsec.py index 57d3cfed9..44d41219e 100755 --- a/src/op_mode/ipsec.py +++ b/src/op_mode/ipsec.py @@ -779,6 +779,45 @@ def show_ra_summary(raw: bool): return _get_formatted_output_ra_summary(list_sa) +# PSK block +def _get_raw_psk(): + conf: ConfigTreeQuery = ConfigTreeQuery() + config_path = ['vpn', 'ipsec', 'authentication', 'psk'] + psk_config = conf.get_config_dict(config_path, key_mangling=('-', '_'), + get_first_key=True, + no_tag_node_value_mangle=True) + + psk_list = [] + for psk, psk_data in psk_config.items(): + psk_data['psk'] = psk + psk_list.append(psk_data) + + return psk_list + + +def _get_formatted_psk(psk_list): + headers = ["PSK", "Id", "Secret"] + formatted_data = [] + + for psk_data in psk_list: + formatted_data.append([psk_data["psk"], "\n".join(psk_data["id"]), psk_data["secret"]]) + + return tabulate(formatted_data, headers=headers) + + +def show_psk(raw: bool): + config = ConfigTreeQuery() + if not config.exists('vpn ipsec authentication psk'): + raise vyos.opmode.UnconfiguredSubsystem('VPN ipsec psk authentication is not configured') + + psk = _get_raw_psk() + if raw: + return psk + return _get_formatted_psk(psk) + +# PSK block end + + if __name__ == '__main__': try: res = vyos.opmode.run(sys.modules[__name__]) |