diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2023-09-08 21:34:34 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-09-08 21:34:34 +0300 |
commit | 540939473421b84644c58fefc2200735b7e79c99 (patch) | |
tree | 1fdc544e8c512453cb1ca9e343cca49dac94f5a9 | |
parent | 5e47f1aaea444354da5766c9ac36986eac7fb198 (diff) | |
parent | 7cb85a8b49708f5e7b50f5dc8e0414b6a3a0736f (diff) | |
download | vyos-1x-540939473421b84644c58fefc2200735b7e79c99.tar.gz vyos-1x-540939473421b84644c58fefc2200735b7e79c99.zip |
Merge pull request #2226 from sever-sever/T5423-sag
T5423: Fix for op-mode show vpn ike secrets
-rw-r--r-- | op-mode-definitions/vpn-ipsec.xml.in | 2 | ||||
-rwxr-xr-x | src/op_mode/ipsec.py | 39 |
2 files changed, 40 insertions, 1 deletions
diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in index c7ba780a3..b551af2be 100644 --- a/op-mode-definitions/vpn-ipsec.xml.in +++ b/op-mode-definitions/vpn-ipsec.xml.in @@ -177,7 +177,7 @@ <properties> <help>Show all the pre-shared key secrets</help> </properties> - <command>sudo cat /etc/ipsec.secrets | sed 's/#.*//'</command> + <command>${vyos_op_scripts_dir}/ipsec.py show_psk</command> </node> <node name="status"> <properties> diff --git a/src/op_mode/ipsec.py b/src/op_mode/ipsec.py index 57d3cfed9..44d41219e 100755 --- a/src/op_mode/ipsec.py +++ b/src/op_mode/ipsec.py @@ -779,6 +779,45 @@ def show_ra_summary(raw: bool): return _get_formatted_output_ra_summary(list_sa) +# PSK block +def _get_raw_psk(): + conf: ConfigTreeQuery = ConfigTreeQuery() + config_path = ['vpn', 'ipsec', 'authentication', 'psk'] + psk_config = conf.get_config_dict(config_path, key_mangling=('-', '_'), + get_first_key=True, + no_tag_node_value_mangle=True) + + psk_list = [] + for psk, psk_data in psk_config.items(): + psk_data['psk'] = psk + psk_list.append(psk_data) + + return psk_list + + +def _get_formatted_psk(psk_list): + headers = ["PSK", "Id", "Secret"] + formatted_data = [] + + for psk_data in psk_list: + formatted_data.append([psk_data["psk"], "\n".join(psk_data["id"]), psk_data["secret"]]) + + return tabulate(formatted_data, headers=headers) + + +def show_psk(raw: bool): + config = ConfigTreeQuery() + if not config.exists('vpn ipsec authentication psk'): + raise vyos.opmode.UnconfiguredSubsystem('VPN ipsec psk authentication is not configured') + + psk = _get_raw_psk() + if raw: + return psk + return _get_formatted_psk(psk) + +# PSK block end + + if __name__ == '__main__': try: res = vyos.opmode.run(sys.modules[__name__]) |