wireguard: T2743: move key migration from config script to migration script

Migration files on the storage should be done one time by a migration script
instead of every time the configuration changes. Moving this to an older
migration script is fine as this is around for a long time and all rolling
releases are already up2date. It only affects updates from VyOS 1.2 series.

1 files changed, 1 insertions, 19 deletions

diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py
index 6325a8b05..8b64cde4d 100755
--- a/src/conf_mode/interfaces-wireguard.py
+++ b/src/conf_mode/interfaces-wireguard.py
@@ -28,27 +28,11 @@ from vyos.configverify import verify_vrf
 from vyos.configverify import verify_address
 from vyos.configverify import verify_bridge_delete
 from vyos.ifconfig import WireGuardIf
-from vyos.util import chown, chmod_750
 from vyos.util import check_kmod
 from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
 
-k_mod = 'wireguard'
-
-def _migrate_default_keys():
-    kdir = r'/config/auth/wireguard'
-    if os.path.exists(f'{kdir}/private.key') and not os.path.exists(f'{kdir}/default/private.key'):
-        location = f'{kdir}/default'
-        if not os.path.exists(location):
-            os.makedirs(location)
-
-        chown(location, 'root', 'vyattacfg')
-        chmod_750(location)
-        os.rename(f'{kdir}/private.key', f'{location}/private.key')
-        os.rename(f'{kdir}/public.key', f'{location}/public.key')
-
-
 def get_config():
     """
     Retrive CLI config as dictionary. Dictionary can never be empty, as at least the
@@ -79,7 +63,6 @@ def get_config():
 
     return wireguard
 
-
 def verify(wireguard):
     if 'deleted' in wireguard:
         verify_bridge_delete(wireguard)
@@ -123,8 +106,7 @@ def apply(wireguard):
 
 if __name__ == '__main__':
     try:
-        check_kmod(k_mod)
-        _migrate_default_keys()
+        check_kmod('wireguard')
         c = get_config()
         verify(c)
         apply(c)