13 files changed, 160 insertions, 16 deletions
diff --git a/python/vyos/config_mgmt.py b/python/vyos/config_mgmt.py
index 70b6ea203..d518737ca 100644
--- a/python/vyos/config_mgmt.py
+++ b/python/vyos/config_mgmt.py
@@ -81,9 +81,11 @@ def save_config(target, json_out=None):
     if rc != 0:
         logger.critical(f'save config failed: {out}')
 
-def unsaved_commits() -> bool:
+def unsaved_commits(allow_missing_config=False) -> bool:
     if get_full_version_data()['boot_via'] == 'livecd':
         return False
+    if allow_missing_config and not os.path.exists(config_file):
+        return True
     tmp_save = '/tmp/config.running'
     save_config(tmp_save)
     ret = not cmp(tmp_save, config_file, shallow=False)
diff --git a/python/vyos/configdict.py b/python/vyos/configdict.py
index 870d7cfda..5a353b110 100644
--- a/python/vyos/configdict.py
+++ b/python/vyos/configdict.py
@@ -631,7 +631,7 @@ def get_accel_dict(config, base, chap_secrets, with_pki=False):
 
     Return a dictionary with the necessary interface config keys.
     """
-    from vyos.cpu import get_core_count
+    from vyos.utils.cpu import get_core_count
     from vyos.template import is_ipv4
 
     dict = config.get_config_dict(base, key_mangling=('-', '_'),
diff --git a/python/vyos/configquery.py b/python/vyos/configquery.py
index 71ad5b4f0..5d6ca9be9 100644
--- a/python/vyos/configquery.py
+++ b/python/vyos/configquery.py
@@ -1,4 +1,4 @@
-# Copyright 2021-2023 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2021-2024 VyOS maintainers and contributors <maintainers@vyos.io>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -19,6 +19,8 @@ settings from op mode, and execution of arbitrary op mode commands.
 '''
 
 import os
+import json
+import subprocess
 
 from vyos.utils.process import STDOUT
 from vyos.utils.process import popen
@@ -27,6 +29,14 @@ from vyos.utils.boot import boot_configuration_complete
 from vyos.config import Config
 from vyos.configsource import ConfigSourceSession, ConfigSourceString
 from vyos.defaults import directories
+from vyos.configtree import ConfigTree
+from vyos.utils.dict import embed_dict
+from vyos.utils.dict import get_sub_dict
+from vyos.utils.dict import mangle_dict_keys
+from vyos.utils.error import cli_shell_api_err
+from vyos.xml_ref import multi_to_list
+from vyos.xml_ref import is_tag
+from vyos.base import Warning
 
 config_file = os.path.join(directories['config'], 'config.boot')
 
@@ -133,4 +143,50 @@ def query_context(config_query_class=CliShellApiConfigQuery,
     run = op_run_class()
     return query, run
 
-
+def verify_mangling(key_mangling):
+    if not (isinstance(key_mangling, tuple) and
+            len(key_mangling) == 2 and
+            isinstance(key_mangling[0], str) and
+            isinstance(key_mangling[1], str)):
+        raise ValueError("key_mangling must be a tuple of two strings")
+
+def op_mode_run(cmd):
+    """ low-level to avoid overhead  """
+    p = subprocess.Popen(cmd, stdout=subprocess.PIPE)
+    out = p.stdout.read()
+    p.wait()
+    return p.returncode, out.decode()
+
+def op_mode_config_dict(path=None, key_mangling=None,
+                        no_tag_node_value_mangle=False,
+                        no_multi_convert=False, get_first_key=False):
+
+    if path is None:
+        path = []
+    command = ['/bin/cli-shell-api', '--show-active-only', 'showConfig']
+
+    rc, out = op_mode_run(command + path)
+    if rc == cli_shell_api_err.VYOS_EMPTY_CONFIG:
+        out = ''
+    if rc == cli_shell_api_err.VYOS_INVALID_PATH:
+        Warning(out)
+        return {}
+
+    ct = ConfigTree(out)
+    d = json.loads(ct.to_json())
+    # cli-shell-api output includes last path component if tag node
+    if is_tag(path):
+        config_dict = embed_dict(path[:-1], d)
+    else:
+        config_dict = embed_dict(path, d)
+
+    if not no_multi_convert:
+        config_dict = multi_to_list([], config_dict)
+
+    if key_mangling is not None:
+        verify_mangling(key_mangling)
+        config_dict = mangle_dict_keys(config_dict,
+                                       key_mangling[0], key_mangling[1],
+                                       no_tag_node_value_mangle=no_tag_node_value_mangle)
+
+    return get_sub_dict(config_dict, path, get_first_key=get_first_key)
diff --git a/python/vyos/configsession.py b/python/vyos/configsession.py
index beec6010b..ccf2ce8f2 100644
--- a/python/vyos/configsession.py
+++ b/python/vyos/configsession.py
@@ -1,5 +1,4 @@
-# configsession -- the write API for the VyOS running config
-# Copyright (C) 2019-2023 VyOS maintainers and contributors
+# Copyright (C) 2019-2024 VyOS maintainers and contributors
 #
 # This library is free software; you can redistribute it and/or modify it under the terms of
 # the GNU Lesser General Public License as published by the Free Software Foundation;
@@ -12,11 +11,14 @@
 # You should have received a copy of the GNU Lesser General Public License along with this library;
 # if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
+# configsession -- the write API for the VyOS running config
+
 import os
 import re
 import sys
 import subprocess
 
+from vyos.defaults import directories
 from vyos.utils.process import is_systemd_service_running
 from vyos.utils.dict import dict_to_paths
 
@@ -58,7 +60,7 @@ def inject_vyos_env(env):
     env['VYOS_HEADLESS_CLIENT'] = 'vyos_http_api'
     env['vyatta_bindir']= '/opt/vyatta/bin'
     env['vyatta_cfg_templates'] = '/opt/vyatta/share/vyatta-cfg/templates'
-    env['vyatta_configdir'] = '/opt/vyatta/config'
+    env['vyatta_configdir'] = directories['vyos_configdir']
     env['vyatta_datadir'] = '/opt/vyatta/share'
     env['vyatta_datarootdir'] = '/opt/vyatta/share'
     env['vyatta_libdir'] = '/opt/vyatta/lib'
@@ -70,7 +72,7 @@ def inject_vyos_env(env):
     env['vyos_bin_dir'] = '/usr/bin'
     env['vyos_cfg_templates'] = '/opt/vyatta/share/vyatta-cfg/templates'
     env['vyos_completion_dir'] = '/usr/libexec/vyos/completion'
-    env['vyos_configdir'] = '/opt/vyatta/config'
+    env['vyos_configdir'] = directories['vyos_configdir']
     env['vyos_conf_scripts_dir'] = '/usr/libexec/vyos/conf_mode'
     env['vyos_datadir'] = '/opt/vyatta/share'
     env['vyos_datarootdir']= '/opt/vyatta/share'
diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index e7cd69a8b..9ccd925ce 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -1,4 +1,4 @@
-# Copyright 2018-2023 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2018-2024 VyOS maintainers and contributors <maintainers@vyos.io>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -35,6 +35,7 @@ directories = {
   'vyos_udev_dir' : '/run/udev/vyos',
   'isc_dhclient_dir' : '/run/dhclient',
   'dhcp6_client_dir' : '/run/dhcp6c',
+  'vyos_configdir' : '/opt/vyatta/config'
 }
 
 config_status = '/tmp/vyos-config-status'
@@ -44,7 +45,7 @@ cfg_group = 'vyattacfg'
 
 cfg_vintage = 'vyos'
 
-commit_lock = '/opt/vyatta/config/.lock'
+commit_lock = os.path.join(directories['vyos_configdir'], '.lock')
 
 component_version_json = os.path.join(directories['data'], 'component-versions.json')
 
diff --git a/python/vyos/ethtool.py b/python/vyos/ethtool.py
index d45c9c272..80bb56fa2 100644
--- a/python/vyos/ethtool.py
+++ b/python/vyos/ethtool.py
@@ -16,6 +16,7 @@
 import re
 
 from json import loads
+from vyos.utils.network import interface_exists
 from vyos.utils.process import popen
 
 # These drivers do not support using ethtool to change the speed, duplex, or
@@ -64,6 +65,9 @@ class Ethtool:
 
     def __init__(self, ifname):
         # Get driver used for interface
+        if not interface_exists(ifname):
+            raise ValueError(f'Interface "{ifname}" does not exist!')
+
         out, _ = popen(f'ethtool --driver {ifname}')
         driver = re.search(r'driver:\s(\w+)', out)
         if driver:
diff --git a/python/vyos/ifconfig/macsec.py b/python/vyos/ifconfig/macsec.py
index bde1d9aec..383905814 100644
--- a/python/vyos/ifconfig/macsec.py
+++ b/python/vyos/ifconfig/macsec.py
@@ -66,7 +66,7 @@ class MACsecIf(Interface):
                 cmd = 'ip macsec add {ifname} rx port 1 address'.format(**self.config)
                 cmd += f' {peer_config["mac"]}'
                 self._cmd(cmd)
-                # Add the rx-key to the address
+                # Add the encryption key to the address
                 cmd += f' sa 0 pn 1 on key 01 {peer_config["key"]}'
                 self._cmd(cmd)
 
diff --git a/python/vyos/utils/__init__.py b/python/vyos/utils/__init__.py
index 12ef2d3b8..90620071b 100644
--- a/python/vyos/utils/__init__.py
+++ b/python/vyos/utils/__init__.py
@@ -1,4 +1,4 @@
-# Copyright 2023 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2024 VyOS maintainers and contributors <maintainers@vyos.io>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -17,7 +17,9 @@ from vyos.utils import assertion
 from vyos.utils import auth
 from vyos.utils import boot
 from vyos.utils import commit
+from vyos.utils import configfs
 from vyos.utils import convert
+from vyos.utils import cpu
 from vyos.utils import dict
 from vyos.utils import file
 from vyos.utils import io
diff --git a/python/vyos/utils/auth.py b/python/vyos/utils/auth.py
index a59858d72..a0b3e1cae 100644
--- a/python/vyos/utils/auth.py
+++ b/python/vyos/utils/auth.py
@@ -1,6 +1,6 @@
 # authutils -- miscelanneous functions for handling passwords and publis keys
 #
-# Copyright (C) 2018 VyOS maintainers and contributors
+# Copyright (C) 2023-2024 VyOS maintainers and contributors
 #
 # This library is free software; you can redistribute it and/or modify it under the terms of
 # the GNU Lesser General Public License as published by the Free Software Foundation;
@@ -11,13 +11,12 @@
 # See the GNU Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU Lesser General Public License along with this library;
-# if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 
+# if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
 import re
 
 from vyos.utils.process import cmd
 
-
 def make_password_hash(password):
     """ Makes a password hash for /etc/shadow using mkpasswd """
 
@@ -39,3 +38,14 @@ def split_ssh_public_key(key_string, defaultname=""):
         raise ValueError("Bad key type \'{0}\', must be one of must be one of ssh-rsa, ssh-dss, ecdsa-sha2-nistp<256|384|521> or ssh-ed25519".format(key_type))
 
     return({"type": key_type, "data": key_data, "name": key_name})
+
+def get_current_user() -> str:
+    import os
+    current_user = 'nobody'
+    # During CLI "owner" script execution we use SUDO_USER
+    if 'SUDO_USER' in os.environ:
+        current_user = os.environ['SUDO_USER']
+    # During op-mode or config-mode interactive CLI we use USER
+    elif 'USER' in os.environ:
+        current_user = os.environ['USER']
+    return current_user
diff --git a/python/vyos/utils/configfs.py b/python/vyos/utils/configfs.py
new file mode 100644
index 000000000..8617f0129
--- /dev/null
+++ b/python/vyos/utils/configfs.py
@@ -0,0 +1,37 @@
+# Copyright 2024 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+
+def delete_cli_node(cli_path: list):
+    from shutil import rmtree
+    for config_dir in ['VYATTA_TEMP_CONFIG_DIR', 'VYATTA_CHANGES_ONLY_DIR']:
+        tmp = os.path.join(os.environ[config_dir], '/'.join(cli_path))
+        # delete CLI node
+        if os.path.exists(tmp):
+            rmtree(tmp)
+
+def add_cli_node(cli_path: list, value: str=None):
+    from vyos.utils.auth import get_current_user
+    from vyos.utils.file import write_file
+
+    current_user = get_current_user()
+    for config_dir in ['VYATTA_TEMP_CONFIG_DIR', 'VYATTA_CHANGES_ONLY_DIR']:
+        # store new value
+        tmp = os.path.join(os.environ[config_dir], '/'.join(cli_path))
+        write_file(f'{tmp}/node.val', value, user=current_user, group='vyattacfg', mode=0o664)
+        # mark CLI node as modified
+        if config_dir == 'VYATTA_CHANGES_ONLY_DIR':
+            write_file(f'{tmp}/.modified', '', user=current_user, group='vyattacfg', mode=0o664)
diff --git a/python/vyos/cpu.py b/python/vyos/utils/cpu.py
index cae5f5f4d..3bea5ac12 100644
--- a/python/vyos/cpu.py
+++ b/python/vyos/utils/cpu.py
@@ -28,7 +28,6 @@ but nothing is certain.
 
 import re
 
-
 def _read_cpuinfo():
     with open('/proc/cpuinfo', 'r') as f:
         lines = f.read().strip()
diff --git a/python/vyos/utils/dict.py b/python/vyos/utils/dict.py
index d36b6fcfb..062ab9c81 100644
--- a/python/vyos/utils/dict.py
+++ b/python/vyos/utils/dict.py
@@ -307,6 +307,13 @@ def dict_to_paths(d: dict) -> list:
     for r in func(d, []):
         yield r
 
+def embed_dict(p: list[str], d: dict) -> dict:
+    path = p.copy()
+    ret = d
+    while path:
+        ret = {path.pop(): ret}
+    return ret
+
 def check_mutually_exclusive_options(d, keys, required=False):
     """ Checks if a dict has at most one or only one of
     mutually exclusive keys.
diff --git a/python/vyos/utils/error.py b/python/vyos/utils/error.py
new file mode 100644
index 000000000..8d4709bff
--- /dev/null
+++ b/python/vyos/utils/error.py
@@ -0,0 +1,24 @@
+# Copyright 2024 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library.  If not, see <http://www.gnu.org/licenses/>.
+
+from enum import IntEnum
+
+class cli_shell_api_err(IntEnum):
+    """ vyatta-cfg/src/vyos-errors.h """
+    VYOS_SUCCESS = 0
+    VYOS_GENERAL_FAILURE = 1
+    VYOS_INVALID_PATH = 2
+    VYOS_EMPTY_CONFIG = 3
+    VYOS_CONFIG_PARSE_ERROR = 4