6 files changed, 16 insertions, 61 deletions

diff --git a/src/op_mode/bridge.py b/src/op_mode/bridge.py
index 5a821a287..d6098c158 100755
--- a/src/op_mode/bridge.py
+++ b/src/op_mode/bridge.py
@@ -32,7 +32,7 @@ def _get_json_data():
     """
     Get bridge data format JSON
     """
-    return cmd(f'sudo bridge --json link show')
+    return cmd(f'bridge --json link show')
 
 
 def _get_raw_data_summary():
@@ -48,7 +48,7 @@ def _get_raw_data_vlan():
     """
     :returns dict
     """
-    json_data = cmd('sudo bridge --json --compressvlans vlan show')
+    json_data = cmd('bridge --json --compressvlans vlan show')
     data_dict = json.loads(json_data)
     return data_dict
 
@@ -57,7 +57,7 @@ def _get_raw_data_fdb(bridge):
     """Get MAC-address for the bridge brX
     :returns list
     """
-    code, json_data = rc_cmd(f'sudo bridge --json fdb show br {bridge}')
+    code, json_data = rc_cmd(f'bridge --json fdb show br {bridge}')
     # From iproute2 fdb.c, fdb_show() will only exit(-1) in case of
     # non-existent bridge device; raise error.
     if code == 255:
diff --git a/src/op_mode/dns.py b/src/op_mode/dns.py
index 9e5b1040c..a0e47d7ad 100755
--- a/src/op_mode/dns.py
+++ b/src/op_mode/dns.py
@@ -54,10 +54,10 @@ def _data_to_dict(data, sep="\t") -> dict:
 
 
 def _get_raw_forwarding_statistics() -> dict:
-    command = cmd('sudo /usr/bin/rec_control --socket-dir=/run/powerdns get-all')
+    command = cmd('rec_control --socket-dir=/run/powerdns get-all')
     data = _data_to_dict(command)
     data['cache-size'] = "{0:.2f}".format( int(
-        cmd('sudo /usr/bin/rec_control --socket-dir=/run/powerdns get cache-bytes')) / 1024 )
+        cmd('rec_control --socket-dir=/run/powerdns get cache-bytes')) / 1024 )
     return data
 
 
diff --git a/src/op_mode/firewall.py b/src/op_mode/firewall.py
index 950feb625..46bda5f7e 100755
--- a/src/op_mode/firewall.py
+++ b/src/op_mode/firewall.py
@@ -63,7 +63,7 @@ def get_config_firewall(conf, name=None, ipv6=False, interfaces=True):
                                 get_first_key=True, no_tag_node_value_mangle=True)
     if firewall and interfaces:
         if name:
-            firewall['interface'] = []
+            firewall['interface'] = {}
         else:
             if 'name' in firewall:
                 for fw_name, name_conf in firewall['name'].items():
diff --git a/src/op_mode/ipsec.py b/src/op_mode/ipsec.py
index 75579a447..afe006834 100755
--- a/src/op_mode/ipsec.py
+++ b/src/op_mode/ipsec.py
@@ -14,6 +14,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import os
 import re
 import sys
 
@@ -404,6 +405,8 @@ def _get_formatted_output_conections(data):
 def get_peer_connections(peer, tunnel, return_all = False):
     search = rf'^[\s]*({peer}-(tunnel-[\d]+|vti)).*'
     matches = []
+    if not os.path.exists(SWANCTL_CONF):
+        raise vyos.opmode.UnconfiguredSubsystem("IPsec not initialized")
     with open(SWANCTL_CONF, 'r') as f:
         for line in f.readlines():
             result = re.match(search, line)
@@ -415,27 +418,19 @@ def get_peer_connections(peer, tunnel, return_all = False):
 
 
 def reset_peer(peer: str, tunnel:str):
-    if not peer:
-        print('Invalid peer, aborting')
-        return
-
     conns = get_peer_connections(peer, tunnel, return_all = (not tunnel or tunnel == 'all'))
 
     if not conns:
-        print('Tunnel(s) not found, aborting')
-        return
+        raise vyos.opmode.IncorrectValue('Peer or tunnel(s) not found, aborting')
 
-    result = True
     for conn in conns:
         try:
             call(f'sudo /usr/sbin/ipsec down {conn}{{*}}', timeout = 10)
             call(f'sudo /usr/sbin/ipsec up {conn}', timeout = 10)
         except TimeoutExpired as e:
-            print(f'Timed out while resetting {conn}')
-            result = False
-
+            raise vyos.opmode.InternalError(f'Timed out while resetting {conn}')
 
-    print('Peer reset result: ' + ('success' if result else 'failed'))
+    print('Peer reset result: success')
 
 
 def show_sa(raw: bool):
diff --git a/src/op_mode/policy_route.py b/src/op_mode/policy_route.py
index 5be40082f..5953786f3 100755
--- a/src/op_mode/policy_route.py
+++ b/src/op_mode/policy_route.py
@@ -22,53 +22,13 @@ from vyos.config import Config
 from vyos.util import cmd
 from vyos.util import dict_search_args
 
-def get_policy_interfaces(conf, policy, name=None, ipv6=False):
-    interfaces = conf.get_config_dict(['interfaces'], key_mangling=('-', '_'),
-                                      get_first_key=True, no_tag_node_value_mangle=True)
-
-    routes = ['route', 'route6']
-
-    def parse_if(ifname, if_conf):
-        if 'policy' in if_conf:
-            for route in routes:
-                if route in if_conf['policy']:
-                    route_name = if_conf['policy'][route]
-                    name_str = f'({ifname},{route})'
-
-                    if not name:
-                        policy[route][route_name]['interface'].append(name_str)
-                    elif not ipv6 and name == route_name:
-                        policy['interface'].append(name_str)
-
-        for iftype in ['vif', 'vif_s', 'vif_c']:
-            if iftype in if_conf:
-                for vifname, vif_conf in if_conf[iftype].items():
-                    parse_if(f'{ifname}.{vifname}', vif_conf)
-
-    for iftype, iftype_conf in interfaces.items():
-        for ifname, if_conf in iftype_conf.items():
-            parse_if(ifname, if_conf)
-
-def get_config_policy(conf, name=None, ipv6=False, interfaces=True):
+def get_config_policy(conf, name=None, ipv6=False):
     config_path = ['policy']
     if name:
         config_path += ['route6' if ipv6 else 'route', name]
 
     policy = conf.get_config_dict(config_path, key_mangling=('-', '_'),
                                 get_first_key=True, no_tag_node_value_mangle=True)
-    if policy and interfaces:
-        if name:
-            policy['interface'] = []
-        else:
-            if 'route' in policy:
-                for route_name, route_conf in policy['route'].items():
-                    route_conf['interface'] = []
-
-            if 'route6' in policy:
-                for route_name, route_conf in policy['route6'].items():
-                    route_conf['interface'] = []
-
-        get_policy_interfaces(conf, policy, name, ipv6)
 
     return policy
 
diff --git a/src/op_mode/vrf.py b/src/op_mode/vrf.py
index aeb50fe6e..a9a416761 100755
--- a/src/op_mode/vrf.py
+++ b/src/op_mode/vrf.py
@@ -31,14 +31,14 @@ def _get_raw_data(name=None):
     If vrf name is set - get only this name data
     If vrf name set and not found - return []
     """
-    output = cmd('sudo ip --json --brief link show type vrf')
+    output = cmd('ip --json --brief link show type vrf')
     data = json.loads(output)
     if not data:
         return []
     if name:
         is_vrf_exists = True if [vrf for vrf in data if vrf.get('ifname') == name] else False
         if is_vrf_exists:
-            output = cmd(f'sudo ip --json --brief link show dev {name}')
+            output = cmd(f'ip --json --brief link show dev {name}')
             data = json.loads(output)
             return data
         return []
@@ -51,7 +51,7 @@ def _get_vrf_members(vrf: str) -> list:
     :param vrf: str
     :return: list
     """
-    output = cmd(f'sudo ip --json --brief link show master {vrf}')
+    output = cmd(f'ip --json --brief link show master {vrf}')
     answer = json.loads(output)
     interfaces = []
     for data in answer: