From 97326920e2907bdb545853887dc54c6a02b76f28 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Tue, 5 Sep 2023 17:17:50 +0000
Subject: T5423: Fix for op-mode show vpn ike secrets

We don't use ipsec.secrets anymore
Fix op-mode for "show vpn ike secrets".
Ability to get "RAW" format
---
 op-mode-definitions/vpn-ipsec.xml.in |  2 +-
 src/op_mode/ipsec.py                 | 39 ++++++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/op-mode-definitions/vpn-ipsec.xml.in b/op-mode-definitions/vpn-ipsec.xml.in
index c7ba780a3..b551af2be 100644
--- a/op-mode-definitions/vpn-ipsec.xml.in
+++ b/op-mode-definitions/vpn-ipsec.xml.in
@@ -177,7 +177,7 @@
                 <properties>
                   <help>Show all the pre-shared key secrets</help>
                 </properties>
-                <command>sudo cat /etc/ipsec.secrets | sed 's/#.*//'</command>
+                <command>${vyos_op_scripts_dir}/ipsec.py show_psk</command>
               </node>
               <node name="status">
                 <properties>
diff --git a/src/op_mode/ipsec.py b/src/op_mode/ipsec.py
index 57d3cfed9..44d41219e 100755
--- a/src/op_mode/ipsec.py
+++ b/src/op_mode/ipsec.py
@@ -779,6 +779,45 @@ def show_ra_summary(raw: bool):
     return _get_formatted_output_ra_summary(list_sa)
 
 
+# PSK block
+def _get_raw_psk():
+    conf: ConfigTreeQuery = ConfigTreeQuery()
+    config_path = ['vpn', 'ipsec', 'authentication', 'psk']
+    psk_config = conf.get_config_dict(config_path, key_mangling=('-', '_'),
+                                       get_first_key=True,
+                                       no_tag_node_value_mangle=True)
+
+    psk_list = []
+    for psk, psk_data in psk_config.items():
+        psk_data['psk'] = psk
+        psk_list.append(psk_data)
+
+    return psk_list
+
+
+def _get_formatted_psk(psk_list):
+    headers = ["PSK", "Id", "Secret"]
+    formatted_data = []
+
+    for psk_data in psk_list:
+        formatted_data.append([psk_data["psk"], "\n".join(psk_data["id"]), psk_data["secret"]])
+
+    return tabulate(formatted_data, headers=headers)
+
+
+def show_psk(raw: bool):
+    config = ConfigTreeQuery()
+    if not config.exists('vpn ipsec authentication psk'):
+        raise vyos.opmode.UnconfiguredSubsystem('VPN ipsec psk authentication is not configured')
+
+    psk = _get_raw_psk()
+    if raw:
+        return psk
+    return _get_formatted_psk(psk)
+
+# PSK block end
+
+
 if __name__ == '__main__':
     try:
         res = vyos.opmode.run(sys.modules[__name__])
-- 
cgit v1.2.3