From 3afc29b5ec1ad26dcd7cf7b6ded821015192bf5d Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 6 Nov 2021 22:26:49 +0100
Subject: openvpn: T3966: fix KeyError when removing interfaces without TOTP

---
 src/conf_mode/interfaces-openvpn.py | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/src/conf_mode/interfaces-openvpn.py b/src/conf_mode/interfaces-openvpn.py
index 8f660fe1d..1e76147dd 100755
--- a/src/conf_mode/interfaces-openvpn.py
+++ b/src/conf_mode/interfaces-openvpn.py
@@ -82,26 +82,25 @@ def get_config(config=None):
     tmp_pki = conf.get_config_dict(['pki'], key_mangling=('-', '_'),
                                 get_first_key=True, no_tag_node_value_mangle=True)
 
-    # We have to get the dict using 'get_config_dict' instead of 'get_interface_dict'
-    # as 'get_interface_dict' merges the defaults in, so we can not check for defaults in there.
-    tmp_openvpn = conf.get_config_dict(base + [os.environ['VYOS_TAGNODE_VALUE']], key_mangling=('-', '_'),
-                                get_first_key=True, no_tag_node_value_mangle=True)
-
     openvpn = get_interface_dict(conf, base)
 
     if 'deleted' not in openvpn:
         openvpn['pki'] = tmp_pki
 
+        # We have to get the dict using 'get_config_dict' instead of 'get_interface_dict'
+        # as 'get_interface_dict' merges the defaults in, so we can not check for defaults in there.
+        tmp = conf.get_config_dict(base + [openvpn['ifname']], get_first_key=True)
+
+        # We have to cleanup the config dict, as default values could enable features
+        # which are not explicitly enabled on the CLI. Example: server mfa totp
+        # originate comes with defaults, which will enable the
+        # totp plugin, even when not set via CLI so we
+        # need to check this first and drop those keys
+        if dict_search('server.mfa.totp', tmp) == None:
+            del openvpn['server']['mfa']
+
     openvpn['auth_user_pass_file'] = '/run/openvpn/{ifname}.pw'.format(**openvpn)
 
-    # We have to cleanup the config dict, as default values could enable features
-    # which are not explicitly enabled on the CLI. Example: server mfa totp
-    # originate comes with defaults, which will enable the
-    # totp plugin, even when not set via CLI so we
-    # need to check this first and drop those keys
-    if dict_search('server.totp', tmp_openvpn) == None and dict_search('server', tmp_openvpn) != None:
-        del openvpn['server']['mfa']['totp']
-        
     return openvpn
 
 def is_ec_private_key(pki, cert_name):
-- 
cgit v1.2.3