Rewriting the SNMP configuration as XML/Python requires that the running VyOS configuration is altered by the python script. This is aweful.
The reason is that if a user specifies a plaintext password it will be converted to an encrypted one during SNMP startup. Later this encrypted pasword is re-read and set as encrypted-key in the running config whereas the plaintext-key node is deleted.
os.system('/opt/vyatta/sbin/my_delete service snmp v3 user "nms" auth plaintext-key')
sh: /validate-value.py: No such file or directory
The available environment has been extracted using os.system('env')
The current workaround in https://github.com/vyos/vyos-1x/commit/0d38d4f13c24450aaa7b1a0a748e5f007b73ba8f is more than ugly (definition of the environment variable before calling the script)