diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index 5b9efe379a..0f6174f43c 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -43,6 +43,7 @@ if [ -n "$CERTS" ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" elif [ -n "$X509" ]; then SERVER_CRT=$(extract_field "$X509" '.server_crt') SERVER_KEY=$(extract_field "$X509" '.server_key') diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index ad1dcedd15..d7390218bc 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -42,6 +42,9 @@ if [ -n "$CERTS" ]; then if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi + + # Reuse GNMI_CLIENT_CERT for telemetry service + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" elif [ -n "$X509" ]; then SERVER_CRT=$(extract_field "$X509" '.server_crt') SERVER_KEY=$(extract_field "$X509" '.server_key') diff --git a/src/sonic-yang-models/tests/files/sample_config_db.json b/src/sonic-yang-models/tests/files/sample_config_db.json index ad26395085..261c067d4f 100644 --- a/src/sonic-yang-models/tests/files/sample_config_db.json +++ b/src/sonic-yang-models/tests/files/sample_config_db.json @@ -1404,6 +1404,14 @@ "role": "RO" } }, + "GNMI_CLIENT_CERT": { + "testcert1": { + "role": "RW" + }, + "testcert2": { + "role": "RO" + } + }, "TUNNEL": { "MuxTunnel0": { "dscp_mode": "uniform", diff --git a/src/sonic-yang-models/yang-models/sonic-gnmi.yang b/src/sonic-yang-models/yang-models/sonic-gnmi.yang index 389bac7a12..f0355842e6 100644 --- a/src/sonic-yang-models/yang-models/sonic-gnmi.yang +++ b/src/sonic-yang-models/yang-models/sonic-gnmi.yang @@ -99,6 +99,7 @@ module sonic-gnmi { description "GNMI client cert list"; list GNMI_CLIENT_CERT_LIST { + max-elements 8; key "cert_cname"; leaf cert_cname {