From 9a401e57c418bf0293a1e78ddf034e94067932df Mon Sep 17 00:00:00 2001 From: liuh-80 Date: Thu, 9 Jan 2025 07:18:53 +0000 Subject: [PATCH 01/19] Enable gnmi/telemetry user authorization by config_db --- dockers/docker-sonic-gnmi/gnmi-native.sh | 8 ++++++-- dockers/docker-sonic-telemetry/telemetry.sh | 11 ++++++++--- src/sonic-yang-models/yang-models/sonic-gnmi.yang | 5 +++++ .../yang-models/sonic-telemetry.yang | 5 +++++ 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index 8dae895d89d..7a31f0e7f0a 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -37,8 +37,6 @@ if [ -n "$CERTS" ]; then if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi - - TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" elif [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') @@ -69,6 +67,12 @@ if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then TELEMETRY_ARGS+=" --allow_no_client_auth" fi +USER_AUTH=$(echo $GNMI | jq -r '.user_auth') +if [ ! -z $USER_AUTH ] then + TELEMETRY_ARGS+=" --user_auth $USER_AUTH" + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" +fi + LOG_LEVEL=$(echo $GNMI | jq -r '.log_level') if [[ $LOG_LEVEL =~ ^[0-9]+$ ]]; then TELEMETRY_ARGS+=" -v=$LOG_LEVEL" diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index 2428922b57f..cdf60065ae8 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -37,9 +37,6 @@ if [ -n "$CERTS" ]; then if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi - - # Reuse GNMI_CLIENT_CERT for telemetry service - TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" elif [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') @@ -70,6 +67,14 @@ if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then TELEMETRY_ARGS+=" --allow_no_client_auth" fi +USER_AUTH=$(echo $GNMI | jq -r '.user_auth') +if [ ! -z $USER_AUTH ] then + TELEMETRY_ARGS+=" --user_auth $USER_AUTH" + + # Reuse GNMI_CLIENT_CERT for telemetry service + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" +fi + LOG_LEVEL=$(echo $GNMI | jq -r '.log_level') if [[ $LOG_LEVEL =~ ^[0-9]+$ ]]; then TELEMETRY_ARGS+=" -v=$LOG_LEVEL" diff --git a/src/sonic-yang-models/yang-models/sonic-gnmi.yang b/src/sonic-yang-models/yang-models/sonic-gnmi.yang index d33ea35083d..fe996d6cfd3 100644 --- a/src/sonic-yang-models/yang-models/sonic-gnmi.yang +++ b/src/sonic-yang-models/yang-models/sonic-gnmi.yang @@ -85,6 +85,11 @@ module sonic-gnmi { type uint32; description "Certificate revocation list cache expire duration."; } + + leaf user_auth { + type string; + description "GNMI service user authorization type."; + } } } diff --git a/src/sonic-yang-models/yang-models/sonic-telemetry.yang b/src/sonic-yang-models/yang-models/sonic-telemetry.yang index 239f23666dd..01d348aeea6 100644 --- a/src/sonic-yang-models/yang-models/sonic-telemetry.yang +++ b/src/sonic-yang-models/yang-models/sonic-telemetry.yang @@ -85,6 +85,11 @@ module sonic-telemetry { type uint32; description "Certificate revocation list cache expire duration."; } + + leaf user_auth { + type string; + description "GNMI service user authorization type."; + } } } From 05f42c0b8de5e4139310eeb0f054699d8c6811d9 Mon Sep 17 00:00:00 2001 From: liuh-80 Date: Thu, 9 Jan 2025 07:22:34 +0000 Subject: [PATCH 02/19] Update yang model --- src/sonic-yang-models/yang-models/sonic-telemetry.yang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-yang-models/yang-models/sonic-telemetry.yang b/src/sonic-yang-models/yang-models/sonic-telemetry.yang index 01d348aeea6..a7b641cd33b 100644 --- a/src/sonic-yang-models/yang-models/sonic-telemetry.yang +++ b/src/sonic-yang-models/yang-models/sonic-telemetry.yang @@ -88,7 +88,7 @@ module sonic-telemetry { leaf user_auth { type string; - description "GNMI service user authorization type."; + description "Telemetry service user authorization type."; } } From fa702a4ac0f572e7b1933722ea3a6091f3f7bcee Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Thu, 9 Jan 2025 16:30:51 +0800 Subject: [PATCH 03/19] Rename `--user_auth` to `--client_auth` --- dockers/docker-sonic-gnmi/gnmi-native.sh | 2 +- dockers/docker-sonic-telemetry/telemetry.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index 7a31f0e7f0a..da391c507ea 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -69,7 +69,7 @@ fi USER_AUTH=$(echo $GNMI | jq -r '.user_auth') if [ ! -z $USER_AUTH ] then - TELEMETRY_ARGS+=" --user_auth $USER_AUTH" + TELEMETRY_ARGS+=" --client_auth $USER_AUTH" TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" fi diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index cdf60065ae8..7aeb7610c55 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -69,7 +69,7 @@ fi USER_AUTH=$(echo $GNMI | jq -r '.user_auth') if [ ! -z $USER_AUTH ] then - TELEMETRY_ARGS+=" --user_auth $USER_AUTH" + TELEMETRY_ARGS+=" --client_auth $USER_AUTH" # Reuse GNMI_CLIENT_CERT for telemetry service TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" From 1af6a5fe037e62561ea7ccfb6798bfce6b0df5a7 Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Thu, 9 Jan 2025 16:35:12 +0800 Subject: [PATCH 04/19] Add user_auth pattern to YANG models --- src/sonic-yang-models/yang-models/sonic-gnmi.yang | 1 + src/sonic-yang-models/yang-models/sonic-telemetry.yang | 1 + 2 files changed, 2 insertions(+) diff --git a/src/sonic-yang-models/yang-models/sonic-gnmi.yang b/src/sonic-yang-models/yang-models/sonic-gnmi.yang index fe996d6cfd3..7f45bbf063a 100644 --- a/src/sonic-yang-models/yang-models/sonic-gnmi.yang +++ b/src/sonic-yang-models/yang-models/sonic-gnmi.yang @@ -88,6 +88,7 @@ module sonic-gnmi { leaf user_auth { type string; + pattern "password|jwt|cert"; description "GNMI service user authorization type."; } } diff --git a/src/sonic-yang-models/yang-models/sonic-telemetry.yang b/src/sonic-yang-models/yang-models/sonic-telemetry.yang index a7b641cd33b..a828f1f0763 100644 --- a/src/sonic-yang-models/yang-models/sonic-telemetry.yang +++ b/src/sonic-yang-models/yang-models/sonic-telemetry.yang @@ -88,6 +88,7 @@ module sonic-telemetry { leaf user_auth { type string; + pattern "password|jwt|cert"; description "Telemetry service user authorization type."; } } From 476a569d9aba7b5c83aef8db0da60103365d8f53 Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Thu, 9 Jan 2025 18:15:03 +0800 Subject: [PATCH 05/19] Refactor user_auth type definition --- src/sonic-yang-models/yang-models/sonic-gnmi.yang | 5 +++-- src/sonic-yang-models/yang-models/sonic-telemetry.yang | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/sonic-yang-models/yang-models/sonic-gnmi.yang b/src/sonic-yang-models/yang-models/sonic-gnmi.yang index 7f45bbf063a..f0355842e6f 100644 --- a/src/sonic-yang-models/yang-models/sonic-gnmi.yang +++ b/src/sonic-yang-models/yang-models/sonic-gnmi.yang @@ -87,8 +87,9 @@ module sonic-gnmi { } leaf user_auth { - type string; - pattern "password|jwt|cert"; + type string { + pattern 'password|jwt|cert'; + } description "GNMI service user authorization type."; } } diff --git a/src/sonic-yang-models/yang-models/sonic-telemetry.yang b/src/sonic-yang-models/yang-models/sonic-telemetry.yang index a828f1f0763..825fde053ca 100644 --- a/src/sonic-yang-models/yang-models/sonic-telemetry.yang +++ b/src/sonic-yang-models/yang-models/sonic-telemetry.yang @@ -87,8 +87,9 @@ module sonic-telemetry { } leaf user_auth { - type string; - pattern "password|jwt|cert"; + type string { + pattern 'password|jwt|cert'; + } description "Telemetry service user authorization type."; } } From 47de0d885ca4e350a6ee58315358be66b71751b2 Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Fri, 10 Jan 2025 10:02:54 +0800 Subject: [PATCH 06/19] Refactor user authentication handling in scripts --- dockers/docker-sonic-gnmi/gnmi-native.sh | 12 ++++++------ dockers/docker-sonic-telemetry/telemetry.sh | 16 ++++++++-------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index da391c507ea..1b5095f109e 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -50,6 +50,12 @@ elif [ -n "$X509" ]; then if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi + + USER_AUTH=$(echo $GNMI | jq -r '.user_auth') + if [ ! -z $USER_AUTH ] then + TELEMETRY_ARGS+=" --client_auth $USER_AUTH" + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" + fi else TELEMETRY_ARGS+=" --noTLS" fi @@ -67,12 +73,6 @@ if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then TELEMETRY_ARGS+=" --allow_no_client_auth" fi -USER_AUTH=$(echo $GNMI | jq -r '.user_auth') -if [ ! -z $USER_AUTH ] then - TELEMETRY_ARGS+=" --client_auth $USER_AUTH" - TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" -fi - LOG_LEVEL=$(echo $GNMI | jq -r '.log_level') if [[ $LOG_LEVEL =~ ^[0-9]+$ ]]; then TELEMETRY_ARGS+=" -v=$LOG_LEVEL" diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index 7aeb7610c55..3ca069484b4 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -50,6 +50,14 @@ elif [ -n "$X509" ]; then if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi + + USER_AUTH=$(echo $GNMI | jq -r '.user_auth') + if [ ! -z $USER_AUTH ] then + TELEMETRY_ARGS+=" --client_auth $USER_AUTH" + + # Reuse GNMI_CLIENT_CERT for telemetry service + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" + fi else TELEMETRY_ARGS+=" --noTLS" fi @@ -67,14 +75,6 @@ if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then TELEMETRY_ARGS+=" --allow_no_client_auth" fi -USER_AUTH=$(echo $GNMI | jq -r '.user_auth') -if [ ! -z $USER_AUTH ] then - TELEMETRY_ARGS+=" --client_auth $USER_AUTH" - - # Reuse GNMI_CLIENT_CERT for telemetry service - TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" -fi - LOG_LEVEL=$(echo $GNMI | jq -r '.log_level') if [[ $LOG_LEVEL =~ ^[0-9]+$ ]]; then TELEMETRY_ARGS+=" -v=$LOG_LEVEL" From 24bb572e65211e788008355f8d3bf26bb4675f9d Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Fri, 10 Jan 2025 11:23:14 +0800 Subject: [PATCH 07/19] Remove max-elements constraint from GNMI_CLIENT_CERT_LIST --- src/sonic-yang-models/yang-models/sonic-gnmi.yang | 1 - 1 file changed, 1 deletion(-) diff --git a/src/sonic-yang-models/yang-models/sonic-gnmi.yang b/src/sonic-yang-models/yang-models/sonic-gnmi.yang index f0355842e6f..389bac7a125 100644 --- a/src/sonic-yang-models/yang-models/sonic-gnmi.yang +++ b/src/sonic-yang-models/yang-models/sonic-gnmi.yang @@ -99,7 +99,6 @@ module sonic-gnmi { description "GNMI client cert list"; list GNMI_CLIENT_CERT_LIST { - max-elements 8; key "cert_cname"; leaf cert_cname { From 13b292af5d45894a75819ad9ad04995877e318b3 Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Fri, 10 Jan 2025 15:46:18 +0800 Subject: [PATCH 08/19] Refactor user authentication handling in scripts --- dockers/docker-sonic-gnmi/gnmi-native.sh | 12 ++++++------ dockers/docker-sonic-telemetry/telemetry.sh | 16 ++++++++-------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index 1b5095f109e..686c7f84cfa 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -37,6 +37,12 @@ if [ -n "$CERTS" ]; then if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi + + USER_AUTH=$(echo $GNMI | jq -r '.user_auth') + if [ ! -z $USER_AUTH ] then + TELEMETRY_ARGS+=" --client_auth $USER_AUTH" + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" + fi elif [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') @@ -50,12 +56,6 @@ elif [ -n "$X509" ]; then if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi - - USER_AUTH=$(echo $GNMI | jq -r '.user_auth') - if [ ! -z $USER_AUTH ] then - TELEMETRY_ARGS+=" --client_auth $USER_AUTH" - TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" - fi else TELEMETRY_ARGS+=" --noTLS" fi diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index 3ca069484b4..858a55f2b82 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -37,6 +37,14 @@ if [ -n "$CERTS" ]; then if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi + + USER_AUTH=$(echo $GNMI | jq -r '.user_auth') + if [ ! -z $USER_AUTH ] then + TELEMETRY_ARGS+=" --client_auth $USER_AUTH" + + # Reuse GNMI_CLIENT_CERT for telemetry service + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" + fi elif [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') @@ -50,14 +58,6 @@ elif [ -n "$X509" ]; then if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi - - USER_AUTH=$(echo $GNMI | jq -r '.user_auth') - if [ ! -z $USER_AUTH ] then - TELEMETRY_ARGS+=" --client_auth $USER_AUTH" - - # Reuse GNMI_CLIENT_CERT for telemetry service - TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" - fi else TELEMETRY_ARGS+=" --noTLS" fi From 423914b901051d7bef839775b1d43f13726855a8 Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Fri, 10 Jan 2025 15:49:37 +0800 Subject: [PATCH 09/19] Fix syntax error in shell scripts --- dockers/docker-sonic-gnmi/gnmi-native.sh | 2 +- dockers/docker-sonic-telemetry/telemetry.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index 686c7f84cfa..1e2616e5a3a 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -39,7 +39,7 @@ if [ -n "$CERTS" ]; then fi USER_AUTH=$(echo $GNMI | jq -r '.user_auth') - if [ ! -z $USER_AUTH ] then + if [ ! -z $USER_AUTH ]; then TELEMETRY_ARGS+=" --client_auth $USER_AUTH" TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" fi diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index 858a55f2b82..da7b0b95e82 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -39,7 +39,7 @@ if [ -n "$CERTS" ]; then fi USER_AUTH=$(echo $GNMI | jq -r '.user_auth') - if [ ! -z $USER_AUTH ] then + if [ ! -z $USER_AUTH ]; then TELEMETRY_ARGS+=" --client_auth $USER_AUTH" # Reuse GNMI_CLIENT_CERT for telemetry service From 8b4b884336e7a0afd3f99602c3be2e7687d1fb76 Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Fri, 10 Jan 2025 21:55:23 +0800 Subject: [PATCH 10/19] Refactor user authentication handling in telemetry scripts --- dockers/docker-sonic-gnmi/gnmi-native.sh | 11 ++++++----- dockers/docker-sonic-telemetry/telemetry.sh | 14 +++++++------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index 1e2616e5a3a..ecabbfb62c7 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -38,11 +38,7 @@ if [ -n "$CERTS" ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi - USER_AUTH=$(echo $GNMI | jq -r '.user_auth') - if [ ! -z $USER_AUTH ]; then - TELEMETRY_ARGS+=" --client_auth $USER_AUTH" - TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" - fi + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" elif [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') @@ -130,4 +126,9 @@ else fi fi +USER_AUTH=$(echo $GNMI | jq -r '.user_auth') +if [ ! -z $USER_AUTH ]; then + TELEMETRY_ARGS+=" --client_auth $USER_AUTH" +fi + exec /usr/sbin/telemetry ${TELEMETRY_ARGS} diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index da7b0b95e82..d5d53b93294 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -38,13 +38,8 @@ if [ -n "$CERTS" ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi - USER_AUTH=$(echo $GNMI | jq -r '.user_auth') - if [ ! -z $USER_AUTH ]; then - TELEMETRY_ARGS+=" --client_auth $USER_AUTH" - - # Reuse GNMI_CLIENT_CERT for telemetry service - TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" - fi + # Reuse GNMI_CLIENT_CERT for telemetry service + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" elif [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') @@ -129,4 +124,9 @@ else fi TELEMETRY_ARGS+=" -gnmi_native_write=false" +USER_AUTH=$(echo $GNMI | jq -r '.user_auth') +if [ ! -z $USER_AUTH ]; then + TELEMETRY_ARGS+=" --client_auth $USER_AUTH" +fi + exec /usr/sbin/telemetry ${TELEMETRY_ARGS} From 30f4d6455899e9108f057fd416d3dc56c63225a3 Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Mon, 13 Jan 2025 13:58:55 +0800 Subject: [PATCH 11/19] Add debug echo for telemetry arguments --- dockers/docker-sonic-gnmi/gnmi-native.sh | 1 + dockers/docker-sonic-telemetry/telemetry.sh | 1 + 2 files changed, 2 insertions(+) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index ecabbfb62c7..44b1d80b92e 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -131,4 +131,5 @@ if [ ! -z $USER_AUTH ]; then TELEMETRY_ARGS+=" --client_auth $USER_AUTH" fi +echo "gnmi args: $TELEMETRY_ARGS" exec /usr/sbin/telemetry ${TELEMETRY_ARGS} diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index d5d53b93294..74828f49ddc 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -129,4 +129,5 @@ if [ ! -z $USER_AUTH ]; then TELEMETRY_ARGS+=" --client_auth $USER_AUTH" fi +echo "telemetry args: $TELEMETRY_ARGS" exec /usr/sbin/telemetry ${TELEMETRY_ARGS} From fe4090b5fc96a7762869048f1bda16e08e3cf26b Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Mon, 13 Jan 2025 14:26:51 +0800 Subject: [PATCH 12/19] Fix GNMI variable checks in scripts --- dockers/docker-sonic-gnmi/gnmi-native.sh | 4 ++-- dockers/docker-sonic-telemetry/telemetry.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index 44b1d80b92e..fea7fbdb98f 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -76,7 +76,7 @@ else TELEMETRY_ARGS+=" -v=2" fi -if [ -nz "$GNMI" ]; then +if [ ! -z "$GNMI" ]; then ENABLE_CRL=$(echo $GNMI | jq -r '.enable_crl') if [ $ENABLE_CRL == "true" ]; then TELEMETRY_ARGS+=" --enable_crl" @@ -127,7 +127,7 @@ else fi USER_AUTH=$(echo $GNMI | jq -r '.user_auth') -if [ ! -z $USER_AUTH ]; then +if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then TELEMETRY_ARGS+=" --client_auth $USER_AUTH" fi diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index 74828f49ddc..c10d747cba7 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -77,7 +77,7 @@ else TELEMETRY_ARGS+=" -v=2" fi -if [ -nz "$GNMI" ]; then +if [ ! -z "$GNMI" ]; then ENABLE_CRL=$(echo $GNMI | jq -r '.enable_crl') if [ $ENABLE_CRL == "true" ]; then TELEMETRY_ARGS+=" --enable_crl" @@ -125,7 +125,7 @@ fi TELEMETRY_ARGS+=" -gnmi_native_write=false" USER_AUTH=$(echo $GNMI | jq -r '.user_auth') -if [ ! -z $USER_AUTH ]; then +if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then TELEMETRY_ARGS+=" --client_auth $USER_AUTH" fi From 5253122d17802bbc0ccf1896fbc86e789d03ef23 Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Tue, 14 Jan 2025 13:35:08 +0800 Subject: [PATCH 13/19] Refactor GNMI client certificate handling --- dockers/docker-sonic-gnmi/gnmi-native.sh | 27 ++++++++++--------- dockers/docker-sonic-telemetry/telemetry.sh | 30 ++++++++++----------- 2 files changed, 29 insertions(+), 28 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index fea7fbdb98f..b5c90e3bec9 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -38,7 +38,6 @@ if [ -n "$CERTS" ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi - TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" elif [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') @@ -76,18 +75,6 @@ else TELEMETRY_ARGS+=" -v=2" fi -if [ ! -z "$GNMI" ]; then - ENABLE_CRL=$(echo $GNMI | jq -r '.enable_crl') - if [ $ENABLE_CRL == "true" ]; then - TELEMETRY_ARGS+=" --enable_crl" - fi - - CRL_EXPIRE_DURATION=$(echo $GNMI | jq -r '.crl_expire_duration') - if [ -n $CRL_EXPIRE_DURATION ]; then - TELEMETRY_ARGS+=" --crl_expire_duration $CRL_EXPIRE_DURATION" - fi -fi - # Enable ZMQ for SmartSwitch LOCALHOST_SUBTYPE=`sonic-db-cli CONFIG_DB hget "DEVICE_METADATA|localhost" "subtype"` if [[ x"${LOCALHOST_SUBTYPE}" == x"SmartSwitch" ]]; then @@ -129,6 +116,20 @@ fi USER_AUTH=$(echo $GNMI | jq -r '.user_auth') if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then TELEMETRY_ARGS+=" --client_auth $USER_AUTH" + + if [ $USER_AUTH == "cert" ]; then + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" + + ENABLE_CRL=$(echo $GNMI | jq -r '.enable_crl') + if [ $ENABLE_CRL == "true" ]; then + TELEMETRY_ARGS+=" --enable_crl" + fi + + CRL_EXPIRE_DURATION=$(echo $GNMI | jq -r '.crl_expire_duration') + if [ ! -z "$CRL_EXPIRE_DURATI"ON ] && [ $CRL_EXPIRE_DURATION != "null" ]; then + TELEMETRY_ARGS+=" --crl_expire_duration $CRL_EXPIRE_DURATION" + fi + fi fi echo "gnmi args: $TELEMETRY_ARGS" diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index c10d747cba7..c95c12293cc 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -37,9 +37,6 @@ if [ -n "$CERTS" ]; then if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi - - # Reuse GNMI_CLIENT_CERT for telemetry service - TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" elif [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') @@ -77,18 +74,6 @@ else TELEMETRY_ARGS+=" -v=2" fi -if [ ! -z "$GNMI" ]; then - ENABLE_CRL=$(echo $GNMI | jq -r '.enable_crl') - if [ $ENABLE_CRL == "true" ]; then - TELEMETRY_ARGS+=" --enable_crl" - fi - - CRL_EXPIRE_DURATION=$(echo $GNMI | jq -r '.crl_expire_duration') - if [ -n $CRL_EXPIRE_DURATION ]; then - TELEMETRY_ARGS+=" --crl_expire_duration $CRL_EXPIRE_DURATION" - fi -fi - # gNMI save-on-set behavior is disabled by default. # Save-on-set can be turned on by setting the "TELEMETRY|gnmi|save_on_set" # to "true". @@ -127,6 +112,21 @@ TELEMETRY_ARGS+=" -gnmi_native_write=false" USER_AUTH=$(echo $GNMI | jq -r '.user_auth') if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then TELEMETRY_ARGS+=" --client_auth $USER_AUTH" + + if [ $USER_AUTH == "cert" ]; then + # Reuse GNMI_CLIENT_CERT for telemetry service + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" + + ENABLE_CRL=$(echo $GNMI | jq -r '.enable_crl') + if [ $ENABLE_CRL == "true" ]; then + TELEMETRY_ARGS+=" --enable_crl" + fi + + CRL_EXPIRE_DURATION=$(echo $GNMI | jq -r '.crl_expire_duration') + if [ ! -z "$CRL_EXPIRE_DURATI"ON ] && [ $CRL_EXPIRE_DURATION != "null" ]; then + TELEMETRY_ARGS+=" --crl_expire_duration $CRL_EXPIRE_DURATION" + fi + fi fi echo "telemetry args: $TELEMETRY_ARGS" From 78ed03cf115026582ec7d9338a4917f8d4fa6ece Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Wed, 15 Jan 2025 10:04:07 +0800 Subject: [PATCH 14/19] Fix typo in CRL_EXPIRE_DURATION variable check --- dockers/docker-sonic-gnmi/gnmi-native.sh | 2 +- dockers/docker-sonic-telemetry/telemetry.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index b5c90e3bec9..dcf92a84f68 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -126,7 +126,7 @@ if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then fi CRL_EXPIRE_DURATION=$(echo $GNMI | jq -r '.crl_expire_duration') - if [ ! -z "$CRL_EXPIRE_DURATI"ON ] && [ $CRL_EXPIRE_DURATION != "null" ]; then + if [ ! -z "$CRL_EXPIRE_DURATION" ] && [ $CRL_EXPIRE_DURATION != "null" ]; then TELEMETRY_ARGS+=" --crl_expire_duration $CRL_EXPIRE_DURATION" fi fi diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index c95c12293cc..63b1163c022 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -123,7 +123,7 @@ if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then fi CRL_EXPIRE_DURATION=$(echo $GNMI | jq -r '.crl_expire_duration') - if [ ! -z "$CRL_EXPIRE_DURATI"ON ] && [ $CRL_EXPIRE_DURATION != "null" ]; then + if [ ! -z "$CRL_EXPIRE_DURATION" ] && [ $CRL_EXPIRE_DURATION != "null" ]; then TELEMETRY_ARGS+=" --crl_expire_duration $CRL_EXPIRE_DURATION" fi fi From bfa73a8945aeb793191d1c31e0f853387f691c5d Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Sat, 8 Feb 2025 11:06:01 +0800 Subject: [PATCH 15/19] Refactor JSON field extraction in scripts --- dockers/docker-sonic-gnmi/gnmi-native.sh | 52 ++++++++++++--------- dockers/docker-sonic-telemetry/telemetry.sh | 52 ++++++++++++--------- 2 files changed, 58 insertions(+), 46 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index dcf92a84f68..f2b93754474 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -3,6 +3,12 @@ EXIT_TELEMETRY_VARS_FILE_NOT_FOUND=1 INCORRECT_TELEMETRY_VALUE=2 TELEMETRY_VARS_FILE=/usr/share/sonic/templates/telemetry_vars.j2 +ESCAPE_QUOTE="'\''" + +Extract_json_field() { + value=$(echo $1 | jq -r $2) + echo "${value//\'/${ESCAPE_QUOTE}}" +} if [ ! -f "$TELEMETRY_VARS_FILE" ]; then echo "Telemetry vars template file not found" @@ -25,31 +31,31 @@ TELEMETRY_ARGS=" -logtostderr" export CVL_SCHEMA_PATH=/usr/sbin/schema if [ -n "$CERTS" ]; then - SERVER_CRT=$(echo $CERTS | jq -r '.server_crt') - SERVER_KEY=$(echo $CERTS | jq -r '.server_key') + SERVER_CRT=$(Extract_json_field "$CERTS" '.server_crt') + SERVER_KEY=$(Extract_json_field "$CERTS" '.server_key') if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then TELEMETRY_ARGS+=" --insecure" else - TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY " + TELEMETRY_ARGS+=" --server_crt '$SERVER_CRT' --server_key '$SERVER_KEY' " fi - CA_CRT=$(echo $CERTS | jq -r '.ca_crt') + CA_CRT=$(Extract_json_field "$CERTS" '.ca_crt') if [ ! -z $CA_CRT ]; then - TELEMETRY_ARGS+=" --ca_crt $CA_CRT" + TELEMETRY_ARGS+=" --ca_crt '$CA_CRT'" fi elif [ -n "$X509" ]; then - SERVER_CRT=$(echo $X509 | jq -r '.server_crt') - SERVER_KEY=$(echo $X509 | jq -r '.server_key') + SERVER_CRT=$(Extract_json_field "$X509" '.server_crt') + SERVER_KEY=$(Extract_json_field "$X509" '.server_key') if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then TELEMETRY_ARGS+=" --insecure" else - TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY " + TELEMETRY_ARGS+=" --server_crt '$SERVER_CRT' --server_key '$SERVER_KEY' " fi - CA_CRT=$(echo $X509 | jq -r '.ca_crt') + CA_CRT=$(Extract_json_field "$X509" '.ca_crt') if [ ! -z $CA_CRT ]; then - TELEMETRY_ARGS+=" --ca_crt $CA_CRT" + TELEMETRY_ARGS+=" --ca_crt '$CA_CRT'" fi else TELEMETRY_ARGS+=" --noTLS" @@ -59,18 +65,18 @@ fi if [ -z "$GNMI" ]; then PORT=8080 else - PORT=$(echo $GNMI | jq -r '.port') + PORT=$(Extract_json_field "$GNMI" '.port') fi -TELEMETRY_ARGS+=" --port $PORT" +TELEMETRY_ARGS+=" --port '$PORT'" -CLIENT_AUTH=$(echo $GNMI | jq -r '.client_auth') +CLIENT_AUTH=$(Extract_json_field "$GNMI" '.client_auth') if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then TELEMETRY_ARGS+=" --allow_no_client_auth" fi -LOG_LEVEL=$(echo $GNMI | jq -r '.log_level') +LOG_LEVEL=$(Extract_json_field "$GNMI" '.log_level') if [[ $LOG_LEVEL =~ ^[0-9]+$ ]]; then - TELEMETRY_ARGS+=" -v=$LOG_LEVEL" + TELEMETRY_ARGS+=" -v='$LOG_LEVEL'" else TELEMETRY_ARGS+=" -v=2" fi @@ -88,9 +94,9 @@ if [[ x"${MGMT_VRF_ENABLED}" == x"true" ]]; then fi # Server will handle threshold connections consecutively -THRESHOLD_CONNECTIONS=$(echo $GNMI | jq -r '.threshold') +THRESHOLD_CONNECTIONS=$(Extract_json_field "$GNMI" '.threshold') if [[ $THRESHOLD_CONNECTIONS =~ ^[0-9]+$ ]]; then - TELEMETRY_ARGS+=" --threshold $THRESHOLD_CONNECTIONS" + TELEMETRY_ARGS+=" --threshold '$THRESHOLD_CONNECTIONS'" else if [ -z "$GNMI" ] || [[ $THRESHOLD_CONNECTIONS == "null" ]]; then TELEMETRY_ARGS+=" --threshold 100" @@ -101,9 +107,9 @@ else fi # Close idle connections after certain duration (in seconds) -IDLE_CONN_DURATION=$(echo $GNMI | jq -r '.idle_conn_duration') +IDLE_CONN_DURATION=$(Extract_json_field "$GNMI" '.idle_conn_duration') if [[ $IDLE_CONN_DURATION =~ ^[0-9]+$ ]]; then - TELEMETRY_ARGS+=" --idle_conn_duration $IDLE_CONN_DURATION" + TELEMETRY_ARGS+=" --idle_conn_duration '$IDLE_CONN_DURATION'" else if [ -z "$GNMI" ] || [[ $IDLE_CONN_DURATION == "null" ]]; then TELEMETRY_ARGS+=" --idle_conn_duration 5" @@ -113,9 +119,9 @@ else fi fi -USER_AUTH=$(echo $GNMI | jq -r '.user_auth') +USER_AUTH=$(Extract_json_field "$GNMI" '.user_auth') if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then - TELEMETRY_ARGS+=" --client_auth $USER_AUTH" + TELEMETRY_ARGS+=" --client_auth '$USER_AUTH'" if [ $USER_AUTH == "cert" ]; then TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" @@ -125,9 +131,9 @@ if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then TELEMETRY_ARGS+=" --enable_crl" fi - CRL_EXPIRE_DURATION=$(echo $GNMI | jq -r '.crl_expire_duration') + CRL_EXPIRE_DURATION=$(Extract_json_field "$GNMI" '.crl_expire_duration') if [ ! -z "$CRL_EXPIRE_DURATION" ] && [ $CRL_EXPIRE_DURATION != "null" ]; then - TELEMETRY_ARGS+=" --crl_expire_duration $CRL_EXPIRE_DURATION" + TELEMETRY_ARGS+=" --crl_expire_duration '$CRL_EXPIRE_DURATION'" fi fi fi diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index 63b1163c022..5c4420e4e2d 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -3,6 +3,12 @@ EXIT_TELEMETRY_VARS_FILE_NOT_FOUND=1 INCORRECT_TELEMETRY_VALUE=2 TELEMETRY_VARS_FILE=/usr/share/sonic/templates/telemetry_vars.j2 +ESCAPE_QUOTE="'\''" + +Extract_json_field() { + value=$(echo $1 | jq -r $2) + echo "${value//\'/${ESCAPE_QUOTE}}" +} if [ ! -f "$TELEMETRY_VARS_FILE" ]; then echo "Telemetry vars template file not found" @@ -25,30 +31,30 @@ export CVL_SCHEMA_PATH=/usr/sbin/schema export GOTRACEBACK=crash if [ -n "$CERTS" ]; then - SERVER_CRT=$(echo $CERTS | jq -r '.server_crt') - SERVER_KEY=$(echo $CERTS | jq -r '.server_key') + SERVER_CRT=$(Extract_json_field "$CERTS" '.server_crt') + SERVER_KEY=$(Extract_json_field "$CERTS" '.server_key') if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then TELEMETRY_ARGS+=" --insecure" else - TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY " + TELEMETRY_ARGS+=" --server_crt '$SERVER_CRT' --server_key '$SERVER_KEY' " fi - CA_CRT=$(echo $CERTS | jq -r '.ca_crt') + CA_CRT=$(Extract_json_field "$CERTS" '.ca_crt') if [ ! -z $CA_CRT ]; then - TELEMETRY_ARGS+=" --ca_crt $CA_CRT" + TELEMETRY_ARGS+=" --ca_crt '$CA_CRT'" fi elif [ -n "$X509" ]; then - SERVER_CRT=$(echo $X509 | jq -r '.server_crt') - SERVER_KEY=$(echo $X509 | jq -r '.server_key') + SERVER_CRT=$(Extract_json_field "$X509" '.server_crt') + SERVER_KEY=$(Extract_json_field "$X509" '.server_key') if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then TELEMETRY_ARGS+=" --insecure" else - TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY " + TELEMETRY_ARGS+=" --server_crt '$SERVER_CRT' --server_key '$SERVER_KEY' " fi - CA_CRT=$(echo $X509 | jq -r '.ca_crt') + CA_CRT=$(Extract_json_field "$X509" '.ca_crt') if [ ! -z $CA_CRT ]; then - TELEMETRY_ARGS+=" --ca_crt $CA_CRT" + TELEMETRY_ARGS+=" --ca_crt '$CA_CRT'" fi else TELEMETRY_ARGS+=" --noTLS" @@ -58,18 +64,18 @@ fi if [ -z "$GNMI" ]; then PORT=8080 else - PORT=$(echo $GNMI | jq -r '.port') + PORT=$(Extract_json_field "$GNMI" '.port') fi -TELEMETRY_ARGS+=" --port $PORT" +TELEMETRY_ARGS+=" --port '$PORT'" -CLIENT_AUTH=$(echo $GNMI | jq -r '.client_auth') +CLIENT_AUTH=$(Extract_json_field "$GNMI" '.client_auth') if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then TELEMETRY_ARGS+=" --allow_no_client_auth" fi -LOG_LEVEL=$(echo $GNMI | jq -r '.log_level') +LOG_LEVEL=$(Extract_json_field "$GNMI" '.log_level') if [[ $LOG_LEVEL =~ ^[0-9]+$ ]]; then - TELEMETRY_ARGS+=" -v=$LOG_LEVEL" + TELEMETRY_ARGS+=" -v='$LOG_LEVEL'" else TELEMETRY_ARGS+=" -v=2" fi @@ -83,9 +89,9 @@ if [ ! -z "$SAVE_ON_SET" ]; then fi # Server will handle threshold connections consecutively -THRESHOLD_CONNECTIONS=$(echo $GNMI | jq -r '.threshold') +THRESHOLD_CONNECTIONS=$(Extract_json_field "$GNMI" '.threshold') if [[ $THRESHOLD_CONNECTIONS =~ ^[0-9]+$ ]]; then - TELEMETRY_ARGS+=" --threshold $THRESHOLD_CONNECTIONS" + TELEMETRY_ARGS+=" --threshold '$THRESHOLD_CONNECTIONS'" else if [ -z "$GNMI" ] || [[ $THRESHOLD_CONNECTIONS == "null" ]]; then TELEMETRY_ARGS+=" --threshold 100" @@ -96,9 +102,9 @@ else fi # Close idle connections after certain duration (in seconds) -IDLE_CONN_DURATION=$(echo $GNMI | jq -r '.idle_conn_duration') +IDLE_CONN_DURATION=$(Extract_json_field "$GNMI" '.idle_conn_duration') if [[ $IDLE_CONN_DURATION =~ ^[0-9]+$ ]]; then - TELEMETRY_ARGS+=" --idle_conn_duration $IDLE_CONN_DURATION" + TELEMETRY_ARGS+=" --idle_conn_duration '$IDLE_CONN_DURATION'" else if [ -z "$GNMI" ] || [[ $IDLE_CONN_DURATION == "null" ]]; then TELEMETRY_ARGS+=" --idle_conn_duration 5" @@ -109,9 +115,9 @@ else fi TELEMETRY_ARGS+=" -gnmi_native_write=false" -USER_AUTH=$(echo $GNMI | jq -r '.user_auth') +USER_AUTH=$(Extract_json_field "$GNMI" '.user_auth') if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then - TELEMETRY_ARGS+=" --client_auth $USER_AUTH" + TELEMETRY_ARGS+=" --client_auth '$USER_AUTH'" if [ $USER_AUTH == "cert" ]; then # Reuse GNMI_CLIENT_CERT for telemetry service @@ -122,9 +128,9 @@ if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then TELEMETRY_ARGS+=" --enable_crl" fi - CRL_EXPIRE_DURATION=$(echo $GNMI | jq -r '.crl_expire_duration') + CRL_EXPIRE_DURATION=$(Extract_json_field "$GNMI" '.crl_expire_duration') if [ ! -z "$CRL_EXPIRE_DURATION" ] && [ $CRL_EXPIRE_DURATION != "null" ]; then - TELEMETRY_ARGS+=" --crl_expire_duration $CRL_EXPIRE_DURATION" + TELEMETRY_ARGS+=" --crl_expire_duration '$CRL_EXPIRE_DURATION'" fi fi fi From d4b3572d9ca117644a6d206d30e109532af34069 Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Mon, 10 Feb 2025 10:12:38 +0800 Subject: [PATCH 16/19] Rename `Extract_json_field` to `extract_field` --- dockers/docker-sonic-gnmi/gnmi-native.sh | 28 ++++++++++----------- dockers/docker-sonic-telemetry/telemetry.sh | 28 ++++++++++----------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index f2b93754474..9b8a7dbe87a 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -5,7 +5,7 @@ INCORRECT_TELEMETRY_VALUE=2 TELEMETRY_VARS_FILE=/usr/share/sonic/templates/telemetry_vars.j2 ESCAPE_QUOTE="'\''" -Extract_json_field() { +extract_field() { value=$(echo $1 | jq -r $2) echo "${value//\'/${ESCAPE_QUOTE}}" } @@ -31,29 +31,29 @@ TELEMETRY_ARGS=" -logtostderr" export CVL_SCHEMA_PATH=/usr/sbin/schema if [ -n "$CERTS" ]; then - SERVER_CRT=$(Extract_json_field "$CERTS" '.server_crt') - SERVER_KEY=$(Extract_json_field "$CERTS" '.server_key') + SERVER_CRT=$(extract_field "$CERTS" '.server_crt') + SERVER_KEY=$(extract_field "$CERTS" '.server_key') if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then TELEMETRY_ARGS+=" --insecure" else TELEMETRY_ARGS+=" --server_crt '$SERVER_CRT' --server_key '$SERVER_KEY' " fi - CA_CRT=$(Extract_json_field "$CERTS" '.ca_crt') + CA_CRT=$(extract_field "$CERTS" '.ca_crt') if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt '$CA_CRT'" fi elif [ -n "$X509" ]; then - SERVER_CRT=$(Extract_json_field "$X509" '.server_crt') - SERVER_KEY=$(Extract_json_field "$X509" '.server_key') + SERVER_CRT=$(extract_field "$X509" '.server_crt') + SERVER_KEY=$(extract_field "$X509" '.server_key') if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then TELEMETRY_ARGS+=" --insecure" else TELEMETRY_ARGS+=" --server_crt '$SERVER_CRT' --server_key '$SERVER_KEY' " fi - CA_CRT=$(Extract_json_field "$X509" '.ca_crt') + CA_CRT=$(extract_field "$X509" '.ca_crt') if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt '$CA_CRT'" fi @@ -65,16 +65,16 @@ fi if [ -z "$GNMI" ]; then PORT=8080 else - PORT=$(Extract_json_field "$GNMI" '.port') + PORT=$(extract_field "$GNMI" '.port') fi TELEMETRY_ARGS+=" --port '$PORT'" -CLIENT_AUTH=$(Extract_json_field "$GNMI" '.client_auth') +CLIENT_AUTH=$(extract_field "$GNMI" '.client_auth') if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then TELEMETRY_ARGS+=" --allow_no_client_auth" fi -LOG_LEVEL=$(Extract_json_field "$GNMI" '.log_level') +LOG_LEVEL=$(extract_field "$GNMI" '.log_level') if [[ $LOG_LEVEL =~ ^[0-9]+$ ]]; then TELEMETRY_ARGS+=" -v='$LOG_LEVEL'" else @@ -94,7 +94,7 @@ if [[ x"${MGMT_VRF_ENABLED}" == x"true" ]]; then fi # Server will handle threshold connections consecutively -THRESHOLD_CONNECTIONS=$(Extract_json_field "$GNMI" '.threshold') +THRESHOLD_CONNECTIONS=$(extract_field "$GNMI" '.threshold') if [[ $THRESHOLD_CONNECTIONS =~ ^[0-9]+$ ]]; then TELEMETRY_ARGS+=" --threshold '$THRESHOLD_CONNECTIONS'" else @@ -107,7 +107,7 @@ else fi # Close idle connections after certain duration (in seconds) -IDLE_CONN_DURATION=$(Extract_json_field "$GNMI" '.idle_conn_duration') +IDLE_CONN_DURATION=$(extract_field "$GNMI" '.idle_conn_duration') if [[ $IDLE_CONN_DURATION =~ ^[0-9]+$ ]]; then TELEMETRY_ARGS+=" --idle_conn_duration '$IDLE_CONN_DURATION'" else @@ -119,7 +119,7 @@ else fi fi -USER_AUTH=$(Extract_json_field "$GNMI" '.user_auth') +USER_AUTH=$(extract_field "$GNMI" '.user_auth') if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then TELEMETRY_ARGS+=" --client_auth '$USER_AUTH'" @@ -131,7 +131,7 @@ if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then TELEMETRY_ARGS+=" --enable_crl" fi - CRL_EXPIRE_DURATION=$(Extract_json_field "$GNMI" '.crl_expire_duration') + CRL_EXPIRE_DURATION=$(extract_field "$GNMI" '.crl_expire_duration') if [ ! -z "$CRL_EXPIRE_DURATION" ] && [ $CRL_EXPIRE_DURATION != "null" ]; then TELEMETRY_ARGS+=" --crl_expire_duration '$CRL_EXPIRE_DURATION'" fi diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index 5c4420e4e2d..b6adb65ca33 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -5,7 +5,7 @@ INCORRECT_TELEMETRY_VALUE=2 TELEMETRY_VARS_FILE=/usr/share/sonic/templates/telemetry_vars.j2 ESCAPE_QUOTE="'\''" -Extract_json_field() { +extract_field() { value=$(echo $1 | jq -r $2) echo "${value//\'/${ESCAPE_QUOTE}}" } @@ -31,28 +31,28 @@ export CVL_SCHEMA_PATH=/usr/sbin/schema export GOTRACEBACK=crash if [ -n "$CERTS" ]; then - SERVER_CRT=$(Extract_json_field "$CERTS" '.server_crt') - SERVER_KEY=$(Extract_json_field "$CERTS" '.server_key') + SERVER_CRT=$(extract_field "$CERTS" '.server_crt') + SERVER_KEY=$(extract_field "$CERTS" '.server_key') if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then TELEMETRY_ARGS+=" --insecure" else TELEMETRY_ARGS+=" --server_crt '$SERVER_CRT' --server_key '$SERVER_KEY' " fi - CA_CRT=$(Extract_json_field "$CERTS" '.ca_crt') + CA_CRT=$(extract_field "$CERTS" '.ca_crt') if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt '$CA_CRT'" fi elif [ -n "$X509" ]; then - SERVER_CRT=$(Extract_json_field "$X509" '.server_crt') - SERVER_KEY=$(Extract_json_field "$X509" '.server_key') + SERVER_CRT=$(extract_field "$X509" '.server_crt') + SERVER_KEY=$(extract_field "$X509" '.server_key') if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then TELEMETRY_ARGS+=" --insecure" else TELEMETRY_ARGS+=" --server_crt '$SERVER_CRT' --server_key '$SERVER_KEY' " fi - CA_CRT=$(Extract_json_field "$X509" '.ca_crt') + CA_CRT=$(extract_field "$X509" '.ca_crt') if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt '$CA_CRT'" fi @@ -64,16 +64,16 @@ fi if [ -z "$GNMI" ]; then PORT=8080 else - PORT=$(Extract_json_field "$GNMI" '.port') + PORT=$(extract_field "$GNMI" '.port') fi TELEMETRY_ARGS+=" --port '$PORT'" -CLIENT_AUTH=$(Extract_json_field "$GNMI" '.client_auth') +CLIENT_AUTH=$(extract_field "$GNMI" '.client_auth') if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then TELEMETRY_ARGS+=" --allow_no_client_auth" fi -LOG_LEVEL=$(Extract_json_field "$GNMI" '.log_level') +LOG_LEVEL=$(extract_field "$GNMI" '.log_level') if [[ $LOG_LEVEL =~ ^[0-9]+$ ]]; then TELEMETRY_ARGS+=" -v='$LOG_LEVEL'" else @@ -89,7 +89,7 @@ if [ ! -z "$SAVE_ON_SET" ]; then fi # Server will handle threshold connections consecutively -THRESHOLD_CONNECTIONS=$(Extract_json_field "$GNMI" '.threshold') +THRESHOLD_CONNECTIONS=$(extract_field "$GNMI" '.threshold') if [[ $THRESHOLD_CONNECTIONS =~ ^[0-9]+$ ]]; then TELEMETRY_ARGS+=" --threshold '$THRESHOLD_CONNECTIONS'" else @@ -102,7 +102,7 @@ else fi # Close idle connections after certain duration (in seconds) -IDLE_CONN_DURATION=$(Extract_json_field "$GNMI" '.idle_conn_duration') +IDLE_CONN_DURATION=$(extract_field "$GNMI" '.idle_conn_duration') if [[ $IDLE_CONN_DURATION =~ ^[0-9]+$ ]]; then TELEMETRY_ARGS+=" --idle_conn_duration '$IDLE_CONN_DURATION'" else @@ -115,7 +115,7 @@ else fi TELEMETRY_ARGS+=" -gnmi_native_write=false" -USER_AUTH=$(Extract_json_field "$GNMI" '.user_auth') +USER_AUTH=$(extract_field "$GNMI" '.user_auth') if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then TELEMETRY_ARGS+=" --client_auth '$USER_AUTH'" @@ -128,7 +128,7 @@ if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then TELEMETRY_ARGS+=" --enable_crl" fi - CRL_EXPIRE_DURATION=$(Extract_json_field "$GNMI" '.crl_expire_duration') + CRL_EXPIRE_DURATION=$(extract_field "$GNMI" '.crl_expire_duration') if [ ! -z "$CRL_EXPIRE_DURATION" ] && [ $CRL_EXPIRE_DURATION != "null" ]; then TELEMETRY_ARGS+=" --crl_expire_duration '$CRL_EXPIRE_DURATION'" fi From 22256a343e7f2aab769558ff85c18fe32b462e4e Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Wed, 12 Feb 2025 16:46:06 +0800 Subject: [PATCH 17/19] Validate port value in GNMI scripts --- dockers/docker-sonic-gnmi/gnmi-native.sh | 5 +++++ dockers/docker-sonic-telemetry/telemetry.sh | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index 9b8a7dbe87a..0f2417329fe 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -66,7 +66,12 @@ if [ -z "$GNMI" ]; then PORT=8080 else PORT=$(extract_field "$GNMI" '.port') + if ! [[ $PORT =~ ^[0-9]+$ ]]; then + echo "Incorrect port value ${PORT}, expecting positive integers" >&2 + exit $INCORRECT_TELEMETRY_VALUE + fi fi + TELEMETRY_ARGS+=" --port '$PORT'" CLIENT_AUTH=$(extract_field "$GNMI" '.client_auth') diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index b6adb65ca33..65e644a9c8d 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -65,6 +65,10 @@ if [ -z "$GNMI" ]; then PORT=8080 else PORT=$(extract_field "$GNMI" '.port') + if ! [[ $PORT =~ ^[0-9]+$ ]]; then + echo "Incorrect port value ${PORT}, expecting positive integers" >&2 + exit $INCORRECT_TELEMETRY_VALUE + fi fi TELEMETRY_ARGS+=" --port '$PORT'" From 356188f32f3107aa66e032e555cc64d5c4e97166 Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Fri, 14 Feb 2025 17:17:16 +0800 Subject: [PATCH 18/19] Remove single quotes around port variable --- dockers/docker-sonic-gnmi/gnmi-native.sh | 2 +- dockers/docker-sonic-telemetry/telemetry.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index 0f2417329fe..eaa267f0f93 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -72,7 +72,7 @@ else fi fi -TELEMETRY_ARGS+=" --port '$PORT'" +TELEMETRY_ARGS+=" --port $PORT" CLIENT_AUTH=$(extract_field "$GNMI" '.client_auth') if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index 65e644a9c8d..3f3c1e2ec57 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -70,7 +70,7 @@ else exit $INCORRECT_TELEMETRY_VALUE fi fi -TELEMETRY_ARGS+=" --port '$PORT'" +TELEMETRY_ARGS+=" --port $PORT" CLIENT_AUTH=$(extract_field "$GNMI" '.client_auth') if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then From d64c9672d3a5efd866c9253fcf217f9c50bb02c1 Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Mon, 17 Feb 2025 15:50:09 +0800 Subject: [PATCH 19/19] Remove unnecessary quotes in telemetry scripts --- dockers/docker-sonic-gnmi/gnmi-native.sh | 21 ++++++++++----------- dockers/docker-sonic-telemetry/telemetry.sh | 21 ++++++++++----------- 2 files changed, 20 insertions(+), 22 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index eaa267f0f93..5b9efe379a2 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -6,8 +6,7 @@ TELEMETRY_VARS_FILE=/usr/share/sonic/templates/telemetry_vars.j2 ESCAPE_QUOTE="'\''" extract_field() { - value=$(echo $1 | jq -r $2) - echo "${value//\'/${ESCAPE_QUOTE}}" + echo $(echo $1 | jq -r $2) } if [ ! -f "$TELEMETRY_VARS_FILE" ]; then @@ -36,12 +35,12 @@ if [ -n "$CERTS" ]; then if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then TELEMETRY_ARGS+=" --insecure" else - TELEMETRY_ARGS+=" --server_crt '$SERVER_CRT' --server_key '$SERVER_KEY' " + TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY " fi CA_CRT=$(extract_field "$CERTS" '.ca_crt') if [ ! -z $CA_CRT ]; then - TELEMETRY_ARGS+=" --ca_crt '$CA_CRT'" + TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi elif [ -n "$X509" ]; then @@ -50,12 +49,12 @@ elif [ -n "$X509" ]; then if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then TELEMETRY_ARGS+=" --insecure" else - TELEMETRY_ARGS+=" --server_crt '$SERVER_CRT' --server_key '$SERVER_KEY' " + TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY " fi CA_CRT=$(extract_field "$X509" '.ca_crt') if [ ! -z $CA_CRT ]; then - TELEMETRY_ARGS+=" --ca_crt '$CA_CRT'" + TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi else TELEMETRY_ARGS+=" --noTLS" @@ -81,7 +80,7 @@ fi LOG_LEVEL=$(extract_field "$GNMI" '.log_level') if [[ $LOG_LEVEL =~ ^[0-9]+$ ]]; then - TELEMETRY_ARGS+=" -v='$LOG_LEVEL'" + TELEMETRY_ARGS+=" -v=$LOG_LEVEL" else TELEMETRY_ARGS+=" -v=2" fi @@ -101,7 +100,7 @@ fi # Server will handle threshold connections consecutively THRESHOLD_CONNECTIONS=$(extract_field "$GNMI" '.threshold') if [[ $THRESHOLD_CONNECTIONS =~ ^[0-9]+$ ]]; then - TELEMETRY_ARGS+=" --threshold '$THRESHOLD_CONNECTIONS'" + TELEMETRY_ARGS+=" --threshold $THRESHOLD_CONNECTIONS" else if [ -z "$GNMI" ] || [[ $THRESHOLD_CONNECTIONS == "null" ]]; then TELEMETRY_ARGS+=" --threshold 100" @@ -114,7 +113,7 @@ fi # Close idle connections after certain duration (in seconds) IDLE_CONN_DURATION=$(extract_field "$GNMI" '.idle_conn_duration') if [[ $IDLE_CONN_DURATION =~ ^[0-9]+$ ]]; then - TELEMETRY_ARGS+=" --idle_conn_duration '$IDLE_CONN_DURATION'" + TELEMETRY_ARGS+=" --idle_conn_duration $IDLE_CONN_DURATION" else if [ -z "$GNMI" ] || [[ $IDLE_CONN_DURATION == "null" ]]; then TELEMETRY_ARGS+=" --idle_conn_duration 5" @@ -126,7 +125,7 @@ fi USER_AUTH=$(extract_field "$GNMI" '.user_auth') if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then - TELEMETRY_ARGS+=" --client_auth '$USER_AUTH'" + TELEMETRY_ARGS+=" --client_auth $USER_AUTH" if [ $USER_AUTH == "cert" ]; then TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" @@ -138,7 +137,7 @@ if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then CRL_EXPIRE_DURATION=$(extract_field "$GNMI" '.crl_expire_duration') if [ ! -z "$CRL_EXPIRE_DURATION" ] && [ $CRL_EXPIRE_DURATION != "null" ]; then - TELEMETRY_ARGS+=" --crl_expire_duration '$CRL_EXPIRE_DURATION'" + TELEMETRY_ARGS+=" --crl_expire_duration $CRL_EXPIRE_DURATION" fi fi fi diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index 3f3c1e2ec57..ad1dcedd156 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -6,8 +6,7 @@ TELEMETRY_VARS_FILE=/usr/share/sonic/templates/telemetry_vars.j2 ESCAPE_QUOTE="'\''" extract_field() { - value=$(echo $1 | jq -r $2) - echo "${value//\'/${ESCAPE_QUOTE}}" + echo $(echo $1 | jq -r $2) } if [ ! -f "$TELEMETRY_VARS_FILE" ]; then @@ -36,12 +35,12 @@ if [ -n "$CERTS" ]; then if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then TELEMETRY_ARGS+=" --insecure" else - TELEMETRY_ARGS+=" --server_crt '$SERVER_CRT' --server_key '$SERVER_KEY' " + TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY " fi CA_CRT=$(extract_field "$CERTS" '.ca_crt') if [ ! -z $CA_CRT ]; then - TELEMETRY_ARGS+=" --ca_crt '$CA_CRT'" + TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi elif [ -n "$X509" ]; then SERVER_CRT=$(extract_field "$X509" '.server_crt') @@ -49,12 +48,12 @@ elif [ -n "$X509" ]; then if [ -z $SERVER_CRT ] || [ -z $SERVER_KEY ]; then TELEMETRY_ARGS+=" --insecure" else - TELEMETRY_ARGS+=" --server_crt '$SERVER_CRT' --server_key '$SERVER_KEY' " + TELEMETRY_ARGS+=" --server_crt $SERVER_CRT --server_key $SERVER_KEY " fi CA_CRT=$(extract_field "$X509" '.ca_crt') if [ ! -z $CA_CRT ]; then - TELEMETRY_ARGS+=" --ca_crt '$CA_CRT'" + TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi else TELEMETRY_ARGS+=" --noTLS" @@ -79,7 +78,7 @@ fi LOG_LEVEL=$(extract_field "$GNMI" '.log_level') if [[ $LOG_LEVEL =~ ^[0-9]+$ ]]; then - TELEMETRY_ARGS+=" -v='$LOG_LEVEL'" + TELEMETRY_ARGS+=" -v=$LOG_LEVEL" else TELEMETRY_ARGS+=" -v=2" fi @@ -95,7 +94,7 @@ fi # Server will handle threshold connections consecutively THRESHOLD_CONNECTIONS=$(extract_field "$GNMI" '.threshold') if [[ $THRESHOLD_CONNECTIONS =~ ^[0-9]+$ ]]; then - TELEMETRY_ARGS+=" --threshold '$THRESHOLD_CONNECTIONS'" + TELEMETRY_ARGS+=" --threshold $THRESHOLD_CONNECTIONS" else if [ -z "$GNMI" ] || [[ $THRESHOLD_CONNECTIONS == "null" ]]; then TELEMETRY_ARGS+=" --threshold 100" @@ -108,7 +107,7 @@ fi # Close idle connections after certain duration (in seconds) IDLE_CONN_DURATION=$(extract_field "$GNMI" '.idle_conn_duration') if [[ $IDLE_CONN_DURATION =~ ^[0-9]+$ ]]; then - TELEMETRY_ARGS+=" --idle_conn_duration '$IDLE_CONN_DURATION'" + TELEMETRY_ARGS+=" --idle_conn_duration $IDLE_CONN_DURATION" else if [ -z "$GNMI" ] || [[ $IDLE_CONN_DURATION == "null" ]]; then TELEMETRY_ARGS+=" --idle_conn_duration 5" @@ -121,7 +120,7 @@ TELEMETRY_ARGS+=" -gnmi_native_write=false" USER_AUTH=$(extract_field "$GNMI" '.user_auth') if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then - TELEMETRY_ARGS+=" --client_auth '$USER_AUTH'" + TELEMETRY_ARGS+=" --client_auth $USER_AUTH" if [ $USER_AUTH == "cert" ]; then # Reuse GNMI_CLIENT_CERT for telemetry service @@ -134,7 +133,7 @@ if [ ! -z "$USER_AUTH" ] && [ $USER_AUTH != "null" ]; then CRL_EXPIRE_DURATION=$(extract_field "$GNMI" '.crl_expire_duration') if [ ! -z "$CRL_EXPIRE_DURATION" ] && [ $CRL_EXPIRE_DURATION != "null" ]; then - TELEMETRY_ARGS+=" --crl_expire_duration '$CRL_EXPIRE_DURATION'" + TELEMETRY_ARGS+=" --crl_expire_duration $CRL_EXPIRE_DURATION" fi fi fi