Skip to content

Enable gnmi/telemetry user authorization by config_db #21363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
qiluo-msft merged 19 commits into from
Feb 20, 2025
Merged

Enable gnmi/telemetry user authorization by config_db #21363

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
9a401e5
Enable gnmi/telemetry user authorization by config_db
liuh-80 Jan 9, 2025
05f42c0
Update yang model
liuh-80 Jan 9, 2025
fa702a4
Rename `--user_auth` to `--client_auth`
liuh-80 Jan 9, 2025
1af6a5f
Add user_auth pattern to YANG models
liuh-80 Jan 9, 2025
476a569
Refactor user_auth type definition
liuh-80 Jan 9, 2025
47de0d8
Refactor user authentication handling in scripts
liuh-80 Jan 10, 2025
24bb572
Remove max-elements constraint from GNMI_CLIENT_CERT_LIST
liuh-80 Jan 10, 2025
13b292a
Refactor user authentication handling in scripts
liuh-80 Jan 10, 2025
423914b
Fix syntax error in shell scripts
liuh-80 Jan 10, 2025
8b4b884
Refactor user authentication handling in telemetry scripts
liuh-80 Jan 10, 2025
30f4d64
Add debug echo for telemetry arguments
liuh-80 Jan 13, 2025
fe4090b
Fix GNMI variable checks in scripts
liuh-80 Jan 13, 2025
5253122
Refactor GNMI client certificate handling
liuh-80 Jan 14, 2025
78ed03c
Fix typo in CRL_EXPIRE_DURATION variable check
liuh-80 Jan 15, 2025
bfa73a8
Refactor JSON field extraction in scripts
liuh-80 Feb 8, 2025
d4b3572
Rename `Extract_json_field` to `extract_field`
liuh-80 Feb 10, 2025
22256a3
Validate port value in GNMI scripts
liuh-80 Feb 12, 2025
356188f
Remove single quotes around port variable
liuh-80 Feb 14, 2025
d64c967
Remove unnecessary quotes in telemetry scripts
liuh-80 Feb 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions dockers/docker-sonic-gnmi/gnmi-native.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,6 @@ if [ -n "$CERTS" ]; then
if [ ! -z $CA_CRT ]; then
TELEMETRY_ARGS+=" --ca_crt $CA_CRT"
fi

TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT"
elif [ -n "$X509" ]; then
SERVER_CRT=$(echo $X509 | jq -r '.server_crt')
SERVER_KEY=$(echo $X509 | jq -r '.server_key')
Expand Down Expand Up @@ -69,6 +67,12 @@ if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then
TELEMETRY_ARGS+=" --allow_no_client_auth"
fi

USER_AUTH=$(echo $GNMI | jq -r '.user_auth')
if [ ! -z $USER_AUTH ] then
TELEMETRY_ARGS+=" --user_auth $USER_AUTH"
Comment thread
liuh-80 marked this conversation as resolved.
Outdated
TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT"
fi

LOG_LEVEL=$(echo $GNMI | jq -r '.log_level')
if [[ $LOG_LEVEL =~ ^[0-9]+$ ]]; then
TELEMETRY_ARGS+=" -v=$LOG_LEVEL"
Expand Down
11 changes: 8 additions & 3 deletions dockers/docker-sonic-telemetry/telemetry.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,6 @@ if [ -n "$CERTS" ]; then
if [ ! -z $CA_CRT ]; then
TELEMETRY_ARGS+=" --ca_crt $CA_CRT"
fi

# Reuse GNMI_CLIENT_CERT for telemetry service
TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT"
elif [ -n "$X509" ]; then
SERVER_CRT=$(echo $X509 | jq -r '.server_crt')
SERVER_KEY=$(echo $X509 | jq -r '.server_key')
Expand Down Expand Up @@ -70,6 +67,14 @@ if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then
TELEMETRY_ARGS+=" --allow_no_client_auth"
fi

USER_AUTH=$(echo $GNMI | jq -r '.user_auth')
if [ ! -z $USER_AUTH ] then
TELEMETRY_ARGS+=" --user_auth $USER_AUTH"
Comment thread
liuh-80 marked this conversation as resolved.
Outdated

# Reuse GNMI_CLIENT_CERT for telemetry service
TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT"
fi

LOG_LEVEL=$(echo $GNMI | jq -r '.log_level')
if [[ $LOG_LEVEL =~ ^[0-9]+$ ]]; then
TELEMETRY_ARGS+=" -v=$LOG_LEVEL"
Expand Down
5 changes: 5 additions & 0 deletions src/sonic-yang-models/yang-models/sonic-gnmi.yang
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,11 @@ module sonic-gnmi {
type uint32;
description "Certificate revocation list cache expire duration.";
}

leaf user_auth {
type string;
Comment thread
liuh-80 marked this conversation as resolved.
Outdated
description "GNMI service user authorization type.";
}
}
}

Expand Down
5 changes: 5 additions & 0 deletions src/sonic-yang-models/yang-models/sonic-telemetry.yang
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,11 @@ module sonic-telemetry {
type uint32;
description "Certificate revocation list cache expire duration.";
}

leaf user_auth {
type string;
description "Telemetry service user authorization type.";
}
}

}
Expand Down