From 91e0e144c44b192b88e86c35d3588a8875d472b5 Mon Sep 17 00:00:00 2001 From: Arvindsrinivasan Lakshmi Narasimhan Date: Sun, 14 Apr 2024 00:44:11 +0000 Subject: [PATCH] port restapi yang model --- src/sonic-yang-models/doc/Configuration.md | 22 ++++- src/sonic-yang-models/setup.py | 1 + .../tests/files/sample_config_db.json | 13 +++ .../tests/yang_model_tests/tests/restapi.json | 16 ++++ .../tests_config/restapi.json | 50 +++++++++++ .../yang-models/sonic-restapi.yang | 85 +++++++++++++++++++ 6 files changed, 186 insertions(+), 1 deletion(-) create mode 100644 src/sonic-yang-models/tests/yang_model_tests/tests/restapi.json create mode 100644 src/sonic-yang-models/tests/yang_model_tests/tests_config/restapi.json create mode 100644 src/sonic-yang-models/yang-models/sonic-restapi.yang diff --git a/src/sonic-yang-models/doc/Configuration.md b/src/sonic-yang-models/doc/Configuration.md index bda1af49ed93..5faf71691e21 100644 --- a/src/sonic-yang-models/doc/Configuration.md +++ b/src/sonic-yang-models/doc/Configuration.md @@ -51,7 +51,8 @@ Table of Contents * [Scheduler](#scheduler) * [Port QoS Map](#port-qos-map) * [Queue](#queue) - * [Sflow](#sflow) + * [Sflow](#sflow) + * [Restapi](#restapi) * [Tacplus Server](#tacplus-server) * [TC to Priority group map](#tc-to-priority-group-map) * [TC to Queue map](#tc-to-queue-map) @@ -1509,6 +1510,25 @@ name as object key and member list as attribute. } ``` +### Restapi +``` +{ +"RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "server_crt": "/etc/sonic/credentials/restapiserver.crt", + "client_crt_cname": "client.sonic.net" + }, + "config": { + "client_auth": "true", + "log_level": "trace", + "allow_insecure": "false" + } +} + +``` + ### Sflow The below are the tables and their schema for SFLOW feature diff --git a/src/sonic-yang-models/setup.py b/src/sonic-yang-models/setup.py index 0dbbd91154aa..b2c1dcd93661 100644 --- a/src/sonic-yang-models/setup.py +++ b/src/sonic-yang-models/setup.py @@ -130,6 +130,7 @@ def run(self): './yang-models/sonic-policer.yang', './yang-models/sonic-portchannel.yang', './yang-models/sonic-pfcwd.yang', + './yang-models/sonic-restapi.yang', './yang-models/sonic-route-common.yang', './yang-models/sonic-route-map.yang', './yang-models/sonic-routing-policy-sets.yang', diff --git a/src/sonic-yang-models/tests/files/sample_config_db.json b/src/sonic-yang-models/tests/files/sample_config_db.json index 93fe09c0ca59..534026c4d43d 100644 --- a/src/sonic-yang-models/tests/files/sample_config_db.json +++ b/src/sonic-yang-models/tests/files/sample_config_db.json @@ -1122,6 +1122,19 @@ "lanes": "1" } }, + "RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "server_crt": "/etc/sonic/credentials/restapiserver.crt", + "client_crt_cname": "client.sonic.net" + }, + "config": { + "client_auth": "true", + "log_level": "trace", + "allow_insecure": "false" + } + }, "FLEX_COUNTER_TABLE": { "PFCWD": { "FLEX_COUNTER_STATUS": "enable" diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/restapi.json b/src/sonic-yang-models/tests/yang_model_tests/tests/restapi.json new file mode 100644 index 000000000000..42ce64ba330f --- /dev/null +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/restapi.json @@ -0,0 +1,16 @@ +{ + "RESTAPI_TABLE_WITH_INCORRECT_CERT": { + "desc": "RESTAPI TABLE_WITH_INCORRECT_CERT failure.", + "eStr": ["Value", "does not satisfy the constraint"] + }, + "RESTAPI_TABLE_WITH_INCORRECT_CLIENT": { + "desc": "RESTAPI TABLE_WITH_INCORRECT_CLIENT failure.", + "eStr": ["Value", "does not satisfy the constraint"] + }, + "RESTAPI_TABLE_WITH_VALID_CONFIG": { + "desc": "RESTAPI TABLE WITH VALID CONFIG." + }, + "RESTAPI_TABLE_WITH_MULTIPLE_CERTS": { + "desc": "RESTAPI TABLE WITH MULTIPLE CERTS." + } +} diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/restapi.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/restapi.json new file mode 100644 index 000000000000..f2a3b15643c6 --- /dev/null +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/restapi.json @@ -0,0 +1,50 @@ +{ + "RESTAPI_TABLE_WITH_INCORRECT_CERT": { + "sonic-restapi:sonic-restapi": { + "sonic-restapi:RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_crt": "a/b/c", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "client_crt_cname": "client" + } + } + } + }, + "RESTAPI_TABLE_WITH_INCORRECT_CLIENT": { + "sonic-restapi:sonic-restapi": { + "sonic-restapi:RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_crt": "/etc/sonic/credentials/restapiserver.crt", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "client_crt_cname": "/client" + } + } + } + }, + "RESTAPI_TABLE_WITH_VALID_CONFIG": { + "sonic-restapi:sonic-restapi": { + "sonic-restapi:RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_crt": "/etc/sonic/credentials/restapiserver.crt", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "client_crt_cname": "client.sonic.net" + } + } + } + }, + "RESTAPI_TABLE_WITH_MULTIPLE_CERTS": { + "sonic-restapi:sonic-restapi": { + "sonic-restapi:RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_crt": "/etc/sonic/credentials/restapiserver.crt", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "client_crt_cname": "client.sonic.net,clientds.prod.net" + } + } + } + } +} diff --git a/src/sonic-yang-models/yang-models/sonic-restapi.yang b/src/sonic-yang-models/yang-models/sonic-restapi.yang new file mode 100644 index 000000000000..094ed18eb7bd --- /dev/null +++ b/src/sonic-yang-models/yang-models/sonic-restapi.yang @@ -0,0 +1,85 @@ +module sonic-restapi { + + yang-version 1.1; + + namespace "http://github.com/sonic-net/sonic-restapi"; + prefix restapi; + + import ietf-inet-types { + prefix inet; + } + + organization + "SONiC"; + + contact + "SONiC"; + + description "RESTAPI YANG Module for SONiC OS"; + + revision 2022-10-05 { + description "First Revision"; + } + + container sonic-restapi { + + container RESTAPI { + + description "RESTAPI TABLE part of config_db.json"; + + container certs { + + leaf ca_crt { + type string { + pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).([a-z]+)'; + } + description "Local path for ca_crt."; + } + + leaf server_crt { + type string { + pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).crt'; + } + description "Local path for server_crt."; + } + + leaf client_crt_cname { + type string { + pattern '([a-zA-Z0-9_\-\.]+,)*([a-zA-Z0-9_\-\.]+)'; + } + description "Client cert name."; + } + + leaf server_key { + type string { + pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).key'; + } + description "Local path for server_key."; + } + + } + + container config { + + leaf client_auth { + type boolean; + default true; + description "Enable client authentication"; + } + + leaf log_level { + type string { + pattern "trace|info"; + } + description "container log level for restapi"; + } + + leaf allow_insecure { + type boolean; + default false; + description "Allow insecure connection"; + } + } + } + } +}