From 559180f27db523323084e9dd31752f679187a88a Mon Sep 17 00:00:00 2001 From: Hua Liu <58683130+liuh-80@users.noreply.github.com> Date: Thu, 18 Apr 2024 17:28:06 +0800 Subject: [PATCH 01/11] Add GNMI client cert cname list to yang model --- src/sonic-yang-models/yang-models/sonic-gnmi.yang | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/sonic-yang-models/yang-models/sonic-gnmi.yang b/src/sonic-yang-models/yang-models/sonic-gnmi.yang index 1d6b228266b8..ee842c866e68 100644 --- a/src/sonic-yang-models/yang-models/sonic-gnmi.yang +++ b/src/sonic-yang-models/yang-models/sonic-gnmi.yang @@ -43,6 +43,13 @@ module sonic-gnmi { description "Local path for server_crt."; } + leaf client_crt_cname { + type string { + pattern '([a-zA-Z0-9_\-\.]+,)*([a-zA-Z0-9_\-\.]+)'; + } + description "Client cert name."; + } + leaf server_key { type string { pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).key'; From ebea8749e49ac08ceebed45859159ab3597b9b26 Mon Sep 17 00:00:00 2001 From: liuh-80 Date: Tue, 28 May 2024 07:35:47 +0000 Subject: [PATCH 02/11] Update stubmodule --- .gitmodules | 3 ++- src/sonic-gnmi | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitmodules b/.gitmodules index 9013bdb67021..2bb984305274 100644 --- a/.gitmodules +++ b/.gitmodules @@ -105,7 +105,8 @@ url = https://github.com/sonic-net/sonic-host-services [submodule "src/sonic-gnmi"] path = src/sonic-gnmi - url = https://github.com/sonic-net/sonic-gnmi.git + url = https://github.com/liuh-80/sonic-gnmi.git + branch = dev/liuh/add_gnmi_cert_name [submodule "src/sonic-genl-packet"] path = src/sonic-genl-packet url = https://github.com/sonic-net/sonic-genl-packet diff --git a/src/sonic-gnmi b/src/sonic-gnmi index 585f4419f983..795a52bb5f16 160000 --- a/src/sonic-gnmi +++ b/src/sonic-gnmi @@ -1 +1 @@ -Subproject commit 585f4419f983b8d931121fdcb8acfe549bb06fba +Subproject commit 795a52bb5f16c780c58a25f73db542c6ad66541d From 50e1f5f8ab662b026c24bcdcb51b2bc21af93922 Mon Sep 17 00:00:00 2001 From: liuh-80 Date: Wed, 29 May 2024 02:50:32 +0000 Subject: [PATCH 03/11] Improve start script --- dockers/docker-sonic-gnmi/gnmi-native.sh | 5 +++++ dockers/docker-sonic-telemetry/telemetry.sh | 5 +++++ src/sonic-gnmi | 2 +- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index d9bab2700e4b..b58992f2fa66 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -33,6 +33,11 @@ if [ -n "$CERTS" ]; then if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi + + CLIENT_CERT_CNAME=$(echo $CERTS | jq -r '.client_crt_cname') + if [ ! -z $CLIENT_CERT_CNAME ]; then + TELEMETRY_ARGS+=" --client_crt_cname $CLIENT_CERT_CNAME" + fi elif [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index dadd226b8d80..8c2ed9326b62 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -34,6 +34,11 @@ if [ -n "$CERTS" ]; then if [ ! -z $CA_CRT ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi + + CLIENT_CERT_CNAME=$(echo $CERTS | jq -r '.client_crt_cname') + if [ ! -z $CLIENT_CERT_CNAME ]; then + TELEMETRY_ARGS+=" --client_crt_cname $CLIENT_CERT_CNAME" + fi elif [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') diff --git a/src/sonic-gnmi b/src/sonic-gnmi index 795a52bb5f16..43e7a43a1737 160000 --- a/src/sonic-gnmi +++ b/src/sonic-gnmi @@ -1 +1 @@ -Subproject commit 795a52bb5f16c780c58a25f73db542c6ad66541d +Subproject commit 43e7a43a1737aecc394b3de286f770d128245324 From 26efc7d5a93ce1173685cc1fbfc7c29c2394d0ed Mon Sep 17 00:00:00 2001 From: liuh-80 Date: Wed, 29 May 2024 03:33:59 +0000 Subject: [PATCH 04/11] Update submodule --- src/sonic-gnmi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-gnmi b/src/sonic-gnmi index 43e7a43a1737..ec096c3e8d45 160000 --- a/src/sonic-gnmi +++ b/src/sonic-gnmi @@ -1 +1 @@ -Subproject commit 43e7a43a1737aecc394b3de286f770d128245324 +Subproject commit ec096c3e8d453651015e82814db3d9924e04b9ad From 7320df791f0329c959fe51350c79aea62069c544 Mon Sep 17 00:00:00 2001 From: liuh-80 Date: Mon, 3 Jun 2024 10:03:40 +0000 Subject: [PATCH 05/11] Fix yang model issue --- dockers/docker-sonic-gnmi/gnmi-native.sh | 5 +--- dockers/docker-sonic-telemetry/telemetry.sh | 5 +--- src/sonic-gnmi | 2 +- .../yang-models/sonic-gnmi.yang | 27 ++++++++++++++----- .../yang-models/sonic-telemetry.yang | 21 +++++++++++++++ 5 files changed, 44 insertions(+), 16 deletions(-) diff --git a/dockers/docker-sonic-gnmi/gnmi-native.sh b/dockers/docker-sonic-gnmi/gnmi-native.sh index b58992f2fa66..e9f15810a226 100755 --- a/dockers/docker-sonic-gnmi/gnmi-native.sh +++ b/dockers/docker-sonic-gnmi/gnmi-native.sh @@ -34,10 +34,7 @@ if [ -n "$CERTS" ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi - CLIENT_CERT_CNAME=$(echo $CERTS | jq -r '.client_crt_cname') - if [ ! -z $CLIENT_CERT_CNAME ]; then - TELEMETRY_ARGS+=" --client_crt_cname $CLIENT_CERT_CNAME" - fi + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" elif [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index 8c2ed9326b62..7658c4258b4a 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -35,10 +35,7 @@ if [ -n "$CERTS" ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi - CLIENT_CERT_CNAME=$(echo $CERTS | jq -r '.client_crt_cname') - if [ ! -z $CLIENT_CERT_CNAME ]; then - TELEMETRY_ARGS+=" --client_crt_cname $CLIENT_CERT_CNAME" - fi + TELEMETRY_ARGS+=" --config_table_name TELEMETRY_CLIENT_CERT" elif [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') diff --git a/src/sonic-gnmi b/src/sonic-gnmi index ec096c3e8d45..0d30cfc222cd 160000 --- a/src/sonic-gnmi +++ b/src/sonic-gnmi @@ -1 +1 @@ -Subproject commit ec096c3e8d453651015e82814db3d9924e04b9ad +Subproject commit 0d30cfc222cde86716f59f88ace36c4920554722 diff --git a/src/sonic-yang-models/yang-models/sonic-gnmi.yang b/src/sonic-yang-models/yang-models/sonic-gnmi.yang index ee842c866e68..931b7eca8583 100644 --- a/src/sonic-yang-models/yang-models/sonic-gnmi.yang +++ b/src/sonic-yang-models/yang-models/sonic-gnmi.yang @@ -43,13 +43,6 @@ module sonic-gnmi { description "Local path for server_crt."; } - leaf client_crt_cname { - type string { - pattern '([a-zA-Z0-9_\-\.]+,)*([a-zA-Z0-9_\-\.]+)'; - } - description "Client cert name."; - } - leaf server_key { type string { pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).key'; @@ -79,7 +72,27 @@ module sonic-gnmi { } } + } + + container GNMI_CLIENT_CERT { + description "GNMI client cert list"; + list GNMI_CLIENT_CERT_LIST { + max-elements 8; + key "cert_cname"; + + leaf cert_cname { + type string; + description + "client cert common name"; + } + + leaf role { + type string; + description + "role of client cert common name"; + } + } } } } diff --git a/src/sonic-yang-models/yang-models/sonic-telemetry.yang b/src/sonic-yang-models/yang-models/sonic-telemetry.yang index d3d7600a8e98..caee3e9e8bbf 100644 --- a/src/sonic-yang-models/yang-models/sonic-telemetry.yang +++ b/src/sonic-yang-models/yang-models/sonic-telemetry.yang @@ -74,5 +74,26 @@ module sonic-telemetry { } } + + container TELEMETRY_CLIENT_CERT { + description "TELEMETRY client cert list"; + + list TELEMETRY_CLIENT_CERT_LIST { + max-elements 8; + key "cert_cname"; + + leaf cert_cname { + type string; + description + "client cert common name"; + } + + leaf role { + type string; + description + "role of client cert common name"; + } + } + } } } From 9fcdb1f6c404d152997a154e441236640ac367dc Mon Sep 17 00:00:00 2001 From: liuh-80 Date: Mon, 3 Jun 2024 10:34:23 +0000 Subject: [PATCH 06/11] Update submodule --- src/sonic-gnmi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-gnmi b/src/sonic-gnmi index 0d30cfc222cd..0ae9398a108a 160000 --- a/src/sonic-gnmi +++ b/src/sonic-gnmi @@ -1 +1 @@ -Subproject commit 0d30cfc222cde86716f59f88ace36c4920554722 +Subproject commit 0ae9398a108a0c2649c467bcfd922f1096d20967 From 00403b76d0287ba85214f58d26d60befdf675586 Mon Sep 17 00:00:00 2001 From: liuh-80 Date: Tue, 4 Jun 2024 06:02:41 +0000 Subject: [PATCH 07/11] Update submodule --- src/sonic-gnmi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-gnmi b/src/sonic-gnmi index 0ae9398a108a..f47be1c89430 160000 --- a/src/sonic-gnmi +++ b/src/sonic-gnmi @@ -1 +1 @@ -Subproject commit 0ae9398a108a0c2649c467bcfd922f1096d20967 +Subproject commit f47be1c89430c2949e83293b84875d7d2d74ed60 From 26ce0ed4fe7d08583fd5e3edd8047ea15fa636c0 Mon Sep 17 00:00:00 2001 From: liuh-80 Date: Tue, 18 Jun 2024 05:46:55 +0000 Subject: [PATCH 08/11] change gnmi submodule reference back --- .gitmodules | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitmodules b/.gitmodules index 2bb984305274..9013bdb67021 100644 --- a/.gitmodules +++ b/.gitmodules @@ -105,8 +105,7 @@ url = https://github.com/sonic-net/sonic-host-services [submodule "src/sonic-gnmi"] path = src/sonic-gnmi - url = https://github.com/liuh-80/sonic-gnmi.git - branch = dev/liuh/add_gnmi_cert_name + url = https://github.com/sonic-net/sonic-gnmi.git [submodule "src/sonic-genl-packet"] path = src/sonic-genl-packet url = https://github.com/sonic-net/sonic-genl-packet From 1e20d9a50018df04fa076937fa48d799ecd5551f Mon Sep 17 00:00:00 2001 From: liuh-80 Date: Tue, 2 Jul 2024 08:09:04 +0000 Subject: [PATCH 09/11] Add test case --- .../tests/files/sample_config_db.json | 10 +++++ .../tests/yang_model_tests/tests/gnmi.json | 11 ++++++ .../yang_model_tests/tests/telemetry.json | 11 ++++++ .../yang_model_tests/tests_config/gnmi.json | 38 +++++++++++++++++++ .../tests_config/telemetry.json | 38 +++++++++++++++++++ .../yang-models/sonic-gnmi.yang | 2 + .../yang-models/sonic-telemetry.yang | 2 + 7 files changed, 112 insertions(+) diff --git a/src/sonic-yang-models/tests/files/sample_config_db.json b/src/sonic-yang-models/tests/files/sample_config_db.json index 8ebb1d655675..0b5926a654dd 100644 --- a/src/sonic-yang-models/tests/files/sample_config_db.json +++ b/src/sonic-yang-models/tests/files/sample_config_db.json @@ -1323,6 +1323,16 @@ "port": "50052" } }, + "GNMI_CLIENT_CERT": { + "testcert1": { + "cert_cname": "testcert1", + "role": "RW" + }, + "testcert2": { + "cert_cname": "testcert2", + "role": "RO" + } + }, "TUNNEL": { "MuxTunnel0": { "dscp_mode": "uniform", diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/gnmi.json b/src/sonic-yang-models/tests/yang_model_tests/tests/gnmi.json index 5938290f8a96..e89cf0f2045c 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests/gnmi.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/gnmi.json @@ -13,5 +13,16 @@ }, "GNMI_TABLE_WITH_VALID_CONFIG": { "desc": "TABLE WITH VALID CONFIG." + }, + "GNMI_CLIENT_CERT_LIST_TABLE_WITH_MISSING_CERT_NAME": { + "desc": "CLIENT_CERT_LIST_TABLE_WITH_MISSING_CERT_NAME failure.", + "eStrKey": "Mandatory" + }, + "GNMI_CLIENT_CERT_LIST_TABLE_WITH_MISSING_ROLE": { + "desc": "CLIENT_CERT_LIST_TABLE_WITH_MISSING_ROLE failure.", + "eStrKey": "Mandatory" + }, + "GNMI_CLIENT_CERT_LIST_TABLE_WITH_VALID_CONFIG": { + "desc": "TABLE WITH VALID CONFIG." } } diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/telemetry.json b/src/sonic-yang-models/tests/yang_model_tests/tests/telemetry.json index f79e8ea73272..15bbdc463f1b 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests/telemetry.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/telemetry.json @@ -13,5 +13,16 @@ }, "TELEMETRY_TABLE_WITH_VALID_CONFIG": { "desc": "TABLE WITH VALID CONFIG." + }, + "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_MISSING_CERT_NAME": { + "desc": "CLIENT_CERT_TABLE_WITH_MISSING_CERT_NAME failure.", + "eStrKey": "Mandatory" + }, + "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_MISSING_ROLE": { + "desc": "CLIENT_CERT_TABLE_WITH_MISSING_ROLE failure.", + "eStrKey": "Mandatory" + }, + "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_VALID_CONFIG": { + "desc": "TABLE WITH VALID CONFIG." } } diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/gnmi.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/gnmi.json index db121ae3944c..260a2a94617b 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/gnmi.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/gnmi.json @@ -62,5 +62,43 @@ } } } + }, + "GNMI_CLIENT_CERT_LIST_TABLE_WITH_MISSING_CERT_NAME": { + "sonic-gnmi:sonic-gnmi": { + "sonic-gnmi:GNMI_CLIENT_CERT": { + "GNMI_CLIENT_CERT_LIST": [ + { + "role": "RW" + } + ] + } + } + }, + "GNMI_CLIENT_CERT_LIST_TABLE_WITH_MISSING_ROLE": { + "sonic-gnmi:sonic-gnmi": { + "sonic-gnmi:GNMI_CLIENT_CERT": { + "GNMI_CLIENT_CERT_LIST": [ + { + "cert_cname": "testcert1" + } + ] + } + } + }, + "GNMI_CLIENT_CERT_LIST_TABLE_WITH_VALID_CONFIG": { + "sonic-gnmi:sonic-gnmi": { + "sonic-gnmi:GNMI_CLIENT_CERT": { + "GNMI_CLIENT_CERT_LIST": [ + { + "cert_cname": "testcert1", + "role": "RW" + }, + { + "cert_cname": "testcert2", + "role": "RO" + } + ] + } + } } } diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/telemetry.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/telemetry.json index 1231a4cee662..a1830d616a7f 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/telemetry.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/telemetry.json @@ -62,5 +62,43 @@ } } } + }, + "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_MISSING_CERT_NAME": { + "sonic-telemetry:sonic-telemetry": { + "sonic-telemetry:TELEMETRY_CLIENT_CERT": { + "TELEMETRY_CLIENT_CERT_LIST": [ + { + "role": "RW" + } + ] + } + } + }, + "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_MISSING_ROLE": { + "sonic-telemetry:sonic-telemetry": { + "sonic-telemetry:TELEMETRY_CLIENT_CERT": { + "TELEMETRY_CLIENT_CERT_LIST": [ + { + "cert_cname": "testcert1" + } + ] + } + } + }, + "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_VALID_CONFIG": { + "sonic-telemetry:sonic-telemetry": { + "sonic-telemetry:TELEMETRY_CLIENT_CERT": { + "TELEMETRY_CLIENT_CERT_LIST": [ + { + "cert_cname": "testcert1", + "role": "RW" + }, + { + "cert_cname": "testcert2", + "role": "RO" + } + ] + } + } } } diff --git a/src/sonic-yang-models/yang-models/sonic-gnmi.yang b/src/sonic-yang-models/yang-models/sonic-gnmi.yang index 931b7eca8583..46d766c462f3 100644 --- a/src/sonic-yang-models/yang-models/sonic-gnmi.yang +++ b/src/sonic-yang-models/yang-models/sonic-gnmi.yang @@ -83,12 +83,14 @@ module sonic-gnmi { leaf cert_cname { type string; + mandatory true; description "client cert common name"; } leaf role { type string; + mandatory true; description "role of client cert common name"; } diff --git a/src/sonic-yang-models/yang-models/sonic-telemetry.yang b/src/sonic-yang-models/yang-models/sonic-telemetry.yang index caee3e9e8bbf..a0428914df65 100644 --- a/src/sonic-yang-models/yang-models/sonic-telemetry.yang +++ b/src/sonic-yang-models/yang-models/sonic-telemetry.yang @@ -84,12 +84,14 @@ module sonic-telemetry { leaf cert_cname { type string; + mandatory true; description "client cert common name"; } leaf role { type string; + mandatory true; description "role of client cert common name"; } From fbb629fd93f9c221bed34f995fc51139abe801f6 Mon Sep 17 00:00:00 2001 From: liuh-80 Date: Wed, 3 Jul 2024 02:35:56 +0000 Subject: [PATCH 10/11] Fix yang mgmt test issue --- .../tests/files/sample_config_db.json | 2 -- .../tests/yang_model_tests/tests/gnmi.json | 4 ---- .../tests/yang_model_tests/tests/telemetry.json | 4 ---- .../tests/yang_model_tests/tests_config/gnmi.json | 11 ----------- .../yang_model_tests/tests_config/telemetry.json | 11 ----------- src/sonic-yang-models/yang-models/sonic-gnmi.yang | 1 - .../yang-models/sonic-telemetry.yang | 1 - 7 files changed, 34 deletions(-) diff --git a/src/sonic-yang-models/tests/files/sample_config_db.json b/src/sonic-yang-models/tests/files/sample_config_db.json index 0b5926a654dd..2cdcf803d782 100644 --- a/src/sonic-yang-models/tests/files/sample_config_db.json +++ b/src/sonic-yang-models/tests/files/sample_config_db.json @@ -1325,11 +1325,9 @@ }, "GNMI_CLIENT_CERT": { "testcert1": { - "cert_cname": "testcert1", "role": "RW" }, "testcert2": { - "cert_cname": "testcert2", "role": "RO" } }, diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/gnmi.json b/src/sonic-yang-models/tests/yang_model_tests/tests/gnmi.json index e89cf0f2045c..10956d2bbf33 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests/gnmi.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/gnmi.json @@ -14,10 +14,6 @@ "GNMI_TABLE_WITH_VALID_CONFIG": { "desc": "TABLE WITH VALID CONFIG." }, - "GNMI_CLIENT_CERT_LIST_TABLE_WITH_MISSING_CERT_NAME": { - "desc": "CLIENT_CERT_LIST_TABLE_WITH_MISSING_CERT_NAME failure.", - "eStrKey": "Mandatory" - }, "GNMI_CLIENT_CERT_LIST_TABLE_WITH_MISSING_ROLE": { "desc": "CLIENT_CERT_LIST_TABLE_WITH_MISSING_ROLE failure.", "eStrKey": "Mandatory" diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/telemetry.json b/src/sonic-yang-models/tests/yang_model_tests/tests/telemetry.json index 15bbdc463f1b..654a19eaa8e0 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests/telemetry.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/telemetry.json @@ -14,10 +14,6 @@ "TELEMETRY_TABLE_WITH_VALID_CONFIG": { "desc": "TABLE WITH VALID CONFIG." }, - "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_MISSING_CERT_NAME": { - "desc": "CLIENT_CERT_TABLE_WITH_MISSING_CERT_NAME failure.", - "eStrKey": "Mandatory" - }, "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_MISSING_ROLE": { "desc": "CLIENT_CERT_TABLE_WITH_MISSING_ROLE failure.", "eStrKey": "Mandatory" diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/gnmi.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/gnmi.json index 260a2a94617b..ea83bc90d041 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/gnmi.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/gnmi.json @@ -63,17 +63,6 @@ } } }, - "GNMI_CLIENT_CERT_LIST_TABLE_WITH_MISSING_CERT_NAME": { - "sonic-gnmi:sonic-gnmi": { - "sonic-gnmi:GNMI_CLIENT_CERT": { - "GNMI_CLIENT_CERT_LIST": [ - { - "role": "RW" - } - ] - } - } - }, "GNMI_CLIENT_CERT_LIST_TABLE_WITH_MISSING_ROLE": { "sonic-gnmi:sonic-gnmi": { "sonic-gnmi:GNMI_CLIENT_CERT": { diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/telemetry.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/telemetry.json index a1830d616a7f..262e49335ffa 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/telemetry.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/telemetry.json @@ -63,17 +63,6 @@ } } }, - "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_MISSING_CERT_NAME": { - "sonic-telemetry:sonic-telemetry": { - "sonic-telemetry:TELEMETRY_CLIENT_CERT": { - "TELEMETRY_CLIENT_CERT_LIST": [ - { - "role": "RW" - } - ] - } - } - }, "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_MISSING_ROLE": { "sonic-telemetry:sonic-telemetry": { "sonic-telemetry:TELEMETRY_CLIENT_CERT": { diff --git a/src/sonic-yang-models/yang-models/sonic-gnmi.yang b/src/sonic-yang-models/yang-models/sonic-gnmi.yang index 46d766c462f3..b27ab84938b5 100644 --- a/src/sonic-yang-models/yang-models/sonic-gnmi.yang +++ b/src/sonic-yang-models/yang-models/sonic-gnmi.yang @@ -83,7 +83,6 @@ module sonic-gnmi { leaf cert_cname { type string; - mandatory true; description "client cert common name"; } diff --git a/src/sonic-yang-models/yang-models/sonic-telemetry.yang b/src/sonic-yang-models/yang-models/sonic-telemetry.yang index a0428914df65..72f73310f23b 100644 --- a/src/sonic-yang-models/yang-models/sonic-telemetry.yang +++ b/src/sonic-yang-models/yang-models/sonic-telemetry.yang @@ -84,7 +84,6 @@ module sonic-telemetry { leaf cert_cname { type string; - mandatory true; description "client cert common name"; } From ad1900b9801df6603044dbe21ca5578c935b3e0a Mon Sep 17 00:00:00 2001 From: liuh-80 Date: Tue, 16 Jul 2024 01:43:49 +0000 Subject: [PATCH 11/11] Reuse cert list table in GNMI and TELEMETRY --- dockers/docker-sonic-telemetry/telemetry.sh | 3 ++- .../yang_model_tests/tests/telemetry.json | 7 ----- .../tests_config/telemetry.json | 27 ------------------- .../yang-models/sonic-telemetry.yang | 22 --------------- 4 files changed, 2 insertions(+), 57 deletions(-) diff --git a/dockers/docker-sonic-telemetry/telemetry.sh b/dockers/docker-sonic-telemetry/telemetry.sh index 4825582de07d..d1c9216d4195 100755 --- a/dockers/docker-sonic-telemetry/telemetry.sh +++ b/dockers/docker-sonic-telemetry/telemetry.sh @@ -35,7 +35,8 @@ if [ -n "$CERTS" ]; then TELEMETRY_ARGS+=" --ca_crt $CA_CRT" fi - TELEMETRY_ARGS+=" --config_table_name TELEMETRY_CLIENT_CERT" + # Reuse GNMI_CLIENT_CERT for telemetry service + TELEMETRY_ARGS+=" --config_table_name GNMI_CLIENT_CERT" elif [ -n "$X509" ]; then SERVER_CRT=$(echo $X509 | jq -r '.server_crt') SERVER_KEY=$(echo $X509 | jq -r '.server_key') diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/telemetry.json b/src/sonic-yang-models/tests/yang_model_tests/tests/telemetry.json index 654a19eaa8e0..f79e8ea73272 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests/telemetry.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/telemetry.json @@ -13,12 +13,5 @@ }, "TELEMETRY_TABLE_WITH_VALID_CONFIG": { "desc": "TABLE WITH VALID CONFIG." - }, - "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_MISSING_ROLE": { - "desc": "CLIENT_CERT_TABLE_WITH_MISSING_ROLE failure.", - "eStrKey": "Mandatory" - }, - "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_VALID_CONFIG": { - "desc": "TABLE WITH VALID CONFIG." } } diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/telemetry.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/telemetry.json index 262e49335ffa..1231a4cee662 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/telemetry.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/telemetry.json @@ -62,32 +62,5 @@ } } } - }, - "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_MISSING_ROLE": { - "sonic-telemetry:sonic-telemetry": { - "sonic-telemetry:TELEMETRY_CLIENT_CERT": { - "TELEMETRY_CLIENT_CERT_LIST": [ - { - "cert_cname": "testcert1" - } - ] - } - } - }, - "TELEMETRY_CLIENT_CERT_LIST_TABLE_WITH_VALID_CONFIG": { - "sonic-telemetry:sonic-telemetry": { - "sonic-telemetry:TELEMETRY_CLIENT_CERT": { - "TELEMETRY_CLIENT_CERT_LIST": [ - { - "cert_cname": "testcert1", - "role": "RW" - }, - { - "cert_cname": "testcert2", - "role": "RO" - } - ] - } - } } } diff --git a/src/sonic-yang-models/yang-models/sonic-telemetry.yang b/src/sonic-yang-models/yang-models/sonic-telemetry.yang index 72f73310f23b..d3d7600a8e98 100644 --- a/src/sonic-yang-models/yang-models/sonic-telemetry.yang +++ b/src/sonic-yang-models/yang-models/sonic-telemetry.yang @@ -74,27 +74,5 @@ module sonic-telemetry { } } - - container TELEMETRY_CLIENT_CERT { - description "TELEMETRY client cert list"; - - list TELEMETRY_CLIENT_CERT_LIST { - max-elements 8; - key "cert_cname"; - - leaf cert_cname { - type string; - description - "client cert common name"; - } - - leaf role { - type string; - mandatory true; - description - "role of client cert common name"; - } - } - } } }