-
Notifications
You must be signed in to change notification settings - Fork 714
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[TACACS] Improve TACACS per-command authorization UT coverage #8115
[TACACS] Improve TACACS per-command authorization UT coverage #8115
Conversation
This UT depends on sonic-net/sonic-buildimage#14787 |
The pre-commit check detected issues in the files touched by this pull request. Detailed pre-commit check results: To run the pre-commit checks locally, you can follow below steps:
|
@@ -244,3 +245,37 @@ def remove_all_tacacs_server(duthost): | |||
tacacs_server = tacacs_server.rstrip() | |||
if tacacs_server: | |||
duthost.shell("sudo config tacacs delete %s" % tacacs_server) | |||
|
|||
|
|||
def check_server_received(ptfhost, data): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No any code change, for fix the circle import issue, move code from test_accounting.py.
…rd match more than hundred files. (#14787) Fix per-command authorization failed issue when a command with wildcard match more than hundred files. #### Why I did it When user enable TACACS per-command authorization, and run a command with wildcard , if the command match more than hundreds of files, the per-command authorization will failed with following message: *** authorize failed by TACACS+ with given arguments, not executing The root cause of this issue is because bash will match files with wildcard and replace with wildcard args with matched files. when there are too many files, TACACS plugin will generate a big authorization request, which will be reject by server side. ##### Work item tracking - Microsoft ADO **(number only)**: 18074861 #### How I did it Fix bash patch file, use original user inputs as authorization parameters. #### How to verify it Pass all UT. Create new UT to validate the TACACS authorization request are using original command arguments. UT PR: sonic-net/sonic-mgmt#8115 #### Which release branch to backport (provide reason below if selected) - [ ] 201811 - [ ] 201911 - [ ] 202006 - [ ] 202012 - [ ] 202106 - [ ] 202111 - [X] 202205 - [X] 202211 #### Tested branch (Please provide the tested image version) - [x] 202205.258490-412b83d0f - [x] 202211.71966120-1b971c54b5 #### Description for the changelog Fix per-command authorization failed issue when a command with wildcard match more than hundred files.
…rd match more than hundred files. (sonic-net#14787) Fix per-command authorization failed issue when a command with wildcard match more than hundred files. #### Why I did it When user enable TACACS per-command authorization, and run a command with wildcard , if the command match more than hundreds of files, the per-command authorization will failed with following message: *** authorize failed by TACACS+ with given arguments, not executing The root cause of this issue is because bash will match files with wildcard and replace with wildcard args with matched files. when there are too many files, TACACS plugin will generate a big authorization request, which will be reject by server side. ##### Work item tracking - Microsoft ADO **(number only)**: 18074861 #### How I did it Fix bash patch file, use original user inputs as authorization parameters. #### How to verify it Pass all UT. Create new UT to validate the TACACS authorization request are using original command arguments. UT PR: sonic-net/sonic-mgmt#8115 #### Which release branch to backport (provide reason below if selected) - [ ] 201811 - [ ] 201911 - [ ] 202006 - [ ] 202012 - [ ] 202106 - [ ] 202111 - [X] 202205 - [X] 202211 #### Tested branch (Please provide the tested image version) - [x] 202205.258490-412b83d0f - [x] 202211.71966120-1b971c54b5 #### Description for the changelog Fix per-command authorization failed issue when a command with wildcard match more than hundred files.
…rd match more than hundred files. (sonic-net#14787) Fix per-command authorization failed issue when a command with wildcard match more than hundred files. #### Why I did it When user enable TACACS per-command authorization, and run a command with wildcard , if the command match more than hundreds of files, the per-command authorization will failed with following message: *** authorize failed by TACACS+ with given arguments, not executing The root cause of this issue is because bash will match files with wildcard and replace with wildcard args with matched files. when there are too many files, TACACS plugin will generate a big authorization request, which will be reject by server side. ##### Work item tracking - Microsoft ADO **(number only)**: 18074861 #### How I did it Fix bash patch file, use original user inputs as authorization parameters. #### How to verify it Pass all UT. Create new UT to validate the TACACS authorization request are using original command arguments. UT PR: sonic-net/sonic-mgmt#8115 #### Which release branch to backport (provide reason below if selected) - [ ] 201811 - [ ] 201911 - [ ] 202006 - [ ] 202012 - [ ] 202106 - [ ] 202111 - [X] 202205 - [X] 202211 #### Tested branch (Please provide the tested image version) - [x] 202205.258490-412b83d0f - [x] 202211.71966120-1b971c54b5 #### Description for the changelog Fix per-command authorization failed issue when a command with wildcard match more than hundred files.
…rd match more than hundred files. (#14787) Fix per-command authorization failed issue when a command with wildcard match more than hundred files. #### Why I did it When user enable TACACS per-command authorization, and run a command with wildcard , if the command match more than hundreds of files, the per-command authorization will failed with following message: *** authorize failed by TACACS+ with given arguments, not executing The root cause of this issue is because bash will match files with wildcard and replace with wildcard args with matched files. when there are too many files, TACACS plugin will generate a big authorization request, which will be reject by server side. ##### Work item tracking - Microsoft ADO **(number only)**: 18074861 #### How I did it Fix bash patch file, use original user inputs as authorization parameters. #### How to verify it Pass all UT. Create new UT to validate the TACACS authorization request are using original command arguments. UT PR: sonic-net/sonic-mgmt#8115 #### Which release branch to backport (provide reason below if selected) - [ ] 201811 - [ ] 201911 - [ ] 202006 - [ ] 202012 - [ ] 202106 - [ ] 202111 - [X] 202205 - [X] 202211 #### Tested branch (Please provide the tested image version) - [x] 202205.258490-412b83d0f - [x] 202211.71966120-1b971c54b5 #### Description for the changelog Fix per-command authorization failed issue when a command with wildcard match more than hundred files.
…rd match more than hundred files. (#14787) Fix per-command authorization failed issue when a command with wildcard match more than hundred files. #### Why I did it When user enable TACACS per-command authorization, and run a command with wildcard , if the command match more than hundreds of files, the per-command authorization will failed with following message: *** authorize failed by TACACS+ with given arguments, not executing The root cause of this issue is because bash will match files with wildcard and replace with wildcard args with matched files. when there are too many files, TACACS plugin will generate a big authorization request, which will be reject by server side. ##### Work item tracking - Microsoft ADO **(number only)**: 18074861 #### How I did it Fix bash patch file, use original user inputs as authorization parameters. #### How to verify it Pass all UT. Create new UT to validate the TACACS authorization request are using original command arguments. UT PR: sonic-net/sonic-mgmt#8115 #### Which release branch to backport (provide reason below if selected) - [ ] 201811 - [ ] 201911 - [ ] 202006 - [ ] 202012 - [ ] 202106 - [ ] 202111 - [X] 202205 - [X] 202211 #### Tested branch (Please provide the tested image version) - [x] 202205.258490-412b83d0f - [x] 202211.71966120-1b971c54b5 #### Description for the changelog Fix per-command authorization failed issue when a command with wildcard match more than hundred files.
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
The pre-commit check detected issues in the files touched by this pull request. Detailed pre-commit check results: To run the pre-commit checks locally, you can follow below steps:
|
Please resolve the conflicts. |
…net#8115) [TACACS] Improve TACACS per-command authorization UT coverage ### Description of PR Improve TACACS per-command authorization UT coverage Summary: Fixes # (issue) ### Type of change <!-- - Fill x for your type of change. - e.g. - [x] Bug fix --> - [ ] Bug fix - [ ] Testbed and Framework(new/improvement) - [X] Test case(new/improvement) ### Back port request - [ ] 201911 - [ ] 202012 - [x] 202205 ### Approach #### What is the motivation for this PR? Improve TACACS per-command authorization UT coverage. #### How did you do it? Add new UT to cover 'run command with wildcard' scenario. Improve exist UT to cover more commands. #### How did you verify/test it? Manually test with latest master branch image and 202205/202211 branch image. #### Any platform specific information? #### Supported testbed topology if it's a new test case? ### Documentation <!-- (If it's a new feature, new test case) Did you update documentation/Wiki relevant to your implementation? Link to the wiki page? -->
…net#8115) [TACACS] Improve TACACS per-command authorization UT coverage ### Description of PR Improve TACACS per-command authorization UT coverage Summary: Fixes # (issue) ### Type of change <!-- - Fill x for your type of change. - e.g. - [x] Bug fix --> - [ ] Bug fix - [ ] Testbed and Framework(new/improvement) - [X] Test case(new/improvement) ### Back port request - [ ] 201911 - [ ] 202012 - [x] 202205 ### Approach #### What is the motivation for this PR? Improve TACACS per-command authorization UT coverage. #### How did you do it? Add new UT to cover 'run command with wildcard' scenario. Improve exist UT to cover more commands. #### How did you verify/test it? Manually test with latest master branch image and 202205/202211 branch image. #### Any platform specific information? #### Supported testbed topology if it's a new test case? ### Documentation <!-- (If it's a new feature, new test case) Did you update documentation/Wiki relevant to your implementation? Link to the wiki page? -->
[TACACS] Improve TACACS per-command authorization UT coverage
Description of PR
Improve TACACS per-command authorization UT coverage
Summary:
Fixes # (issue)
Type of change
Back port request
Approach
What is the motivation for this PR?
Improve TACACS per-command authorization UT coverage.
How did you do it?
Add new UT to cover 'run command with wildcard' scenario.
Improve exist UT to cover more commands.
How did you verify/test it?
Manually test with latest master branch image and 202205/202211 branch image.
Any platform specific information?
Supported testbed topology if it's a new test case?
Documentation