Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client Auth is not working in telemetry (dial-in mode) #13142

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Client Auth is not working in telemetry (dial-in mode) #13142

wants to merge 4 commits into from

Conversation

saravanan-i
Copy link

@saravanan-i saravanan-i commented Dec 22, 2022
edited
Loading

Why I did it

Client Auth option is not working in telemetry (dial-in mode). Client Authentication value read from redis db is not passed to telemetry script in docker startup. Modified YANG models to accept other client authentication modes (like password,jwt) available in Telemetry.

How I did it

Included client_auth option in telemetry arguments and modified yang models

How to verify it

  1. Load Telemetry table (with client authentication mode as cert,password,jwt) using config load
  2. Restart the telemetry docker
  3. Request a new JWT token for admin user using gnoi_client
  4. Observe that telemetry server returns the JWT token with expiry date

Which release branch to backport (provide reason below if selected)

  • 202305

Description for the changelog

When an valid client_auth is present in config db (json file), same is passed as an argument to dial-in server startup script and also enable users to configure other authentication modes like password,jwt

Dependent Merge Requests:
sonic-net/sonic-host-services#76
sonic-net/sonic-gnmi#152

@saravanan-i
Issue Description: Client Auth is not working in telemetry (dial-in m…
403f099 
…ode)

Root-Cause: Client Authentication read from redis db is not passed to telemetry script in docker startup
What I did: Included client_auth option in telemetry args to be passed to telemetry gnmi script
@saravanan-i saravanan-i changed the title Issue Description: Client Auth is not working in telemetry (dial-in mode) Client Auth is not working in telemetry (dial-in mode) Dec 22, 2022
@saravanan-i saravanan-i marked this pull request as ready for review December 22, 2022 10:22
@saravanan-i saravanan-i requested a review from lguohan as a code owner December 22, 2022 10:22
@lguohan lguohan requested review from qiluo-msft and removed request for lguohan January 3, 2023 18:07
@qiluo-msft
Copy link
Collaborator

qiluo-msft commented Jan 3, 2023
edited
Loading

Thanks for the contribution!
Could you provide more details of the verification you have done for original code and the new code in "How to verify it" in PR description? Alternatively, you may consider adding a testcase in this repo or sonic-mgmt repo.

ganglyu
ganglyu reviewed Jan 4, 2023
View reviewed changes
dockers/docker-sonic-telemetry/telemetry.sh
@@ -60,6 +60,8 @@ TELEMETRY_ARGS+=" --port $PORT"
CLIENT_AUTH=$(echo $GNMI | jq -r '.client_auth')
if [ -z $CLIENT_AUTH ] || [ $CLIENT_AUTH == "false" ]; then
TELEMETRY_ARGS+=" --allow_no_client_auth"
else
TELEMETRY_ARGS+=" --client_auth $CLIENT_AUTH"
Copy link
Contributor

@ganglyu ganglyu Jan 4, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/sonic-net/sonic-buildimage/blob/master/src/sonic-yang-models/yang-models/sonic-telemetry.yang#L57
client_auth is a flag used for requiring client auth, but you are using it as client auth type?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Closing this PR. And will open a new PR addressing the comments

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you want to address PR comments, better to keep this PR open, and push new commit in the same PR. So the comment will have enough context and easy to track.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Client Authentication Argument in Telemetry dialin server (https://github.com/sonic-net/sonic-gnmi/blob/master/telemetry/telemetry.go) accepts jwt,password,certification. Made changes in telemetry.sh script to accept the different client authentication modes.

@saravanan-i saravanan-i closed this Aug 9, 2023
@saravanan-i saravanan-i reopened this Aug 10, 2023
@saravanan-i
What I did: Modified YANG models to accept other client authenticatio…
486ed72 
…n modes (like password,jwt) available in Telemetry.
@saravanan-i saravanan-i marked this pull request as draft September 19, 2023 04:43
This was referenced Sep 19, 2023
Open
Open
@saravanan-i saravanan-i marked this pull request as ready for review September 19, 2023 05:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ganglyu ganglyu ganglyu left review comments

@dharmaraj-gurusamy dharmaraj-gurusamy dharmaraj-gurusamy approved these changes

@qiluo-msft qiluo-msft Awaiting requested review from qiluo-msft qiluo-msft is a code owner

@zbud-msft zbud-msft Awaiting requested review from zbud-msft

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@saravanan-i @qiluo-msft @dharmaraj-gurusamy @ganglyu