Skip to content

[ycabled] add support for getting grpc secerts via shared file #298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Sep 27, 2022

Conversation

vdahiya12
Copy link
Contributor

@vdahiya12 vdahiya12 commented Sep 23, 2022

Signed-off-by: vaibhav-dahiya [email protected]
This PR adds support for adding the secrets to grpc client in active-active configuration via a shared file
/etc/sonic/grpc_secrets.json.
Using this file, secrets configuration in populated inside CONFIG_DB,
absence of this file will assume insecure gRPC client.

Description

Motivation and Context

How Has This Been Tested?

testing with UT and putting the changes on Arista testbed

Additional Information (Optional)

@lgtm-com
Copy link

lgtm-com bot commented Sep 23, 2022

This pull request introduces 1 alert when merging ee1e109 into 143422b - view on LGTM.com

new alerts:

  • 1 for Variable defined multiple times

Signed-off-by: vaibhav-dahiya <[email protected]>
@vdahiya12 vdahiya12 requested review from lolyu and zjswhhh September 24, 2022 02:33
lolyu
lolyu previously approved these changes Sep 26, 2022
Copy link
Contributor

@lolyu lolyu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One more question, do we need to store this credential information in CONFIG_DB? Can we simply read/use only inside ycabled?

Signed-off-by: vaibhav-dahiya <[email protected]>
zjswhhh
zjswhhh previously approved these changes Sep 26, 2022
Signed-off-by: vaibhav-dahiya <[email protected]>
Signed-off-by: vaibhav-dahiya <[email protected]>
Signed-off-by: vaibhav-dahiya <[email protected]>
Signed-off-by: vaibhav-dahiya <[email protected]>
zjswhhh
zjswhhh previously approved these changes Sep 26, 2022
Copy link

@zjswhhh zjswhhh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Signed-off-by: vaibhav-dahiya <[email protected]>
@vdahiya12
Copy link
Contributor Author

One more question, do we need to store this credential information in CONFIG_DB? Can we simply read/use only inside ycabled?

any reason why to omit the info from CONFIG_DB ?

zjswhhh
zjswhhh previously approved these changes Sep 27, 2022
Signed-off-by: vaibhav-dahiya <[email protected]>
Signed-off-by: vaibhav-dahiya <[email protected]>
@vdahiya12 vdahiya12 merged commit 534f839 into sonic-net:master Sep 27, 2022
yxieca pushed a commit that referenced this pull request Sep 27, 2022
This PR adds support for adding the secrets to grpc client in active-active configuration via a shared file
/etc/sonic/grpc_secrets.json.
Using this file, secrets configuration in populated inside CONFIG_DB,
absence of this file will assume insecure gRPC client.

Description
Motivation and Context
How Has This Been Tested?
testing with UT and putting the changes on Arista testbed

Signed-off-by: vaibhav-dahiya [email protected]
lolyu added a commit to sonic-net/sonic-mgmt that referenced this pull request Sep 30, 2022
Approach
What is the motivation for this PR?
Use insecure config for grpc connections from ycabled in tests.

How did you do it?
Modify /etc/sonic/grpc_secrets.json

How did you verify/test it?
This depends on sonic-net/sonic-platform-daemons#298

Any platform specific information?
Supported testbed topology if it's a new test case?
yxieca pushed a commit to sonic-net/sonic-mgmt that referenced this pull request Oct 8, 2022
Approach
What is the motivation for this PR?
Use insecure config for grpc connections from ycabled in tests.

How did you do it?
Modify /etc/sonic/grpc_secrets.json

How did you verify/test it?
This depends on sonic-net/sonic-platform-daemons#298

Any platform specific information?
Supported testbed topology if it's a new test case?
Azarack pushed a commit to Azarack/sonic-mgmt that referenced this pull request Oct 17, 2022
Approach
What is the motivation for this PR?
Use insecure config for grpc connections from ycabled in tests.

How did you do it?
Modify /etc/sonic/grpc_secrets.json

How did you verify/test it?
This depends on sonic-net/sonic-platform-daemons#298

Any platform specific information?
Supported testbed topology if it's a new test case?
allen-xf pushed a commit to allen-xf/sonic-mgmt that referenced this pull request Oct 28, 2022
Approach
What is the motivation for this PR?
Use insecure config for grpc connections from ycabled in tests.

How did you do it?
Modify /etc/sonic/grpc_secrets.json

How did you verify/test it?
This depends on sonic-net/sonic-platform-daemons#298

Any platform specific information?
Supported testbed topology if it's a new test case?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants