Migrate AAA table per-command authorization in db_migrator #3296
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This PR is based on per-command accounting migrate PR: #3284 |
qiluo-msft
reviewed
May 8, 2024
| tacplus_config = self.configDB.get_entry('TACPLUS', 'global') | ||
| if 'passkey' in tacplus_config and '' != tacplus_config.get('passkey'): | ||
| authorization = self.configDB.get_entry('AAA', 'authorization') | ||
| if not authorization: |
There was a problem hiding this comment.
According to your comments in #3284:
qiluo-msft 2 weeks ago
The old image's enablement does not matter. As long as the required passkey is there, and intention is to enable, then we should enable.
So, we only check the new config:
| New_config | Action |
|---|---|
| Passkey does not exist | Not enable |
| Passkey exist, Authorization enable | Enable |
| Passkey exist, Authorization not enable | Not enable |
qiluo-msft
reviewed
May 12, 2024
| self.configDB.set_entry("AAA", "authorization", authorization_new) | ||
| log.log_info('Migrate AAA authorization: {}'.format(authorization_new)) | ||
| else: | ||
| # If no passkey, setup per-command authorization will block remote user command |
There was a problem hiding this comment.
Fixed, disable authorization by delete entry.
qiluo-msft
approved these changes
May 15, 2024
mssonicbld
pushed a commit
to mssonicbld/sonic-utilities
that referenced
this pull request
May 21, 2024
…#3296) Migrate AAA table per-command authorization in db_migrator #### Why I did it per-command AAA need enable in warm-upgrade case #### How I did it Add code to migrate per-command aunthorization #### How to verify it Pass all test case. Add new test case. #### Which release branch to backport (provide reason below if selected) N/A #### Description for the changelog Migrate AAA table per-command authorization in db_migrator #### A picture of a cute animal (not mandatory but encouraged)
|
Cherry-pick PR to 202311: #3330 |
mssonicbld
pushed a commit
that referenced
this pull request
May 21, 2024
Migrate AAA table per-command authorization in db_migrator
#### Why I did it
per-command AAA need enable in warm-upgrade case
#### How I did it
Add code to migrate per-command aunthorization
#### How to verify it
Pass all test case.
Add new test case.
#### Which release branch to backport (provide reason below if selected)
N/A
#### Description for the changelog
Migrate AAA table per-command authorization in db_migrator
#### A picture of a cute animal (not mandatory but encouraged)
mssonicbld
added
Included in 202311 Branch
and removed
Created PR to 202311 Branch
labels
arfeigin
pushed a commit
to arfeigin/sonic-utilities
that referenced
this pull request
Jun 16, 2024
…#3296) Migrate AAA table per-command authorization in db_migrator #### Why I did it per-command AAA need enable in warm-upgrade case #### How I did it Add code to migrate per-command aunthorization #### How to verify it Pass all test case. Add new test case. #### Which release branch to backport (provide reason below if selected) N/A #### Description for the changelog Migrate AAA table per-command authorization in db_migrator #### A picture of a cute animal (not mandatory but encouraged)
nmoray
pushed a commit
to nmoray/sonic-utilities
that referenced
this pull request
Jun 25, 2025
…#3296) Migrate AAA table per-command authorization in db_migrator #### Why I did it per-command AAA need enable in warm-upgrade case #### How I did it Add code to migrate per-command aunthorization #### How to verify it Pass all test case. Add new test case. #### Which release branch to backport (provide reason below if selected) N/A #### Description for the changelog Migrate AAA table per-command authorization in db_migrator #### A picture of a cute animal (not mandatory but encouraged)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Migrate AAA table per-command authorization in db_migrator
Why I did it
How I did it
How to verify it
Which release branch to backport (provide reason below if selected)
Description for the changelog
A picture of a cute animal (not mandatory but encouraged)