REST server cert configurations (fixes #4291) #4799
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
REST and telemetry servers were using "DEVICE_METADATA|x509" table for server certificate configurations. This table has been deprecated now. Enhanced REST server startup script to read server certificate file path configurations from REST_SERVER table. Three more attributes - server_crt, server_key and ca_crt are introduced as described in sonic-net/SONiC#550. For backard compatibility, certificate configurations are read from old "DEVICE_METADATA|x509" table if they (server_crt, server_key and ca_crt) are not present in REST_SERVER table. Fixes bug sonic-net#4291 Signed-off-by: Sachin Holla <sachin.holla@broadcom.com>
lguohan
approved these changes
Jun 19, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- Why I did it
Mgmt-framework REST and telemetry servers were using
DEVICE_METADATA|x509table forserver certificate configurations. This table has been deprecated now and telemetry service has already moved its certificate configurations to
TELEMETRYtable. Doing the same for REST service too.Discussed in bug #4291
- How I did it
Enhanced REST server startup script to read server certificate file path configurations from the existing
REST_SERVERtable. Three more attributes - server_crt, server_key and ca_crt are introduced as described in sonic-net/SONiC#550.For backard compatibility, certificate configurations are read from old
DEVICE_METADATA|x509table if they (server_crt, server_key and ca_crt) are not present inREST_SERVERtable.- How to verify it
Verified mgmt-framework service startup with following configurations:
- Description for the changelog
Load certificate configurations for mgmt-framework service from REST_SERVER table.