Add RBAC, gNOI, API Versioning and Bulk Set operations.

[seiferteric]

Along with this, also see the description in the PR #61. Also see the mgmt HLD update: https://github.com/project-arlo/SONiC/blob/update_gnmi_HLD/doc/mgmt/Management%20Framework.md

1. Authentication/Authorization: Adds client_auth flag that allows password, cert and jwt authentication modes. The client_auth field is passed on telemetry startup as a argument. The format is a comma seperated list of passowrd,jwt,cert,none. None will disable all authentication. In read-only mode (DEFAULT) the authentication is disabled, same as before. Only client certificate auth is used if desired. In READ/WRITE mode, the default auth enabled is password,jwt.

• Password: Similar to HTTP Basic auth, you pass the username and password in the gRPC metadata
• JWT: JSON Web Tokens standard. First you authenticate with username/password and then receive a JWT token. After you send the token in the gRPC metadata.
• User Certificate: Use a valid client certificate with the username embedded in the CN field. The certificate is for authentication, the username is for authorization.

2. gNOI RPC Support: Adds the infra for making gNOI RPC calls (ONLY when read/write build flag is enabled). The System Time() RPC is added. Also gNOI RPCs Authenticate and Refresh are used for the JWT Authentication mechanism. Also several RPCs are added from the mgmt-framework. These RPCs are: ClearNeighbors, CopyConfig, ShowTechsupport, ImageInstall, ImageRemove, ImageDefault.

3. Api Versioning: This adds a gNMI extension field called BundleVersion that is used by the mgmt framework to ensure compatible versions of all the mgmt models during upgrades. This extension field can be sent in gNMI get/set/subscribe operations. If the versions are incompatible, they will return an error. There is also another extension field for returning the current API "BundleVersion" in the Capabilities response message. This feature is only used in the translib data client and does not affect other data clients. In the default case, when the Api "BundleVersion" is not sent in the request, the Api version check is skipped.

4. Bulk Set: This uses the translib Bulk operation when a Set operation with more than one update/replace/delete operation is specified. This is only then read/write mode is enabled (at build time) and only for oc-models.

5. Use correct translib actions in Set request. Previously Update and Replace operations in the translib data client were both doing a translib.Create followed by an translib.Update since previously replace/update would not create the object. Now both replace and update work as expected and so Update just calls translib.Update and Replace just calls translib.Repalce.
   ​

6. Updates only subscribe mode. Update data client Subscribe function to include gnmipb.SubscriptionList in the arguments to get access to subscription options such as UpdatesOnly. This mode causes the server to send only updates to the current state. See https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-specification.md#3512-the-subscriptionlist-message. This feature is only implemented in the translib data client. Other cilents are not affected.

-Eric

[ben-gale]

Broadcom has reviewed and approved these changes.

[hui-ma]

Thanks for updating the detailed description.

[pra-moh]

@sachinholla can you please s/o if all comments are addressed?