From 3dc7992a6e6a4bc908edb4e77866030217650b25 Mon Sep 17 00:00:00 2001
From: Sachin Holla <51310506+sachinholla@users.noreply.github.com>
Date: Fri, 19 Jun 2020 13:16:03 +0530
Subject: [PATCH] [mgmt-framework]: REST server cert configurations (#4799)

REST and telemetry servers were using "DEVICE_METADATA|x509" table for
server certificate configurations. This table has been deprecated now.
Enhanced REST server startup script to read server certificate file
path configurations from REST_SERVER table. Three more attributes -
server_crt, server_key and ca_crt are introduced as described in
https://github.com/Azure/SONiC/pull/550.

For backard compatibility, certificate configurations are read from
old "DEVICE_METADATA|x509" table if they (server_crt, server_key and
ca_crt) are not present in REST_SERVER table.

Fixes bug https://github.com/Azure/sonic-buildimage/issues/4291

Signed-off-by: Sachin Holla <sachin.holla@broadcom.com>
---
 .../docker-sonic-mgmt-framework/rest-server.sh   | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/dockers/docker-sonic-mgmt-framework/rest-server.sh b/dockers/docker-sonic-mgmt-framework/rest-server.sh
index e450f707dfd1..6e551d7c6143 100755
--- a/dockers/docker-sonic-mgmt-framework/rest-server.sh
+++ b/dockers/docker-sonic-mgmt-framework/rest-server.sh
@@ -2,23 +2,23 @@
 
 # Startup script for SONiC Management REST Server
 
-SERVER_PORT=
-LOG_LEVEL=
-CLIENT_AUTH=
-SERVER_CRT=
-SERVER_KEY=
-CA_CERT=
-
 # Read basic server settings from REST_SERVER|default entry
 HAS_REST_CONFIG=$(sonic-cfggen -d -v "1 if REST_SERVER and REST_SERVER['default']")
 if [ "$HAS_REST_CONFIG" == "1" ]; then
     SERVER_PORT=$(sonic-cfggen -d -v "REST_SERVER['default']['port']")
     CLIENT_AUTH=$(sonic-cfggen -d -v "REST_SERVER['default']['client_auth']")
     LOG_LEVEL=$(sonic-cfggen -d -v "REST_SERVER['default']['log_level']")
+
+    SERVER_CRT=$(sonic-cfggen -d -v "REST_SERVER['default']['server_crt']")
+    SERVER_KEY=$(sonic-cfggen -d -v "REST_SERVER['default']['server_key']")
+    CA_CRT=$(sonic-cfggen -d -v "REST_SERVER['default']['ca_crt']")
+fi
+
+if [[ -z $SERVER_CRT ]] && [[ -z $SERVER_KEY ]] && [[ -z $CA_CRT ]]; then
+    HAS_X509_CONFIG=$(sonic-cfggen -d -v "1 if DEVICE_METADATA and DEVICE_METADATA['x509']")
 fi
 
 # Read certificate file paths from DEVICE_METADATA|x509 entry.
-HAS_X509_CONFIG=$(sonic-cfggen -d -v "1 if DEVICE_METADATA and DEVICE_METADATA['x509']")
 if [ "$HAS_X509_CONFIG" == "1" ]; then
     SERVER_CRT=$(sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_crt']")
     SERVER_KEY=$(sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_key']")