Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Translib support for authorization, yang versioning and Delete flag #21

Merged
merged 13 commits into from
Sep 30, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions debian/sonic-mgmt-common.install
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ models/yang/sonic/*.yang usr/models/yang
models/yang/sonic/common/*.yang usr/models/yang
models/yang/annotations/*.yang usr/models/yang
config/transformer/models_list usr/models/yang
models/yang/version.xml usr/models/yang

# CVL files
build/cvl/schema usr/sbin
Expand Down
51 changes: 51 additions & 0 deletions models/yang/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# YANG directory

## Directory structure

yang/ --> Standard YANGs
|-- annotations/ --> Transformer annotations
|-- common/ --> Dependencies for standard YANGs
|-- extensions/ --> Extenstions for standard YANGs
|-- sonic/ --> SONiC yangs
|-- testdata/ --> Test YANGs - ignored
`-- version.xml --> YANG bundle version configuration file

All supported standard YANG files (OpenConfig and IETF) are kept in this **yang** directory. Usual practice is to keep only top level YANG module here and keep dependent YANGs, submodules in **yang/common** directory.

Example: openconfig-platform.yang is kept in top **yang** directory and openconfig-platform-types.yang in **yang/common** directory.

All extenstion YANGs **MUST** be kept in **yang/extensions** directory.

## version.xml

version.xml file maintains the yang bundle version number in **Major.Minor.Patch** format.
It is the collective version number for all the YANG modules defined here.
**UPDATE THIS VERSION NUMBER FOR EVERY YANG CHANGE.**

**Major version** should be incremented if YANG model is changed in a non backward compatible manner.
Such changes should be avoided.

* Delete, rename or relocate data node
* Change list key attributes
* Change data type of a node to an incompatible type
* Change leafref target

**Minor version** should be incremented if the YANG change modifies the API in a backward
compatible way. Patch version should be reset to 0.
Candidate YANG changes for this category are:

* Add new YANG module
* Add new YANG data nodes
* Mark a YANG data node as deprecated
* Change data type of a node to a compatible type
* Add new enum or identity

**Patch version** should incremented for cosmetic fixes that do not change YANG API.
Candidate YANG changes for this category are:

* Change description, beautification.
* Expand pattern or range of a node to wider set.
* Change must expression to accept more cases.
* Error message or error tag changes.


36 changes: 36 additions & 0 deletions models/yang/version.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
<version-config>
<!--
yang-bundle-version configuration indicates the version
for the collection of all yang modules.

Update the version numbers here for every yang change.

Bump up MAJOR version only if the yang change are not
backward compatible.
+ Renaming or relocating of data nodes
+ Deleting unsupported configs
+ Changing list key attributes
+ Incompatible data type changes
+ Changing leafref target

Bump up MINOR version number for all backward compatible
API changes.
+ Add new config node
+ Data type changes like pattern, range (that are backward compatibile)
+ Adding new enum/identity

Bump up PATCH number for cosmetic fixes that do not affect any API
+ Description changes, beautification
+ Must expression and validations that are backward compatibile
+ error-tag, error-message
+ max-elements, min-elements
+ Mark a node as deprecated
-->
<yang-bundle-version>
<Major>1</Major>
<Minor>0</Minor>
<Patch>0</Patch>
</yang-bundle-version>

</version-config>

4 changes: 4 additions & 0 deletions translib/app_interface.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,10 @@ type appOptions struct {
// 0 indicates unlimited depth.
// Valid for GET API only.
depth uint

// deleteEmptyEntry indicates if the db entry should be deleted upon
// deletion of last field. This is a non standard option.
deleteEmptyEntry bool
}

//map containing the base path to app module info
Expand Down
81 changes: 81 additions & 0 deletions translib/authorize.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
////////////////////////////////////////////////////////////////////////////////
// //
// Copyright 2019 Broadcom. The term Broadcom refers to Broadcom Inc. and/or //
// its subsidiaries. //
// //
// Licensed under the Apache License, Version 2.0 (the "License"); //
// you may not use this file except in compliance with the License. //
// You may obtain a copy of the License at //
// //
// http://www.apache.org/licenses/LICENSE-2.0 //
// //
// Unless required by applicable law or agreed to in writing, software //
// distributed under the License is distributed on an "AS IS" BASIS, //
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. //
// See the License for the specific language governing permissions and //
// limitations under the License. //
// //
////////////////////////////////////////////////////////////////////////////////

/*
Package translib defines the functions to be used to authorize

an incoming user. It also includes caching of the UserDB data

needed to authorize the user.

*/

package translib

func isAuthorizedForSet(req SetRequest) bool {
if !req.AuthEnabled {
return true
}
for _, r := range req.User.Roles {
if r == "admin" {
return true
}
}
return false
}

func isAuthorizedForBulk(req BulkRequest) bool {
if !req.AuthEnabled {
return true
}
for _, r := range req.User.Roles {
if r == "admin" {
return true
}
}
return false
}

func isAuthorizedForGet(req GetRequest) bool {
if !req.AuthEnabled {
return true
}
return true
}

func isAuthorizedForSubscribe(req SubscribeRequest) bool {
if !req.AuthEnabled {
return true
}
return true
}

func isAuthorizedForIsSubscribe(req IsSubscribeRequest) bool {
if !req.AuthEnabled {
return true
}
return true
}

func isAuthorizedForAction(req ActionRequest) bool {
if !req.AuthEnabled {
return true
}
return true
}
8 changes: 8 additions & 0 deletions translib/tlerr/app_errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,9 @@ type NotSupportedError errordata
// InternalError indicates a generic error during app execution.
type InternalError errordata

// AuthorizationError indicates the user is not authorized for an operation.
type AuthorizationError errordata

/////////////

func (e InvalidArgsError) Error() string {
Expand Down Expand Up @@ -90,3 +93,8 @@ func (e InternalError) Error() string {
func New(msg string, args ...interface{}) InternalError {
return InternalError{Format: msg, Args: args}
}

func (e AuthorizationError) Error() string {
return p.Sprintf(e.Format, e.Args...)
}

11 changes: 11 additions & 0 deletions translib/tlerr/tlerr.go
Original file line number Diff line number Diff line change
Expand Up @@ -101,3 +101,14 @@ type TranslibSyntaxValidationError struct {
func (e TranslibSyntaxValidationError) Error() string {
return p.Sprintf("%s", e.ErrorStr)
}

type TranslibUnsupportedClientVersion struct {
ClientVersion string
ServerVersion string
ServerBaseVersion string
}

func (e TranslibUnsupportedClientVersion) Error() string {
return p.Sprintf("Unsupported client version %s", e.ClientVersion)
}

Loading