[ycabled] add secure channel support for grpc dualtor active-active connectivity #275
Merged
vdahiya12 merged 8 commits intosonic-net:masterfrom Jul 22, 2022
Merged
Conversation
Signed-off-by: vaibhav-dahiya <[email protected]>
|
This pull request introduces 1 alert when merging e6a09fc into 005ec30 - view on LGTM.com new alerts:
|
Signed-off-by: vaibhav-dahiya <[email protected]>
Signed-off-by: vaibhav-dahiya <[email protected]>
vdahiya12
changed the title
Signed-off-by: vaibhav-dahiya <[email protected]>
Signed-off-by: vaibhav-dahiya <[email protected]>
Signed-off-by: vaibhav-dahiya <[email protected]>
lolyu
reviewed
Jul 22, 2022
| type = grpc_config_dict.get("type", None) | ||
| level = grpc_config_dict.get("auth_level", None) | ||
|
|
||
| (status, fvs) = grpc_config[asic_index].get("certs") |
Contributor
There was a problem hiding this comment.
what if the type is insecure and the certs is not defined:
{
'config': {
'type': 'insecure'
}
}
}
In this case status will be False, and goes to LINE#489, right?
Contributor
Author
There was a problem hiding this comment.
fixed, logic takes default to be insecure if no config defined
| for _ in range(retries): | ||
|
|
||
| if type == "secure": | ||
| credential = get_grpc_credentials(type, kvp) |
Contributor
There was a problem hiding this comment.
this should be
Suggested change
| credential = get_grpc_credentials(type, kvp) | |
| credential = get_grpc_credentials(level, kvp) |
Right?
Contributor
Author
There was a problem hiding this comment.
Thanks for pointing out, fixed.
Signed-off-by: vaibhav-dahiya <[email protected]>
Signed-off-by: vaibhav-dahiya <[email protected]>
yxieca
approved these changes
Jul 22, 2022
yxieca
pushed a commit
that referenced
this pull request
Jul 22, 2022
…onnectivity (#275) Signed-off-by: vaibhav-dahiya [email protected] This PR adds support for creating a secure channel for gRPC between SOC and SONiC. the certs and configurations are defined in config DB config': { 'type': 'secure', 'auth_level': 'server', 'log_level': 'info' }, 'certs': { 'client_crt': path', 'client_key': 'path 'ca_crt': 'path, 'grpc_ssl_credential': 'target override' } Using this config parameter we can have secure/insecure as well as mutual/server level authentication between SoC and SONiC. This PR leverages the cert API's in gRPC lib and certs created to create a TLS based handshake if required to setup gRPC channel Description Motivation and Context Required for secure gRPC support between SONiC and SoC How Has This Been Tested? Unit-Tests and running the changes on the testbed
dprital
added a commit
to dprital/sonic-buildimage
that referenced
this pull request
Aug 9, 2022
Update sonic-platform-daemons submodule pointer to include the following: * Xcvrd changes to support 400G ZR configuration ([sonic-net#270](sonic-net/sonic-platform-daemons#270)) * [ycabled] add secure channel support for grpc dualtor active-active connectivity ([sonic-net#275](sonic-net/sonic-platform-daemons#275)) Signed-off-by: dprital <[email protected]>
7 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Signed-off-by: vaibhav-dahiya [email protected]
This PR adds support for creating a secure channel for gRPC between SOC and SONiC.
the certs and configurations are defined in config DB
Using this config parameter we can have secure/insecure as well as mutual/server level authentication between SoC and SONiC.
This PR leverages the cert API's in gRPC lib and certs created to create a TLS based handshake if required to setup gRPC channel
Description
Motivation and Context
Required for secure gRPC support between SONiC and SoC
How Has This Been Tested?
Unit-Tests and running the changes on the testbed
Additional Information (Optional)