Skip to content

Commit

Permalink
Translib support for authorization, yang versioning and Delete flag (s…
Browse files Browse the repository at this point in the history
…onic-net#21)

Translib support for user authorization, yang versioning and Delete flag to indicate if the object needs to be deleted on last field delete needed for CLI
  • Loading branch information
anand-kumar-subramanian authored Sep 30, 2020
1 parent 80f369e commit dbf1093
Show file tree
Hide file tree
Showing 11 changed files with 642 additions and 17 deletions.
1 change: 1 addition & 0 deletions debian/sonic-mgmt-common.install
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ models/yang/sonic/*.yang usr/models/yang
models/yang/sonic/common/*.yang usr/models/yang
models/yang/annotations/*.yang usr/models/yang
config/transformer/models_list usr/models/yang
models/yang/version.xml usr/models/yang

# CVL files
build/cvl/schema usr/sbin
Expand Down
51 changes: 51 additions & 0 deletions models/yang/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# YANG directory

## Directory structure

yang/ --> Standard YANGs
|-- annotations/ --> Transformer annotations
|-- common/ --> Dependencies for standard YANGs
|-- extensions/ --> Extenstions for standard YANGs
|-- sonic/ --> SONiC yangs
|-- testdata/ --> Test YANGs - ignored
`-- version.xml --> YANG bundle version configuration file

All supported standard YANG files (OpenConfig and IETF) are kept in this **yang** directory. Usual practice is to keep only top level YANG module here and keep dependent YANGs, submodules in **yang/common** directory.

Example: openconfig-platform.yang is kept in top **yang** directory and openconfig-platform-types.yang in **yang/common** directory.

All extenstion YANGs **MUST** be kept in **yang/extensions** directory.

## version.xml

version.xml file maintains the yang bundle version number in **Major.Minor.Patch** format.
It is the collective version number for all the YANG modules defined here.
**UPDATE THIS VERSION NUMBER FOR EVERY YANG CHANGE.**

**Major version** should be incremented if YANG model is changed in a non backward compatible manner.
Such changes should be avoided.

* Delete, rename or relocate data node
* Change list key attributes
* Change data type of a node to an incompatible type
* Change leafref target

**Minor version** should be incremented if the YANG change modifies the API in a backward
compatible way. Patch version should be reset to 0.
Candidate YANG changes for this category are:

* Add new YANG module
* Add new YANG data nodes
* Mark a YANG data node as deprecated
* Change data type of a node to a compatible type
* Add new enum or identity

**Patch version** should incremented for cosmetic fixes that do not change YANG API.
Candidate YANG changes for this category are:

* Change description, beautification.
* Expand pattern or range of a node to wider set.
* Change must expression to accept more cases.
* Error message or error tag changes.


36 changes: 36 additions & 0 deletions models/yang/version.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
<version-config>
<!--
yang-bundle-version configuration indicates the version
for the collection of all yang modules.
Update the version numbers here for every yang change.
Bump up MAJOR version only if the yang change are not
backward compatible.
+ Renaming or relocating of data nodes
+ Deleting unsupported configs
+ Changing list key attributes
+ Incompatible data type changes
+ Changing leafref target
Bump up MINOR version number for all backward compatible
API changes.
+ Add new config node
+ Data type changes like pattern, range (that are backward compatibile)
+ Adding new enum/identity
Bump up PATCH number for cosmetic fixes that do not affect any API
+ Description changes, beautification
+ Must expression and validations that are backward compatibile
+ error-tag, error-message
+ max-elements, min-elements
+ Mark a node as deprecated
-->
<yang-bundle-version>
<Major>1</Major>
<Minor>0</Minor>
<Patch>0</Patch>
</yang-bundle-version>

</version-config>

4 changes: 4 additions & 0 deletions translib/app_interface.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,10 @@ type appOptions struct {
// 0 indicates unlimited depth.
// Valid for GET API only.
depth uint

// deleteEmptyEntry indicates if the db entry should be deleted upon
// deletion of last field. This is a non standard option.
deleteEmptyEntry bool
}

//map containing the base path to app module info
Expand Down
81 changes: 81 additions & 0 deletions translib/authorize.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
////////////////////////////////////////////////////////////////////////////////
// //
// Copyright 2019 Broadcom. The term Broadcom refers to Broadcom Inc. and/or //
// its subsidiaries. //
// //
// Licensed under the Apache License, Version 2.0 (the "License"); //
// you may not use this file except in compliance with the License. //
// You may obtain a copy of the License at //
// //
// http://www.apache.org/licenses/LICENSE-2.0 //
// //
// Unless required by applicable law or agreed to in writing, software //
// distributed under the License is distributed on an "AS IS" BASIS, //
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. //
// See the License for the specific language governing permissions and //
// limitations under the License. //
// //
////////////////////////////////////////////////////////////////////////////////

/*
Package translib defines the functions to be used to authorize
an incoming user. It also includes caching of the UserDB data
needed to authorize the user.
*/

package translib

func isAuthorizedForSet(req SetRequest) bool {
if !req.AuthEnabled {
return true
}
for _, r := range req.User.Roles {
if r == "admin" {
return true
}
}
return false
}

func isAuthorizedForBulk(req BulkRequest) bool {
if !req.AuthEnabled {
return true
}
for _, r := range req.User.Roles {
if r == "admin" {
return true
}
}
return false
}

func isAuthorizedForGet(req GetRequest) bool {
if !req.AuthEnabled {
return true
}
return true
}

func isAuthorizedForSubscribe(req SubscribeRequest) bool {
if !req.AuthEnabled {
return true
}
return true
}

func isAuthorizedForIsSubscribe(req IsSubscribeRequest) bool {
if !req.AuthEnabled {
return true
}
return true
}

func isAuthorizedForAction(req ActionRequest) bool {
if !req.AuthEnabled {
return true
}
return true
}
8 changes: 8 additions & 0 deletions translib/tlerr/app_errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,9 @@ type NotSupportedError errordata
// InternalError indicates a generic error during app execution.
type InternalError errordata

// AuthorizationError indicates the user is not authorized for an operation.
type AuthorizationError errordata

/////////////

func (e InvalidArgsError) Error() string {
Expand Down Expand Up @@ -90,3 +93,8 @@ func (e InternalError) Error() string {
func New(msg string, args ...interface{}) InternalError {
return InternalError{Format: msg, Args: args}
}

func (e AuthorizationError) Error() string {
return p.Sprintf(e.Format, e.Args...)
}

11 changes: 11 additions & 0 deletions translib/tlerr/tlerr.go
Original file line number Diff line number Diff line change
Expand Up @@ -101,3 +101,14 @@ type TranslibSyntaxValidationError struct {
func (e TranslibSyntaxValidationError) Error() string {
return p.Sprintf("%s", e.ErrorStr)
}

type TranslibUnsupportedClientVersion struct {
ClientVersion string
ServerVersion string
ServerBaseVersion string
}

func (e TranslibUnsupportedClientVersion) Error() string {
return p.Sprintf("Unsupported client version %s", e.ClientVersion)
}

Loading

0 comments on commit dbf1093

Please sign in to comment.