From b2e3ba800e2625a74fd188d8ad0b1f75877e553a Mon Sep 17 00:00:00 2001
From: Renuka Manavalan <47282725+renukamanavalan@users.noreply.github.com>
Date: Mon, 11 Jan 2021 13:57:20 -0800
Subject: [PATCH] [tacacs]: Restore from TACACS backup if present, upon
 load-minigraph during update-graph action. (#6407)

Why I did it
During upgrade, if config is loaded from minigraph, it would miss TACACS credentials. This leads to device losing remote user accessibility

- How I did it
During update graph, when config is loaded from minigraph, look for TACACS credentials back-up and load that if available

- How to verify it
Remove /etc/sonic/config-db.json, save TACACS credentials in /etc/sonic/tacacs.json and do a Image upgrade. Do image upgrade and boot into new image. Verify remote user access is available.

NOTE: This change is available in master via PR #6285
---
 files/image_config/updategraph/updategraph | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/files/image_config/updategraph/updategraph b/files/image_config/updategraph/updategraph
index 2eb510afa4e1..f4fef806a86b 100755
--- a/files/image_config/updategraph/updategraph
+++ b/files/image_config/updategraph/updategraph
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 CONFIG_DB_INDEX=4
+TACACS_JSON_BACKUP=tacacs.json
 
 reload_minigraph()
 {
@@ -15,6 +16,11 @@ reload_minigraph()
         acl-loader update full /etc/sonic/acl.json
     fi
     config qos reload
+    if [ -r /etc/sonic/old_config/${TACACS_JSON_BACKUP} ]; then
+        sonic-cfggen -j /etc/sonic/old_config/${TACACS_JSON_BACKUP} --write-to-db
+    else
+        echo "Missing tacacs json to restore tacacs credentials"
+    fi
     DEVICE_TYPE=`sonic-cfggen -m -v DEVICE_METADATA.localhost.type`
     if [ "${DEVICE_TYPE}" != "MgmtToRRouter" ]; then
         pfcwd start_default