add Restapi Yang model (#12379)

#### Why I did it Reverting PR https://github.com/sonic-net/sonic-buildimage/pull/12374 Fix build issues This PR fixed https://github.com/sonic-net/sonic-buildimage/issues/10548
2022-10-14 22:27:06 -07:00 · 2022-10-14 22:27:06 -07:00 · 1f2ee7b729
commit 1f2ee7b729
parent 629343e0b7
6 changed files with 168 additions and 0 deletions
--- a/src/sonic-yang-models/doc/Configuration.md
+++ b/src/sonic-yang-models/doc/Configuration.md
@ -46,6 +46,7 @@ Table of Contents
         * [Scheduler](#scheduler)  
         * [Port QoS Map](#port-qos-map)  
         * [Queue](#queue)  
+         * [Restapi](#restapi)  
         * [Tacplus Server](#tacplus-server)    
         * [TC to Priority group map](#tc-to-priority-group-map)  
         * [TC to Queue map](#tc-to-queue-map)    
@ -1412,6 +1413,23 @@ name as object key and member list as attribute.
 }
 ```

+### Restapi
+```
+{
+"RESTAPI": {
+    "certs": {
+        "ca_crt": "/etc/sonic/credentials/ame_root.pem",
+        "server_key": "/etc/sonic/credentials/restapiserver.key",
+        "server_crt": "/etc/sonic/credentials/restapiserver.crt",
+        "client_crt_cname": "client.sonic.net"
+    },
+    "config": {
+        "client_auth": "true",
+        "log_level": "trace",
+        "allow_insecure": "false"
+    }
+}
+```

 ### Tacplus Server

--- a/src/sonic-yang-models/setup.py
+++ b/src/sonic-yang-models/setup.py
@ -151,6 +151,7 @@ setup(
                         './yang-models/sonic-scheduler.yang',
                         './yang-models/sonic-wred-profile.yang',
                         './yang-models/sonic-queue.yang',
+                         './yang-models/sonic-restapi.yang',
                         './yang-models/sonic-dscp-fc-map.yang',
                         './yang-models/sonic-exp-fc-map.yang',
                         './yang-models/sonic-dscp-tc-map.yang',
--- a/src/sonic-yang-models/tests/files/sample_config_db.json
+++ b/src/sonic-yang-models/tests/files/sample_config_db.json
@ -1122,6 +1122,19 @@
 		"port": "50051"
 	    }
        },
+        "RESTAPI": {
+            "certs": {
+                "ca_crt": "/etc/sonic/credentials/ame_root.pem",
+                "server_key": "/etc/sonic/credentials/restapiserver.key",
+                "server_crt": "/etc/sonic/credentials/restapiserver.crt",
+                "client_crt_cname": "client.sonic.net"
+            },
+	    "config": {
+                "client_auth": "true",
+                "log_level": "trace",
+                "allow_insecure": "false"
+            }
+         },
        "FLEX_COUNTER_TABLE": {
            "PFCWD": {
                "FLEX_COUNTER_STATUS": "enable"
--- a/src/sonic-yang-models/tests/yang_model_tests/tests/restapi.json
+++ b/src/sonic-yang-models/tests/yang_model_tests/tests/restapi.json
@ -0,0 +1,13 @@
+{
+    "RESTAPI_TABLE_WITH_INCORRECT_CERT": {
+        "desc": "RESTAPI TABLE_WITH_INCORRECT_CERT failure.",
+        "eStr": ["Value", "does not satisfy the constraint"]
+    },
+    "RESTAPI_TABLE_WITH_INCORRECT_CLIENT": {
+        "desc": "RESTAPI TABLE_WITH_INCORRECT_CLIENT failure.",
+        "eStr": ["Value", "does not satisfy the constraint"]
+    },
+    "RESTAPI_TABLE_WITH_VALID_CONFIG": {
+        "desc": "RESTAPI TABLE WITH VALID CONFIG."
+    }
+}
--- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/restapi.json
+++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/restapi.json
@ -0,0 +1,38 @@
+{
+    "RESTAPI_TABLE_WITH_INCORRECT_CERT": {
+        "sonic-restapi:sonic-restapi": {
+            "sonic-restapi:RESTAPI": {
+                "certs": {
+                    "ca_crt": "/etc/sonic/credentials/ame_root.pem",
+                    "server_crt": "a/b/c",
+                    "server_key": "/etc/sonic/credentials/restapiserver.key",
+                    "client_crt_cname": "client"
+                }
+            }
+        }
+    },
+    "RESTAPI_TABLE_WITH_INCORRECT_CLIENT": {
+        "sonic-restapi:sonic-restapi": {
+            "sonic-restapi:RESTAPI": {
+                "certs": {
+                    "ca_crt": "/etc/sonic/credentials/ame_root.pem",
+                    "server_crt": "/etc/sonic/credentials/restapiserver.crt",
+                    "server_key": "/etc/sonic/credentials/restapiserver.key",
+                    "client_crt_cname": "/client"
+                }
+            }
+        }
+    },
+    "RESTAPI_TABLE_WITH_VALID_CONFIG": {
+        "sonic-restapi:sonic-restapi": {
+            "sonic-restapi:RESTAPI": {
+                "certs": {
+                    "ca_crt": "/etc/sonic/credentials/ame_root.pem",
+                    "server_crt": "/etc/sonic/credentials/restapiserver.crt",
+                    "server_key": "/etc/sonic/credentials/restapiserver.key",
+                    "client_crt_cname": "client.sonic.net"
+                }
+            }
+        }
+    }
+}
--- a/src/sonic-yang-models/yang-models/sonic-restapi.yang
+++ b/src/sonic-yang-models/yang-models/sonic-restapi.yang
@ -0,0 +1,85 @@
+module sonic-restapi {
+
+    yang-version 1.1;
+
+    namespace "http://github.com/Azure/sonic-restapi";
+    prefix restapi;
+
+    import ietf-inet-types {
+        prefix inet;
+    }
+
+    organization
+        "SONiC";
+
+    contact
+        "SONiC";
+
+    description "RESTAPI YANG Module for SONiC OS";
+
+    revision 2022-10-05 {
+        description "First Revision";
+    }
+
+    container sonic-restapi {
+
+        container RESTAPI {
+
+            description "RESTAPI TABLE part of config_db.json";
+
+            container certs {
+
+                leaf ca_crt {
+                    type string {
+                        pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).([a-z]+)';
+                    }
+                    description "Local path for ca_crt.";
+                }
+
+                leaf server_crt {
+                    type string {
+                        pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).crt';
+                    }
+                    description "Local path for server_crt.";
+                }
+
+                leaf client_crt_cname {
+                    type string {
+                        pattern '([a-zA-Z0-9_\-\.]+)';
+                    }
+                    description "Client cert name.";
+                }
+
+                leaf server_key {
+                    type string {
+                        pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).key';
+                    }
+                    description "Local path for server_key.";
+                }
+
+            }
+
+            container config {
+
+                leaf client_auth {
+                    type  boolean;
+                    default true;
+                    description "Enable client authentication";
+                }
+
+                leaf log_level {
+                    type string {
+                        pattern "trace|info";
+                    }
+                    description "container log level for restapi";
+                }
+
+                leaf allow_insecure {
+                    type  boolean;
+                    default false;
+                    description "Allow insecure connection";
+                }
+            }
+        }
+    }
+}