diff --git a/src/sonic-yang-models/doc/Configuration.md b/src/sonic-yang-models/doc/Configuration.md index ff18aff979..060751ab4d 100644 --- a/src/sonic-yang-models/doc/Configuration.md +++ b/src/sonic-yang-models/doc/Configuration.md @@ -46,6 +46,7 @@ Table of Contents * [Scheduler](#scheduler) * [Port QoS Map](#port-qos-map) * [Queue](#queue) + * [Restapi](#restapi) * [Tacplus Server](#tacplus-server) * [TC to Priority group map](#tc-to-priority-group-map) * [TC to Queue map](#tc-to-queue-map) @@ -1412,6 +1413,23 @@ name as object key and member list as attribute. } ``` +### Restapi +``` +{ +"RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "server_crt": "/etc/sonic/credentials/restapiserver.crt", + "client_crt_cname": "client.sonic.net" + }, + "config": { + "client_auth": "true", + "log_level": "trace", + "allow_insecure": "false" + } +} +``` ### Tacplus Server diff --git a/src/sonic-yang-models/setup.py b/src/sonic-yang-models/setup.py index 2083217541..db9fb9d4f5 100644 --- a/src/sonic-yang-models/setup.py +++ b/src/sonic-yang-models/setup.py @@ -151,6 +151,7 @@ setup( './yang-models/sonic-scheduler.yang', './yang-models/sonic-wred-profile.yang', './yang-models/sonic-queue.yang', + './yang-models/sonic-restapi.yang', './yang-models/sonic-dscp-fc-map.yang', './yang-models/sonic-exp-fc-map.yang', './yang-models/sonic-dscp-tc-map.yang', diff --git a/src/sonic-yang-models/tests/files/sample_config_db.json b/src/sonic-yang-models/tests/files/sample_config_db.json index 7beca6d2af..7911070404 100644 --- a/src/sonic-yang-models/tests/files/sample_config_db.json +++ b/src/sonic-yang-models/tests/files/sample_config_db.json @@ -1122,6 +1122,19 @@ "port": "50051" } }, + "RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "server_crt": "/etc/sonic/credentials/restapiserver.crt", + "client_crt_cname": "client.sonic.net" + }, + "config": { + "client_auth": "true", + "log_level": "trace", + "allow_insecure": "false" + } + }, "FLEX_COUNTER_TABLE": { "PFCWD": { "FLEX_COUNTER_STATUS": "enable" diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/restapi.json b/src/sonic-yang-models/tests/yang_model_tests/tests/restapi.json new file mode 100644 index 0000000000..e18d6e163c --- /dev/null +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/restapi.json @@ -0,0 +1,13 @@ +{ + "RESTAPI_TABLE_WITH_INCORRECT_CERT": { + "desc": "RESTAPI TABLE_WITH_INCORRECT_CERT failure.", + "eStr": ["Value", "does not satisfy the constraint"] + }, + "RESTAPI_TABLE_WITH_INCORRECT_CLIENT": { + "desc": "RESTAPI TABLE_WITH_INCORRECT_CLIENT failure.", + "eStr": ["Value", "does not satisfy the constraint"] + }, + "RESTAPI_TABLE_WITH_VALID_CONFIG": { + "desc": "RESTAPI TABLE WITH VALID CONFIG." + } +} diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/restapi.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/restapi.json new file mode 100644 index 0000000000..8ae212ed70 --- /dev/null +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/restapi.json @@ -0,0 +1,38 @@ +{ + "RESTAPI_TABLE_WITH_INCORRECT_CERT": { + "sonic-restapi:sonic-restapi": { + "sonic-restapi:RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_crt": "a/b/c", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "client_crt_cname": "client" + } + } + } + }, + "RESTAPI_TABLE_WITH_INCORRECT_CLIENT": { + "sonic-restapi:sonic-restapi": { + "sonic-restapi:RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_crt": "/etc/sonic/credentials/restapiserver.crt", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "client_crt_cname": "/client" + } + } + } + }, + "RESTAPI_TABLE_WITH_VALID_CONFIG": { + "sonic-restapi:sonic-restapi": { + "sonic-restapi:RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_crt": "/etc/sonic/credentials/restapiserver.crt", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "client_crt_cname": "client.sonic.net" + } + } + } + } +} diff --git a/src/sonic-yang-models/yang-models/sonic-restapi.yang b/src/sonic-yang-models/yang-models/sonic-restapi.yang new file mode 100644 index 0000000000..e049e2fa5c --- /dev/null +++ b/src/sonic-yang-models/yang-models/sonic-restapi.yang @@ -0,0 +1,85 @@ +module sonic-restapi { + + yang-version 1.1; + + namespace "http://github.com/Azure/sonic-restapi"; + prefix restapi; + + import ietf-inet-types { + prefix inet; + } + + organization + "SONiC"; + + contact + "SONiC"; + + description "RESTAPI YANG Module for SONiC OS"; + + revision 2022-10-05 { + description "First Revision"; + } + + container sonic-restapi { + + container RESTAPI { + + description "RESTAPI TABLE part of config_db.json"; + + container certs { + + leaf ca_crt { + type string { + pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).([a-z]+)'; + } + description "Local path for ca_crt."; + } + + leaf server_crt { + type string { + pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).crt'; + } + description "Local path for server_crt."; + } + + leaf client_crt_cname { + type string { + pattern '([a-zA-Z0-9_\-\.]+)'; + } + description "Client cert name."; + } + + leaf server_key { + type string { + pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).key'; + } + description "Local path for server_key."; + } + + } + + container config { + + leaf client_auth { + type boolean; + default true; + description "Enable client authentication"; + } + + leaf log_level { + type string { + pattern "trace|info"; + } + description "container log level for restapi"; + } + + leaf allow_insecure { + type boolean; + default false; + description "Allow insecure connection"; + } + } + } + } +}