[mgmt-framework]: REST server cert configurations (#4799)

REST and telemetry servers were using "DEVICE_METADATA|x509" table for
server certificate configurations. This table has been deprecated now.
Enhanced REST server startup script to read server certificate file
path configurations from REST_SERVER table. Three more attributes -
server_crt, server_key and ca_crt are introduced as described in
https://github.com/Azure/SONiC/pull/550.

For backard compatibility, certificate configurations are read from
old "DEVICE_METADATA|x509" table if they (server_crt, server_key and
ca_crt) are not present in REST_SERVER table.

Fixes bug https://github.com/Azure/sonic-buildimage/issues/4291

Signed-off-by: Sachin Holla <sachin.holla@broadcom.com>
This commit is contained in:
Sachin Holla 2020-06-19 13:16:03 +05:30 committed by GitHub
parent 88c5d2233b
commit 3dc7992a6e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -2,23 +2,23 @@
# Startup script for SONiC Management REST Server
SERVER_PORT=
LOG_LEVEL=
CLIENT_AUTH=
SERVER_CRT=
SERVER_KEY=
CA_CERT=
# Read basic server settings from REST_SERVER|default entry
HAS_REST_CONFIG=$(sonic-cfggen -d -v "1 if REST_SERVER and REST_SERVER['default']")
if [ "$HAS_REST_CONFIG" == "1" ]; then
SERVER_PORT=$(sonic-cfggen -d -v "REST_SERVER['default']['port']")
CLIENT_AUTH=$(sonic-cfggen -d -v "REST_SERVER['default']['client_auth']")
LOG_LEVEL=$(sonic-cfggen -d -v "REST_SERVER['default']['log_level']")
SERVER_CRT=$(sonic-cfggen -d -v "REST_SERVER['default']['server_crt']")
SERVER_KEY=$(sonic-cfggen -d -v "REST_SERVER['default']['server_key']")
CA_CRT=$(sonic-cfggen -d -v "REST_SERVER['default']['ca_crt']")
fi
if [[ -z $SERVER_CRT ]] && [[ -z $SERVER_KEY ]] && [[ -z $CA_CRT ]]; then
HAS_X509_CONFIG=$(sonic-cfggen -d -v "1 if DEVICE_METADATA and DEVICE_METADATA['x509']")
fi
# Read certificate file paths from DEVICE_METADATA|x509 entry.
HAS_X509_CONFIG=$(sonic-cfggen -d -v "1 if DEVICE_METADATA and DEVICE_METADATA['x509']")
if [ "$HAS_X509_CONFIG" == "1" ]; then
SERVER_CRT=$(sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_crt']")
SERVER_KEY=$(sonic-cfggen -d -v "DEVICE_METADATA['x509']['server_key']")