diff --git a/src/sonic-restapi b/src/sonic-restapi index bcc6f704a5..86543d0db5 160000 --- a/src/sonic-restapi +++ b/src/sonic-restapi @@ -1 +1 @@ -Subproject commit bcc6f704a54454f326f069501b01759dbb732bb3 +Subproject commit 86543d0db544362bb27912ed40449920c3d7c0d1 diff --git a/src/sonic-yang-models/doc/Configuration.md b/src/sonic-yang-models/doc/Configuration.md index bd7b51ce5a..d36a6b6374 100644 --- a/src/sonic-yang-models/doc/Configuration.md +++ b/src/sonic-yang-models/doc/Configuration.md @@ -46,6 +46,7 @@ Table of Contents * [Scheduler](#scheduler) * [Port QoS Map](#port-qos-map) * [Queue](#queue) + * [Restapi](#restapi) * [Tacplus Server](#tacplus-server) * [TC to Priority group map](#tc-to-priority-group-map) * [TC to Queue map](#tc-to-queue-map) @@ -1411,6 +1412,18 @@ name as object key and member list as attribute. } ``` +### Restapi +``` +{ +"RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "server_crt": "/etc/sonic/credentials/restapiserver.crt", + "client_crt_cname": "client.sonic.net" + } +} +``` ### Tacplus Server diff --git a/src/sonic-yang-models/setup.py b/src/sonic-yang-models/setup.py index aee9d4650c..74c081ef14 100644 --- a/src/sonic-yang-models/setup.py +++ b/src/sonic-yang-models/setup.py @@ -148,6 +148,7 @@ setup( './yang-models/sonic-scheduler.yang', './yang-models/sonic-wred-profile.yang', './yang-models/sonic-queue.yang', + './yang-models/sonic-restapi.yang', './yang-models/sonic-dscp-fc-map.yang', './yang-models/sonic-exp-fc-map.yang', './yang-models/sonic-dscp-tc-map.yang', diff --git a/src/sonic-yang-models/tests/files/sample_config_db.json b/src/sonic-yang-models/tests/files/sample_config_db.json index 6c1f47d80f..7207d4337a 100644 --- a/src/sonic-yang-models/tests/files/sample_config_db.json +++ b/src/sonic-yang-models/tests/files/sample_config_db.json @@ -1118,6 +1118,14 @@ "port": "50051" } }, + "RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "server_crt": "/etc/sonic/credentials/restapiserver.crt", + "client_crt_cname": "client.sonic.net" + } + }, "FLEX_COUNTER_TABLE": { "PFCWD": { "FLEX_COUNTER_STATUS": "enable" diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/restapi.json b/src/sonic-yang-models/tests/yang_model_tests/tests/restapi.json new file mode 100644 index 0000000000..0804ceac58 --- /dev/null +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/restapi.json @@ -0,0 +1,9 @@ +{ + "RESTAPI_TABLE_WITH_INCORRECT_CERT": { + "desc": "RESTAPI TABLE_WITH_INCORRECT_CERT failure.", + "eStr": ["server_crt"] + }, + "RESTAPI_TABLE_WITH_VALID_CONFIG": { + "desc": "RESTAPI TABLE WITH VALID CONFIG." + } +} diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/restapi.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/restapi.json new file mode 100644 index 0000000000..48505a0e0c --- /dev/null +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/restapi.json @@ -0,0 +1,26 @@ +{ + "RESTAPI_TABLE_WITH_INCORRECT_CERT": { + "sonic-restapi:sonic-restapi": { + "sonic-restapi:RESTAPI": { + "certs": { + "ca_crt": "abcd.config", + "server_crt": "a/b/c", + "server_key": "123", + "client_crt_cname": "client" + } + } + } + }, + "RESTAPI_TABLE_WITH_VALID_CONFIG": { + "sonic-restapi:sonic-restapi": { + "sonic-restapi:RESTAPI": { + "certs": { + "ca_crt": "/etc/sonic/credentials/ame_root.pem", + "server_crt": "/etc/sonic/credentials/restapiserver.crt", + "server_key": "/etc/sonic/credentials/restapiserver.key", + "client_crt_cname": "client.sonic.net" + } + } + } + } +} diff --git a/src/sonic-yang-models/yang-models/sonic-restapi.yang b/src/sonic-yang-models/yang-models/sonic-restapi.yang new file mode 100644 index 0000000000..d42db48648 --- /dev/null +++ b/src/sonic-yang-models/yang-models/sonic-restapi.yang @@ -0,0 +1,63 @@ +module sonic-restapi { + + yang-version 1.1; + + namespace "http://github.com/Azure/sonic-restapi"; + prefix restapi; + + import ietf-inet-types { + prefix inet; + } + + organization + "SONiC"; + + contact + "SONiC"; + + description "RESTAPI YANG Module for SONiC OS"; + + revision 2022-10-05 { + description "First Revision"; + } + + container sonic-restapi { + + container RESTAPI { + + description "RESTAPI TABLE part of config_db.json"; + + container certs { + + leaf ca_crt { + type string { + pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).pem'; + } + description "Local path for ca_crt."; + } + + leaf server_crt { + type string { + pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).crt'; + } + description "Local path for server_crt."; + } + + leaf client_crt_cname { + type string { + pattern '(/[a-zA-Z0-9_-.]+)*/([a-zA-Z0-9_-.]+)./[a-z]{3}'; + } + description "Client cert name."; + } + + leaf server_key { + type string { + pattern '(/[a-zA-Z0-9_-]+)*/([a-zA-Z0-9_-]+).key'; + } + description "Local path for server_key."; + } + + } + } + } +}