Skip to content

Commit

Permalink
SONiC YANG model for RADIUS. (#12749)
Browse files Browse the repository at this point in the history 
#### Why I did it
Added SONiC YANG model for RADIUS. 
Fixes #12477 

#### How I did it
Added the RADIUS and RADIUS_SERVER tables for global and per RADIUS server configuration. RADIUS statistics reside in COUNTERS_DB and are not part of the configuration. These are not a part of this PR.

#### How to verify it
Compiled sonic_yang_mgmt-1.0-py3-none-any.whl.

#### Description for the changelog
SONiC YANG model for RADIUS.
  • Loading branch information
@shdasari
shdasari committed Jan 12, 2023
1 parent 21e507e commit 97161ae
Show file tree
Hide file tree
Showing 6 changed files with 427 additions and 0 deletions.
23 changes: 23 additions & 0 deletions src/sonic-yang-models/doc/Configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ Table of Contents
* [WRED_PROFILE](#wred_profile)
* [PASSWORD_HARDENING](#password_hardening)
* [SYSTEM_DEFAULTS table](#systemdefaults-table)
* [RADIUS](#radius)
* [For Developers](#for-developers)
* [Generating Application Config by Jinja2 Template](#generating-application-config-by-jinja2-template)
* [Incremental Configuration by Subscribing to ConfigDB](#incremental-configuration-by-subscribing-to-configdb)
Expand Down Expand Up @@ -1969,6 +1970,28 @@ The default value of flags in `SYSTEM_DEFAULTS` table can be set in `init_cfg.js
If the values in `config_db.json` is changed by user, it will not be rewritten back by `init_cfg.json` as `config_db.json` is loaded after `init_cfg.json` in [docker_image_ctl.j2](https://github.com/Azure/sonic-buildimage/blob/master/files/build_templates/docker_image_ctl.j2)

For the flags that can be changed by reconfiguration, we can update entries in `minigraph.xml`, and parse the new values in to config_db with minigraph parser at reloading minigraph. If there are duplicated entries in `init_cfg.json` and `minigraph.xml`, the values in `minigraph.xml` will overwritten the values defined in `init_cfg.json`.

### RADIUS

The RADIUS and RADIUS_SERVER tables define RADIUS configuration parameters. RADIUS table carries global configuration while RADIUS_SERVER table carries per server configuration.

```
"RADIUS": {
"global": {
"auth_type": "pap",
"timeout": "5"
}
}
"RADIUS_SERVER": {
"192.168.1.2": {
"priority": "4",
"retransmit": "2",
"timeout": "5"
}
}
```

#### 5.2.3 Update value directly in db memory

For Developers
Expand Down
1 change: 1 addition & 0 deletions src/sonic-yang-models/setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@ def run(self):
'./yang-models/sonic-syslog.yang',
'./yang-models/sonic-system-aaa.yang',
'./yang-models/sonic-system-tacacs.yang',
'./yang-models/sonic-system-radius.yang',
'./yang-models/sonic-telemetry.yang',
'./yang-models/sonic-tunnel.yang',
'./yang-models/sonic-types.yang',
Expand Down
13 changes: 13 additions & 0 deletions src/sonic-yang-models/tests/files/sample_config_db.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1349,6 +1349,19 @@
"timeout": "10"
}
},
"RADIUS": {
"global": {
"auth_type": "pap",
"timeout": "5"
}
},
"RADIUS_SERVER": {
"192.168.1.2": {
"priority": "4",
"retransmit": "2",
"timeout": "5"
}
},
"NAT_BINDINGS": {
"bind1": {
"nat_pool": "pool1",
Expand Down
36 changes: 36 additions & 0 deletions src/sonic-yang-models/tests/yang_model_tests/tests/radius.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"RADIUS_TEST": {
"desc": "RADIUS global configuration in the RADIUS table."
},
"RADIUS_INVALID_SRC_IP_TEST": {
"desc": "Radius global configuration with invalid Src IP value in RADIUS table.",
"eStr": "InvalidValue"
},
"RADIUS_INVALID_TIMEOUT_TEST": {
"desc": "Radius global configuration with invalid timeout in RADIUS table.",
"eStr": "RADIUS timeout must be 1..60."
},
"RADIUS_SERVER_TEST" : {
"desc": "Radius server configuration in RADIUS_SERVER table."
},
"RADIUS_SERVER_INVALID_PRIORITY_TEST": {
"desc": "Radius server configuration with invalid priority value in RADIUS_SERVER table.",
"eStr": "RADIUS priority must be 1..64."
},
"RADIUS_SERVER_INVALID_TIMEOUT_TEST" : {
"desc": "Radius server configuration with invalid timeout value in RADIUS_SERVER table.",
"eStr": "RADIUS timeout must be 1..60."
},
"RADIUS_SERVER_INVALID_RETRANSMIT_TEST" : {
"desc": "Radius server configuration with invalid retransmit value in RADIUS_SERVER table.",
"eStr": "RADIUS retransmit must be 0..10."
},
"RADIUS_SERVER_INVALID_AUTH_TYPE_TEST" : {
"desc": "Radius server configuration with invalid auth type in RADIUS_SERVER table.",
"eStrKey": "InvalidValue"
},
"RADIUS_SERVER_INVALID_VRF_TEST" : {
"desc": "Radius server configuration with invalid VRF in RADIUS_SERVER table.",
"eStr": "Invalid VRF name"
}
}
139 changes: 139 additions & 0 deletions src/sonic-yang-models/tests/yang_model_tests/tests_config/radius.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
{
"RADIUS_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS": {
"global": {
"auth_type": "chap",
"timeout": 5,
"passkey": "brcm123"
}
}
}
},

"RADIUS_INVALID_SRC_IP_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS": {
"global": {
"auth_type": "chap",
"src_ip": "INVALID"
}
}
}
},

"RADIUS_INVALID_TIMEOUT_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS": {
"global": {
"auth_type": "chap",
"timeout": 70
}
}
}
},

"RADIUS_SERVER_TEST": {
"sonic-port:sonic-port": {
"sonic-port:PORT": {
"PORT_LIST": [
{
"admin_status": "up",
"alias": "eth8",
"description": "Ethernet8",
"lanes": "65",
"mtu": 9000,
"name": "Ethernet0",
"speed": 25000
}
]
}
},

"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS_SERVER": {
"RADIUS_SERVER_LIST": [
{
"ipaddress": "192.168.1.1",
"priority": 5,
"timeout": 6,
"auth_type": "chap",
"passkey": "brcm123",
"src_intf": "Ethernet0",
"vrf": "default"
},
{
"ipaddress": "10.10.10.10",
"priority": 2,
"timeout": 15,
"auth_type": "pap",
"passkey": "sonic_123",
"vrf": "mgmt"
}
]
}
}
},

"RADIUS_SERVER_INVALID_PRIORITY_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS_SERVER": {
"RADIUS_SERVER_LIST": [
{
"ipaddress": "192.168.1.1",
"priority": 70
}
]
}
}
},
"RADIUS_SERVER_INVALID_TIMEOUT_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS_SERVER": {
"RADIUS_SERVER_LIST": [
{
"ipaddress": "192.168.1.1",
"timeout": 70
}
]
}
}
},
"RADIUS_SERVER_INVALID_RETRANSMIT_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS_SERVER": {
"RADIUS_SERVER_LIST": [
{
"ipaddress": "192.168.1.1",
"retransmit": 20
}
]
}
}
},
"RADIUS_SERVER_INVALID_AUTH_TYPE_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS_SERVER": {
"RADIUS_SERVER_LIST": [
{
"ipaddress": "192.168.1.1",
"auth_type": "123"
}
]
}
}
},
"RADIUS_SERVER_INVALID_VRF_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS_SERVER": {
"RADIUS_SERVER_LIST": [
{
"ipaddress": "192.168.1.1",
"vrf": "Vrf1"
}
]
}
}
}

}
Loading

0 comments on commit 97161ae

Please sign in to comment.