Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SONiC YANG model for RADIUS. #12749

Merged
merged 4 commits into from
Jan 12, 2023
Merged

SONiC YANG model for RADIUS. #12749

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
f83e794
SONiC YANG model for RADIUS.
shdasari Nov 17, 2022
bdd3732
Update Configuration.md
shdasari Nov 22, 2022
ee63dc7
Update radius.json
shdasari Dec 9, 2022
bf242b9
SONiC YANG model for RADIUS.
shdasari Nov 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions src/sonic-yang-models/doc/Configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ Table of Contents
* [WRED_PROFILE](#wred_profile)
* [PASSWORD_HARDENING](#password_hardening)
* [SYSTEM_DEFAULTS table](#systemdefaults-table)
* [RADIUS](#radius)
* [For Developers](#for-developers)
* [Generating Application Config by Jinja2 Template](#generating-application-config-by-jinja2-template)
* [Incremental Configuration by Subscribing to ConfigDB](#incremental-configuration-by-subscribing-to-configdb)
Expand Down Expand Up @@ -1849,6 +1850,28 @@ The default value of flags in `SYSTEM_DEFAULTS` table can be set in `init_cfg.js
If the values in `config_db.json` is changed by user, it will not be rewritten back by `init_cfg.json` as `config_db.json` is loaded after `init_cfg.json` in [docker_image_ctl.j2](https://github.com/Azure/sonic-buildimage/blob/master/files/build_templates/docker_image_ctl.j2)

For the flags that can be changed by reconfiguration, we can update entries in `minigraph.xml`, and parse the new values in to config_db with minigraph parser at reloading minigraph. If there are duplicated entries in `init_cfg.json` and `minigraph.xml`, the values in `minigraph.xml` will overwritten the values defined in `init_cfg.json`.

### RADIUS

The RADIUS and RADIUS_SERVER tables define RADIUS configuration parameters. RADIUS table carries global configuration while RADIUS_SERVER table carries per server configuration.

```
"RADIUS": {
"global": {
"auth_type": "pap",
"timeout": "5"
}
}

"RADIUS_SERVER": {
"192.168.1.2": {
"priority": "4",
"retransmit": "2",
"timeout": "5"
}
}
```

#### 5.2.3 Update value directly in db memory

For Developers
Expand Down
1 change: 1 addition & 0 deletions src/sonic-yang-models/setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@ def run(self):
'./yang-models/sonic-syslog.yang',
'./yang-models/sonic-system-aaa.yang',
'./yang-models/sonic-system-tacacs.yang',
'./yang-models/sonic-system-radius.yang',
'./yang-models/sonic-telemetry.yang',
'./yang-models/sonic-types.yang',
'./yang-models/sonic-versions.yang',
Expand Down
13 changes: 13 additions & 0 deletions src/sonic-yang-models/tests/files/sample_config_db.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1301,6 +1301,19 @@
"timeout": "10"
}
},
"RADIUS": {
"global": {
"auth_type": "pap",
"timeout": "5"
}
},
"RADIUS_SERVER": {
"192.168.1.2": {
"priority": "4",
"retransmit": "2",
"timeout": "5"
}
},
"NAT_BINDINGS": {
"bind1": {
"nat_pool": "pool1",
Expand Down
36 changes: 36 additions & 0 deletions src/sonic-yang-models/tests/yang_model_tests/tests/radius.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"RADIUS_TEST": {
"desc": "RADIUS global configuration in the RADIUS table."
},
"RADIUS_INVALID_SRC_IP_TEST": {
"desc": "Radius global configuration with invalid Src IP value in RADIUS table.",
"eStr": "InvalidValue"
},
"RADIUS_INVALID_TIMEOUT_TEST": {
"desc": "Radius global configuration with invalid timeout in RADIUS table.",
"eStr": "RADIUS timeout must be 1..60."
},
"RADIUS_SERVER_TEST" : {
"desc": "Radius server configuration in RADIUS_SERVER table."
},
"RADIUS_SERVER_INVALID_PRIORITY_TEST": {
"desc": "Radius server configuration with invalid priority value in RADIUS_SERVER table.",
"eStr": "RADIUS priority must be 1..64."
},
"RADIUS_SERVER_INVALID_TIMEOUT_TEST" : {
"desc": "Radius server configuration with invalid timeout value in RADIUS_SERVER table.",
"eStr": "RADIUS timeout must be 1..60."
},
"RADIUS_SERVER_INVALID_RETRANSMIT_TEST" : {
"desc": "Radius server configuration with invalid retransmit value in RADIUS_SERVER table.",
"eStr": "RADIUS retransmit must be 0..10."
},
"RADIUS_SERVER_INVALID_AUTH_TYPE_TEST" : {
"desc": "Radius server configuration with invalid auth type in RADIUS_SERVER table.",
"eStrKey": "InvalidValue"
},
"RADIUS_SERVER_INVALID_VRF_TEST" : {
"desc": "Radius server configuration with invalid VRF in RADIUS_SERVER table.",
"eStr": "Invalid VRF name"
}
}
139 changes: 139 additions & 0 deletions src/sonic-yang-models/tests/yang_model_tests/tests_config/radius.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
{
"RADIUS_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS": {
"global": {
"auth_type": "chap",
"timeout": 5,
"passkey": "brcm123"
}
}
}
},

"RADIUS_INVALID_SRC_IP_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS": {
"global": {
"auth_type": "chap",
"src_ip": "INVALID"
}
}
}
},

"RADIUS_INVALID_TIMEOUT_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS": {
"global": {
"auth_type": "chap",
"timeout": 70
}
}
}
},

"RADIUS_SERVER_TEST": {
"sonic-port:sonic-port": {
"sonic-port:PORT": {
"PORT_LIST": [
{
"admin_status": "up",
"alias": "eth8",
"description": "Ethernet8",
"lanes": "65",
"mtu": 9000,
"name": "Ethernet0",
"speed": 25000
}
]
}
},

"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS_SERVER": {
"RADIUS_SERVER_LIST": [
{
"ipaddress": "192.168.1.1",
"priority": 5,
"timeout": 6,
"auth_type": "chap",
"passkey": "brcm123",
"src_intf": "Ethernet0",
"vrf": "default"
},
{
"ipaddress": "10.10.10.10",
"priority": 2,
"timeout": 15,
"auth_type": "pap",
"passkey": "sonic_123",
"vrf": "mgmt"
}
]
}
}
},

"RADIUS_SERVER_INVALID_PRIORITY_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS_SERVER": {
"RADIUS_SERVER_LIST": [
{
"ipaddress": "192.168.1.1",
"priority": 70
}
]
}
}
},
"RADIUS_SERVER_INVALID_TIMEOUT_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS_SERVER": {
"RADIUS_SERVER_LIST": [
{
"ipaddress": "192.168.1.1",
"timeout": 70
}
]
}
}
},
"RADIUS_SERVER_INVALID_RETRANSMIT_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS_SERVER": {
"RADIUS_SERVER_LIST": [
{
"ipaddress": "192.168.1.1",
"retransmit": 20
}
]
}
}
},
"RADIUS_SERVER_INVALID_AUTH_TYPE_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS_SERVER": {
"RADIUS_SERVER_LIST": [
{
"ipaddress": "192.168.1.1",
"auth_type": "123"
}
]
}
}
},
"RADIUS_SERVER_INVALID_VRF_TEST": {
"sonic-system-radius:sonic-system-radius": {
"sonic-system-radius:RADIUS_SERVER": {
"RADIUS_SERVER_LIST": [
{
"ipaddress": "192.168.1.1",
"vrf": "Vrf1"
}
]
}
}
}

}
Loading