diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 0175f5e1..579d5548 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -17,8 +17,8 @@ resources: repositories: - repository: sonic-mgmt-common type: github - name: Azure/sonic-mgmt-common - endpoint: build + name: sonic-net/sonic-mgmt-common + endpoint: sonic-net stages: - stage: Build diff --git a/gnmi_server/server.go b/gnmi_server/server.go index 7938c990..7001fd52 100644 --- a/gnmi_server/server.go +++ b/gnmi_server/server.go @@ -203,6 +203,7 @@ func authenticate(UserAuth AuthTypes, ctx context.Context) (context.Context, err if !success { return ctx, status.Error(codes.Unauthenticated, "Unauthenticated") } + log.V(5).Infof("authenticate user %v, roles %v", rc.Auth.User, rc.Auth.Roles) return ctx, nil } diff --git a/gnmi_server/server_test.go b/gnmi_server/server_test.go index 4cb65422..49c934df 100644 --- a/gnmi_server/server_test.go +++ b/gnmi_server/server_test.go @@ -16,6 +16,7 @@ import ( "io/ioutil" "os" "os/exec" + "os/user" "reflect" "testing" "time" @@ -42,6 +43,7 @@ import ( gclient "github.com/jipanyang/gnmi/client/gnmi" "github.com/jipanyang/gnxi/utils/xpath" gnoi_system_pb "github.com/openconfig/gnoi/system" + "github.com/agiledragon/gomonkey" ) var clientTypes = []string{gclient.Type} @@ -104,6 +106,25 @@ func createServer(t *testing.T, port int64) *Server { return s } +func createAuthServer(t *testing.T, port int64) *Server { + certificate, err := testcert.NewCert() + if err != nil { + t.Errorf("could not load server key pair: %s", err) + } + tlsCfg := &tls.Config{ + ClientAuth: tls.RequestClientCert, + Certificates: []tls.Certificate{certificate}, + } + + opts := []grpc.ServerOption{grpc.Creds(credentials.NewTLS(tlsCfg))} + cfg := &Config{Port: port, UserAuth: AuthTypes{"password": true, "cert": true, "jwt": true}} + s, err := NewServer(cfg, opts) + if err != nil { + t.Errorf("Failed to create gNMI server: %v", err) + } + return s +} + // runTestGet requests a path from the server by Get grpc call, and compares if // the return code and response value are expected. func runTestGet(t *testing.T, ctx context.Context, gClient pb.GNMIClient, pathTarget string, @@ -2509,8 +2530,57 @@ func TestBulkSet(t *testing.T) { if !ok { t.Fatal("got a non-grpc error from grpc call") } + }) +} + +type loginCreds struct { + Username, Password string +} +func (c *loginCreds) GetRequestMetadata(context.Context, ...string) (map[string]string, error) { + return map[string]string{ + "username": c.Username, + "password": c.Password, + }, nil +} + +func (c *loginCreds) RequireTransportSecurity() bool { + return true +} + +func TestAuthCapabilities(t *testing.T) { + mock1 := gomonkey.ApplyFunc(UserPwAuth, func(username string, passwd string) (bool, error) { + return true, nil }) + defer mock1.Reset() + + s := createAuthServer(t, 8089) + go runServer(t, s) + + currentUser, _ := user.Current() + tlsConfig := &tls.Config{InsecureSkipVerify: true} + cred := &loginCreds{Username: currentUser.Username, Password: "dummy"} + opts := []grpc.DialOption{grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)), grpc.WithPerRPCCredentials(cred)} + + targetAddr := "127.0.0.1:8089" + conn, err := grpc.Dial(targetAddr, opts...) + if err != nil { + t.Fatalf("Dialing to %q failed: %v", targetAddr, err) + } + defer conn.Close() + + gClient := pb.NewGNMIClient(conn) + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + var req pb.CapabilityRequest + resp, err := gClient.Capabilities(ctx, &req) + if err != nil { + t.Fatalf("Failed to get Capabilities: %v", err) + } + if len(resp.SupportedModels) == 0 { + t.Fatalf("No Supported Models found!") + } } diff --git a/go.mod b/go.mod index 7b19d95b..93495f1d 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,7 @@ go 1.12 require ( github.com/Azure/sonic-mgmt-common v0.0.0-00010101000000-000000000000 github.com/Workiva/go-datastructures v1.0.50 + github.com/agiledragon/gomonkey v2.0.2+incompatible github.com/c9s/goprocinfo v0.0.0-20191125144613-4acdd056c72d github.com/dgrijalva/jwt-go v3.2.1-0.20210802184156-9742bd7fca1c+incompatible github.com/go-redis/redis v6.15.6+incompatible