From 194a5a036544c7e5acac17acb544802d08635333 Mon Sep 17 00:00:00 2001 From: Azmy Ali Date: Mon, 6 May 2024 07:22:10 +0300 Subject: [PATCH] Adding local-users-passwords-reset feature service, YANG model and its tests --- files/build_templates/docker_image_ctl.j2 | 2 -- files/build_templates/init_cfg.json.j2 | 5 ++++ .../build_templates/sonic_debian_extension.j2 | 5 ++++ .../local-users-passwords-reset.py | 21 +++++++++++++++ .../local-users-passwords-reset.service | 14 ++++++++++ src/sonic-yang-models/setup.py | 2 ++ .../tests/files/sample_config_db.json | 5 ++++ .../tests/local-users-passwords-reset.json | 5 ++++ .../local-users-passwords-reset.json | 11 ++++++++ .../sonic-local-users-passwords-reset.yang | 26 +++++++++++++++++++ 10 files changed, 94 insertions(+), 2 deletions(-) create mode 100644 files/image_config/local-users-passwords-reset/local-users-passwords-reset.py create mode 100644 files/image_config/local-users-passwords-reset/local-users-passwords-reset.service create mode 100644 src/sonic-yang-models/tests/yang_model_tests/tests/local-users-passwords-reset.json create mode 100644 src/sonic-yang-models/tests/yang_model_tests/tests_config/local-users-passwords-reset.json create mode 100644 src/sonic-yang-models/yang-models/sonic-local-users-passwords-reset.yang diff --git a/files/build_templates/docker_image_ctl.j2 b/files/build_templates/docker_image_ctl.j2 index 54e9518a1737..546eb24cb629 100644 --- a/files/build_templates/docker_image_ctl.j2 +++ b/files/build_templates/docker_image_ctl.j2 @@ -540,9 +540,7 @@ start() { # TODO: Mellanox will remove the --tmpfs exception after SDK socket path changed in new SDK version {%- endif %} docker create {{docker_image_run_opt}} \ -{%- if '--net' not in docker_image_run_opt %} --net=$NET \ -{%- endif %} -e RUNTIME_OWNER=local \ --uts=host \{# W/A: this should be set per-docker, for those dockers which really need host's UTS namespace #} {%- if install_debug_image == "y" %} diff --git a/files/build_templates/init_cfg.json.j2 b/files/build_templates/init_cfg.json.j2 index b2e1d2348c2a..9cdaa91ffd79 100644 --- a/files/build_templates/init_cfg.json.j2 +++ b/files/build_templates/init_cfg.json.j2 @@ -134,6 +134,11 @@ "special_class": "true" } }, + "LOCAL_USERS_PASSWORDS_RESET": { + "global": { + "state": "disabled" + } + }, "SYSTEM_DEFAULTS" : { {%- if include_mux == "y" %} "mux_tunnel_egress_acl": { diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 43a723824c0f..2f444afdfb68 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -574,6 +574,11 @@ sudo cp $IMAGE_CONFIGS/hostname/hostname-config.service $FILESYSTEM_ROOT_USR_LIB echo "hostname-config.service" | sudo tee -a $GENERATED_SERVICE_FILE sudo cp $IMAGE_CONFIGS/hostname/hostname-config.sh $FILESYSTEM_ROOT/usr/bin/ +# Copy local-users-passwords-reset configuration scripts + sudo cp $IMAGE_CONFIGS/local-users-passwords-reset/local-users-passwords-reset.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM + echo "local-users-passwords-reset.service" | sudo tee -a $GENERATED_SERVICE_FILE + sudo cp $IMAGE_CONFIGS/local-users-passwords-reset/local-users-passwords-reset.py $FILESYSTEM_ROOT/usr/bin/ + # Copy miscellaneous scripts sudo cp $IMAGE_CONFIGS/misc/docker-wait-any $FILESYSTEM_ROOT/usr/bin/ diff --git a/files/image_config/local-users-passwords-reset/local-users-passwords-reset.py b/files/image_config/local-users-passwords-reset/local-users-passwords-reset.py new file mode 100644 index 000000000000..ccb260721f19 --- /dev/null +++ b/files/image_config/local-users-passwords-reset/local-users-passwords-reset.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python + +import os +import syslog + + +SYSLOG_IDENTIFIER = os.path.basename(__file__) + + +def log_info(msg): + syslog.openlog(SYSLOG_IDENTIFIER) + syslog.syslog(syslog.LOG_INFO, msg) + syslog.closelog() + + +def main(): + log_info("Azmy wrote this") + + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/files/image_config/local-users-passwords-reset/local-users-passwords-reset.service b/files/image_config/local-users-passwords-reset/local-users-passwords-reset.service new file mode 100644 index 000000000000..849b87cdd002 --- /dev/null +++ b/files/image_config/local-users-passwords-reset/local-users-passwords-reset.service @@ -0,0 +1,14 @@ +[Unit] +Description=Update Local users' passwords config based on configdb +Requires=config-setup.service +After=config-setup.service +Before=systemd-logind.service sshd.service getty.target serial-getty@ttyS0.service + + +[Service] +Type=oneshot +RemainAfterExit=no +ExecStart=/usr/bin/local-users-passwords-reset.py + +[Install] +WantedBy=sonic.target \ No newline at end of file diff --git a/src/sonic-yang-models/setup.py b/src/sonic-yang-models/setup.py index e20c10da05db..88894c738a4a 100644 --- a/src/sonic-yang-models/setup.py +++ b/src/sonic-yang-models/setup.py @@ -79,6 +79,7 @@ def run(self): data_files=[ ('yang-models', ['./yang-models/sonic-acl.yang', './yang-models/sonic-auto_techsupport.yang', + './yang-models/sonic-local-users-passwords-reset', './yang-models/sonic-bgp-common.yang', './yang-models/sonic-bgp-device-global.yang', './yang-models/sonic-bgp-global.yang', @@ -192,6 +193,7 @@ def run(self): './yang-models/sonic-macsec.yang', './yang-models/sonic-bgp-sentinel.yang']), ('cvlyang-models', ['./cvlyang-models/sonic-acl.yang', + './cvlyang-models/sonic-local-users-passwords-reset', './cvlyang-models/sonic-bgp-common.yang', './cvlyang-models/sonic-bgp-global.yang', './cvlyang-models/sonic-bgp-monitor.yang', diff --git a/src/sonic-yang-models/tests/files/sample_config_db.json b/src/sonic-yang-models/tests/files/sample_config_db.json index 1e01dcbdba66..2375b1837f65 100644 --- a/src/sonic-yang-models/tests/files/sample_config_db.json +++ b/src/sonic-yang-models/tests/files/sample_config_db.json @@ -2487,6 +2487,11 @@ } } }, + "LOCAL_USERS_PASSWORDS_RESET": { + "global": { + "state": "disabled" + } + }, "SAMPLE_CONFIG_DB_UNKNOWN": { "UNKNOWN_TABLE": { "Error": "This Table is for testing, This Table does not have YANG models." diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/local-users-passwords-reset.json b/src/sonic-yang-models/tests/yang_model_tests/tests/local-users-passwords-reset.json new file mode 100644 index 000000000000..af4ff540b06c --- /dev/null +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/local-users-passwords-reset.json @@ -0,0 +1,5 @@ +{ + "LOCAL_USERS_PASSWORDS_RESET_TEST_STATE": { + "desc": "Configure Local users' passwords reset feature state." + } +} \ No newline at end of file diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/local-users-passwords-reset.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/local-users-passwords-reset.json new file mode 100644 index 000000000000..f48199da3caa --- /dev/null +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/local-users-passwords-reset.json @@ -0,0 +1,11 @@ +{ + "LOCAL_USERS_PASSWORDS_RESET_TEST_STATE": { + "sonic-local-users-passwords-reset:sonic-local-users-passwords-reset": { + "sonic-local-users-passwords-reset:LOCAL_USERS_PASSWORDS_RESET": { + "global": { + "state": "enabled" + } + } + } + } +} \ No newline at end of file diff --git a/src/sonic-yang-models/yang-models/sonic-local-users-passwords-reset.yang b/src/sonic-yang-models/yang-models/sonic-local-users-passwords-reset.yang new file mode 100644 index 000000000000..594c719a1e22 --- /dev/null +++ b/src/sonic-yang-models/yang-models/sonic-local-users-passwords-reset.yang @@ -0,0 +1,26 @@ +module local-users-passwords-reset { + yang-version 1.1; + namespace "http://github.com/sonic-net/local-users-passwords-reset"; + + import sonic-types { + prefix stypes; + } + + description "LONG_RESET_BUTTON YANG Module for SONiC-based OS"; + revision 2024-01-04 { + description "First Revision"; + } + + container sonic-local-users-passwords-reset { + container LOCAL_USERS_PASSWORDS_RESET { + description "LOCAL_USERS_PASSWORDS_RESET part of config_db.json"; + container global { + leaf state { + type stypes:admin_mode; + description "Local users' passwords reset feature state"; + default disabled; + } + } /* end of container global */ + } /* end of container LOCAL_USERS_PASSWORDS_RESET */ + } /* end of top level container */ +} \ No newline at end of file