Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Misc YANG fixes #112

Merged
merged 10 commits into from
Aug 22, 2023
Merged

Misc YANG fixes #112

merged 10 commits into from
Aug 22, 2023

Conversation

troglobit
Copy link
Contributor

  • Fix lost deviation and timezone enumerations
  • Merge internal YANG revisions inside release cycle
  • Drop old versions of native YANG models
  • Lock down and restrict user shells
  • Limit if:type to supported native types only

@troglobit troglobit added the enhancement New feature or request label Aug 21, 2023
@troglobit troglobit added this to the Infix v23.08 milestone Aug 21, 2023
@troglobit troglobit requested a review from wkz August 21, 2023 17:36
@troglobit
Copy link
Contributor Author

Rebased against main and force-pushed to get and update the routing_basic.py test case, which was failing in previous runs.

wkz
wkz requested changes Aug 22, 2023
View reviewed changes
Copy link
Contributor

@wkz wkz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed: Drop must expr on iftype, instead set base type to infix-iftype.

Otherwise brilliant as always

@troglobit
Fix #95: lock down and restrict /system/authentication/user/shell
7bcff8f 
This patch restricts the possible user shells to a subset of the list in
/etc/shells, which is generated by Buildroot.  The default is 'false' to
prevent accidental shell access for non-admin role users.

The default shell for the admin user is now /bin/clish, which can be
further locked down before Infix v24.02 LTS.

In case of internal error the default fallback shell is now set to the
customizable LOGIN_SHELL, which currently is /bin/bash.

Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit
confd: set fallback shell to /bin/false
cbd7843 
This further locks down confd to fall back to /bin/false as login shell
in case of internal errors.

Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit
board/netconf: fix regex that adds /bin/clish to /etc/shells
4979183 
Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit
confd: in case of error from aug_save(), log error strings
f77b052 
Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit
confd: add deviation for if:type limiting it to supported types
1a693b8 
This patch adds a new infix-interface-type, derived from the IANA base
type, allowing us to limit the list of supported native interface types.

Basing on IANA interface type ensure compatibility with other models,
e.g., standard/ieee/published/802.3/ieee802-ethernet-interface.yang,
which attaches itself to all interfaces of type ianaift:ethernetCsmacd.

Tested with yanglint and in Infix using ieee802-ethernet-interface.yang,
the 'ethernet' container was properly attached to interfaces of type
infixift:ethernet.

Tab completion in the CLI now lists only the supported types.

Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit
confd: minor janitoring, yang linting
cb4cc99 
The commit adds a missing description and reorders some yang statements
to meet canonical ordering according to RFC7950, section 14.

It also relocates the /interfaces/interfaces/infix-if:port augment to
its own base model that the bridge (and later lag) models reference.
Solving the bisarre ordering issues we've seen previously.

Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit
test: update cases to use new infix-if-types
0d7dabc 
Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit
Copy link
Contributor Author

Dropped the first commit, introducing the must expression, then adjusted the last if:type limiting commit, dropping the extension to the same must expression.

@wkz wkz merged commit fcb629f into main Aug 22, 2023
2 checks passed
@wkz wkz deleted the yang-fixes branch August 22, 2023 11:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wkz wkz wkz requested changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
Infix v23.08
Development

Successfully merging this pull request may close these issues.
2 participants
@troglobit @wkz