Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat(eos_cli_config_gen): Support "authorization requests" for GNMI transport GRPC #5139

Open
wants to merge 7 commits into
base: devel
Choose a base branch
from
Open

Feat(eos_cli_config_gen): Support "authorization requests" for GNMI transport GRPC #5139

wants to merge 7 commits into from
+58 −11

Conversation

bjmeuer
Copy link
Contributor

@bjmeuer bjmeuer commented Mar 7, 2025

Change Summary

Support "authorization requests" for GNMI transport GRPC. This is used as mitigation of Security Advisory 0111
https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111

Related Issue(s)

Fixes #5126

Component(s) name

arista.avd.eos_cli_config_gen

Proposed changes

add a knob to enable "authorization requests"

How to test

---
management_api_gnmi:
  provider: "eos-native"
  transport:
    grpc:
      - name: arTrue
        notification_timestamp: "send-time"
        ip_access_group: acl1
        authorization_requests: true
      - name: arFalse
        notification_timestamp: "send-time"
        ip_access_group: acl1
        authorization_requests: false

Checklist

User Checklist

  • N/A

Repository Checklist

  • My code has been rebased from devel before I start
  • I have read the CONTRIBUTING document.
  • My change requires a change to the documentation and documentation have been updated accordingly.
  • I have updated molecule CI testing accordingly. (check the box if not applicable)

@bjmeuer bjmeuer self-assigned this Mar 7, 2025
@bjmeuer bjmeuer requested review from a team as code owners March 7, 2025 13:09
@github-actions github-actions bot added role: eos_cli_config_gen issue related to eos_cli_config_gen role state: CI Updated CI scenario have been updated in the PR state: Documentation role Updated labels Mar 7, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 7, 2025

Review docs on Read the Docs

To test this pull request:

# Create virtual environment for this testing below the current directory
python -m venv test-avd-pr-5139
# Activate the virtual environment
source test-avd-pr-5139/bin/activate
# Install all requirements including PyAVD
pip install "pyavd[ansible] @ git+https://github.com/bjmeuer/avd.git@authorization_grpc#subdirectory=python-avd" --force
# Point Ansible collections path to the Python virtual environment
export ANSIBLE_COLLECTIONS_PATH=$VIRTUAL_ENV/ansible_collections
# Install Ansible collection
ansible-galaxy collection install git+https://github.com/bjmeuer/avd.git#/ansible_collections/arista/avd/,authorization_grpc --force
# Optional: Install AVD examples
cd test-avd-pr-5139
ansible-playbook arista.avd.install_examples

@bjmeuer
update to uppercase "False" as default in doc, because if set in the …
32f1290 
…yml as false it also comes as uppercase "False"
@bjmeuer bjmeuer requested a review from emilarista March 7, 2025 16:23
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 7, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ClausHolbechArista ClausHolbechArista ClausHolbechArista left review comments

@laxmikantchintakindi laxmikantchintakindi laxmikantchintakindi approved these changes

@emilarista emilarista Awaiting requested review from emilarista

At least 2 approving reviews are required to merge this pull request.

Assignees

@bjmeuer bjmeuer

Labels
role: eos_cli_config_gen issue related to eos_cli_config_gen role state: CI Updated CI scenario have been updated in the PR state: Documentation role Updated
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feat(eos_cli_config_gen): Support "authorization requests" for GNMI transport GRPC
4 participants
@bjmeuer @ClausHolbechArista @emilarista @laxmikantchintakindi