Adding local-users-passwords-reset feature service, YANG model and it…

…s tests
sonic-net · May 6, 2024 · 194a5a0 · 194a5a0
1 parent af82081
commit 194a5a0
Show file tree

Hide file tree

Showing 10 changed files with 94 additions and 2 deletions.
diff --git a/files/build_templates/docker_image_ctl.j2 b/files/build_templates/docker_image_ctl.j2
@@ -540,9 +540,7 @@ start() {
     # TODO: Mellanox will remove the --tmpfs exception after SDK socket path changed in new SDK version
 {%- endif %}
     docker create {{docker_image_run_opt}} \
-{%- if '--net' not in docker_image_run_opt %}
         --net=$NET \
-{%- endif %}
         -e RUNTIME_OWNER=local \
         --uts=host \{# W/A: this should be set per-docker, for those dockers which really need host's UTS namespace #}
 {%- if install_debug_image == "y" %}

diff --git a/files/build_templates/init_cfg.json.j2 b/files/build_templates/init_cfg.json.j2
@@ -134,6 +134,11 @@
             "special_class": "true"
         }
     },
+    "LOCAL_USERS_PASSWORDS_RESET": {
+        "global": {
+            "state": "disabled"
+        }
+    },
     "SYSTEM_DEFAULTS" : {
 {%- if include_mux == "y" %}
         "mux_tunnel_egress_acl": {

diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2
@@ -574,6 +574,11 @@ sudo cp $IMAGE_CONFIGS/hostname/hostname-config.service $FILESYSTEM_ROOT_USR_LIB
 echo "hostname-config.service" | sudo tee -a $GENERATED_SERVICE_FILE
 sudo cp $IMAGE_CONFIGS/hostname/hostname-config.sh $FILESYSTEM_ROOT/usr/bin/
 
+# Copy local-users-passwords-reset configuration scripts
+ sudo cp $IMAGE_CONFIGS/local-users-passwords-reset/local-users-passwords-reset.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
+ echo "local-users-passwords-reset.service" | sudo tee -a $GENERATED_SERVICE_FILE
+ sudo cp $IMAGE_CONFIGS/local-users-passwords-reset/local-users-passwords-reset.py $FILESYSTEM_ROOT/usr/bin/
+
 # Copy miscellaneous scripts
 sudo cp $IMAGE_CONFIGS/misc/docker-wait-any $FILESYSTEM_ROOT/usr/bin/
 

diff --git a/files/image_config/local-users-passwords-reset/local-users-passwords-reset.py b/files/image_config/local-users-passwords-reset/local-users-passwords-reset.py
@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+
+import os
+import syslog
+
+
+SYSLOG_IDENTIFIER = os.path.basename(__file__)
+
+
+def log_info(msg):
+    syslog.openlog(SYSLOG_IDENTIFIER)
+    syslog.syslog(syslog.LOG_INFO, msg)
+    syslog.closelog()
+
+
+def main():
+    log_info("Azmy wrote this")
+
+
+if __name__ == "__main__":
+    main()
diff --git a/files/image_config/local-users-passwords-reset/local-users-passwords-reset.service b/files/image_config/local-users-passwords-reset/local-users-passwords-reset.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Update Local users' passwords config based on configdb
+Requires=config-setup.service
+After=config-setup.service
+Before=systemd-logind.service sshd.service getty.target [email protected]
+
+
+[Service]
+Type=oneshot
+RemainAfterExit=no
+ExecStart=/usr/bin/local-users-passwords-reset.py
+
+[Install]
+WantedBy=sonic.target
diff --git a/src/sonic-yang-models/setup.py b/src/sonic-yang-models/setup.py
@@ -79,6 +79,7 @@ def run(self):
     data_files=[
         ('yang-models', ['./yang-models/sonic-acl.yang',
                          './yang-models/sonic-auto_techsupport.yang',
+                         './yang-models/sonic-local-users-passwords-reset',
                          './yang-models/sonic-bgp-common.yang',
                          './yang-models/sonic-bgp-device-global.yang',
                          './yang-models/sonic-bgp-global.yang',
@@ -192,6 +193,7 @@ def run(self):
                          './yang-models/sonic-macsec.yang',
                          './yang-models/sonic-bgp-sentinel.yang']),
         ('cvlyang-models', ['./cvlyang-models/sonic-acl.yang',
+                         './cvlyang-models/sonic-local-users-passwords-reset',
                          './cvlyang-models/sonic-bgp-common.yang',
                          './cvlyang-models/sonic-bgp-global.yang',
                          './cvlyang-models/sonic-bgp-monitor.yang',

diff --git a/src/sonic-yang-models/tests/files/sample_config_db.json b/src/sonic-yang-models/tests/files/sample_config_db.json
@@ -2487,6 +2487,11 @@
             }
         }
     },
+    "LOCAL_USERS_PASSWORDS_RESET": {
+        "global": {
+            "state": "disabled"
+        }
+    },
     "SAMPLE_CONFIG_DB_UNKNOWN": {
         "UNKNOWN_TABLE": {
             "Error": "This Table is for testing, This Table does not have YANG models."

diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/local-users-passwords-reset.json b/src/sonic-yang-models/tests/yang_model_tests/tests/local-users-passwords-reset.json
@@ -0,0 +1,5 @@
+{
+    "LOCAL_USERS_PASSWORDS_RESET_TEST_STATE": {
+        "desc": "Configure Local users' passwords reset feature state."
+    }
+}
diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/local-users-passwords-reset.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/local-users-passwords-reset.json
@@ -0,0 +1,11 @@
+{
+    "LOCAL_USERS_PASSWORDS_RESET_TEST_STATE": {
+        "sonic-local-users-passwords-reset:sonic-local-users-passwords-reset": {
+            "sonic-local-users-passwords-reset:LOCAL_USERS_PASSWORDS_RESET": {
+                "global": {
+                    "state": "enabled"
+                }
+            }
+        }
+    }
+}
diff --git a/src/sonic-yang-models/yang-models/sonic-local-users-passwords-reset.yang b/src/sonic-yang-models/yang-models/sonic-local-users-passwords-reset.yang
@@ -0,0 +1,26 @@
+module local-users-passwords-reset {
+    yang-version 1.1;
+    namespace "http://github.com/sonic-net/local-users-passwords-reset";
+
+    import sonic-types {
+        prefix stypes;
+    }
+
+    description "LONG_RESET_BUTTON YANG Module for SONiC-based OS";
+    revision 2024-01-04 {
+        description "First Revision";
+    }
+
+    container sonic-local-users-passwords-reset {
+        container LOCAL_USERS_PASSWORDS_RESET {
+            description "LOCAL_USERS_PASSWORDS_RESET part of config_db.json";
+            container global {
+                leaf state {
+                    type stypes:admin_mode;
+                    description "Local users' passwords reset feature state";
+                    default disabled;
+                }
+            } /* end of container global */
+        } /* end of container LOCAL_USERS_PASSWORDS_RESET */
+    } /* end of top level container */
+}