From 230407607addaf986a0309e6398b91459d6df38c Mon Sep 17 00:00:00 2001 From: Azmy Ali Date: Mon, 6 May 2024 07:22:10 +0300 Subject: [PATCH] Adding local-users-passwords-reset feature service, YANG model and its tests --- files/build_templates/init_cfg.json.j2 | 5 + .../build_templates/sonic_debian_extension.j2 | 9 ++ .../local-users-passwords-reset.py | 63 ++++++++ .../local-users-passwords-reset.service | 14 ++ .../local_users_passwords_reset.py | 83 ++++++++++ .../tests/test_local_users_passwords_reset.py | 69 ++++++++ rules/config | 3 + slave.mk | 151 +++++++++--------- src/sonic-yang-models/setup.py | 2 + .../tests/files/sample_config_db.json | 10 ++ .../tests/local-users-passwords-reset.json | 5 + .../local-users-passwords-reset.json | 11 ++ .../sonic-local-users-passwords-reset.yang | 27 ++++ 13 files changed, 377 insertions(+), 75 deletions(-) create mode 100644 files/image_config/local-users-passwords-reset/local-users-passwords-reset.py create mode 100644 files/image_config/local-users-passwords-reset/local-users-passwords-reset.service create mode 100644 platform/mellanox/mlnx-platform-api/sonic_platform/local_users_passwords_reset.py create mode 100644 platform/mellanox/mlnx-platform-api/tests/test_local_users_passwords_reset.py create mode 100644 src/sonic-yang-models/tests/yang_model_tests/tests/local-users-passwords-reset.json create mode 100644 src/sonic-yang-models/tests/yang_model_tests/tests_config/local-users-passwords-reset.json create mode 100644 src/sonic-yang-models/yang-models/sonic-local-users-passwords-reset.yang diff --git a/files/build_templates/init_cfg.json.j2 b/files/build_templates/init_cfg.json.j2 index ae382263bb18..27fa0de25275 100644 --- a/files/build_templates/init_cfg.json.j2 +++ b/files/build_templates/init_cfg.json.j2 @@ -152,6 +152,11 @@ "logout": "" } }, + "LOCAL_USERS_PASSWORDS_RESET": { + "global": { + "state": "disabled" + } + }, "SYSTEM_DEFAULTS" : { {%- if include_mux == "y" %} "mux_tunnel_egress_acl": { diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 2889b2469960..d4ce3707d2d7 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -620,6 +620,15 @@ sudo cp $IMAGE_CONFIGS/hostname/hostname-config.service $FILESYSTEM_ROOT_USR_LIB echo "hostname-config.service" | sudo tee -a $GENERATED_SERVICE_FILE sudo cp $IMAGE_CONFIGS/hostname/hostname-config.sh $FILESYSTEM_ROOT/usr/bin/ +{% if enable_local_users_passwords_reset == "y" %} +# Copy local-users-passwords-reset configuration scripts +sudo cp $IMAGE_CONFIGS/local-users-passwords-reset/local-users-passwords-reset.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM +echo "local-users-passwords-reset.service" | sudo tee -a $GENERATED_SERVICE_FILE +sudo cp $IMAGE_CONFIGS/local-users-passwords-reset/local-users-passwords-reset.py $FILESYSTEM_ROOT/usr/bin/ +# Set execute permissions only +sudo chmod 100 $FILESYSTEM_ROOT/usr/bin/local-users-passwords-reset.py +{% endif %} + # Copy banner configuration scripts sudo cp $IMAGE_CONFIGS/bannerconfig/banner-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM echo "banner-config.service" | sudo tee -a $GENERATED_SERVICE_FILE diff --git a/files/image_config/local-users-passwords-reset/local-users-passwords-reset.py b/files/image_config/local-users-passwords-reset/local-users-passwords-reset.py new file mode 100644 index 000000000000..bf6627561c94 --- /dev/null +++ b/files/image_config/local-users-passwords-reset/local-users-passwords-reset.py @@ -0,0 +1,63 @@ +#!/usr/bin/env python + +import os +import syslog +from swsscommon.swsscommon import ConfigDBConnector, DBConnector +from swsscommon import swsscommon + + +STATE_DB = "STATE_DB" + + +def get_platform_local_users_passwords_reset(): + try: + from sonic_platform.local_users_passwords_reset import LocalUsersConfigurationReset + local_users_password_reset_class = LocalUsersConfigurationReset() + except ImportError: + syslog.syslog(syslog.LOG_WARNING, "LocalUsersConfigurationReset: sonic_platform package not installed. Unable to find platform local users passwords reset implementation") + raise Exception('Local users passwords reset implementation is not defined') + + return local_users_password_reset_class + + +class LocalUsersConfigurationResetService: + def __init__(self): + state_db_conn = DBConnector(STATE_DB, 0) + # Wait if the Warm/Fast boot is in progress + if swsscommon.RestartWaiter.isAdvancedBootInProgress(state_db_conn): + swsscommon.RestartWaiter.waitAdvancedBootDone() + + self.config_db = ConfigDBConnector() + self.config_db.connect(wait_for_init=True, retry_on=True) + syslog.syslog(syslog.LOG_INFO, 'ConfigDB connect success') + + def get_feature_state(self): + ''' + Check if the feature is enabled by reading the redis table + ''' + table = self.config_db.get_table(swsscommon.CFG_LOCAL_USERS_PASSWORDS_RESET) + if table: + state = table.get('global', {}).get('state') + return True if state == 'enabled' else False + + return False + + def start(self): + ''' + If the feature is enabled then reset the password's using the platform + specific implementation + ''' + local_users_password_reset = get_platform_local_users_passwords_reset() + feature_enabled = self.get_feature_state() + syslog.syslog(syslog.LOG_INFO, 'Feature is {}'.format('enabled' if feature_enabled else 'disabled')) + should_trigger = local_users_password_reset.should_trigger() + if should_trigger and feature_enabled: + local_users_password_reset.start() + + +def main(): + LocalUsersConfigurationResetService().start() + + +if __name__ == "__main__": + main() diff --git a/files/image_config/local-users-passwords-reset/local-users-passwords-reset.service b/files/image_config/local-users-passwords-reset/local-users-passwords-reset.service new file mode 100644 index 000000000000..849b87cdd002 --- /dev/null +++ b/files/image_config/local-users-passwords-reset/local-users-passwords-reset.service @@ -0,0 +1,14 @@ +[Unit] +Description=Update Local users' passwords config based on configdb +Requires=config-setup.service +After=config-setup.service +Before=systemd-logind.service sshd.service getty.target serial-getty@ttyS0.service + + +[Service] +Type=oneshot +RemainAfterExit=no +ExecStart=/usr/bin/local-users-passwords-reset.py + +[Install] +WantedBy=sonic.target \ No newline at end of file diff --git a/platform/mellanox/mlnx-platform-api/sonic_platform/local_users_passwords_reset.py b/platform/mellanox/mlnx-platform-api/sonic_platform/local_users_passwords_reset.py new file mode 100644 index 000000000000..e56e8e4fd67f --- /dev/null +++ b/platform/mellanox/mlnx-platform-api/sonic_platform/local_users_passwords_reset.py @@ -0,0 +1,83 @@ +# +# Copyright (c) 2019-2024 NVIDIA CORPORATION & AFFILIATES. +# Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +############################################################################# +# Mellanox +# +# Module contains an implementation of SONiC Platform Base API and +# provides the local users' passwords reset functionality implementation. +# +############################################################################# + +try: + import json + import subprocess + + from sonic_platform_base.local_users_passwords_reset_base import LocalUsersConfigurationResetBase + from sonic_py_common.logger import Logger + from . import utils +except ImportError as e: + raise ImportError (str(e) + "- required module not found") + + +# Global logger class instance +logger = Logger() + + +LONG_REBOOT_PRESS_FILEPATH = '/var/run/hw-management/system/reset_long_pb' +DEFAULT_USERS_FILEPATH = '/etc/sonic/default_users.json' + + +class LocalUsersConfigurationReset(LocalUsersConfigurationResetBase): + def should_trigger(self): + ''' + The condition for triggering passwords reset is by checking if the + reboot cause was a long reboot press. + ''' + try: + status = utils.read_int_from_file(LONG_REBOOT_PRESS_FILEPATH, raise_exception=True) + return True if status == 1 else False + except (ValueError, IOError) as e: + logger.log_error(f"Failed to read long reboot press from {LONG_REBOOT_PRESS_FILEPATH} - {e}") + return False + + @staticmethod + def reset_password(user, hashed_password, expire=False): + ''' + This method is used to reset the user's password and expire it (optional) + ''' + # Use 'chpasswd' shell command to change password + subprocess.call([f"echo '{user}:{hashed_password}' | sudo chpasswd -e"], shell=True) + if expire: + # Use 'passwd' shell command to expire password + subprocess.call(['sudo', 'passwd', '-e', f'{user}']) + + def start(self): + ''' + The functionality defined is to restore original password and expire it for default local users. + It is done by + ''' + default_users = {} + + # Fetch local users information from default_users + with open(DEFAULT_USERS_FILEPATH) as f: + default_users = json.load(f) + + logger.log_info('Restoring default users\' passwords and expiring them') + for user in default_users.keys(): + hashed_password = default_users.get(user, {}).get('password') + if hashed_password: + self.reset_password(user, hashed_password, expire=True) diff --git a/platform/mellanox/mlnx-platform-api/tests/test_local_users_passwords_reset.py b/platform/mellanox/mlnx-platform-api/tests/test_local_users_passwords_reset.py new file mode 100644 index 000000000000..a480a4d74f99 --- /dev/null +++ b/platform/mellanox/mlnx-platform-api/tests/test_local_users_passwords_reset.py @@ -0,0 +1,69 @@ +# +# Copyright (c) 2020-2024 NVIDIA CORPORATION & AFFILIATES. +# Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import os +import pytest +import subprocess +import sys +from mock import patch, mock_open + +test_path = os.path.dirname(os.path.abspath(__file__)) +modules_path = os.path.dirname(test_path) +sys.path.insert(0, modules_path) + +from sonic_platform import utils +from sonic_platform.local_users_passwords_reset import LocalUsersConfigurationReset + + +DEFAULT_USERS_JSON_EXAMPLE_OUTPUT = ''' +{ + "admin": { + "expire": "false", + "password": "HASHED_PASSWORD_123" + } +} +''' + + +class TestLocalUsersConfigurationReset: + @patch('sonic_platform.utils.read_int_from_file') + def test_should_trigger_method(self, mock_read_int): + ''' + Validate should_trigger() method + ''' + local_users_reset_class = LocalUsersConfigurationReset() + + mock_read_int.return_value = int(1) + assert local_users_reset_class.should_trigger() == True + mock_read_int.return_value = int(0) + assert local_users_reset_class.should_trigger() == False + mock_read_int.return_value = int(2) + assert local_users_reset_class.should_trigger() == False + mock_read_int.side_effect = ValueError() + assert local_users_reset_class.should_trigger() == False + + @patch('subprocess.call') + @patch('sonic_platform.utils.read_int_from_file') + @patch("builtins.open", new_callable=mock_open, read_data=DEFAULT_USERS_JSON_EXAMPLE_OUTPUT) + def test_basic_flow_resetting_users_triggered(self, mock_open, mock_read_int, mock_subproc_call): + ''' + Test the basic flow of resetting local users when long button press is detected + ''' + # Mock long reset button press + mock_read_int.return_value = int(1) + LocalUsersConfigurationReset().start() + mock_subproc_call.assert_any_call(["echo 'admin:HASHED_PASSWORD_123' | sudo chpasswd -e"]) + mock_subproc_call.assert_any_call(['sudo', 'passwd', '-e', 'admin']) diff --git a/rules/config b/rules/config index 2996d0f46f35..4854f5065cc4 100644 --- a/rules/config +++ b/rules/config @@ -51,6 +51,9 @@ DEFAULT_PASSWORD = YourPaSsWoRd # ENABLE_ZTP - installs Zero Touch Provisioning support. # ENABLE_ZTP = y +# ENABLE_LOCAL_USERS_PASSWORDS_RESET - enable local users' passwords reset during init on switch +ENABLE_LOCAL_USERS_PASSWORDS_RESET ?= n + # INCLUDE_PDE - Enable platform development enviroment # INCLUDE_PDE = y # SHUTDOWN_BGP_ON_START - if set to y all bgp sessions will be in admin down state when diff --git a/slave.mk b/slave.mk index c6c0e32e6569..70fea1a451bd 100644 --- a/slave.mk +++ b/slave.mk @@ -387,85 +387,85 @@ ifndef SONIC_BUILD_QUIETER $(info SONiC Build System) $(info ) $(info Build Configuration) -$(info "CONFIGURED_PLATFORM" : "$(if $(PLATFORM),$(PLATFORM),$(CONFIGURED_PLATFORM))") -$(info "CONFIGURED_ARCH" : "$(if $(PLATFORM_ARCH),$(PLATFORM_ARCH),$(CONFIGURED_ARCH))") -$(info "SONIC_CONFIG_PRINT_DEPENDENCIES" : "$(SONIC_CONFIG_PRINT_DEPENDENCIES)") -$(info "SONIC_BUILD_JOBS" : "$(SONIC_BUILD_JOBS)") -$(info "SONIC_CONFIG_MAKE_JOBS" : "$(SONIC_CONFIG_MAKE_JOBS)") -$(info "USE_NATIVE_DOCKERD_FOR_BUILD" : "$(SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD)") -$(info "SONIC_USE_DOCKER_BUILDKIT" : "$(SONIC_USE_DOCKER_BUILDKIT)") -$(info "USERNAME" : "$(USERNAME)") -$(info "PASSWORD" : "$(PASSWORD)") -$(info "CHANGE_DEFAULT_PASSWORD" : "$(CHANGE_DEFAULT_PASSWORD)") -$(info "SECURE_UPGRADE_MODE" : "$(SECURE_UPGRADE_MODE)") -$(info "SECURE_UPGRADE_DEV_SIGNING_KEY" : "$(SECURE_UPGRADE_DEV_SIGNING_KEY)") -$(info "SECURE_UPGRADE_SIGNING_CERT" : "$(SECURE_UPGRADE_SIGNING_CERT)") -$(info "SECURE_UPGRADE_PROD_SIGNING_TOOL": "$(SECURE_UPGRADE_PROD_SIGNING_TOOL)") -$(info "SECURE_UPGRADE_PROD_TOOL_ARGS" : "$(SECURE_UPGRADE_PROD_TOOL_ARGS)") -$(info "ONIE_IMAGE_PART_SIZE" : "$(ONIE_IMAGE_PART_SIZE)") -$(info "SHUTDOWN_BGP_ON_START" : "$(SHUTDOWN_BGP_ON_START)") -$(info "ENABLE_PFCWD_ON_START" : "$(ENABLE_PFCWD_ON_START)") -$(info "SONIC_BUFFER_MODEL" : "$(SONIC_BUFFER_MODEL)") -$(info "INSTALL_DEBUG_TOOLS" : "$(INSTALL_DEBUG_TOOLS)") -$(info "ROUTING_STACK" : "$(SONIC_ROUTING_STACK)") +$(info "CONFIGURED_PLATFORM" : "$(if $(PLATFORM),$(PLATFORM),$(CONFIGURED_PLATFORM))") +$(info "CONFIGURED_ARCH" : "$(if $(PLATFORM_ARCH),$(PLATFORM_ARCH),$(CONFIGURED_ARCH))") +$(info "SONIC_CONFIG_PRINT_DEPENDENCIES" : "$(SONIC_CONFIG_PRINT_DEPENDENCIES)") +$(info "SONIC_BUILD_JOBS" : "$(SONIC_BUILD_JOBS)") +$(info "SONIC_CONFIG_MAKE_JOBS" : "$(SONIC_CONFIG_MAKE_JOBS)") +$(info "USE_NATIVE_DOCKERD_FOR_BUILD" : "$(SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD)") +$(info "SONIC_USE_DOCKER_BUILDKIT" : "$(SONIC_USE_DOCKER_BUILDKIT)") +$(info "USERNAME" : "$(USERNAME)") +$(info "PASSWORD" : "$(PASSWORD)") +$(info "CHANGE_DEFAULT_PASSWORD" : "$(CHANGE_DEFAULT_PASSWORD)") +$(info "SECURE_UPGRADE_MODE" : "$(SECURE_UPGRADE_MODE)") +$(info "SECURE_UPGRADE_DEV_SIGNING_KEY" : "$(SECURE_UPGRADE_DEV_SIGNING_KEY)") +$(info "SECURE_UPGRADE_SIGNING_CERT" : "$(SECURE_UPGRADE_SIGNING_CERT)") +$(info "SECURE_UPGRADE_PROD_SIGNING_TOOL" : "$(SECURE_UPGRADE_PROD_SIGNING_TOOL)") +$(info "SECURE_UPGRADE_PROD_TOOL_ARGS" : "$(SECURE_UPGRADE_PROD_TOOL_ARGS)") +$(info "ONIE_IMAGE_PART_SIZE" : "$(ONIE_IMAGE_PART_SIZE)") +$(info "SHUTDOWN_BGP_ON_START" : "$(SHUTDOWN_BGP_ON_START)") +$(info "ENABLE_PFCWD_ON_START" : "$(ENABLE_PFCWD_ON_START)") +$(info "SONIC_BUFFER_MODEL" : "$(SONIC_BUFFER_MODEL)") +$(info "INSTALL_DEBUG_TOOLS" : "$(INSTALL_DEBUG_TOOLS)") +$(info "ROUTING_STACK" : "$(SONIC_ROUTING_STACK)") ifeq ($(SONIC_ROUTING_STACK),frr) -$(info "FRR_USER_UID" : "$(FRR_USER_UID)") -$(info "FRR_USER_GID" : "$(FRR_USER_GID)") +$(info "FRR_USER_UID" : "$(FRR_USER_UID)") +$(info "FRR_USER_GID" : "$(FRR_USER_GID)") endif -$(info "ENABLE_SYNCD_RPC" : "$(ENABLE_SYNCD_RPC)") -$(info "SAITHRIFT_V2" : "$(SAITHRIFT_V2)") -$(info "ENABLE_ORGANIZATION_EXTENSIONS" : "$(ENABLE_ORGANIZATION_EXTENSIONS)") -$(info "HTTP_PROXY" : "$(HTTP_PROXY)") -$(info "HTTPS_PROXY" : "$(HTTPS_PROXY)") -$(info "NO_PROXY" : "$(NO_PROXY)") -$(info "ENABLE_ZTP" : "$(ENABLE_ZTP)") -$(info "INCLUDE_PDE" : "$(INCLUDE_PDE)") -$(info "SONIC_DEBUGGING_ON" : "$(SONIC_DEBUGGING_ON)") -$(info "SONIC_PROFILING_ON" : "$(SONIC_PROFILING_ON)") -$(info "KERNEL_PROCURE_METHOD" : "$(KERNEL_PROCURE_METHOD)") -$(info "BUILD_TIMESTAMP" : "$(BUILD_TIMESTAMP)") -$(info "BUILD_LOG_TIMESTAMP" : "$(BUILD_LOG_TIMESTAMP)") -$(info "SONIC_IMAGE_VERSION" : "$(SONIC_IMAGE_VERSION)") -$(info "BLDENV" : "$(BLDENV)") -$(info "VS_PREPARE_MEM" : "$(VS_PREPARE_MEM)") -$(info "INCLUDE_MGMT_FRAMEWORK" : "$(INCLUDE_MGMT_FRAMEWORK)") -$(info "INCLUDE_ICCPD" : "$(INCLUDE_ICCPD)") -$(info "INCLUDE_SYSTEM_TELEMETRY" : "$(INCLUDE_SYSTEM_TELEMETRY)") -$(info "INCLUDE_SYSTEM_GNMI" : "$(INCLUDE_SYSTEM_GNMI)") -$(info "INCLUDE_SYSTEM_EVENTD" : "$(INCLUDE_SYSTEM_EVENTD)") -$(info "ENABLE_HOST_SERVICE_ON_START" : "$(ENABLE_HOST_SERVICE_ON_START)") -$(info "INCLUDE_RESTAPI" : "$(INCLUDE_RESTAPI)") -$(info "INCLUDE_SFLOW" : "$(INCLUDE_SFLOW)") -$(info "INCLUDE_NAT" : "$(INCLUDE_NAT)") -$(info "INCLUDE_DHCP_RELAY" : "$(INCLUDE_DHCP_RELAY)") -$(info "INCLUDE_DHCP_SERVER" : "$(INCLUDE_DHCP_SERVER)") -$(info "INCLUDE_P4RT" : "$(INCLUDE_P4RT)") -$(info "INCLUDE_KUBERNETES" : "$(INCLUDE_KUBERNETES)") -$(info "INCLUDE_KUBERNETES_MASTER" : "$(INCLUDE_KUBERNETES_MASTER)") -$(info "INCLUDE_MACSEC" : "$(INCLUDE_MACSEC)") -$(info "INCLUDE_MUX" : "$(INCLUDE_MUX)") -$(info "INCLUDE_TEAMD" : "$(INCLUDE_TEAMD)") -$(info "INCLUDE_ROUTER_ADVERTISER" : "$(INCLUDE_ROUTER_ADVERTISER)") -$(info "INCLUDE_BOOTCHART : "$(INCLUDE_BOOTCHART)") -$(info "ENABLE_BOOTCHART : "$(ENABLE_BOOTCHART)") -$(info "INCLUDE_FIPS" : "$(INCLUDE_FIPS)") -$(info "ENABLE_TRANSLIB_WRITE" : "$(ENABLE_TRANSLIB_WRITE)") -$(info "ENABLE_NATIVE_WRITE" : "$(ENABLE_NATIVE_WRITE)") -$(info "ENABLE_DIALOUT" : "$(ENABLE_DIALOUT)") -$(info "ENABLE_AUTO_TECH_SUPPORT" : "$(ENABLE_AUTO_TECH_SUPPORT)") -$(info "PDDF_SUPPORT" : "$(PDDF_SUPPORT)") -$(info "MULTIARCH_QEMU_ENVIRON" : "$(MULTIARCH_QEMU_ENVIRON)") -$(info "SONIC_VERSION_CONTROL_COMPONENTS": "$(SONIC_VERSION_CONTROL_COMPONENTS)") -$(info "ENABLE_ASAN" : "$(ENABLE_ASAN)") -$(info "DEFAULT_CONTAINER_REGISTRY" : "$(SONIC_DEFAULT_CONTAINER_REGISTRY)") +$(info "ENABLE_SYNCD_RPC" : "$(ENABLE_SYNCD_RPC)") +$(info "SAITHRIFT_V2" : "$(SAITHRIFT_V2)") +$(info "ENABLE_ORGANIZATION_EXTENSIONS" : "$(ENABLE_ORGANIZATION_EXTENSIONS)") +$(info "HTTP_PROXY" : "$(HTTP_PROXY)") +$(info "HTTPS_PROXY" : "$(HTTPS_PROXY)") +$(info "NO_PROXY" : "$(NO_PROXY)") +$(info "ENABLE_ZTP" : "$(ENABLE_ZTP)") +$(info "ENABLE_LOCAL_USERS_PASSWORDS_RESET" : "$(ENABLE_LOCAL_USERS_PASSWORDS_RESET)") +$(info "INCLUDE_PDE" : "$(INCLUDE_PDE)") +$(info "SONIC_DEBUGGING_ON" : "$(SONIC_DEBUGGING_ON)") +$(info "SONIC_PROFILING_ON" : "$(SONIC_PROFILING_ON)") +$(info "KERNEL_PROCURE_METHOD" : "$(KERNEL_PROCURE_METHOD)") +$(info "BUILD_TIMESTAMP" : "$(BUILD_TIMESTAMP)") +$(info "BUILD_LOG_TIMESTAMP" : "$(BUILD_LOG_TIMESTAMP)") +$(info "SONIC_IMAGE_VERSION" : "$(SONIC_IMAGE_VERSION)") +$(info "BLDENV" : "$(BLDENV)") +$(info "VS_PREPARE_MEM" : "$(VS_PREPARE_MEM)") +$(info "INCLUDE_MGMT_FRAMEWORK" : "$(INCLUDE_MGMT_FRAMEWORK)") +$(info "INCLUDE_ICCPD" : "$(INCLUDE_ICCPD)") +$(info "INCLUDE_SYSTEM_TELEMETRY" : "$(INCLUDE_SYSTEM_TELEMETRY)") +$(info "INCLUDE_SYSTEM_GNMI" : "$(INCLUDE_SYSTEM_GNMI)") +$(info "INCLUDE_SYSTEM_EVENTD" : "$(INCLUDE_SYSTEM_EVENTD)") +$(info "ENABLE_HOST_SERVICE_ON_START" : "$(ENABLE_HOST_SERVICE_ON_START)") +$(info "INCLUDE_RESTAPI" : "$(INCLUDE_RESTAPI)") +$(info "INCLUDE_SFLOW" : "$(INCLUDE_SFLOW)") +$(info "INCLUDE_NAT" : "$(INCLUDE_NAT)") +$(info "INCLUDE_DHCP_RELAY" : "$(INCLUDE_DHCP_RELAY)") +$(info "INCLUDE_DHCP_SERVER" : "$(INCLUDE_DHCP_SERVER)") +$(info "INCLUDE_P4RT" : "$(INCLUDE_P4RT)") +$(info "INCLUDE_KUBERNETES" : "$(INCLUDE_KUBERNETES)") +$(info "INCLUDE_KUBERNETES_MASTER" : "$(INCLUDE_KUBERNETES_MASTER)") +$(info "INCLUDE_MACSEC" : "$(INCLUDE_MACSEC)") +$(info "INCLUDE_MUX" : "$(INCLUDE_MUX)") +$(info "INCLUDE_TEAMD" : "$(INCLUDE_TEAMD)") +$(info "INCLUDE_ROUTER_ADVERTISER" : "$(INCLUDE_ROUTER_ADVERTISER)") +$(info "INCLUDE_BOOTCHART : "$(INCLUDE_BOOTCHART)") +$(info "ENABLE_BOOTCHART : "$(ENABLE_BOOTCHART)") +$(info "INCLUDE_FIPS" : "$(INCLUDE_FIPS)") +$(info "ENABLE_TRANSLIB_WRITE" : "$(ENABLE_TRANSLIB_WRITE)") +$(info "ENABLE_NATIVE_WRITE" : "$(ENABLE_NATIVE_WRITE)") +$(info "ENABLE_DIALOUT" : "$(ENABLE_DIALOUT)") +$(info "ENABLE_AUTO_TECH_SUPPORT" : "$(ENABLE_AUTO_TECH_SUPPORT)") +$(info "PDDF_SUPPORT" : "$(PDDF_SUPPORT)") +$(info "MULTIARCH_QEMU_ENVIRON" : "$(MULTIARCH_QEMU_ENVIRON)") +$(info "SONIC_VERSION_CONTROL_COMPONENTS" : "$(SONIC_VERSION_CONTROL_COMPONENTS)") +$(info "ENABLE_ASAN" : "$(ENABLE_ASAN)") +$(info "DEFAULT_CONTAINER_REGISTRY" : "$(SONIC_DEFAULT_CONTAINER_REGISTRY)") ifeq ($(CONFIGURED_PLATFORM),vs) -$(info "BUILD_MULTIASIC_KVM" : "$(BUILD_MULTIASIC_KVM)") +$(info "BUILD_MULTIASIC_KVM" : "$(BUILD_MULTIASIC_KVM)") endif -$(info "CROSS_BUILD_ENVIRON" : "$(CROSS_BUILD_ENVIRON)") -$(info "GZ_COMPRESS_PROGRAM" : "$(GZ_COMPRESS_PROGRAM)") -$(info "LEGACY_SONIC_MGMT_DOCKER" : "$(LEGACY_SONIC_MGMT_DOCKER)") -$(info "INCLUDE_EXTERNAL_PATCHES" : "$(INCLUDE_EXTERNAL_PATCHES)") -$(info "PTF_ENV_PY_VER" : "$(PTF_ENV_PY_VER)") +$(info "CROSS_BUILD_ENVIRON" : "$(CROSS_BUILD_ENVIRON)") +$(info "GZ_COMPRESS_PROGRAM" : "$(GZ_COMPRESS_PROGRAM)") +$(info "LEGACY_SONIC_MGMT_DOCKER" : "$(LEGACY_SONIC_MGMT_DOCKER)") +$(info "INCLUDE_EXTERNAL_PATCHES" : "$(INCLUDE_EXTERNAL_PATCHES)") $(info ) else $(info SONiC Build System for $(CONFIGURED_PLATFORM):$(CONFIGURED_ARCH)) @@ -1420,6 +1420,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \ export sonic_asic_platform="$(patsubst %-$(CONFIGURED_ARCH),%,$(CONFIGURED_PLATFORM))" export enable_organization_extensions="$(ENABLE_ORGANIZATION_EXTENSIONS)" export enable_ztp="$(ENABLE_ZTP)" + export enable_local_users_passwords_reset="$(ENABLE_LOCAL_USERS_PASSWORDS_RESET)" export include_teamd="$(INCLUDE_TEAMD)" export include_router_advertiser="$(INCLUDE_ROUTER_ADVERTISER)" export sonic_su_dev_signing_key="$(SECURE_UPGRADE_DEV_SIGNING_KEY)" diff --git a/src/sonic-yang-models/setup.py b/src/sonic-yang-models/setup.py index 6748bb137848..393e12d5479e 100644 --- a/src/sonic-yang-models/setup.py +++ b/src/sonic-yang-models/setup.py @@ -87,6 +87,7 @@ def run(self): './yang-models/sonic-auto_techsupport.yang', './yang-models/sonic-bgp-bbr.yang', './yang-models/sonic-banner.yang', + './yang-models/sonic-local-users-passwords-reset.yang', './yang-models/sonic-bgp-common.yang', './yang-models/sonic-bgp-device-global.yang', './yang-models/sonic-bgp-global.yang', @@ -206,6 +207,7 @@ def run(self): './yang-models/sonic-smart-switch.yang',]), ('cvlyang-models', ['./cvlyang-models/sonic-acl.yang', './cvlyang-models/sonic-banner.yang', + './cvlyang-models/sonic-local-users-passwords-reset.yang', './cvlyang-models/sonic-bgp-common.yang', './cvlyang-models/sonic-bgp-global.yang', './cvlyang-models/sonic-bgp-monitor.yang', diff --git a/src/sonic-yang-models/tests/files/sample_config_db.json b/src/sonic-yang-models/tests/files/sample_config_db.json index 9dc0b75e0c07..dc214d8eb6ba 100644 --- a/src/sonic-yang-models/tests/files/sample_config_db.json +++ b/src/sonic-yang-models/tests/files/sample_config_db.json @@ -2668,6 +2668,11 @@ "midplane_interface": "dpu1" } }, + "LOCAL_USERS_PASSWORDS_RESET": { + "global": { + "state": "disabled" + } + }, "BANNER_MESSAGE": { "global": { "state": "enabled", @@ -2677,6 +2682,11 @@ } } }, + "LOCAL_USERS_PASSWORDS_RESET": { + "global": { + "state": "disabled" + } + }, "SAMPLE_CONFIG_DB_UNKNOWN": { "UNKNOWN_TABLE": { "Error": "This Table is for testing, This Table does not have YANG models." diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/local-users-passwords-reset.json b/src/sonic-yang-models/tests/yang_model_tests/tests/local-users-passwords-reset.json new file mode 100644 index 000000000000..af4ff540b06c --- /dev/null +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/local-users-passwords-reset.json @@ -0,0 +1,5 @@ +{ + "LOCAL_USERS_PASSWORDS_RESET_TEST_STATE": { + "desc": "Configure Local users' passwords reset feature state." + } +} \ No newline at end of file diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/local-users-passwords-reset.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/local-users-passwords-reset.json new file mode 100644 index 000000000000..f48199da3caa --- /dev/null +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/local-users-passwords-reset.json @@ -0,0 +1,11 @@ +{ + "LOCAL_USERS_PASSWORDS_RESET_TEST_STATE": { + "sonic-local-users-passwords-reset:sonic-local-users-passwords-reset": { + "sonic-local-users-passwords-reset:LOCAL_USERS_PASSWORDS_RESET": { + "global": { + "state": "enabled" + } + } + } + } +} \ No newline at end of file diff --git a/src/sonic-yang-models/yang-models/sonic-local-users-passwords-reset.yang b/src/sonic-yang-models/yang-models/sonic-local-users-passwords-reset.yang new file mode 100644 index 000000000000..5b418069b288 --- /dev/null +++ b/src/sonic-yang-models/yang-models/sonic-local-users-passwords-reset.yang @@ -0,0 +1,27 @@ +module sonic-local-users-passwords-reset { + yang-version 1.1; + namespace "http://github.com/sonic-net/local-users-passwords-reset"; + prefix local_users_passwords_reset; + + import sonic-types { + prefix stypes; + } + + description "LOCAL_USERS_PASSWORDS_RESET YANG Module for SONiC-based OS"; + revision 2024-01-04 { + description "First Revision"; + } + + container sonic-local-users-passwords-reset { + container LOCAL_USERS_PASSWORDS_RESET { + description "LOCAL_USERS_PASSWORDS_RESET part of config_db.json"; + container global { + leaf state { + type stypes:admin_mode; + description "Local users' passwords reset feature state"; + default disabled; + } + } /* end of container global */ + } /* end of container LOCAL_USERS_PASSWORDS_RESET */ + } /* end of top level container */ +} \ No newline at end of file