Downstream changes from stratum project (#391)

* Downstream changes from stratum project - Disable gnmi-ctl and sgnmi_cli builds so we can build the rest of P4 Control Plane while the Stratum code is being updated. - Update stratum submodule pointer to reference the topic branch. Signed-off-by: Derek G Foster <[email protected]> * Add support for p4_role_config protobuf library Signed-off-by: Derek G Foster <[email protected]> * Update stratum and krnlmon submodule references Signed-off-by: Derek G Foster <[email protected]> * Update stratum submodule reference Signed-off-by: Derek G Foster <[email protected]> * Restore ability to build sgnmi_cli and gnmi-ctl Signed-off-by: Derek G Foster <[email protected]> * Update stratum submodule reference Signed-off-by: Derek G Foster <[email protected]> * Update client help text and documentation Signed-off-by: Derek G Foster <[email protected]> * Make target include directories of p4_role_config public Signed-off-by: Derek G Foster <[email protected]> * Update stratum submodule reference Signed-off-by: Derek G Foster <[email protected]> * Update stratum submodule reference - Incorporate changes downstreamed from stratum project. Signed-off-by: Derek G Foster <[email protected]> --------- Signed-off-by: Derek G Foster <[email protected]>
ipdk-io · Feb 9, 2024 · 6e14b5a · 6e14b5a
1 parent 2681b1f
commit 6e14b5a
Show file tree

Hide file tree

Showing 12 changed files with 113 additions and 58 deletions.
diff --git a/clients/CMakeLists.txt b/clients/CMakeLists.txt
@@ -4,6 +4,11 @@
 # SPDX-License-Identifier: Apache 2.0
 #
 
+add_library(client_cert_options STATIC
+    client_cert_options.cc
+    client_cert_options.h
+)
+
 add_subdirectory(gnmi-ctl)
 add_subdirectory(p4rt-ctl)
 add_subdirectory(sgnmi_cli)

diff --git a/clients/client_cert_options.cc b/clients/client_cert_options.cc
@@ -0,0 +1,16 @@
+// Copyright 2022-2024 Intel Corporation
+// SPDX-License-Identifier: Apache-2.0
+
+#include "client_cert_options.h"
+
+#include "gflags/gflags.h"
+
+#define DEFAULT_CERTS_DIR "/usr/share/stratum/certs/"
+
+void set_client_cert_defaults() {
+  FLAGS_ca_cert_file = DEFAULT_CERTS_DIR "ca.crt";
+  FLAGS_server_key_file = DEFAULT_CERTS_DIR "stratum.key";
+  FLAGS_server_cert_file = DEFAULT_CERTS_DIR "stratum.crt";
+  FLAGS_client_key_file = DEFAULT_CERTS_DIR "client.key";
+  FLAGS_client_cert_file = DEFAULT_CERTS_DIR "client.crt";
+}
diff --git a/clients/client_cert_options.h b/clients/client_cert_options.h
@@ -0,0 +1,17 @@
+// Copyright 2024 Intel Corporation
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef CLIENT_CERT_OPTIONS_H_
+#define CLIENT_CERT_OPTIONS_H_
+
+#include "gflags/gflags.h"
+
+DECLARE_string(ca_cert_file);
+DECLARE_string(client_cert_file);
+DECLARE_string(client_key_file);
+DECLARE_string(server_cert_file);
+DECLARE_string(server_key_file);
+
+void set_client_cert_defaults();
+
+#endif  // CLIENT_CERT_OPTIONS_H_
diff --git a/clients/gnmi-ctl/CMakeLists.txt b/clients/gnmi-ctl/CMakeLists.txt
@@ -1,6 +1,6 @@
 # Build file for gnmi-ctl.
 #
-# Copyright 2022-2023 Intel Corporation
+# Copyright 2022-2024 Intel Corporation
 # SPDX-License-Identifier: Apache 2.0
 #
 
@@ -16,6 +16,8 @@ add_executable(gnmi-ctl
 
 set_install_rpath(gnmi-ctl ${EXEC_ELEMENT} ${DEP_ELEMENT})
 
+target_link_libraries(gnmi-ctl PRIVATE client_cert_options)
+
 target_link_libraries(gnmi-ctl
     PUBLIC
         stratum_static

diff --git a/clients/gnmi-ctl/gnmi_ctl.cc b/clients/gnmi-ctl/gnmi_ctl.cc
@@ -1,5 +1,5 @@
 // Copyright 2019-present Open Networking Foundation
-// Copyright 2021-2023 Intel Corporation
+// Copyright 2021-2024 Intel Corporation
 // SPDX-License-Identifier: Apache-2.0
 
 #include <csignal>
@@ -9,6 +9,7 @@
 #include <string>
 #include <vector>
 
+#include "../client_cert_options.h"
 #include "absl/cleanup/cleanup.h"
 #include "gflags/gflags.h"
 #include "gnmi/gnmi.grpc.pb.h"
@@ -29,8 +30,6 @@ DEFINE_bool(grpc_use_insecure_mode, false,
             "grpc communication channel in insecure mode");
 DECLARE_bool(grpc_use_insecure_mode);
 
-#define DEFAULT_CERTS_DIR "/usr/share/stratum/certs/"
-
 const char kUsage[] =
     R"USAGE(usage: gnmi-ctl [Options] {get,set,cap,sub-onchange,sub-sample} parameters
 
@@ -283,11 +282,7 @@ ::grpc::ClientReaderWriterInterface<
 
 ::util::Status Main(int argc, char** argv) {
   // Default certificate file location for TLS-mode
-  FLAGS_ca_cert_file = DEFAULT_CERTS_DIR "ca.crt";
-  FLAGS_server_key_file = DEFAULT_CERTS_DIR "stratum.key";
-  FLAGS_server_cert_file = DEFAULT_CERTS_DIR "stratum.crt";
-  FLAGS_client_key_file = DEFAULT_CERTS_DIR "client.key";
-  FLAGS_client_cert_file = DEFAULT_CERTS_DIR "client.crt";
+  set_client_cert_defaults();
 
   // Parse command line flags
   gflags::ParseCommandLineFlags(&argc, &argv, true);

diff --git a/clients/sgnmi_cli/CMakeLists.txt b/clients/sgnmi_cli/CMakeLists.txt
@@ -1,6 +1,6 @@
 # Build file for sgnmi_cli.
 #
-# Copyright 2023 Intel Corporation
+# Copyright 2023-2024 Intel Corporation
 # SPDX-License-Identifier: Apache 2.0
 #
 
@@ -14,6 +14,8 @@ add_executable(sgnmi_cli
 
 set_install_rpath(sgnmi_cli ${EXEC_ELEMENT} ${DEP_ELEMENT})
 
+target_link_libraries(sgnmi_cli PRIVATE client_cert_options)
+
 target_link_libraries(sgnmi_cli
     PUBLIC
         stratum_static

diff --git a/clients/sgnmi_cli/sgnmi_cli.cc b/clients/sgnmi_cli/sgnmi_cli.cc
@@ -1,5 +1,5 @@
 // Copyright 2019-present Open Networking Foundation
-// Copyright 2022-2023 Intel Corp
+// Copyright 2022-2024 Intel Corporation
 // SPDX-License-Identifier: Apache-2.0
 
 #include <csignal>
@@ -8,6 +8,7 @@
 #include <string>
 #include <vector>
 
+#include "../client_cert_options.h"
 #include "absl/cleanup/cleanup.h"
 #include "gflags/gflags.h"
 #include "gnmi/gnmi.grpc.pb.h"
@@ -23,8 +24,6 @@
 #include "stratum/lib/security/credentials_manager.h"
 #include "stratum/lib/utils.h"
 
-#define DEFAULT_CERTS_DIR "/usr/share/stratum/certs/"
-
 DEFINE_bool(grpc_use_insecure_mode, false,
             "grpc communication in insecure mode");
 DEFINE_string(grpc_addr, stratum::kLocalStratumUrl, "gNMI server address");
@@ -33,7 +32,7 @@ DEFINE_string(int_val, "", "Integer value to be set (64-bit)");
 DEFINE_string(uint_val, "", "Unsigned integer value to be set (64-bit)");
 DEFINE_string(string_val, "", "String value to be set");
 DEFINE_string(float_val, "", "Floating point value to be set");
-DEFINE_string(proto_bytes, "", "Protobytes value to be set");
+DEFINE_string(proto_bytes, "", "Protobuf value to be set");
 DEFINE_string(bytes_val_file, "", "A file to be sent as bytes value");
 
 DEFINE_bool(replace, false, "Use replace instead of update");
@@ -71,13 +70,16 @@ Secure gNMI CLI
 
 positional arguments:
   COMMAND                  gNMI command
+                           (get,set,cap,del,sub-onchange,sub-sample)
   PATH                     gNMI path
 
 optional arguments:
+  --helpshort              show help message and exit
+  --help                   show help on all flags and exit
   --grpc_addr GRPC_ADDR    gNMI server address
-  --ca-cert                CA certificate
-  --client-cert            gRPC Client certificate
-  --client-key             gRPC Client key
+  --ca_cert_file FILE      CA certificate
+  --client_cert_file FILE  gRPC Client certificate
+  --client_key_file FILE   gRPC Client key
   --grpc_use_insecure_mode Insecure mode (default: false)
 
 [get request only]
@@ -90,20 +92,12 @@ optional arguments:
   --uint_val UINT_VAL      Set uint value (64-bit)
   --string_val STRING_VAL  Set string value
   --float_val FLOAT_VAL    Set float value
-  --proto_bytes BYTES_VAL  Set proto_bytes value
-  --bytes_val_file FILE    File to be sent as bytes value
+  --proto_bytes PROTO_VAL  Set protobuf bytes value
+  --bytes_val_file FILE    Send file as bytes value
   --replace                Replace instead of updating
 
 [sample subscribe only]
   --interval INTERVAL      Sample subscribe poll interval in ms
-
-commands:
-  get                      Get Request
-  set                      Set Request
-  cap                      Capability Request
-  del                      Delete Request
-  sub-onchange             Subscribe On Change Request
-  sub-sample               Subscribe Sampled Request
 )USAGE";
 
 // Pipe file descriptors used to transfer signals from the handler to the cancel
@@ -244,15 +238,7 @@ ::gnmi::SubscribeRequest BuildGnmiSubSampleRequest(std::string path,
 
 ::util::Status Main(int argc, char** argv) {
   // Default certificate file location for TLS-mode
-  FLAGS_ca_cert_file = DEFAULT_CERTS_DIR "ca.crt";
-  FLAGS_server_key_file = DEFAULT_CERTS_DIR "stratum.key";
-  FLAGS_server_cert_file = DEFAULT_CERTS_DIR "stratum.crt";
-  FLAGS_client_key_file = DEFAULT_CERTS_DIR "client.key";
-  FLAGS_client_cert_file = DEFAULT_CERTS_DIR "client.crt";
-
-  // Parse command line flags
-  gflags::ParseCommandLineFlags(&argc, &argv, true);
-
+  set_client_cert_defaults();
   ::gflags::SetUsageMessage(kUsage);
   InitGoogle(argv[0], &argc, &argv, true);
   stratum::InitStratumLogging();

diff --git a/docs/clients/sgnmi_cli.md b/docs/clients/sgnmi_cli.md
@@ -25,23 +25,26 @@ For more information, see the [Security Guide](/guides/security/security-guide.m
 ## Usage
 
 ```text
-usage: sgnmi_cli [--help] [Options] COMMAND PATH
+sgnmi_cli: usage: sgnmi_cli [--help] [Options] COMMAND PATH
 
 Secure gNMI CLI
 
 positional arguments:
   COMMAND                  gNMI command
+                           (get,set,cap,del,sub-onchange,sub-sample)
   PATH                     gNMI path
 
 optional arguments:
+  --helpshort              show help message and exit
+  --help                   show help on all flags and exit
   --grpc_addr GRPC_ADDR    gNMI server address
-  --ca-cert                CA certificate
-  --client-cert            gRPC Client certificate
-  --client-key             gRPC Client key
+  --ca_cert_file FILE      CA certificate file
+  --client_cert_file FILE  Client certificate file
+  --client_key_file FILE   Client key file
   --grpc_use_insecure_mode Insecure mode (default: false)
 
 [get request only]
-  --get-type TYPE          Use specified data type for get request
+  --get-type TYPE          Use specific data type for get request
                            (ALL,CONFIG,STATE,OPERATIONAL)
 
 [set request only]
@@ -50,22 +53,34 @@ optional arguments:
   --uint_val UINT_VAL      Set uint value (64-bit)
   --string_val STRING_VAL  Set string value
   --float_val FLOAT_VAL    Set float value
-  --proto_bytes BYTES_VAL  Set proto_bytes value
-  --bytes_val_file FILE    File to be sent as bytes value
+  --proto_bytes PROTO_VAL  Set protobuf bytes value
+  --bytes_val_file FILE    Send file as bytes value
   --replace                Replace instead of updating
 
 [sample subscribe only]
   --interval INTERVAL      Sample subscribe poll interval in ms
-
-commands:
-  get                      Get Request
-  set                      Set Request
-  cap                      Capability Request
-  del                      Delete Request
-  sub-onchange             Subscribe On Change Request
-  sub-sample               Subscribe Sampled Request
 ```
 
+## Flags
+
+Command-line flags are processed using the Google
+[gflags](https://gflags.github.io/gflags/) library.
+
+Flag names may be prefixed with one or two hyphens.
+`-help` is the same as `--help`.
+
+Underscores (`_`) and hyphens (`-`) may be used interchangeably within a
+flag name. `-ca_cert_file` is the same as `-ca-cert-file`.
+
+There are a great many built-in flags in addition to the ones listed above.
+`-help` or `-helpfull` will list all the flags. `-helpshort` will list only
+the flags that are specific to the current program.
+
+Boolean flags may be specified several different ways:
+
+- `-detach`, `-detach=yes`, `-detach=true` (enable)
+- `-nodetach`, `-detach=no`, `-detach=false` (disable)
+
 ## Examples
 
 ### Get port index
@@ -98,7 +113,7 @@ commands:
 
 ```bash
     sgnmi_cli get /interfaces/interface[name=1/1/1]/state/ifindex \
-        --ca-cert=/tmp/ca.crt \
-        --client-cert=/tmp/client.crt \
-        --client-key=/tmp/client.key
+        --ca-cert-file=/tmp/ca.crt \
+        --client-cert=file=/tmp/client.crt \
+        --client-key-file=/tmp/client.key
 ```
diff --git a/docs/guides/security/security-guide.md b/docs/guides/security/security-guide.md
@@ -10,7 +10,7 @@ configuration files are available to assist in generating certificates and
 keys using OpenSSL. You may use other tools if you wish.
 
 The [reference files](https://github.com/ipdk-io/stratum-dev/tree/split-arch/tools/tls)
-use a simple PKI where a self-signed key and certificate.
+use a simple PKI with a self-signed key and certificate.
 The root level Certificate Authority (CA) is used to generate server-side
 key and cert files, and client-side key and cert files. This results in a
 1-depth level certificate chain, which will suffice for validation and

diff --git a/infrap4d/CMakeLists.txt b/infrap4d/CMakeLists.txt
@@ -1,6 +1,6 @@
 # Builds infrap4d daemon
 #
-# Copyright 2022-2023 Intel Corporation
+# Copyright 2022-2024 Intel Corporation
 # SPDX-License-Identifier: Apache 2.0
 #
 
@@ -31,6 +31,8 @@ target_link_libraries(infrap4d PRIVATE
     -Wl,--no-whole-archive
 )
 
+target_link_libraries(infrap4d PRIVATE p4_role_config)
+
 if(DPDK_TARGET)
     add_dpdk_target_libraries(infrap4d)
 elseif(ES2K_TARGET)

diff --git a/stratum/proto/CMakeLists.txt b/stratum/proto/CMakeLists.txt
@@ -1,6 +1,6 @@
 # Builds protobuf object libraries
 #
-# Copyright 2022-2023 Intel Corporation
+# Copyright 2022-2024 Intel Corporation
 # SPDX-License-Identifier: Apache 2.0
 #
 
@@ -177,3 +177,18 @@ add_library(stratum_proto SHARED
 target_link_libraries(stratum_proto PUBLIC protobuf::libprotobuf)
 
 install(TARGETS stratum_proto LIBRARY)
+
+########################
+# Build p4_role_config #
+########################
+
+generate_proto_files("stratum/public/proto/p4_role_config.proto" "${STRATUM_SOURCE_DIR}")
+
+add_library(p4_role_config SHARED
+    ${PB_OUT_DIR}/stratum/public/proto/p4_role_config.pb.cc
+    ${PB_OUT_DIR}/stratum/public/proto/p4_role_config.pb.h
+)
+
+target_include_directories(p4_role_config PUBLIC ${PB_OUT_DIR})
+
+install(TARGETS p4_role_config LIBRARY)
diff --git a/stratum/stratum b/stratum/stratum