forked from sonic-net/sonic-buildimage
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ycabled] add secure channel support for grpc dualtor active-active c…
…onnectivity (sonic-net#275) Signed-off-by: vaibhav-dahiya [email protected] This PR adds support for creating a secure channel for gRPC between SOC and SONiC. the certs and configurations are defined in config DB config': { 'type': 'secure', 'auth_level': 'server', 'log_level': 'info' }, 'certs': { 'client_crt': path', 'client_key': 'path 'ca_crt': 'path, 'grpc_ssl_credential': 'target override' } Using this config parameter we can have secure/insecure as well as mutual/server level authentication between SoC and SONiC. This PR leverages the cert API's in gRPC lib and certs created to create a TLS based handshake if required to setup gRPC channel Description Motivation and Context Required for secure gRPC support between SONiC and SoC How Has This Been Tested? Unit-Tests and running the changes on the testbed
- Loading branch information
Showing
2 changed files
with
135 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters