From 608ed11c593357de3a848d50a36fa9dffbcc29cd Mon Sep 17 00:00:00 2001
From: Sumukha Tumkur Vani <stumkurv@microsoft.com>
Date: Tue, 28 Apr 2020 22:11:08 +0000
Subject: [PATCH 1/2] Add restapi config to DB

---
 src/sonic-config-engine/minigraph.py | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/sonic-config-engine/minigraph.py b/src/sonic-config-engine/minigraph.py
index 71f6bb9fc72c..de7233d684f7 100644
--- a/src/sonic-config-engine/minigraph.py
+++ b/src/sonic-config-engine/minigraph.py
@@ -836,7 +836,19 @@ def parse_xml(filename, platform=None, port_config_file=None):
             'ca_crt': '/etc/sonic/telemetry/dsmsroot.cer'
         }
     }
-
+    results['RESTAPI'] = {
+        'config': {
+            'client_auth': 'true',
+            'allow_insecure': 'false',
+            'log_level': 'trace'
+        },
+        'certs': {
+            'server_crt': '/etc/sonic/certificates/restapiserver.crt',
+            'server_key': '/etc/sonic/certificates/restapiserver.key',
+            'client_ca_crt': '/etc/sonic/certificates/restapiclient.crt',
+            'client_crt_cname': 'client.restapi.sonic'
+        }
+    }
     # Do not configure the minigraph's mirror session, which is currently unused
     # mirror_sessions = {}
     # if erspan_dst:

From 8e40e721f544264c31ec2578ea6237ddbcb446e5 Mon Sep 17 00:00:00 2001
From: Sumukha Tumkur Vani <stumkurv@microsoft.com>
Date: Wed, 29 Apr 2020 00:43:08 +0000
Subject: [PATCH 2/2] Rename certificates directory

---
 rules/docker-restapi.mk              | 2 +-
 src/sonic-config-engine/minigraph.py | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/docker-restapi.mk b/rules/docker-restapi.mk
index b472e00491de..bd91aabd86c5 100644
--- a/rules/docker-restapi.mk
+++ b/rules/docker-restapi.mk
@@ -19,7 +19,7 @@ endif
 $(DOCKER_RESTAPI)_CONTAINER_NAME = restapi
 $(DOCKER_RESTAPI)_RUN_OPT += --cap-add NET_ADMIN --privileged -t
 $(DOCKER_RESTAPI)_RUN_OPT += -v /var/run/redis/redis.sock:/var/run/redis/redis.sock
-$(DOCKER_RESTAPI)_RUN_OPT += -v /etc/sonic/certificates:/etc/sonic/certificates:ro
+$(DOCKER_RESTAPI)_RUN_OPT += -v /etc/sonic/credentials:/etc/sonic/credentials:ro
 $(DOCKER_RESTAPI)_RUN_OPT += -p=8081:8081/tcp
 $(DOCKER_RESTAPI)_RUN_OPT += -p=8090:8090/tcp
 
diff --git a/src/sonic-config-engine/minigraph.py b/src/sonic-config-engine/minigraph.py
index de7233d684f7..8f91fbe5c318 100644
--- a/src/sonic-config-engine/minigraph.py
+++ b/src/sonic-config-engine/minigraph.py
@@ -843,9 +843,9 @@ def parse_xml(filename, platform=None, port_config_file=None):
             'log_level': 'trace'
         },
         'certs': {
-            'server_crt': '/etc/sonic/certificates/restapiserver.crt',
-            'server_key': '/etc/sonic/certificates/restapiserver.key',
-            'client_ca_crt': '/etc/sonic/certificates/restapiclient.crt',
+            'server_crt': '/etc/sonic/credentials/restapiserver.crt',
+            'server_key': '/etc/sonic/credentials/restapiserver.key',
+            'client_ca_crt': '/etc/sonic/credentials/restapiclient.crt',
             'client_crt_cname': 'client.restapi.sonic'
         }
     }