Translib support for authorization, yang versioning and Delete flag (s…

…onic-net#21)

Translib support for user authorization, yang versioning and Delete flag to indicate if the object needs to be deleted on last field delete needed for CLI

debian/sonic-mgmt-common.install

@@ -6,6 +6,7 @@ models/yang/sonic/*.yang            usr/models/yang
 models/yang/sonic/common/*.yang     usr/models/yang
 models/yang/annotations/*.yang      usr/models/yang
 config/transformer/models_list      usr/models/yang
+models/yang/version.xml             usr/models/yang
 
 # CVL files
 build/cvl/schema        usr/sbin

models/yang/README.md

@@ -0,0 +1,51 @@
+# YANG directory
+
+## Directory structure
+
+    yang/               --> Standard YANGs
+    |-- annotations/    --> Transformer annotations
+    |-- common/         --> Dependencies for standard YANGs
+    |-- extensions/     --> Extenstions for standard YANGs
+    |-- sonic/          --> SONiC yangs
+    |-- testdata/       --> Test YANGs - ignored
+    `-- version.xml     --> YANG bundle version configuration file
+
+All supported standard YANG files (OpenConfig and IETF) are kept in this **yang** directory. Usual practice is to keep only top level YANG module here and keep dependent YANGs, submodules in **yang/common** directory.
+
+Example: openconfig-platform.yang is kept in top **yang** directory and openconfig-platform-types.yang in **yang/common** directory.
+
+All extenstion YANGs **MUST** be kept in **yang/extensions** directory.
+
+## version.xml
+
+version.xml file maintains the yang bundle version number in **Major.Minor.Patch** format.
+It is the collective version number for all the YANG modules defined here.
+**UPDATE THIS VERSION NUMBER FOR EVERY YANG CHANGE.**
+
+**Major version** should be incremented if YANG model is changed in a non backward compatible manner.
+Such changes should be avoided.
+
+* Delete, rename or relocate data node
+* Change list key attributes
+* Change data type of a node to an incompatible type
+* Change leafref target
+
+**Minor version** should be incremented if the YANG change modifies the API in a backward
+compatible way. Patch version should be reset to 0.
+Candidate YANG changes for this category are:
+
+* Add new YANG module
+* Add new YANG data nodes
+* Mark a YANG data node as deprecated
+* Change data type of a node to a compatible type
+* Add new enum or identity
+
+**Patch version** should incremented for cosmetic fixes that do not change YANG API.
+Candidate YANG changes for this category are:
+
+* Change description, beautification.
+* Expand pattern or range of a node to wider set.
+* Change must expression to accept more cases.
+* Error message or error tag changes.
+
+

models/yang/version.xml

@@ -0,0 +1,36 @@
+<version-config>
+  <!--
+  yang-bundle-version configuration indicates the version
+  for the collection of all yang modules.
+
+  Update the version numbers here for every yang change.
+
+  Bump up MAJOR version only if the yang change are not
+  backward compatible.
+    + Renaming or relocating of data nodes
+    + Deleting unsupported configs
+    + Changing list key attributes
+    + Incompatible data type changes
+    + Changing leafref target
+
+  Bump up MINOR version number for all backward compatible
+  API changes.
+    + Add new config node
+    + Data type changes like pattern, range (that are backward compatibile)
+    + Adding new enum/identity
+
+  Bump up PATCH number for cosmetic fixes that do not affect any API
+    + Description changes, beautification
+    + Must expression and validations that are backward compatibile
+    + error-tag, error-message
+    + max-elements, min-elements
+    + Mark a node as deprecated
+  -->
+  <yang-bundle-version>
+    <Major>1</Major>
+    <Minor>0</Minor>
+    <Patch>0</Patch>
+  </yang-bundle-version>
+
+</version-config>
+

translib/app_interface.go

@@ -63,6 +63,10 @@ type appOptions struct {
     // 0 indicates unlimited depth.
     // Valid for GET API only.
     depth uint
+
+    // deleteEmptyEntry indicates if the db entry should be deleted upon
+    // deletion of last field. This is a non standard option.
+    deleteEmptyEntry bool
 }
 
 //map containing the base path to app module info

translib/authorize.go

@@ -0,0 +1,81 @@
+////////////////////////////////////////////////////////////////////////////////
+//                                                                            //
+//  Copyright 2019 Broadcom. The term Broadcom refers to Broadcom Inc. and/or //
+//  its subsidiaries.                                                         //
+//                                                                            //
+//  Licensed under the Apache License, Version 2.0 (the "License");           //
+//  you may not use this file except in compliance with the License.          //
+//  You may obtain a copy of the License at                                   //
+//                                                                            //
+//     http://www.apache.org/licenses/LICENSE-2.0                             //
+//                                                                            //
+//  Unless required by applicable law or agreed to in writing, software       //
+//  distributed under the License is distributed on an "AS IS" BASIS,         //
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  //
+//  See the License for the specific language governing permissions and       //
+//  limitations under the License.                                            //
+//                                                                            //
+////////////////////////////////////////////////////////////////////////////////
+
+/*
+Package translib defines the functions to be used to authorize
+
+an incoming user. It also includes caching of the UserDB data
+
+needed to authorize the user.
+
+*/
+
+package translib
+
+func isAuthorizedForSet(req SetRequest) bool {
+	if !req.AuthEnabled {
+		return true
+	}
+	for _, r := range req.User.Roles {
+		if r == "admin" {
+			return true
+		}
+	}
+	return false
+}
+
+func isAuthorizedForBulk(req BulkRequest) bool {
+	if !req.AuthEnabled {
+		return true
+	}
+	for _, r := range req.User.Roles {
+		if r == "admin" {
+			return true
+		}
+	}
+	return false
+}
+
+func isAuthorizedForGet(req GetRequest) bool {
+	if !req.AuthEnabled {
+		return true
+	}
+	return true
+}
+
+func isAuthorizedForSubscribe(req SubscribeRequest) bool {
+	if !req.AuthEnabled {
+		return true
+	}
+	return true
+}
+
+func isAuthorizedForIsSubscribe(req IsSubscribeRequest) bool {
+	if !req.AuthEnabled {
+		return true
+	}
+	return true
+}
+
+func isAuthorizedForAction(req ActionRequest) bool {
+	if !req.AuthEnabled {
+		return true
+	}
+	return true
+}

translib/tlerr/app_errors.go

@@ -45,6 +45,9 @@ type NotSupportedError errordata
 // InternalError indicates a generic error during app execution.
 type InternalError errordata
 
+// AuthorizationError indicates the user is not authorized for an operation.
+type AuthorizationError errordata
+
 /////////////
 
 func (e InvalidArgsError) Error() string {
@@ -90,3 +93,8 @@ func (e InternalError) Error() string {
 func New(msg string, args ...interface{}) InternalError {
 	return InternalError{Format: msg, Args: args}
 }
+
+func (e AuthorizationError) Error() string {
+    return p.Sprintf(e.Format, e.Args...)
+}
+

translib/tlerr/tlerr.go

@@ -101,3 +101,14 @@ type TranslibSyntaxValidationError struct {
 func (e TranslibSyntaxValidationError) Error() string {
 	return p.Sprintf("%s", e.ErrorStr)
 }
+
+type TranslibUnsupportedClientVersion struct {
+    ClientVersion string
+    ServerVersion string
+    ServerBaseVersion string
+}
+
+func (e TranslibUnsupportedClientVersion) Error() string {
+    return p.Sprintf("Unsupported client version %s", e.ClientVersion)
+}
+