[YANG] Add support for Password Hardening #10322
Conversation
davidpil2002
changed the title
davidpil2002
changed the title
liat-grozovik
changed the title
liat-grozovik
changed the title
|
@liuh-80 could you please help review? |
|
@praveen-li could you please help to review this one as well? |
| container PASSW_HARDENING { | ||
| description "PASSWORD HARDENING part of config_db.json"; | ||
| container POLICIES { | ||
| leaf state { |
There was a problem hiding this comment.
The feature will set to disable by default, so maybe add default values to yang model?
There was a problem hiding this comment.
@dgsudharsan I removed the default because I understand from you that it is not necessary anymore,
can you confirm?
There was a problem hiding this comment.
@liuh-80 In the yang subgroup meeting it is decided not to have default in yang model but rather handle it in application. The reason is having default will push it to config_db and currently there is no way to differentiate between user configuration from default configuration.
There was a problem hiding this comment.
Have the same concern. We should add default value (disable) into yang model.
|
|
||
| description "PASSWORD HARDENING YANG Module for SONiC OS"; | ||
|
|
||
| revision 2021-10-12 { |
There was a problem hiding this comment.
Please fix the revision date
|
If config db is migrated from previous version to this version, what will be the default setting/value for this feature: on or off? Nvidia will double check. |
|
/azpw run Azure.sonic-buildimage |
|
/AzurePipelines run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azpw run Azure.sonic-buildimage |
|
/AzurePipelines run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
…anch Related work items: #52, #71, #73, #75, #77, sonic-net#1306, sonic-net#1588, sonic-net#1991, sonic-net#2031, sonic-net#2040, sonic-net#2053, sonic-net#2066, sonic-net#2069, sonic-net#2087, sonic-net#2107, sonic-net#2110, sonic-net#2112, sonic-net#2113, sonic-net#2117, sonic-net#2124, sonic-net#2125, sonic-net#2126, sonic-net#2128, sonic-net#2130, sonic-net#2131, sonic-net#2132, sonic-net#2133, sonic-net#2134, sonic-net#2135, sonic-net#2136, sonic-net#2137, sonic-net#2138, sonic-net#2139, sonic-net#2140, sonic-net#2143, sonic-net#2158, sonic-net#2161, sonic-net#2233, sonic-net#2243, sonic-net#2250, sonic-net#2254, sonic-net#2260, sonic-net#2261, sonic-net#2267, sonic-net#2278, sonic-net#2282, sonic-net#2285, sonic-net#2288, sonic-net#2289, sonic-net#2292, sonic-net#2294, sonic-net#8887, sonic-net#9279, sonic-net#9390, sonic-net#9511, sonic-net#9700, sonic-net#10025, sonic-net#10322, sonic-net#10479, sonic-net#10484, sonic-net#10493, sonic-net#10500, sonic-net#10580, sonic-net#10595, sonic-net#10628, sonic-net#10634, sonic-net#10635, sonic-net#10644, sonic-net#10670, sonic-net#10691, sonic-net#10716, sonic-net#10731, sonic-net#10750, sonic-net#10751, sonic-net#10752, sonic-net#10761, sonic-net#10769, sonic-net#10775, sonic-net#10776, sonic-net#10779, sonic-net#10786, sonic-net#10792, sonic-net#10793, sonic-net#10800, sonic-net#10806, sonic-net#10826, sonic-net#10839, sonic-net#10840, sonic-net#10842, sonic-net#10844, sonic-net#10847, sonic-net#10849, sonic-net#10852, sonic-net#10865, sonic-net#10872, sonic-net#10877, sonic-net#10886, sonic-net#10889, sonic-net#10903, sonic-net#10904, sonic-net#10905, sonic-net#10913, sonic-net#10914, sonic-net#10916, sonic-net#10919, sonic-net#10925, sonic-net#10926, sonic-net#10929, sonic-net#10933, sonic-net#10934, sonic-net#10937, sonic-net#10941, sonic-net#10947, sonic-net#10952, sonic-net#10953, sonic-net#10957, sonic-net#10959, sonic-net#10971, sonic-net#10972, sonic-net#10980
Why I did it
Yang Model about password hardening feature, the sonic CLI of this feature was autogenerated from this Yang model
How I did it
Create new Yang model in src/sonic-yang-models/yang-models/sonic-passwh.yang.
How to verify it
There are unitests(yang test) in this P.R covering all the passwords policies with good and bad values cases.
Or is possible manually using the config/show password commands that were autogenerated from this Yang model. (this CLI code added in sonic-utilities)
Which release branch to backport (provide reason below if selected)
The feature should be released in May and currently merge in master
Description for the changelog
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)