Adding support for sar gen2

nodes/sros/configs/grpc_insecure_sar.cfg

@@ -0,0 +1,11 @@
+/configure system security user-params local-user user "admin" access grpc true
+
+/configure system grpc allow-unsecure-connection
+
+/configure system grpc gnmi auto-config-save true
+/configure system grpc gnmi admin-state enable
+/configure system grpc gnoi cert-mgmt admin-state enable
+/configure system grpc gnoi file admin-state enable
+/configure system grpc gnoi system admin-state enable
+/configure system grpc md-cli admin-state enable
+/configure system grpc admin-state enable

nodes/sros/configs/grpc_sar.cfg

@@ -0,0 +1,34 @@
+/configure system security user-params local-user user "admin" access grpc true
+
+/configure system security tls cert-profile "clab-grpc-certs" entry 1 certificate-file "node.crt"
+/configure system security tls cert-profile "clab-grpc-certs" entry 1 key-file "node.key"
+/configure system security tls cert-profile "clab-grpc-certs" admin-state disable
+
+/configure system security tls server-cipher-list "clab-all" tls12-cipher 1 name tls-rsa-with3des-ede-cbc-sha
+/configure system security tls server-cipher-list "clab-all" tls12-cipher 2 name tls-rsa-with-aes128-cbc-sha
+/configure system security tls server-cipher-list "clab-all" tls12-cipher 3 name tls-rsa-with-aes128-cbc-sha256
+/configure system security tls server-cipher-list "clab-all" tls12-cipher 4 name tls-rsa-with-aes256-cbc-sha
+/configure system security tls server-cipher-list "clab-all" tls12-cipher 5 name tls-rsa-with-aes256-cbc-sha256
+/configure system security tls server-cipher-list "clab-all" tls12-cipher 6 name tls-rsa-with-aes128-gcm-sha256
+/configure system security tls server-cipher-list "clab-all" tls12-cipher 7 name tls-rsa-with-aes256-gcm-sha384
+/configure system security tls server-cipher-list "clab-all" tls12-cipher 8 name tls-ecdhe-rsa-aes128-gcm-sha256
+/configure system security tls server-cipher-list "clab-all" tls12-cipher 9 name tls-ecdhe-rsa-aes256-gcm-sha384
+/configure system security tls server-cipher-list "clab-all" tls13-cipher 1 name tls-aes128-gcm-sha256
+/configure system security tls server-cipher-list "clab-all" tls13-cipher 2 name tls-aes256-gcm-sha384
+/configure system security tls server-cipher-list "clab-all" tls13-cipher 3 name tls-chacha20-poly1305-sha256
+/configure system security tls server-cipher-list "clab-all" tls13-cipher 4 name tls-aes128-ccm-sha256
+/configure system security tls server-cipher-list "clab-all" tls13-cipher 5 name tls-aes128-ccm8-sha256
+
+/configure system security tls server-tls-profile "clab-grpc-tls" cert-profile "clab-grpc-certs"
+/configure system security tls server-tls-profile "clab-grpc-tls" cipher-list "clab-all"
+/configure system security tls server-tls-profile "clab-grpc-tls" admin-state enable
+
+/configure system grpc tls-server-profile "clab-grpc-tls"
+/configure system grpc gnmi auto-config-save true
+/configure system grpc gnmi admin-state enable
+/configure system grpc gnoi cert-mgmt admin-state enable
+/configure system grpc gnoi file admin-state enable
+/configure system grpc gnoi system admin-state enable
+/configure system grpc md-cli admin-state enable
+#/configure system grpc rib-api admin-state enable
+/configure system grpc admin-state enable

nodes/sros/configs/system_sar.cfg

@@ -0,0 +1,97 @@
+/configure system security aaa local-profiles profile "administrative" default-action permit-all
+/configure system security aaa local-profiles profile "administrative" entry 10 match "configure system security"
+/configure system security aaa local-profiles profile "administrative" entry 10 action permit
+/configure system security aaa local-profiles profile "administrative" entry 20 match "show system security"
+/configure system security aaa local-profiles profile "administrative" entry 20 action permit
+/configure system security aaa local-profiles profile "administrative" entry 30 match "tools perform security"
+/configure system security aaa local-profiles profile "administrative" entry 30 action permit
+/configure system security aaa local-profiles profile "administrative" entry 40 match "tools dump security"
+/configure system security aaa local-profiles profile "administrative" entry 40 action permit
+/configure system security aaa local-profiles profile "administrative" entry 42 match "tools dump system security"
+/configure system security aaa local-profiles profile "administrative" entry 42 action permit
+/configure system security aaa local-profiles profile "administrative" entry 50 match "admin system security"
+/configure system security aaa local-profiles profile "administrative" entry 50 action permit
+/configure system security aaa local-profiles profile "administrative" entry 100 match "configure li"
+/configure system security aaa local-profiles profile "administrative" entry 100 action deny
+/configure system security aaa local-profiles profile "administrative" entry 110 match "show li"
+/configure system security aaa local-profiles profile "administrative" entry 110 action deny
+/configure system security aaa local-profiles profile "administrative" entry 111 match "clear li"
+/configure system security aaa local-profiles profile "administrative" entry 111 action deny
+/configure system security aaa local-profiles profile "administrative" entry 112 match "tools dump li"
+/configure system security aaa local-profiles profile "administrative" entry 112 action deny
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization action true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization cancel-commit true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization close-session true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization commit true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization copy-config true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization create-subscription true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization delete-config true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization discard-changes true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization edit-config true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization get true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization get-config true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization get-data true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization get-schema true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization kill-session true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization lock true
+/configure system security aaa local-profiles profile "administrative" netconf base-op-authorization validate true
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnmi-capabilities permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnmi-get permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnmi-set permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnmi-subscribe permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-cert-mgmt-rotate permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-cert-mgmt-install permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-cert-mgmt-getcert permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-cert-mgmt-revoke permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-cert-mgmt-cangenerate permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-file-get permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-file-transfertoremote permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-file-put permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-file-stat permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-file-remove permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-system-ping permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-system-traceroute permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-system-time permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-system-setpackage permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-system-switchcontrolprocessor permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-system-reboot permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-system-rebootstatus permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization gnoi-system-cancelreboot permit
+/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization md-cli-session permit
+#/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization rib-api-getversion permit
+#/configure system security aaa local-profiles profile "administrative" grpc rpc-authorization rib-api-modify permit
+/configure system security aaa local-profiles profile "default" entry 10 match "exec"
+/configure system security aaa local-profiles profile "default" entry 10 action permit
+/configure system security aaa local-profiles profile "default" entry 20 match "exit"
+/configure system security aaa local-profiles profile "default" entry 20 action permit
+/configure system security aaa local-profiles profile "default" entry 30 match "help"
+/configure system security aaa local-profiles profile "default" entry 30 action permit
+/configure system security aaa local-profiles profile "default" entry 40 match "logout"
+/configure system security aaa local-profiles profile "default" entry 40 action permit
+/configure system security aaa local-profiles profile "default" entry 50 match "password"
+/configure system security aaa local-profiles profile "default" entry 50 action permit
+/configure system security aaa local-profiles profile "default" entry 60 match "show config"
+/configure system security aaa local-profiles profile "default" entry 60 action deny
+/configure system security aaa local-profiles profile "default" entry 65 match "show li"
+/configure system security aaa local-profiles profile "default" entry 65 action deny
+/configure system security aaa local-profiles profile "default" entry 66 match "clear li"
+/configure system security aaa local-profiles profile "default" entry 66 action deny
+/configure system security aaa local-profiles profile "default" entry 67 match "tools dump li"
+/configure system security aaa local-profiles profile "default" entry 67 action deny
+#/configure system security aaa local-profiles profile "default" entry 68 match "state li"
+#/configure system security aaa local-profiles profile "default" entry 68 action deny
+/configure system security aaa local-profiles profile "default" entry 70 match "show"
+/configure system security aaa local-profiles profile "default" entry 70 action permit
+/configure system security aaa local-profiles profile "default" entry 75 match "state"
+/configure system security aaa local-profiles profile "default" entry 75 action permit
+/configure system security aaa local-profiles profile "default" entry 80 match "enable-admin"
+/configure system security aaa local-profiles profile "default" entry 80 action permit
+/configure system security aaa local-profiles profile "default" entry 90 match "enable"
+/configure system security aaa local-profiles profile "default" entry 90 action permit
+/configure system security aaa local-profiles profile "default" entry 100 match "configure li"
+/configure system security aaa local-profiles profile "default" entry 100 action deny
+/configure system security user-params local-user user "admin" restricted-to-home false
+/configure system security user-params local-user user "admin" password "NokiaSros1!"
+/configure system security user-params local-user user "admin" access console true
+/configure system security user-params local-user user "admin" console member ["administrative"]
+/configure system security user-params attempts count 64

nodes/sros/sros.go

@@ -1130,6 +1130,19 @@ func (n *sros) addDefaultConfig() error {
 		}
 	}
 
+	if strings.Contains(tplData.NodeType, "sar-") {
+		tplData.GRPCConfig = grpcConfigSAR
+		tplData.SystemConfig = systemCfgSAR
+	}
+	if !*n.Cfg.Certificate.Issue {
+		log.Debugf("Using insecure cert configuration for node %s, found certificate.issue flag %v",
+			n.Cfg.ShortName, *n.Cfg.Certificate.Issue)
+		tplData.GRPCConfig = grpcConfigInsecure
+		if strings.Contains(tplData.NodeType, "sar-") {
+			tplData.GRPCConfig = grpcConfigSARInsecure
+		}
+	}
+
 	if n.Config().DNS != nil {
 		tplData.DNSServers = append(tplData.DNSServers, n.Config().DNS.Servers...)
 	}

nodes/sros/version.go

@@ -26,6 +26,12 @@ var (
 	//go:embed configs/grpc_ixr_insecure.cfg
 	grpcConfigIXRInsecure string
 
+	//go:embed configs/grpc_sar.cfg
+	grpcConfigSAR string
+
+	//go:embed configs/grpc_insecure_sar.cfg
+	grpcConfigSARInsecure string
+
 	//go:embed configs/netconf.cfg
 	netconfConfig string
 
@@ -38,6 +44,9 @@ var (
 	//go:embed configs/system_ixr.cfg
 	systemCfgIXR string
 
+	//go:embed configs/system_sar.cfg
+	systemCfgSAR string
+
 	//go:embed configs/ssh.cfg
 	sshConfig string
 )