sonic-net · TildenWinston · Jul 6, 2020 · Jul 6, 2020 · Jul 6, 2020 · Jul 6, 2020
diff --git a/dialout/dialout_client/dialout_client.go b/dialout/dialout_client/dialout_client.go
@@ -5,18 +5,20 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
+	"net"
+
 	spb "github.com/Azure/sonic-telemetry/proto"
 	sdc "github.com/Azure/sonic-telemetry/sonic_data_client"
 	sdcfg "github.com/Azure/sonic-telemetry/sonic_db_config"
+	"github.com/Workiva/go-datastructures/queue"
 	"github.com/go-redis/redis"
 	log "github.com/golang/glog"
 	gpb "github.com/openconfig/gnmi/proto/gnmi"
 	"github.com/openconfig/ygot/ygot"
-	"github.com/Workiva/go-datastructures/queue"
 	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
-	"net"
+
 	//"reflect"
 	"strconv"
 	"strings"
@@ -185,6 +187,8 @@ func (cs *clientSubscription) NewInstance(ctx context.Context) error {
 	}
 
 	target := cs.prefix.GetTarget()
+	log.V(7).Infof("Target %v", target)
+
 	if target == "" {
 		return fmt.Errorf("Empty target data not supported yet")
 	}
@@ -264,9 +268,14 @@ func newClient(ctx context.Context, dest Destination) (*Client, error) {
 	opts := []grpc.DialOption{
 		grpc.WithBlock(),
 	}
+
 	if clientCfg.TLS != nil {
 		opts = append(opts, grpc.WithTransportCredentials(credentials.NewTLS(clientCfg.TLS)))
+	} else {
+		opts = append(opts, grpc.WithInsecure())
+		log.V(2).Infof("gRPC without TLS")
 	}
+
 	conn, err := grpc.DialContext(ctx, dest.Addrs, opts...)
 	if err != nil {
 		return nil, fmt.Errorf("Dial to (%s, timeout %v): %v", dest, timeout, err)

diff --git a/dialout/dialout_client_cli/dialout_client_cli.go b/dialout/dialout_client_cli/dialout_client_cli.go
@@ -4,13 +4,14 @@ package main
 import (
 	"crypto/tls"
 	"flag"
+	"os"
+	"os/signal"
+	"time"
+
 	dc "github.com/Azure/sonic-telemetry/dialout/dialout_client"
 	log "github.com/golang/glog"
 	gpb "github.com/openconfig/gnmi/proto/gnmi"
 	"golang.org/x/net/context"
-	"os"
-	"os/signal"
-	"time"
 )
 
 var (
@@ -19,13 +20,16 @@ var (
 		RetryInterval:  30 * time.Second,
 		Encoding:       gpb.Encoding_JSON_IETF,
 		Unidirectional: true,
-		TLS:            &tls.Config{},
 	}
+	tlsCfg = tls.Config{}
+
+	tlsDisable bool
 )
 
 func init() {
-	flag.StringVar(&clientCfg.TLS.ServerName, "server_name", "", "When set, use this hostname to verify server certificate during TLS handshake.")
-	flag.BoolVar(&clientCfg.TLS.InsecureSkipVerify, "insecure", false, "When set, client will not verify the server certificate during TLS handshake.")
+	flag.StringVar(&tlsCfg.ServerName, "server_name", "", "When set, use this hostname to verify server certificate during TLS handshake.")
+	flag.BoolVar(&tlsCfg.InsecureSkipVerify, "skip_verify", false, "When set, client will not verify the server certificate during TLS handshake.")
+	flag.BoolVar(&tlsDisable, "insecure", false, "Without TLS, only for testing")
 	flag.DurationVar(&clientCfg.RetryInterval, "retry_interval", 30*time.Second, "Interval at which client tries to reconnect to destination servers")
 	flag.BoolVar(&clientCfg.Unidirectional, "unidirectional", true, "No repesponse from server is expected")
 }
@@ -41,6 +45,12 @@ func main() {
 		cancel()
 	}()
 	log.V(1).Infof("Starting telemetry publish client")
+
+	if !tlsDisable {
+		clientCfg.TLS = &tlsCfg
+		log.V(1).Infof("TLS enable")
+	}
+
 	err := dc.DialOutRun(ctx, &clientCfg)
 	log.V(1).Infof("Exiting telemetry publish client: %v", err)
 	log.Flush()

diff --git a/dialout/dialout_server_cli/dialout_server_cli.go b/dialout/dialout_server_cli/dialout_server_cli.go
@@ -11,7 +11,6 @@ import (
 	"google.golang.org/grpc/credentials"
 
 	ds "github.com/Azure/sonic-telemetry/dialout/dialout_server"
-	testcert "github.com/Azure/sonic-telemetry/testdata/tls"
 )
 
 var (
@@ -20,7 +19,7 @@ var (
 	caCert            = flag.String("ca_crt", "", "CA certificate for client certificate validation. Optional.")
 	serverCert        = flag.String("server_crt", "", "TLS server certificate")
 	serverKey         = flag.String("server_key", "", "TLS server private key")
-	insecure          = flag.Bool("insecure", false, "Skip providing TLS cert and key, for testing only!")
+	insecure          = flag.Bool("insecure", false, "Without TLS, for testing only!")
 	allowNoClientCert = flag.Bool("allow_no_client_auth", false, "When set, telemetry server will request but not require a client certificate.")
 )
 
@@ -36,11 +35,6 @@ func main() {
 	var err error
 
 	if *insecure {
-		certificate, err = testcert.NewCert()
-		if err != nil {
-			log.Exitf("could not load server key pair: %s", err)
-		}
-	} else {
 		switch {
 		case *serverCert == "":
 			log.Errorf("serverCert must be set.")
@@ -53,32 +47,33 @@ func main() {
 		if err != nil {
 			log.Exitf("could not load server key pair: %s", err)
 		}
-	}
 
-	tlsCfg := &tls.Config{
-		ClientAuth:   tls.RequireAndVerifyClientCert,
-		Certificates: []tls.Certificate{certificate},
-	}
-	if *allowNoClientCert {
-		// RequestClientCert will ask client for a certificate but won't
-		// require it to proceed. If certificate is provided, it will be
-		// verified.
-		tlsCfg.ClientAuth = tls.RequestClientCert
-	}
+		tlsCfg := &tls.Config{
+			ClientAuth:   tls.RequireAndVerifyClientCert,
+			Certificates: []tls.Certificate{certificate},
+		}
 
-	if *caCert != "" {
-		ca, err := ioutil.ReadFile(*caCert)
-		if err != nil {
-			log.Exitf("could not read CA certificate: %s", err)
+		if *allowNoClientCert {
+			// RequestClientCert will ask client for a certificate but won't
+			// require it to proceed. If certificate is provided, it will be
+			// verified.
+			tlsCfg.ClientAuth = tls.RequestClientCert
 		}
-		certPool := x509.NewCertPool()
-		if ok := certPool.AppendCertsFromPEM(ca); !ok {
-			log.Exit("failed to append CA certificate")
+
+		if *caCert != "" {
+			ca, err := ioutil.ReadFile(*caCert)
+			if err != nil {
+				log.Exitf("could not read CA certificate: %s", err)
+			}
+			certPool := x509.NewCertPool()
+			if ok := certPool.AppendCertsFromPEM(ca); !ok {
+				log.Exit("failed to append CA certificate")
+			}
+			tlsCfg.ClientCAs = certPool
 		}
-		tlsCfg.ClientCAs = certPool
+		opts = []grpc.ServerOption{grpc.Creds(credentials.NewTLS(tlsCfg))}
 	}
 
-	opts := []grpc.ServerOption{grpc.Creds(credentials.NewTLS(tlsCfg))}
 	cfg := &ds.Config{}
 	cfg.Port = int64(*port)
 	s, err := ds.NewServer(cfg, opts)

diff --git a/sonic_data_client/db_client.go b/sonic_data_client/db_client.go
@@ -16,15 +16,15 @@ import (
 
 	spb "github.com/Azure/sonic-telemetry/proto"
 	sdcfg "github.com/Azure/sonic-telemetry/sonic_db_config"
+	"github.com/Workiva/go-datastructures/queue"
 	"github.com/go-redis/redis"
 	gnmipb "github.com/openconfig/gnmi/proto/gnmi"
-	"github.com/Workiva/go-datastructures/queue"
 )
 
 const (
 	// indentString represents the default indentation string used for
 	// JSON. Two spaces are used here.
-	indentString                 string = "  "
+	indentString string = "  "
 )
 
 // Client defines a set of methods which every client must implement.
@@ -45,9 +45,9 @@ type Client interface {
 	// Get return data from the data source in format of *spb.Value
 	Get(w *sync.WaitGroup) ([]*spb.Value, error)
 	// Set data based on path and value
-	Set(path *gnmipb.Path,  t *gnmipb.TypedValue, op int) error
+	Set(path *gnmipb.Path, t *gnmipb.TypedValue, op int) error
 	// Capabilities of the switch
-	Capabilities() ([]gnmipb.ModelData)
+	Capabilities() []gnmipb.ModelData
 
 	// Close provides implemenation for explicit cleanup of Client
 	Close() error
@@ -1012,10 +1012,9 @@ func dbTableKeySubscribe(gnmiPath *gnmipb.Path, c *DbClient) {
 	}
 }
 
-func  (c *DbClient) Set(path *gnmipb.Path, t *gnmipb.TypedValue, flagop int) error {
+func (c *DbClient) Set(path *gnmipb.Path, t *gnmipb.TypedValue, flagop int) error {
 	return nil
 }
-func (c *DbClient) Capabilities() ([]gnmipb.ModelData) {
+func (c *DbClient) Capabilities() []gnmipb.ModelData {
 	return nil
 }
-
diff --git a/sonic_data_client/virtual_db.go b/sonic_data_client/virtual_db.go
@@ -2,8 +2,9 @@ package client
 
 import (
 	"fmt"
-	log "github.com/golang/glog"
 	"strings"
+
+	log "github.com/golang/glog"
 )
 
 // virtual db is to Handle
@@ -130,8 +131,9 @@ func getPfcwdMap() (map[string]map[string]string, error) {
 		return nil, err
 	}
 
-	keyName := fmt.Sprintf("PFC_WD_TABLE%v*", separator)
+	keyName := fmt.Sprintf("PFC_WD%v*", separator)
 	resp, err := redisDb.Keys(keyName).Result()
+	log.V(10).Infof("Database response %v", resp)
 	if err != nil {
 		log.V(1).Infof("redis get keys failed for %v, key = %v, err: %v", dbName, keyName, err)
 		return nil, err
@@ -144,10 +146,12 @@ func getPfcwdMap() (map[string]map[string]string, error) {
 	}
 
 	for _, key := range resp {
-		name := key[13:]
-		pfcwdName_map[name] = make(map[string]string)
+		if len(key) > 15 && strings.EqualFold(key[:15], "PFC_WD|Ethernet") { //Need to be long enough so that we know it is a port not PFC_WD|Global and so we don't go beyond the end of the string.
+			name := key[7:] //Should be 7, but is there a more resilient way to do this?
+			pfcwdName_map[name] = make(map[string]string)
+			log.V(10).Infof("key 8: %v ,key: %v name: %v , pfcwdName_map: %v", key[8:8], key, name, pfcwdName_map[name])
+		}
 	}
-
 	// Get Queue indexes that are enabled with PFC-WD
 	keyName = "PORT_QOS_MAP*"
 	resp, err = redisDb.Keys(keyName).Result()