Implements the frontend logic for gNSI Certz by jayaragini-hcl · Pull Request #559 · sonic-net/sonic-gnmi

jayaragini-hcl · 2026-01-13T18:54:07Z

This PR enables support for managing the device certificates,Trust bundles,CRLs and handles the certificate management using Certz Rotate() RPC

HLD Link

Dependency Chain for Merge
Backend Base PR : sonic-net/sonic-mgmt-common#183 (Must be merged first)
Backend Incremental PR : sonic-net/sonic-mgmt-common#198
Frontend Base PR: #596 (Must be merged first)
Incremental PR: #578
Current PR : #559

gNSI Certz UT Results:

=== RUN TestGnsiCertzServer
=== RUN TestGnsiCertzServer/RotateCertificateDefaultSuccess
=== RUN TestGnsiCertzServer/RotateCRLDefaultSuccess
=== RUN TestGnsiCertzServer/RotateTrustBundleSuccess
=== RUN TestGnsiCertzServer/RotateEmptyRequest
=== RUN TestGnsiCertzServer/RotateCertificateMissingCert
=== RUN TestGnsiCertzServer/RotateCertificateMissingKey
=== RUN TestGnsiCertzServer/RotateCertificateMissingType
=== RUN TestGnsiCertzServer/RotateCertificateMissingEncoding
=== RUN TestGnsiCertzServer/RotateTrustBundleMissingCert
=== RUN TestGnsiCertzServer/RotateTrustBundleMissingType
=== RUN TestGnsiCertzServer/RotateTrustBundleMissingEncoding
=== RUN TestGnsiCertzServer/RotateCRLMissingCert
=== RUN TestGnsiCertzServer/RotateCRLMissingType
=== RUN TestGnsiCertzServer/RotateCRLMissingEncoding
=== RUN TestGnsiCertzServer/AddProfileUnimplemented
=== RUN TestGnsiCertzServer/DeleteProfileUnimplemented
=== RUN TestGnsiCertzServer/GetProfileListUnimplemented
=== RUN TestGnsiCertzServer/CanGenerateCSRAccept
=== RUN TestGnsiCertzServer/CanGenerateCSRReject
=== RUN TestGnsiCertzServer/GenerateCsrRSA
=== RUN TestGnsiCertzServer/GenerateCsrECDSA
=== RUN TestGnsiCertzServer/GenerateCsrAttest
=== RUN TestGnsiCertzServer/restoreSymlink
=== RUN TestGnsiCertzServer/rmFileIfNotPointedToBySymlink
=== RUN TestGnsiCertzServer/isSymlinkValid
=== RUN TestGnsiCertzServer/Rotate_DoUpload_CRLNotConfigured
=== RUN TestGnsiCertzServer/CreatesCRLDefaultDirectories
=== RUN TestGnsiCertzServer/CRL_MkdirFailureLogging
=== RUN TestGnsiCertzServer/Rotate_ConcurrentRPC_ReturnsAborted
=== RUN TestGnsiCertzServer/Rotate_UnexpectedEOF_TriggersRevert
=== RUN TestGnsiCertzServer/Rotate_InvalidRequest_TriggersProcessErr
=== RUN TestGnsiCertzServer/RevertProfile_Full_Coverage
=== RUN TestGnsiCertzServer/SaveEntities_AuthPolicy_BackupAndWriteSuccess
=== RUN TestGnsiCertzServer/SaveEntities_AuthPolicy_SaveFailAndRestoreFail
=== RUN TestGnsiCertzServer/Rotate_Concurrent_Call_Error
=== RUN TestGnsiCertzServer/Rotate_Stream_Recv_Error
=== RUN TestGnsiCertzServer/Rotate_Process_Request_Error
=== RUN TestGnsiCertzServer/Rotate_Finalize_Failure_Coverage
=== RUN TestGnsiCertzServer/ReadCertChain_Full_Coverage
=== RUN TestGnsiCertzServer/ReadCertChain_Full_Coverage/ParentLoopValidationFailure
--- PASS: TestGnsiCertzServer (1.71s)
--- PASS: TestGnsiCertzServer/RotateCertificateDefaultSuccess (0.02s)
--- PASS: TestGnsiCertzServer/RotateCRLDefaultSuccess (0.01s)
--- PASS: TestGnsiCertzServer/RotateTrustBundleSuccess (0.02s)
--- PASS: TestGnsiCertzServer/RotateEmptyRequest (0.01s)
--- PASS: TestGnsiCertzServer/RotateCertificateMissingCert (0.01s)
--- PASS: TestGnsiCertzServer/RotateCertificateMissingKey (0.01s)
--- PASS: TestGnsiCertzServer/RotateCertificateMissingType (0.01s)
--- PASS: TestGnsiCertzServer/RotateCertificateMissingEncoding (0.01s)
--- PASS: TestGnsiCertzServer/RotateTrustBundleMissingCert (0.01s)
--- PASS: TestGnsiCertzServer/RotateTrustBundleMissingType (0.01s)
--- PASS: TestGnsiCertzServer/RotateTrustBundleMissingEncoding (0.01s)
--- PASS: TestGnsiCertzServer/RotateCRLMissingCert (0.01s)
--- PASS: TestGnsiCertzServer/RotateCRLMissingType (0.01s)
--- PASS: TestGnsiCertzServer/RotateCRLMissingEncoding (0.01s)
--- PASS: TestGnsiCertzServer/AddProfileUnimplemented (0.01s)
--- PASS: TestGnsiCertzServer/DeleteProfileUnimplemented (0.01s)
--- PASS: TestGnsiCertzServer/GetProfileListUnimplemented (0.01s)
--- PASS: TestGnsiCertzServer/CanGenerateCSRAccept (0.01s)
--- PASS: TestGnsiCertzServer/CanGenerateCSRReject (0.02s)
--- PASS: TestGnsiCertzServer/GenerateCsrRSA (0.53s)
--- PASS: TestGnsiCertzServer/GenerateCsrECDSA (0.01s)
--- PASS: TestGnsiCertzServer/GenerateCsrAttest (0.01s)
--- PASS: TestGnsiCertzServer/restoreSymlink (0.00s)
--- PASS: TestGnsiCertzServer/rmFileIfNotPointedToBySymlink (0.00s)
--- PASS: TestGnsiCertzServer/isSymlinkValid (0.00s)
--- PASS: TestGnsiCertzServer/Rotate_DoUpload_CRLNotConfigured (0.01s)
--- PASS: TestGnsiCertzServer/CreatesCRLDefaultDirectories (0.01s)
--- PASS: TestGnsiCertzServer/CRL_MkdirFailureLogging (0.01s)
--- PASS: TestGnsiCertzServer/Rotate_ConcurrentRPC_ReturnsAborted (0.02s)
--- PASS: TestGnsiCertzServer/Rotate_UnexpectedEOF_TriggersRevert (0.01s)
--- PASS: TestGnsiCertzServer/Rotate_InvalidRequest_TriggersProcessErr (0.01s)
--- PASS: TestGnsiCertzServer/RevertProfile_Full_Coverage (0.01s)
--- PASS: TestGnsiCertzServer/SaveEntities_AuthPolicy_BackupAndWriteSuccess (0.01s)
--- PASS: TestGnsiCertzServer/SaveEntities_AuthPolicy_SaveFailAndRestoreFail (0.01s)
--- PASS: TestGnsiCertzServer/Rotate_Concurrent_Call_Error (0.01s)
--- PASS: TestGnsiCertzServer/Rotate_Stream_Recv_Error (0.02s)
--- PASS: TestGnsiCertzServer/Rotate_Process_Request_Error (0.01s)
--- PASS: TestGnsiCertzServer/Rotate_Finalize_Failure_Coverage (0.01s)
--- PASS: TestGnsiCertzServer/ReadCertChain_Full_Coverage (0.00s)

mssonicbld · 2026-01-13T18:54:16Z

/azp run

azure-pipelines · 2026-01-13T18:54:26Z

Azure Pipelines successfully started running 1 pipeline(s).

jayaragini-hcl · 2026-01-13T19:26:21Z

@rlucus, @ndas7: Could you please review the new PR after split up and share your feedback.
cc: @kishanps

mssonicbld · 2026-01-19T14:55:54Z

/azp run

azure-pipelines · 2026-01-19T14:56:04Z

Azure Pipelines successfully started running 1 pipeline(s).

jayaragini-hcl · 2026-01-22T06:32:37Z

@rlucus, @ndas7: Could you please review the new PR after split up and share your feedback.
cc: @kishanps

mssonicbld · 2026-01-29T13:46:32Z

/azp run

azure-pipelines · 2026-01-29T13:46:43Z

Azure Pipelines successfully started running 1 pipeline(s).

mssonicbld · 2026-01-29T15:37:22Z

/azp run

azure-pipelines · 2026-01-29T15:37:32Z

Azure Pipelines successfully started running 1 pipeline(s).

mssonicbld · 2026-01-29T15:41:31Z

/azp run

azure-pipelines · 2026-01-29T15:41:42Z

Azure Pipelines successfully started running 1 pipeline(s).

mssonicbld · 2026-01-29T16:25:21Z

/azp run

azure-pipelines · 2026-01-29T16:25:32Z

Azure Pipelines successfully started running 1 pipeline(s).

mssonicbld · 2026-01-29T16:42:07Z

/azp run

azure-pipelines · 2026-01-29T16:42:17Z

Azure Pipelines successfully started running 1 pipeline(s).

mssonicbld · 2026-01-30T12:50:28Z

/azp run

azure-pipelines · 2026-01-30T12:50:38Z

Azure Pipelines successfully started running 1 pipeline(s).

jayaragini-hcl · 2026-01-30T14:04:09Z

Hi @rlucus, @ndas7: Review comments has been addressed. Could you please review the PR
cc: @kishanps

mssonicbld · 2026-02-27T11:35:21Z

/azp run

azure-pipelines · 2026-02-27T11:35:31Z

Azure Pipelines successfully started running 1 pipeline(s).

mssonicbld · 2026-02-27T12:27:29Z

/azp run

azure-pipelines · 2026-02-27T12:27:39Z

Azure Pipelines successfully started running 1 pipeline(s).

mssonicbld · 2026-02-27T15:10:07Z

/azp run

azure-pipelines · 2026-02-27T15:10:17Z

Azure Pipelines successfully started running 1 pipeline(s).

mssonicbld · 2026-02-27T16:46:23Z

/azp run

azure-pipelines · 2026-02-27T16:46:34Z

Azure Pipelines successfully started running 1 pipeline(s).

jayaragini-hcl · 2026-02-27T17:46:02Z

Hi @rlucus Addressed the review comments, Please review and approve the PR
cc: @kishanps, @ndas7

rlucus

Approved, pending that function being moved back.

Signed-off-by: Pattela JAYARAGINI <pattelaj@google.com>

mssonicbld · 2026-02-27T22:05:33Z

/azp run

azure-pipelines · 2026-02-27T22:05:42Z

Azure Pipelines successfully started running 1 pipeline(s).

mssonicbld · 2026-02-27T22:55:07Z

/azp run

azure-pipelines · 2026-02-27T22:55:16Z

Azure Pipelines successfully started running 1 pipeline(s).

Signed-off-by: Pattela JAYARAGINI <pattelaj@google.com>

mssonicbld · 2026-02-27T23:38:50Z

/azp run

azure-pipelines · 2026-02-27T23:38:59Z

Azure Pipelines successfully started running 1 pipeline(s).

jayaragini-hcl · 2026-02-28T01:04:30Z

Hi @rlucus .Addressed the comment, Please approve #596
cc: @kishanps, @ndas7

jayaragini-hcl mentioned this pull request Jan 13, 2026

Add mTLS support for gNSI Certz #528

Merged

jayaragini-hcl mentioned this pull request Jan 13, 2026

Implement translib backend logic for the gNSI Certz sonic-net/sonic-mgmt-common#198

Merged

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from d695948 to 46a4968 Compare January 19, 2026 14:55

rlucus suggested changes Jan 26, 2026

View reviewed changes

Comment thread gnmi_server/gnsi_utils.go Outdated

Comment thread gnmi_server/gnsi_utils.go Outdated

Comment thread gnmi_server/gnsi_utils.go Outdated

Comment thread gnmi_server/gnsi_utils.go Outdated

jayaragini-hcl mentioned this pull request Jan 29, 2026

Default sonic-gnmi/ build failing due to go package "protoc-gen-gofast" #565

Closed

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from 46a4968 to 989dd86 Compare January 29, 2026 13:46

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from 989dd86 to f6d715e Compare January 29, 2026 15:37

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from f6d715e to 4031f09 Compare January 29, 2026 15:41

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from 4031f09 to fd9f8f2 Compare January 29, 2026 16:25

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from fd9f8f2 to 7a6491f Compare January 29, 2026 16:41

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from 7a6491f to 4f8f68c Compare January 30, 2026 12:50

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from 5d002ca to d6ac70b Compare February 27, 2026 11:35

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from d6ac70b to 2929413 Compare February 27, 2026 12:27

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from 2929413 to 4a09a86 Compare February 27, 2026 15:10

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from 4a09a86 to a9f8cdc Compare February 27, 2026 16:46

jayaragini-hcl mentioned this pull request Feb 27, 2026

Add support for exporting GetKey for use in the GNSI implementation. #596

Merged

rlucus approved these changes Feb 27, 2026

View reviewed changes

Comment thread common_utils/notification_producer.go Outdated

Add support to write gNSI credentials metadata to DB

0414e66

Signed-off-by: Pattela JAYARAGINI <pattelaj@google.com>

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from a9f8cdc to bfd7b4a Compare February 27, 2026 22:05

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from bfd7b4a to d26cd64 Compare February 27, 2026 22:55

Implements the frontend logic for gNSI Certz

ee4beb9

Signed-off-by: Pattela JAYARAGINI <pattelaj@google.com>

jayaragini-hcl force-pushed the gnsi_certz_fe_pr1_2 branch from d26cd64 to ee4beb9 Compare February 27, 2026 23:38

sneelam20 approved these changes Mar 2, 2026

View reviewed changes

sneelam20 enabled auto-merge (squash) March 2, 2026 18:04

sneelam20 merged commit bf5d3e0 into sonic-net:master Mar 2, 2026
9 checks passed

Conversation

jayaragini-hcl commented Jan 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mssonicbld commented Jan 13, 2026

Uh oh!

azure-pipelines Bot commented Jan 13, 2026

Uh oh!

jayaragini-hcl commented Jan 13, 2026

Uh oh!

mssonicbld commented Jan 19, 2026

Uh oh!

azure-pipelines Bot commented Jan 19, 2026

Uh oh!

jayaragini-hcl commented Jan 22, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

mssonicbld commented Jan 29, 2026

Uh oh!

azure-pipelines Bot commented Jan 29, 2026

Uh oh!

mssonicbld commented Jan 29, 2026

Uh oh!

azure-pipelines Bot commented Jan 29, 2026

Uh oh!

mssonicbld commented Jan 29, 2026

Uh oh!

azure-pipelines Bot commented Jan 29, 2026

Uh oh!

mssonicbld commented Jan 29, 2026

Uh oh!

azure-pipelines Bot commented Jan 29, 2026

Uh oh!

mssonicbld commented Jan 29, 2026

Uh oh!

azure-pipelines Bot commented Jan 29, 2026

Uh oh!

mssonicbld commented Jan 30, 2026

Uh oh!

azure-pipelines Bot commented Jan 30, 2026

Uh oh!

jayaragini-hcl commented Jan 30, 2026

Uh oh!

mssonicbld commented Feb 27, 2026

Uh oh!

azure-pipelines Bot commented Feb 27, 2026

Uh oh!

mssonicbld commented Feb 27, 2026

Uh oh!

azure-pipelines Bot commented Feb 27, 2026

Uh oh!

mssonicbld commented Feb 27, 2026

Uh oh!

azure-pipelines Bot commented Feb 27, 2026

Uh oh!

mssonicbld commented Feb 27, 2026

Uh oh!

azure-pipelines Bot commented Feb 27, 2026

Uh oh!

jayaragini-hcl commented Feb 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

rlucus left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

mssonicbld commented Feb 27, 2026

Uh oh!

azure-pipelines Bot commented Feb 27, 2026

Uh oh!

mssonicbld commented Feb 27, 2026

Uh oh!

azure-pipelines Bot commented Feb 27, 2026

Uh oh!

mssonicbld commented Feb 27, 2026

Uh oh!

azure-pipelines Bot commented Feb 27, 2026

jayaragini-hcl commented Jan 13, 2026 •

edited

Loading

jayaragini-hcl commented Feb 27, 2026 •

edited

Loading