Closed noredistribution closed 3 years ago
that is an example of a token based auth - https://github.com/aristanetworks/goarista/commit/4e6fdcf7f22110ef30e57869c1f0ddac8713b54f#diff-9b67042dba77194358f15e0efb60451bf36dfee972a28be145bc950ea0161787
@noredistribution, sure I will try to add it this week. If I understand correctly, the token is always used together with a secure gRPC connection? And it will be defined using a flag or within the config file.
Is there a mechanism to automatically refresh the token if needed?
Thanks a lot guys for taking this on!
Is there a mechanism to automatically refresh the token if needed?
there will be an API to renew the token in newer CloudVision releases( note the service account token has a max life of 1 year by default)
If I understand correctly, the token is always used together with a secure gRPC connection? And it will be defined using a flag or within the config file.
yes that's correct, example here: https://github.com/aristanetworks/goarista/blob/master/gnmi/client.go#L120
@noredistribution can you give it a try with v0.17.0?
You can pass the token with the global flag --token
, with the EVN var GNMIC_TOKEN
, or under a specific target config:
targets:
target1:
token: my_token
The token is added to each RPC only in the case of a secure connection, An empty token will not be added.
thanks so much @karimra it works like a charm!
gnmic -a tp-cvp.local:8443 --mode=once subscribe --path /inventory/state/device/device-id --token=$GNMIC_TOKEN --gzip --skip-verify
{
"source": "tp-cvp.local:8443",
"subscription-name": "default-1626276999",
"timestamp": 1626168830000000000,
"time": "2021-07-13T10:33:50+01:00",
"updates": [
{
"Path": "inventory/state/device[device-id=leaf1]/device-id",
"values": {
"inventory/state/device/device-id": "leaf1"
}
}
]
}
{
"source": "tp-cvp.local:8443",
"subscription-name": "default-1626276999",
"timestamp": 1623849223780404136,
"time": "2021-06-16T14:13:43.780404136+01:00",
"updates": [
{
"Path": "inventory/state/device[device-id=de:ad:be:ef:ca:fe]/device-id",
"values": {
"inventory/state/device/device-id": "de:ad:be:ef:ca:fe"
}
}
]
}
Would be nice to have token-based auth in gnmic (ref: https://grpc.io/docs/guides/auth/)) to be able to fetch device data using service accounts for example from Arista's CloudVision 🙏