CLI execution failed when enable authentication mode on REST server

[thaispkt]

Description

Steps to reproduce the issue:

1. Enable basic authentication mode in REST server by adding option dockers/docker-sonic-mgmt-framework/rest-server.sh Change from: REST_SERVER_ARGS="-ui /rest_ui -logtostderr" to REST_SERVER_ARGS="-ui /rest_ui -logtostderr -client_auth user"
2. Restart REST server
3. Configure VLAN admin@sonic:~$ sonic-cli sonic# configure terminal sonic(config)# vlan 4 sonic(config-vlan-4)# admin-state enable Exception when calling ->put_ale_vlan_ale_vlan_vlan_vlan_list_admin_status : (401) Reason: Unauthorized HTTP response headers: HTTPHeaderDict({'Access-Control-Allow-Credentials': 'true', 'Access-Control-Allow-Headers': 'Accept, Content-Type, Content-Length, Accept-Encod) HTTP response body: {"ietf-restconf:errors":{"error":[{"error-type":"protocol","error-tag":"access-denied"}]}}

4. Describe the results you received:

admin@sonic:~$ sonic-cli sonic# configure terminal sonic(config)# vlan 4 sonic(config-vlan-4)# admin-state enable Exception when calling ->put_ale_vlan_ale_vlan_vlan_vlan_list_admin_status : (401) Reason: Unauthorized HTTP response headers: HTTPHeaderDict({'Access-Control-Allow-Credentials': 'true', 'Access-Control-Allow-Headers': 'Accept, Content-Type, Content-Length, Accept-Encod) HTTP response body: {"ietf-restconf:errors":{"error":[{"error-type":"protocol","error-tag":"access-denied"}]}}

Describe the results you expected:

admin@sonic:~$ sonic-cli sonic# configure terminal sonic(config)# vlan 4 sonic(config-vlan-4)# admin-state enable sonic(config-vlan-4)#

**Output of `show version`:**

```

admin@sonic:~$ show version SONiC Software Version: SONiC.master.376100-0299ab8de SONiC OS Version: 11 Distribution: Debian 11.7 Kernel: 5.10.0-23-2-amd64 Build commit: 0299ab8de Build date: Sun Oct 1 11:58:10 UTC 2023 Built by: AzDevOps@vmss-soni0024LO

Platform: x86_64-kvm_x86_64-r0 HwSKU: Force10-S6000 ASIC: vs ASIC Count: 1 Serial Number: N/A Model Number: N/A Hardware Revision: N/A Uptime: 07:38:35 up 0 min, 1 user, load average: 1.93, 0.48, 0.16 Date: Mon 02 Oct 2023 07:38:35

    **Attach debug file `sudo generate_dump`:**

(paste your output here)
```

[yxieca]

This is an image issue. Question to be answered:

Is authentication mode part of the HLD/feature for sonic-mgmt-framework?

[thaispkt]

Hi @yxieca Yes, this authentication mode is the part of the HLD/feature for sonic-mgmt-framework. Please refer: https://github.com/sonic-net/SONiC/blob/master/doc/mgmt/Management%20Framework.md#322412-authentication

A new table "REST_SERVER" is introduced in ConfigDB for maintaining REST server configurations. key = REST_SERVER|default ; REST server configurations. ;field = value port = 15DIGIT ; server port - defaults to 443 client_auth = "none" / "password" / "jwt" / "cert" ; Client authentication mode. ; none: No authentication, all clients ; are allowed. Should be used only ; for debugging. ; password: HTTP Basic authentication. ; jwt : HTTP Bearer Token authentication with ; JSON Web Token format. ; cert: Certificate based authentication. ; Requires ca_crt configuration. ; Any combination of "password", "jwt" and "cert" modes can be ; enabled by specifying a comma separated values. ; Eg: "password,jwt" enables both password and jwt modes. log_level = DIGIT ; Verbosity for glog.V logs server_crt = 1VCHAR ; Path to TLS certificate file server_key = 1VCHAR ; Path to TLS private key file ca_crt = 1VCHAR ; Path to the CA certificate to be used for ; client certificate validation.

[anand-kumar-subramanian]

Duplicate of https://github.com/sonic-net/sonic-gnmi/issues/185