VPP add correct socket permissions for API
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	Viacheslav
	Fri, Nov 14, 1:57 PM

Description

Summary

Add correct socket permissions for API
The current:

vyos@r14:~$ ls -la /run/vpp
total 8
drwxr-xr-x  2 root vyattacfg  140 Nov 14 13:52 .
drwxr-xr-x 46 root root      1320 Nov 14 13:52 ..
srwxrwxr-x  1 root vpp          0 Nov 14 13:52 api.sock
srwxrwxr-x  1 root vpp          0 Nov 14 13:52 cli.sock
srwxrwxr-x  1 root vpp          0 Nov 14 13:52 stats.sock
-rw-r--r--  1 root vyattacfg 2151 Nov 14 13:52 vpp.conf
-rw-r--r--  1 root vyattacfg  300 Nov 14 13:52 vpp_conf.json
vyos@r14:~$

Use case

Get op-mode commands without sudo
Use API call in smoke-tests

Additional information

Example of the script:

$ cat interface_address.py 
#!/usr/bin/env python3
from vyos.vpp import VPPControl


def get_all_addresses():
    vpp = VPPControl()
    addresses = []

    for iface in vpp.api.sw_interface_dump():
        sw_if_index = iface.sw_if_index

        # IPv4
        for a in vpp.api.ip_address_dump(sw_if_index=sw_if_index, is_ipv6=False):
            addresses.append(str(a.prefix))

        # IPv6
        for a in vpp.api.ip_address_dump(sw_if_index=sw_if_index, is_ipv6=True):
            addresses.append(str(a.prefix))

    return addresses


if __name__ == "__main__":
    for addr in get_all_addresses():
        print(addr)

Check:

vyos@r14:~$ whoami
vyos
vyos@r14:~$ 
vyos@r14:~$ ./interface_address.py
Traceback (most recent call last):
  File "/home/vyos/./interface_address.py", line 24, in <module>
    for addr in get_all_addresses():
                ^^^^^^^^^^^^^^^^^^^
  File "/home/vyos/./interface_address.py", line 6, in get_all_addresses
    vpp = VPPControl()
          ^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/vpp/control_vpp.py", line 101, in __init__
    self.__vpp_api_client.connect('vpp-vyos')
  File "/usr/lib/python3/dist-packages/vpp_papi/vpp_papi.py", line 655, in connect
    return self.connect_internal(
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vpp_papi/vpp_papi.py", line 620, in connect_internal
    rv = self.transport.connect(name, pfx, msg_handler, rx_qlen, do_async)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vpp_papi/vpp_transport_socket.py", line 93, in connect
    raise msg
  File "/usr/lib/python3/dist-packages/vpp_papi/vpp_transport_socket.py", line 90, in connect
    self.socket.connect(self.server_address)
PermissionError: [Errno 13] Permission denied
vyos@r14:~$ 
vyos@r14:~$ 
vyos@r14:~$ sudo ./interface_address.py
192.168.122.14/24
10.0.0.1/30
100.64.21.1/24
vyos@r14:~$

Details

Version: -
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Feature (new functionality)

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open	FEATURE REQUEST	None	T7221 VPP related features the root task
		Resolved	FEATURE REQUEST	Viacheslav	T8012 VPP add correct socket permissions for API

Event Timeline

Viacheslav created this task.Fri, Nov 14, 1:57 PM

Viacheslav triaged this task as Normal priority.

PR https://github.com/vyos/vyos-1x/pull/4850

Viacheslav mentioned this in rVYOSONEX99b33331b80e: T8012: Add user vpp to user groups.Wed, Nov 19, 4:18 PM

Restricted Repository Identity mentioned this in rVYOSONEX75e293b0f84e: Merge pull request #4850 from sever-sever/T8012.Wed, Nov 19, 4:18 PM

Viacheslav closed this task as Resolved.Thu, Nov 20, 2:02 PM

Viacheslav moved this task from Need Triage to Completed on the VyOS Rolling board.

VPP add correct socket permissions for APIClosed, ResolvedPublicFEATURE REQUESTActions

Description

Details

Related ObjectsSearch...

Event Timeline

VPP add correct socket permissions for API
Closed, ResolvedPublicFEATURE REQUEST
Actions

Related Objects
Search...