Fix 3089 Allow credentials to be set via topology configuration#3136
Fix 3089 Allow credentials to be set via topology configuration#3136antoinekh wants to merge 12 commits intosrl-labs:mainfrom
Conversation
|
Used in lab for a couple of days, no issues |
antoinekh
changed the title
antoinekh
force-pushed
the
fix_3089_allow_credentials_with_env
branch
from
81f7882 to
5583b10
Compare
|
Great contribution. I'll let our benevolent containerlab leader to comment but there are some things left. Similarly, in some other NOSes, we explicitly set the password in the default configuration (e.g. SROS SR-SIM). A compromise would be to set the password/user explicitly in the startup-config which I believe most of the people did already. We should probably add a few Robot tests that perform checks using SSH using the "default" creds. I suggest to cover a few usecases with this new variable. |
|
@hellt pipeline failed for GitHub ratelimit error 429. Nothing related to this code |
|
Thanks. Will check it out when time permits. |
…in nodes.md to clarify default values and usage context. Emphasize the relationship between username and password settings.
…d NodeConfig to clarify their usage for SSH/NETCONF/GNMI access.
- Implemented tests to verify default credentials are correctly placed in Ansible inventory. - Added tests for handling kind-specific credentials in Ansible inventory. - Verified per-host passwords for heterogeneous nodes in both Ansible and Nornir inventories. - Updated inventory generation logic to support new credential placement rules based on topology sources. - Introduced new test data files for various credential scenarios.
…name retrieval. This change ensures that the username is sourced from the node's configuration or the kind registry, improving consistency and reliability in SSH configuration data.
…NodeConfig.Credentials. This update enhances clarity in the code by removing redundant checks and ensuring that the username is directly sourced from the node's configuration.
… username retrieval to use NodeConfig.Credentials. This change simplifies the code and enhances clarity in SSH configuration generation.
|
Hi @antoinekh would you mind trying this adaptation of this PR where the credentials are put under the hope it still works :D |
3 participants
Fixes #3089
Fixes #2146
Fixes #2009
Summary
Allow credentials to be set via topology configuration. Adds
usernameandpasswordfields at any level of the topology hierarchy, with a well-defined resolution order.New topology fields
Credentials can now be configured at the
defaults,kinds, ornodeslevel:Credential resolution order
Most specific to least specific:
node→group→kind→defaults→ kind's hardcoded defaultChanges
Core types (
types/node_definition.go,types/topology.go,types/types.go)Username/Passwordfields toNodeDefinition(YAML-serializable)GetNodeUsername()/GetNodePassword()methods toTopologywith hierarchy resolutionUsername/PasswordtoNodeConfig—Passwordis excluded from JSON marshaling for securityCore config (
core/config.go)createNodeCfg()now populates credentials from topology, falling back to the kind's hardcoded registry defaults when not setNode kinds
n.Cfg.Username/n.Cfg.Passwordinstead of the package-leveldefaultCredentialsvariableInventory generation (
core/inventory.go)Schema & docs
clab.schema.jsonanddocs/manual/nodes.mdTests (
types/topology_test.go)TestGetNodeCredentialscovering all hierarchy levels