Comments (4)
I got this working finally. Here's a sample of what I did for others needing help. Maybe some additions to the docs would help too. The override should match a SAN in the server side certificate.
with gNMIclient(target=host, path_root='/Users/someuser/certs/ca.crt',
path_key='/Users/someuser/certs/client.key', path_cert='/Users/someuser/certs/client.crt',
override='10.10.10.10') as gc:
from pygnmi.
Hello @instantioc ,
we don't have example of the mTLS, because we so far haven't seen the usecases, where it is needed. Could you please elaborate more on what is yours one?
Best,
Anton
from pygnmi.
The use case is for more security conscious users that do not want to rely only on a username and password. The client authenticates to the server with a certificate and the client also verifies the server cert. Both certs would be issued by and verified by an enterprise CA. The gNMI implementation/spec supports mTLS already and is supported in many server/appliances from various manufacturers (Cisco, Arista, Juniper). The gNXI GO based client published by Google already supports this but I'm interested in the existing python based clients already in place and programmed around.
https://github.com/openconfig/reference/blob/master/rpc/gnmi/gnmi-authentication.md
from pygnmi.
Thanks @instantioc ,
we'll create update docs.
Best,
Anton
from pygnmi.
Related Issues (20)
- timeout or gnmi-timeout doesn't seem to work HOT 1
- subscribe not working to Juniper device HOT 6
- nornir example for subscribe stream mode HOT 1
- Missing minimum grpcio version in requirements HOT 1
- Invalid Path error HOT 4
- Release new version HOT 2
- Issue with pygnmi not returning value for get on leaf level for presence container HOT 2
- Feature: Distribute the whl file when publishing to pypi HOT 1
- Issue with Thread Termination in gNMI Client Subscription HOT 2
- Proper certificate usage with pygnmi HOT 3
- gNMI Master Arbitration Extension HOT 2
- pygnmi/pygnmic no longer working with Cisco IOS-XR 7.10.2 unified-model HOT 4
- PYGNMI commit replace is not replacing the running config . HOT 6
- Didn't find any infrastructure support to do master arbitration for performing Set operation HOT 1
- Support for "origin" field
- Create a new release HOT 1
- Support for tls-min-version and tls-max-version
- Help needed with forming the set path HOT 2
- gRPC error message during subscription HOT 2
- telemetryParser raises an exception, if leaflist_val.element is a TypedValue HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pygnmi.