Deviation for Transport Security flag

[shpaulch]

Summary

This change introduces a Cisco-specific deviation for gRPC transport security handling.

Problem

Cisco platforms do not support setting gRPC transport security to false.

Why This Change Is Needed

Without a platform-aware override, generated gNMI server configuration can request an unsupported value and cause test failures.

What Changed

• Added a new metadata deviation: grpc_transport_security_false_unsupported.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a compatibility issue with Cisco platforms regarding gRPC transport security settings. By introducing a new deviation flag, the system can now correctly identify and bypass unsupported configurations, preventing test failures. Additionally, the PR includes minor improvements to test logging and diagnostic capabilities for container connectivity.

Highlights

• New Deviation Added: Introduced a new metadata deviation grpc_transport_security_false_unsupported to handle Cisco platforms that do not support disabling gRPC transport security.
• Configuration Logic Update: Updated CreateGNMIServer to conditionally set TransportSecurity to true when the new deviation is enabled.
• Test Improvements: Enhanced cntr_test.go with better logging and container state inspection during ping retries to improve debugging of connectivity issues.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[OpenConfigBot]

Pull Request Functional Test Report for #5490 / 0d00ac5

Virtual Devices

Device	Test	Test Documentation	Job	Raw Log
Arista cEOS		gNMI-1.6: System gRPC Servers running in more than one network-instance
Cisco 8000E		gNMI-1.6: System gRPC Servers running in more than one network-instance
Cisco XRd		gNMI-1.6: System gRPC Servers running in more than one network-instance
Juniper ncPTX		gNMI-1.6: System gRPC Servers running in more than one network-instance
Nokia SR Linux		gNMI-1.6: System gRPC Servers running in more than one network-instance
Openconfig Lemming		gNMI-1.6: System gRPC Servers running in more than one network-instance

Hardware Devices

Device	Test	Test Documentation	Raw Log
Arista 7808		gNMI-1.6: System gRPC Servers running in more than one network-instance
Cisco 8808		gNMI-1.6: System gRPC Servers running in more than one network-instance
Juniper PTX10008		gNMI-1.6: System gRPC Servers running in more than one network-instance
Nokia 7250 IXR-10e		gNMI-1.6: System gRPC Servers running in more than one network-instance

Help

[gemini-code-assist]

Code Review

This pull request implements a new deviation, grpc_transport_security_false_unsupported, which is used in the CreateGNMIServer configuration plugin to ensure transport security is enabled on unsupported devices. The changes include updates to the metadata proto, generated Go code, and the deviation accessor. Furthermore, the container connectivity test was updated to include more detailed logging and container state inspection during dial retries. A review comment identifies that the new deviation accessor lacks a required issue tracker link, violating the repository's style guide.

[gemini-code-assist]

The deviation accessor function is missing a reference to an issue tracker. According to the repository style guide, all deviation accessors must include a URL link to an issue tracker (e.g., https://issuetracker.google.com/xxxxx) that tracks the eventual removal of the deviation.

References

1. Add a comment to the accessor function containing a URL link to an issue tracker which tracks removal of the deviation. The format should be https://issuetracker.google.com/xxxxx. ^(link)