CLI execution failed when enable authentication mode on REST server

[thaispkt]

Description

Steps to reproduce the issue:

1. Enable basic authentication mode in REST server by adding option dockers/docker-sonic-mgmt-framework/rest-server.sh
   Change
   from:
   REST_SERVER_ARGS="-ui /rest_ui -logtostderr"
   to
   REST_SERVER_ARGS="-ui /rest_ui -logtostderr -client_auth user"
2. Restart REST server
3. Configure VLAN
   admin@sonic:~$ sonic-cli
   sonic# configure terminal
   sonic(config)# vlan 4
   sonic(config-vlan-4)# admin-state enable
   Exception when calling ->put_ale_vlan_ale_vlan_vlan_vlan_list_admin_status : (401)
   Reason: Unauthorized
   HTTP response headers: HTTPHeaderDict({'Access-Control-Allow-Credentials': 'true', 'Access-Control-Allow-Headers': 'Accept, Content-Type, Content-Length, Accept-Encod)
   HTTP response body: {"ietf-restconf:errors":{"error":[{"error-type":"protocol","error-tag":"access-denied"}]}}

Describe the results you received:

admin@sonic:~$ sonic-cli
sonic# configure terminal
sonic(config)# vlan 4
sonic(config-vlan-4)# admin-state enable
Exception when calling ->put_ale_vlan_ale_vlan_vlan_vlan_list_admin_status : (401)
Reason: Unauthorized
HTTP response headers: HTTPHeaderDict({'Access-Control-Allow-Credentials': 'true', 'Access-Control-Allow-Headers': 'Accept, Content-Type, Content-Length, Accept-Encod)
HTTP response body: {"ietf-restconf:errors":{"error":[{"error-type":"protocol","error-tag":"access-denied"}]}}

Describe the results you expected:

admin@sonic:~$ sonic-cli
sonic# configure terminal
sonic(config)# vlan 4
sonic(config-vlan-4)# admin-state enable
sonic(config-vlan-4)#

**Output of `show version`:**

```

admin@sonic:~$ show version
SONiC Software Version: SONiC.master.376100-0299ab8de
SONiC OS Version: 11
Distribution: Debian 11.7
Kernel: 5.10.0-23-2-amd64
Build commit: 0299ab8de
Build date: Sun Oct 1 11:58:10 UTC 2023
Built by: AzDevOps@vmss-soni0024LO

Platform: x86_64-kvm_x86_64-r0
HwSKU: Force10-S6000
ASIC: vs
ASIC Count: 1
Serial Number: N/A
Model Number: N/A
Hardware Revision: N/A
Uptime: 07:38:35 up 0 min, 1 user, load average: 1.93, 0.48, 0.16
Date: Mon 02 Oct 2023 07:38:35
```

**Attach debug file `sudo generate_dump`:**

```
(paste your output here)
```

[yxieca]

This is an image issue. Question to be answered:

Is authentication mode part of the HLD/feature for sonic-mgmt-framework?

[thaispkt]

Hi @yxieca
Yes, this authentication mode is the part of the HLD/feature for sonic-mgmt-framework.
Please refer:
https://github.com/sonic-net/SONiC/blob/master/doc/mgmt/Management%20Framework.md#322412-authentication

A new table "REST_SERVER" is introduced in ConfigDB for maintaining REST server configurations.
key = REST_SERVER|default ; REST server configurations.
;field = value
port = 15DIGIT ; server port - defaults to 443
client_auth = "none" / "password" / "jwt" / "cert"
; Client authentication mode.
; none: No authentication, all clients
; are allowed. Should be used only
; for debugging.
; password: HTTP Basic authentication.
; jwt : HTTP Bearer Token authentication with
; JSON Web Token format.
; cert: Certificate based authentication.
; Requires ca_crt configuration.
; Any combination of "password", "jwt" and "cert" modes can be
; enabled by specifying a comma separated values.
; Eg: "password,jwt" enables both password and jwt modes.
log_level = DIGIT ; Verbosity for glog.V logs
server_crt = 1VCHAR ; Path to TLS certificate file
server_key = 1VCHAR ; Path to TLS private key file
ca_crt = 1VCHAR ; Path to the CA certificate to be used for
; client certificate validation.

[anand-kumar-subramanian]

Duplicate of #185