Yyamout/public bootz server updates

[youssefyamoutyy]

This PR adds the public Bootz server support needed for the first featureprofiles Bootz FNT case.

feature profile PR: openconfig/featureprofiles#5016

Included in here:

• IP SAN support for generated test certificates
• support for disabling BootstrapStream so tests can use the unary flow
• CertZ profile plumbing in bootstrap data
• PathZ and CredZ propagation in bootstrap data

This is intended to support the initial public featureprofiles Bootz test flow and close some gaps between the current public server behaviour and the test environment.

A couple of notes:

• the first public featureprofiles test is still the minimum-config flow
• PathZ and CredZ are not exercised by that first test yet, even though this branch includes the server-side plumbing for them
• the current featureprofiles side still works around the server’s AuthZ inventory requirement for that minimum-config case

So this PR gets the public server into the right shape for the first test. More tests will follow up validation, and we will have medications here as needed!

Adding for reference: openconfig/featureprofiles#5016

[gemini-code-assist]

Code Review

This pull request implements support for GNSI configurations, including Pathz, Credentials, and CertzProfiles, within the Bootz server and entity manager. It adds logic to populate these configurations from files or direct proto messages and updates the bootstrap data response to include them. Additionally, a new DisableBootstrapStream option is introduced to deprecate the streaming RPC, and certificate generation is updated to support IP SANs. Review feedback identifies that the new population methods for Pathz and Credentials lack fallbacks to global configurations, which is inconsistent with existing implementations.

[gemini-code-assist]

The populatePathzConfig function is missing a fallback to the global Pathz configuration if the chassis-specific configuration file is not provided. This is inconsistent with how populateAuthzConfig is implemented and will prevent global Pathz policies from being applied.

gnsiPathzReqFile := gnsiConf.GetPathzUploadFile()
	if gnsiPathzReqFile == "" && m.defaults != nil && m.defaults.GnsiGlobalConfig != nil {
		gnsiPathzReqFile = m.defaults.GnsiGlobalConfig.GetPathzUploadFile()
	}
	if gnsiPathzReq.GetVersion() != "" && gnsiPathzReq.GetPolicy() != nil {
		return gnsiPathzReq, nil
	}
	if gnsiPathzReqFile == "" {

[gemini-code-assist]

Similar to populatePathzConfig, populateCredentialsConfig should also fallback to the global credentials configuration if the chassis-specific file is missing.

gnsiCredzReqFile := gnsiConf.GetCredentialsFile()
	if gnsiCredzReqFile == "" && m.defaults != nil && m.defaults.GnsiGlobalConfig != nil {
		gnsiCredzReqFile = m.defaults.GnsiGlobalConfig.GetCredentialsFile()
	}
	if len(gnsiCredzReq.GetCredentials()) > 0 || len(gnsiCredzReq.GetUsers()) > 0 || len(gnsiCredzReq.GetPasswords()) > 0 {
		return gnsiCredzReq, nil
	}
	if gnsiCredzReqFile == "" {

[Chounoki]

Please wait for the review from @gmacf

[Chounoki]

Could you sync your branch to the latest of main branch?
You change was done on a stale version.

[Chounoki]

We don't need to disable Streaming Bootz on the global sever level.
This is already implemented on a per chassis level.

bootz/server/service/service.go

Line 693 in 02faee8

if !chassis.StreamingSupported {

bootz/server/service/service.go

Line 919 in 02faee8

if !session.chassis.StreamingSupported {

[Chounoki]

We are going to rewrite the entire EntityManager soon to utlize the "ChassisManager" interface.

bootz/server/service/service.go

Line 82 in 02faee8

type ChassisManager interface {

It probably doesn't affect your PR, only as a heads-up.

[gmacf]

Please address merge conflicts and Michael's comments, otherwise LGTM.