confd: ensure admin users have full access to vtysh

[troglobit]

Description

Future Infix defconfigs for smaller system may exclude Frr and set all routes directly in the kernel. So failing to add a user to the frrvty group should not cause an error, hence the new group_exists() function.

Note, the new *_groups() functions could also be used for guest and operator level users. We've talked opening up guest access to sysrepo, relying fully on NACM, in which case we could create a new group sysrepo for /dev/shm/* files.

Checklist

Tick relevant boxes, this PR is-a or has-a:

• Bugfix
  • Regression tests
  • ChangeLog updates (for next release)
• Feature
  • YANG model change => revision updated?
  • Regression tests added?
  • ChangeLog updates (for next release)
  • Documentation added?
• Test changes
  • Checked in changed Readme.adoc (make test-spec)
  • Added new test to group Readme.adoc and yaml file
• Code style update (formatting, renaming)
• Refactoring (please detail in commit messages)
• Build related changes
• Documentation content changes
  • ChangeLog updated (for major changes)
• Other (please describe): convenience

[wkz]

Thanks for fixing this! 🥇

[wkz]

Suggested change

	"frrvty",
	#ifdef HAVE_FRR
	"frrvty",
	#endif

As this list grows, having this type of structure might make it easier to keep track of which deps pull in which groups. It would also avoid the need for group_exists(). Just a thought.

Now that I think about it: Is there a podman group that we should add for builds with container support?

[troglobit]

Good point. I'll add that to my commit 😀👍

Not that I've seen, but I'll have a look again at podman. I'm still at it with the other related issues anyway.

[troglobit]

Dropped the group-exists check, added a comment about future optional support for FRR.

I've also looked into if podman has/requires any group -- answer is none.

So, provided this latest build passes, this feature is complete.

[mattiaswal]

Great 👌