[sub_port] [backend] Update acl template based on the test ports (#6556)

Signed-off-by: Neetha John <[email protected]> What is the motivation for this PR? For storage backend, new backend acl was added (sonic-net/sonic-utilities#2236). This caused regression for sub port testcases running on 't0-backend' topology. Modified the testcase to update the acl template based on the selected test ports How did you verify/test it? Ran the sub port testcases with the change and they passed
sonic-net · Oct 21, 2022 · 0a08d14 · 0a08d14
1 parent edb029d
commit 0a08d14
Show file tree

Hide file tree

Showing 3 changed files with 122 additions and 3 deletions.
diff --git a/tests/sub_port_interfaces/conftest.py b/tests/sub_port_interfaces/conftest.py
@@ -39,6 +39,8 @@
 from sub_ports_helpers import add_static_route_to_dut
 from sub_ports_helpers import remove_static_route_from_dut
 from sub_ports_helpers import update_dut_arp_table
+from sub_ports_helpers import apply_acl_rules
+from sub_ports_helpers import bind_acl_table
 
 
 def pytest_addoption(parser):
@@ -58,6 +60,24 @@ def port_type(request):
     """Port type to test, could be either port or port-channel."""
     return request.param
 
+@pytest.fixture
+def acl_rule_cleanup(duthost, tbinfo):
+    """Cleanup all the existing DATAACL rules"""
+    if "t0-backend" in tbinfo["topo"]["name"]:
+        duthost.shell('acl-loader delete')
+
+    yield
+
+@pytest.fixture
+def modify_acl_table(duthost, tbinfo, port_type, acl_rule_cleanup):
+   """ Remove the DATAACL table prior to the test and recreate it at the end"""
+   if "t0-backend" in tbinfo["topo"]["name"] and 'lag' in port_type:
+       duthost.command('config acl remove table DATAACL')
+
+   yield
+
+   if "t0-backend" in tbinfo["topo"]["name"] and 'lag' in port_type:
+       bind_acl_table(duthost)
 
 @pytest.fixture
 def define_sub_ports_configuration(request, duthost, ptfhost, ptfadapter, port_type, tbinfo):
@@ -141,7 +161,7 @@ def define_sub_ports_configuration(request, duthost, ptfhost, ptfadapter, port_t
 
 
 @pytest.fixture
-def apply_config_on_the_dut(define_sub_ports_configuration, duthost, reload_dut_config):
+def apply_config_on_the_dut(define_sub_ports_configuration, duthost, reload_dut_config, modify_acl_table):
     """
     Apply Sub-ports configuration on the DUT and remove after tests
 
@@ -192,7 +212,7 @@ def apply_config_on_the_ptf(define_sub_ports_configuration, ptfhost, reload_ptf_
 
 
 @pytest.fixture(params=['same', 'different'])
-def apply_route_config(request, ptfhost, define_sub_ports_configuration, apply_config_on_the_dut, apply_config_on_the_ptf):
+def apply_route_config(request, tbinfo, duthost, ptfhost, port_type, define_sub_ports_configuration, apply_config_on_the_dut, apply_config_on_the_ptf):
     """
     Apply route configuration on the PTF and remove after tests
 
@@ -241,6 +261,10 @@ def apply_route_config(request, ptfhost, define_sub_ports_configuration, apply_c
 
             new_sub_ports[src_port].append((next_hop_sub_port, name_of_namespace))
 
+    if "t0-backend" in tbinfo["topo"]["name"] and 'lag' not in port_type:
+        parent_port_list = list(set([sub_port.split('.')[0] for sub_port in sub_ports_keys]))
+        apply_acl_rules(duthost, tbinfo, parent_port_list)
+
     yield {
         'new_sub_ports': new_sub_ports,
         'sub_ports': sub_ports
@@ -261,7 +285,7 @@ def apply_route_config(request, ptfhost, define_sub_ports_configuration, apply_c
 
 
 @pytest.fixture(params=['svi', 'l3'])
-def apply_route_config_for_port(request, duthost, ptfhost, define_sub_ports_configuration, apply_config_on_the_dut, apply_config_on_the_ptf):
+def apply_route_config_for_port(request, tbinfo, duthost, ptfhost, port_type, define_sub_ports_configuration, apply_config_on_the_dut, apply_config_on_the_ptf):
     """
     Apply route configuration on the PTF and remove after tests
 
@@ -348,6 +372,11 @@ def apply_route_config_for_port(request, duthost, ptfhost, define_sub_ports_conf
 
             port_map[ptf_port]['dst_ports'].append((next_hop_sub_port, name_of_namespace))
 
+    if "t0-backend" in tbinfo["topo"]["name"] and 'lag' not in port_type:
+        parent_port_list = list(set([sub_port.split('.')[0] for sub_port in sub_ports_keys]))
+        intf_list = parent_port_list + dut_ports.values()
+        apply_acl_rules(duthost, tbinfo, intf_list)
+
     yield {
         'port_map': port_map,
         'sub_ports': sub_ports

diff --git a/tests/sub_port_interfaces/sub_ports_helpers.py b/tests/sub_port_interfaces/sub_ports_helpers.py
@@ -24,6 +24,7 @@
 SUB_PORTS_TEMPLATE = 'sub_port_config.j2'
 TUNNEL_TEMPLATE = 'tunnel_config.j2'
 PTF_NN_AGENT_TEMPLATE = 'ptf_nn_agent.conf.ptf.j2'
+ACL_TEMPLATE = 'backend_acl_update_config.j2'
 ACTION_FWD = 'fwd'
 ACTION_DROP = 'drop'
 TCP_PORT = 80
@@ -1039,3 +1040,23 @@ def restart_ptf_nn_agent(ptfhost):
     ptfhost.command('supervisorctl reread')
     ptfhost.command('supervisorctl update')
     ptfhost.command('supervisorctl restart ptf_nn_agent')
+
+
+def apply_acl_rules(duthost, tbinfo, intf_list):
+    if "t0-backend" not in tbinfo["topo"]["name"]:
+        return
+
+    dst_acl_template = os.path.join(DUT_TMP_DIR, ACL_TEMPLATE)
+    dst_acl_file = os.path.join(DUT_TMP_DIR, 'backend_new_acl.json')
+    duthost.copy(src=os.path.join(TEMPLATE_DIR, ACL_TEMPLATE), dest=dst_acl_template)
+    intfs = ",".join(intf_list)
+    confvar = '{{"intf_list" : "{}"}}'.format(intfs)
+    duthost.shell("sonic-cfggen -a '{}' -d -t {} > {}".format(confvar, dst_acl_template, dst_acl_file))
+    tmp = duthost.stat(path=dst_acl_file)
+    if tmp['stat']['exists']:
+        duthost.command("acl-loader update incremental {}".format(dst_acl_file))
+
+
+def bind_acl_table(duthost):
+    vlan_intfs = duthost.get_vlan_intfs()
+    duthost.command("config acl add table DATAACL L3 -p {}".format(",".join(vlan_intfs)))
diff --git a/tests/sub_port_interfaces/templates/backend_acl_update_config.j2 b/tests/sub_port_interfaces/templates/backend_acl_update_config.j2
@@ -0,0 +1,69 @@
+{%- set vlan2ports = {} %}
+{%- for vlan in VLAN %}
+    {% set portlist = [] %}
+    {%- for vlan_name, port in VLAN_MEMBER %}
+        {%- if vlan_name == vlan %}
+            {%- if portlist.append(port) %}{%- endif %}
+        {%- endif %}
+    {%- endfor %}
+    {%- set _ = vlan2ports.update({vlan: portlist| sort | join(',')}) %}
+{%- endfor %}
+
+
+{
+        "acl": {
+                "acl-sets": {
+                        "acl-set": {
+                                "DATAACL": {
+                                        "acl-entries": {
+                                                "acl-entry": {
+                                                 {% for vlan, vlan_entries in VLAN.items() %}
+    "{{ loop.index }}": {
+                                                             "config": {
+                                                                     "sequence-id": {{ loop.index }}
+                                                             },
+                                                             "actions": {
+                                                                     "config": {
+                                                                             "forwarding-action": "ACCEPT"
+                                                                     }
+                                                             },
+                                                             "l2": {
+                                                                     "config": {
+                                                                             "vlan_id": "{{ vlan_entries['vlanid'] }}"
+                                                                     }
+                                                             },
+                                                             "input_interface": {
+                                                                     "interface_ref": {
+                                                                             "config": {
+                                                                                     "interface": "{{ vlan2ports[vlan] }}"
+                                                                             }
+                                                                      }
+                                                             }
+
+                                                     },
+                                                 {% endfor -%}
+   "999": {
+                                                             "config": {
+                                                                     "sequence-id": 999
+                                                             },
+                                                             "actions": {
+                                                                     "config": {
+                                                                             "forwarding-action": "ACCEPT"
+                                                                     }
+                                                             },
+                                                             "input_interface": {
+                                                                     "interface_ref": {
+                                                                             "config": {
+                                                                                     "interface": "{{ intf_list }}"
+                                                                             }
+                                                                      }
+                                                             }
+              }
+
+                                                }
+                                        }
+                                }
+                        }
+                }
+        }
+}