From 0a08d147afcd94ea835d23e7af59f493984d6f5c Mon Sep 17 00:00:00 2001 From: Neetha John Date: Tue, 18 Oct 2022 09:57:09 -0700 Subject: [PATCH] [sub_port] [backend] Update acl template based on the test ports (#6556) Signed-off-by: Neetha John What is the motivation for this PR? For storage backend, new backend acl was added (sonic-net/sonic-utilities#2236). This caused regression for sub port testcases running on 't0-backend' topology. Modified the testcase to update the acl template based on the selected test ports How did you verify/test it? Ran the sub port testcases with the change and they passed --- tests/sub_port_interfaces/conftest.py | 35 +++++++++- .../sub_port_interfaces/sub_ports_helpers.py | 21 ++++++ .../templates/backend_acl_update_config.j2 | 69 +++++++++++++++++++ 3 files changed, 122 insertions(+), 3 deletions(-) create mode 100644 tests/sub_port_interfaces/templates/backend_acl_update_config.j2 diff --git a/tests/sub_port_interfaces/conftest.py b/tests/sub_port_interfaces/conftest.py index 8ee4329c354..86fab17a8a2 100644 --- a/tests/sub_port_interfaces/conftest.py +++ b/tests/sub_port_interfaces/conftest.py @@ -39,6 +39,8 @@ from sub_ports_helpers import add_static_route_to_dut from sub_ports_helpers import remove_static_route_from_dut from sub_ports_helpers import update_dut_arp_table +from sub_ports_helpers import apply_acl_rules +from sub_ports_helpers import bind_acl_table def pytest_addoption(parser): @@ -58,6 +60,24 @@ def port_type(request): """Port type to test, could be either port or port-channel.""" return request.param +@pytest.fixture +def acl_rule_cleanup(duthost, tbinfo): + """Cleanup all the existing DATAACL rules""" + if "t0-backend" in tbinfo["topo"]["name"]: + duthost.shell('acl-loader delete') + + yield + +@pytest.fixture +def modify_acl_table(duthost, tbinfo, port_type, acl_rule_cleanup): + """ Remove the DATAACL table prior to the test and recreate it at the end""" + if "t0-backend" in tbinfo["topo"]["name"] and 'lag' in port_type: + duthost.command('config acl remove table DATAACL') + + yield + + if "t0-backend" in tbinfo["topo"]["name"] and 'lag' in port_type: + bind_acl_table(duthost) @pytest.fixture def define_sub_ports_configuration(request, duthost, ptfhost, ptfadapter, port_type, tbinfo): @@ -141,7 +161,7 @@ def define_sub_ports_configuration(request, duthost, ptfhost, ptfadapter, port_t @pytest.fixture -def apply_config_on_the_dut(define_sub_ports_configuration, duthost, reload_dut_config): +def apply_config_on_the_dut(define_sub_ports_configuration, duthost, reload_dut_config, modify_acl_table): """ Apply Sub-ports configuration on the DUT and remove after tests @@ -192,7 +212,7 @@ def apply_config_on_the_ptf(define_sub_ports_configuration, ptfhost, reload_ptf_ @pytest.fixture(params=['same', 'different']) -def apply_route_config(request, ptfhost, define_sub_ports_configuration, apply_config_on_the_dut, apply_config_on_the_ptf): +def apply_route_config(request, tbinfo, duthost, ptfhost, port_type, define_sub_ports_configuration, apply_config_on_the_dut, apply_config_on_the_ptf): """ Apply route configuration on the PTF and remove after tests @@ -241,6 +261,10 @@ def apply_route_config(request, ptfhost, define_sub_ports_configuration, apply_c new_sub_ports[src_port].append((next_hop_sub_port, name_of_namespace)) + if "t0-backend" in tbinfo["topo"]["name"] and 'lag' not in port_type: + parent_port_list = list(set([sub_port.split('.')[0] for sub_port in sub_ports_keys])) + apply_acl_rules(duthost, tbinfo, parent_port_list) + yield { 'new_sub_ports': new_sub_ports, 'sub_ports': sub_ports @@ -261,7 +285,7 @@ def apply_route_config(request, ptfhost, define_sub_ports_configuration, apply_c @pytest.fixture(params=['svi', 'l3']) -def apply_route_config_for_port(request, duthost, ptfhost, define_sub_ports_configuration, apply_config_on_the_dut, apply_config_on_the_ptf): +def apply_route_config_for_port(request, tbinfo, duthost, ptfhost, port_type, define_sub_ports_configuration, apply_config_on_the_dut, apply_config_on_the_ptf): """ Apply route configuration on the PTF and remove after tests @@ -348,6 +372,11 @@ def apply_route_config_for_port(request, duthost, ptfhost, define_sub_ports_conf port_map[ptf_port]['dst_ports'].append((next_hop_sub_port, name_of_namespace)) + if "t0-backend" in tbinfo["topo"]["name"] and 'lag' not in port_type: + parent_port_list = list(set([sub_port.split('.')[0] for sub_port in sub_ports_keys])) + intf_list = parent_port_list + dut_ports.values() + apply_acl_rules(duthost, tbinfo, intf_list) + yield { 'port_map': port_map, 'sub_ports': sub_ports diff --git a/tests/sub_port_interfaces/sub_ports_helpers.py b/tests/sub_port_interfaces/sub_ports_helpers.py index d9135f6c07b..fc63798d7f4 100644 --- a/tests/sub_port_interfaces/sub_ports_helpers.py +++ b/tests/sub_port_interfaces/sub_ports_helpers.py @@ -24,6 +24,7 @@ SUB_PORTS_TEMPLATE = 'sub_port_config.j2' TUNNEL_TEMPLATE = 'tunnel_config.j2' PTF_NN_AGENT_TEMPLATE = 'ptf_nn_agent.conf.ptf.j2' +ACL_TEMPLATE = 'backend_acl_update_config.j2' ACTION_FWD = 'fwd' ACTION_DROP = 'drop' TCP_PORT = 80 @@ -1039,3 +1040,23 @@ def restart_ptf_nn_agent(ptfhost): ptfhost.command('supervisorctl reread') ptfhost.command('supervisorctl update') ptfhost.command('supervisorctl restart ptf_nn_agent') + + +def apply_acl_rules(duthost, tbinfo, intf_list): + if "t0-backend" not in tbinfo["topo"]["name"]: + return + + dst_acl_template = os.path.join(DUT_TMP_DIR, ACL_TEMPLATE) + dst_acl_file = os.path.join(DUT_TMP_DIR, 'backend_new_acl.json') + duthost.copy(src=os.path.join(TEMPLATE_DIR, ACL_TEMPLATE), dest=dst_acl_template) + intfs = ",".join(intf_list) + confvar = '{{"intf_list" : "{}"}}'.format(intfs) + duthost.shell("sonic-cfggen -a '{}' -d -t {} > {}".format(confvar, dst_acl_template, dst_acl_file)) + tmp = duthost.stat(path=dst_acl_file) + if tmp['stat']['exists']: + duthost.command("acl-loader update incremental {}".format(dst_acl_file)) + + +def bind_acl_table(duthost): + vlan_intfs = duthost.get_vlan_intfs() + duthost.command("config acl add table DATAACL L3 -p {}".format(",".join(vlan_intfs))) diff --git a/tests/sub_port_interfaces/templates/backend_acl_update_config.j2 b/tests/sub_port_interfaces/templates/backend_acl_update_config.j2 new file mode 100644 index 00000000000..b641f38ea15 --- /dev/null +++ b/tests/sub_port_interfaces/templates/backend_acl_update_config.j2 @@ -0,0 +1,69 @@ +{%- set vlan2ports = {} %} +{%- for vlan in VLAN %} + {% set portlist = [] %} + {%- for vlan_name, port in VLAN_MEMBER %} + {%- if vlan_name == vlan %} + {%- if portlist.append(port) %}{%- endif %} + {%- endif %} + {%- endfor %} + {%- set _ = vlan2ports.update({vlan: portlist| sort | join(',')}) %} +{%- endfor %} + + +{ + "acl": { + "acl-sets": { + "acl-set": { + "DATAACL": { + "acl-entries": { + "acl-entry": { + {% for vlan, vlan_entries in VLAN.items() %} + "{{ loop.index }}": { + "config": { + "sequence-id": {{ loop.index }} + }, + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "l2": { + "config": { + "vlan_id": "{{ vlan_entries['vlanid'] }}" + } + }, + "input_interface": { + "interface_ref": { + "config": { + "interface": "{{ vlan2ports[vlan] }}" + } + } + } + + }, + {% endfor -%} + "999": { + "config": { + "sequence-id": 999 + }, + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "input_interface": { + "interface_ref": { + "config": { + "interface": "{{ intf_list }}" + } + } + } + } + + } + } + } + } + } + } +}