Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[sub_port] [backend] Update acl template based on the test ports #6556

Merged
merged 1 commit into from
Oct 18, 2022
Merged

[sub_port] [backend] Update acl template based on the test ports #6556

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 32 additions & 3 deletions tests/sub_port_interfaces/conftest.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,8 @@
from sub_ports_helpers import add_static_route_to_dut
from sub_ports_helpers import remove_static_route_from_dut
from sub_ports_helpers import update_dut_arp_table
from sub_ports_helpers import apply_acl_rules
from sub_ports_helpers import bind_acl_table


def pytest_addoption(parser):
Expand All @@ -58,6 +60,24 @@ def port_type(request):
"""Port type to test, could be either port or port-channel."""
return request.param

@pytest.fixture
def acl_rule_cleanup(duthost, tbinfo):
"""Cleanup all the existing DATAACL rules"""
if "t0-backend" in tbinfo["topo"]["name"]:
duthost.shell('acl-loader delete')

yield

@pytest.fixture
def modify_acl_table(duthost, tbinfo, port_type, acl_rule_cleanup):
""" Remove the DATAACL table prior to the test and recreate it at the end"""
if "t0-backend" in tbinfo["topo"]["name"] and 'lag' in port_type:
duthost.command('config acl remove table DATAACL')

yield

if "t0-backend" in tbinfo["topo"]["name"] and 'lag' in port_type:
bind_acl_table(duthost)

@pytest.fixture
def define_sub_ports_configuration(request, duthost, ptfhost, ptfadapter, port_type, tbinfo):
Expand Down Expand Up @@ -141,7 +161,7 @@ def define_sub_ports_configuration(request, duthost, ptfhost, ptfadapter, port_t


@pytest.fixture
def apply_config_on_the_dut(define_sub_ports_configuration, duthost, reload_dut_config):
def apply_config_on_the_dut(define_sub_ports_configuration, duthost, reload_dut_config, modify_acl_table):
"""
Apply Sub-ports configuration on the DUT and remove after tests

Expand Down Expand Up @@ -192,7 +212,7 @@ def apply_config_on_the_ptf(define_sub_ports_configuration, ptfhost, reload_ptf_


@pytest.fixture(params=['same', 'different'])
def apply_route_config(request, ptfhost, define_sub_ports_configuration, apply_config_on_the_dut, apply_config_on_the_ptf):
def apply_route_config(request, tbinfo, duthost, ptfhost, port_type, define_sub_ports_configuration, apply_config_on_the_dut, apply_config_on_the_ptf):
"""
Apply route configuration on the PTF and remove after tests

Expand Down Expand Up @@ -241,6 +261,10 @@ def apply_route_config(request, ptfhost, define_sub_ports_configuration, apply_c

new_sub_ports[src_port].append((next_hop_sub_port, name_of_namespace))

if "t0-backend" in tbinfo["topo"]["name"] and 'lag' not in port_type:
parent_port_list = list(set([sub_port.split('.')[0] for sub_port in sub_ports_keys]))
apply_acl_rules(duthost, tbinfo, parent_port_list)

yield {
'new_sub_ports': new_sub_ports,
'sub_ports': sub_ports
Expand All @@ -261,7 +285,7 @@ def apply_route_config(request, ptfhost, define_sub_ports_configuration, apply_c


@pytest.fixture(params=['svi', 'l3'])
def apply_route_config_for_port(request, duthost, ptfhost, define_sub_ports_configuration, apply_config_on_the_dut, apply_config_on_the_ptf):
def apply_route_config_for_port(request, tbinfo, duthost, ptfhost, port_type, define_sub_ports_configuration, apply_config_on_the_dut, apply_config_on_the_ptf):
"""
Apply route configuration on the PTF and remove after tests

Expand Down Expand Up @@ -348,6 +372,11 @@ def apply_route_config_for_port(request, duthost, ptfhost, define_sub_ports_conf

port_map[ptf_port]['dst_ports'].append((next_hop_sub_port, name_of_namespace))

if "t0-backend" in tbinfo["topo"]["name"] and 'lag' not in port_type:
parent_port_list = list(set([sub_port.split('.')[0] for sub_port in sub_ports_keys]))
intf_list = parent_port_list + dut_ports.values()
apply_acl_rules(duthost, tbinfo, intf_list)

yield {
'port_map': port_map,
'sub_ports': sub_ports
Expand Down
20 changes: 20 additions & 0 deletions tests/sub_port_interfaces/sub_ports_helpers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
SUB_PORTS_TEMPLATE = 'sub_port_config.j2'
TUNNEL_TEMPLATE = 'tunnel_config.j2'
PTF_NN_AGENT_TEMPLATE = 'ptf_nn_agent.conf.ptf.j2'
ACL_TEMPLATE = 'backend_acl_update_config.j2'
ACTION_FWD = 'fwd'
ACTION_DROP = 'drop'
TCP_PORT = 80
Expand Down Expand Up @@ -1004,3 +1005,22 @@ def check_balancing(port_hit_cnt):
return True

return False

def apply_acl_rules(duthost, tbinfo, intf_list):
if "t0-backend" not in tbinfo["topo"]["name"]:
return

dst_acl_template = os.path.join(DUT_TMP_DIR, ACL_TEMPLATE)
dst_acl_file = os.path.join(DUT_TMP_DIR, 'backend_new_acl.json')
duthost.copy(src=os.path.join(TEMPLATE_DIR, ACL_TEMPLATE), dest=dst_acl_template)
intfs = ",".join(intf_list)
confvar = '{{"intf_list" : "{}"}}'.format(intfs)
duthost.shell("sonic-cfggen -a '{}' -d -t {} > {}".format(confvar, dst_acl_template, dst_acl_file))
tmp = duthost.stat(path=dst_acl_file)
if tmp['stat']['exists']:
duthost.command("acl-loader update incremental {}".format(dst_acl_file))


def bind_acl_table(duthost):
vlan_intfs = duthost.get_vlan_intfs()
duthost.command("config acl add table DATAACL L3 -p {}".format(",".join(vlan_intfs)))
69 changes: 69 additions & 0 deletions tests/sub_port_interfaces/templates/backend_acl_update_config.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
{%- set vlan2ports = {} %}
{%- for vlan in VLAN %}
{% set portlist = [] %}
{%- for vlan_name, port in VLAN_MEMBER %}
{%- if vlan_name == vlan %}
{%- if portlist.append(port) %}{%- endif %}
{%- endif %}
{%- endfor %}
{%- set _ = vlan2ports.update({vlan: portlist| sort | join(',')}) %}
{%- endfor %}


{
"acl": {
"acl-sets": {
"acl-set": {
"DATAACL": {
"acl-entries": {
"acl-entry": {
{% for vlan, vlan_entries in VLAN.items() %}
"{{ loop.index }}": {
"config": {
"sequence-id": {{ loop.index }}
},
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"l2": {
"config": {
"vlan_id": "{{ vlan_entries['vlanid'] }}"
}
},
"input_interface": {
"interface_ref": {
"config": {
"interface": "{{ vlan2ports[vlan] }}"
}
}
}

},
{% endfor -%}
"999": {
"config": {
"sequence-id": 999
},
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"input_interface": {
"interface_ref": {
"config": {
"interface": "{{ intf_list }}"
}
}
}
}

}
}
}
}
}
}
}