diff --git a/tests/generic_config_updater/test_cacl.py b/tests/generic_config_updater/test_cacl.py index 0587b565921..40c6662f2a4 100644 --- a/tests/generic_config_updater/test_cacl.py +++ b/tests/generic_config_updater/test_cacl.py @@ -21,24 +21,25 @@ # SSH_ONLY CTRLPLANE SSH SSH_ONLY ingress pytestmark = [ - pytest.mark.topology('t0', 'm0', 'mx', 'm1', 'm2', 'm3', 't1'), + pytest.mark.topology('t0', 'm0', 'mx', 'm1', 'm2', 'm3', 't1', 't2'), ] logger = logging.getLogger(__name__) -def get_cacl_tables(duthost): - """Get acl control palne tables +def get_cacl_tables(duthost, ip_netns_namespace_prefix): + """Get acl control plane tables """ - cmds = "show acl table | grep -w CTRLPLANE | awk '{print $1}'" + cmds = "{} show acl table | grep -w CTRLPLANE | awk '{{print $1}}'".format(ip_netns_namespace_prefix) + output = duthost.shell(cmds) pytest_assert(not output['rc'], "'{}' failed with rc={}".format(cmds, output['rc'])) cacl_tables = output['stdout'].splitlines() return cacl_tables -def get_iptable_rules(duthost): - cmds = "iptables -S" +def get_iptable_rules(duthost, ip_netns_namespace_prefix): + cmds = "{} iptables -S".format(ip_netns_namespace_prefix) output = duthost.shell(cmds) pytest_assert(not output['rc'], "'{}' failed with rc={}".format(cmds, output['rc'])) rules_chain = output['stdout'].splitlines() @@ -46,8 +47,8 @@ def get_iptable_rules(duthost): @pytest.fixture(scope="module", autouse=True) -def restore_test_env(duthosts, rand_one_dut_hostname): - duthost = duthosts[rand_one_dut_hostname] +def restore_test_env(duthosts, rand_one_dut_front_end_hostname): + duthost = duthosts[rand_one_dut_front_end_hostname] config_reload(duthost, config_source="minigraph", safe_reload=True) yield @@ -65,17 +66,19 @@ def disable_port_toggle(duthosts, tbinfo, restore_test_env): @pytest.fixture(autouse=True) -def setup_env(duthosts, rand_one_dut_hostname): +def setup_env(duthosts, rand_one_dut_front_end_hostname, enum_rand_one_frontend_asic_index, ip_netns_namespace_prefix): """ Setup/teardown fixture for acl config Args: duthosts: list of DUTs. - rand_selected_dut: The fixture returns a randomly selected DuT. + rand_one_dut_front_end_hostname: The fixture returns a randomly selected DuT. + enum_rand_one_frontend_asic_index: The fixture returns a randomly selected asic index. """ - duthost = duthosts[rand_one_dut_hostname] + duthost = duthosts[rand_one_dut_front_end_hostname] + + original_iptable_rules = get_iptable_rules(duthost, ip_netns_namespace_prefix) + original_cacl_tables = get_cacl_tables(duthost, ip_netns_namespace_prefix) - original_iptable_rules = get_iptable_rules(duthost) - original_cacl_tables = get_cacl_tables(duthost) create_checkpoint(duthost) yield @@ -84,10 +87,11 @@ def setup_env(duthosts, rand_one_dut_hostname): logger.info("Rolled back to original checkpoint") rollback_or_reload(duthost) - pytest_assert(wait_until(5, 1, 0, check_original_and_current_iptable_rule, duthost, original_iptable_rules), + pytest_assert(wait_until(5, 1, 0, check_original_and_current_iptable_rule, + duthost, original_iptable_rules, ip_netns_namespace_prefix), "The current iptable rules doesn't match the original one") - current_cacl_tables = get_cacl_tables(duthost) + current_cacl_tables = get_cacl_tables(duthost, ip_netns_namespace_prefix) logger.info("original cacl tables: {}, current cacl tables: {}".format( original_cacl_tables, current_cacl_tables) ) @@ -104,8 +108,8 @@ def setup_env(duthosts, rand_one_dut_hostname): delete_checkpoint(duthost) -def check_original_and_current_iptable_rule(duthost, original_iptable_rules): - current_iptable_rules = get_iptable_rules(duthost) +def check_original_and_current_iptable_rule(duthost, original_iptable_rules, ip_netns_namespace_prefix): + current_iptable_rules = get_iptable_rules(duthost, ip_netns_namespace_prefix) logger.info("original iptable rules: {}, current iptable rules: {}".format( original_iptable_rules, current_iptable_rules) ) @@ -121,10 +125,10 @@ def check_original_and_current_iptable_rule(duthost, original_iptable_rules): return False -def expect_acl_table_match(duthost, table_name, expected_content_list): +def expect_acl_table_match(duthost, table_name, expected_content_list, ip_netns_namespace_prefix): """Check if acl table show as expected """ - cmds = "show acl table {}".format(table_name) + cmds = "{} show acl table {}".format(ip_netns_namespace_prefix, table_name) output = duthost.shell(cmds) pytest_assert(not output['rc'], "'{}' failed with rc={}".format(cmds, output['rc'])) @@ -140,18 +144,19 @@ def expect_acl_table_match(duthost, table_name, expected_content_list): pytest_assert(set(expected_content_list) == set(actual_list), "ACL table doesn't match") -def expect_res_success_acl_rule(duthost, expected_content_list, unexpected_content_list): +def expect_res_success_acl_rule(duthost, expected_content_list, unexpected_content_list, + ip_netns_namespace_prefix): """Check if acl rule added as expected """ time.sleep(1) # Sleep 1 sec to ensure caclmgrd does update in case of its UPDATE_DELAY_SECS 0.5s - cmds = "iptables -S" + cmds = "{} iptables -S".format(ip_netns_namespace_prefix) output = duthost.shell(cmds) pytest_assert(not output['rc'], "'{}' failed with rc={}".format(cmds, output['rc'])) expect_res_success(duthost, output, expected_content_list, unexpected_content_list) -def cacl_tc1_add_new_table(duthost, protocol): +def cacl_tc1_add_new_table(duthost, protocol, ip_netns_namespace_prefix, namespace=None): """ Add acl table for test Sample output @@ -175,7 +180,8 @@ def cacl_tc1_add_new_table(duthost, protocol): } } ] - json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, is_asic_specific=True) + json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, + is_asic_specific=True, asic_namespaces=[namespace]) tmpfile = generate_tmpfile(duthost) logger.info("tmpfile {}".format(tmpfile)) @@ -185,12 +191,12 @@ def cacl_tc1_add_new_table(duthost, protocol): expect_op_success(duthost, output) expected_content_list = [table, "CTRLPLANE", protocol, "{}_Test_Table_1".format(protocol), "ingress"] - expect_acl_table_match(duthost, table, expected_content_list) + expect_acl_table_match(duthost, table, expected_content_list, ip_netns_namespace_prefix) finally: delete_tmpfile(duthost, tmpfile) -def cacl_tc1_add_duplicate_table(duthost, protocol): +def cacl_tc1_add_duplicate_table(duthost, protocol, namespace=None): """ Add duplicate acl table """ if protocol == 'SSH': @@ -211,7 +217,8 @@ def cacl_tc1_add_duplicate_table(duthost, protocol): } } ] - json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, is_asic_specific=True) + json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, + is_asic_specific=True, asic_namespaces=[namespace]) tmpfile = generate_tmpfile(duthost) logger.info("tmpfile {}".format(tmpfile)) @@ -223,7 +230,7 @@ def cacl_tc1_add_duplicate_table(duthost, protocol): delete_tmpfile(duthost, tmpfile) -def cacl_tc1_replace_table_variable(duthost, protocol): +def cacl_tc1_replace_table_variable(duthost, protocol, ip_netns_namespace_prefix, namespace=None): """ Replace acl table with SSH service Expected output @@ -271,7 +278,8 @@ def cacl_tc1_replace_table_variable(duthost, protocol): } ] - json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, is_asic_specific=True) + json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, + is_asic_specific=True, asic_namespaces=[namespace]) tmpfile = generate_tmpfile(duthost) logger.info("tmpfile {}".format(tmpfile)) @@ -284,12 +292,12 @@ def cacl_tc1_replace_table_variable(duthost, protocol): else: expected_content_list = [table_name, "CTRLPLANE", "SSH", "{}_TO_SSH".format(protocol), "egress"] - expect_acl_table_match(duthost, table_name, expected_content_list) + expect_acl_table_match(duthost, table_name, expected_content_list, ip_netns_namespace_prefix) finally: delete_tmpfile(duthost, tmpfile) -def cacl_tc1_add_invalid_table(duthost, protocol): +def cacl_tc1_add_invalid_table(duthost, protocol, namespace=None): """ Add invalid acl table {"service": "SSH", "stage": "ogress", "type": "CTRLPLANE"}, # wrong stage @@ -299,7 +307,6 @@ def cacl_tc1_add_invalid_table(duthost, protocol): {"service": protocol, "stage": "ogress", "type": "CTRLPLANE"}, {"service": protocol, "stage": "ingress", "type": "TRLPLANE"} ] - for ele in invalid_table: json_patch = [ { @@ -318,7 +325,8 @@ def cacl_tc1_add_invalid_table(duthost, protocol): tmpfile = generate_tmpfile(duthost) logger.info("tmpfile {}".format(tmpfile)) - json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, is_asic_specific=True) + json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, + is_asic_specific=True, asic_namespaces=[namespace]) try: output = apply_patch(duthost, json_data=json_patch, dest_file=tmpfile) @@ -327,7 +335,7 @@ def cacl_tc1_add_invalid_table(duthost, protocol): delete_tmpfile(duthost, tmpfile) -def cacl_tc1_remove_unexisted_table(duthost): +def cacl_tc1_remove_unexisted_table(duthost, namespace=None): """ Remove unexisted acl table """ json_patch = [ @@ -336,7 +344,8 @@ def cacl_tc1_remove_unexisted_table(duthost): "path": "/ACL_RULE/SSH_ONLY_UNEXISTED" } ] - json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, is_asic_specific=True) + json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, + is_asic_specific=True, asic_namespaces=[namespace]) tmpfile = generate_tmpfile(duthost) logger.info("tmpfile {}".format(tmpfile)) @@ -347,7 +356,7 @@ def cacl_tc1_remove_unexisted_table(duthost): delete_tmpfile(duthost, tmpfile) -def cacl_tc1_remove_table(duthost, protocol): +def cacl_tc1_remove_table(duthost, protocol, ip_netns_namespace_prefix, namespace=None): """ Remove acl table test """ if protocol == 'SSH': @@ -360,7 +369,8 @@ def cacl_tc1_remove_table(duthost, protocol): "path": "/ACL_TABLE/{}".format(table_name) } ] - json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, is_asic_specific=True) + json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, + is_asic_specific=True, asic_namespaces=[namespace]) tmpfile = generate_tmpfile(duthost) logger.info("tmpfile {}".format(tmpfile)) @@ -369,12 +379,12 @@ def cacl_tc1_remove_table(duthost, protocol): output = apply_patch(duthost, json_data=json_patch, dest_file=tmpfile) expect_op_success(duthost, output) - expect_acl_table_match(duthost, table_name, []) + expect_acl_table_match(duthost, table_name, [], ip_netns_namespace_prefix) finally: delete_tmpfile(duthost, tmpfile) -def cacl_tc2_add_init_rule(duthost, protocol): +def cacl_tc2_add_init_rule(duthost, protocol, ip_netns_namespace_prefix, namespace=None): """ Add acl rule for test Check 'ip tables' to make sure rule is actually being applied @@ -406,10 +416,11 @@ def cacl_tc2_add_init_rule(duthost, protocol): params_dict["table"] = "EXTERNAL_CLIENT_ACL" params_dict["IP_PROTOCOL"] = "6" params_dict["L4_DST_PORT"] = "8081" + json_namespace = '' if namespace is None else '/' + namespace json_patch = [ { "op": "add", - "path": "/ACL_RULE", + "path": "{}/ACL_RULE".format(json_namespace), "value": { "{}|TEST_DROP".format(params_dict["table"]): { "IP_PROTOCOL": "{}".format(params_dict["IP_PROTOCOL"]), @@ -438,12 +449,12 @@ def cacl_tc2_add_init_rule(duthost, protocol): "-A INPUT -s 9.9.9.9/32 -p udp -m udp --dport 161 -j DROP"] elif protocol == 'EXTERNAL_CLIENT': expected_content_list = ["-A INPUT -s 9.9.9.9/32 -p tcp -m tcp --dport 8081 -j DROP"] - expect_res_success_acl_rule(duthost, expected_content_list, []) + expect_res_success_acl_rule(duthost, expected_content_list, [], ip_netns_namespace_prefix) finally: delete_tmpfile(duthost, tmpfile) -def cacl_tc2_add_duplicate_rule(duthost, protocol): +def cacl_tc2_add_duplicate_rule(duthost, protocol, namespace=None): """ Add duplicate acl rule for test """ params_dict = {} @@ -464,10 +475,11 @@ def cacl_tc2_add_duplicate_rule(duthost, protocol): params_dict["table"] = "EXTERNAL_CLIENT_ACL" params_dict["IP_PROTOCOL"] = "6" params_dict["L4_DST_PORT"] = "8081" + json_namespace = '' if namespace is None else '/' + namespace json_patch = [ { "op": "add", - "path": "/ACL_RULE", + "path": "{}/ACL_RULE".format(json_namespace), "value": { "{}|TEST_DROP".format(params_dict["table"]): { "IP_PROTOCOL": "{}".format(params_dict["IP_PROTOCOL"]), @@ -492,7 +504,7 @@ def cacl_tc2_add_duplicate_rule(duthost, protocol): delete_tmpfile(duthost, tmpfile) -def cacl_tc2_replace_rule(duthost, protocol): +def cacl_tc2_replace_rule(duthost, protocol, ip_netns_namespace_prefix, namespace=None): """ Replace a value from acl rule test Check 'ip tables' to make sure rule is actually being applied @@ -513,10 +525,11 @@ def cacl_tc2_replace_rule(duthost, protocol): table = 'NTP_ACL' elif protocol == 'EXTERNAL_CLIENT': table = 'EXTERNAL_CLIENT_ACL' + json_namespace = '' if namespace is None else '/' + namespace json_patch = [ { "op": "replace", - "path": "/ACL_RULE/{}|TEST_DROP/SRC_IP".format(table), + "path": "{}/ACL_RULE/{}|TEST_DROP/SRC_IP".format(json_namespace, table), "value": "8.8.8.8/32" } ] @@ -541,18 +554,20 @@ def cacl_tc2_replace_rule(duthost, protocol): elif protocol == 'EXTERNAL_CLIENT': expected_content_list = ["-A INPUT -s 8.8.8.8/32 -p tcp -m tcp --dport 8081 -j DROP"] unexpected_content_list = ["-A INPUT -s 9.9.9.9/32 -p tcp -m tcp --dport 8081 -j DROP"] - expect_res_success_acl_rule(duthost, expected_content_list, unexpected_content_list) + expect_res_success_acl_rule(duthost, expected_content_list, unexpected_content_list, + ip_netns_namespace_prefix) finally: delete_tmpfile(duthost, tmpfile) -def cacl_tc2_add_rule_to_unexisted_table(duthost): +def cacl_tc2_add_rule_to_unexisted_table(duthost, namespace=None): """ Add acl rule to unexisted table """ + json_namespace = '' if namespace is None else '/' + namespace json_patch = [ { "op": "add", - "path": "/ACL_RULE/TEST_2|TEST_DROP", + "path": "{}/ACL_RULE/TEST_2|TEST_DROP".format(json_namespace), "value": { "L4_DST_PORT": "22", "IP_PROTOCOL": "6", @@ -575,7 +590,7 @@ def cacl_tc2_add_rule_to_unexisted_table(duthost): delete_tmpfile(duthost, tmpfile) -def cacl_tc2_remove_table_before_rule(duthost, protocol): +def cacl_tc2_remove_table_before_rule(duthost, protocol, namespace=None): """ Remove acl table before removing acl rule """ if protocol == 'SSH': @@ -586,10 +601,11 @@ def cacl_tc2_remove_table_before_rule(duthost, protocol): table = 'NTP_ACL' elif protocol == 'EXTERNAL_CLIENT': table = 'EXTERNAL_CLIENT_ACL' + json_namespace = '' if namespace is None else '/' + namespace json_patch = [ { "op": "remove", - "path": "/ACL_TABLE/{}".format(table) + "path": "{}/ACL_TABLE/{}".format(json_namespace, table) } ] json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, is_asic_specific=True) @@ -604,7 +620,7 @@ def cacl_tc2_remove_table_before_rule(duthost, protocol): delete_tmpfile(duthost, tmpfile) -def cacl_tc2_remove_unexist_rule(duthost, protocol): +def cacl_tc2_remove_unexist_rule(duthost, protocol, namespace=None): """ Remove unexisted acl rule """ if protocol == 'SSH': @@ -615,10 +631,11 @@ def cacl_tc2_remove_unexist_rule(duthost, protocol): table = 'NTP_ACL' elif protocol == 'EXTERNAL_CLIENT': table = 'EXTERNAL_CLIENT_ACL' + json_namespace = '' if namespace is None else '/' + namespace json_patch = [ { "op": "remove", - "path": "/ACL_RULE/{}|TEST_DROP2".format(table) + "path": "{}/ACL_RULE/{}|TEST_DROP2".format(json_namespace, table) } ] json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, is_asic_specific=True) @@ -631,13 +648,14 @@ def cacl_tc2_remove_unexist_rule(duthost, protocol): delete_tmpfile(duthost, tmpfile) -def cacl_tc2_remove_rule(duthost): +def cacl_tc2_remove_rule(duthost, ip_netns_namespace_prefix, namespace=None): """ Remove acl rule test """ + json_namespace = '' if namespace is None else '/' + namespace json_patch = [ { "op": "remove", - "path": "/ACL_RULE" + "path": "{}/ACL_RULE".format(json_namespace) } ] json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, is_asic_specific=True) @@ -654,12 +672,12 @@ def cacl_tc2_remove_rule(duthost): "-A INPUT -s 8.8.8.8/32 -p udp -m udp --dport 161 -j DROP", "-A INPUT -s 8.8.8.8/32 -p tcp -m udp --dport 123 -j DROP", "-A INPUT -s 8.8.8.8/32 -p tcp -m tcp --dport 8081 -j DROP"] - expect_res_success_acl_rule(duthost, [], unexpected_content_list) + expect_res_success_acl_rule(duthost, [], unexpected_content_list, ip_netns_namespace_prefix) finally: delete_tmpfile(duthost, tmpfile) -def cacl_external_client_add_new_table(duthost): +def cacl_external_client_add_new_table(duthost, ip_netns_namespace_prefix, namespace=None): """ Add acl table for test Sample output admin@vlab-01:~$ show acl table @@ -667,10 +685,11 @@ def cacl_external_client_add_new_table(duthost): ---------------------- --------- --------------- ---------------------------- ------- -------- EXTERNAL_CLIENT_ACL CTRLPLANE EXTERNAL_CLIENT EXTERNAL_CLIENT_ACL ingress Active """ + json_namespace = '' if namespace is None else '/' + namespace json_patch = [ { "op": "add", - "path": "/ACL_TABLE/EXTERNAL_CLIENT_ACL", + "path": "{}/ACL_TABLE/EXTERNAL_CLIENT_ACL".format(json_namespace), "value": { "policy_desc": "EXTERNAL_CLIENT_ACL", "services": [ @@ -692,18 +711,20 @@ def cacl_external_client_add_new_table(duthost): expected_content_list = ["EXTERNAL_CLIENT_ACL", "CTRLPLANE", "EXTERNAL_CLIENT", "EXTERNAL_CLIENT_ACL", "ingress"] - expect_acl_table_match(duthost, "EXTERNAL_CLIENT_ACL", expected_content_list) + expect_acl_table_match(duthost, "EXTERNAL_CLIENT_ACL", expected_content_list, + ip_netns_namespace_prefix) finally: delete_tmpfile(duthost, tmpfile) -def cacl_tc3_acl_table_and_acl_rule(duthost): +def cacl_tc3_acl_table_and_acl_rule(duthost, ip_netns_namespace_prefix, namespace=None): """ Add acl table and acl rule in single patch for test """ + json_namespace = '' if namespace is None else '/' + namespace json_patch = [ { "op": "add", - "path": "/ACL_TABLE/EXTERNAL_CLIENT_ACL", + "path": "{}/ACL_TABLE/EXTERNAL_CLIENT_ACL".format(json_namespace), "value": { "type": "CTRLPLANE", "stage": "ingress", @@ -715,7 +736,7 @@ def cacl_tc3_acl_table_and_acl_rule(duthost): }, { "op": "add", - "path": "/ACL_RULE", + "path": "{}/ACL_RULE".format(json_namespace), "value": { "EXTERNAL_CLIENT_ACL|RULE_1": { "PRIORITY": "9999", @@ -728,6 +749,8 @@ def cacl_tc3_acl_table_and_acl_rule(duthost): } ] + json_patch = format_json_patch_for_multiasic(duthost=duthost, json_data=json_patch, is_asic_specific=True) + tmpfile = generate_tmpfile(duthost) logger.info("tmpfile {}".format(tmpfile)) @@ -737,9 +760,10 @@ def cacl_tc3_acl_table_and_acl_rule(duthost): expected_table_content_list = ["EXTERNAL_CLIENT_ACL", "CTRLPLANE", "EXTERNAL_CLIENT", "EXTERNAL_CLIENT_ACL", "ingress"] - expect_acl_table_match(duthost, "EXTERNAL_CLIENT_ACL", expected_table_content_list) + expect_acl_table_match(duthost, "EXTERNAL_CLIENT_ACL", expected_table_content_list, + ip_netns_namespace_prefix) expected_rule_content_list = ["-A INPUT -s 9.9.9.9/32 -p tcp -m tcp --dport 8081 -j DROP"] - expect_res_success_acl_rule(duthost, expected_rule_content_list, []) + expect_res_success_acl_rule(duthost, expected_rule_content_list, [], ip_netns_namespace_prefix) finally: delete_tmpfile(duthost, tmpfile) @@ -752,29 +776,35 @@ def cacl_protocol(request): # noqa F811 return request.param -def test_cacl_tc1_acl_table_suite(cacl_protocol, rand_selected_dut): +def test_cacl_tc1_acl_table_suite(cacl_protocol, rand_selected_front_end_dut, enum_rand_one_frontend_asic_index, + ip_netns_namespace_prefix): + namespace = rand_selected_front_end_dut.get_namespace_from_asic_id(enum_rand_one_frontend_asic_index) logger.info("Test acl table for protocol {}".format(cacl_protocol)) - cacl_tc1_add_new_table(rand_selected_dut, cacl_protocol) - cacl_tc1_add_duplicate_table(rand_selected_dut, cacl_protocol) - cacl_tc1_replace_table_variable(rand_selected_dut, cacl_protocol) - cacl_tc1_add_invalid_table(rand_selected_dut, cacl_protocol) - cacl_tc1_remove_unexisted_table(rand_selected_dut) - cacl_tc1_remove_table(rand_selected_dut, cacl_protocol) + cacl_tc1_add_new_table(rand_selected_front_end_dut, cacl_protocol, ip_netns_namespace_prefix, namespace) + cacl_tc1_add_duplicate_table(rand_selected_front_end_dut, cacl_protocol, namespace) + cacl_tc1_replace_table_variable(rand_selected_front_end_dut, cacl_protocol, ip_netns_namespace_prefix, namespace) + cacl_tc1_add_invalid_table(rand_selected_front_end_dut, cacl_protocol, namespace) + cacl_tc1_remove_unexisted_table(rand_selected_front_end_dut, namespace) + cacl_tc1_remove_table(rand_selected_front_end_dut, cacl_protocol, ip_netns_namespace_prefix, namespace) # ACL_RULE tests are related. So group them into one test. -def test_cacl_tc2_acl_rule_test(cacl_protocol, rand_selected_dut): +def test_cacl_tc2_acl_rule_test(cacl_protocol, rand_selected_front_end_dut, enum_rand_one_frontend_asic_index, + ip_netns_namespace_prefix): + namespace = rand_selected_front_end_dut.get_namespace_from_asic_id(enum_rand_one_frontend_asic_index) + logger.info("Test acl table for protocol {}".format(cacl_protocol)) if cacl_protocol == 'EXTERNAL_CLIENT': - cacl_external_client_add_new_table(rand_selected_dut) - cacl_tc2_add_init_rule(rand_selected_dut, cacl_protocol) - cacl_tc2_add_duplicate_rule(rand_selected_dut, cacl_protocol) - cacl_tc2_replace_rule(rand_selected_dut, cacl_protocol) - cacl_tc2_add_rule_to_unexisted_table(rand_selected_dut) - cacl_tc2_remove_table_before_rule(rand_selected_dut, cacl_protocol) - cacl_tc2_remove_unexist_rule(rand_selected_dut, cacl_protocol) - cacl_tc2_remove_rule(rand_selected_dut) - - -def test_cacl_tc3_acl_all(rand_selected_dut): - cacl_tc3_acl_table_and_acl_rule(rand_selected_dut) + cacl_external_client_add_new_table(rand_selected_front_end_dut, ip_netns_namespace_prefix, namespace) + cacl_tc2_add_init_rule(rand_selected_front_end_dut, cacl_protocol, ip_netns_namespace_prefix, namespace) + cacl_tc2_add_duplicate_rule(rand_selected_front_end_dut, cacl_protocol, namespace) + cacl_tc2_replace_rule(rand_selected_front_end_dut, cacl_protocol, ip_netns_namespace_prefix, namespace) + cacl_tc2_add_rule_to_unexisted_table(rand_selected_front_end_dut, namespace) + cacl_tc2_remove_table_before_rule(rand_selected_front_end_dut, cacl_protocol, namespace) + cacl_tc2_remove_unexist_rule(rand_selected_front_end_dut, cacl_protocol, namespace) + cacl_tc2_remove_rule(rand_selected_front_end_dut, ip_netns_namespace_prefix, namespace) + + +def test_cacl_tc3_acl_all(rand_selected_front_end_dut, enum_rand_one_frontend_asic_index, ip_netns_namespace_prefix): + namespace = rand_selected_front_end_dut.get_namespace_from_asic_id(enum_rand_one_frontend_asic_index) + cacl_tc3_acl_table_and_acl_rule(rand_selected_front_end_dut, ip_netns_namespace_prefix, namespace)