diff --git a/ansible/roles/test/tasks/acl/acltb_test_rules.json b/ansible/roles/test/tasks/acl/acltb_test_rules.json index 329dce74fa1..3766d494bf7 100644 --- a/ansible/roles/test/tasks/acl/acltb_test_rules.json +++ b/ansible/roles/test/tasks/acl/acltb_test_rules.json @@ -31,7 +31,7 @@ }, "ip": { "config": { - "destination-ip-address": "192.168.0.16/32" + "source-ip-address": "192.168.0.16/32" } } }, diff --git a/ansible/roles/test/tasks/acl/acltb_test_rules_deny_all.json b/ansible/roles/test/tasks/acl/acltb_test_rules_deny_all.json new file mode 100644 index 00000000000..7cc6af30446 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acltb_test_rules_deny_all.json @@ -0,0 +1,29 @@ +{ + "acl": { + "acl-sets": { + "acl-set": { + "dataacl": { + "acl-entries": { + "acl-entry": { + "1": { + "actions": { + "config": { + "forwarding-action": "DROP" + } + }, + "config": { + "sequence-id": 1 + }, + "l2": { + "config": { + "ethertype": "2048" + } + } + } + } + } + } + } + } + } +} diff --git a/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json b/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json index 329dce74fa1..3766d494bf7 100644 --- a/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json +++ b/ansible/roles/test/tasks/acl/acltb_test_rules_part_2.json @@ -31,7 +31,7 @@ }, "ip": { "config": { - "destination-ip-address": "192.168.0.16/32" + "source-ip-address": "192.168.0.16/32" } } }, diff --git a/ansible/roles/test/tasks/acltb.yml b/ansible/roles/test/tasks/acltb.yml index 3ed9be7ed0f..870ed8a4fef 100644 --- a/ansible/roles/test/tasks/acltb.yml +++ b/ansible/roles/test/tasks/acltb.yml @@ -24,6 +24,7 @@ - "acltb_test_rules-del.json" - "acltb_test_rules_part_1.json" - "acltb_test_rules_part_2.json" + - "acltb_test_rules_deny_all.json" # Generate file with switch information - template: src=acltb.j2 dest=/tmp/acltb_switch_info.txt @@ -95,6 +96,32 @@ - switch_info=\"/tmp/acltb_switch_info.txt\" - testbed_type=\"{{ testbed_type }}\" + - name: Clean up ACL rules. + vars: + command_to_run: "acl-loader update full /tmp/acltb_test_rules-del.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: Apply Deny All ACL rules. + vars: + command_to_run: "acl-loader update incremental /tmp/acltb_test_rules_deny_all.json" + errors_expected: false + include: roles/test/tasks/run_command_with_log_analyzer.yml + + - name: Run the test + include: ptf_runner.yml + vars: + ptf_test_name: ACL Test + ptf_test_dir: acstests + ptf_test_path: acltb_test.AclTest + ptf_platform: remote + ptf_test_params: + - verbose=True + - router_mac=\"{{ ansible_Ethernet0['macaddress'] }}\" + - switch_info=\"/tmp/acltb_switch_info.txt\" + - testbed_type=\"{{ testbed_type }}\" + - deny_all_rule=True + always: - name: Clean up ACL rules. vars: