From 7b999c8456c22183a3e99c0717b9f361acb4b5fa Mon Sep 17 00:00:00 2001 From: Neetha John Date: Mon, 31 Oct 2022 16:40:33 -0700 Subject: [PATCH 1/3] Add helper functions for backend acl Signed-off-by: Neetha John --- tests/common/helpers/backend_acl.py | 35 ++++++++++ .../templates/backend_acl_update_config.j2 | 69 +++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 tests/common/helpers/backend_acl.py create mode 100644 tests/common/templates/backend_acl_update_config.j2 diff --git a/tests/common/helpers/backend_acl.py b/tests/common/helpers/backend_acl.py new file mode 100644 index 00000000000..06bc85e38fa --- /dev/null +++ b/tests/common/helpers/backend_acl.py @@ -0,0 +1,35 @@ +import os + +BASE_DIR = os.path.dirname(os.path.realpath(__file__)) +DUT_TMP_DIR = "/tmp" +TEMPLATE_DIR = os.path.join(BASE_DIR, '../templates') +ACL_TEMPLATE = 'backend_acl_update_config.j2' + +def apply_acl_rules(duthost, tbinfo, intf_list=None): + if "t0-backend" not in tbinfo["topo"]["name"]: + return + + dst_acl_template = os.path.join(DUT_TMP_DIR, ACL_TEMPLATE) + dst_acl_file = os.path.join(DUT_TMP_DIR, 'backend_new_acl.json') + add_var = '' + + if intf_list: + duthost.copy(src=os.path.join(TEMPLATE_DIR, ACL_TEMPLATE), dest=dst_acl_template) + intfs = ",".join(intf_list) + confvar = '{{"intf_list" : "{}"}}'.format(intfs) + add_var = "-a '{}' ".format(confvar) + else: + dst_acl_template = "/usr/share/sonic/templates/backend_acl.j2" + + duthost.shell("sonic-cfggen {}-d -t {} > {}".format(add_var, dst_acl_template, dst_acl_file)) + tmp = duthost.stat(path=dst_acl_file) + if tmp['stat']['exists']: + duthost.command("acl-loader update incremental {}".format(dst_acl_file)) + + +def bind_acl_table(duthost, tbinfo): + if "t0-backend" not in tbinfo["topo"]["name"]: + return + + vlan_intfs = duthost.get_vlan_intfs() + duthost.command("config acl add table DATAACL L3 -p {}".format(",".join(vlan_intfs))) diff --git a/tests/common/templates/backend_acl_update_config.j2 b/tests/common/templates/backend_acl_update_config.j2 new file mode 100644 index 00000000000..b641f38ea15 --- /dev/null +++ b/tests/common/templates/backend_acl_update_config.j2 @@ -0,0 +1,69 @@ +{%- set vlan2ports = {} %} +{%- for vlan in VLAN %} + {% set portlist = [] %} + {%- for vlan_name, port in VLAN_MEMBER %} + {%- if vlan_name == vlan %} + {%- if portlist.append(port) %}{%- endif %} + {%- endif %} + {%- endfor %} + {%- set _ = vlan2ports.update({vlan: portlist| sort | join(',')}) %} +{%- endfor %} + + +{ + "acl": { + "acl-sets": { + "acl-set": { + "DATAACL": { + "acl-entries": { + "acl-entry": { + {% for vlan, vlan_entries in VLAN.items() %} + "{{ loop.index }}": { + "config": { + "sequence-id": {{ loop.index }} + }, + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "l2": { + "config": { + "vlan_id": "{{ vlan_entries['vlanid'] }}" + } + }, + "input_interface": { + "interface_ref": { + "config": { + "interface": "{{ vlan2ports[vlan] }}" + } + } + } + + }, + {% endfor -%} + "999": { + "config": { + "sequence-id": 999 + }, + "actions": { + "config": { + "forwarding-action": "ACCEPT" + } + }, + "input_interface": { + "interface_ref": { + "config": { + "interface": "{{ intf_list }}" + } + } + } + } + + } + } + } + } + } + } +} From fbe2729154171ce5616edae7ac4e5093742d697d Mon Sep 17 00:00:00 2001 From: Neetha John Date: Mon, 31 Oct 2022 16:41:08 -0700 Subject: [PATCH 2/3] Update vlan test to modify backend acl based on test parameters Signed-off-by: Neetha John --- tests/vlan/test_vlan.py | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/tests/vlan/test_vlan.py b/tests/vlan/test_vlan.py index 261324620ff..964ed12c6e1 100644 --- a/tests/vlan/test_vlan.py +++ b/tests/vlan/test_vlan.py @@ -16,6 +16,7 @@ from tests.common.fixtures.duthost_utils import utils_create_test_vlans from tests.common.fixtures.duthost_utils import utils_vlan_intfs_dict_orig from tests.common.fixtures.duthost_utils import utils_vlan_intfs_dict_add +from tests.common.helpers.backend_acl import apply_acl_rules, bind_acl_table logger = logging.getLogger(__name__) @@ -96,6 +97,26 @@ def work_vlan_ports_list(rand_selected_dut, tbinfo, cfg_facts, ports_list, utils return work_vlan_ports_list +@pytest.fixture(scope="module") +def acl_rule_cleanup(duthost, tbinfo): + """Cleanup all the existing DATAACL rules""" + if "t0-backend" in tbinfo["topo"]["name"]: + duthost.shell('acl-loader delete') + + yield + +@pytest.fixture(scope="module") +def modify_acl_table(duthost, tbinfo, acl_rule_cleanup): + """ Remove the DATAACL table prior to the test and recreate it at the end""" + if "t0-backend" in tbinfo["topo"]["name"]: + duthost.command('config acl remove table DATAACL') + + yield + + if "t0-backend" in tbinfo["topo"]["name"]: + duthost.command('config acl remove table DATAACL') + # rebind with new set of ports + bind_acl_table(duthost, tbinfo) def shutdown_portchannels(duthost, portchannel_interfaces, pc_num=PORTCHANNELS_TEST_NUM): cmds = [] @@ -152,7 +173,7 @@ def startup_portchannels(duthost, portchannel_interfaces, pc_num=PORTCHANNELS_TE @pytest.fixture(scope="module", autouse=True) -def setup_vlan(duthosts, rand_one_dut_hostname, ptfadapter, tbinfo, work_vlan_ports_list, vlan_intfs_dict, cfg_facts): +def setup_vlan(duthosts, rand_one_dut_hostname, ptfadapter, tbinfo, work_vlan_ports_list, vlan_intfs_dict, cfg_facts, modify_acl_table): duthost = duthosts[rand_one_dut_hostname] # --------------------- Setup ----------------------- try: @@ -175,6 +196,8 @@ def setup_vlan(duthosts, rand_one_dut_hostname, ptfadapter, tbinfo, work_vlan_po logger.info('"show int portchannel" output on DUT:\n{}'.format(pprint.pformat(res['stdout_lines']))) populate_fdb(ptfadapter, work_vlan_ports_list, vlan_intfs_dict) + bind_acl_table(duthost, tbinfo) + apply_acl_rules(duthost, tbinfo) # --------------------- Testing ----------------------- yield # --------------------- Teardown ----------------------- From 77b08313b883340d558dd971d409bcf9cd90b70c Mon Sep 17 00:00:00 2001 From: Neetha John Date: Tue, 1 Nov 2022 10:32:34 -0700 Subject: [PATCH 3/3] Address review comments Signed-off-by: Neetha John --- tests/vlan/test_vlan.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/vlan/test_vlan.py b/tests/vlan/test_vlan.py index 964ed12c6e1..4d7dad23184 100644 --- a/tests/vlan/test_vlan.py +++ b/tests/vlan/test_vlan.py @@ -100,13 +100,14 @@ def work_vlan_ports_list(rand_selected_dut, tbinfo, cfg_facts, ports_list, utils @pytest.fixture(scope="module") def acl_rule_cleanup(duthost, tbinfo): """Cleanup all the existing DATAACL rules""" + # remove all rules under the ACL_RULE table if "t0-backend" in tbinfo["topo"]["name"]: duthost.shell('acl-loader delete') yield @pytest.fixture(scope="module") -def modify_acl_table(duthost, tbinfo, acl_rule_cleanup): +def setup_acl_table(duthost, tbinfo, acl_rule_cleanup): """ Remove the DATAACL table prior to the test and recreate it at the end""" if "t0-backend" in tbinfo["topo"]["name"]: duthost.command('config acl remove table DATAACL') @@ -173,7 +174,7 @@ def startup_portchannels(duthost, portchannel_interfaces, pc_num=PORTCHANNELS_TE @pytest.fixture(scope="module", autouse=True) -def setup_vlan(duthosts, rand_one_dut_hostname, ptfadapter, tbinfo, work_vlan_ports_list, vlan_intfs_dict, cfg_facts, modify_acl_table): +def setup_vlan(duthosts, rand_one_dut_hostname, ptfadapter, tbinfo, work_vlan_ports_list, vlan_intfs_dict, cfg_facts, setup_acl_table): duthost = duthosts[rand_one_dut_hostname] # --------------------- Setup ----------------------- try: