Skip to content

[backend] [vlan] Update acl template based on test ports #6686

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
neethajohn merged 3 commits into from
Nov 4, 2022
Merged

[backend] [vlan] Update acl template based on test ports #6686

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7b999c8
Add helper functions for backend acl
neethajohn Oct 31, 2022
fbe2729
Update vlan test to modify backend acl based on test parameters
neethajohn Oct 31, 2022
77b0831
Address review comments
neethajohn Nov 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions tests/common/helpers/backend_acl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
import os

BASE_DIR = os.path.dirname(os.path.realpath(__file__))
DUT_TMP_DIR = "/tmp"
TEMPLATE_DIR = os.path.join(BASE_DIR, '../templates')
ACL_TEMPLATE = 'backend_acl_update_config.j2'

def apply_acl_rules(duthost, tbinfo, intf_list=None):
if "t0-backend" not in tbinfo["topo"]["name"]:
return

dst_acl_template = os.path.join(DUT_TMP_DIR, ACL_TEMPLATE)
dst_acl_file = os.path.join(DUT_TMP_DIR, 'backend_new_acl.json')
add_var = ''

if intf_list:
duthost.copy(src=os.path.join(TEMPLATE_DIR, ACL_TEMPLATE), dest=dst_acl_template)
intfs = ",".join(intf_list)
confvar = '{{"intf_list" : "{}"}}'.format(intfs)
add_var = "-a '{}' ".format(confvar)
else:
dst_acl_template = "/usr/share/sonic/templates/backend_acl.j2"

duthost.shell("sonic-cfggen {}-d -t {} > {}".format(add_var, dst_acl_template, dst_acl_file))
tmp = duthost.stat(path=dst_acl_file)
if tmp['stat']['exists']:
duthost.command("acl-loader update incremental {}".format(dst_acl_file))


def bind_acl_table(duthost, tbinfo):
if "t0-backend" not in tbinfo["topo"]["name"]:
return

vlan_intfs = duthost.get_vlan_intfs()
duthost.command("config acl add table DATAACL L3 -p {}".format(",".join(vlan_intfs)))
69 changes: 69 additions & 0 deletions tests/common/templates/backend_acl_update_config.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
{%- set vlan2ports = {} %}
{%- for vlan in VLAN %}
{% set portlist = [] %}
{%- for vlan_name, port in VLAN_MEMBER %}
{%- if vlan_name == vlan %}
{%- if portlist.append(port) %}{%- endif %}
{%- endif %}
{%- endfor %}
{%- set _ = vlan2ports.update({vlan: portlist| sort | join(',')}) %}
{%- endfor %}


{
"acl": {
"acl-sets": {
"acl-set": {
"DATAACL": {
"acl-entries": {
"acl-entry": {
{% for vlan, vlan_entries in VLAN.items() %}
"{{ loop.index }}": {
"config": {
"sequence-id": {{ loop.index }}
},
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"l2": {
"config": {
"vlan_id": "{{ vlan_entries['vlanid'] }}"
}
},
"input_interface": {
"interface_ref": {
"config": {
"interface": "{{ vlan2ports[vlan] }}"
}
}
}

},
{% endfor -%}
"999": {
"config": {
"sequence-id": 999
},
"actions": {
"config": {
"forwarding-action": "ACCEPT"
}
},
"input_interface": {
"interface_ref": {
"config": {
"interface": "{{ intf_list }}"
}
}
}
}

}
}
}
}
}
}
}
26 changes: 25 additions & 1 deletion tests/vlan/test_vlan.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
from tests.common.fixtures.duthost_utils import utils_create_test_vlans
from tests.common.fixtures.duthost_utils import utils_vlan_intfs_dict_orig
from tests.common.fixtures.duthost_utils import utils_vlan_intfs_dict_add
from tests.common.helpers.backend_acl import apply_acl_rules, bind_acl_table

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -96,6 +97,27 @@ def work_vlan_ports_list(rand_selected_dut, tbinfo, cfg_facts, ports_list, utils

return work_vlan_ports_list

@pytest.fixture(scope="module")
def acl_rule_cleanup(duthost, tbinfo):
"""Cleanup all the existing DATAACL rules"""
# remove all rules under the ACL_RULE table
if "t0-backend" in tbinfo["topo"]["name"]:
duthost.shell('acl-loader delete')

yield

@pytest.fixture(scope="module")
def setup_acl_table(duthost, tbinfo, acl_rule_cleanup):
""" Remove the DATAACL table prior to the test and recreate it at the end"""
if "t0-backend" in tbinfo["topo"]["name"]:
duthost.command('config acl remove table DATAACL')

yield

if "t0-backend" in tbinfo["topo"]["name"]:
duthost.command('config acl remove table DATAACL')
# rebind with new set of ports
bind_acl_table(duthost, tbinfo)

def shutdown_portchannels(duthost, portchannel_interfaces, pc_num=PORTCHANNELS_TEST_NUM):
cmds = []
Expand Down Expand Up @@ -152,7 +174,7 @@ def startup_portchannels(duthost, portchannel_interfaces, pc_num=PORTCHANNELS_TE


@pytest.fixture(scope="module", autouse=True)
def setup_vlan(duthosts, rand_one_dut_hostname, ptfadapter, tbinfo, work_vlan_ports_list, vlan_intfs_dict, cfg_facts):
def setup_vlan(duthosts, rand_one_dut_hostname, ptfadapter, tbinfo, work_vlan_ports_list, vlan_intfs_dict, cfg_facts, setup_acl_table):
duthost = duthosts[rand_one_dut_hostname]
# --------------------- Setup -----------------------
try:
Expand All @@ -175,6 +197,8 @@ def setup_vlan(duthosts, rand_one_dut_hostname, ptfadapter, tbinfo, work_vlan_po
logger.info('"show int portchannel" output on DUT:\n{}'.format(pprint.pformat(res['stdout_lines'])))

populate_fdb(ptfadapter, work_vlan_ports_list, vlan_intfs_dict)
bind_acl_table(duthost, tbinfo)
apply_acl_rules(duthost, tbinfo)
# --------------------- Testing -----------------------
yield
# --------------------- Teardown -----------------------
Expand Down