diff --git a/ansible/roles/test/files/acstests/acl_port_range_traffic_test.py b/ansible/roles/test/files/acstests/acl_port_range_traffic_test.py new file mode 100644 index 00000000000..9eb5df7f940 --- /dev/null +++ b/ansible/roles/test/files/acstests/acl_port_range_traffic_test.py @@ -0,0 +1,26 @@ +import sys +import ptf.packet as scapy +import ptf.dataplane as dataplane +import acs_base_test +from ptf.base_tests import BaseTest +import ptf.testutils as testutils +from ptf.testutils import * +import scapy.all as scapy2 + +class SendTCP(acs_base_test.ACSDataplaneTest): + def runTest(self): + pkt = scapy2.Ether(src="e4:1d:2d:a5:f3:ac", dst="00:02:03:04:05:00") + pkt /= scapy2.IP(src="20.0.0.2", dst="20.0.0.1") + + # get L4 port number + port_number = testutils.test_params_get("port_number") + port = port_number["port_number"] + pkt /= scapy2.TCP(sport = int(port)) + pkt /= ("badabadaboom") + + # get packets number + count = testutils.test_params_get("count") + pack_number = count["count"] + + # send packets + send(self, 0, pkt, int(pack_number)) diff --git a/ansible/roles/test/files/acstests/acl_tcp_test.py b/ansible/roles/test/files/acstests/acl_tcp_test.py new file mode 100644 index 00000000000..46f5b092f27 --- /dev/null +++ b/ansible/roles/test/files/acstests/acl_tcp_test.py @@ -0,0 +1,152 @@ +import ptf.packet as scapy +import ptf.dataplane as dataplane +import acs_base_test +from ptf.base_tests import BaseTest +from ptf.testutils import * +from ptf.mask import Mask +import scapy.all as scapy2 +from time import sleep +from threading import Thread + +class FailingTest(BaseTest): + ''' + Test designed to fail + ''' + def runTest(self): + a = 5 / 0 + pass + +class SucceessTest(BaseTest): + ''' + Test designed for success + ''' + def runTest(self): + pass + +class SendTCP(acs_base_test.ACSDataplaneTest): + ''' + FIN = 0x01 + SYN = 0x02 + RST = 0x04 + PSH = 0x08 + ACK = 0x10 + URG = 0x20 + ECE = 0x40 + CWR = 0x80 + ''' + + def pkt_callback(self, pkt): + if pkt.haslayer(scapy2.TCP) and pkt.getlayer(scapy2.IP).src == "22.0.0.2": + self.sniffed_cnt += 1 + + def Sniffer(self, interface): + self.sniffed_cnt = 0 + scapy2.sniff(iface="eth2", prn=self.pkt_callback, store=0, timeout=3) + + def runTest(self): + + pkt = scapy2.Ether() + pkt /= scapy2.IP(src="21.0.0.2", dst="22.0.0.2") + pkt /= scapy2.TCP(dport = 80, flags="S", seq=42) + pkt /= ("badabadaboom") + + t = Thread(target=self.Sniffer, args=("eth2",)) + t.start() + scapy2.sendp(pkt, iface='eth2') + sleep(4) + # fail if no reply + if self.sniffed_cnt == 0: + self.assertTrue(False) + + + #res = scapy2.sniff(iface="eth2", timeout=3) + #print res + #if res: + # raise + + #if reply: + # raise + #print "================______====\n" + #print reply + #print error + #print "================______====\n" + #if reply: + # reply.show() + #(rcv_device, rcv_port, rcv_pkt, pkt_time) = dp_poll(self, device_number=0, port_number=0, timeout=5) + #send_packet(self, 0, pkt) + #(rcv_device, rcv_port, rcv_pkt, pkt_time) = dp_poll(self, device_number=0, port_number=0, timeout=5) + + +# verify_packet(self, masked_exp_pkt, 1) + + + #mpkt = Mask(pkt) + #mpkt.set_do_not_care(0, 14*8) + #mpkt.set_do_not_care(16*8, 49*8) + #verify_packet(self, mpkt, 0) + #(rcv_device, rcv_port, rcv_pkt, pkt_time) = dp_poll(self, device_number=0, port_number=0, timeout=5) + #print "================______====\n" + #y = 0 + #for x in rcv_pkt: + # print "%d - %X" % (y, ord(x)) + # y +=1 +""" +(rcv_device, rcv_port, rcv_pkt, pkt_time) = dp_poll(self, device_number=0, timeout=3) + print "================______====\n" + y = 0 + for x in rcv_pkt: + print "%d - %X" % (y, ord(x)) + y +=1 + + y = 0 + for x in str(pkt): + print "%d - %X" % (y, ord(x)) + y +=1 +""" + + +""" + + pkt = scapy.Ether() + pkt /= scapy.IP(src="21.0.0.2", dst="22.0.0.2") + pkt /= scapy.TCP(sport = 8192, dport = 80, flags="S", seq=42) + m = Mask.Mask(pkt) + m.set_do_not_care_scapy(Ether, 'src') + m.set_do_not_care_scapy(Ether, 'dst') + m.set_do_not_care_scapy(IP, 'ttl') + m.set_do_not_care_scapy(IP, 'len') + m.set_do_not_care_scapy(IP, 'flags') + verify_packet(self, pkt, 0); + verify_packets(, m) + + +Test ACL permition + + +import ptf.packet as scapy + +import ptf.dataplane as dataplane +import acs_base_test + +from ptf.testutils import * +from ptf.mask import Mask + + +class ACLpermit(acs_base_test.ACSDataplaneTest): + def runTest(self): + print "The test is passed" + pass + # pkt = simple_ip_packet( eth_dst='00:01:02:03:04:05', + # eth_src='00:06:07:08:09:0a', + # ip_src='192.168.0.1', + # ip_dst='192.168.0.2', + # ip_ttl=64) + # send_packet(self, port, pkt) + + # pkt = scapy.Ether() + # pkt /= scapy.IP(src="20.0.0.2", dst="21.0.0.2") + # pkt /= scapy.TCP() + # pkt /= ("Yellow Sun") + # send_packet(self, 1, pkt) + # verify_packet(self, pkt, 2) +""" diff --git a/ansible/roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml b/ansible/roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml index fe9610063ff..8cda128620d 100644 --- a/ansible/roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml +++ b/ansible/roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml @@ -13,4 +13,4 @@ shell: "{{ cmd }}" args: chdir: "{{ run_dir }}" -- debug: msg="Finished calling loganalyzer analyze phase" \ No newline at end of file +- debug: msg="Finished calling loganalyzer analyze phase" diff --git a/ansible/roles/test/files/tools/loganalyzer/loganalyzer_common_match.txt b/ansible/roles/test/files/tools/loganalyzer/loganalyzer_common_match.txt index 98e21febf80..d17c702965f 100644 --- a/ansible/roles/test/files/tools/loganalyzer/loganalyzer_common_match.txt +++ b/ansible/roles/test/files/tools/loganalyzer/loganalyzer_common_match.txt @@ -3,4 +3,4 @@ r, "kernel:.*Oops", "kernel:.*hung", "kernel.*oom\s" r, "kernel:.*scheduling", "kernel:.*atomic", "kernel:.*panic" r, "kernel:.*\serr", "kernel:.*allocation", "kernel:.*kill", r, "kernel:.*kmemleak.*","kernel:.* Err:" -s, "ERR" \ No newline at end of file +s, "ERR" diff --git a/ansible/roles/test/files/tools/loganalyzer/loganalyzer_init.yml b/ansible/roles/test/files/tools/loganalyzer/loganalyzer_init.yml index dff2fdfa833..586c2807b88 100644 --- a/ansible/roles/test/files/tools/loganalyzer/loganalyzer_init.yml +++ b/ansible/roles/test/files/tools/loganalyzer/loganalyzer_init.yml @@ -33,4 +33,4 @@ - name: Initialize loganalyzer become: True shell: "python {{ run_dir }}/loganalyzer.py --action init --run_id {{ testname_unique }}" -- debug: msg="Finished calling loganalyzer init phase" \ No newline at end of file +- debug: msg="Finished calling loganalyzer init phase" diff --git a/ansible/roles/test/tasks/acl.yml b/ansible/roles/test/tasks/acl.yml new file mode 100644 index 00000000000..bc038fe879c --- /dev/null +++ b/ansible/roles/test/tasks/acl.yml @@ -0,0 +1,41 @@ + +#----------------------------------------- +# Run all the acl tests. +#----------------------------------------- + +- set_fact: + vars_files_location: vars/acl + +- include_vars: "{{ vars_files_location }}/acl_vars.yml" + +- name: Create run_dir + file: path="{{ run_dir }}" state=directory + + #****************************************# + # Start tests # + #****************************************# + +- block: + - name: Test file input. + include: "{{ tests_location }}/acl_input_test/acl_input_test.yml" + + - name: Test port bind configuration. + include: "{{ tests_location }}/acl_port_bind_test/acl_port_bind_test.yml" + + - name: Test orchagent logic. + include: "{{ tests_location }}/acl_orchagent_logic_test/acl_orchagent_logic_test.yml" + + - name: Test traffic. + include: "{{ tests_location }}/acl_traffic_test/acl_traffic_test.yml" + + - name: Test counters traffic. + include: "{{ tests_location }}/acl_counter_traffic_test/acl_counter_traffic_test.yml" + + - name: Test L4 ports. + include: "{{ tests_location }}/acl_port_range_test/acl_port_range_test.yml" + + always: + - name: General cleanup. + file: path="{{ item }}" state=absent + with_items: + - "{{ run_dir }}/loganalyzer.py" diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_check_db.yml b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_check_db.yml new file mode 100644 index 00000000000..088ac6de771 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_check_db.yml @@ -0,0 +1,36 @@ + +- block: + - name: Check if Redis DB contains corresponding data. + shell: docker exec -i database redis-cli -n 1 KEYS \* | grep "ASIC_STATE:SAI_OBJECT_TYPE_ACL_COUNTER" + register: grep_redis + failed_when: (expect_data == true and grep_redis.rc != 0) or (expect_data == false and grep_redis.rc == 0) + + - name: Wait for data to be written into Counters DB ... + pause: + seconds: 10 + + - name: Read counters value. + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name_check }}:{{ rule_name_check }}" Packets + register: counters_value + when: expect_data == true + + - name: Check if corresponding data was removed from Counters DB. + shell: docker exec -i database redis-cli -n 2 KEYS \* | grep {{ rule_name_check }} + register: grep_counters + failed_when: grep_counters.rc == 0 + when: expect_data == false + + always: + # check for successful creating. + - fail: msg="Failed to find corresponding data in Redis DB. Used {{ table_name_check }} / {{ rule_name_check }}" + when: expect_data == true and grep_redis.rc != 0 + + - fail: msg="Failed to find corresponding data in Counters DB. Used {{ table_name_check }} / {{ rule_name_check }}" + when: expect_data == true and counters_value.stdout != "{{ expected_counter_value }}" + + # check for successful deleting. + - fail: msg="Failed to delete corresponding rule-data from Redis DB. Used {{ table_name_check }} / {{ rule_name_check }}" + when: expect_data == false and grep_redis.rc == 0 + + - fail: msg="Failed to delete corresponding rule-data from Counters DB. Used {{ table_name_check }} / {{ rule_name_check }}" + when: expect_data == false and grep_counters.rc == 0 diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml new file mode 100644 index 00000000000..34957a67d57 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml @@ -0,0 +1,166 @@ +#---------------------------------------------------- +# @ COUNTER TRAFFIC TEST. +# @ Checks if counters have got proper value after some packets ran. +#---------------------------------------------------- + +- fail: msg="Please set ptf_host variable" + when: ptf_host is not defined + +- fail: msg="Please set ptf_host_if variable (interface that host is connected to switch)" + when: ptf_host_if is not defined + +- include_vars: "{{ vars_files_location }}/acl_counter_traffic_test_vars.yml" + +- name: Copy JSON configs onto switch. + copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" + with_items: + - "{{ config_files }}" + +- name: Copy JSON configs from switch into docker filesystem. + shell: docker cp "{{ run_dir }}/{{ item }}" orchagent:{{ docker_testdir }}/{{ item }} + with_items: + - "{{ config_files }}" + +- block: + +#---------------------------------------- +# L3 TRAFFIC TESTING. +#---------------------------------------- + - name: Set host interface IP address. + shell: ifconfig {{ ptf_host_if }} 20.0.0.2 + delegate_to: "{{ ptf_host }}" + + - name: Create an ACL L3 table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }} + + - name: Create a rule within L3 table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_rule }} + + - name: Check if {{ rule_name}} data is written into DBs. + vars: + table_name_check: "{{ table_name }}" + rule_name_check: "{{ rule_name }}" + expect_data: true + expected_counter_value: 0 + include: "{{ acl_check_db }}" + + - name: Read initial counters value (before ping). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_name }}" Packets + register: counters_value_initial + - debug: var="counters_value_initial|int" + + - name: Ping switch from host. + shell: ping -c {{ packets_sent|int }} {{ switch_if1_ip }} + delegate_to: "{{ ptf_host }}" + register: ping_result + failed_when: ping_result.rc != 0 + + - name: Wait for counters to update (it updates every 10 sec) ... + pause: + seconds: 10 + + - name: Read result counters value (after ping). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_name }}" Packets + register: counters_value_result + - debug: var="counters_value_result|int" + + - fail: msg="Counters value is not equal to number of packets transmitted" + when: (counters_value_result.stdout|int - counters_value_initial.stdout|int) != packets_sent|int + + # Use another dst address and make sure counter doesn't increase. + - name: Ping switch from host to another interface. + shell: ping -c {{ packets_sent|int }} {{ switch_if2_ip }} -I {{ ptf_host_if }} + delegate_to: "{{ ptf_host }}" + register: ping_result + failed_when: ping_result.rc == 0 + + - name: Wait for counters to update (it updates every 10 sec) ... + pause: + seconds: 10 + + - name: Read counters value. + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_name }}" Packets + register: counters_value_result + + - fail: msg="Counters value is not equal to number of packets transmitted. Used {{ table_name}} / {{ rule_name }}" + when: (counters_value_result.stdout|int - counters_value_initial.stdout|int) != packets_sent|int + + # Delete rule and check if config is deleted as well + - name: Delete L3-rule. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_rule_delete }} + + - name: Check if {{ rule_name}} data is removed from DBs. + vars: + table_name_check: "{{ table_name }}" + rule_name_check: "{{ rule_name }}" + expect_data: false + include: "{{ acl_check_db }}" + +#-------------------- +# MIRROR TRAFFIC TESTING. +#-------------------- + + - name: Create a mirror session. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_mirror_session }} + + - name: Create a mirror table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_mirror }} + + - name: Add neighbor. + shell: ip neigh add {{ switch_if1_ip }} lladdr 0e:9c:37:42:43:67 dev Ethernet0 + + - name: Add route. + shell: ip route add {{ dst_mirror_subnet }} via {{ switch_if1_ip }} + + - name: Create a rule within mirror table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_rule_mirror }} + + - name: Check that {{ mirror_rule_name }} data is written into DBs. + vars: + table_name_check: "{{ mirror_table_name }}" + rule_name_check: "{{ mirror_rule_name }}" + expect_data: true + expected_counter_value: 0 + include: "{{ acl_check_db }}" + + - name: Read initial counters value (before ping). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ mirror_table_name }}:{{ mirror_rule_name }}" Packets + register: counters_value_initial + + - name: Ping switch from host to check counters of mirror rule. + shell: ping -c {{ packets_sent|int }} {{ switch_if1_ip }} + delegate_to: "{{ ptf_host }}" + register: ping_result + failed_when: ping_result.rc != 0 + + - name: Wait for counters to update (it updates every 10 sec) ... + pause: + seconds: 10 + + - name: Read result counters value (after ping). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ mirror_table_name }}:{{ mirror_rule_name }}" Packets + register: counters_value_result + + - fail: msg="Counters value is not equal to number of packets transmitted" + when: (counters_value_result.stdout|int - counters_value_initial.stdout|int) != packets_sent|int + + - name: Delete mirror-rule. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_rule_mirror_delete }} + + - name: Check that {{ mirror_rule_name }} data is removed from DBs. + vars: + table_name_check: "{{ mirror_table_name }}" + rule_name_check: "{{ mirror_rule_name }}" + expect_data: false + include: "{{ acl_check_db }}" + + + # CLEANUP. + - name: Run config cleanup after {{ testname}} + include: "{{ run_config_cleanup }}" + +- always: + - name: Remove all the temporary files created by the test. + file: path="{{ run_dir }}/{{ item }}" state=absent + with_items: + - "{{ config_files }}" diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_mirror_session.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_mirror_session.json new file mode 100644 index 00000000000..17809a5cbf7 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_mirror_session.json @@ -0,0 +1,14 @@ +[ + { + "MIRROR_SESSION_TABLE:session1": { + "src_ip": "20.0.0.2", + "dst_ip": "2.2.2.4", + "gre_type": "0x6558", + "dscp": "50", + "ttl": "10", + "queue": "5" + }, + "OP": "SET" + } +] + diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule.json new file mode 100644 index 00000000000..501254cef38 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_config_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "20.0.0.1/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_delete.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_delete.json new file mode 100644 index 00000000000..25aa5051d6a --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_delete.json @@ -0,0 +1,7 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_config_rule": { + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror.json new file mode 100644 index 00000000000..3941897a0d9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table_mirror:acl_config_rule_mirror": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "20.0.0.1/24", + "MIRROR_ACTION" : "session1" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror_delete.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror_delete.json new file mode 100644 index 00000000000..41a6b985bb0 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror_delete.json @@ -0,0 +1,7 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table_mirror:acl_config_rule_mirror": { + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_l3.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_l3.json new file mode 100644 index 00000000000..50c5bf97fc4 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_l3.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_mirror.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_mirror.json new file mode 100644 index 00000000000..34913d823d0 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_mirror.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_mirror": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "MIRROR", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_input_test/acl_config_invalid.json b/ansible/roles/test/tasks/acl/acl_input_test/acl_config_invalid.json new file mode 100644 index 00000000000..0f2e2462ad6 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_input_test/acl_config_invalid.json @@ -0,0 +1,19 @@ +[ + { + "ACL_TABLE:555555739a2cc107": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + THIS IS A WRONG LINE + }, + { + "ACL_RULE_TABLE:555555739a2cc107:3f8a10ff": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_input_test/acl_config_valid.json b/ansible/roles/test/tasks/acl/acl_input_test/acl_config_valid.json new file mode 100644 index 00000000000..6a228f9da45 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_input_test/acl_config_valid.json @@ -0,0 +1,19 @@ +[ + { + "ACL_TABLE:555555739a2cc107": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:555555739a2cc107:3f8a10ff": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_input_test/acl_input_test.yml b/ansible/roles/test/tasks/acl/acl_input_test/acl_input_test.yml new file mode 100644 index 00000000000..431daa22bf1 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_input_test/acl_input_test.yml @@ -0,0 +1,45 @@ +# Tests json-file correctness. +# Syntax correctness analysis is performed by Orchagent. + +- include_vars: "{{ vars_files_location }}/acl_input_test_vars.yml" + +- name: Copy JSON configs onto switch + copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" + with_items: + - "{{ acl_config_valid }}" + - "{{ acl_config_invalid }}" + +- name: Copy JSON configs from switch into docker filesystem + command: docker cp "{{ run_dir }}/{{ item }}" orchagent:"{{ docker_testdir }}/{{ item }}" + with_items: + - "{{ acl_config_valid }}" + - "{{ acl_config_invalid }}" + +- block: + - name: Load valid JSON config. + command: docker exec -i orchagent swssconfig "{{ docker_testdir }}/{{ acl_config_valid }}" + register: valid_config_upload + failed_when: valid_config_upload.rc != 0 + + - name: Load invalid JSON config and check that errors returned. + command: docker exec -i orchagent swssconfig "{{ docker_testdir }}/{{ acl_config_invalid }}" + register: invalid_config_upload + failed_when: invalid_config_upload.rc == 0 + + always: + + # Print appropriate message, so user can see what exactly went wrong. + - fail: msg="swssconfig - failed to upload {{ acl_config_valid }}" + when: valid_config_upload.rc != 0 + + - fail: msg="swssconfig - no error caught when uploading {{ acl_config_invalid }}" + when: invalid_config_upload.rc == 0 + + - name: Do configuration cleanup. + include: "{{ run_config_cleanup }}" + + - name: Remove all the files created by test. + file: path="{{ run_dir }}/{{ item }}" state=absent + with_items: + - "{{ acl_config_valid }}" + - "{{ acl_config_invalid }}" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/acl_orchagent_logic_test.yml b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/acl_orchagent_logic_test.yml new file mode 100644 index 00000000000..a97852c467d --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/acl_orchagent_logic_test.yml @@ -0,0 +1,633 @@ +#---------------------------------------------- +# SYNTAX- AND DELETE-TESTING FOR ORCHAGENT. +#---------------------------------------------- + +- include_vars: "{{ vars_files_location }}/acl_orchagent_logic_test_vars.yml" + +- name: Copy JSON configs onto switch. + copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" + with_items: + - "{{ config_files }}" + +- name: Copy JSON configs from switch into docker filesystem. + command: docker cp "{{ run_dir }}/{{ item }}" orchagent:{{ docker_testdir }}/{{ item }} + with_items: + - "{{ config_files }}" + +#---------------------------------------------------------------------------------- +# Syntax-test uploads different valid and invalid configs +# with correct and incorrect fields and values, and checks for the error-messages +# in a log file. +#---------------------------------------------------------------------------------- + +#----------------------------------------- +# TABLES TESTING +#----------------------------------------- + +- block: + - name: Table test - invalid table type. + vars: + config_file: "{{ config_table_type_invalid_1 }}" + test_expect_file: "{{ config_table_type_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Table test - invalid table type. + vars: + config_file: "{{ config_table_type_invalid_2 }}" + test_expect_file: "{{ config_table_type_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Table test - invalid physical port. + vars: + config_file: "{{ config_port_invalid_1 }}" + test_expect_file: "{{ config_port_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Table test - invalid physical port. + vars: + config_file: "{{ config_port_invalid_2 }}" + test_expect_file: "{{ config_port_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Table test - invalid extra field. + vars: + config_file: "{{ config_extra_field_invalid }}" + test_expect_file: "{{ config_extra_field_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + # Check return code from swssconfig + - name: Table test - invalid operation applied for table ("OP" field). + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_operation_invalid_1 }} + register: invalid_oper_1 + failed_when: invalid_oper_1.rc == 0 + + - name: Table test - invalid operation applied for table ("OP" field). + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_operation_invalid_2 }} + register: invalid_oper_2 + failed_when: invalid_oper_2.rc == 0 + + - name: Run config cleanup after. + include: "{{ run_config_cleanup }}" +#----------------------------------------- +# test duplicate table creation +#----------------------------------------- + - name: Create L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Create duplicate L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_table_type_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_config_test }}" + +#------------------------------------------ +# RULES TESTING +#------------------------------------------ + + - name: Create L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid priority value. + vars: + config_file: "{{ config_priority_invalid_1 }}" + test_expect_file: "{{ config_priority_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid priority value. + vars: + config_file: "{{ config_priority_invalid_2 }}" + test_expect_file: "{{ config_priority_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - max priority value. + vars: + config_file: "{{ config_priority_valid_max }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: true + include: "{{ run_config_test }}" + +#---------------------------------------------- +# ETHER_TYPE +#---------------------------------------------- + - name: Create L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - valid ether type. + vars: + config_file: "{{ config_ether_type_valid_1 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - valid ether type. + vars: + config_file: "{{ config_ether_type_valid_2 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid ether type. + vars: + config_file: "{{ config_ether_type_invalid_1 }}" + test_expect_file: "{{ config_ether_type_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid ether type. + vars: + config_file: "{{ config_ether_type_invalid_2 }}" + test_expect_file: "{{ config_ether_type_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_config_test }}" + +#---------------------------------------------- +# IP TYPE +#---------------------------------------------- + - name: Create L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid ip type. + vars: + config_file: "{{ config_ip_type_invalid_1 }}" + test_expect_file: "{{ config_ip_type_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid ip type. + vars: + config_file: "{{ config_ip_type_invalid_2 }}" + test_expect_file: "{{ config_ip_type_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid ip type. + vars: + config_file: "{{ config_ip_type_valid_1 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - valid ip type. + vars: + config_file: "{{ config_ip_type_valid_2 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: true + include: "{{ run_config_test }}" + +#---------------------------------------------- +# IP PROTO +#---------------------------------------------- + + - name: Create L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - valid IP protocol. + vars: + config_file: "{{ config_ip_proto_valid_1 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - valid IP protocol. + vars: + config_file: "{{ config_ip_proto_valid_2 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid IP protocol. + vars: + config_file: "{{ config_ip_proto_invalid_1 }}" + test_expect_file: "{{ config_ip_proto_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid IP protocol. + vars: + config_file: "{{ config_ip_proto_invalid_2 }}" + test_expect_file: "{{ config_ip_proto_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_config_test }}" + +#---------------------------------------------- +# IP ADDRESS +#---------------------------------------------- + - name: Create L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - valid IP address. + vars: + config_file: "{{ config_ip_addr_valid_1 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - valid IP address. + vars: + config_file: "{{ config_ip_addr_valid_2 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid IP address. + vars: + config_file: "{{ config_ip_addr_invalid_1 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid IP address. + vars: + config_file: "{{ config_ip_addr_invalid_2 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid IP address. + vars: + config_file: "{{ config_ip_addr_invalid_3 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid IP address. + vars: + config_file: "{{ config_ip_addr_invalid_4 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid IP address. + vars: + config_file: "{{ config_ip_addr_invalid_5 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid IP address. + vars: + config_file: "{{ config_ip_addr_invalid_6 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid IP address. + vars: + config_file: "{{ config_ip_addr_invalid_7 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_config_test }}" + +#---------------------------------------------- +# TCP FLAGS +#---------------------------------------------- + + - name: Create L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + run_cleanup: false + errors_expected: false + include: "{{ run_config_test }}" + + - name: Rule test - valid TCP flags. + vars: + config_file: "{{ config_tcp_flags_valid_1 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - valid TCP flags. + vars: + config_file: "{{ config_tcp_flags_valid_2 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid TCP flags. + vars: + config_file: "{{ config_tcp_flags_invalid_1 }}" + test_expect_file: "{{ config_tcp_flags_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid TCP flags. + vars: + config_file: "{{ config_tcp_flags_invalid_2 }}" + test_expect_file: "{{ config_tcp_flags_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_config_test }}" + +#---------------------------------------------- +# L4 port +#---------------------------------------------- + + - name: Create L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - valid L4 port. + vars: + config_file: "{{ config_l4_port_valid }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid L4 port. + vars: + config_file: "{{ config_l4_port_invalid_1 }}" + test_expect_file: "{{ config_l4_port_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid L4 port. + vars: + config_file: "{{ config_l4_port_invalid_2 }}" + test_expect_file: "{{ config_l4_port_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid L4 port. + vars: + config_file: "{{ config_l4_port_invalid_3 }}" + test_expect_file: "{{ config_l4_port_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_config_test }}" + +#---------------------------------------------- +# Packet action +#---------------------------------------------- + + - name: Create L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - valid packet action. + vars: + config_file: "{{ config_packet_action_valid }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid packet action. + vars: + config_file: "{{ config_packet_action_invalid_1 }}" + test_expect_file: "{{ config_packet_action_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid packet action. + vars: + config_file: "{{ config_packet_action_invalid_2 }}" + test_expect_file: "{{ config_packet_action_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - dscp in L3 table. + vars: + config_file: "{{ config_dscp_in_l3_table }}" + test_expect_file: "{{ config_dscp_in_l3_table_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - empty rule with no expectes. + vars: + config_file: "{{ config_rule_empty_invalid }}" + test_expect_file: "{{ config_rule_empty_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - create rule in non-existing table. + vars: + config_file: "{{ config_rule_in_non_existing_table }}" + test_expect_file: "{{ config_rule_in_non_existing_table_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_config_test }}" + +#---------------------------------------------- +# test duplicate rule creation +#---------------------------------------------- + - name: Create L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - valid rule. + vars: + config_file: "{{ config_rule }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + # Duplicate rule! + - name: Rule test - duplicate rule creation. + vars: + config_file: "{{ config_rule }}" + test_expect_file: "{{ config_duplicate_rule_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_config_test }}" + + +#---------------------------------------------------------------------------------- +#---------------------------------------------------------------------------------- +# Delete-test uploads different valid and invalid configs with OP: "DEL" and checks for the errors. +# +# Basic flow: +# 1) Load valid ACL config, which creates table with rule (it's trusted config, so we don't check for errors). +# 2) Upload some valid ACL configs with OP: "DEL". No errors should appear. +# 3) Upload some invalid ACL config OP: "DEL" which tries to remove non-existing object. +# Error messages should appear. +#---------------------------------------------------------------------------------- +#---------------------------------------------------------------------------------- + + # Prepare valid config: create ACL table. + - name: Create L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + # Prepare valid config: create ACL rule. + - name: Create a rule inside of ACL table (which is created previously). + vars: + config_file: "{{ config_rule }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + # Invalid table deletion: try to delete existing table that contains rules. + - name: Try to delete existing table with rules (errors expected). + vars: + config_file: "{{ config_del_table_with_rules }}" + test_expect_file: "{{ config_del_table_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + # Valid rule deletion. + - name: Delete an existing rule test. + vars: + config_file: "{{ config_del_rule_valid }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + # Valid table deletion. + - name: Delete an existing table test. + vars: + config_file: "{{ config_del_table_valid }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: true + include: "{{ run_config_test }}" + + # Prepare valid config: create ACL table. + - name: Create L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + # Delete non-existing rule from existing table. + - name: Delete non-existing rule test. + vars: + config_file: "{{ config_del_rule_non_existing }}" + test_expect_file: "{{ config_del_rule_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Delete non-existing table test. + vars: + config_file: "{{ config_del_table_non_existing }}" + test_expect_file: "{{ config_del_table_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_config_test }}" + + + # Prepare valid config: create ACL table. + - name: Create L3 table. + vars: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + # delete table with different fields provided + - name: Delete table with different fields provided. + vars: + config_file: "{{ config_del_table_diff_fields }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: true + include: "{{ run_config_test }}" + + always: + - name: Remove all the temporary files created by the test. + file: path="{{ run_dir }}/{{ item }}" state=absent + with_items: + - "{{ config_files }}" + diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_expect_file new file mode 100644 index 00000000000..8127786da00 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_expect_file @@ -0,0 +1 @@ +r, ".*Failed to delete.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_non_existing.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_non_existing.json new file mode 100644 index 00000000000..51726172541 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_non_existing.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:non_existing_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_valid.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_valid.json new file mode 100644 index 00000000000..92a35b2d133 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_valid.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_diff_fields.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_diff_fields.json new file mode 100644 index 00000000000..c9d38a66d61 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_diff_fields.json @@ -0,0 +1,9 @@ +[ + { + "ACL_TABLE:acl_test_table": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "ports" : "Ethernet4" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_expect_file new file mode 100644 index 00000000000..05f86272d21 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_expect_file @@ -0,0 +1 @@ +r, ".*Failed to delete.*table.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_non_existing.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_non_existing.json new file mode 100644 index 00000000000..7a401bbb6a4 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_non_existing.json @@ -0,0 +1,7 @@ +[ + { + "ACL_TABLE:non_existing_table": { + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_valid.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_valid.json new file mode 100644 index 00000000000..4fd99c3cf76 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_valid.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_with_rules.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_with_rules.json new file mode 100644 index 00000000000..4fd99c3cf76 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_with_rules.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table.json new file mode 100644 index 00000000000..e93302b550f --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table.json @@ -0,0 +1,12 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_dscp_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD", + "dscp" : "0xFF" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_duplicate_rule_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_duplicate_rule_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_duplicate_rule_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_empty_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_empty_expect_file new file mode 100644 index 00000000000..e69de29bb2d diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_expect_file new file mode 100644 index 00000000000..820e6566073 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule. Rule configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_1.json new file mode 100644 index 00000000000..4ee6610ffdd --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "ETHER_TYPE" : "hello_world" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_2.json new file mode 100644 index 00000000000..dc0f6fe4507 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "ETHER_TYPE" : "0xABADDD" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_1.json new file mode 100644 index 00000000000..9e849fc5bd3 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "ether_type" : "0xABAC" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_2.json new file mode 100644 index 00000000000..32d9d85a3e9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "ETHER_TYPE" : "100" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_expect_file new file mode 100644 index 00000000000..d26dd1569b2 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_expect_file @@ -0,0 +1,2 @@ +r, ".*Unknown table attribute.*" +r, ".* Failed to create.*table. Table configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_invalid.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_invalid.json new file mode 100644 index 00000000000..ed47c3df7dc --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_invalid.json @@ -0,0 +1,11 @@ +[ + { + "ACL_TABLE:acl_test_table_extra_field": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "L3", + "ports" : "Ethernet0", + "GATEWAY" : "DEFAULT_GATEWAY" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_1.json new file mode 100644 index 00000000000..66524546ab2 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "150.-1.5.6/25" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_2.json new file mode 100644 index 00000000000..4e6e0ec269b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "150.1.5.6/-25" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_3.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_3.json new file mode 100644 index 00000000000..40532f9c54b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_3.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_3": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "1111.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_4.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_4.json new file mode 100644 index 00000000000..47a0131893c --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_4.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_4": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "hello_world" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_5.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_5.json new file mode 100644 index 00000000000..3ff5ae28e88 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_5.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_5": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "abc.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_6.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_6.json new file mode 100644 index 00000000000..fe83ae3647e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_6.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_6": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "20.0.4.5.55.4/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_7.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_7.json new file mode 100644 index 00000000000..e014fd5d866 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_7.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_7": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "fe80:90000:0:0:200:f8ff:fe21:67cf/64" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_1.json new file mode 100644 index 00000000000..604d3310792 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_2.json new file mode 100644 index 00000000000..08950defe7d --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "fe80:0:0:0:200:f8ff:fe21:67cf/64" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_expect_file new file mode 100644 index 00000000000..9a64908d671 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_expect_file @@ -0,0 +1 @@ +r, ".* Failed to create.*rule. Rule configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_1.json new file mode 100644 index 00000000000..73fb711767b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_PROTOCOL" : "0x100" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_2.json new file mode 100644 index 00000000000..ce32c6e0809 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_PROTOCOL" : "IAMJONNY" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_1.json new file mode 100644 index 00000000000..ba337ebfbf2 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_PROTOCOL" : "0x6" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_2.json new file mode 100644 index 00000000000..24695d84ea3 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_PROTOCOL" : "0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_expect_file new file mode 100644 index 00000000000..c231f631a36 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_expect_file @@ -0,0 +1,2 @@ +r, ".*Failed to create.*rule. Rule configuration is invalid" +r, ".*Failed to create entry.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_1.json new file mode 100644 index 00000000000..2750684d247 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_TYPE" : "4" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_2.json new file mode 100644 index 00000000000..6e310717387 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_TYPE" : "IPv8ANY" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_1.json new file mode 100644 index 00000000000..baf6b53bdfa --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_TYPE" : "IPv6ANY" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_2.json new file mode 100644 index 00000000000..b99a59b292b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_TYPE" : "IPv4ANY" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_1.json new file mode 100644 index 00000000000..b6859929b17 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT" : "-65000" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_2.json new file mode 100644 index 00000000000..97e47bf8ed5 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT" : "hello_world" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_3.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_3.json new file mode 100644 index 00000000000..7a4a6bbdd07 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_3.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_3": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT" : "67000" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_valid.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_valid.json new file mode 100644 index 00000000000..a0b0219a687 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_valid.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT" : "65000" + }, + "OP": "SET" + } +] \ No newline at end of file diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_1.json new file mode 100644 index 00000000000..e3dca29431b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_operation_invalid_1": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET_SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_2.json new file mode 100644 index 00000000000..971c1c5d4d5 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_operation_invalid_2": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_expect_file new file mode 100644 index 00000000000..820e6566073 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule. Rule configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_1.json new file mode 100644 index 00000000000..b674ce46ffa --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "DRIVE", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_2.json new file mode 100644 index 00000000000..c70c9dd4959 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "100", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_valid.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_valid.json new file mode 100644 index 00000000000..d7686e6dd60 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_valid.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule": { + "priority" : "55", + "PACKET_ACTION" : "DROP", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_expect_file new file mode 100644 index 00000000000..d9b40c912f8 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*table. Table configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_1.json new file mode 100644 index 00000000000..b87156ce34d --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_port_invalid_1": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "L3", + "ports" : "Ethernet9000" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_2.json new file mode 100644 index 00000000000..50ddfd69fb1 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_port_invalid_2": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "L3", + "ports" : "Ethernet 88" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_expect_file new file mode 100644 index 00000000000..820e6566073 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule. Rule configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_1.json new file mode 100644 index 00000000000..c985ba6ec17 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "-1", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_2.json new file mode 100644 index 00000000000..725b758cf19 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "very_low", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_valid_max.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_valid_max.json new file mode 100644 index 00000000000..968c23b25f2 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_valid_max.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_max": { + "priority" : "16000", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule.json new file mode 100644 index 00000000000..a153d8c57bd --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty.json new file mode 100644 index 00000000000..91b36c78cd6 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty.json @@ -0,0 +1,7 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_empty_rule": { + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty_expect_file new file mode 100644 index 00000000000..9c677dcdd15 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table.json new file mode 100644 index 00000000000..f3e70d5f55c --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:NON_EXISTING_TABLE:acl_test_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_expect_file new file mode 100644 index 00000000000..d9b40c912f8 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*table. Table configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_1.json new file mode 100644 index 00000000000..d87b68d7614 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_type_invalid_1": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "L10", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_2.json new file mode 100644 index 00000000000..b9c7b468ff9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_type_invalid_2": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "FORWARD", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_l3.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_l3.json new file mode 100644 index 00000000000..50c5bf97fc4 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_l3.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_1.json new file mode 100644 index 00000000000..88d0e525a9e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "TCP_FLAGS" : "IAMJONNY" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_2.json new file mode 100644 index 00000000000..9a8e9b652af --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "TCP_FLAGS" : "0xFAAAAAA" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_1.json new file mode 100644 index 00000000000..1fc8c396df9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "TCP_FLAGS" : "FA" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_2.json new file mode 100644 index 00000000000..92c8685318b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "TCP_FLAGS" : "0xFA" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/acl_port_bind_test.yml b/ansible/roles/test/tasks/acl/acl_port_bind_test/acl_port_bind_test.yml new file mode 100644 index 00000000000..250b4360666 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/acl_port_bind_test.yml @@ -0,0 +1,54 @@ +#----------------------------------------- +# Port bind testing. +#----------------------------------------- + +- include_vars: "{{ vars_files_location }}/acl_port_bind_test_vars.yml" + +- name: Copy JSON configs onto switch. + copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" + with_items: + - "{{ config_files }}" + +- name: Copy JSON configs from switch into docker filesystem. + command: docker cp "{{ run_dir }}/{{ item }}" orchagent:{{ docker_testdir }}/{{ item }} + with_items: + - "{{ config_files }}" + +- block: + - name: Run test test with unknown port. + vars: + config_file: "{{ config_bind_unknown_port }}" + test_expect_file: "{{ config_bind_unknown_port_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_config_test }}" + + - name: Run test with duplicate port. + vars: + config_file: "{{ config_bind_duplicate_port }}" + test_expect_file: "{{ config_bind_duplicate_port_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_config_test }}" + + - name: Run test with valid port. + vars: + config_file: "{{ config_bind_valid_port }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Run test to unbind port. + vars: + config_file: "{{ config_unbind_port }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: true + include: "{{ run_config_test }}" + + always: + - name: Remove all the temporary created by the test. + file: path="{{ run_dir }}/{{ item }}" state=absent + with_items: + - "{{ config_files }}" diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port.json b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port.json new file mode 100644 index 00000000000..cdc5de73a76 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:port_bind_test": { + "policy_desc" : "Table_for_ACL_port_bind_test", + "type" : "L3", + "ports" : "Ethernet0,Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port_expect_file b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port_expect_file new file mode 100644 index 00000000000..7e2f78a4918 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port_expect_file @@ -0,0 +1 @@ +r, ".*Failed to process port list. Duplicate port entry." diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port.json b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port.json new file mode 100644 index 00000000000..d5133362b96 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:port_bind_test": { + "policy_desc" : "Table_for_ACL_port_bind_test", + "type" : "L3", + "ports" : "UnknownPort1,UnknownPort2" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port_expect_file b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port_expect_file new file mode 100644 index 00000000000..bdbf5d43c4e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port_expect_file @@ -0,0 +1,5 @@ +#s, "33333333333333333333" +# match repeating characters aaa, bbbb, etc. +#r, "(\w)\1*" +# +r, ".*Failed to process port. Port .* doesn't exist" diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_valid_port.json b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_valid_port.json new file mode 100644 index 00000000000..01fd351a93b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_valid_port.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:port_bind_test": { + "policy_desc" : "Table_for_ACL_port_bind_test", + "type" : "L3", + "ports" : "Ethernet0,Ethernet4" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_empty_expect_file b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_empty_expect_file new file mode 100644 index 00000000000..e69de29bb2d diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_unbind_port.json b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_unbind_port.json new file mode 100644 index 00000000000..10059303703 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_unbind_port.json @@ -0,0 +1,7 @@ +[ + { + "ACL_TABLE:port_bind_test": { + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml b/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml new file mode 100644 index 00000000000..ec61a865b4e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml @@ -0,0 +1,349 @@ +#---------------------------------------------- +# L4 PORT RANGE TESTING. +# This script performs both traffic and configuration testing. +# +# It includes: +# 1) Testing of the valid configuration (both L3 and mirror) +# 2) Testing of the invalid configuration (L3) +# 3) Testing of the deleting configuration (L3) +# 4) Traffic testing (L3) +#---------------------------------------------- + +- fail: msg="Please set ptf_host variable" + when: ptf_host is not defined + +- fail: msg="Please set ptf_host_if variable (interface that host is connected to switch)" + when: ptf_host_if is not defined + +- fail: msg="Please set switch_if variable (interface that switch is connected to host)" + when: switch_if is not defined + +- include_vars: "{{ vars_files_location }}/acl_port_range_test_vars.yml" + +- name: Copy JSON configs onto switch. + copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" + with_items: + - "{{ config_files }}" + +- name: Copy JSON configs from switch into docker filesystem. + command: docker cp "{{ run_dir }}/{{ item }}" orchagent:{{ docker_testdir }}/{{ item }} + with_items: + - "{{ config_files }}" + +#----------------- START TESTING ---------------------------- +- block: + + #---------------------------------------------- + # CONFIG TESTING. + #---------------------------------------------- + #-------------------------------- + # Valid configuration testing + #-------------------------------- + + # L3 table testing. + - name: Create an L3 table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }} + + - name: Rule test - valid port range on L3 table. + vars: + config_file: "{{ config_l4_port_range_1_on_l3_table }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - block: + - name: See that Redis DB has got an appropriate field. + shell: docker exec -i database redis-cli -n 1 KEYS \* | grep SAI_OBJECT_TYPE_ACL_RANGE + register: grep + failed_when: grep.rc != 0 + + always: + - fail: msg="Redis DB has NOT got an appropriate field for rule (config file used - {{ config_l4_port_range_1_on_l3_table }})" + when: grep.rc != 0 + + - name: Rule test - put L4_DST_RANGE and L4_SRC_RANGE into one rule. + vars: + config_file: "{{ config_l4_port_range_2_on_l3_table }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Run config cleanup after. + include: "{{ run_config_cleanup }}" + + # Mirror table and rule testing. + - name: Create a mirror session. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_mirror_session }} + + - name: Create a mirror table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_mirror }} + + - name: Add neighbor. + shell: ip neigh add {{ switch_if_ip }} lladdr 0e:9c:37:42:43:67 dev {{ switch_if }} + + - name: Add route. + shell: ip route add {{ dst_mirror_subnet }} via {{ switch_if_ip }} + + - name: Rule test - valid port range on mirror table. + vars: + config_file: "{{ config_l4_port_range_on_mirror_table }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - block: + - name: See that Redis DB has got an appropriate field. + shell: docker exec -i database redis-cli -n 1 KEYS \* | grep SAI_OBJECT_TYPE_ACL_RANGE + register: grep + failed_when: grep.rc != 0 + + always: + - fail: msg="Redis DB has NOT got an appropriate field for rule (config file used - {{ config_l4_port_range_on_mirror_table }})" + when: grep.rc != 0 + + - name: Run config cleanup after. + include: "{{ run_config_cleanup }}" + + #-------------------------------- + # Invalid configuration testing (valid L3 table + invalid rules). + #-------------------------------- + - name: Create an L3 table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }} + + - name: Rule test - negative numbers used in range. + vars: + config_file: "{{ config_l4_port_range_invalid_1 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - boundaries reversed. + vars: + config_file: "{{ config_l4_port_range_invalid_2 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - port out of range. + vars: + config_file: "{{ config_l4_port_range_invalid_3 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - invalid syntax used in range. + vars: + config_file: "{{ config_l4_port_range_invalid_4 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - two ranges in rule, both matching source port. + vars: + config_file: "{{ config_l4_port_range_invalid_5 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - two ranges in rule, both matching destination port. + vars: + config_file: "{{ config_l4_port_range_invalid_6 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - three valid ranges in one rule (error case). + vars: + config_file: "{{ config_l4_port_range_invalid_7 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + include: "{{ run_config_test }}" + + - name: Rule test - 17 valid rules (syncd might crash). + vars: + config_file: "{{ config_l4_port_range_invalid_8 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - block: + - name: See that Redis-DB has NOT got an appropriate field. + shell: docker exec -i database redis-cli -n 1 KEYS \* | grep SAI_OBJECT_TYPE_ACL_RANGE + register: grep + failed_when: grep.rc == 0 + + always: + - fail: msg="Redis-DB has got data about invalid rule" + when: grep.rc == 0 + +#-------------------------------- +# Test the configuration deleting. +#-------------------------------- + - name: Create an L3 table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }} + + - name: Create the rule with limited port range permitted (1028 - 4096). + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_l4_limited_port_range }} + + - name: Delete rule test - rule with port range. + vars: + config_file: "{{ config_delete_limited_port_range }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - block: + - name: See that Redis-DB has NOT got an appropriate field. + shell: docker exec -i database redis-cli -n 1 KEYS \* | grep SAI_OBJECT_TYPE_ACL_RANGE + register: grep + failed_when: grep.rc == 0 + + always: + - fail: msg="Redis-DB has got data about deleted rule (config file used - {{ config_delete_limited_port_range }})" + when: grep.rc == 0 + + # Try to delete the same rule, but use another port range in delete-json. + # This should not make any difference, so we dont expect any errors. + - name: Create the rule with limited port range permitted (1028 - 4096). + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_l4_limited_port_range }} + + - name: Delete rule test - rule with port range. + vars: + config_file: "{{ config_delete_different_port_range }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + include: "{{ run_config_test }}" + + - block: + - name: See that Redis-DB has NOT got an appropriate field. + shell: docker exec -i database redis-cli -n 1 KEYS \* | grep SAI_OBJECT_TYPE_ACL_RANGE + register: grep + failed_when: grep.rc == 0 + + always: + - fail: msg="Redis-DB has got data about deleted rule (config file used - {{ config_delete_different_port_range }})" + when: grep.rc == 0 + + #---------------------------------------------- + # TRAFFIC TESTING. + #---------------------------------------------- + + - block: + - name: Initialize loganalizer. Put start marker to log file. + vars: + test_expect_file: "{{ config_empty_expect }}" + loganalyzer_run_init: true + loganalyzer_run_analyze: false + include: "{{ run_loganalyzer }}" + + - name: Set host interface IP address. + shell: ifconfig {{ ptf_host_if }} {{ ptf_host_if_ip }}/24 + delegate_to: "{{ ptf_host }}" + + - name: Create target directory + file: path={{ host_testdir }} state=directory + delegate_to: "{{ ptf_host }}" + + - name: Copy PTF tests + copy: src="roles/test/files/acstests/{{ item }}" dest="{{ host_testdir }}/{{ item }}" + with_items: + - "acl_port_range_traffic_test.py" + - "acs_base_test.py" + delegate_to: "{{ ptf_host }}" + + - name: Create an L3 table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }} + + - name: Create the rule with limited port range permitted (1028 - 4096). + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_l4_limited_port_range }} + + # Sending packets with L4 port permitted (counters value should be increased). + - name: Read initial counters value (before sending packets). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_limited_port_range_name }}" Packets + register: counters_value_initial + - debug: var="counters_value_initial.stdout|int" + + - name: Send TCP packets with permitted L4 port (2100). + shell: python2.7 /root/ptf/ptf --test-dir . acl_port_range_traffic_test.SendTCP --interface 0@{{ ptf_host_if }} \ + --test-params="count={{ packets_sent|int }}; port_number=2100" + args: + chdir: "{{ host_testdir }}" + register: ptfrc + failed_when: ptfrc.rc != 0 + delegate_to: "{{ ptf_host }}" + + - name: Wait for counters to update (it updates every 10 sec) ... + pause: + seconds: 10 + + - name: Read result counters value (after sending packets). + command: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_limited_port_range_name }}" Packets + register: counters_value_result + - debug: var="counters_value_result.stdout|int" + + - fail: msg="Counters value is not equal to number of packets transmitted" + when: (counters_value_result.stdout|int - counters_value_initial.stdout|int) != packets_sent|int + + # Sending packets with L4 port forbidden (counters value should NOT be increased). + - name: Read initial counters value (before sending packets). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_limited_port_range_name }}" Packets + register: counters_value_initial + - debug: var="counters_value_initial.stdout|int" + + - name: Send TCP packets with forbidden L4 port (80). + shell: python2.7 /root/ptf/ptf --test-dir . acl_port_range_traffic_test.SendTCP --interface 0@{{ ptf_host_if }} \ + --test-params="count={{ packets_sent|int }}; port_number=80" + args: + chdir: "{{ host_testdir }}" + register: ptfrc + failed_when: ptfrc.rc != 0 + delegate_to: "{{ ptf_host }}" + + - name: Wait for counters to update (it updates every 10 sec) ... + pause: + seconds: 10 + + - name: Read result counters value (after sending packets). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_limited_port_range_name }}" Packets + register: counters_value_result + - debug: var="counters_value_result.stdout|int" + + - fail: msg="Counters value was increased while it shouldn't have been" + when: (counters_value_result.stdout|int - counters_value_initial.stdout|int) != 0 + + always: + - name: Run analyze-phase and check if no errors occured. + vars: + test_expect_file: "{{ config_empty_expect }}" + loganalyzer_run_analyze: true + loganalyzer_run_init: false + include: "{{ run_loganalyzer }}" + + always: + - name: Remove all the temporary files from switch. + file: path="{{ run_dir }}/{{ item }}" state=absent + with_items: + - "{{ config_files }}" + + - name: Remove all the temporary files from host. + file: path="{{ host_testdir }}/{{ item }}" state=absent + with_items: + - "acl_port_range_traffic_test.py" + - "acs_base_test.py" + delegate_to: "{{ ptf_host }}" + + - name: Run config cleanup after {{ testname}} + include: "{{ run_config_cleanup }}" diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_different_port_range.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_different_port_range.json new file mode 100644 index 00000000000..e8944f1c291 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_different_port_range.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_limited_range": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "9000-10100" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_limited_port_range.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_limited_port_range.json new file mode 100644 index 00000000000..0f7e28720f5 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_limited_port_range.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_limited_range": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_empty_expect_file b/ansible/roles/test/tasks/acl/acl_port_range_test/config_empty_expect_file new file mode 100644 index 00000000000..e69de29bb2d diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_full_port_range.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_full_port_range.json new file mode 100644 index 00000000000..6024c4f1935 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_full_port_range.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_full_range": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "0-65535" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_limited_port_range.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_limited_port_range.json new file mode 100644 index 00000000000..09ddd679dcd --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_limited_port_range.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_limited_port_range": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_1_on_l3_table.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_1_on_l3_table.json new file mode 100644 index 00000000000..7b6e2cad631 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_1_on_l3_table.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_full_range": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "0-1028" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_2_on_l3_table.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_2_on_l3_table.json new file mode 100644 index 00000000000..d10f18ae299 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_2_on_l3_table.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_full_range": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "0-1028", + "L4_DST_PORT_RANGE" : "0-1028" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_expect_file b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_1.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_1.json new file mode 100644 index 00000000000..0a89efebb8a --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "-1-0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_2.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_2.json new file mode 100644 index 00000000000..b8949a42479 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "5770-1010" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_3.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_3.json new file mode 100644 index 00000000000..5c925d0493b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_3.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_3": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1-65536" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_4.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_4.json new file mode 100644 index 00000000000..2fd23050fed --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_4.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_4": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "IAMJONNY-100" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_5.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_5.json new file mode 100644 index 00000000000..7816c355717 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_5.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_5": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1-100", + "L4_SRC_PORT_RANGE" : "256-1028" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_6.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_6.json new file mode 100644 index 00000000000..bfec0ef48ed --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_6.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_6": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_DST_PORT_RANGE" : "1-100", + "L4_DST_PORT_RANGE" : "256-1028" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_7.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_7.json new file mode 100644 index 00000000000..1cea05d13f9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_7.json @@ -0,0 +1,12 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_7": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_DST_PORT_RANGE" : "1-100", + "L4_SRC_PORT_RANGE" : "256-1024", + "L4_DST_PORT_RANGE" : "2048-2512" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_8.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_8.json new file mode 100644 index 00000000000..757c0a44abf --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_8.json @@ -0,0 +1,138 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_3": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_4": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_5": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_6": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_7": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_8": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_9": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_10": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_11": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_12": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_13": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_14": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_15": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_16": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_17": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_on_mirror_table.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_on_mirror_table.json new file mode 100644 index 00000000000..41aed469ac4 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_on_mirror_table.json @@ -0,0 +1,12 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table_mirror:acl_test_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "20.0.0.1/24", + "MIRROR_ACTION" : "test_session", + "L4_SRC_PORT_RANGE" : "0-1028" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_mirror_session.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_mirror_session.json new file mode 100644 index 00000000000..403af08b05e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_mirror_session.json @@ -0,0 +1,14 @@ +[ + { + "MIRROR_SESSION_TABLE:test_session": { + "src_ip": "20.0.0.2", + "dst_ip": "2.2.2.4", + "gre_type": "0x6558", + "dscp": "50", + "ttl": "10", + "queue": "5" + }, + "OP": "SET" + } +] + diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_rule_mirror.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_rule_mirror.json new file mode 100644 index 00000000000..3941897a0d9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_rule_mirror.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table_mirror:acl_config_rule_mirror": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "20.0.0.1/24", + "MIRROR_ACTION" : "session1" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_l3.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_l3.json new file mode 100644 index 00000000000..50c5bf97fc4 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_l3.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_mirror.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_mirror.json new file mode 100644 index 00000000000..34913d823d0 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_mirror.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_mirror": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "MIRROR", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/acl_traffic_test.yml b/ansible/roles/test/tasks/acl/acl_traffic_test/acl_traffic_test.yml new file mode 100644 index 00000000000..543ee4f73fa --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/acl_traffic_test.yml @@ -0,0 +1,108 @@ +#----------------------------------------- +# Perform ACL traffic tests +#----------------------------------------- + +- fail: msg="Please set ptf_host variable" + when: ptf_host is not defined + +- include_vars: "{{ vars_files_location }}/acl_traffic_test_vars.yml" + +- name: Copy JSON configs onto switch. + copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" + with_items: + - "{{ config_files }}" + +- name: Copy JSON configs from switch into docker filesystem. + command: docker cp "{{ run_dir }}/{{ item }}" orchagent:{{ docker_testdir }}/{{ item }} + with_items: + - "{{ config_files }}" + +- name: Create target directory + file: path={{ host_testdir }}/acstests state=directory + delegate_to: "{{ ptf_host }}" + +- name: Copy PTF tests + copy: src="roles/test/files/acstests/{{ item }}" dest="{{ host_testdir }}/acstests/{{ item }}" + with_items: + - "acl_tcp_test.py" + - "acs_base_test.py" + delegate_to: "{{ ptf_host }}" + +- block: + - name: ACL drop traffic by ether type test + vars: + config_file: "{{ config_traffic_drop_ether_ip }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_ping_test }}" + + - name: ACL drop traffic by source ip address test + vars: + config_file: "{{ config_traffic_drop_src_ip }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_ping_test }}" + + - name: ACL drop traffic by destination ip address test + vars: + config_file: "{{ config_traffic_drop_dst_ip }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_ping_test }}" + + - name: ACL drop traffic by ip prototype test + vars: + config_file: "{{ config_traffic_drop_ip_protocol }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_ping_test }}" + + - name: ACL drop traffic by ip type test + vars: + config_file: "{{ config_traffic_drop_ip_type }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_ping_test }}" + + - name: ACL drop traffic by tcp flags test + vars: + config_file: "{{ config_traffic_drop_priority }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: true + include: "{{ run_ping_test }}" + + - name: ACL drop traffic by destination l4 port test + vars: + config_file: "{{ config_traffic_drop_l4_dst_port }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_ptf_test }}" + + - name: ACL drop traffic by source l4 port test + vars: + config_file: "{{ config_traffic_drop_l4_src_port }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_ptf_test }}" + + - name: ACL drop traffic by tcp flags test + vars: + config_file: "{{ config_traffic_drop_tcp_flags }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + include: "{{ run_ptf_test }}" + + always: + - name: Remove all the temporary created by the test. + file: path="{{ run_dir }}/{{ item }}" state=absent + with_items: + - "{{ config_files }}" diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_empty_expect_file b/ansible/roles/test/tasks/acl/acl_traffic_test/config_empty_expect_file new file mode 100644 index 00000000000..e69de29bb2d diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_dst_ip.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_dst_ip.json new file mode 100644 index 00000000000..41b358f958c --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_dst_ip.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic_to_21.0.0.1", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "DST_IP" : "21.0.0.1/24", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ether_ip.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ether_ip.json new file mode 100644 index 00000000000..692939707f2 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ether_ip.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "ETHER_TYPE" : "0x800", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_protocol.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_protocol.json new file mode 100644 index 00000000000..fbfa2d9343f --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_protocol.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_ICMP_Traffic", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "IP_PROTOCOL" : "1", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_type.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_type.json new file mode 100644 index 00000000000..c6de2433b77 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_type.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_any_IPv4_Traffic", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "IP_TYPE" : "IPv4ANY", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_dst_port.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_dst_port.json new file mode 100644 index 00000000000..5207a52494c --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_dst_port.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic_to_l4_port", + "type" : "L3", + "ports" : "Ethernet0,Ethernet4" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "L4_DST_PORT" : "80", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_src_port.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_src_port.json new file mode 100644 index 00000000000..851129f9795 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_src_port.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic_from_l4_port", + "type" : "L3", + "ports" : "Ethernet0,Ethernet4" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "L4_SRC_PORT" : "80", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_priority.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_priority.json new file mode 100644 index 00000000000..81bde5608f5 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_priority.json @@ -0,0 +1,27 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "IP_TYPE" : "IPv4ANY", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheForward": { + "priority" : "66", + "IP_TYPE" : "IPv4ANY", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "SET" + } + +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_src_ip.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_src_ip.json new file mode 100644 index 00000000000..73e82b8a5da --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_src_ip.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic_from_21.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "SRC_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_tcp_flags.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_tcp_flags.json new file mode 100644 index 00000000000..4660eab80c9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_tcp_flags.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "TCP_FLAGS" : "0x02", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml new file mode 100644 index 00000000000..5278aaa6443 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml @@ -0,0 +1,42 @@ +#----------------------------------------- +# Execute ping and check the log. +#----------------------------------------- + +- include_vars: "{{ vars_files_location }}/run_ping_test_vars.yml" + +- block: + - name: Execute ping from host to switch to validate link + shell: ping {{ switch_ip1 }} -c 3 + register: pingrc + failed_when: pingrc.rc != 0 + delegate_to: "{{ ptf_host }}" + + - name: Start log analyser + include: "{{ loganalyzer_init }}" + + - name: Set ACL rules. + command: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_file }} + + - debug: msg="=== test json = {{ config_file }}" + + - name: Execute ping from host to switch + shell: ping {{ switch_ip1 }} -c 3 + register: pingrc + failed_when: (pingrc.rc != 0 and errors_expected == false) or (pingrc.rc == 0 and errors_expected == true) + delegate_to: "{{ ptf_host }}" + + always: + - name: Stop log analyser + include: "{{ loganalyzer_analyze }}" + + - name: Get the total number of error messages. + shell: grep "TOTAL MATCHES" "{{ test_out_dir }}/{{ summary_file }}" | sed -n "s/TOTAL MATCHES:[[:space:]]*//p" + register: errors_found + + - name: Check the number of error messages (positive tests only). + fail: msg="{{ errors_found.stdout }} errors found while running {{ testname }} / {{ config_file }}. Please see {{ test_out_dir }}/{{ result_file }}" + when: errors_found.stdout != "0" + + - name: Do configuration cleanup. + include: "{{ run_config_cleanup }}" + when: run_cleanup == true diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml new file mode 100644 index 00000000000..7006ff0926a --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml @@ -0,0 +1,62 @@ +#----------------------------------------- +# Send some TCP packets. +#----------------------------------------- + +- include_vars: "{{ vars_files_location }}/run_ptf_test_vars.yml" + +- block: + - name: Execute ping from host to switch to validate link + shell: ping {{ switch_ip1 }} -c 3 + register: pingrc + failed_when: pingrc.rc != 0 + delegate_to: "{{ ptf_host }}" + + - name: Execute ping from host2 to switch to validate link + shell: ping {{ switch_ip2 }} -c 3 + register: pingrc + failed_when: pingrc.rc != 0 + delegate_to: "{{ ptf_host2 }}" + + - name: Add route on host1 + shell: ip route add {{ subnet2 }} via {{ switch_ip1 }} + failed_when: false + delegate_to: "{{ ptf_host }}" + + - name: Add route on host2 + shell: ip route add {{ subnet1 }} via {{ switch_ip2 }} + failed_when: false + delegate_to: "{{ ptf_host2 }}" + + - name: Start log analyser + include: "{{ loganalyzer_init }}" + + - name: Set ACL rules. + command: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_file }} + + - debug: msg="======================= PTF TEST ==========================" + + - name: Send some TCP packets + shell: ptf --test-dir acstests acl_tcp_test.SendTCP --interface 0@eth2 + args: + chdir: "{{ host_testdir }}" + register: ptfrc + failed_when: (ptfrc.rc != 0 and errors_expected == false) or (ptfrc.rc == 0 and errors_expected == true) + delegate_to: "{{ ptf_host }}" + + - debug: msg="======================= PTF END {{ ptfrc.rc }} ===========" + + always: + - name: Stop log analyser + include: "{{ loganalyzer_analyze }}" + + - name: Get the total number of error messages. + shell: grep "TOTAL MATCHES" "{{ test_out_dir }}/{{ summary_file }}" | sed -n "s/TOTAL MATCHES:[[:space:]]*//p" + register: errors_found + + - name: Check the number of error messages (positive tests only). + fail: msg="{{ errors_found.stdout }} errors found while running {{ testname }} / {{ config_file }}. Please see {{ test_out_dir }}/{{ result_file }}" + when: errors_found.stdout != "0" + + - name: Do configuration cleanup. + include: "{{ run_config_cleanup }}" + when: run_cleanup == true diff --git a/ansible/roles/test/tasks/acl/run_analyze_and_check.yml b/ansible/roles/test/tasks/acl/run_analyze_and_check.yml new file mode 100644 index 00000000000..422e9358054 --- /dev/null +++ b/ansible/roles/test/tasks/acl/run_analyze_and_check.yml @@ -0,0 +1,17 @@ +- name: Use loganalyzer to check for the error messages {{ testname }}. + include: "{{ loganalyzer_analyze }}" + +- name: Get the total number of error messages. + shell: grep "TOTAL MATCHES" "{{ test_out_dir }}/{{ summary_file }}" | sed -n "s/TOTAL MATCHES:[[:space:]]*//p" + register: errors_found + +- name: Check the number of error messages. + fail: msg="{{ errors_found.stdout }} errors found while running {{ testname }}. Please see {{ test_out_dir }}/{{ result_file }}" + when: errors_found.stdout != "0" + +- name: Copy test data to host. + fetch: src={{ test_out_dir }}/{{ item }} dest=failed-test-data/{{ testname_unique }}/{{ item }} + with_items: + - "{{ summary_file }}" + - "{{ result_file }}" + when: errors_found.stdout != "0" diff --git a/ansible/roles/test/tasks/acl/run_config_cleanup.yml b/ansible/roles/test/tasks/acl/run_config_cleanup.yml new file mode 100644 index 00000000000..d3646a47d1b --- /dev/null +++ b/ansible/roles/test/tasks/acl/run_config_cleanup.yml @@ -0,0 +1,11 @@ + +- name: Do configuration cleanup. + shell: systemctl restart orchagent + register: clean_up + +- fail: msg="swssconfig - failed to cleanup the ACL configuration" + when: clean_up.rc != 0 + +- name: Wait for orchagent initialization + pause: + seconds: 35 diff --git a/ansible/roles/test/tasks/acl/run_config_test.yml b/ansible/roles/test/tasks/acl/run_config_test.yml new file mode 100644 index 00000000000..9704e9c6330 --- /dev/null +++ b/ansible/roles/test/tasks/acl/run_config_test.yml @@ -0,0 +1,46 @@ +#----------------------------------------- +# Test json-configuration: +# 1) Upload json-config through swssconfig. +# 2) Check log through the loganalyzer. +# 3) Run cleanup if needed. +#----------------------------------------- + +- include_vars: "{{ vars_files_location }}/run_config_test_vars.yml" + +- block: + - name: Initialize loganalizer. Put start marker to log file. + include: "{{ loganalyzer_init }}" + + - name: Load JSON config {{ config_file }} + command: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_file }} + + - name: Use loganalyzer to check for the error messages {{ testname }} / {{ config_file }}. + include: "{{ loganalyzer_analyze }}" + + - name: Get the total number of expected messages. + shell: grep "TOTAL EXPECTED" "{{ test_out_dir }}/{{ summary_file }}" | sed -n "s/TOTAL EXPECTED MATCHES:[[:space:]]*//p" + register: expects_found + when: errors_expected == true + + - name: Check that expected error messages are found (negative tests only). + fail: msg="Expected error messages are not found while running {{ testname }} / {{ config_file }}" + when: errors_expected == true and expects_found.stdout == "0" + + - name: Get the total number of error messages. + shell: grep "TOTAL MATCHES" "{{ test_out_dir }}/{{ summary_file }}" | sed -n "s/TOTAL MATCHES:[[:space:]]*//p" + register: errors_found + + - name: Check the number of error messages (positive tests only). + fail: msg="{{ errors_found.stdout }} errors found while running {{ testname }} / {{ config_file }}. Please see {{ test_out_dir }}/{{ result_file }}" + when: errors_expected == false and errors_found.stdout != "0" + + - name: Copy test data to host. + fetch: src={{ test_out_dir }}/{{ item }} dest=failed-test-data/{{ testname_unique }}/{{ item }} + with_items: + - "{{ summary_file }}" + - "{{ result_file }}" + when: (errors_expected == true and expects_found.stdout == "0") or (errors_expected == false and errors_found.stdout != "0") + + - name: Do configuration cleanup after {{ testname }} / {{ config_file }} + include: "{{ run_config_cleanup }}" + when: run_cleanup == true diff --git a/ansible/roles/test/tasks/acl/run_loganalyzer.yml b/ansible/roles/test/tasks/acl/run_loganalyzer.yml new file mode 100644 index 00000000000..43d0af79486 --- /dev/null +++ b/ansible/roles/test/tasks/acl/run_loganalyzer.yml @@ -0,0 +1,14 @@ +#----------------------------------------- +# This script is used whether to run init +# or analyze-phase of loganalyzer. +#----------------------------------------- + +- include_vars: "{{ vars_files_location }}/run_loganalyzer_vars.yml" + +- name: Initialize loganalizer. Put start marker to log file. + include: "{{ loganalyzer_init }}" + when: loganalyzer_run_init == true + +- name: Run analyze-phase and check the loganalyzer output for the errors. + include: "{{ run_analyze_and_check }}" + when: loganalyzer_run_analyze == true diff --git a/ansible/roles/test/tasks/sonic.yml b/ansible/roles/test/tasks/sonic.yml index 3e2f496c797..c516257dd41 100644 --- a/ansible/roles/test/tasks/sonic.yml +++ b/ansible/roles/test/tasks/sonic.yml @@ -57,3 +57,7 @@ - name: Fib test include: fib.yml tags: fib + +- name: Test ACL + include: acl.yml + tags: acl diff --git a/ansible/vars/acl/acl_counter_traffic_test_vars.yml b/ansible/vars/acl/acl_counter_traffic_test_vars.yml new file mode 100644 index 00000000000..97ec99b6a13 --- /dev/null +++ b/ansible/vars/acl/acl_counter_traffic_test_vars.yml @@ -0,0 +1,34 @@ +--- + +testname: acl_counter_traffic_test + +acl_check_db: "{{ tests_location }}/acl_counter_traffic_test/acl_check_db.yml" + +config_table_type_l3: config_table_type_l3.json +config_rule: config_rule.json +config_rule_delete: config_rule_delete.json + +config_mirror_session: config_mirror_session.json +config_table_type_mirror: config_table_type_mirror.json +config_rule_mirror: config_rule_mirror.json +config_rule_mirror_delete: config_rule_mirror_delete.json + +table_name: acl_test_table +rule_name: acl_config_rule +mirror_table_name: acl_test_table_mirror +mirror_rule_name: acl_config_rule_mirror + +switch_if1_ip: 20.0.0.1 +switch_if2_ip: 21.0.0.1 +dst_mirror_subnet: 2.0.0.0/24 +packets_sent: 3 + +config_files: + - "{{ config_table_type_l3 }}" + - "{{ config_rule }}" + - "{{ config_rule_delete }}" + - "{{ config_mirror_session }}" + - "{{ config_table_type_mirror }}" + - "{{ config_rule_mirror }}" + - "{{ config_rule_mirror_delete }}" + diff --git a/ansible/vars/acl/acl_input_test_vars.yml b/ansible/vars/acl/acl_input_test_vars.yml new file mode 100644 index 00000000000..1cb5ddb6995 --- /dev/null +++ b/ansible/vars/acl/acl_input_test_vars.yml @@ -0,0 +1,6 @@ +--- + +testname: acl_input_test + +acl_config_valid: acl_config_valid.json +acl_config_invalid: acl_config_invalid.json diff --git a/ansible/vars/acl/acl_orchagent_logic_test_vars.yml b/ansible/vars/acl/acl_orchagent_logic_test_vars.yml new file mode 100644 index 00000000000..a89924afb47 --- /dev/null +++ b/ansible/vars/acl/acl_orchagent_logic_test_vars.yml @@ -0,0 +1,166 @@ +--- + +testname: acl_orchagent_logic_test + +# L3 - already tested, so here we check some bad cases. +config_table_type_l3: config_table_type_l3.json +config_table_type_invalid_1: config_table_type_invalid_1.json +config_table_type_invalid_2: config_table_type_invalid_2.json +config_table_type_expect: config_table_type_expect_file + +config_rule: config_rule.json + +# Syntax-test config files. +config_port_invalid_1: config_port_invalid_1.json +config_port_invalid_2: config_port_invalid_2.json +config_port_expect: config_port_expect_file + +config_operation_invalid_1: config_operation_invalid_1.json +config_operation_invalid_2: config_operation_invalid_2.json + +config_extra_field_invalid: config_extra_field_invalid.json +config_extra_field_expect: config_extra_field_expect_file + +config_priority_invalid_1: config_priority_invalid_1.json +config_priority_invalid_2: config_priority_invalid_2.json +config_priority_valid_max: config_priority_valid_max.json +config_priority_expect: config_priority_expect_file + +config_ether_type_invalid_1: config_ether_type_invalid_1.json +config_ether_type_invalid_2: config_ether_type_invalid_2.json +config_ether_type_valid_1: config_ether_type_valid_1.json +config_ether_type_valid_2: config_ether_type_valid_2.json +config_ether_type_expect: config_ether_type_expect_file + +config_ip_type_invalid_1: config_ip_type_invalid_1.json +config_ip_type_invalid_2: config_ip_type_invalid_2.json +config_ip_type_valid_1: config_ip_type_valid_1.json +config_ip_type_valid_2: config_ip_type_valid_2.json +config_ip_type_expect: config_ip_type_expect_file + +config_ip_proto_invalid_1: config_ip_proto_invalid_1.json +config_ip_proto_invalid_2: config_ip_proto_invalid_2.json +config_ip_proto_valid_1: config_ip_proto_valid_1.json +config_ip_proto_valid_2: config_ip_proto_valid_2.json +config_ip_proto_expect: config_ip_proto_expect_file + +config_ip_addr_invalid_1: config_ip_addr_invalid_1.json +config_ip_addr_invalid_2: config_ip_addr_invalid_2.json +config_ip_addr_invalid_3: config_ip_addr_invalid_3.json +config_ip_addr_invalid_4: config_ip_addr_invalid_4.json +config_ip_addr_invalid_5: config_ip_addr_invalid_5.json +config_ip_addr_invalid_6: config_ip_addr_invalid_6.json +config_ip_addr_invalid_7: config_ip_addr_invalid_7.json +config_ip_addr_valid_1: config_ip_addr_valid_1.json +config_ip_addr_valid_2: config_ip_addr_valid_2.json +config_ip_addr_expect: config_ip_addr_expect_file + +config_tcp_flags_valid_1: config_tcp_flags_valid_1.json +config_tcp_flags_valid_2: config_tcp_flags_valid_2.json +config_tcp_flags_invalid_1: config_tcp_flags_invalid_1.json +config_tcp_flags_invalid_2: config_tcp_flags_invalid_2.json +config_tcp_flags_expect: config_tcp_flags_expect_file + +config_l4_port_valid: config_l4_port_valid.json +config_l4_port_invalid_1: config_l4_port_invalid_1.json +config_l4_port_invalid_2: config_l4_port_invalid_2.json +config_l4_port_invalid_3: config_l4_port_invalid_3.json +config_l4_port_expect: config_l4_port_expect_file + +config_packet_action_valid: config_packet_action_valid.json +config_packet_action_invalid_1: config_packet_action_invalid_1.json +config_packet_action_invalid_2: config_packet_action_invalid_2.json +config_packet_action_expect: config_packet_action_expect_file + +config_dscp_in_l3_table: config_dscp_in_l3_table.json +config_dscp_in_l3_table_expect: config_dscp_in_l3_table_expect_file + +config_rule_empty_invalid: config_rule_empty.json +config_rule_empty_expect: config_rule_empty_expect_file + +config_rule_in_non_existing_table: config_rule_in_non_existing_table.json +config_rule_in_non_existing_table_expect: config_rule_in_non_existing_table_expect_file + +# Deleting-test config files. +config_del_rule_valid: config_del_rule_valid.json +config_del_rule_non_existing: config_del_rule_non_existing.json +config_del_rule_expect: config_del_rule_expect_file + +config_del_table_valid: config_del_table_valid.json +config_del_table_non_existing: config_del_table_non_existing.json +config_del_table_with_rules: config_del_table_with_rules.json +config_del_table_diff_fields: config_del_table_diff_fields.json +config_del_table_expect: config_del_table_expect_file + +config_empty_expect: config_empty_expect_file +config_duplicate_rule_expect: config_duplicate_rule_expect_file + +config_files: + - "{{ config_table_type_l3 }}" + - "{{ config_rule }}" + + - "{{ config_table_type_invalid_1 }}" + - "{{ config_table_type_invalid_2 }}" + + - "{{ config_port_invalid_1 }}" + - "{{ config_port_invalid_2 }}" + + - "{{ config_operation_invalid_1 }}" + - "{{ config_operation_invalid_2 }}" + + - "{{ config_extra_field_invalid }}" + + - "{{ config_priority_invalid_1 }}" + - "{{ config_priority_invalid_2 }}" + - "{{ config_priority_valid_max }}" + + - "{{ config_ether_type_invalid_1 }}" + - "{{ config_ether_type_invalid_2 }}" + - "{{ config_ether_type_valid_1 }}" + - "{{ config_ether_type_valid_2 }}" + + - "{{ config_ip_type_invalid_1 }}" + - "{{ config_ip_type_invalid_2 }}" + - "{{ config_ip_type_valid_1 }}" + - "{{ config_ip_type_valid_2 }}" + + - "{{ config_ip_proto_invalid_1 }}" + - "{{ config_ip_proto_invalid_2 }}" + - "{{ config_ip_proto_valid_1 }}" + - "{{ config_ip_proto_valid_2 }}" + + - "{{ config_ip_addr_invalid_1 }}" + - "{{ config_ip_addr_invalid_2 }}" + - "{{ config_ip_addr_invalid_3 }}" + - "{{ config_ip_addr_invalid_4 }}" + - "{{ config_ip_addr_invalid_5 }}" + - "{{ config_ip_addr_invalid_6 }}" + - "{{ config_ip_addr_invalid_7 }}" + - "{{ config_ip_addr_valid_1 }}" + - "{{ config_ip_addr_valid_2 }}" + + - "{{ config_tcp_flags_valid_1 }}" + - "{{ config_tcp_flags_valid_2 }}" + - "{{ config_tcp_flags_invalid_1 }}" + - "{{ config_tcp_flags_invalid_2 }}" + + - "{{ config_l4_port_valid }}" + - "{{ config_l4_port_invalid_1 }}" + - "{{ config_l4_port_invalid_2 }}" + - "{{ config_l4_port_invalid_3 }}" + + - "{{ config_packet_action_valid }}" + - "{{ config_packet_action_invalid_1 }}" + - "{{ config_packet_action_invalid_2 }}" + + - "{{ config_dscp_in_l3_table }}" + - "{{ config_rule_empty_invalid }}" + - "{{ config_rule_in_non_existing_table }}" + + - "{{ config_del_rule_valid }}" + - "{{ config_del_rule_non_existing }}" + + - "{{ config_del_table_valid }}" + - "{{ config_del_table_non_existing }}" + - "{{ config_del_table_with_rules }}" + - "{{ config_del_table_diff_fields }}" diff --git a/ansible/vars/acl/acl_port_bind_test_vars.yml b/ansible/vars/acl/acl_port_bind_test_vars.yml new file mode 100644 index 00000000000..8eac7d34306 --- /dev/null +++ b/ansible/vars/acl/acl_port_bind_test_vars.yml @@ -0,0 +1,17 @@ +--- + +testname: acl_port_bind_test + +config_bind_unknown_port: config_bind_unknown_port.json +config_bind_unknown_port_expect: config_bind_unknown_port_expect_file +config_bind_duplicate_port: config_bind_duplicate_port.json +config_bind_duplicate_port_expect: config_bind_duplicate_port_expect_file +config_bind_valid_port: config_bind_valid_port.json +config_unbind_port: config_unbind_port.json +config_empty_expect: config_empty_expect_file + +config_files: + - "{{ config_bind_unknown_port }}" + - "{{ config_bind_duplicate_port }}" + - "{{ config_bind_valid_port }}" + - "{{ config_unbind_port }}" diff --git a/ansible/vars/acl/acl_port_range_test_vars.yml b/ansible/vars/acl/acl_port_range_test_vars.yml new file mode 100644 index 00000000000..c2e9860f70e --- /dev/null +++ b/ansible/vars/acl/acl_port_range_test_vars.yml @@ -0,0 +1,57 @@ +--- + +testname: acl_port_range_test + +# configuration-test settings +config_table_type_l3: config_table_type_l3.json +config_mirror_session: config_mirror_session.json +config_table_type_mirror: config_table_type_mirror.json +config_l4_port_range_1_on_l3_table: config_l4_port_range_1_on_l3_table.json +config_l4_port_range_2_on_l3_table: config_l4_port_range_2_on_l3_table.json +config_l4_port_range_on_mirror_table: config_l4_port_range_on_mirror_table.json +config_l4_full_port_range: config_l4_full_port_range.json +config_l4_limited_port_range: config_l4_limited_port_range.json +config_delete_limited_port_range: config_delete_limited_port_range.json +config_delete_different_port_range: config_delete_different_port_range.json +config_l4_port_range_invalid_1: config_l4_port_range_invalid_1.json +config_l4_port_range_invalid_2: config_l4_port_range_invalid_2.json +config_l4_port_range_invalid_3: config_l4_port_range_invalid_3.json +config_l4_port_range_invalid_4: config_l4_port_range_invalid_4.json +config_l4_port_range_invalid_5: config_l4_port_range_invalid_5.json +config_l4_port_range_invalid_6: config_l4_port_range_invalid_6.json +config_l4_port_range_invalid_7: config_l4_port_range_invalid_7.json +config_l4_port_range_invalid_8: config_l4_port_range_invalid_8.json + +config_l4_port_range_expect: config_l4_port_range_expect_file +config_empty_expect: config_empty_expect_file +host_testdir: /tmp/ptf_tests + +# traffic-test settings +table_name: acl_test_table +rule_limited_port_range_name: acl_rule_limited_port_range +packets_sent: 3 + +# mirror-testing settings +switch_if_ip: 20.0.0.1 +ptf_host_if_ip: 20.0.0.2 +dst_mirror_subnet: 2.0.0.0/24 + +config_files: + - "{{ config_table_type_l3 }}" + - "{{ config_mirror_session }}" + - "{{ config_table_type_mirror }}" + - "{{ config_l4_port_range_1_on_l3_table }}" + - "{{ config_l4_port_range_2_on_l3_table }}" + - "{{ config_l4_port_range_on_mirror_table }}" + - "{{ config_l4_full_port_range }}" + - "{{ config_l4_limited_port_range }}" + - "{{ config_delete_limited_port_range }}" + - "{{ config_delete_different_port_range }}" + - "{{ config_l4_port_range_invalid_1 }}" + - "{{ config_l4_port_range_invalid_2 }}" + - "{{ config_l4_port_range_invalid_3 }}" + - "{{ config_l4_port_range_invalid_4 }}" + - "{{ config_l4_port_range_invalid_5 }}" + - "{{ config_l4_port_range_invalid_6 }}" + - "{{ config_l4_port_range_invalid_7 }}" + - "{{ config_l4_port_range_invalid_8 }}" diff --git a/ansible/vars/acl/acl_traffic_test_vars.yml b/ansible/vars/acl/acl_traffic_test_vars.yml new file mode 100644 index 00000000000..af8d7e80289 --- /dev/null +++ b/ansible/vars/acl/acl_traffic_test_vars.yml @@ -0,0 +1,42 @@ +--- + +host1_ip : 21.0.0.2 +host2_ip : 22.0.0.2 +subnet1 : 21.0.0.0/24 +subnet2 : 22.0.0.0/24 +switch_ip1 : 21.0.0.1 +switch_ip2 : 22.0.0.1 +host_testdir: /tmp + +run_ping_test: "{{ tests_location }}/acl_traffic_test/run_ping_test.yml" +run_ptf_test: "{{ tests_location }}/acl_traffic_test/run_ptf_test.yml" + +config_traffic_drop_ether_ip: config_traffic_drop_ether_ip.json +config_traffic_drop_src_ip: config_traffic_drop_src_ip.json +config_traffic_drop_dst_ip: config_traffic_drop_dst_ip.json +config_traffic_drop_l4_src_port: config_traffic_drop_l4_src_port.json +config_traffic_drop_l4_dst_port: config_traffic_drop_l4_dst_port.json +config_traffic_drop_ip_protocol: config_traffic_drop_ip_protocol.json +config_traffic_drop_ip_type: config_traffic_drop_ip_type.json +config_traffic_drop_tcp_flags: config_traffic_drop_tcp_flags.json +config_traffic_drop_priority: config_traffic_drop_priority.json +config_empty_expect: config_empty_expect_file + +match_file: loganalyzer_common_match.txt +ignore_file: loganalyzer_common_ignore.txt + +loganalyzer_init: roles/test/files/tools/loganalyzer/loganalyzer_init.yml +loganalyzer_analyze: roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml + +testname: acl_traffic_test + +config_files: + - "{{ config_traffic_drop_ether_ip }}" + - "{{ config_traffic_drop_src_ip }}" + - "{{ config_traffic_drop_dst_ip }}" + - "{{ config_traffic_drop_l4_src_port }}" + - "{{ config_traffic_drop_l4_dst_port }}" + - "{{ config_traffic_drop_ip_protocol }}" + - "{{ config_traffic_drop_ip_type }}" + - "{{ config_traffic_drop_tcp_flags }}" + - "{{ config_traffic_drop_priority }}" diff --git a/ansible/vars/acl/acl_vars.yml b/ansible/vars/acl/acl_vars.yml new file mode 100644 index 00000000000..a1c937bb7f5 --- /dev/null +++ b/ansible/vars/acl/acl_vars.yml @@ -0,0 +1,10 @@ +--- + +run_dir: /home/admin/acl_tests +out_dir: /home/admin/acl_tests/results +docker_testdir: /tmp +tests_location: roles/test/tasks/acl + +run_config_test: "{{ tests_location }}/run_config_test.yml" +run_config_cleanup: "{{ tests_location }}/run_config_cleanup.yml" +run_loganalyzer: "{{ tests_location }}/run_loganalyzer.yml" diff --git a/ansible/vars/acl/run_config_test_vars.yml b/ansible/vars/acl/run_config_test_vars.yml new file mode 100644 index 00000000000..0284d436790 --- /dev/null +++ b/ansible/vars/acl/run_config_test_vars.yml @@ -0,0 +1,13 @@ +--- + +testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" + +test_out_dir: "{{ out_dir }}/{{ testname_unique }}" +loganalyzer_init: roles/test/files/tools/loganalyzer/loganalyzer_init.yml +loganalyzer_analyze: roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml + +match_file: loganalyzer_common_match.txt +ignore_file: loganalyzer_common_ignore.txt + +summary_file: summary.loganalysis.{{ testname_unique }}.log +result_file: result.loganalysis.{{ testname_unique }}.log diff --git a/ansible/vars/acl/run_loganalyzer_vars.yml b/ansible/vars/acl/run_loganalyzer_vars.yml new file mode 100644 index 00000000000..78a42e42500 --- /dev/null +++ b/ansible/vars/acl/run_loganalyzer_vars.yml @@ -0,0 +1,15 @@ +--- + +testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" + +test_out_dir: "{{ out_dir }}/{{ testname_unique }}" +loganalyzer_init: roles/test/files/tools/loganalyzer/loganalyzer_init.yml +loganalyzer_analyze: roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml + +match_file: loganalyzer_common_match.txt +ignore_file: loganalyzer_common_ignore.txt + +summary_file: summary.loganalysis.{{ testname_unique }}.log +result_file: result.loganalysis.{{ testname_unique }}.log + +run_analyze_and_check: "{{ tests_location }}/run_analyze_and_check.yml" diff --git a/ansible/vars/acl/run_ping_test_vars.yml b/ansible/vars/acl/run_ping_test_vars.yml new file mode 100644 index 00000000000..500c76536ff --- /dev/null +++ b/ansible/vars/acl/run_ping_test_vars.yml @@ -0,0 +1,7 @@ +--- + +testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" + +test_out_dir: "{{ out_dir }}/{{ testname_unique }}" +summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" +result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}" diff --git a/ansible/vars/acl/run_ptf_test_vars.yml b/ansible/vars/acl/run_ptf_test_vars.yml new file mode 100644 index 00000000000..500c76536ff --- /dev/null +++ b/ansible/vars/acl/run_ptf_test_vars.yml @@ -0,0 +1,7 @@ +--- + +testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" + +test_out_dir: "{{ out_dir }}/{{ testname_unique }}" +summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" +result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}"