From 4ba14d68ca0292f2b4a554ece596caea06b21ef0 Mon Sep 17 00:00:00 2001 From: Anton Patenko Date: Sat, 14 Jan 2017 12:24:24 +0200 Subject: [PATCH 1/9] ACL testing: added files input test. --- ansible/roles/test/tasks/acl.yml | 35 ++++++++++++ .../acl_input_test/acl_config_invalid.json | 19 +++++++ .../acl/acl_input_test/acl_config_valid.json | 19 +++++++ .../acl/acl_input_test/acl_input_test.yml | 55 +++++++++++++++++++ ansible/roles/test/tasks/sonic.yml | 4 ++ 5 files changed, 132 insertions(+) create mode 100644 ansible/roles/test/tasks/acl.yml create mode 100644 ansible/roles/test/tasks/acl/acl_input_test/acl_config_invalid.json create mode 100644 ansible/roles/test/tasks/acl/acl_input_test/acl_config_valid.json create mode 100644 ansible/roles/test/tasks/acl/acl_input_test/acl_input_test.yml diff --git a/ansible/roles/test/tasks/acl.yml b/ansible/roles/test/tasks/acl.yml new file mode 100644 index 00000000000..33c229b6146 --- /dev/null +++ b/ansible/roles/test/tasks/acl.yml @@ -0,0 +1,35 @@ + +#----------------------------------------- +# Run all the acl tests. +#----------------------------------------- + +- set_fact: + run_dir: "{{ '/home/admin/acl_tests' }}" + out_dir: "{{ '/home/admin/acl_tests/results' }}" + docker_testdir: "{{ '/tmp' }}" + logfile: "{{ '' }}" + tests_location: "{{ 'roles/test/tasks/acl' }}" + +- set_fact: + run_config_test: "{{ tests_location }}/run_config_test.yml" + run_config_cleanup: "{{ tests_location }}/run_config_cleanup.yml" + run_loganalyzer: "{{ tests_location }}/run_loganalyzer.yml" + set_ports_speed: "{{ tests_location }}/set_ports_speed.yml" + +- name: Create run_dir + file: path="{{ run_dir }}" state=directory + + #****************************************# + # Start tests # + #****************************************# + +- block: + - name: Test file input. + include: "{{ tests_location }}/acl_input_test/acl_input_test.yml" + + always: + - name: General cleanup. + file: path="{{ item }}" state=absent + with_items: + - "{{ run_dir }}/loganalyzer.py" + diff --git a/ansible/roles/test/tasks/acl/acl_input_test/acl_config_invalid.json b/ansible/roles/test/tasks/acl/acl_input_test/acl_config_invalid.json new file mode 100644 index 00000000000..0f2e2462ad6 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_input_test/acl_config_invalid.json @@ -0,0 +1,19 @@ +[ + { + "ACL_TABLE:555555739a2cc107": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + THIS IS A WRONG LINE + }, + { + "ACL_RULE_TABLE:555555739a2cc107:3f8a10ff": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_input_test/acl_config_valid.json b/ansible/roles/test/tasks/acl/acl_input_test/acl_config_valid.json new file mode 100644 index 00000000000..6a228f9da45 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_input_test/acl_config_valid.json @@ -0,0 +1,19 @@ +[ + { + "ACL_TABLE:555555739a2cc107": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:555555739a2cc107:3f8a10ff": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_input_test/acl_input_test.yml b/ansible/roles/test/tasks/acl/acl_input_test/acl_input_test.yml new file mode 100644 index 00000000000..0b0abac1fab --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_input_test/acl_input_test.yml @@ -0,0 +1,55 @@ +# Tests json-file correctness. +# Syntax correctness analysis is performed by Orchagent. + +- set_fact: + acl_config_valid: "{{ 'acl_config_valid.json' }}" + acl_config_invalid: "{{ 'acl_config_invalid.json' }}" + testname: "{{ 'acl_input_test' }}" + +- name: Copy JSON configs onto switch + copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" + with_items: + - "{{ acl_config_valid }}" + - "{{ acl_config_invalid }}" + +- name: Copy JSON configs from switch into docker filesystem + command: docker cp "{{ run_dir }}/{{ item }}" orchagent:"{{ docker_testdir }}/{{ item }}" + with_items: + - "{{ acl_config_valid }}" + - "{{ acl_config_invalid }}" + +- block: + - name: Load valid JSON config. + command: docker exec -i orchagent swssconfig "{{ docker_testdir }}/{{ acl_config_valid }}" + register: valid_config_upload + failed_when: valid_config_upload.rc != 0 + + - name: Load invalid JSON config and check that errors returned. + command: docker exec -i orchagent swssconfig "{{ docker_testdir }}/{{ acl_config_invalid }}" + register: invalid_config_upload + failed_when: invalid_config_upload.rc == 0 + + always: + + # Print appropriate message, so user can see what exactly went wrong. + - fail: msg="swssconfig - failed to upload {{ acl_config_valid }}" + when: valid_config_upload.rc != 0 + + - fail: msg="swssconfig - no error caught when uploading {{ acl_config_invalid }}" + when: invalid_config_upload.rc == 0 + + - name: Do configuration cleanup after input_test. + command: systemctl restart orchagent + register: clean_up + + - fail: msg="swssconfig - failed to cleanup the ACL configuration" + when: clean_up.rc != 0 + + - name: Wait for orchagent initialization + command: sleep 35 + + - name: Remove all the files created by test. + file: path="{{ run_dir }}/{{ item }}" state=absent + with_items: + - "{{ acl_config_valid }}" + - "{{ acl_config_invalid }}" diff --git a/ansible/roles/test/tasks/sonic.yml b/ansible/roles/test/tasks/sonic.yml index 3e2f496c797..c516257dd41 100644 --- a/ansible/roles/test/tasks/sonic.yml +++ b/ansible/roles/test/tasks/sonic.yml @@ -57,3 +57,7 @@ - name: Fib test include: fib.yml tags: fib + +- name: Test ACL + include: acl.yml + tags: acl From 17b8ef84e1de4033689016198811fcb9b9d189c6 Mon Sep 17 00:00:00 2001 From: Anton Patenko Date: Sat, 14 Jan 2017 12:27:15 +0200 Subject: [PATCH 2/9] ACL testing: added port bind test. --- ansible/roles/test/tasks/acl.yml | 3 + .../acl_port_bind_test/acl_port_bind_test.yml | 70 +++++++++++++++++++ .../config_bind_duplicate_port.json | 10 +++ .../config_bind_duplicate_port_expect_file | 1 + .../config_bind_unknown_port.json | 10 +++ .../config_bind_unknown_port_expect_file | 5 ++ .../config_bind_valid_port.json | 10 +++ .../config_empty_expect_file | 0 .../config_unbind_port.json | 7 ++ .../test/tasks/acl/run_config_cleanup.yml | 10 +++ .../roles/test/tasks/acl/run_config_test.yml | 51 ++++++++++++++ 11 files changed, 177 insertions(+) create mode 100644 ansible/roles/test/tasks/acl/acl_port_bind_test/acl_port_bind_test.yml create mode 100644 ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_valid_port.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_bind_test/config_empty_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_port_bind_test/config_unbind_port.json create mode 100644 ansible/roles/test/tasks/acl/run_config_cleanup.yml create mode 100644 ansible/roles/test/tasks/acl/run_config_test.yml diff --git a/ansible/roles/test/tasks/acl.yml b/ansible/roles/test/tasks/acl.yml index 33c229b6146..e418a0077c6 100644 --- a/ansible/roles/test/tasks/acl.yml +++ b/ansible/roles/test/tasks/acl.yml @@ -27,6 +27,9 @@ - name: Test file input. include: "{{ tests_location }}/acl_input_test/acl_input_test.yml" + - name: Test port bind configuration. + include: "{{ tests_location }}/acl_port_bind_test/acl_port_bind_test.yml" + always: - name: General cleanup. file: path="{{ item }}" state=absent diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/acl_port_bind_test.yml b/ansible/roles/test/tasks/acl/acl_port_bind_test/acl_port_bind_test.yml new file mode 100644 index 00000000000..793aff6c39e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/acl_port_bind_test.yml @@ -0,0 +1,70 @@ +#----------------------------------------- +# Port bind testing. +#----------------------------------------- + +- set_fact: + config_bind_unknown_port: "{{ 'config_bind_unknown_port.json' }}" + config_bind_unknown_port_expect: "{{ 'config_bind_unknown_port_expect_file' }}" + config_bind_duplicate_port: "{{ 'config_bind_duplicate_port.json' }}" + config_bind_duplicate_port_expect: "{{ 'config_bind_duplicate_port_expect_file' }}" + config_bind_valid_port: "{{ 'config_bind_valid_port.json' }}" + config_unbind_port: "{{ 'config_unbind_port.json' }}" + config_empty_expect: "{{ 'config_empty_expect_file' }}" + + testname: "{{ 'acl_port_bind_test' }}" + +- set_fact: + config_files: + - "{{ config_bind_unknown_port }}" + - "{{ config_bind_duplicate_port }}" + - "{{ config_bind_valid_port }}" + - "{{ config_unbind_port }}" + +- name: Copy JSON configs onto switch. + copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" + with_items: + - "{{ config_files }}" + +- name: Copy JSON configs from switch into docker filesystem. + command: docker cp "{{ run_dir }}/{{ item }}" orchagent:{{ docker_testdir }}/{{ item }} + with_items: + - "{{ config_files }}" + +- block: + - set_fact: + config_file: "{{ config_bind_unknown_port }}" + test_expect_file: "{{ config_bind_unknown_port_expect }}" + errors_expected: true + run_cleanup: true + - name: Run ACL port bind test with + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_bind_duplicate_port }}" + test_expect_file: "{{ config_bind_duplicate_port_expect }}" + errors_expected: true + run_cleanup: true + - name: Run test + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_bind_valid_port }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Run test + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_unbind_port }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: true + - name: Run test + include: "{{ run_config_test }}" + + always: + - name: Remove all the temporary created by the test. + file: path="{{ run_dir }}/{{ item }}" state=absent + with_items: + - "{{ config_files }}" diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port.json b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port.json new file mode 100644 index 00000000000..cdc5de73a76 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:port_bind_test": { + "policy_desc" : "Table_for_ACL_port_bind_test", + "type" : "L3", + "ports" : "Ethernet0,Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port_expect_file b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port_expect_file new file mode 100644 index 00000000000..7e2f78a4918 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_duplicate_port_expect_file @@ -0,0 +1 @@ +r, ".*Failed to process port list. Duplicate port entry." diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port.json b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port.json new file mode 100644 index 00000000000..d5133362b96 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:port_bind_test": { + "policy_desc" : "Table_for_ACL_port_bind_test", + "type" : "L3", + "ports" : "UnknownPort1,UnknownPort2" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port_expect_file b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port_expect_file new file mode 100644 index 00000000000..bdbf5d43c4e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_unknown_port_expect_file @@ -0,0 +1,5 @@ +#s, "33333333333333333333" +# match repeating characters aaa, bbbb, etc. +#r, "(\w)\1*" +# +r, ".*Failed to process port. Port .* doesn't exist" diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_valid_port.json b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_valid_port.json new file mode 100644 index 00000000000..01fd351a93b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_bind_valid_port.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:port_bind_test": { + "policy_desc" : "Table_for_ACL_port_bind_test", + "type" : "L3", + "ports" : "Ethernet0,Ethernet4" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_empty_expect_file b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_empty_expect_file new file mode 100644 index 00000000000..e69de29bb2d diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/config_unbind_port.json b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_unbind_port.json new file mode 100644 index 00000000000..10059303703 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/config_unbind_port.json @@ -0,0 +1,7 @@ +[ + { + "ACL_TABLE:port_bind_test": { + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/run_config_cleanup.yml b/ansible/roles/test/tasks/acl/run_config_cleanup.yml new file mode 100644 index 00000000000..b00ba97a7c8 --- /dev/null +++ b/ansible/roles/test/tasks/acl/run_config_cleanup.yml @@ -0,0 +1,10 @@ + +- name: Do configuration cleanup. + shell: systemctl restart orchagent + register: clean_up + +- fail: msg="swssconfig - failed to cleanup the ACL configuration" + when: clean_up.rc != 0 + +- name: Wait for orchagent initialization + command: sleep 35 diff --git a/ansible/roles/test/tasks/acl/run_config_test.yml b/ansible/roles/test/tasks/acl/run_config_test.yml new file mode 100644 index 00000000000..6f0c1daa567 --- /dev/null +++ b/ansible/roles/test/tasks/acl/run_config_test.yml @@ -0,0 +1,51 @@ +- block: + - set_fact: + testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" + + - set_fact: + test_out_dir: "{{ out_dir }}/{{ testname_unique }}" + loganalyzer_init: "{{ 'roles/test/files/tools/loganalyzer/loganalyzer_init.yml' }}" + loganalyzer_analyze: "{{ 'roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml' }}" + + match_file: "{{ 'loganalyzer_common_match.txt' }}" + ignore_file: "{{ 'loganalyzer_common_ignore.txt' }}" + + summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" + result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}" + + - name: Initialize loganalizer. Put start marker to log file. + include: "{{ loganalyzer_init }}" + + - name: Load JSON config {{ config_file }} + command: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_file }} + + - name: Use loganalyzer to check for the error messages {{ testname }} / {{ config_file }}. + include: "{{ loganalyzer_analyze }}" + + - name: Get the total number of expected messages. + shell: grep "TOTAL EXPECTED" "{{ test_out_dir }}/{{ summary_file }}" | sed -n "s/TOTAL EXPECTED MATCHES:[[:space:]]*//p" + register: expects_found + when: errors_expected == true + + - name: Check that expected error messages are found (negative tests only). + fail: msg="Expected error messages are not found while running {{ testname }} / {{ config_file }}" + when: errors_expected == true and expects_found.stdout == "0" + + - name: Get the total number of error messages. + shell: grep "TOTAL MATCHES" "{{ test_out_dir }}/{{ summary_file }}" | sed -n "s/TOTAL MATCHES:[[:space:]]*//p" + register: errors_found + + - name: Check the number of error messages (positive tests only). + fail: msg="{{ errors_found.stdout }} errors found while running {{ testname }} / {{ config_file }}. Please see {{ test_out_dir }}/{{ result_file }}" + when: errors_expected == false and errors_found.stdout != "0" + + - name: Copy test data to host. + fetch: src={{ test_out_dir }}/{{ item }} dest=failed-test-data/{{ testname_unique }}/{{ item }} + with_items: + - "{{ summary_file }}" + - "{{ result_file }}" + when: (errors_expected == true and expects_found.stdout == "0") or (errors_expected == false and errors_found.stdout != "0") + + - name: Do configuration cleanup after {{ testname}} / {{ config_file }} + include: "{{ run_config_cleanup }}" + when: run_cleanup == true From 4bf5c7032140b2174d0ab838e1c4f00202c2f500 Mon Sep 17 00:00:00 2001 From: Anton Patenko Date: Sat, 14 Jan 2017 12:35:32 +0200 Subject: [PATCH 3/9] ACL testing: added orchagent logic test: 1) syntax testing 2) configuration removing testing --- ansible/roles/test/tasks/acl.yml | 3 + .../acl_orchagent_logic_test.yml | 808 ++++++++++++++++++ .../config_del_rule_expect_file | 1 + .../config_del_rule_non_existing.json | 11 + .../config_del_rule_valid.json | 11 + .../config_del_table_diff_fields.json | 9 + .../config_del_table_expect_file | 1 + .../config_del_table_non_existing.json | 7 + .../config_del_table_valid.json | 10 + .../config_del_table_with_rules.json | 10 + .../config_dscp_in_l3_table.json | 12 + .../config_dscp_in_l3_table_expect_file | 1 + .../config_duplicate_rule_expect_file | 1 + .../config_empty_expect_file | 0 .../config_ether_type_expect_file | 1 + .../config_ether_type_invalid_1.json | 10 + .../config_ether_type_invalid_2.json | 10 + .../config_ether_type_valid_1.json | 10 + .../config_ether_type_valid_2.json | 10 + .../config_extra_field_expect_file | 2 + .../config_extra_field_invalid.json | 11 + .../config_ip_addr_expect_file | 1 + .../config_ip_addr_invalid_1.json | 10 + .../config_ip_addr_invalid_2.json | 10 + .../config_ip_addr_invalid_3.json | 10 + .../config_ip_addr_invalid_4.json | 10 + .../config_ip_addr_invalid_5.json | 10 + .../config_ip_addr_invalid_6.json | 10 + .../config_ip_addr_invalid_7.json | 10 + .../config_ip_addr_valid_1.json | 10 + .../config_ip_addr_valid_2.json | 10 + .../config_ip_proto_expect_file | 1 + .../config_ip_proto_invalid_1.json | 10 + .../config_ip_proto_invalid_2.json | 10 + .../config_ip_proto_valid_1.json | 10 + .../config_ip_proto_valid_2.json | 10 + .../config_ip_type_expect_file | 2 + .../config_ip_type_invalid_1.json | 10 + .../config_ip_type_invalid_2.json | 10 + .../config_ip_type_valid_1.json | 10 + .../config_ip_type_valid_2.json | 10 + .../config_l4_port_expect_file | 1 + .../config_l4_port_invalid_1.json | 10 + .../config_l4_port_invalid_2.json | 10 + .../config_l4_port_invalid_3.json | 10 + .../config_l4_port_valid.json | 10 + .../config_operation_invalid_1.json | 10 + .../config_operation_invalid_2.json | 10 + .../config_packet_action_expect_file | 1 + .../config_packet_action_invalid_1.json | 10 + .../config_packet_action_invalid_2.json | 10 + .../config_packet_action_valid.json | 10 + .../config_port_expect_file | 1 + .../config_port_invalid_1.json | 10 + .../config_port_invalid_2.json | 10 + .../config_priority_expect_file | 1 + .../config_priority_invalid_1.json | 10 + .../config_priority_invalid_2.json | 10 + .../config_priority_valid_max.json | 10 + .../acl_orchagent_logic_test/config_rule.json | 11 + .../config_rule_empty.json | 7 + .../config_rule_empty_expect_file | 1 + .../config_rule_in_non_existing_table.json | 11 + ...fig_rule_in_non_existing_table_expect_file | 1 + .../config_table_type_expect_file | 1 + .../config_table_type_invalid_1.json | 10 + .../config_table_type_invalid_2.json | 10 + .../config_table_type_l3.json | 10 + .../config_tcp_flags_expect_file | 1 + .../config_tcp_flags_invalid_1.json | 10 + .../config_tcp_flags_invalid_2.json | 10 + .../config_tcp_flags_valid_1.json | 10 + .../config_tcp_flags_valid_2.json | 10 + 73 files changed, 1360 insertions(+) create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/acl_orchagent_logic_test.yml create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_non_existing.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_valid.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_diff_fields.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_non_existing.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_valid.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_with_rules.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_duplicate_rule_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_empty_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_invalid.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_3.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_4.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_5.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_6.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_7.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_3.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_valid.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_valid.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_valid_max.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_l3.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_2.json diff --git a/ansible/roles/test/tasks/acl.yml b/ansible/roles/test/tasks/acl.yml index e418a0077c6..1c6c4f6fff9 100644 --- a/ansible/roles/test/tasks/acl.yml +++ b/ansible/roles/test/tasks/acl.yml @@ -30,6 +30,9 @@ - name: Test port bind configuration. include: "{{ tests_location }}/acl_port_bind_test/acl_port_bind_test.yml" + - name: Test orchagent logic. + include: "{{ tests_location }}/acl_orchagent_logic_test/acl_orchagent_logic_test.yml" + always: - name: General cleanup. file: path="{{ item }}" state=absent diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/acl_orchagent_logic_test.yml b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/acl_orchagent_logic_test.yml new file mode 100644 index 00000000000..a4eb9f75cf5 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/acl_orchagent_logic_test.yml @@ -0,0 +1,808 @@ +#---------------------------------------------- +# SYNTAX- AND DELETE-TESTING FOR ORCHAGENT. +#---------------------------------------------- + +- set_fact: + + # Test table type. + # Mirror - NOT IMPLEMENTED YET. + # L3 - already tested, so here we check some bad cases. + config_table_type_l3: "{{ 'config_table_type_l3.json' }}" + config_table_type_invalid_1: "{{ 'config_table_type_invalid_1.json' }}" + config_table_type_invalid_2: "{{ 'config_table_type_invalid_2.json' }}" + config_table_type_expect: "{{ 'config_table_type_expect_file' }}" + + config_rule: "{{ 'config_rule.json' }}" + + # SYNTAX-TEST SPECIFIC CONFIG-FILES. + # Test physical port. + config_port_invalid_1: "{{ 'config_port_invalid_1.json' }}" + config_port_invalid_2: "{{ 'config_port_invalid_2.json' }}" + config_port_expect: "{{ 'config_port_expect_file' }}" + + # Test operation applied for table (SET ,DEL) + config_operation_invalid_1: "{{ 'config_operation_invalid_1.json' }}" + config_operation_invalid_2: "{{ 'config_operation_invalid_2.json' }}" + + # Test invalid extra field. + config_extra_field_invalid: "{{ 'config_extra_field_invalid.json' }}" + config_extra_field_expect: "{{ 'config_extra_field_expect_file' }}" + + #------------------------------------------ + # Test RULES parameters. + #------------------------------------------ + + config_priority_invalid_1: "{{ 'config_priority_invalid_1.json' }}" + config_priority_invalid_2: "{{ 'config_priority_invalid_2.json' }}" + config_priority_valid_max: "{{ 'config_priority_valid_max.json' }}" + config_priority_expect: "{{ 'config_priority_expect_file' }}" + + config_ether_type_invalid_1: "{{ 'config_ether_type_invalid_1.json' }}" + config_ether_type_invalid_2: "{{ 'config_ether_type_invalid_2.json' }}" + config_ether_type_valid_1: "{{ 'config_ether_type_valid_1.json' }}" + config_ether_type_valid_2: "{{ 'config_ether_type_valid_2.json' }}" + config_ether_type_expect: "{{ 'config_ether_type_expect_file' }}" + + config_ip_type_invalid_1: "{{ 'config_ip_type_invalid_1.json' }}" + config_ip_type_invalid_2: "{{ 'config_ip_type_invalid_2.json' }}" + config_ip_type_valid_1: "{{ 'config_ip_type_valid_1.json' }}" + config_ip_type_valid_2: "{{ 'config_ip_type_valid_2.json' }}" + config_ip_type_expect: "{{ 'config_ip_type_expect_file' }}" + + config_ip_proto_invalid_1: "{{ 'config_ip_proto_invalid_1.json' }}" + config_ip_proto_invalid_2: "{{ 'config_ip_proto_invalid_2.json' }}" + config_ip_proto_valid_1: "{{ 'config_ip_proto_valid_1.json' }}" + config_ip_proto_valid_2: "{{ 'config_ip_proto_valid_2.json' }}" + config_ip_proto_expect: "{{ 'config_ip_proto_expect_file' }}" + + config_ip_addr_invalid_1: "{{ 'config_ip_addr_invalid_1.json' }}" + config_ip_addr_invalid_2: "{{ 'config_ip_addr_invalid_2.json' }}" + config_ip_addr_invalid_3: "{{ 'config_ip_addr_invalid_3.json' }}" + config_ip_addr_invalid_4: "{{ 'config_ip_addr_invalid_4.json' }}" + config_ip_addr_invalid_5: "{{ 'config_ip_addr_invalid_5.json' }}" + config_ip_addr_invalid_6: "{{ 'config_ip_addr_invalid_6.json' }}" + config_ip_addr_invalid_7: "{{ 'config_ip_addr_invalid_7.json' }}" + config_ip_addr_valid_1: "{{ 'config_ip_addr_valid_1.json' }}" + config_ip_addr_valid_2: "{{ 'config_ip_addr_valid_2.json' }}" + config_ip_addr_expect: "{{ 'config_ip_addr_expect_file' }}" + + config_tcp_flags_valid_1: "{{ 'config_tcp_flags_valid_1.json' }}" + config_tcp_flags_valid_2: "{{ 'config_tcp_flags_valid_2.json' }}" + config_tcp_flags_invalid_1: "{{ 'config_tcp_flags_invalid_1.json' }}" + config_tcp_flags_invalid_2: "{{ 'config_tcp_flags_invalid_2.json' }}" + config_tcp_flags_expect: "{{ 'config_tcp_flags_expect_file' }}" + + config_l4_port_valid: "{{ 'config_l4_port_valid.json' }}" + config_l4_port_invalid_1: "{{ 'config_l4_port_invalid_1.json' }}" + config_l4_port_invalid_2: "{{ 'config_l4_port_invalid_2.json' }}" + config_l4_port_invalid_3: "{{ 'config_l4_port_invalid_3.json' }}" + config_l4_port_expect: "{{ 'config_l4_port_expect_file' }}" + + config_packet_action_valid: "{{ 'config_packet_action_valid.json' }}" + config_packet_action_invalid_1: "{{ 'config_packet_action_invalid_1.json' }}" + config_packet_action_invalid_2: "{{ 'config_packet_action_invalid_2.json' }}" + config_packet_action_expect: "{{ 'config_packet_action_expect_file' }}" + + config_dscp_in_l3_table: "{{ 'config_dscp_in_l3_table.json' }}" + config_dscp_in_l3_table_expect: "{{ 'config_dscp_in_l3_table_expect_file' }}" + + config_rule_empty_invalid: "{{ 'config_rule_empty.json' }}" + config_rule_empty_expect: "{{ 'config_rule_empty_expect_file' }}" + + config_rule_in_non_existing_table: "{{ 'config_rule_in_non_existing_table.json' }}" + config_rule_in_non_existing_table_expect: "{{ 'config_rule_in_non_existing_table_expect_file' }}" + + # DELETE-TEST SPECIFIC CONFIG-FILES. + config_del_rule_valid: "{{ 'config_del_rule_valid.json' }}" + config_del_rule_non_existing: "{{ 'config_del_rule_non_existing.json' }}" + config_del_rule_expect: "{{ 'config_del_rule_expect_file' }}" + + config_del_table_valid: "{{ 'config_del_table_valid.json' }}" + config_del_table_non_existing: "{{ 'config_del_table_non_existing.json' }}" + config_del_table_with_rules: "{{ 'config_del_table_with_rules.json' }}" + config_del_table_diff_fields: "{{ 'config_del_table_diff_fields.json' }}" + config_del_table_expect: "{{ 'config_del_table_expect_file' }}" + + config_empty_expect: "{{ 'config_empty_expect_file' }}" + config_duplicate_rule_expect: "{{ 'config_duplicate_rule_expect_file' }}" + +- set_fact: + config_files: + - "{{ config_table_type_l3 }}" + - "{{ config_rule }}" + + - "{{ config_table_type_invalid_1 }}" + - "{{ config_table_type_invalid_2 }}" + + - "{{ config_port_invalid_1 }}" + - "{{ config_port_invalid_2 }}" + + - "{{ config_operation_invalid_1 }}" + - "{{ config_operation_invalid_2 }}" + + - "{{ config_extra_field_invalid }}" + + - "{{ config_priority_invalid_1 }}" + - "{{ config_priority_invalid_2 }}" + - "{{ config_priority_valid_max }}" + + - "{{ config_ether_type_invalid_1 }}" + - "{{ config_ether_type_invalid_2 }}" + - "{{ config_ether_type_valid_1 }}" + - "{{ config_ether_type_valid_2 }}" + + - "{{ config_ip_type_invalid_1 }}" + - "{{ config_ip_type_invalid_2 }}" + - "{{ config_ip_type_valid_1 }}" + - "{{ config_ip_type_valid_2 }}" + + - "{{ config_ip_proto_invalid_1 }}" + - "{{ config_ip_proto_invalid_2 }}" + - "{{ config_ip_proto_valid_1 }}" + - "{{ config_ip_proto_valid_2 }}" + + - "{{ config_ip_addr_invalid_1 }}" + - "{{ config_ip_addr_invalid_2 }}" + - "{{ config_ip_addr_invalid_3 }}" + - "{{ config_ip_addr_invalid_4 }}" + - "{{ config_ip_addr_invalid_5 }}" + - "{{ config_ip_addr_invalid_6 }}" + - "{{ config_ip_addr_invalid_7 }}" + - "{{ config_ip_addr_valid_1 }}" + - "{{ config_ip_addr_valid_2 }}" + + - "{{ config_tcp_flags_valid_1 }}" + - "{{ config_tcp_flags_valid_2 }}" + - "{{ config_tcp_flags_invalid_1 }}" + - "{{ config_tcp_flags_invalid_2 }}" + + - "{{ config_l4_port_valid }}" + - "{{ config_l4_port_invalid_1 }}" + - "{{ config_l4_port_invalid_2 }}" + - "{{ config_l4_port_invalid_3 }}" + + - "{{ config_packet_action_valid }}" + - "{{ config_packet_action_invalid_1 }}" + - "{{ config_packet_action_invalid_2 }}" + + - "{{ config_dscp_in_l3_table }}" + - "{{ config_rule_empty_invalid }}" + - "{{ config_rule_in_non_existing_table }}" + + - "{{ config_del_rule_valid }}" + - "{{ config_del_rule_non_existing }}" + + - "{{ config_del_table_valid }}" + - "{{ config_del_table_non_existing }}" + - "{{ config_del_table_with_rules }}" + - "{{ config_del_table_diff_fields }}" + + testname: "{{ 'acl_orchagent_logic_test' }}" + +- name: Copy JSON configs onto switch. + copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" + with_items: + - "{{ config_files }}" + +- name: Copy JSON configs from switch into docker filesystem. + command: docker cp "{{ run_dir }}/{{ item }}" orchagent:{{ docker_testdir }}/{{ item }} + with_items: + - "{{ config_files }}" + +#---------------------------------------------------------------------------------- +# Syntax-test uploads different valid and invalid configs +# with correct and incorrect fields and values, and checks for the error-messages +# in a log file. +#---------------------------------------------------------------------------------- + +#----------------------------------------- +# TABLES TESTING +#----------------------------------------- + +- block: + - set_fact: + config_file: "{{ config_table_type_invalid_1 }}" + test_expect_file: "{{ config_table_type_expect }}" + errors_expected: true + run_cleanup: false + - name: Table test - invalid table type. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_table_type_invalid_2 }}" + test_expect_file: "{{ config_table_type_expect }}" + errors_expected: true + run_cleanup: false + - name: Table test - invalid table type. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_port_invalid_1 }}" + test_expect_file: "{{ config_port_expect }}" + errors_expected: true + run_cleanup: false + - name: Table test - invalid physical port. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_port_invalid_2 }}" + test_expect_file: "{{ config_port_expect }}" + errors_expected: true + run_cleanup: false + - name: Table test - invalid physical port. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_extra_field_invalid }}" + test_expect_file: "{{ config_extra_field_expect }}" + errors_expected: true + run_cleanup: false + - name: Table test - invalid extra field. + include: "{{ run_config_test }}" + + # Check return code from swssconfig + - name: Table test - invalid operation applied for table ("OP" field). + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_operation_invalid_1 }} + register: invalid_oper_1 + failed_when: invalid_oper_1.rc == 0 + + - name: Table test - invalid operation applied for table ("OP" field). + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_operation_invalid_2 }} + register: invalid_oper_2 + failed_when: invalid_oper_2.rc == 0 + + - name: Run config cleanup after. + include: "{{ run_config_cleanup }}" +#----------------------------------------- +# test duplicate table creation +#----------------------------------------- + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Create L3 table. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_table_type_expect }}" + errors_expected: true + run_cleanup: true + - name: Create duplicate L3 table. + include: "{{ run_config_test }}" + +#------------------------------------------ +# RULES TESTING +#------------------------------------------ + + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Create L3 table. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_priority_invalid_1 }}" + test_expect_file: "{{ config_priority_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid priority value. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_priority_invalid_2 }}" + test_expect_file: "{{ config_priority_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid priority value. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_priority_valid_max }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: true + - name: Rule test - max priority value. + include: "{{ run_config_test }}" + +#---------------------------------------------- +# ETHER_TYPE +#---------------------------------------------- + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Create L3 table. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ether_type_valid_1 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - valid ether type. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ether_type_valid_2 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - valid ether type. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ether_type_invalid_1 }}" + test_expect_file: "{{ config_ether_type_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid ether type. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ether_type_invalid_2 }}" + test_expect_file: "{{ config_ether_type_expect }}" + errors_expected: true + run_cleanup: true + - name: Rule test - invalid ether type. + include: "{{ run_config_test }}" + +#---------------------------------------------- +# IP TYPE +#---------------------------------------------- + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Create L3 table. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_type_invalid_1 }}" + test_expect_file: "{{ config_ip_type_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid ip type. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_type_invalid_2 }}" + test_expect_file: "{{ config_ip_type_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid ip type. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_type_valid_1 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - invalid ip type. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_type_valid_2 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: true + - name: Rule test - valid ip type. + include: "{{ run_config_test }}" + +#---------------------------------------------- +# IP PROTO +#---------------------------------------------- + + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Create L3 table. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_proto_valid_1 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - valid IP protocol. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_proto_valid_2 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - valid IP protocol. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_proto_invalid_1 }}" + test_expect_file: "{{ config_ip_proto_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid IP protocol. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_proto_invalid_2 }}" + test_expect_file: "{{ config_ip_proto_expect }}" + errors_expected: true + run_cleanup: true + - name: Rule test - invalid IP protocol. + include: "{{ run_config_test }}" + +#---------------------------------------------- +# IP ADDRESS +#---------------------------------------------- + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Create L3 table. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_addr_valid_1 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - valid IP address. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_addr_valid_2 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - valid IP address. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_addr_invalid_1 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid IP address. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_addr_invalid_2 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid IP address. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_addr_invalid_3 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid IP address. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_addr_invalid_4 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid IP address. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_addr_invalid_5 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid IP address. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_addr_invalid_6 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid IP address. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_ip_addr_invalid_7 }}" + test_expect_file: "{{ config_ip_addr_expect }}" + errors_expected: true + run_cleanup: true + - name: Rule test - invalid IP address. + include: "{{ run_config_test }}" + +#---------------------------------------------- +# TCP FLAGS +#---------------------------------------------- + + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + run_cleanup: false + errors_expected: false + - name: Create L3 table. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_tcp_flags_valid_1 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - valid TCP flags. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_tcp_flags_valid_2 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - valid TCP flags. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_tcp_flags_invalid_1 }}" + test_expect_file: "{{ config_tcp_flags_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid TCP flags. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_tcp_flags_invalid_2 }}" + test_expect_file: "{{ config_tcp_flags_expect }}" + errors_expected: true + run_cleanup: true + - name: Rule test - invalid TCP flags. + include: "{{ run_config_test }}" + +#---------------------------------------------- +# L4 port +#---------------------------------------------- + + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Create L3 table. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_l4_port_valid }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - valid L4 port. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_l4_port_invalid_1 }}" + test_expect_file: "{{ config_l4_port_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid L4 port. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_l4_port_invalid_2 }}" + test_expect_file: "{{ config_l4_port_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid L4 port. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_l4_port_invalid_3 }}" + test_expect_file: "{{ config_l4_port_expect }}" + errors_expected: true + run_cleanup: true + - name: Rule test - invalid L4 port. + include: "{{ run_config_test }}" + +#---------------------------------------------- +# Packet action +#---------------------------------------------- + + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Create L3 table. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_packet_action_valid }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - valid packet action. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_packet_action_invalid_1 }}" + test_expect_file: "{{ config_packet_action_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid packet action. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_packet_action_invalid_2 }}" + test_expect_file: "{{ config_packet_action_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid packet action. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_dscp_in_l3_table }}" + test_expect_file: "{{ config_dscp_in_l3_table_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - dscp in L3 table. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_rule_empty_invalid }}" + test_expect_file: "{{ config_rule_empty_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - empty rule with no expectes. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_rule_in_non_existing_table }}" + test_expect_file: "{{ config_rule_in_non_existing_table_expect }}" + errors_expected: true + run_cleanup: true + - name: Rule test - create rule in non-existing table. + include: "{{ run_config_test }}" + +#---------------------------------------------- +# test duplicate rule creation +#---------------------------------------------- + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Create L3 table. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_rule }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - valid rule. + include: "{{ run_config_test }}" + + # Duplicate rule! + - set_fact: + config_file: "{{ config_rule }}" + test_expect_file: "{{ config_duplicate_rule_expect }}" + errors_expected: true + run_cleanup: true + - name: Rule test - duplicate rule creation. + include: "{{ run_config_test }}" + + +#---------------------------------------------------------------------------------- +#---------------------------------------------------------------------------------- +# Delete-test uploads different valid and invalid configs with OP: "DEL" and checks for the errors. +# +# Basic flow: +# 1) Load valid ACL config, which creates table with rule (it's trusted config, so we don't check for errors). +# 2) Upload some valid ACL configs with OP: "DEL". No errors should appear. +# 3) Upload some invalid ACL config OP: "DEL" which tries to remove non-existing object. +# Error messages should appear. +#---------------------------------------------------------------------------------- +#---------------------------------------------------------------------------------- + + # Prepare valid config: create ACL table. + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Create L3 table. + include: "{{ run_config_test }}" + + # Prepare valid config: create ACL rule. + - set_fact: + config_file: "{{ config_rule }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Create a rule inside of ACL table (which is created previously). + include: "{{ run_config_test }}" + + # Invalid table deletion: try to delete existing table that contains rules. + - set_fact: + config_file: "{{ config_del_table_with_rules }}" + test_expect_file: "{{ config_del_table_expect }}" + errors_expected: true + run_cleanup: false + - name: Try to delete existing table with rules (errors expected). + include: "{{ run_config_test }}" + + # Valid rule deletion. + - set_fact: + config_file: "{{ config_del_rule_valid }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Delete an existing rule test. + include: "{{ run_config_test }}" + + # Valid table deletion. + - set_fact: + config_file: "{{ config_del_table_valid }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: true + - name: Delete an existing table test. + include: "{{ run_config_test }}" + + # Prepare valid config: create ACL table. + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Create L3 table. + include: "{{ run_config_test }}" + + # Delete non-existing rule from existing table. + - set_fact: + config_file: "{{ config_del_rule_non_existing }}" + test_expect_file: "{{ config_del_rule_expect }}" + errors_expected: true + run_cleanup: false + - name: Delete non-existing rule test. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_del_table_non_existing }}" + test_expect_file: "{{ config_del_table_expect }}" + errors_expected: true + run_cleanup: true + - name: Delete non-existing table test. + include: "{{ run_config_test }}" + + + # Prepare valid config: create ACL table. + - set_fact: + config_file: "{{ config_table_type_l3 }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Create L3 table. + include: "{{ run_config_test }}" + + # delete table with different fields provided + - set_fact: + config_file: "{{ config_del_table_diff_fields }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: true + - name: Delete table with different fields provided. + include: "{{ run_config_test }}" + + always: + - name: Remove all the temporary files created by the test. + file: path="{{ run_dir }}/{{ item }}" state=absent + with_items: + - "{{ config_files }}" + diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_expect_file new file mode 100644 index 00000000000..8127786da00 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_expect_file @@ -0,0 +1 @@ +r, ".*Failed to delete.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_non_existing.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_non_existing.json new file mode 100644 index 00000000000..51726172541 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_non_existing.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:non_existing_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_valid.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_valid.json new file mode 100644 index 00000000000..92a35b2d133 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_rule_valid.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_diff_fields.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_diff_fields.json new file mode 100644 index 00000000000..c9d38a66d61 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_diff_fields.json @@ -0,0 +1,9 @@ +[ + { + "ACL_TABLE:acl_test_table": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "ports" : "Ethernet4" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_expect_file new file mode 100644 index 00000000000..05f86272d21 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_expect_file @@ -0,0 +1 @@ +r, ".*Failed to delete.*table.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_non_existing.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_non_existing.json new file mode 100644 index 00000000000..7a401bbb6a4 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_non_existing.json @@ -0,0 +1,7 @@ +[ + { + "ACL_TABLE:non_existing_table": { + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_valid.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_valid.json new file mode 100644 index 00000000000..4fd99c3cf76 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_valid.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_with_rules.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_with_rules.json new file mode 100644 index 00000000000..4fd99c3cf76 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_del_table_with_rules.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table.json new file mode 100644 index 00000000000..e93302b550f --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table.json @@ -0,0 +1,12 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_dscp_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD", + "dscp" : "0xFF" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_dscp_in_l3_table_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_duplicate_rule_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_duplicate_rule_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_duplicate_rule_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_empty_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_empty_expect_file new file mode 100644 index 00000000000..e69de29bb2d diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_expect_file new file mode 100644 index 00000000000..820e6566073 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule. Rule configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_1.json new file mode 100644 index 00000000000..4ee6610ffdd --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "ETHER_TYPE" : "hello_world" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_2.json new file mode 100644 index 00000000000..dc0f6fe4507 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "ETHER_TYPE" : "0xABADDD" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_1.json new file mode 100644 index 00000000000..9e849fc5bd3 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "ether_type" : "0xABAC" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_2.json new file mode 100644 index 00000000000..32d9d85a3e9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ether_type_valid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "ETHER_TYPE" : "100" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_expect_file new file mode 100644 index 00000000000..d26dd1569b2 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_expect_file @@ -0,0 +1,2 @@ +r, ".*Unknown table attribute.*" +r, ".* Failed to create.*table. Table configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_invalid.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_invalid.json new file mode 100644 index 00000000000..ed47c3df7dc --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_extra_field_invalid.json @@ -0,0 +1,11 @@ +[ + { + "ACL_TABLE:acl_test_table_extra_field": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "L3", + "ports" : "Ethernet0", + "GATEWAY" : "DEFAULT_GATEWAY" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_1.json new file mode 100644 index 00000000000..66524546ab2 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "150.-1.5.6/25" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_2.json new file mode 100644 index 00000000000..4e6e0ec269b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "150.1.5.6/-25" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_3.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_3.json new file mode 100644 index 00000000000..40532f9c54b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_3.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_3": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "1111.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_4.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_4.json new file mode 100644 index 00000000000..47a0131893c --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_4.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_4": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "hello_world" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_5.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_5.json new file mode 100644 index 00000000000..3ff5ae28e88 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_5.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_5": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "abc.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_6.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_6.json new file mode 100644 index 00000000000..fe83ae3647e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_6.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_6": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "20.0.4.5.55.4/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_7.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_7.json new file mode 100644 index 00000000000..e014fd5d866 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_invalid_7.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_7": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "fe80:90000:0:0:200:f8ff:fe21:67cf/64" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_1.json new file mode 100644 index 00000000000..604d3310792 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_2.json new file mode 100644 index 00000000000..08950defe7d --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_addr_valid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "fe80:0:0:0:200:f8ff:fe21:67cf/64" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_expect_file new file mode 100644 index 00000000000..9a64908d671 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_expect_file @@ -0,0 +1 @@ +r, ".* Failed to create.*rule. Rule configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_1.json new file mode 100644 index 00000000000..73fb711767b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_PROTOCOL" : "0x100" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_2.json new file mode 100644 index 00000000000..ce32c6e0809 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_PROTOCOL" : "IAMJONNY" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_1.json new file mode 100644 index 00000000000..ba337ebfbf2 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_PROTOCOL" : "0x6" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_2.json new file mode 100644 index 00000000000..24695d84ea3 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_proto_valid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_PROTOCOL" : "0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_expect_file new file mode 100644 index 00000000000..c231f631a36 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_expect_file @@ -0,0 +1,2 @@ +r, ".*Failed to create.*rule. Rule configuration is invalid" +r, ".*Failed to create entry.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_1.json new file mode 100644 index 00000000000..2750684d247 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_TYPE" : "4" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_2.json new file mode 100644 index 00000000000..6e310717387 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_TYPE" : "IPv8ANY" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_1.json new file mode 100644 index 00000000000..baf6b53bdfa --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_TYPE" : "IPv6ANY" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_2.json new file mode 100644 index 00000000000..b99a59b292b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_ip_type_valid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "IP_TYPE" : "IPv4ANY" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_1.json new file mode 100644 index 00000000000..b6859929b17 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT" : "-65000" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_2.json new file mode 100644 index 00000000000..97e47bf8ed5 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT" : "hello_world" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_3.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_3.json new file mode 100644 index 00000000000..7a4a6bbdd07 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_invalid_3.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_3": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT" : "67000" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_valid.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_valid.json new file mode 100644 index 00000000000..a0b0219a687 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_l4_port_valid.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT" : "65000" + }, + "OP": "SET" + } +] \ No newline at end of file diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_1.json new file mode 100644 index 00000000000..e3dca29431b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_operation_invalid_1": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET_SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_2.json new file mode 100644 index 00000000000..971c1c5d4d5 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_operation_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_operation_invalid_2": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_expect_file new file mode 100644 index 00000000000..820e6566073 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule. Rule configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_1.json new file mode 100644 index 00000000000..b674ce46ffa --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "DRIVE", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_2.json new file mode 100644 index 00000000000..c70c9dd4959 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "100", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_valid.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_valid.json new file mode 100644 index 00000000000..d7686e6dd60 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_packet_action_valid.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule": { + "priority" : "55", + "PACKET_ACTION" : "DROP", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_expect_file new file mode 100644 index 00000000000..d9b40c912f8 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*table. Table configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_1.json new file mode 100644 index 00000000000..b87156ce34d --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_port_invalid_1": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "L3", + "ports" : "Ethernet9000" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_2.json new file mode 100644 index 00000000000..50ddfd69fb1 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_port_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_port_invalid_2": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "L3", + "ports" : "Ethernet 88" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_expect_file new file mode 100644 index 00000000000..820e6566073 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule. Rule configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_1.json new file mode 100644 index 00000000000..c985ba6ec17 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "-1", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_2.json new file mode 100644 index 00000000000..725b758cf19 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "very_low", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_valid_max.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_valid_max.json new file mode 100644 index 00000000000..968c23b25f2 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_priority_valid_max.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_max": { + "priority" : "16000", + "PACKET_ACTION" : "FORWARD", + "SRC_IP" : "20.0.4.5/24" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule.json new file mode 100644 index 00000000000..a153d8c57bd --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty.json new file mode 100644 index 00000000000..91b36c78cd6 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty.json @@ -0,0 +1,7 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_empty_rule": { + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty_expect_file new file mode 100644 index 00000000000..9c677dcdd15 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_empty_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table.json new file mode 100644 index 00000000000..f3e70d5f55c --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:NON_EXISTING_TABLE:acl_test_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_rule_in_non_existing_table_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_expect_file new file mode 100644 index 00000000000..d9b40c912f8 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*table. Table configuration is invalid" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_1.json new file mode 100644 index 00000000000..d87b68d7614 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_type_invalid_1": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "L10", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_2.json new file mode 100644 index 00000000000..b9c7b468ff9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_type_invalid_2": { + "policy_desc" : "Permit_some_traffic_for_the_customer_#4", + "type" : "FORWARD", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_l3.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_l3.json new file mode 100644 index 00000000000..50c5bf97fc4 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_table_type_l3.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_expect_file b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_1.json new file mode 100644 index 00000000000..88d0e525a9e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "TCP_FLAGS" : "IAMJONNY" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_2.json new file mode 100644 index 00000000000..9a8e9b652af --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "TCP_FLAGS" : "0xFAAAAAA" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_1.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_1.json new file mode 100644 index 00000000000..1fc8c396df9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "TCP_FLAGS" : "FA" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_2.json b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_2.json new file mode 100644 index 00000000000..92c8685318b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/config_tcp_flags_valid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_valid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "TCP_FLAGS" : "0xFA" + }, + "OP": "SET" + } +] From 46183f44530b0da55ba334cb9a7cdae4a1d0edae Mon Sep 17 00:00:00 2001 From: Anton Patenko Date: Sat, 14 Jan 2017 12:46:37 +0200 Subject: [PATCH 4/9] ACL testing: added traffic test. --- .../roles/test/files/acstests/acl_tcp_test.py | 152 ++++++++++++++++++ ansible/roles/test/tasks/acl.yml | 3 + .../acl/acl_traffic_test/acl_traffic_test.yml | 150 +++++++++++++++++ .../acl_traffic_test/config_empty_expect_file | 0 .../config_traffic_drop_dst_ip.json | 18 +++ .../config_traffic_drop_ether_ip.json | 18 +++ .../config_traffic_drop_ip_protocol.json | 18 +++ .../config_traffic_drop_ip_type.json | 18 +++ .../config_traffic_drop_l4_dst_port.json | 18 +++ .../config_traffic_drop_l4_src_port.json | 18 +++ .../config_traffic_drop_priority.json | 27 ++++ .../config_traffic_drop_src_ip.json | 18 +++ .../config_traffic_drop_tcp_flags.json | 18 +++ .../acl/acl_traffic_test/run_ping_test.yml | 58 +++++++ .../acl/acl_traffic_test/run_ptf_test.yml | 78 +++++++++ 15 files changed, 612 insertions(+) create mode 100644 ansible/roles/test/files/acstests/acl_tcp_test.py create mode 100644 ansible/roles/test/tasks/acl/acl_traffic_test/acl_traffic_test.yml create mode 100644 ansible/roles/test/tasks/acl/acl_traffic_test/config_empty_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_dst_ip.json create mode 100644 ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ether_ip.json create mode 100644 ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_protocol.json create mode 100644 ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_type.json create mode 100644 ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_dst_port.json create mode 100644 ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_src_port.json create mode 100644 ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_priority.json create mode 100644 ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_src_ip.json create mode 100644 ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_tcp_flags.json create mode 100644 ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml create mode 100644 ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml diff --git a/ansible/roles/test/files/acstests/acl_tcp_test.py b/ansible/roles/test/files/acstests/acl_tcp_test.py new file mode 100644 index 00000000000..46f5b092f27 --- /dev/null +++ b/ansible/roles/test/files/acstests/acl_tcp_test.py @@ -0,0 +1,152 @@ +import ptf.packet as scapy +import ptf.dataplane as dataplane +import acs_base_test +from ptf.base_tests import BaseTest +from ptf.testutils import * +from ptf.mask import Mask +import scapy.all as scapy2 +from time import sleep +from threading import Thread + +class FailingTest(BaseTest): + ''' + Test designed to fail + ''' + def runTest(self): + a = 5 / 0 + pass + +class SucceessTest(BaseTest): + ''' + Test designed for success + ''' + def runTest(self): + pass + +class SendTCP(acs_base_test.ACSDataplaneTest): + ''' + FIN = 0x01 + SYN = 0x02 + RST = 0x04 + PSH = 0x08 + ACK = 0x10 + URG = 0x20 + ECE = 0x40 + CWR = 0x80 + ''' + + def pkt_callback(self, pkt): + if pkt.haslayer(scapy2.TCP) and pkt.getlayer(scapy2.IP).src == "22.0.0.2": + self.sniffed_cnt += 1 + + def Sniffer(self, interface): + self.sniffed_cnt = 0 + scapy2.sniff(iface="eth2", prn=self.pkt_callback, store=0, timeout=3) + + def runTest(self): + + pkt = scapy2.Ether() + pkt /= scapy2.IP(src="21.0.0.2", dst="22.0.0.2") + pkt /= scapy2.TCP(dport = 80, flags="S", seq=42) + pkt /= ("badabadaboom") + + t = Thread(target=self.Sniffer, args=("eth2",)) + t.start() + scapy2.sendp(pkt, iface='eth2') + sleep(4) + # fail if no reply + if self.sniffed_cnt == 0: + self.assertTrue(False) + + + #res = scapy2.sniff(iface="eth2", timeout=3) + #print res + #if res: + # raise + + #if reply: + # raise + #print "================______====\n" + #print reply + #print error + #print "================______====\n" + #if reply: + # reply.show() + #(rcv_device, rcv_port, rcv_pkt, pkt_time) = dp_poll(self, device_number=0, port_number=0, timeout=5) + #send_packet(self, 0, pkt) + #(rcv_device, rcv_port, rcv_pkt, pkt_time) = dp_poll(self, device_number=0, port_number=0, timeout=5) + + +# verify_packet(self, masked_exp_pkt, 1) + + + #mpkt = Mask(pkt) + #mpkt.set_do_not_care(0, 14*8) + #mpkt.set_do_not_care(16*8, 49*8) + #verify_packet(self, mpkt, 0) + #(rcv_device, rcv_port, rcv_pkt, pkt_time) = dp_poll(self, device_number=0, port_number=0, timeout=5) + #print "================______====\n" + #y = 0 + #for x in rcv_pkt: + # print "%d - %X" % (y, ord(x)) + # y +=1 +""" +(rcv_device, rcv_port, rcv_pkt, pkt_time) = dp_poll(self, device_number=0, timeout=3) + print "================______====\n" + y = 0 + for x in rcv_pkt: + print "%d - %X" % (y, ord(x)) + y +=1 + + y = 0 + for x in str(pkt): + print "%d - %X" % (y, ord(x)) + y +=1 +""" + + +""" + + pkt = scapy.Ether() + pkt /= scapy.IP(src="21.0.0.2", dst="22.0.0.2") + pkt /= scapy.TCP(sport = 8192, dport = 80, flags="S", seq=42) + m = Mask.Mask(pkt) + m.set_do_not_care_scapy(Ether, 'src') + m.set_do_not_care_scapy(Ether, 'dst') + m.set_do_not_care_scapy(IP, 'ttl') + m.set_do_not_care_scapy(IP, 'len') + m.set_do_not_care_scapy(IP, 'flags') + verify_packet(self, pkt, 0); + verify_packets(, m) + + +Test ACL permition + + +import ptf.packet as scapy + +import ptf.dataplane as dataplane +import acs_base_test + +from ptf.testutils import * +from ptf.mask import Mask + + +class ACLpermit(acs_base_test.ACSDataplaneTest): + def runTest(self): + print "The test is passed" + pass + # pkt = simple_ip_packet( eth_dst='00:01:02:03:04:05', + # eth_src='00:06:07:08:09:0a', + # ip_src='192.168.0.1', + # ip_dst='192.168.0.2', + # ip_ttl=64) + # send_packet(self, port, pkt) + + # pkt = scapy.Ether() + # pkt /= scapy.IP(src="20.0.0.2", dst="21.0.0.2") + # pkt /= scapy.TCP() + # pkt /= ("Yellow Sun") + # send_packet(self, 1, pkt) + # verify_packet(self, pkt, 2) +""" diff --git a/ansible/roles/test/tasks/acl.yml b/ansible/roles/test/tasks/acl.yml index 1c6c4f6fff9..0d9d618bbc8 100644 --- a/ansible/roles/test/tasks/acl.yml +++ b/ansible/roles/test/tasks/acl.yml @@ -33,6 +33,9 @@ - name: Test orchagent logic. include: "{{ tests_location }}/acl_orchagent_logic_test/acl_orchagent_logic_test.yml" + - name: Test traffic. + include: "{{ tests_location }}/acl_traffic_test/acl_traffic_test.yml" + always: - name: General cleanup. file: path="{{ item }}" state=absent diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/acl_traffic_test.yml b/ansible/roles/test/tasks/acl/acl_traffic_test/acl_traffic_test.yml new file mode 100644 index 00000000000..8f90ad8319c --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/acl_traffic_test.yml @@ -0,0 +1,150 @@ +#----------------------------------------- +# Perform ACL traffic tests +#----------------------------------------- + + +- fail: msg="Please set ptf_host variable" + when: ptf_host is not defined + +- set_fact: + host1_ip : 21.0.0.2 + host2_ip : 22.0.0.2 + subnet1 : 21.0.0.0/24 + subnet2 : 22.0.0.0/24 + switch_ip1 : 21.0.0.1 + switch_ip2 : 22.0.0.1 + host_testdir: "{{ '/tmp' }}" + + run_ping_test: "{{ tests_location }}/acl_traffic_test/run_ping_test.yml" + run_ptf_test: "{{ tests_location }}/acl_traffic_test/run_ptf_test.yml" + + config_traffic_drop_ether_ip: "{{ 'config_traffic_drop_ether_ip.json' }}" + config_traffic_drop_src_ip: "{{ 'config_traffic_drop_src_ip.json' }}" + config_traffic_drop_dst_ip: "{{ 'config_traffic_drop_dst_ip.json' }}" + config_traffic_drop_l4_src_port: "{{ 'config_traffic_drop_l4_src_port.json' }}" + config_traffic_drop_l4_dst_port: "{{ 'config_traffic_drop_l4_dst_port.json' }}" + config_traffic_drop_ip_protocol: "{{ 'config_traffic_drop_ip_protocol.json' }}" + config_traffic_drop_ip_type: "{{ 'config_traffic_drop_ip_type.json' }}" + config_traffic_drop_tcp_flags: "{{ 'config_traffic_drop_tcp_flags.json' }}" + config_traffic_drop_priority: "{{ 'config_traffic_drop_priority.json' }}" + config_empty_expect: "{{ 'config_empty_expect_file' }}" + + match_file: "{{ 'loganalyzer_common_match.txt' }}" + ignore_file: "{{ 'loganalyzer_common_ignore.txt' }}" + + loganalyzer_init: "{{ 'roles/test/files/tools/loganalyzer/loganalyzer_init.yml' }}" + loganalyzer_analyze: "{{ 'roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml' }}" + + testname: "{{ 'acl_traffic_test' }}" + +- set_fact: + config_files: + - "{{ config_traffic_drop_ether_ip }}" + - "{{ config_traffic_drop_src_ip }}" + - "{{ config_traffic_drop_dst_ip }}" + - "{{ config_traffic_drop_l4_src_port }}" + - "{{ config_traffic_drop_l4_dst_port }}" + - "{{ config_traffic_drop_ip_protocol }}" + - "{{ config_traffic_drop_ip_type }}" + - "{{ config_traffic_drop_tcp_flags }}" + - "{{ config_traffic_drop_priority }}" + +- name: Copy JSON configs onto switch. + copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" + with_items: + - "{{ config_files }}" + +- name: Copy JSON configs from switch into docker filesystem. + command: docker cp "{{ run_dir }}/{{ item }}" orchagent:{{ docker_testdir }}/{{ item }} + with_items: + - "{{ config_files }}" + +- name: Create target directory + file: path={{ host_testdir }}/acstests state=directory + delegate_to: "{{ ptf_host }}" + +- name: Copy PTF tests + copy: src="roles/test/files/acstests/{{ item }}" dest="{{ host_testdir }}/acstests/{{ item }}" + with_items: + - "acl_tcp_test.py" + - "acs_base_test.py" + delegate_to: "{{ ptf_host }}" + +- block: + - set_fact: + config_file: "{{ config_traffic_drop_ether_ip }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + - name: ACL drop traffic by ether type test + include: "{{ run_ping_test }}" + + - set_fact: + config_file: "{{ config_traffic_drop_src_ip }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + - name: ACL drop traffic by source ip address test + include: "{{ run_ping_test }}" + + - set_fact: + config_file: "{{ config_traffic_drop_dst_ip }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + - name: ACL drop traffic by destination ip address test + include: "{{ run_ping_test }}" + + - set_fact: + config_file: "{{ config_traffic_drop_ip_protocol }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + - name: ACL drop traffic by ip prototype test + include: "{{ run_ping_test }}" + + - set_fact: + config_file: "{{ config_traffic_drop_ip_type }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + - name: ACL drop traffic by ip type test + include: "{{ run_ping_test }}" + + - set_fact: + config_file: "{{ config_traffic_drop_priority }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: true + - name: ACL drop traffic by tcp flags test + include: "{{ run_ping_test }}" + + - set_fact: + config_file: "{{ config_traffic_drop_l4_dst_port }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + - name: ACL drop traffic by destination l4 port test + include: "{{ run_ptf_test }}" + + - set_fact: + config_file: "{{ config_traffic_drop_l4_src_port }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + - name: ACL drop traffic by source l4 port test + include: "{{ run_ptf_test }}" + + - set_fact: + config_file: "{{ config_traffic_drop_tcp_flags }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: true + run_cleanup: true + - name: ACL drop traffic by tcp flags test + include: "{{ run_ptf_test }}" + + always: + - name: Remove all the temporary created by the test. + file: path="{{ run_dir }}/{{ item }}" state=absent + with_items: + - "{{ config_files }}" diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_empty_expect_file b/ansible/roles/test/tasks/acl/acl_traffic_test/config_empty_expect_file new file mode 100644 index 00000000000..e69de29bb2d diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_dst_ip.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_dst_ip.json new file mode 100644 index 00000000000..41b358f958c --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_dst_ip.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic_to_21.0.0.1", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "DST_IP" : "21.0.0.1/24", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ether_ip.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ether_ip.json new file mode 100644 index 00000000000..692939707f2 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ether_ip.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "ETHER_TYPE" : "0x800", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_protocol.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_protocol.json new file mode 100644 index 00000000000..fbfa2d9343f --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_protocol.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_ICMP_Traffic", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "IP_PROTOCOL" : "1", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_type.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_type.json new file mode 100644 index 00000000000..c6de2433b77 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_ip_type.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_any_IPv4_Traffic", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "IP_TYPE" : "IPv4ANY", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_dst_port.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_dst_port.json new file mode 100644 index 00000000000..5207a52494c --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_dst_port.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic_to_l4_port", + "type" : "L3", + "ports" : "Ethernet0,Ethernet4" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "L4_DST_PORT" : "80", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_src_port.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_src_port.json new file mode 100644 index 00000000000..851129f9795 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_l4_src_port.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic_from_l4_port", + "type" : "L3", + "ports" : "Ethernet0,Ethernet4" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "L4_SRC_PORT" : "80", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_priority.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_priority.json new file mode 100644 index 00000000000..81bde5608f5 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_priority.json @@ -0,0 +1,27 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "IP_TYPE" : "IPv4ANY", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheForward": { + "priority" : "66", + "IP_TYPE" : "IPv4ANY", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "SET" + } + +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_src_ip.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_src_ip.json new file mode 100644 index 00000000000..73e82b8a5da --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_src_ip.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic_from_21.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "SRC_IP" : "21.0.0.2/24", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_tcp_flags.json b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_tcp_flags.json new file mode 100644 index 00000000000..4660eab80c9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/config_traffic_drop_tcp_flags.json @@ -0,0 +1,18 @@ +[ + { + "ACL_TABLE:Drop_IP": { + "policy_desc" : "Drop_IP_Traffic", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:Drop_IP:TheDrop": { + "priority" : "55", + "TCP_FLAGS" : "0x02", + "PACKET_ACTION" : "DROP" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml new file mode 100644 index 00000000000..6ff3327ae41 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml @@ -0,0 +1,58 @@ +- block: + - set_fact: + testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" + + - set_fact: + test_out_dir: "{{ out_dir }}/{{ testname_unique }}" + summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" + result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}" + + - name: Configure link + command: docker exec -i syncd sx_api_port_speed_set_100G.py + + - name: Wait for link + command: sleep 40 + + - name: Execute ping from host to switch to validate link + shell: ping {{ switch_ip1 }} -c 3 + register: pingrc + failed_when: pingrc.rc != 0 + delegate_to: "{{ ptf_host }}" + + - name: Start log analyser + include: "{{ loganalyzer_init }}" + + - name: Set ACL rules. + command: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_file }} + + - debug: msg="=== test json = {{ config_file }}" + + - name: Execute ping from host to switch + shell: ping {{ switch_ip1 }} -c 3 + register: pingrc + failed_when: (pingrc.rc != 0 and errors_expected == false) or (pingrc.rc == 0 and errors_expected == true) + delegate_to: "{{ ptf_host }}" + + always: + - name: Stop log analyser + include: "{{ loganalyzer_analyze }}" + + - name: Get the total number of error messages. + shell: grep "TOTAL MATCHES" "{{ test_out_dir }}/{{ summary_file }}" | sed -n "s/TOTAL MATCHES:[[:space:]]*//p" + register: errors_found + + - name: Check the number of error messages (positive tests only). + fail: msg="{{ errors_found.stdout }} errors found while running {{ testname }} / {{ config_file }}. Please see {{ test_out_dir }}/{{ result_file }}" + when: errors_found.stdout != "0" + + - name: Do configuration cleanup after the test + command: systemctl restart orchagent + register: clean_up + when: run_cleanup == true + + - fail: msg="Failed to cleanup the ACL configuration" + when: clean_up.rc != 0 and run_cleanup == true + + - name: Wait for orchagent initialization + command: sleep 35 + when: run_cleanup == true diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml new file mode 100644 index 00000000000..230b72eaf72 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml @@ -0,0 +1,78 @@ +- block: + - set_fact: + testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" + + - set_fact: + test_out_dir: "{{ out_dir }}/{{ testname_unique }}" + summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" + result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}" + + - name: Configure link + command: docker exec -i syncd sx_api_port_speed_set_100G.py + + - name: Wait for link + command: sleep 40 + + - name: Execute ping from host to switch to validate link + shell: ping {{ switch_ip1 }} -c 3 + register: pingrc + failed_when: pingrc.rc != 0 + delegate_to: "{{ ptf_host }}" + + - name: Execute ping from host2 to switch to validate link + shell: ping {{ switch_ip2 }} -c 3 + register: pingrc + failed_when: pingrc.rc != 0 + delegate_to: "{{ ptf_host2 }}" + + - name: Add route on host1 + shell: ip route add {{ subnet2 }} via {{ switch_ip1 }} + failed_when: false + delegate_to: "{{ ptf_host }}" + + - name: Add route on host2 + shell: ip route add {{ subnet1 }} via {{ switch_ip2 }} + failed_when: false + delegate_to: "{{ ptf_host2 }}" + + - name: Start log analyser + include: "{{ loganalyzer_init }}" + + - name: Set ACL rules. + command: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_file }} + + - debug: msg="======================= PTF TEST ==========================" + + - name: Send some TCP packets + shell: ptf --test-dir acstests acl_tcp_test.SendTCP --interface 0@eth2 + args: + chdir: "{{ host_testdir }}" + register: ptfrc + failed_when: (ptfrc.rc != 0 and errors_expected == false) or (ptfrc.rc == 0 and errors_expected == true) + delegate_to: "{{ ptf_host }}" + + - debug: msg="======================= PTF END {{ ptfrc.rc }} ===========" + + always: + - name: Stop log analyser + include: "{{ loganalyzer_analyze }}" + + - name: Get the total number of error messages. + shell: grep "TOTAL MATCHES" "{{ test_out_dir }}/{{ summary_file }}" | sed -n "s/TOTAL MATCHES:[[:space:]]*//p" + register: errors_found + + - name: Check the number of error messages (positive tests only). + fail: msg="{{ errors_found.stdout }} errors found while running {{ testname }} / {{ config_file }}. Please see {{ test_out_dir }}/{{ result_file }}" + when: errors_found.stdout != "0" + + - name: Do configuration cleanup after the test + command: systemctl restart orchagent + register: clean_up + when: run_cleanup == true + + - fail: msg="Failed to cleanup the ACL configuration" + when: clean_up.rc != 0 and run_cleanup == true + + - name: Wait for orchagent initialization + command: sleep 35 + when: run_cleanup == true From 6975aff3dd4cc1caa0691f495f1d1532706b2fc9 Mon Sep 17 00:00:00 2001 From: Anton Patenko Date: Sat, 14 Jan 2017 12:52:59 +0200 Subject: [PATCH 5/9] ACL testing: added counters test (by running traffic) --- ansible/roles/test/tasks/acl.yml | 3 + .../acl_counter_traffic_test/acl_check_db.yml | 35 ++++ .../acl_counter_traffic_test.yml | 198 ++++++++++++++++++ .../config_mirror_session.json | 14 ++ .../acl_counter_traffic_test/config_rule.json | 11 + .../config_rule_delete.json | 7 + .../config_rule_mirror.json | 11 + .../config_rule_mirror_delete.json | 7 + .../config_table_type_l3.json | 10 + .../config_table_type_mirror.json | 10 + .../roles/test/tasks/acl/set_ports_speed.yml | 5 + 11 files changed, 311 insertions(+) create mode 100644 ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_check_db.yml create mode 100644 ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml create mode 100644 ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_mirror_session.json create mode 100644 ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule.json create mode 100644 ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_delete.json create mode 100644 ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror.json create mode 100644 ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror_delete.json create mode 100644 ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_l3.json create mode 100644 ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_mirror.json create mode 100644 ansible/roles/test/tasks/acl/set_ports_speed.yml diff --git a/ansible/roles/test/tasks/acl.yml b/ansible/roles/test/tasks/acl.yml index 0d9d618bbc8..9633c320e0d 100644 --- a/ansible/roles/test/tasks/acl.yml +++ b/ansible/roles/test/tasks/acl.yml @@ -36,6 +36,9 @@ - name: Test traffic. include: "{{ tests_location }}/acl_traffic_test/acl_traffic_test.yml" + - name: Test counters traffic. + include: "{{ tests_location }}/acl_counter_traffic_test/acl_counter_traffic_test.yml" + always: - name: General cleanup. file: path="{{ item }}" state=absent diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_check_db.yml b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_check_db.yml new file mode 100644 index 00000000000..d16f7a5721d --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_check_db.yml @@ -0,0 +1,35 @@ + +- block: + - name: Check if Redis DB contains corresponding data. + shell: docker exec -i database redis-cli -n 1 KEYS \* | grep "ASIC_STATE:SAI_OBJECT_TYPE_ACL_COUNTER" + register: grep_redis + failed_when: (expect_data == true and grep_redis.rc != 0) or (expect_data == false and grep_redis.rc == 0) + + - name: Wait for data to be written into Counters DB ... + shell: sleep 10 + + - name: Read counters value. + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name_check }}:{{ rule_name_check }}" Packets + register: counters_value + when: expect_data == true + + - name: Check if corresponding data was removed from Counters DB. + shell: docker exec -i database redis-cli -n 2 KEYS \* | grep {{ rule_name_check }} + register: grep_counters + failed_when: grep_counters.rc == 0 + when: expect_data == false + + always: + # check for successful creating. + - fail: msg="Failed to find corresponding data in Redis DB. Used {{ table_name_check }} / {{ rule_name_check }}" + when: expect_data == true and grep_redis.rc != 0 + + - fail: msg="Failed to find corresponding data in Counters DB. Used {{ table_name_check }} / {{ rule_name_check }}" + when: expect_data == true and counters_value.stdout != "{{ expected_counter_value }}" + + # check for successful deleting. + - fail: msg="Failed to delete corresponding rule-data from Redis DB. Used {{ table_name_check }} / {{ rule_name_check }}" + when: expect_data == false and grep_redis.rc == 0 + + - fail: msg="Failed to delete corresponding rule-data from Counters DB. Used {{ table_name_check }} / {{ rule_name_check }}" + when: expect_data == false and grep_counters.rc == 0 diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml new file mode 100644 index 00000000000..1a3a7030459 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml @@ -0,0 +1,198 @@ +#---------------------------------------------------- +# @ COUNTER TRAFFIC TEST. +# @ Checks if counters have got proper value after some packets ran. +#---------------------------------------------------- + +- fail: msg="Please set ptf_host variable" + when: ptf_host is not defined + +- fail: msg="Please set ptf_host_if variable (interface that host is connected to switch)" + when: ptf_host_if is not defined + +- set_fact: + acl_check_db: "{{ '{{ tests_location }}/acl_counter_traffic_test/acl_check_db.yml' }}" + + config_table_type_l3: "{{ 'config_table_type_l3.json' }}" + config_rule: "{{ 'config_rule.json' }}" + config_rule_delete: "{{ 'config_rule_delete.json' }}" + + config_mirror_session: "{{ 'config_mirror_session.json' }}" + config_table_type_mirror: "{{ 'config_table_type_mirror.json' }}" + config_rule_mirror: "{{ 'config_rule_mirror.json' }}" + config_rule_mirror_delete: "{{ 'config_rule_mirror_delete.json' }}" + + table_name: "{{ 'acl_test_table' }}" + rule_name: "{{ 'acl_config_rule' }}" + mirror_table_name: "{{ 'acl_test_table_mirror' }}" + mirror_rule_name: "{{ 'acl_config_rule_mirror' }}" + + switch_if1_ip: "{{ '20.0.0.1' }}" + switch_if2_ip: "{{ '21.0.0.1' }}" + dst_mirror_subnet: "{{ '2.0.0.0/24' }}" + packets_sent: "{{ '3' }}" + testname: "{{ 'acl_counter_traffic_test' }}" + +- set_fact: + config_files: + - "{{ config_table_type_l3 }}" + - "{{ config_rule }}" + - "{{ config_rule_delete }}" + - "{{ config_mirror_session }}" + - "{{ config_table_type_mirror }}" + - "{{ config_rule_mirror }}" + - "{{ config_rule_mirror_delete }}" + +- name: Copy JSON configs onto switch. + copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" + with_items: + - "{{ config_files }}" + +- name: Copy JSON configs from switch into docker filesystem. + shell: docker cp "{{ run_dir }}/{{ item }}" orchagent:{{ docker_testdir }}/{{ item }} + with_items: + - "{{ config_files }}" + +- block: + +#---------------------------------------- +# L3 TRAFFIC TESTING. +#---------------------------------------- + - name: Set host interface IP address. + shell: ifconfig {{ ptf_host_if }} 20.0.0.2 + delegate_to: "{{ ptf_host }}" + + # todo: remove when config is done by IT dept. + - name: Run script that sets ports speed. + include: "{{ set_ports_speed }}" + + - name: Create an ACL L3 table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }} + + - name: Create a rule within L3 table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_rule }} + + - set_fact: + table_name_check: "{{ table_name }}" + rule_name_check: "{{ rule_name }}" + expect_data: true + expected_counter_value: "{{ '0' }}" + - name: Check if {{ rule_name}} data is written into DBs. + include: "{{ acl_check_db }}" + + - name: Read initial counters value (before ping). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_name }}" Packets + register: counters_value_initial + - debug: var="counters_value_initial|int" + + - name: Ping switch from host. + shell: ping -c {{ packets_sent|int }} {{ switch_if1_ip }} + delegate_to: "{{ ptf_host }}" + register: ping_result + failed_when: ping_result.rc != 0 + + - name: Wait for counters to update (it updates every 10 sec) ... + shell: sleep 10 + + - name: Read result counters value (after ping). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_name }}" Packets + register: counters_value_result + - debug: var="counters_value_result|int" + + - fail: msg="Counters value is not equal to number of packets transmitted" + when: (counters_value_result.stdout|int - counters_value_initial.stdout|int) != packets_sent|int + + # Use another dst address and make sure counter doesn't increase. + - name: Ping switch from host to another interface. + shell: ping -c {{ packets_sent|int }} {{ switch_if2_ip }} -I {{ ptf_host_if }} + delegate_to: "{{ ptf_host }}" + register: ping_result + failed_when: ping_result.rc == 0 + + - name: Wait for counters to update (it updates every 10 sec) ... + shell: sleep 10 + + - name: Read counters value. + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_name }}" Packets + register: counters_value_result + + - fail: msg="Counters value is not equal to number of packets transmitted. Used {{ table_name}} / {{ rule_name }}" + when: (counters_value_result.stdout|int - counters_value_initial.stdout|int) != packets_sent|int + + # Delete rule and check if config is deleted as well + - name: Delete L3-rule. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_rule_delete }} + + - set_fact: + table_name_check: "{{ table_name }}" + rule_name_check: "{{ rule_name }}" + expect_data: false + - name: Check if {{ rule_name}} data is removed from DBs. + include: "{{ acl_check_db }}" + +#-------------------- +# MIRROR TRAFFIC TESTING. +#-------------------- + + - name: Create a mirror session. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_mirror_session }} + + - name: Create a mirror table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_mirror }} + + - name: Add neighbor. + shell: ip neigh add {{ switch_if1_ip }} lladdr 0e:9c:37:42:43:67 dev Ethernet0 + + - name: Add route. + shell: ip route add {{ dst_mirror_subnet }} via {{ switch_if1_ip }} + + - name: Create a rule within mirror table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_rule_mirror }} + + - set_fact: + table_name_check: "{{ mirror_table_name }}" + rule_name_check: "{{ mirror_rule_name }}" + expect_data: true + expected_counter_value: "{{ '0' }}" + - name: Check that {{ mirror_rule_name }} data is written into DBs. + include: "{{ acl_check_db }}" + + - name: Read initial counters value (before ping). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ mirror_table_name }}:{{ mirror_rule_name }}" Packets + register: counters_value_initial + + - name: Ping switch from host to check counters of mirror rule. + shell: ping -c {{ packets_sent|int }} {{ switch_if1_ip }} + delegate_to: "{{ ptf_host }}" + register: ping_result + failed_when: ping_result.rc != 0 + + - name: Wait for counters to update (it updates every 10 sec) ... + shell: sleep 10 + + - name: Read result counters value (after ping). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ mirror_table_name }}:{{ mirror_rule_name }}" Packets + register: counters_value_result + + - fail: msg="Counters value is not equal to number of packets transmitted" + when: (counters_value_result.stdout|int - counters_value_initial.stdout|int) != packets_sent|int + + - name: Delete mirror-rule. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_rule_mirror_delete }} + + - set_fact: + table_name_check: "{{ mirror_table_name }}" + rule_name_check: "{{ mirror_rule_name }}" + expect_data: false + - name: Check that {{ mirror_rule_name }} data is removed from DBs. + include: "{{ acl_check_db }}" + + + # CLEANUP. + - name: Run config cleanup after {{ testname}} + include: "{{ run_config_cleanup }}" + +- always: + - name: Remove all the temporary files created by the test. + file: path="{{ run_dir }}/{{ item }}" state=absent + with_items: + - "{{ config_files }}" diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_mirror_session.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_mirror_session.json new file mode 100644 index 00000000000..17809a5cbf7 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_mirror_session.json @@ -0,0 +1,14 @@ +[ + { + "MIRROR_SESSION_TABLE:session1": { + "src_ip": "20.0.0.2", + "dst_ip": "2.2.2.4", + "gre_type": "0x6558", + "dscp": "50", + "ttl": "10", + "queue": "5" + }, + "OP": "SET" + } +] + diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule.json new file mode 100644 index 00000000000..501254cef38 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_config_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "20.0.0.1/24", + "PACKET_ACTION" : "FORWARD" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_delete.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_delete.json new file mode 100644 index 00000000000..25aa5051d6a --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_delete.json @@ -0,0 +1,7 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_config_rule": { + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror.json new file mode 100644 index 00000000000..3941897a0d9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table_mirror:acl_config_rule_mirror": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "20.0.0.1/24", + "MIRROR_ACTION" : "session1" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror_delete.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror_delete.json new file mode 100644 index 00000000000..41a6b985bb0 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_rule_mirror_delete.json @@ -0,0 +1,7 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table_mirror:acl_config_rule_mirror": { + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_l3.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_l3.json new file mode 100644 index 00000000000..50c5bf97fc4 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_l3.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_mirror.json b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_mirror.json new file mode 100644 index 00000000000..34913d823d0 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/config_table_type_mirror.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_mirror": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "MIRROR", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/set_ports_speed.yml b/ansible/roles/test/tasks/acl/set_ports_speed.yml new file mode 100644 index 00000000000..c68ee8ab5d2 --- /dev/null +++ b/ansible/roles/test/tasks/acl/set_ports_speed.yml @@ -0,0 +1,5 @@ +- name: Set proper port speed (to activate mirror session). + command: docker exec -i syncd sx_api_port_speed_set_100G.py + +- name: Wait for speed to be set. + command: sleep 40 From 4d57486036368b5bfa5c0886096b78fcb53b435c Mon Sep 17 00:00:00 2001 From: Anton Patenko Date: Sat, 14 Jan 2017 12:55:08 +0200 Subject: [PATCH 6/9] ACL testing: added L4 port ranges test: 1) syntax test 2) traffic test --- .../acstests/acl_port_range_traffic_test.py | 26 ++ ansible/roles/test/tasks/acl.yml | 3 + .../acl_port_range_test.yml | 408 ++++++++++++++++++ .../config_delete_different_port_range.json | 10 + .../config_delete_limited_port_range.json | 10 + .../config_empty_expect_file | 0 .../config_l4_full_port_range.json | 10 + .../config_l4_limited_port_range.json | 10 + .../config_l4_port_range_1_on_l3_table.json | 10 + .../config_l4_port_range_2_on_l3_table.json | 11 + .../config_l4_port_range_expect_file | 1 + .../config_l4_port_range_invalid_1.json | 10 + .../config_l4_port_range_invalid_2.json | 10 + .../config_l4_port_range_invalid_3.json | 10 + .../config_l4_port_range_invalid_4.json | 10 + .../config_l4_port_range_invalid_5.json | 11 + .../config_l4_port_range_invalid_6.json | 11 + .../config_l4_port_range_invalid_7.json | 12 + .../config_l4_port_range_invalid_8.json | 138 ++++++ .../config_l4_port_range_on_mirror_table.json | 12 + .../config_mirror_session.json | 14 + .../config_rule_mirror.json | 11 + .../config_table_type_l3.json | 10 + .../config_table_type_mirror.json | 10 + .../test/tasks/acl/run_analyze_and_check.yml | 17 + .../roles/test/tasks/acl/run_loganalyzer.yml | 23 + 26 files changed, 808 insertions(+) create mode 100644 ansible/roles/test/files/acstests/acl_port_range_traffic_test.py create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_different_port_range.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_limited_port_range.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_empty_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_full_port_range.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_limited_port_range.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_1_on_l3_table.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_2_on_l3_table.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_expect_file create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_1.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_2.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_3.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_4.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_5.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_6.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_7.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_8.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_on_mirror_table.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_mirror_session.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_rule_mirror.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_l3.json create mode 100644 ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_mirror.json create mode 100644 ansible/roles/test/tasks/acl/run_analyze_and_check.yml create mode 100644 ansible/roles/test/tasks/acl/run_loganalyzer.yml diff --git a/ansible/roles/test/files/acstests/acl_port_range_traffic_test.py b/ansible/roles/test/files/acstests/acl_port_range_traffic_test.py new file mode 100644 index 00000000000..9eb5df7f940 --- /dev/null +++ b/ansible/roles/test/files/acstests/acl_port_range_traffic_test.py @@ -0,0 +1,26 @@ +import sys +import ptf.packet as scapy +import ptf.dataplane as dataplane +import acs_base_test +from ptf.base_tests import BaseTest +import ptf.testutils as testutils +from ptf.testutils import * +import scapy.all as scapy2 + +class SendTCP(acs_base_test.ACSDataplaneTest): + def runTest(self): + pkt = scapy2.Ether(src="e4:1d:2d:a5:f3:ac", dst="00:02:03:04:05:00") + pkt /= scapy2.IP(src="20.0.0.2", dst="20.0.0.1") + + # get L4 port number + port_number = testutils.test_params_get("port_number") + port = port_number["port_number"] + pkt /= scapy2.TCP(sport = int(port)) + pkt /= ("badabadaboom") + + # get packets number + count = testutils.test_params_get("count") + pack_number = count["count"] + + # send packets + send(self, 0, pkt, int(pack_number)) diff --git a/ansible/roles/test/tasks/acl.yml b/ansible/roles/test/tasks/acl.yml index 9633c320e0d..16aeca7c8e0 100644 --- a/ansible/roles/test/tasks/acl.yml +++ b/ansible/roles/test/tasks/acl.yml @@ -39,6 +39,9 @@ - name: Test counters traffic. include: "{{ tests_location }}/acl_counter_traffic_test/acl_counter_traffic_test.yml" + - name: Test L4 ports. + include: "{{ tests_location }}/acl_port_range_test/acl_port_range_test.yml" + always: - name: General cleanup. file: path="{{ item }}" state=absent diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml b/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml new file mode 100644 index 00000000000..c16d45361f9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml @@ -0,0 +1,408 @@ +#---------------------------------------------- +# L4 PORT RANGE TESTING. +# This script performs both traffic and configuration testing. +# +# It includes: +# 1) Testing of the valid configuration (both L3 and mirror) +# 2) Testing of the invalid configuration (L3) +# 3) Testing of the deleting configuration (L3) +# 4) Traffic testing (L3) +#---------------------------------------------- + +- fail: msg="Please set ptf_host variable" + when: ptf_host is not defined + +- fail: msg="Please set ptf_host_if variable (interface that host is connected to switch)" + when: ptf_host_if is not defined + +- fail: msg="Please set switch_if variable (interface that switch is connected to host)" + when: switch_if is not defined + +- set_fact: + + # configuration-test settings + config_table_type_l3: "{{ 'config_table_type_l3.json' }}" + config_mirror_session: "{{ 'config_mirror_session.json' }}" + config_table_type_mirror: "{{ 'config_table_type_mirror.json' }}" + config_l4_port_range_1_on_l3_table: "{{ 'config_l4_port_range_1_on_l3_table.json' }}" + config_l4_port_range_2_on_l3_table: "{{ 'config_l4_port_range_2_on_l3_table.json' }}" + config_l4_port_range_on_mirror_table: "{{ 'config_l4_port_range_on_mirror_table.json' }}" + config_l4_full_port_range: "{{ 'config_l4_full_port_range.json' }}" + config_l4_limited_port_range: "{{ 'config_l4_limited_port_range.json' }}" + config_delete_limited_port_range: "{{ 'config_delete_limited_port_range.json' }}" + config_delete_different_port_range: "{{ 'config_delete_different_port_range.json' }}" + config_l4_port_range_invalid_1: "{{ 'config_l4_port_range_invalid_1.json' }}" + config_l4_port_range_invalid_2: "{{ 'config_l4_port_range_invalid_2.json' }}" + config_l4_port_range_invalid_3: "{{ 'config_l4_port_range_invalid_3.json' }}" + config_l4_port_range_invalid_4: "{{ 'config_l4_port_range_invalid_4.json' }}" + config_l4_port_range_invalid_5: "{{ 'config_l4_port_range_invalid_5.json' }}" + config_l4_port_range_invalid_6: "{{ 'config_l4_port_range_invalid_6.json' }}" + config_l4_port_range_invalid_7: "{{ 'config_l4_port_range_invalid_7.json' }}" + config_l4_port_range_invalid_8: "{{ 'config_l4_port_range_invalid_8.json' }}" + + config_l4_port_range_expect: "{{ 'config_l4_port_range_expect_file' }}" + config_empty_expect: "{{ 'config_empty_expect_file' }}" + host_testdir: "{{ '/tmp/ptf_tests' }}" + + # traffic-test settings + table_name: "{{ 'acl_test_table' }}" + rule_limited_port_range_name: "{{ 'acl_rule_limited_port_range' }}" + packets_sent: "{{ '3' }}" + + # mirror-testing settings + switch_if_ip: "{{ '20.0.0.1' }}" + ptf_host_if_ip: "{{ '20.0.0.2' }}" + dst_mirror_subnet: "{{ '2.0.0.0/24' }}" + +- set_fact: + config_files: + - "{{ config_table_type_l3 }}" + - "{{ config_mirror_session }}" + - "{{ config_table_type_mirror }}" + - "{{ config_l4_port_range_1_on_l3_table }}" + - "{{ config_l4_port_range_2_on_l3_table }}" + - "{{ config_l4_port_range_on_mirror_table }}" + - "{{ config_l4_full_port_range }}" + - "{{ config_l4_limited_port_range }}" + - "{{ config_delete_limited_port_range }}" + - "{{ config_delete_different_port_range }}" + - "{{ config_l4_port_range_invalid_1 }}" + - "{{ config_l4_port_range_invalid_2 }}" + - "{{ config_l4_port_range_invalid_3 }}" + - "{{ config_l4_port_range_invalid_4 }}" + - "{{ config_l4_port_range_invalid_5 }}" + - "{{ config_l4_port_range_invalid_6 }}" + - "{{ config_l4_port_range_invalid_7 }}" + - "{{ config_l4_port_range_invalid_8 }}" + + testname: "{{ 'acl_port_range_test' }}" + +- name: Copy JSON configs onto switch. + copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" + with_items: + - "{{ config_files }}" + +- name: Copy JSON configs from switch into docker filesystem. + command: docker cp "{{ run_dir }}/{{ item }}" orchagent:{{ docker_testdir }}/{{ item }} + with_items: + - "{{ config_files }}" + +#----------------- START TESTING ---------------------------- +- block: + + #---------------------------------------------- + # CONFIG TESTING. + #---------------------------------------------- + #-------------------------------- + # Valid configuration testing + #-------------------------------- + + # L3 table testing. + - name: Create an L3 table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }} + + - set_fact: + config_file: "{{ config_l4_port_range_1_on_l3_table }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - valid port range on L3 table. + include: "{{ run_config_test }}" + + - block: + - name: See that Redis DB has got an appropriate field. + shell: docker exec -i database redis-cli -n 1 KEYS \* | grep SAI_OBJECT_TYPE_ACL_RANGE + register: grep + failed_when: grep.rc != 0 + + always: + - fail: msg="Redis DB has NOT got an appropriate field for rule (config file used - {{ config_l4_port_range_1_on_l3_table }})" + when: grep.rc != 0 + + - set_fact: + config_file: "{{ config_l4_port_range_2_on_l3_table }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - put L4_DST_RANGE and L4_SRC_RANGE into one rule. + include: "{{ run_config_test }}" + + - name: Run config cleanup after. + include: "{{ run_config_cleanup }}" + + # Mirror table and rule testing. + - name: Create a mirror session. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_mirror_session }} + + - name: Create a mirror table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_mirror }} + + - name: Add neighbor. + shell: ip neigh add {{ switch_if_ip }} lladdr 0e:9c:37:42:43:67 dev {{ switch_if }} + + - name: Add route. + shell: ip route add {{ dst_mirror_subnet }} via {{ switch_if_ip }} + + - set_fact: + config_file: "{{ config_l4_port_range_on_mirror_table }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - valid port range on mirror table. + include: "{{ run_config_test }}" + + - block: + - name: See that Redis DB has got an appropriate field. + shell: docker exec -i database redis-cli -n 1 KEYS \* | grep SAI_OBJECT_TYPE_ACL_RANGE + register: grep + failed_when: grep.rc != 0 + + always: + - fail: msg="Redis DB has NOT got an appropriate field for rule (config file used - {{ config_l4_port_range_on_mirror_table }})" + when: grep.rc != 0 + + - name: Run config cleanup after. + include: "{{ run_config_cleanup }}" + + #-------------------------------- + # Invalid configuration testing (valid L3 table + invalid rules). + #-------------------------------- + - name: Create an L3 table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }} + + - set_fact: + config_file: "{{ config_l4_port_range_invalid_1 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - negative numbers used in range. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_l4_port_range_invalid_2 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - boundaries reversed. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_l4_port_range_invalid_3 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - port out of range. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_l4_port_range_invalid_4 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - invalid syntax used in range. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_l4_port_range_invalid_5 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - two ranges in rule, both matching source port. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_l4_port_range_invalid_6 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - two ranges in rule, both matching destination port. + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_l4_port_range_invalid_7 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: true + run_cleanup: false + - name: Rule test - three valid ranges in one rule (error case). + include: "{{ run_config_test }}" + + - set_fact: + config_file: "{{ config_l4_port_range_invalid_8 }}" + test_expect_file: "{{ config_l4_port_range_expect }}" + errors_expected: false + run_cleanup: false + - name: Rule test - 17 valid rules (syncd might crash). + include: "{{ run_config_test }}" + + - block: + - name: See that Redis-DB has NOT got an appropriate field. + shell: docker exec -i database redis-cli -n 1 KEYS \* | grep SAI_OBJECT_TYPE_ACL_RANGE + register: grep + failed_when: grep.rc == 0 + + always: + - fail: msg="Redis-DB has got data about invalid rule" + when: grep.rc == 0 + +#-------------------------------- +# Test the configuration deleting. +#-------------------------------- + - name: Create an L3 table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }} + + - name: Create the rule with limited port range permitted (1028 - 4096). + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_l4_limited_port_range }} + + - set_fact: + config_file: "{{ config_delete_limited_port_range }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Delete rule test - rule with port range. + include: "{{ run_config_test }}" + + - block: + - name: See that Redis-DB has NOT got an appropriate field. + shell: docker exec -i database redis-cli -n 1 KEYS \* | grep SAI_OBJECT_TYPE_ACL_RANGE + register: grep + failed_when: grep.rc == 0 + + always: + - fail: msg="Redis-DB has got data about deleted rule (config file used - {{ config_delete_limited_port_range }})" + when: grep.rc == 0 + + # Try to delete the same rule, but use another port range in delete-json. + # This should not make any difference, so we dont expect any errors. + - name: Create the rule with limited port range permitted (1028 - 4096). + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_l4_limited_port_range }} + + - set_fact: + config_file: "{{ config_delete_different_port_range }}" + test_expect_file: "{{ config_empty_expect }}" + errors_expected: false + run_cleanup: false + - name: Delete rule test - rule with port range. + include: "{{ run_config_test }}" + + - block: + - name: See that Redis-DB has NOT got an appropriate field. + shell: docker exec -i database redis-cli -n 1 KEYS \* | grep SAI_OBJECT_TYPE_ACL_RANGE + register: grep + failed_when: grep.rc == 0 + + always: + - fail: msg="Redis-DB has got data about deleted rule (config file used - {{ config_delete_different_port_range }})" + when: grep.rc == 0 + + #---------------------------------------------- + # TRAFFIC TESTING. + #---------------------------------------------- + + - block: + - set_fact: + test_expect_file: "{{ config_empty_expect }}" + loganalyzer_run_init: true + loganalyzer_run_analyze: false + - name: Initialize loganalizer. Put start marker to log file. + include: "{{ run_loganalyzer }}" + + - name: Set host interface IP address. + shell: ifconfig {{ ptf_host_if }} {{ ptf_host_if_ip }}/24 + delegate_to: "{{ ptf_host }}" + + # todo: remove when config is done by IT dept. + - name: Run script that sets ports speed. + include: "{{ set_ports_speed }}" + + - name: Create target directory + file: path={{ host_testdir }} state=directory + delegate_to: "{{ ptf_host }}" + + - name: Copy PTF tests + copy: src="roles/test/files/acstests/{{ item }}" dest="{{ host_testdir }}/{{ item }}" + with_items: + - "acl_port_range_traffic_test.py" + - "acs_base_test.py" + delegate_to: "{{ ptf_host }}" + + - name: Create an L3 table. + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }} + + - name: Create the rule with limited port range permitted (1028 - 4096). + shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_l4_limited_port_range }} + + # Sending packets with L4 port permitted (counters value should be increased). + - name: Read initial counters value (before sending packets). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_limited_port_range_name }}" Packets + register: counters_value_initial + - debug: var="counters_value_initial.stdout|int" + + - name: Send TCP packets with permitted L4 port (2100). + shell: python2.7 /root/ptf/ptf --test-dir . acl_port_range_traffic_test.SendTCP --interface 0@{{ ptf_host_if }} \ + --test-params="count={{ packets_sent|int }}; port_number=2100" + args: + chdir: "{{ host_testdir }}" + register: ptfrc + failed_when: ptfrc.rc != 0 + delegate_to: "{{ ptf_host }}" + + - name: Wait for counters to update (it updates every 10 sec) ... + shell: sleep 10 + + - name: Read result counters value (after sending packets). + command: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_limited_port_range_name }}" Packets + register: counters_value_result + - debug: var="counters_value_result.stdout|int" + + - fail: msg="Counters value is not equal to number of packets transmitted" + when: (counters_value_result.stdout|int - counters_value_initial.stdout|int) != packets_sent|int + + # Sending packets with L4 port forbidden (counters value should NOT be increased). + - name: Read initial counters value (before sending packets). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_limited_port_range_name }}" Packets + register: counters_value_initial + - debug: var="counters_value_initial.stdout|int" + + - name: Send TCP packets with forbidden L4 port (80). + shell: python2.7 /root/ptf/ptf --test-dir . acl_port_range_traffic_test.SendTCP --interface 0@{{ ptf_host_if }} \ + --test-params="count={{ packets_sent|int }}; port_number=80" + args: + chdir: "{{ host_testdir }}" + register: ptfrc + failed_when: ptfrc.rc != 0 + delegate_to: "{{ ptf_host }}" + + - name: Wait for counters to update (it updates every 10 sec) ... + shell: sleep 10 + + - name: Read result counters value (after sending packets). + shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_limited_port_range_name }}" Packets + register: counters_value_result + - debug: var="counters_value_result.stdout|int" + + - fail: msg="Counters value was increased while it shouldn't have been" + when: (counters_value_result.stdout|int - counters_value_initial.stdout|int) != 0 + + always: + - set_fact: + test_expect_file: "{{ config_empty_expect }}" + loganalyzer_run_analyze: true + loganalyzer_run_init: false + - name: Run analyze-phase and check if no errors occured. + include: "{{ run_loganalyzer }}" + + always: + - name: Remove all the temporary files from switch. + file: path="{{ run_dir }}/{{ item }}" state=absent + with_items: + - "{{ config_files }}" + + - name: Remove all the temporary files from host. + file: path="{{ host_testdir }}/{{ item }}" state=absent + with_items: + - "acl_port_range_traffic_test.py" + - "acs_base_test.py" + delegate_to: "{{ ptf_host }}" + + - name: Run config cleanup after {{ testname}} + include: "{{ run_config_cleanup }}" diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_different_port_range.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_different_port_range.json new file mode 100644 index 00000000000..e8944f1c291 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_different_port_range.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_limited_range": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "9000-10100" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_limited_port_range.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_limited_port_range.json new file mode 100644 index 00000000000..0f7e28720f5 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_delete_limited_port_range.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_limited_range": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "DEL" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_empty_expect_file b/ansible/roles/test/tasks/acl/acl_port_range_test/config_empty_expect_file new file mode 100644 index 00000000000..e69de29bb2d diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_full_port_range.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_full_port_range.json new file mode 100644 index 00000000000..6024c4f1935 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_full_port_range.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_full_range": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "0-65535" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_limited_port_range.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_limited_port_range.json new file mode 100644 index 00000000000..09ddd679dcd --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_limited_port_range.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_limited_port_range": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_1_on_l3_table.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_1_on_l3_table.json new file mode 100644 index 00000000000..7b6e2cad631 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_1_on_l3_table.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_full_range": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "0-1028" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_2_on_l3_table.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_2_on_l3_table.json new file mode 100644 index 00000000000..d10f18ae299 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_2_on_l3_table.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_full_range": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "0-1028", + "L4_DST_PORT_RANGE" : "0-1028" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_expect_file b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_expect_file new file mode 100644 index 00000000000..e15f456013e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_expect_file @@ -0,0 +1 @@ +r, ".*Failed to create.*rule.*" diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_1.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_1.json new file mode 100644 index 00000000000..0a89efebb8a --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_1.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "-1-0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_2.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_2.json new file mode 100644 index 00000000000..b8949a42479 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_2.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "5770-1010" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_3.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_3.json new file mode 100644 index 00000000000..5c925d0493b --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_3.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_3": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1-65536" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_4.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_4.json new file mode 100644 index 00000000000..2fd23050fed --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_4.json @@ -0,0 +1,10 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_4": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "IAMJONNY-100" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_5.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_5.json new file mode 100644 index 00000000000..7816c355717 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_5.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_5": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1-100", + "L4_SRC_PORT_RANGE" : "256-1028" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_6.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_6.json new file mode 100644 index 00000000000..bfec0ef48ed --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_6.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_6": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_DST_PORT_RANGE" : "1-100", + "L4_DST_PORT_RANGE" : "256-1028" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_7.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_7.json new file mode 100644 index 00000000000..1cea05d13f9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_7.json @@ -0,0 +1,12 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_test_rule_invalid_7": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_DST_PORT_RANGE" : "1-100", + "L4_SRC_PORT_RANGE" : "256-1024", + "L4_DST_PORT_RANGE" : "2048-2512" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_8.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_8.json new file mode 100644 index 00000000000..757c0a44abf --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_invalid_8.json @@ -0,0 +1,138 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_1": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_2": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_3": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_4": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_5": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_6": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_7": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_8": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_9": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_10": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_11": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_12": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_13": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_14": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_15": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1020-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_16": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + }, + { + "ACL_RULE_TABLE:acl_test_table:acl_rule_valid_17": { + "priority" : "55", + "PACKET_ACTION" : "FORWARD", + "L4_SRC_PORT_RANGE" : "1028-4096" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_on_mirror_table.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_on_mirror_table.json new file mode 100644 index 00000000000..41aed469ac4 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_l4_port_range_on_mirror_table.json @@ -0,0 +1,12 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table_mirror:acl_test_rule": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "20.0.0.1/24", + "MIRROR_ACTION" : "test_session", + "L4_SRC_PORT_RANGE" : "0-1028" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_mirror_session.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_mirror_session.json new file mode 100644 index 00000000000..403af08b05e --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_mirror_session.json @@ -0,0 +1,14 @@ +[ + { + "MIRROR_SESSION_TABLE:test_session": { + "src_ip": "20.0.0.2", + "dst_ip": "2.2.2.4", + "gre_type": "0x6558", + "dscp": "50", + "ttl": "10", + "queue": "5" + }, + "OP": "SET" + } +] + diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_rule_mirror.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_rule_mirror.json new file mode 100644 index 00000000000..3941897a0d9 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_rule_mirror.json @@ -0,0 +1,11 @@ +[ + { + "ACL_RULE_TABLE:acl_test_table_mirror:acl_config_rule_mirror": { + "priority" : "55", + "SRC_IP" : "20.0.0.2/24", + "DST_IP" : "20.0.0.1/24", + "MIRROR_ACTION" : "session1" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_l3.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_l3.json new file mode 100644 index 00000000000..50c5bf97fc4 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_l3.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "L3", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_mirror.json b/ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_mirror.json new file mode 100644 index 00000000000..34913d823d0 --- /dev/null +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/config_table_type_mirror.json @@ -0,0 +1,10 @@ +[ + { + "ACL_TABLE:acl_test_table_mirror": { + "policy_desc" : "Permit_some_traffic_from_20.0.0.2", + "type" : "MIRROR", + "ports" : "Ethernet0" + }, + "OP": "SET" + } +] diff --git a/ansible/roles/test/tasks/acl/run_analyze_and_check.yml b/ansible/roles/test/tasks/acl/run_analyze_and_check.yml new file mode 100644 index 00000000000..422e9358054 --- /dev/null +++ b/ansible/roles/test/tasks/acl/run_analyze_and_check.yml @@ -0,0 +1,17 @@ +- name: Use loganalyzer to check for the error messages {{ testname }}. + include: "{{ loganalyzer_analyze }}" + +- name: Get the total number of error messages. + shell: grep "TOTAL MATCHES" "{{ test_out_dir }}/{{ summary_file }}" | sed -n "s/TOTAL MATCHES:[[:space:]]*//p" + register: errors_found + +- name: Check the number of error messages. + fail: msg="{{ errors_found.stdout }} errors found while running {{ testname }}. Please see {{ test_out_dir }}/{{ result_file }}" + when: errors_found.stdout != "0" + +- name: Copy test data to host. + fetch: src={{ test_out_dir }}/{{ item }} dest=failed-test-data/{{ testname_unique }}/{{ item }} + with_items: + - "{{ summary_file }}" + - "{{ result_file }}" + when: errors_found.stdout != "0" diff --git a/ansible/roles/test/tasks/acl/run_loganalyzer.yml b/ansible/roles/test/tasks/acl/run_loganalyzer.yml new file mode 100644 index 00000000000..54ceb7daeb7 --- /dev/null +++ b/ansible/roles/test/tasks/acl/run_loganalyzer.yml @@ -0,0 +1,23 @@ +- set_fact: + testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" + +- set_fact: + test_out_dir: "{{ out_dir }}/{{ testname_unique }}" + loganalyzer_init: "{{ 'roles/test/files/tools/loganalyzer/loganalyzer_init.yml' }}" + loganalyzer_analyze: "{{ 'roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml' }}" + + match_file: "{{ 'loganalyzer_common_match.txt' }}" + ignore_file: "{{ 'loganalyzer_common_ignore.txt' }}" + + summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" + result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}" + + run_analyze_and_check: "{{ tests_location }}/run_analyze_and_check.yml" + +- name: Initialize loganalizer. Put start marker to log file. + include: "{{ loganalyzer_init }}" + when: loganalyzer_run_init == true + +- name: Run analyze-phase and check the loganalyzer output for the errors. + include: "{{ run_analyze_and_check }}" + when: loganalyzer_run_analyze == true From a44751a80a9b7fb077cc25c9931bcd0058670d3f Mon Sep 17 00:00:00 2001 From: Anton Patenko Date: Sat, 14 Jan 2017 13:15:06 +0200 Subject: [PATCH 7/9] Loganalyzer: fixes to the scripts and common_match: 1) fixed common_match.txt (removed empty line in the end, which caused loganalyzer error) 2) changed init- and analyze-scripts according to expect-errors-functionality --- .../roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml | 2 +- .../test/files/tools/loganalyzer/loganalyzer_common_match.txt | 2 +- ansible/roles/test/files/tools/loganalyzer/loganalyzer_init.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml b/ansible/roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml index fe9610063ff..8cda128620d 100644 --- a/ansible/roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml +++ b/ansible/roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml @@ -13,4 +13,4 @@ shell: "{{ cmd }}" args: chdir: "{{ run_dir }}" -- debug: msg="Finished calling loganalyzer analyze phase" \ No newline at end of file +- debug: msg="Finished calling loganalyzer analyze phase" diff --git a/ansible/roles/test/files/tools/loganalyzer/loganalyzer_common_match.txt b/ansible/roles/test/files/tools/loganalyzer/loganalyzer_common_match.txt index 98e21febf80..d17c702965f 100644 --- a/ansible/roles/test/files/tools/loganalyzer/loganalyzer_common_match.txt +++ b/ansible/roles/test/files/tools/loganalyzer/loganalyzer_common_match.txt @@ -3,4 +3,4 @@ r, "kernel:.*Oops", "kernel:.*hung", "kernel.*oom\s" r, "kernel:.*scheduling", "kernel:.*atomic", "kernel:.*panic" r, "kernel:.*\serr", "kernel:.*allocation", "kernel:.*kill", r, "kernel:.*kmemleak.*","kernel:.* Err:" -s, "ERR" \ No newline at end of file +s, "ERR" diff --git a/ansible/roles/test/files/tools/loganalyzer/loganalyzer_init.yml b/ansible/roles/test/files/tools/loganalyzer/loganalyzer_init.yml index dff2fdfa833..586c2807b88 100644 --- a/ansible/roles/test/files/tools/loganalyzer/loganalyzer_init.yml +++ b/ansible/roles/test/files/tools/loganalyzer/loganalyzer_init.yml @@ -33,4 +33,4 @@ - name: Initialize loganalyzer become: True shell: "python {{ run_dir }}/loganalyzer.py --action init --run_id {{ testname_unique }}" -- debug: msg="Finished calling loganalyzer init phase" \ No newline at end of file +- debug: msg="Finished calling loganalyzer init phase" From 04fe629bff18947f90676ece11ccefcbe489fbbd Mon Sep 17 00:00:00 2001 From: Anton Patenko Date: Mon, 16 Jan 2017 15:04:46 +0200 Subject: [PATCH 8/9] ACL testing: removed ports speed setting. --- .../acl_counter_traffic_test/acl_counter_traffic_test.yml | 4 ---- .../tasks/acl/acl_port_range_test/acl_port_range_test.yml | 4 ---- .../roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml | 3 --- .../roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml | 3 --- ansible/roles/test/tasks/acl/set_ports_speed.yml | 5 ----- 5 files changed, 19 deletions(-) delete mode 100644 ansible/roles/test/tasks/acl/set_ports_speed.yml diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml index 1a3a7030459..cc75856a798 100644 --- a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml @@ -61,10 +61,6 @@ shell: ifconfig {{ ptf_host_if }} 20.0.0.2 delegate_to: "{{ ptf_host }}" - # todo: remove when config is done by IT dept. - - name: Run script that sets ports speed. - include: "{{ set_ports_speed }}" - - name: Create an ACL L3 table. shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }} diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml b/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml index c16d45361f9..c87a5e66325 100644 --- a/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml @@ -310,10 +310,6 @@ shell: ifconfig {{ ptf_host_if }} {{ ptf_host_if_ip }}/24 delegate_to: "{{ ptf_host }}" - # todo: remove when config is done by IT dept. - - name: Run script that sets ports speed. - include: "{{ set_ports_speed }}" - - name: Create target directory file: path={{ host_testdir }} state=directory delegate_to: "{{ ptf_host }}" diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml index 6ff3327ae41..d976ad62ba3 100644 --- a/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml @@ -7,9 +7,6 @@ summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}" - - name: Configure link - command: docker exec -i syncd sx_api_port_speed_set_100G.py - - name: Wait for link command: sleep 40 diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml index 230b72eaf72..5819e13ee7d 100644 --- a/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml @@ -7,9 +7,6 @@ summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}" - - name: Configure link - command: docker exec -i syncd sx_api_port_speed_set_100G.py - - name: Wait for link command: sleep 40 diff --git a/ansible/roles/test/tasks/acl/set_ports_speed.yml b/ansible/roles/test/tasks/acl/set_ports_speed.yml deleted file mode 100644 index c68ee8ab5d2..00000000000 --- a/ansible/roles/test/tasks/acl/set_ports_speed.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: Set proper port speed (to activate mirror session). - command: docker exec -i syncd sx_api_port_speed_set_100G.py - -- name: Wait for speed to be set. - command: sleep 40 From 54f2c4ce7310d46c02894ad36046850a55137933 Mon Sep 17 00:00:00 2001 From: Anton Patenko Date: Sun, 22 Jan 2017 11:42:43 +0200 Subject: [PATCH 9/9] ACL tests fixes: 1) Removed "set_fact" blocks and moved vars into separated files per each test. 2) Replaced "command: sleep" with "pause". 3) Removed brackets around constants declarations. --- ansible/roles/test/tasks/acl.yml | 13 +- .../acl_counter_traffic_test/acl_check_db.yml | 3 +- .../acl_counter_traffic_test.yml | 62 +-- .../acl/acl_input_test/acl_input_test.yml | 16 +- .../acl_orchagent_logic_test.yml | 441 ++++++------------ .../acl_port_bind_test/acl_port_bind_test.yml | 34 +- .../acl_port_range_test.yml | 125 ++--- .../acl/acl_traffic_test/acl_traffic_test.yml | 80 +--- .../acl/acl_traffic_test/run_ping_test.yml | 27 +- .../acl/acl_traffic_test/run_ptf_test.yml | 27 +- .../test/tasks/acl/run_config_cleanup.yml | 3 +- .../roles/test/tasks/acl/run_config_test.yml | 23 +- .../roles/test/tasks/acl/run_loganalyzer.yml | 19 +- .../acl/acl_counter_traffic_test_vars.yml | 34 ++ ansible/vars/acl/acl_input_test_vars.yml | 6 + .../acl/acl_orchagent_logic_test_vars.yml | 166 +++++++ ansible/vars/acl/acl_port_bind_test_vars.yml | 17 + ansible/vars/acl/acl_port_range_test_vars.yml | 57 +++ ansible/vars/acl/acl_traffic_test_vars.yml | 42 ++ ansible/vars/acl/acl_vars.yml | 10 + ansible/vars/acl/run_config_test_vars.yml | 13 + ansible/vars/acl/run_loganalyzer_vars.yml | 15 + ansible/vars/acl/run_ping_test_vars.yml | 7 + ansible/vars/acl/run_ptf_test_vars.yml | 7 + 24 files changed, 624 insertions(+), 623 deletions(-) create mode 100644 ansible/vars/acl/acl_counter_traffic_test_vars.yml create mode 100644 ansible/vars/acl/acl_input_test_vars.yml create mode 100644 ansible/vars/acl/acl_orchagent_logic_test_vars.yml create mode 100644 ansible/vars/acl/acl_port_bind_test_vars.yml create mode 100644 ansible/vars/acl/acl_port_range_test_vars.yml create mode 100644 ansible/vars/acl/acl_traffic_test_vars.yml create mode 100644 ansible/vars/acl/acl_vars.yml create mode 100644 ansible/vars/acl/run_config_test_vars.yml create mode 100644 ansible/vars/acl/run_loganalyzer_vars.yml create mode 100644 ansible/vars/acl/run_ping_test_vars.yml create mode 100644 ansible/vars/acl/run_ptf_test_vars.yml diff --git a/ansible/roles/test/tasks/acl.yml b/ansible/roles/test/tasks/acl.yml index 16aeca7c8e0..bc038fe879c 100644 --- a/ansible/roles/test/tasks/acl.yml +++ b/ansible/roles/test/tasks/acl.yml @@ -4,17 +4,9 @@ #----------------------------------------- - set_fact: - run_dir: "{{ '/home/admin/acl_tests' }}" - out_dir: "{{ '/home/admin/acl_tests/results' }}" - docker_testdir: "{{ '/tmp' }}" - logfile: "{{ '' }}" - tests_location: "{{ 'roles/test/tasks/acl' }}" + vars_files_location: vars/acl -- set_fact: - run_config_test: "{{ tests_location }}/run_config_test.yml" - run_config_cleanup: "{{ tests_location }}/run_config_cleanup.yml" - run_loganalyzer: "{{ tests_location }}/run_loganalyzer.yml" - set_ports_speed: "{{ tests_location }}/set_ports_speed.yml" +- include_vars: "{{ vars_files_location }}/acl_vars.yml" - name: Create run_dir file: path="{{ run_dir }}" state=directory @@ -47,4 +39,3 @@ file: path="{{ item }}" state=absent with_items: - "{{ run_dir }}/loganalyzer.py" - diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_check_db.yml b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_check_db.yml index d16f7a5721d..088ac6de771 100644 --- a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_check_db.yml +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_check_db.yml @@ -6,7 +6,8 @@ failed_when: (expect_data == true and grep_redis.rc != 0) or (expect_data == false and grep_redis.rc == 0) - name: Wait for data to be written into Counters DB ... - shell: sleep 10 + pause: + seconds: 10 - name: Read counters value. shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name_check }}:{{ rule_name_check }}" Packets diff --git a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml index cc75856a798..34957a67d57 100644 --- a/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml +++ b/ansible/roles/test/tasks/acl/acl_counter_traffic_test/acl_counter_traffic_test.yml @@ -9,38 +9,7 @@ - fail: msg="Please set ptf_host_if variable (interface that host is connected to switch)" when: ptf_host_if is not defined -- set_fact: - acl_check_db: "{{ '{{ tests_location }}/acl_counter_traffic_test/acl_check_db.yml' }}" - - config_table_type_l3: "{{ 'config_table_type_l3.json' }}" - config_rule: "{{ 'config_rule.json' }}" - config_rule_delete: "{{ 'config_rule_delete.json' }}" - - config_mirror_session: "{{ 'config_mirror_session.json' }}" - config_table_type_mirror: "{{ 'config_table_type_mirror.json' }}" - config_rule_mirror: "{{ 'config_rule_mirror.json' }}" - config_rule_mirror_delete: "{{ 'config_rule_mirror_delete.json' }}" - - table_name: "{{ 'acl_test_table' }}" - rule_name: "{{ 'acl_config_rule' }}" - mirror_table_name: "{{ 'acl_test_table_mirror' }}" - mirror_rule_name: "{{ 'acl_config_rule_mirror' }}" - - switch_if1_ip: "{{ '20.0.0.1' }}" - switch_if2_ip: "{{ '21.0.0.1' }}" - dst_mirror_subnet: "{{ '2.0.0.0/24' }}" - packets_sent: "{{ '3' }}" - testname: "{{ 'acl_counter_traffic_test' }}" - -- set_fact: - config_files: - - "{{ config_table_type_l3 }}" - - "{{ config_rule }}" - - "{{ config_rule_delete }}" - - "{{ config_mirror_session }}" - - "{{ config_table_type_mirror }}" - - "{{ config_rule_mirror }}" - - "{{ config_rule_mirror_delete }}" +- include_vars: "{{ vars_files_location }}/acl_counter_traffic_test_vars.yml" - name: Copy JSON configs onto switch. copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" @@ -67,12 +36,12 @@ - name: Create a rule within L3 table. shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_rule }} - - set_fact: + - name: Check if {{ rule_name}} data is written into DBs. + vars: table_name_check: "{{ table_name }}" rule_name_check: "{{ rule_name }}" expect_data: true - expected_counter_value: "{{ '0' }}" - - name: Check if {{ rule_name}} data is written into DBs. + expected_counter_value: 0 include: "{{ acl_check_db }}" - name: Read initial counters value (before ping). @@ -87,7 +56,8 @@ failed_when: ping_result.rc != 0 - name: Wait for counters to update (it updates every 10 sec) ... - shell: sleep 10 + pause: + seconds: 10 - name: Read result counters value (after ping). shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_name }}" Packets @@ -105,7 +75,8 @@ failed_when: ping_result.rc == 0 - name: Wait for counters to update (it updates every 10 sec) ... - shell: sleep 10 + pause: + seconds: 10 - name: Read counters value. shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_name }}" Packets @@ -118,11 +89,11 @@ - name: Delete L3-rule. shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_rule_delete }} - - set_fact: + - name: Check if {{ rule_name}} data is removed from DBs. + vars: table_name_check: "{{ table_name }}" rule_name_check: "{{ rule_name }}" expect_data: false - - name: Check if {{ rule_name}} data is removed from DBs. include: "{{ acl_check_db }}" #-------------------- @@ -144,12 +115,12 @@ - name: Create a rule within mirror table. shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_rule_mirror }} - - set_fact: + - name: Check that {{ mirror_rule_name }} data is written into DBs. + vars: table_name_check: "{{ mirror_table_name }}" rule_name_check: "{{ mirror_rule_name }}" expect_data: true - expected_counter_value: "{{ '0' }}" - - name: Check that {{ mirror_rule_name }} data is written into DBs. + expected_counter_value: 0 include: "{{ acl_check_db }}" - name: Read initial counters value (before ping). @@ -163,7 +134,8 @@ failed_when: ping_result.rc != 0 - name: Wait for counters to update (it updates every 10 sec) ... - shell: sleep 10 + pause: + seconds: 10 - name: Read result counters value (after ping). shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ mirror_table_name }}:{{ mirror_rule_name }}" Packets @@ -175,11 +147,11 @@ - name: Delete mirror-rule. shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_rule_mirror_delete }} - - set_fact: + - name: Check that {{ mirror_rule_name }} data is removed from DBs. + vars: table_name_check: "{{ mirror_table_name }}" rule_name_check: "{{ mirror_rule_name }}" expect_data: false - - name: Check that {{ mirror_rule_name }} data is removed from DBs. include: "{{ acl_check_db }}" diff --git a/ansible/roles/test/tasks/acl/acl_input_test/acl_input_test.yml b/ansible/roles/test/tasks/acl/acl_input_test/acl_input_test.yml index 0b0abac1fab..431daa22bf1 100644 --- a/ansible/roles/test/tasks/acl/acl_input_test/acl_input_test.yml +++ b/ansible/roles/test/tasks/acl/acl_input_test/acl_input_test.yml @@ -1,10 +1,7 @@ # Tests json-file correctness. # Syntax correctness analysis is performed by Orchagent. -- set_fact: - acl_config_valid: "{{ 'acl_config_valid.json' }}" - acl_config_invalid: "{{ 'acl_config_invalid.json' }}" - testname: "{{ 'acl_input_test' }}" +- include_vars: "{{ vars_files_location }}/acl_input_test_vars.yml" - name: Copy JSON configs onto switch copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" @@ -38,15 +35,8 @@ - fail: msg="swssconfig - no error caught when uploading {{ acl_config_invalid }}" when: invalid_config_upload.rc == 0 - - name: Do configuration cleanup after input_test. - command: systemctl restart orchagent - register: clean_up - - - fail: msg="swssconfig - failed to cleanup the ACL configuration" - when: clean_up.rc != 0 - - - name: Wait for orchagent initialization - command: sleep 35 + - name: Do configuration cleanup. + include: "{{ run_config_cleanup }}" - name: Remove all the files created by test. file: path="{{ run_dir }}/{{ item }}" state=absent diff --git a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/acl_orchagent_logic_test.yml b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/acl_orchagent_logic_test.yml index a4eb9f75cf5..a97852c467d 100644 --- a/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/acl_orchagent_logic_test.yml +++ b/ansible/roles/test/tasks/acl/acl_orchagent_logic_test/acl_orchagent_logic_test.yml @@ -2,182 +2,7 @@ # SYNTAX- AND DELETE-TESTING FOR ORCHAGENT. #---------------------------------------------- -- set_fact: - - # Test table type. - # Mirror - NOT IMPLEMENTED YET. - # L3 - already tested, so here we check some bad cases. - config_table_type_l3: "{{ 'config_table_type_l3.json' }}" - config_table_type_invalid_1: "{{ 'config_table_type_invalid_1.json' }}" - config_table_type_invalid_2: "{{ 'config_table_type_invalid_2.json' }}" - config_table_type_expect: "{{ 'config_table_type_expect_file' }}" - - config_rule: "{{ 'config_rule.json' }}" - - # SYNTAX-TEST SPECIFIC CONFIG-FILES. - # Test physical port. - config_port_invalid_1: "{{ 'config_port_invalid_1.json' }}" - config_port_invalid_2: "{{ 'config_port_invalid_2.json' }}" - config_port_expect: "{{ 'config_port_expect_file' }}" - - # Test operation applied for table (SET ,DEL) - config_operation_invalid_1: "{{ 'config_operation_invalid_1.json' }}" - config_operation_invalid_2: "{{ 'config_operation_invalid_2.json' }}" - - # Test invalid extra field. - config_extra_field_invalid: "{{ 'config_extra_field_invalid.json' }}" - config_extra_field_expect: "{{ 'config_extra_field_expect_file' }}" - - #------------------------------------------ - # Test RULES parameters. - #------------------------------------------ - - config_priority_invalid_1: "{{ 'config_priority_invalid_1.json' }}" - config_priority_invalid_2: "{{ 'config_priority_invalid_2.json' }}" - config_priority_valid_max: "{{ 'config_priority_valid_max.json' }}" - config_priority_expect: "{{ 'config_priority_expect_file' }}" - - config_ether_type_invalid_1: "{{ 'config_ether_type_invalid_1.json' }}" - config_ether_type_invalid_2: "{{ 'config_ether_type_invalid_2.json' }}" - config_ether_type_valid_1: "{{ 'config_ether_type_valid_1.json' }}" - config_ether_type_valid_2: "{{ 'config_ether_type_valid_2.json' }}" - config_ether_type_expect: "{{ 'config_ether_type_expect_file' }}" - - config_ip_type_invalid_1: "{{ 'config_ip_type_invalid_1.json' }}" - config_ip_type_invalid_2: "{{ 'config_ip_type_invalid_2.json' }}" - config_ip_type_valid_1: "{{ 'config_ip_type_valid_1.json' }}" - config_ip_type_valid_2: "{{ 'config_ip_type_valid_2.json' }}" - config_ip_type_expect: "{{ 'config_ip_type_expect_file' }}" - - config_ip_proto_invalid_1: "{{ 'config_ip_proto_invalid_1.json' }}" - config_ip_proto_invalid_2: "{{ 'config_ip_proto_invalid_2.json' }}" - config_ip_proto_valid_1: "{{ 'config_ip_proto_valid_1.json' }}" - config_ip_proto_valid_2: "{{ 'config_ip_proto_valid_2.json' }}" - config_ip_proto_expect: "{{ 'config_ip_proto_expect_file' }}" - - config_ip_addr_invalid_1: "{{ 'config_ip_addr_invalid_1.json' }}" - config_ip_addr_invalid_2: "{{ 'config_ip_addr_invalid_2.json' }}" - config_ip_addr_invalid_3: "{{ 'config_ip_addr_invalid_3.json' }}" - config_ip_addr_invalid_4: "{{ 'config_ip_addr_invalid_4.json' }}" - config_ip_addr_invalid_5: "{{ 'config_ip_addr_invalid_5.json' }}" - config_ip_addr_invalid_6: "{{ 'config_ip_addr_invalid_6.json' }}" - config_ip_addr_invalid_7: "{{ 'config_ip_addr_invalid_7.json' }}" - config_ip_addr_valid_1: "{{ 'config_ip_addr_valid_1.json' }}" - config_ip_addr_valid_2: "{{ 'config_ip_addr_valid_2.json' }}" - config_ip_addr_expect: "{{ 'config_ip_addr_expect_file' }}" - - config_tcp_flags_valid_1: "{{ 'config_tcp_flags_valid_1.json' }}" - config_tcp_flags_valid_2: "{{ 'config_tcp_flags_valid_2.json' }}" - config_tcp_flags_invalid_1: "{{ 'config_tcp_flags_invalid_1.json' }}" - config_tcp_flags_invalid_2: "{{ 'config_tcp_flags_invalid_2.json' }}" - config_tcp_flags_expect: "{{ 'config_tcp_flags_expect_file' }}" - - config_l4_port_valid: "{{ 'config_l4_port_valid.json' }}" - config_l4_port_invalid_1: "{{ 'config_l4_port_invalid_1.json' }}" - config_l4_port_invalid_2: "{{ 'config_l4_port_invalid_2.json' }}" - config_l4_port_invalid_3: "{{ 'config_l4_port_invalid_3.json' }}" - config_l4_port_expect: "{{ 'config_l4_port_expect_file' }}" - - config_packet_action_valid: "{{ 'config_packet_action_valid.json' }}" - config_packet_action_invalid_1: "{{ 'config_packet_action_invalid_1.json' }}" - config_packet_action_invalid_2: "{{ 'config_packet_action_invalid_2.json' }}" - config_packet_action_expect: "{{ 'config_packet_action_expect_file' }}" - - config_dscp_in_l3_table: "{{ 'config_dscp_in_l3_table.json' }}" - config_dscp_in_l3_table_expect: "{{ 'config_dscp_in_l3_table_expect_file' }}" - - config_rule_empty_invalid: "{{ 'config_rule_empty.json' }}" - config_rule_empty_expect: "{{ 'config_rule_empty_expect_file' }}" - - config_rule_in_non_existing_table: "{{ 'config_rule_in_non_existing_table.json' }}" - config_rule_in_non_existing_table_expect: "{{ 'config_rule_in_non_existing_table_expect_file' }}" - - # DELETE-TEST SPECIFIC CONFIG-FILES. - config_del_rule_valid: "{{ 'config_del_rule_valid.json' }}" - config_del_rule_non_existing: "{{ 'config_del_rule_non_existing.json' }}" - config_del_rule_expect: "{{ 'config_del_rule_expect_file' }}" - - config_del_table_valid: "{{ 'config_del_table_valid.json' }}" - config_del_table_non_existing: "{{ 'config_del_table_non_existing.json' }}" - config_del_table_with_rules: "{{ 'config_del_table_with_rules.json' }}" - config_del_table_diff_fields: "{{ 'config_del_table_diff_fields.json' }}" - config_del_table_expect: "{{ 'config_del_table_expect_file' }}" - - config_empty_expect: "{{ 'config_empty_expect_file' }}" - config_duplicate_rule_expect: "{{ 'config_duplicate_rule_expect_file' }}" - -- set_fact: - config_files: - - "{{ config_table_type_l3 }}" - - "{{ config_rule }}" - - - "{{ config_table_type_invalid_1 }}" - - "{{ config_table_type_invalid_2 }}" - - - "{{ config_port_invalid_1 }}" - - "{{ config_port_invalid_2 }}" - - - "{{ config_operation_invalid_1 }}" - - "{{ config_operation_invalid_2 }}" - - - "{{ config_extra_field_invalid }}" - - - "{{ config_priority_invalid_1 }}" - - "{{ config_priority_invalid_2 }}" - - "{{ config_priority_valid_max }}" - - - "{{ config_ether_type_invalid_1 }}" - - "{{ config_ether_type_invalid_2 }}" - - "{{ config_ether_type_valid_1 }}" - - "{{ config_ether_type_valid_2 }}" - - - "{{ config_ip_type_invalid_1 }}" - - "{{ config_ip_type_invalid_2 }}" - - "{{ config_ip_type_valid_1 }}" - - "{{ config_ip_type_valid_2 }}" - - - "{{ config_ip_proto_invalid_1 }}" - - "{{ config_ip_proto_invalid_2 }}" - - "{{ config_ip_proto_valid_1 }}" - - "{{ config_ip_proto_valid_2 }}" - - - "{{ config_ip_addr_invalid_1 }}" - - "{{ config_ip_addr_invalid_2 }}" - - "{{ config_ip_addr_invalid_3 }}" - - "{{ config_ip_addr_invalid_4 }}" - - "{{ config_ip_addr_invalid_5 }}" - - "{{ config_ip_addr_invalid_6 }}" - - "{{ config_ip_addr_invalid_7 }}" - - "{{ config_ip_addr_valid_1 }}" - - "{{ config_ip_addr_valid_2 }}" - - - "{{ config_tcp_flags_valid_1 }}" - - "{{ config_tcp_flags_valid_2 }}" - - "{{ config_tcp_flags_invalid_1 }}" - - "{{ config_tcp_flags_invalid_2 }}" - - - "{{ config_l4_port_valid }}" - - "{{ config_l4_port_invalid_1 }}" - - "{{ config_l4_port_invalid_2 }}" - - "{{ config_l4_port_invalid_3 }}" - - - "{{ config_packet_action_valid }}" - - "{{ config_packet_action_invalid_1 }}" - - "{{ config_packet_action_invalid_2 }}" - - - "{{ config_dscp_in_l3_table }}" - - "{{ config_rule_empty_invalid }}" - - "{{ config_rule_in_non_existing_table }}" - - - "{{ config_del_rule_valid }}" - - "{{ config_del_rule_non_existing }}" - - - "{{ config_del_table_valid }}" - - "{{ config_del_table_non_existing }}" - - "{{ config_del_table_with_rules }}" - - "{{ config_del_table_diff_fields }}" - - testname: "{{ 'acl_orchagent_logic_test' }}" +- include_vars: "{{ vars_files_location }}/acl_orchagent_logic_test_vars.yml" - name: Copy JSON configs onto switch. copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" @@ -200,44 +25,44 @@ #----------------------------------------- - block: - - set_fact: + - name: Table test - invalid table type. + vars: config_file: "{{ config_table_type_invalid_1 }}" test_expect_file: "{{ config_table_type_expect }}" errors_expected: true run_cleanup: false - - name: Table test - invalid table type. include: "{{ run_config_test }}" - - set_fact: + - name: Table test - invalid table type. + vars: config_file: "{{ config_table_type_invalid_2 }}" test_expect_file: "{{ config_table_type_expect }}" errors_expected: true run_cleanup: false - - name: Table test - invalid table type. include: "{{ run_config_test }}" - - set_fact: + - name: Table test - invalid physical port. + vars: config_file: "{{ config_port_invalid_1 }}" test_expect_file: "{{ config_port_expect }}" errors_expected: true run_cleanup: false - - name: Table test - invalid physical port. include: "{{ run_config_test }}" - - set_fact: + - name: Table test - invalid physical port. + vars: config_file: "{{ config_port_invalid_2 }}" test_expect_file: "{{ config_port_expect }}" errors_expected: true run_cleanup: false - - name: Table test - invalid physical port. include: "{{ run_config_test }}" - - set_fact: + - name: Table test - invalid extra field. + vars: config_file: "{{ config_extra_field_invalid }}" test_expect_file: "{{ config_extra_field_expect }}" errors_expected: true run_cleanup: false - - name: Table test - invalid extra field. include: "{{ run_config_test }}" # Check return code from swssconfig @@ -256,445 +81,445 @@ #----------------------------------------- # test duplicate table creation #----------------------------------------- - - set_fact: + - name: Create L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Create L3 table. include: "{{ run_config_test }}" - - set_fact: + - name: Create duplicate L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_table_type_expect }}" errors_expected: true run_cleanup: true - - name: Create duplicate L3 table. include: "{{ run_config_test }}" #------------------------------------------ # RULES TESTING #------------------------------------------ - - set_fact: + - name: Create L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Create L3 table. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid priority value. + vars: config_file: "{{ config_priority_invalid_1 }}" test_expect_file: "{{ config_priority_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid priority value. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid priority value. + vars: config_file: "{{ config_priority_invalid_2 }}" test_expect_file: "{{ config_priority_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid priority value. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - max priority value. + vars: config_file: "{{ config_priority_valid_max }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: true - - name: Rule test - max priority value. include: "{{ run_config_test }}" #---------------------------------------------- # ETHER_TYPE #---------------------------------------------- - - set_fact: + - name: Create L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Create L3 table. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - valid ether type. + vars: config_file: "{{ config_ether_type_valid_1 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - valid ether type. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - valid ether type. + vars: config_file: "{{ config_ether_type_valid_2 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - valid ether type. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid ether type. + vars: config_file: "{{ config_ether_type_invalid_1 }}" test_expect_file: "{{ config_ether_type_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid ether type. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid ether type. + vars: config_file: "{{ config_ether_type_invalid_2 }}" test_expect_file: "{{ config_ether_type_expect }}" errors_expected: true run_cleanup: true - - name: Rule test - invalid ether type. include: "{{ run_config_test }}" #---------------------------------------------- # IP TYPE #---------------------------------------------- - - set_fact: + - name: Create L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Create L3 table. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid ip type. + vars: config_file: "{{ config_ip_type_invalid_1 }}" test_expect_file: "{{ config_ip_type_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid ip type. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid ip type. + vars: config_file: "{{ config_ip_type_invalid_2 }}" test_expect_file: "{{ config_ip_type_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid ip type. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid ip type. + vars: config_file: "{{ config_ip_type_valid_1 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - invalid ip type. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - valid ip type. + vars: config_file: "{{ config_ip_type_valid_2 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: true - - name: Rule test - valid ip type. include: "{{ run_config_test }}" #---------------------------------------------- # IP PROTO #---------------------------------------------- - - set_fact: + - name: Create L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Create L3 table. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - valid IP protocol. + vars: config_file: "{{ config_ip_proto_valid_1 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - valid IP protocol. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - valid IP protocol. + vars: config_file: "{{ config_ip_proto_valid_2 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - valid IP protocol. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid IP protocol. + vars: config_file: "{{ config_ip_proto_invalid_1 }}" test_expect_file: "{{ config_ip_proto_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid IP protocol. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid IP protocol. + vars: config_file: "{{ config_ip_proto_invalid_2 }}" test_expect_file: "{{ config_ip_proto_expect }}" errors_expected: true run_cleanup: true - - name: Rule test - invalid IP protocol. include: "{{ run_config_test }}" #---------------------------------------------- # IP ADDRESS #---------------------------------------------- - - set_fact: + - name: Create L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Create L3 table. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - valid IP address. + vars: config_file: "{{ config_ip_addr_valid_1 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - valid IP address. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - valid IP address. + vars: config_file: "{{ config_ip_addr_valid_2 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - valid IP address. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid IP address. + vars: config_file: "{{ config_ip_addr_invalid_1 }}" test_expect_file: "{{ config_ip_addr_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid IP address. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid IP address. + vars: config_file: "{{ config_ip_addr_invalid_2 }}" test_expect_file: "{{ config_ip_addr_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid IP address. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid IP address. + vars: config_file: "{{ config_ip_addr_invalid_3 }}" test_expect_file: "{{ config_ip_addr_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid IP address. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid IP address. + vars: config_file: "{{ config_ip_addr_invalid_4 }}" test_expect_file: "{{ config_ip_addr_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid IP address. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid IP address. + vars: config_file: "{{ config_ip_addr_invalid_5 }}" test_expect_file: "{{ config_ip_addr_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid IP address. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid IP address. + vars: config_file: "{{ config_ip_addr_invalid_6 }}" test_expect_file: "{{ config_ip_addr_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid IP address. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid IP address. + vars: config_file: "{{ config_ip_addr_invalid_7 }}" test_expect_file: "{{ config_ip_addr_expect }}" errors_expected: true run_cleanup: true - - name: Rule test - invalid IP address. include: "{{ run_config_test }}" #---------------------------------------------- # TCP FLAGS #---------------------------------------------- - - set_fact: + - name: Create L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_empty_expect }}" run_cleanup: false errors_expected: false - - name: Create L3 table. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - valid TCP flags. + vars: config_file: "{{ config_tcp_flags_valid_1 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - valid TCP flags. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - valid TCP flags. + vars: config_file: "{{ config_tcp_flags_valid_2 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - valid TCP flags. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid TCP flags. + vars: config_file: "{{ config_tcp_flags_invalid_1 }}" test_expect_file: "{{ config_tcp_flags_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid TCP flags. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid TCP flags. + vars: config_file: "{{ config_tcp_flags_invalid_2 }}" test_expect_file: "{{ config_tcp_flags_expect }}" errors_expected: true run_cleanup: true - - name: Rule test - invalid TCP flags. include: "{{ run_config_test }}" #---------------------------------------------- # L4 port #---------------------------------------------- - - set_fact: + - name: Create L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Create L3 table. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - valid L4 port. + vars: config_file: "{{ config_l4_port_valid }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - valid L4 port. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid L4 port. + vars: config_file: "{{ config_l4_port_invalid_1 }}" test_expect_file: "{{ config_l4_port_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid L4 port. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid L4 port. + vars: config_file: "{{ config_l4_port_invalid_2 }}" test_expect_file: "{{ config_l4_port_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid L4 port. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid L4 port. + vars: config_file: "{{ config_l4_port_invalid_3 }}" test_expect_file: "{{ config_l4_port_expect }}" errors_expected: true run_cleanup: true - - name: Rule test - invalid L4 port. include: "{{ run_config_test }}" #---------------------------------------------- # Packet action #---------------------------------------------- - - set_fact: + - name: Create L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Create L3 table. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - valid packet action. + vars: config_file: "{{ config_packet_action_valid }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - valid packet action. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid packet action. + vars: config_file: "{{ config_packet_action_invalid_1 }}" test_expect_file: "{{ config_packet_action_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid packet action. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid packet action. + vars: config_file: "{{ config_packet_action_invalid_2 }}" test_expect_file: "{{ config_packet_action_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid packet action. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - dscp in L3 table. + vars: config_file: "{{ config_dscp_in_l3_table }}" test_expect_file: "{{ config_dscp_in_l3_table_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - dscp in L3 table. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - empty rule with no expectes. + vars: config_file: "{{ config_rule_empty_invalid }}" test_expect_file: "{{ config_rule_empty_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - empty rule with no expectes. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - create rule in non-existing table. + vars: config_file: "{{ config_rule_in_non_existing_table }}" test_expect_file: "{{ config_rule_in_non_existing_table_expect }}" errors_expected: true run_cleanup: true - - name: Rule test - create rule in non-existing table. include: "{{ run_config_test }}" #---------------------------------------------- # test duplicate rule creation #---------------------------------------------- - - set_fact: + - name: Create L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Create L3 table. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - valid rule. + vars: config_file: "{{ config_rule }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - valid rule. include: "{{ run_config_test }}" # Duplicate rule! - - set_fact: + - name: Rule test - duplicate rule creation. + vars: config_file: "{{ config_rule }}" test_expect_file: "{{ config_duplicate_rule_expect }}" errors_expected: true run_cleanup: true - - name: Rule test - duplicate rule creation. include: "{{ run_config_test }}" @@ -711,93 +536,93 @@ #---------------------------------------------------------------------------------- # Prepare valid config: create ACL table. - - set_fact: + - name: Create L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Create L3 table. include: "{{ run_config_test }}" # Prepare valid config: create ACL rule. - - set_fact: + - name: Create a rule inside of ACL table (which is created previously). + vars: config_file: "{{ config_rule }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Create a rule inside of ACL table (which is created previously). include: "{{ run_config_test }}" # Invalid table deletion: try to delete existing table that contains rules. - - set_fact: + - name: Try to delete existing table with rules (errors expected). + vars: config_file: "{{ config_del_table_with_rules }}" test_expect_file: "{{ config_del_table_expect }}" errors_expected: true run_cleanup: false - - name: Try to delete existing table with rules (errors expected). include: "{{ run_config_test }}" # Valid rule deletion. - - set_fact: + - name: Delete an existing rule test. + vars: config_file: "{{ config_del_rule_valid }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Delete an existing rule test. include: "{{ run_config_test }}" # Valid table deletion. - - set_fact: + - name: Delete an existing table test. + vars: config_file: "{{ config_del_table_valid }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: true - - name: Delete an existing table test. include: "{{ run_config_test }}" # Prepare valid config: create ACL table. - - set_fact: + - name: Create L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Create L3 table. include: "{{ run_config_test }}" # Delete non-existing rule from existing table. - - set_fact: + - name: Delete non-existing rule test. + vars: config_file: "{{ config_del_rule_non_existing }}" test_expect_file: "{{ config_del_rule_expect }}" errors_expected: true run_cleanup: false - - name: Delete non-existing rule test. include: "{{ run_config_test }}" - - set_fact: + - name: Delete non-existing table test. + vars: config_file: "{{ config_del_table_non_existing }}" test_expect_file: "{{ config_del_table_expect }}" errors_expected: true run_cleanup: true - - name: Delete non-existing table test. include: "{{ run_config_test }}" # Prepare valid config: create ACL table. - - set_fact: + - name: Create L3 table. + vars: config_file: "{{ config_table_type_l3 }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Create L3 table. include: "{{ run_config_test }}" # delete table with different fields provided - - set_fact: + - name: Delete table with different fields provided. + vars: config_file: "{{ config_del_table_diff_fields }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: true - - name: Delete table with different fields provided. include: "{{ run_config_test }}" always: diff --git a/ansible/roles/test/tasks/acl/acl_port_bind_test/acl_port_bind_test.yml b/ansible/roles/test/tasks/acl/acl_port_bind_test/acl_port_bind_test.yml index 793aff6c39e..250b4360666 100644 --- a/ansible/roles/test/tasks/acl/acl_port_bind_test/acl_port_bind_test.yml +++ b/ansible/roles/test/tasks/acl/acl_port_bind_test/acl_port_bind_test.yml @@ -2,23 +2,7 @@ # Port bind testing. #----------------------------------------- -- set_fact: - config_bind_unknown_port: "{{ 'config_bind_unknown_port.json' }}" - config_bind_unknown_port_expect: "{{ 'config_bind_unknown_port_expect_file' }}" - config_bind_duplicate_port: "{{ 'config_bind_duplicate_port.json' }}" - config_bind_duplicate_port_expect: "{{ 'config_bind_duplicate_port_expect_file' }}" - config_bind_valid_port: "{{ 'config_bind_valid_port.json' }}" - config_unbind_port: "{{ 'config_unbind_port.json' }}" - config_empty_expect: "{{ 'config_empty_expect_file' }}" - - testname: "{{ 'acl_port_bind_test' }}" - -- set_fact: - config_files: - - "{{ config_bind_unknown_port }}" - - "{{ config_bind_duplicate_port }}" - - "{{ config_bind_valid_port }}" - - "{{ config_unbind_port }}" +- include_vars: "{{ vars_files_location }}/acl_port_bind_test_vars.yml" - name: Copy JSON configs onto switch. copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" @@ -31,36 +15,36 @@ - "{{ config_files }}" - block: - - set_fact: + - name: Run test test with unknown port. + vars: config_file: "{{ config_bind_unknown_port }}" test_expect_file: "{{ config_bind_unknown_port_expect }}" errors_expected: true run_cleanup: true - - name: Run ACL port bind test with include: "{{ run_config_test }}" - - set_fact: + - name: Run test with duplicate port. + vars: config_file: "{{ config_bind_duplicate_port }}" test_expect_file: "{{ config_bind_duplicate_port_expect }}" errors_expected: true run_cleanup: true - - name: Run test include: "{{ run_config_test }}" - - set_fact: + - name: Run test with valid port. + vars: config_file: "{{ config_bind_valid_port }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Run test include: "{{ run_config_test }}" - - set_fact: + - name: Run test to unbind port. + vars: config_file: "{{ config_unbind_port }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: true - - name: Run test include: "{{ run_config_test }}" always: diff --git a/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml b/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml index c87a5e66325..ec61a865b4e 100644 --- a/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml +++ b/ansible/roles/test/tasks/acl/acl_port_range_test/acl_port_range_test.yml @@ -18,64 +18,7 @@ - fail: msg="Please set switch_if variable (interface that switch is connected to host)" when: switch_if is not defined -- set_fact: - - # configuration-test settings - config_table_type_l3: "{{ 'config_table_type_l3.json' }}" - config_mirror_session: "{{ 'config_mirror_session.json' }}" - config_table_type_mirror: "{{ 'config_table_type_mirror.json' }}" - config_l4_port_range_1_on_l3_table: "{{ 'config_l4_port_range_1_on_l3_table.json' }}" - config_l4_port_range_2_on_l3_table: "{{ 'config_l4_port_range_2_on_l3_table.json' }}" - config_l4_port_range_on_mirror_table: "{{ 'config_l4_port_range_on_mirror_table.json' }}" - config_l4_full_port_range: "{{ 'config_l4_full_port_range.json' }}" - config_l4_limited_port_range: "{{ 'config_l4_limited_port_range.json' }}" - config_delete_limited_port_range: "{{ 'config_delete_limited_port_range.json' }}" - config_delete_different_port_range: "{{ 'config_delete_different_port_range.json' }}" - config_l4_port_range_invalid_1: "{{ 'config_l4_port_range_invalid_1.json' }}" - config_l4_port_range_invalid_2: "{{ 'config_l4_port_range_invalid_2.json' }}" - config_l4_port_range_invalid_3: "{{ 'config_l4_port_range_invalid_3.json' }}" - config_l4_port_range_invalid_4: "{{ 'config_l4_port_range_invalid_4.json' }}" - config_l4_port_range_invalid_5: "{{ 'config_l4_port_range_invalid_5.json' }}" - config_l4_port_range_invalid_6: "{{ 'config_l4_port_range_invalid_6.json' }}" - config_l4_port_range_invalid_7: "{{ 'config_l4_port_range_invalid_7.json' }}" - config_l4_port_range_invalid_8: "{{ 'config_l4_port_range_invalid_8.json' }}" - - config_l4_port_range_expect: "{{ 'config_l4_port_range_expect_file' }}" - config_empty_expect: "{{ 'config_empty_expect_file' }}" - host_testdir: "{{ '/tmp/ptf_tests' }}" - - # traffic-test settings - table_name: "{{ 'acl_test_table' }}" - rule_limited_port_range_name: "{{ 'acl_rule_limited_port_range' }}" - packets_sent: "{{ '3' }}" - - # mirror-testing settings - switch_if_ip: "{{ '20.0.0.1' }}" - ptf_host_if_ip: "{{ '20.0.0.2' }}" - dst_mirror_subnet: "{{ '2.0.0.0/24' }}" - -- set_fact: - config_files: - - "{{ config_table_type_l3 }}" - - "{{ config_mirror_session }}" - - "{{ config_table_type_mirror }}" - - "{{ config_l4_port_range_1_on_l3_table }}" - - "{{ config_l4_port_range_2_on_l3_table }}" - - "{{ config_l4_port_range_on_mirror_table }}" - - "{{ config_l4_full_port_range }}" - - "{{ config_l4_limited_port_range }}" - - "{{ config_delete_limited_port_range }}" - - "{{ config_delete_different_port_range }}" - - "{{ config_l4_port_range_invalid_1 }}" - - "{{ config_l4_port_range_invalid_2 }}" - - "{{ config_l4_port_range_invalid_3 }}" - - "{{ config_l4_port_range_invalid_4 }}" - - "{{ config_l4_port_range_invalid_5 }}" - - "{{ config_l4_port_range_invalid_6 }}" - - "{{ config_l4_port_range_invalid_7 }}" - - "{{ config_l4_port_range_invalid_8 }}" - - testname: "{{ 'acl_port_range_test' }}" +- include_vars: "{{ vars_files_location }}/acl_port_range_test_vars.yml" - name: Copy JSON configs onto switch. copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" @@ -101,12 +44,12 @@ - name: Create an L3 table. shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }} - - set_fact: + - name: Rule test - valid port range on L3 table. + vars: config_file: "{{ config_l4_port_range_1_on_l3_table }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - valid port range on L3 table. include: "{{ run_config_test }}" - block: @@ -119,12 +62,12 @@ - fail: msg="Redis DB has NOT got an appropriate field for rule (config file used - {{ config_l4_port_range_1_on_l3_table }})" when: grep.rc != 0 - - set_fact: + - name: Rule test - put L4_DST_RANGE and L4_SRC_RANGE into one rule. + vars: config_file: "{{ config_l4_port_range_2_on_l3_table }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - put L4_DST_RANGE and L4_SRC_RANGE into one rule. include: "{{ run_config_test }}" - name: Run config cleanup after. @@ -143,12 +86,12 @@ - name: Add route. shell: ip route add {{ dst_mirror_subnet }} via {{ switch_if_ip }} - - set_fact: + - name: Rule test - valid port range on mirror table. + vars: config_file: "{{ config_l4_port_range_on_mirror_table }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - valid port range on mirror table. include: "{{ run_config_test }}" - block: @@ -170,68 +113,68 @@ - name: Create an L3 table. shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_table_type_l3 }} - - set_fact: + - name: Rule test - negative numbers used in range. + vars: config_file: "{{ config_l4_port_range_invalid_1 }}" test_expect_file: "{{ config_l4_port_range_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - negative numbers used in range. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - boundaries reversed. + vars: config_file: "{{ config_l4_port_range_invalid_2 }}" test_expect_file: "{{ config_l4_port_range_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - boundaries reversed. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - port out of range. + vars: config_file: "{{ config_l4_port_range_invalid_3 }}" test_expect_file: "{{ config_l4_port_range_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - port out of range. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - invalid syntax used in range. + vars: config_file: "{{ config_l4_port_range_invalid_4 }}" test_expect_file: "{{ config_l4_port_range_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - invalid syntax used in range. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - two ranges in rule, both matching source port. + vars: config_file: "{{ config_l4_port_range_invalid_5 }}" test_expect_file: "{{ config_l4_port_range_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - two ranges in rule, both matching source port. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - two ranges in rule, both matching destination port. + vars: config_file: "{{ config_l4_port_range_invalid_6 }}" test_expect_file: "{{ config_l4_port_range_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - two ranges in rule, both matching destination port. include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - three valid ranges in one rule (error case). + vars: config_file: "{{ config_l4_port_range_invalid_7 }}" test_expect_file: "{{ config_l4_port_range_expect }}" errors_expected: true run_cleanup: false - - name: Rule test - three valid ranges in one rule (error case). include: "{{ run_config_test }}" - - set_fact: + - name: Rule test - 17 valid rules (syncd might crash). + vars: config_file: "{{ config_l4_port_range_invalid_8 }}" test_expect_file: "{{ config_l4_port_range_expect }}" errors_expected: false run_cleanup: false - - name: Rule test - 17 valid rules (syncd might crash). include: "{{ run_config_test }}" - block: @@ -253,12 +196,12 @@ - name: Create the rule with limited port range permitted (1028 - 4096). shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_l4_limited_port_range }} - - set_fact: + - name: Delete rule test - rule with port range. + vars: config_file: "{{ config_delete_limited_port_range }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Delete rule test - rule with port range. include: "{{ run_config_test }}" - block: @@ -276,12 +219,12 @@ - name: Create the rule with limited port range permitted (1028 - 4096). shell: docker exec -i orchagent swssconfig {{ docker_testdir }}/{{ config_l4_limited_port_range }} - - set_fact: + - name: Delete rule test - rule with port range. + vars: config_file: "{{ config_delete_different_port_range }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: false - - name: Delete rule test - rule with port range. include: "{{ run_config_test }}" - block: @@ -299,11 +242,11 @@ #---------------------------------------------- - block: - - set_fact: + - name: Initialize loganalizer. Put start marker to log file. + vars: test_expect_file: "{{ config_empty_expect }}" loganalyzer_run_init: true loganalyzer_run_analyze: false - - name: Initialize loganalizer. Put start marker to log file. include: "{{ run_loganalyzer }}" - name: Set host interface IP address. @@ -343,7 +286,8 @@ delegate_to: "{{ ptf_host }}" - name: Wait for counters to update (it updates every 10 sec) ... - shell: sleep 10 + pause: + seconds: 10 - name: Read result counters value (after sending packets). command: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_limited_port_range_name }}" Packets @@ -369,7 +313,8 @@ delegate_to: "{{ ptf_host }}" - name: Wait for counters to update (it updates every 10 sec) ... - shell: sleep 10 + pause: + seconds: 10 - name: Read result counters value (after sending packets). shell: docker exec -i database redis-cli -n 2 HGET "COUNTERS:{{ table_name }}:{{ rule_limited_port_range_name }}" Packets @@ -380,11 +325,11 @@ when: (counters_value_result.stdout|int - counters_value_initial.stdout|int) != 0 always: - - set_fact: + - name: Run analyze-phase and check if no errors occured. + vars: test_expect_file: "{{ config_empty_expect }}" loganalyzer_run_analyze: true loganalyzer_run_init: false - - name: Run analyze-phase and check if no errors occured. include: "{{ run_loganalyzer }}" always: diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/acl_traffic_test.yml b/ansible/roles/test/tasks/acl/acl_traffic_test/acl_traffic_test.yml index 8f90ad8319c..543ee4f73fa 100644 --- a/ansible/roles/test/tasks/acl/acl_traffic_test/acl_traffic_test.yml +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/acl_traffic_test.yml @@ -2,52 +2,10 @@ # Perform ACL traffic tests #----------------------------------------- - - fail: msg="Please set ptf_host variable" when: ptf_host is not defined -- set_fact: - host1_ip : 21.0.0.2 - host2_ip : 22.0.0.2 - subnet1 : 21.0.0.0/24 - subnet2 : 22.0.0.0/24 - switch_ip1 : 21.0.0.1 - switch_ip2 : 22.0.0.1 - host_testdir: "{{ '/tmp' }}" - - run_ping_test: "{{ tests_location }}/acl_traffic_test/run_ping_test.yml" - run_ptf_test: "{{ tests_location }}/acl_traffic_test/run_ptf_test.yml" - - config_traffic_drop_ether_ip: "{{ 'config_traffic_drop_ether_ip.json' }}" - config_traffic_drop_src_ip: "{{ 'config_traffic_drop_src_ip.json' }}" - config_traffic_drop_dst_ip: "{{ 'config_traffic_drop_dst_ip.json' }}" - config_traffic_drop_l4_src_port: "{{ 'config_traffic_drop_l4_src_port.json' }}" - config_traffic_drop_l4_dst_port: "{{ 'config_traffic_drop_l4_dst_port.json' }}" - config_traffic_drop_ip_protocol: "{{ 'config_traffic_drop_ip_protocol.json' }}" - config_traffic_drop_ip_type: "{{ 'config_traffic_drop_ip_type.json' }}" - config_traffic_drop_tcp_flags: "{{ 'config_traffic_drop_tcp_flags.json' }}" - config_traffic_drop_priority: "{{ 'config_traffic_drop_priority.json' }}" - config_empty_expect: "{{ 'config_empty_expect_file' }}" - - match_file: "{{ 'loganalyzer_common_match.txt' }}" - ignore_file: "{{ 'loganalyzer_common_ignore.txt' }}" - - loganalyzer_init: "{{ 'roles/test/files/tools/loganalyzer/loganalyzer_init.yml' }}" - loganalyzer_analyze: "{{ 'roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml' }}" - - testname: "{{ 'acl_traffic_test' }}" - -- set_fact: - config_files: - - "{{ config_traffic_drop_ether_ip }}" - - "{{ config_traffic_drop_src_ip }}" - - "{{ config_traffic_drop_dst_ip }}" - - "{{ config_traffic_drop_l4_src_port }}" - - "{{ config_traffic_drop_l4_dst_port }}" - - "{{ config_traffic_drop_ip_protocol }}" - - "{{ config_traffic_drop_ip_type }}" - - "{{ config_traffic_drop_tcp_flags }}" - - "{{ config_traffic_drop_priority }}" +- include_vars: "{{ vars_files_location }}/acl_traffic_test_vars.yml" - name: Copy JSON configs onto switch. copy: src="{{ tests_location }}/{{ testname }}/{{ item }}" dest="{{ run_dir }}/{{ item }}" @@ -71,76 +29,76 @@ delegate_to: "{{ ptf_host }}" - block: - - set_fact: + - name: ACL drop traffic by ether type test + vars: config_file: "{{ config_traffic_drop_ether_ip }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: true run_cleanup: true - - name: ACL drop traffic by ether type test include: "{{ run_ping_test }}" - - set_fact: + - name: ACL drop traffic by source ip address test + vars: config_file: "{{ config_traffic_drop_src_ip }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: true run_cleanup: true - - name: ACL drop traffic by source ip address test include: "{{ run_ping_test }}" - - set_fact: + - name: ACL drop traffic by destination ip address test + vars: config_file: "{{ config_traffic_drop_dst_ip }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: true run_cleanup: true - - name: ACL drop traffic by destination ip address test include: "{{ run_ping_test }}" - - set_fact: + - name: ACL drop traffic by ip prototype test + vars: config_file: "{{ config_traffic_drop_ip_protocol }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: true run_cleanup: true - - name: ACL drop traffic by ip prototype test include: "{{ run_ping_test }}" - - set_fact: + - name: ACL drop traffic by ip type test + vars: config_file: "{{ config_traffic_drop_ip_type }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: true run_cleanup: true - - name: ACL drop traffic by ip type test include: "{{ run_ping_test }}" - - set_fact: + - name: ACL drop traffic by tcp flags test + vars: config_file: "{{ config_traffic_drop_priority }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: false run_cleanup: true - - name: ACL drop traffic by tcp flags test include: "{{ run_ping_test }}" - - set_fact: + - name: ACL drop traffic by destination l4 port test + vars: config_file: "{{ config_traffic_drop_l4_dst_port }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: true run_cleanup: true - - name: ACL drop traffic by destination l4 port test include: "{{ run_ptf_test }}" - - set_fact: + - name: ACL drop traffic by source l4 port test + vars: config_file: "{{ config_traffic_drop_l4_src_port }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: true run_cleanup: true - - name: ACL drop traffic by source l4 port test include: "{{ run_ptf_test }}" - - set_fact: + - name: ACL drop traffic by tcp flags test + vars: config_file: "{{ config_traffic_drop_tcp_flags }}" test_expect_file: "{{ config_empty_expect }}" errors_expected: true run_cleanup: true - - name: ACL drop traffic by tcp flags test include: "{{ run_ptf_test }}" always: diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml index d976ad62ba3..5278aaa6443 100644 --- a/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ping_test.yml @@ -1,15 +1,10 @@ -- block: - - set_fact: - testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" - - - set_fact: - test_out_dir: "{{ out_dir }}/{{ testname_unique }}" - summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" - result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}" +#----------------------------------------- +# Execute ping and check the log. +#----------------------------------------- - - name: Wait for link - command: sleep 40 +- include_vars: "{{ vars_files_location }}/run_ping_test_vars.yml" +- block: - name: Execute ping from host to switch to validate link shell: ping {{ switch_ip1 }} -c 3 register: pingrc @@ -42,14 +37,6 @@ fail: msg="{{ errors_found.stdout }} errors found while running {{ testname }} / {{ config_file }}. Please see {{ test_out_dir }}/{{ result_file }}" when: errors_found.stdout != "0" - - name: Do configuration cleanup after the test - command: systemctl restart orchagent - register: clean_up - when: run_cleanup == true - - - fail: msg="Failed to cleanup the ACL configuration" - when: clean_up.rc != 0 and run_cleanup == true - - - name: Wait for orchagent initialization - command: sleep 35 + - name: Do configuration cleanup. + include: "{{ run_config_cleanup }}" when: run_cleanup == true diff --git a/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml index 5819e13ee7d..7006ff0926a 100644 --- a/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml +++ b/ansible/roles/test/tasks/acl/acl_traffic_test/run_ptf_test.yml @@ -1,15 +1,10 @@ -- block: - - set_fact: - testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" - - - set_fact: - test_out_dir: "{{ out_dir }}/{{ testname_unique }}" - summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" - result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}" +#----------------------------------------- +# Send some TCP packets. +#----------------------------------------- - - name: Wait for link - command: sleep 40 +- include_vars: "{{ vars_files_location }}/run_ptf_test_vars.yml" +- block: - name: Execute ping from host to switch to validate link shell: ping {{ switch_ip1 }} -c 3 register: pingrc @@ -62,14 +57,6 @@ fail: msg="{{ errors_found.stdout }} errors found while running {{ testname }} / {{ config_file }}. Please see {{ test_out_dir }}/{{ result_file }}" when: errors_found.stdout != "0" - - name: Do configuration cleanup after the test - command: systemctl restart orchagent - register: clean_up - when: run_cleanup == true - - - fail: msg="Failed to cleanup the ACL configuration" - when: clean_up.rc != 0 and run_cleanup == true - - - name: Wait for orchagent initialization - command: sleep 35 + - name: Do configuration cleanup. + include: "{{ run_config_cleanup }}" when: run_cleanup == true diff --git a/ansible/roles/test/tasks/acl/run_config_cleanup.yml b/ansible/roles/test/tasks/acl/run_config_cleanup.yml index b00ba97a7c8..d3646a47d1b 100644 --- a/ansible/roles/test/tasks/acl/run_config_cleanup.yml +++ b/ansible/roles/test/tasks/acl/run_config_cleanup.yml @@ -7,4 +7,5 @@ when: clean_up.rc != 0 - name: Wait for orchagent initialization - command: sleep 35 + pause: + seconds: 35 diff --git a/ansible/roles/test/tasks/acl/run_config_test.yml b/ansible/roles/test/tasks/acl/run_config_test.yml index 6f0c1daa567..9704e9c6330 100644 --- a/ansible/roles/test/tasks/acl/run_config_test.yml +++ b/ansible/roles/test/tasks/acl/run_config_test.yml @@ -1,18 +1,13 @@ -- block: - - set_fact: - testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" - - - set_fact: - test_out_dir: "{{ out_dir }}/{{ testname_unique }}" - loganalyzer_init: "{{ 'roles/test/files/tools/loganalyzer/loganalyzer_init.yml' }}" - loganalyzer_analyze: "{{ 'roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml' }}" +#----------------------------------------- +# Test json-configuration: +# 1) Upload json-config through swssconfig. +# 2) Check log through the loganalyzer. +# 3) Run cleanup if needed. +#----------------------------------------- - match_file: "{{ 'loganalyzer_common_match.txt' }}" - ignore_file: "{{ 'loganalyzer_common_ignore.txt' }}" - - summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" - result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}" +- include_vars: "{{ vars_files_location }}/run_config_test_vars.yml" +- block: - name: Initialize loganalizer. Put start marker to log file. include: "{{ loganalyzer_init }}" @@ -46,6 +41,6 @@ - "{{ result_file }}" when: (errors_expected == true and expects_found.stdout == "0") or (errors_expected == false and errors_found.stdout != "0") - - name: Do configuration cleanup after {{ testname}} / {{ config_file }} + - name: Do configuration cleanup after {{ testname }} / {{ config_file }} include: "{{ run_config_cleanup }}" when: run_cleanup == true diff --git a/ansible/roles/test/tasks/acl/run_loganalyzer.yml b/ansible/roles/test/tasks/acl/run_loganalyzer.yml index 54ceb7daeb7..43d0af79486 100644 --- a/ansible/roles/test/tasks/acl/run_loganalyzer.yml +++ b/ansible/roles/test/tasks/acl/run_loganalyzer.yml @@ -1,18 +1,9 @@ -- set_fact: - testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" +#----------------------------------------- +# This script is used whether to run init +# or analyze-phase of loganalyzer. +#----------------------------------------- -- set_fact: - test_out_dir: "{{ out_dir }}/{{ testname_unique }}" - loganalyzer_init: "{{ 'roles/test/files/tools/loganalyzer/loganalyzer_init.yml' }}" - loganalyzer_analyze: "{{ 'roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml' }}" - - match_file: "{{ 'loganalyzer_common_match.txt' }}" - ignore_file: "{{ 'loganalyzer_common_ignore.txt' }}" - - summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" - result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}" - - run_analyze_and_check: "{{ tests_location }}/run_analyze_and_check.yml" +- include_vars: "{{ vars_files_location }}/run_loganalyzer_vars.yml" - name: Initialize loganalizer. Put start marker to log file. include: "{{ loganalyzer_init }}" diff --git a/ansible/vars/acl/acl_counter_traffic_test_vars.yml b/ansible/vars/acl/acl_counter_traffic_test_vars.yml new file mode 100644 index 00000000000..97ec99b6a13 --- /dev/null +++ b/ansible/vars/acl/acl_counter_traffic_test_vars.yml @@ -0,0 +1,34 @@ +--- + +testname: acl_counter_traffic_test + +acl_check_db: "{{ tests_location }}/acl_counter_traffic_test/acl_check_db.yml" + +config_table_type_l3: config_table_type_l3.json +config_rule: config_rule.json +config_rule_delete: config_rule_delete.json + +config_mirror_session: config_mirror_session.json +config_table_type_mirror: config_table_type_mirror.json +config_rule_mirror: config_rule_mirror.json +config_rule_mirror_delete: config_rule_mirror_delete.json + +table_name: acl_test_table +rule_name: acl_config_rule +mirror_table_name: acl_test_table_mirror +mirror_rule_name: acl_config_rule_mirror + +switch_if1_ip: 20.0.0.1 +switch_if2_ip: 21.0.0.1 +dst_mirror_subnet: 2.0.0.0/24 +packets_sent: 3 + +config_files: + - "{{ config_table_type_l3 }}" + - "{{ config_rule }}" + - "{{ config_rule_delete }}" + - "{{ config_mirror_session }}" + - "{{ config_table_type_mirror }}" + - "{{ config_rule_mirror }}" + - "{{ config_rule_mirror_delete }}" + diff --git a/ansible/vars/acl/acl_input_test_vars.yml b/ansible/vars/acl/acl_input_test_vars.yml new file mode 100644 index 00000000000..1cb5ddb6995 --- /dev/null +++ b/ansible/vars/acl/acl_input_test_vars.yml @@ -0,0 +1,6 @@ +--- + +testname: acl_input_test + +acl_config_valid: acl_config_valid.json +acl_config_invalid: acl_config_invalid.json diff --git a/ansible/vars/acl/acl_orchagent_logic_test_vars.yml b/ansible/vars/acl/acl_orchagent_logic_test_vars.yml new file mode 100644 index 00000000000..a89924afb47 --- /dev/null +++ b/ansible/vars/acl/acl_orchagent_logic_test_vars.yml @@ -0,0 +1,166 @@ +--- + +testname: acl_orchagent_logic_test + +# L3 - already tested, so here we check some bad cases. +config_table_type_l3: config_table_type_l3.json +config_table_type_invalid_1: config_table_type_invalid_1.json +config_table_type_invalid_2: config_table_type_invalid_2.json +config_table_type_expect: config_table_type_expect_file + +config_rule: config_rule.json + +# Syntax-test config files. +config_port_invalid_1: config_port_invalid_1.json +config_port_invalid_2: config_port_invalid_2.json +config_port_expect: config_port_expect_file + +config_operation_invalid_1: config_operation_invalid_1.json +config_operation_invalid_2: config_operation_invalid_2.json + +config_extra_field_invalid: config_extra_field_invalid.json +config_extra_field_expect: config_extra_field_expect_file + +config_priority_invalid_1: config_priority_invalid_1.json +config_priority_invalid_2: config_priority_invalid_2.json +config_priority_valid_max: config_priority_valid_max.json +config_priority_expect: config_priority_expect_file + +config_ether_type_invalid_1: config_ether_type_invalid_1.json +config_ether_type_invalid_2: config_ether_type_invalid_2.json +config_ether_type_valid_1: config_ether_type_valid_1.json +config_ether_type_valid_2: config_ether_type_valid_2.json +config_ether_type_expect: config_ether_type_expect_file + +config_ip_type_invalid_1: config_ip_type_invalid_1.json +config_ip_type_invalid_2: config_ip_type_invalid_2.json +config_ip_type_valid_1: config_ip_type_valid_1.json +config_ip_type_valid_2: config_ip_type_valid_2.json +config_ip_type_expect: config_ip_type_expect_file + +config_ip_proto_invalid_1: config_ip_proto_invalid_1.json +config_ip_proto_invalid_2: config_ip_proto_invalid_2.json +config_ip_proto_valid_1: config_ip_proto_valid_1.json +config_ip_proto_valid_2: config_ip_proto_valid_2.json +config_ip_proto_expect: config_ip_proto_expect_file + +config_ip_addr_invalid_1: config_ip_addr_invalid_1.json +config_ip_addr_invalid_2: config_ip_addr_invalid_2.json +config_ip_addr_invalid_3: config_ip_addr_invalid_3.json +config_ip_addr_invalid_4: config_ip_addr_invalid_4.json +config_ip_addr_invalid_5: config_ip_addr_invalid_5.json +config_ip_addr_invalid_6: config_ip_addr_invalid_6.json +config_ip_addr_invalid_7: config_ip_addr_invalid_7.json +config_ip_addr_valid_1: config_ip_addr_valid_1.json +config_ip_addr_valid_2: config_ip_addr_valid_2.json +config_ip_addr_expect: config_ip_addr_expect_file + +config_tcp_flags_valid_1: config_tcp_flags_valid_1.json +config_tcp_flags_valid_2: config_tcp_flags_valid_2.json +config_tcp_flags_invalid_1: config_tcp_flags_invalid_1.json +config_tcp_flags_invalid_2: config_tcp_flags_invalid_2.json +config_tcp_flags_expect: config_tcp_flags_expect_file + +config_l4_port_valid: config_l4_port_valid.json +config_l4_port_invalid_1: config_l4_port_invalid_1.json +config_l4_port_invalid_2: config_l4_port_invalid_2.json +config_l4_port_invalid_3: config_l4_port_invalid_3.json +config_l4_port_expect: config_l4_port_expect_file + +config_packet_action_valid: config_packet_action_valid.json +config_packet_action_invalid_1: config_packet_action_invalid_1.json +config_packet_action_invalid_2: config_packet_action_invalid_2.json +config_packet_action_expect: config_packet_action_expect_file + +config_dscp_in_l3_table: config_dscp_in_l3_table.json +config_dscp_in_l3_table_expect: config_dscp_in_l3_table_expect_file + +config_rule_empty_invalid: config_rule_empty.json +config_rule_empty_expect: config_rule_empty_expect_file + +config_rule_in_non_existing_table: config_rule_in_non_existing_table.json +config_rule_in_non_existing_table_expect: config_rule_in_non_existing_table_expect_file + +# Deleting-test config files. +config_del_rule_valid: config_del_rule_valid.json +config_del_rule_non_existing: config_del_rule_non_existing.json +config_del_rule_expect: config_del_rule_expect_file + +config_del_table_valid: config_del_table_valid.json +config_del_table_non_existing: config_del_table_non_existing.json +config_del_table_with_rules: config_del_table_with_rules.json +config_del_table_diff_fields: config_del_table_diff_fields.json +config_del_table_expect: config_del_table_expect_file + +config_empty_expect: config_empty_expect_file +config_duplicate_rule_expect: config_duplicate_rule_expect_file + +config_files: + - "{{ config_table_type_l3 }}" + - "{{ config_rule }}" + + - "{{ config_table_type_invalid_1 }}" + - "{{ config_table_type_invalid_2 }}" + + - "{{ config_port_invalid_1 }}" + - "{{ config_port_invalid_2 }}" + + - "{{ config_operation_invalid_1 }}" + - "{{ config_operation_invalid_2 }}" + + - "{{ config_extra_field_invalid }}" + + - "{{ config_priority_invalid_1 }}" + - "{{ config_priority_invalid_2 }}" + - "{{ config_priority_valid_max }}" + + - "{{ config_ether_type_invalid_1 }}" + - "{{ config_ether_type_invalid_2 }}" + - "{{ config_ether_type_valid_1 }}" + - "{{ config_ether_type_valid_2 }}" + + - "{{ config_ip_type_invalid_1 }}" + - "{{ config_ip_type_invalid_2 }}" + - "{{ config_ip_type_valid_1 }}" + - "{{ config_ip_type_valid_2 }}" + + - "{{ config_ip_proto_invalid_1 }}" + - "{{ config_ip_proto_invalid_2 }}" + - "{{ config_ip_proto_valid_1 }}" + - "{{ config_ip_proto_valid_2 }}" + + - "{{ config_ip_addr_invalid_1 }}" + - "{{ config_ip_addr_invalid_2 }}" + - "{{ config_ip_addr_invalid_3 }}" + - "{{ config_ip_addr_invalid_4 }}" + - "{{ config_ip_addr_invalid_5 }}" + - "{{ config_ip_addr_invalid_6 }}" + - "{{ config_ip_addr_invalid_7 }}" + - "{{ config_ip_addr_valid_1 }}" + - "{{ config_ip_addr_valid_2 }}" + + - "{{ config_tcp_flags_valid_1 }}" + - "{{ config_tcp_flags_valid_2 }}" + - "{{ config_tcp_flags_invalid_1 }}" + - "{{ config_tcp_flags_invalid_2 }}" + + - "{{ config_l4_port_valid }}" + - "{{ config_l4_port_invalid_1 }}" + - "{{ config_l4_port_invalid_2 }}" + - "{{ config_l4_port_invalid_3 }}" + + - "{{ config_packet_action_valid }}" + - "{{ config_packet_action_invalid_1 }}" + - "{{ config_packet_action_invalid_2 }}" + + - "{{ config_dscp_in_l3_table }}" + - "{{ config_rule_empty_invalid }}" + - "{{ config_rule_in_non_existing_table }}" + + - "{{ config_del_rule_valid }}" + - "{{ config_del_rule_non_existing }}" + + - "{{ config_del_table_valid }}" + - "{{ config_del_table_non_existing }}" + - "{{ config_del_table_with_rules }}" + - "{{ config_del_table_diff_fields }}" diff --git a/ansible/vars/acl/acl_port_bind_test_vars.yml b/ansible/vars/acl/acl_port_bind_test_vars.yml new file mode 100644 index 00000000000..8eac7d34306 --- /dev/null +++ b/ansible/vars/acl/acl_port_bind_test_vars.yml @@ -0,0 +1,17 @@ +--- + +testname: acl_port_bind_test + +config_bind_unknown_port: config_bind_unknown_port.json +config_bind_unknown_port_expect: config_bind_unknown_port_expect_file +config_bind_duplicate_port: config_bind_duplicate_port.json +config_bind_duplicate_port_expect: config_bind_duplicate_port_expect_file +config_bind_valid_port: config_bind_valid_port.json +config_unbind_port: config_unbind_port.json +config_empty_expect: config_empty_expect_file + +config_files: + - "{{ config_bind_unknown_port }}" + - "{{ config_bind_duplicate_port }}" + - "{{ config_bind_valid_port }}" + - "{{ config_unbind_port }}" diff --git a/ansible/vars/acl/acl_port_range_test_vars.yml b/ansible/vars/acl/acl_port_range_test_vars.yml new file mode 100644 index 00000000000..c2e9860f70e --- /dev/null +++ b/ansible/vars/acl/acl_port_range_test_vars.yml @@ -0,0 +1,57 @@ +--- + +testname: acl_port_range_test + +# configuration-test settings +config_table_type_l3: config_table_type_l3.json +config_mirror_session: config_mirror_session.json +config_table_type_mirror: config_table_type_mirror.json +config_l4_port_range_1_on_l3_table: config_l4_port_range_1_on_l3_table.json +config_l4_port_range_2_on_l3_table: config_l4_port_range_2_on_l3_table.json +config_l4_port_range_on_mirror_table: config_l4_port_range_on_mirror_table.json +config_l4_full_port_range: config_l4_full_port_range.json +config_l4_limited_port_range: config_l4_limited_port_range.json +config_delete_limited_port_range: config_delete_limited_port_range.json +config_delete_different_port_range: config_delete_different_port_range.json +config_l4_port_range_invalid_1: config_l4_port_range_invalid_1.json +config_l4_port_range_invalid_2: config_l4_port_range_invalid_2.json +config_l4_port_range_invalid_3: config_l4_port_range_invalid_3.json +config_l4_port_range_invalid_4: config_l4_port_range_invalid_4.json +config_l4_port_range_invalid_5: config_l4_port_range_invalid_5.json +config_l4_port_range_invalid_6: config_l4_port_range_invalid_6.json +config_l4_port_range_invalid_7: config_l4_port_range_invalid_7.json +config_l4_port_range_invalid_8: config_l4_port_range_invalid_8.json + +config_l4_port_range_expect: config_l4_port_range_expect_file +config_empty_expect: config_empty_expect_file +host_testdir: /tmp/ptf_tests + +# traffic-test settings +table_name: acl_test_table +rule_limited_port_range_name: acl_rule_limited_port_range +packets_sent: 3 + +# mirror-testing settings +switch_if_ip: 20.0.0.1 +ptf_host_if_ip: 20.0.0.2 +dst_mirror_subnet: 2.0.0.0/24 + +config_files: + - "{{ config_table_type_l3 }}" + - "{{ config_mirror_session }}" + - "{{ config_table_type_mirror }}" + - "{{ config_l4_port_range_1_on_l3_table }}" + - "{{ config_l4_port_range_2_on_l3_table }}" + - "{{ config_l4_port_range_on_mirror_table }}" + - "{{ config_l4_full_port_range }}" + - "{{ config_l4_limited_port_range }}" + - "{{ config_delete_limited_port_range }}" + - "{{ config_delete_different_port_range }}" + - "{{ config_l4_port_range_invalid_1 }}" + - "{{ config_l4_port_range_invalid_2 }}" + - "{{ config_l4_port_range_invalid_3 }}" + - "{{ config_l4_port_range_invalid_4 }}" + - "{{ config_l4_port_range_invalid_5 }}" + - "{{ config_l4_port_range_invalid_6 }}" + - "{{ config_l4_port_range_invalid_7 }}" + - "{{ config_l4_port_range_invalid_8 }}" diff --git a/ansible/vars/acl/acl_traffic_test_vars.yml b/ansible/vars/acl/acl_traffic_test_vars.yml new file mode 100644 index 00000000000..af8d7e80289 --- /dev/null +++ b/ansible/vars/acl/acl_traffic_test_vars.yml @@ -0,0 +1,42 @@ +--- + +host1_ip : 21.0.0.2 +host2_ip : 22.0.0.2 +subnet1 : 21.0.0.0/24 +subnet2 : 22.0.0.0/24 +switch_ip1 : 21.0.0.1 +switch_ip2 : 22.0.0.1 +host_testdir: /tmp + +run_ping_test: "{{ tests_location }}/acl_traffic_test/run_ping_test.yml" +run_ptf_test: "{{ tests_location }}/acl_traffic_test/run_ptf_test.yml" + +config_traffic_drop_ether_ip: config_traffic_drop_ether_ip.json +config_traffic_drop_src_ip: config_traffic_drop_src_ip.json +config_traffic_drop_dst_ip: config_traffic_drop_dst_ip.json +config_traffic_drop_l4_src_port: config_traffic_drop_l4_src_port.json +config_traffic_drop_l4_dst_port: config_traffic_drop_l4_dst_port.json +config_traffic_drop_ip_protocol: config_traffic_drop_ip_protocol.json +config_traffic_drop_ip_type: config_traffic_drop_ip_type.json +config_traffic_drop_tcp_flags: config_traffic_drop_tcp_flags.json +config_traffic_drop_priority: config_traffic_drop_priority.json +config_empty_expect: config_empty_expect_file + +match_file: loganalyzer_common_match.txt +ignore_file: loganalyzer_common_ignore.txt + +loganalyzer_init: roles/test/files/tools/loganalyzer/loganalyzer_init.yml +loganalyzer_analyze: roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml + +testname: acl_traffic_test + +config_files: + - "{{ config_traffic_drop_ether_ip }}" + - "{{ config_traffic_drop_src_ip }}" + - "{{ config_traffic_drop_dst_ip }}" + - "{{ config_traffic_drop_l4_src_port }}" + - "{{ config_traffic_drop_l4_dst_port }}" + - "{{ config_traffic_drop_ip_protocol }}" + - "{{ config_traffic_drop_ip_type }}" + - "{{ config_traffic_drop_tcp_flags }}" + - "{{ config_traffic_drop_priority }}" diff --git a/ansible/vars/acl/acl_vars.yml b/ansible/vars/acl/acl_vars.yml new file mode 100644 index 00000000000..a1c937bb7f5 --- /dev/null +++ b/ansible/vars/acl/acl_vars.yml @@ -0,0 +1,10 @@ +--- + +run_dir: /home/admin/acl_tests +out_dir: /home/admin/acl_tests/results +docker_testdir: /tmp +tests_location: roles/test/tasks/acl + +run_config_test: "{{ tests_location }}/run_config_test.yml" +run_config_cleanup: "{{ tests_location }}/run_config_cleanup.yml" +run_loganalyzer: "{{ tests_location }}/run_loganalyzer.yml" diff --git a/ansible/vars/acl/run_config_test_vars.yml b/ansible/vars/acl/run_config_test_vars.yml new file mode 100644 index 00000000000..0284d436790 --- /dev/null +++ b/ansible/vars/acl/run_config_test_vars.yml @@ -0,0 +1,13 @@ +--- + +testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" + +test_out_dir: "{{ out_dir }}/{{ testname_unique }}" +loganalyzer_init: roles/test/files/tools/loganalyzer/loganalyzer_init.yml +loganalyzer_analyze: roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml + +match_file: loganalyzer_common_match.txt +ignore_file: loganalyzer_common_ignore.txt + +summary_file: summary.loganalysis.{{ testname_unique }}.log +result_file: result.loganalysis.{{ testname_unique }}.log diff --git a/ansible/vars/acl/run_loganalyzer_vars.yml b/ansible/vars/acl/run_loganalyzer_vars.yml new file mode 100644 index 00000000000..78a42e42500 --- /dev/null +++ b/ansible/vars/acl/run_loganalyzer_vars.yml @@ -0,0 +1,15 @@ +--- + +testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" + +test_out_dir: "{{ out_dir }}/{{ testname_unique }}" +loganalyzer_init: roles/test/files/tools/loganalyzer/loganalyzer_init.yml +loganalyzer_analyze: roles/test/files/tools/loganalyzer/loganalyzer_analyze.yml + +match_file: loganalyzer_common_match.txt +ignore_file: loganalyzer_common_ignore.txt + +summary_file: summary.loganalysis.{{ testname_unique }}.log +result_file: result.loganalysis.{{ testname_unique }}.log + +run_analyze_and_check: "{{ tests_location }}/run_analyze_and_check.yml" diff --git a/ansible/vars/acl/run_ping_test_vars.yml b/ansible/vars/acl/run_ping_test_vars.yml new file mode 100644 index 00000000000..500c76536ff --- /dev/null +++ b/ansible/vars/acl/run_ping_test_vars.yml @@ -0,0 +1,7 @@ +--- + +testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" + +test_out_dir: "{{ out_dir }}/{{ testname_unique }}" +summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" +result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}" diff --git a/ansible/vars/acl/run_ptf_test_vars.yml b/ansible/vars/acl/run_ptf_test_vars.yml new file mode 100644 index 00000000000..500c76536ff --- /dev/null +++ b/ansible/vars/acl/run_ptf_test_vars.yml @@ -0,0 +1,7 @@ +--- + +testname_unique: "{{ testname }}.{{ ansible_date_time.date }}.{{ ansible_date_time.time }}" + +test_out_dir: "{{ out_dir }}/{{ testname_unique }}" +summary_file: "{{ 'summary.loganalysis.{{ testname_unique }}.log' }}" +result_file: "{{ 'result.loganalysis.{{ testname_unique }}.log' }}"