From e0d6b1e11844a546651bd91c62b86a5f7d5841f8 Mon Sep 17 00:00:00 2001 From: Stepan Blyshchak Date: Wed, 20 Oct 2021 03:24:56 +0300 Subject: [PATCH 1/2] [acl-loader] modify acl-loader with change in STATE DB ACL capability table Signed-off-by: Stepan Blyshchak --- acl_loader/main.py | 19 ++++++++++------- tests/acl_loader_test.py | 4 ++-- tests/mock_tables/asic0/state_db.json | 8 +++++-- tests/mock_tables/asic1/state_db.json | 8 +++++-- tests/mock_tables/asic2/state_db.json | 8 +++++-- tests/mock_tables/state_db.json | 10 ++++++--- tests/mock_tables/t1/state_db.json | 30 ++++++++++++++++++++------- 7 files changed, 60 insertions(+), 27 deletions(-) diff --git a/acl_loader/main.py b/acl_loader/main.py index e9c61b915d..1a3c0d2c77 100644 --- a/acl_loader/main.py +++ b/acl_loader/main.py @@ -78,7 +78,8 @@ class AclLoader(object): POLICER = "POLICER" SESSION_PREFIX = "everflow" SWITCH_CAPABILITY_TABLE = "SWITCH_CAPABILITY" - ACL_ACTIONS_CAPABILITY_FIELD = "ACL_ACTIONS" + ACL_STAGE_CAPABILITY_TABLE = "ACL_STAGE_CAPABILITY_TABLE" + ACL_ACTIONS_CAPABILITY_FIELD = "action_list" ACL_ACTION_CAPABILITY_FIELD = "ACL_ACTION" min_priority = 1 @@ -402,16 +403,18 @@ def validate_actions(self, table_name, action_props): # Same information should be there in all state DB's # as it is static information about switch capability namespace_statedb = list(self.per_npu_statedb.values())[0] - capability = namespace_statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE)) + aclcapability = namespace_statedb.get_all(self.statedb.STATE_DB, "{}|{}".format(self.ACL_STAGE_CAPABILITY_TABLE, stage.upper())) + switchcapability = namespace_statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE)) else: - capability = self.statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE)) + aclcapability = self.statedb.get_all(self.statedb.STATE_DB, "{}|{}".format(self.ACL_STAGE_CAPABILITY_TABLE, stage.upper())) + switchcapability = self.statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE)) for action_key in dict(action_props): - key = "{}|{}".format(self.ACL_ACTIONS_CAPABILITY_FIELD, stage.upper()) - if key not in capability: + acl_actions_key = self.ACL_ACTIONS_CAPABILITY_FIELD + if acl_actions_key not in aclcapability: del action_props[action_key] continue - values = capability[key].split(",") + values = aclcapability[acl_actions_key].split(",") if action_key.upper() not in values: del action_props[action_key] continue @@ -420,11 +423,11 @@ def validate_actions(self, table_name, action_props): # Check if action_value is supported action_value = action_props[action_key] key = "{}|{}".format(self.ACL_ACTION_CAPABILITY_FIELD, action_key.upper()) - if key not in capability: + if key not in switchcapability: del action_props[action_key] continue - if action_value not in capability[key]: + if action_value not in switchcapability[key]: del action_props[action_key] continue diff --git a/tests/acl_loader_test.py b/tests/acl_loader_test.py index e1b7e949ea..bae24de9a4 100644 --- a/tests/acl_loader_test.py +++ b/tests/acl_loader_test.py @@ -35,7 +35,7 @@ def test_validate_mirror_action(self, acl_loader): "mirror_egress_action": "everflow0" } - # switch capability taken from mock_tables/state_db.json SWITCH_CAPABILITY table + # switch capability taken from mock_tables/state_db.json ACL_STAGE_CAPABILITY_TABLE table assert acl_loader.validate_actions("EVERFLOW", ingress_mirror_rule_props) assert not acl_loader.validate_actions("EVERFLOW", egress_mirror_rule_props) @@ -50,7 +50,7 @@ def test_validate_mirror_action(self, acl_loader): "PACKET_ACTION": "DROP" } - # switch capability taken from mock_tables/state_db.json SWITCH_CAPABILITY table + # switch capability taken from mock_tables/state_db.json ACL_STAGE_CAPABILITY_TABLE table assert acl_loader.validate_actions("DATAACL", forward_packet_action) assert not acl_loader.validate_actions("DATAACL", drop_packet_action) diff --git a/tests/mock_tables/asic0/state_db.json b/tests/mock_tables/asic0/state_db.json index 1e9ae0f848..f594cde708 100644 --- a/tests/mock_tables/asic0/state_db.json +++ b/tests/mock_tables/asic0/state_db.json @@ -65,10 +65,14 @@ "SWITCH_CAPABILITY|switch": { "MIRROR": "true", "MIRRORV6": "true", - "ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION", - "ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION", "ACL_ACTION|PACKET_ACTION": "FORWARD" }, + "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { + "acl_actions": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" + }, + "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { + "acl_actions": "PACKET_ACTION,MIRROR_EGRESS_ACTION" + }, "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": { "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]", "count": "4" diff --git a/tests/mock_tables/asic1/state_db.json b/tests/mock_tables/asic1/state_db.json index 1689f40d8e..ce2866ca07 100644 --- a/tests/mock_tables/asic1/state_db.json +++ b/tests/mock_tables/asic1/state_db.json @@ -65,10 +65,14 @@ "SWITCH_CAPABILITY|switch": { "MIRROR": "true", "MIRRORV6": "true", - "ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION", - "ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION", "ACL_ACTION|PACKET_ACTION": "FORWARD" }, + "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { + "acl_actions": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" + }, + "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { + "acl_actions": "PACKET_ACTION,MIRROR_EGRESS_ACTION" + }, "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": { "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]", "count": "4" diff --git a/tests/mock_tables/asic2/state_db.json b/tests/mock_tables/asic2/state_db.json index 411101f054..d2c805967e 100644 --- a/tests/mock_tables/asic2/state_db.json +++ b/tests/mock_tables/asic2/state_db.json @@ -65,10 +65,14 @@ "SWITCH_CAPABILITY|switch": { "MIRROR": "true", "MIRRORV6": "true", - "ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION", - "ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION", "ACL_ACTION|PACKET_ACTION": "FORWARD" }, + "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { + "acl_actions": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" + }, + "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { + "acl_actions": "PACKET_ACTION,MIRROR_EGRESS_ACTION" + }, "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": { "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]", "count": "4" diff --git a/tests/mock_tables/state_db.json b/tests/mock_tables/state_db.json index 729725fe22..f6d7e27f05 100644 --- a/tests/mock_tables/state_db.json +++ b/tests/mock_tables/state_db.json @@ -286,9 +286,13 @@ "MIRRORV6": "true", "PORT_TPID_CAPABLE": "true", "LAG_TPID_CAPABLE": "true", - "ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION", - "ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION", - "ACL_ACTION|PACKET_ACTION": "FORWARD" + "PACKET_ACTION": "FORWARD" + }, + "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { + "acl_actions": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" + }, + "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { + "acl_actions": "PACKET_ACTION,MIRROR_EGRESS_ACTION" }, "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": { "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]", diff --git a/tests/mock_tables/t1/state_db.json b/tests/mock_tables/t1/state_db.json index 366749c378..7802acd1c7 100644 --- a/tests/mock_tables/t1/state_db.json +++ b/tests/mock_tables/t1/state_db.json @@ -6114,17 +6114,31 @@ }, "SWITCH_CAPABILITY|switch": { "expireat": 1602454497.423883, - "ttl": -0.001, - "type": "hash", + "ttl": -0.001, + "type": "hash", "value": { - "ACL_ACTIONS|EGRESS": "PACKET_ACTION", - "ACL_ACTIONS|INGRESS": "PACKET_ACTION,MIRROR_INGRESS_ACTION", - "ACL_ACTION|PACKET_ACTION": "DROP,FORWARD", - "MAX_NEXTHOP_GROUP_COUNT": "512", - "MIRROR": "true", - "MIRRORV6": "true" + "MAX_NEXTHOP_GROUP_COUNT": "512", + "MIRROR": "true", + "MIRRORV6": "true", + "PACKET_ACTION": "DROP,FORWARD" } }, + "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { + "expireat": 1602454497.423883, + "ttl": -0.001, + "type": "hash", + "value": { + "acl_actions": "PACKET_ACTION,MIRROR_INGRESS_ACTION" + } + }, + "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { + "expireat": 1602454497.423883, + "ttl": -0.001, + "type": "hash", + "value": { + "acl_actions": "PACKET_ACTION" + } + }, "TRANSCEIVER_DOM_SENSOR|Ethernet0": { "expireat": 1602454497.4302251, "ttl": -0.001, From f561ac4203a686780362951e8b9d50020262c9d3 Mon Sep 17 00:00:00 2001 From: Stepan Blyschak Date: Sat, 23 Oct 2021 18:41:15 +0000 Subject: [PATCH 2/2] fix tests Signed-off-by: Stepan Blyschak --- acl_loader/main.py | 6 +++--- tests/mock_tables/asic0/state_db.json | 4 ++-- tests/mock_tables/asic1/state_db.json | 4 ++-- tests/mock_tables/asic2/state_db.json | 4 ++-- tests/mock_tables/state_db.json | 6 +++--- tests/mock_tables/t1/state_db.json | 6 +++--- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/acl_loader/main.py b/acl_loader/main.py index 1a3c0d2c77..ada7162154 100644 --- a/acl_loader/main.py +++ b/acl_loader/main.py @@ -409,12 +409,12 @@ def validate_actions(self, table_name, action_props): aclcapability = self.statedb.get_all(self.statedb.STATE_DB, "{}|{}".format(self.ACL_STAGE_CAPABILITY_TABLE, stage.upper())) switchcapability = self.statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE)) for action_key in dict(action_props): - acl_actions_key = self.ACL_ACTIONS_CAPABILITY_FIELD - if acl_actions_key not in aclcapability: + action_list_key = self.ACL_ACTIONS_CAPABILITY_FIELD + if action_list_key not in aclcapability: del action_props[action_key] continue - values = aclcapability[acl_actions_key].split(",") + values = aclcapability[action_list_key].split(",") if action_key.upper() not in values: del action_props[action_key] continue diff --git a/tests/mock_tables/asic0/state_db.json b/tests/mock_tables/asic0/state_db.json index f594cde708..0fb30da28a 100644 --- a/tests/mock_tables/asic0/state_db.json +++ b/tests/mock_tables/asic0/state_db.json @@ -68,10 +68,10 @@ "ACL_ACTION|PACKET_ACTION": "FORWARD" }, "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { - "acl_actions": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" + "action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" }, "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { - "acl_actions": "PACKET_ACTION,MIRROR_EGRESS_ACTION" + "action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION" }, "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": { "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]", diff --git a/tests/mock_tables/asic1/state_db.json b/tests/mock_tables/asic1/state_db.json index ce2866ca07..cd5e2b3861 100644 --- a/tests/mock_tables/asic1/state_db.json +++ b/tests/mock_tables/asic1/state_db.json @@ -68,10 +68,10 @@ "ACL_ACTION|PACKET_ACTION": "FORWARD" }, "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { - "acl_actions": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" + "action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" }, "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { - "acl_actions": "PACKET_ACTION,MIRROR_EGRESS_ACTION" + "action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION" }, "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": { "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]", diff --git a/tests/mock_tables/asic2/state_db.json b/tests/mock_tables/asic2/state_db.json index d2c805967e..98f361b6c5 100644 --- a/tests/mock_tables/asic2/state_db.json +++ b/tests/mock_tables/asic2/state_db.json @@ -68,10 +68,10 @@ "ACL_ACTION|PACKET_ACTION": "FORWARD" }, "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { - "acl_actions": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" + "action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" }, "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { - "acl_actions": "PACKET_ACTION,MIRROR_EGRESS_ACTION" + "action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION" }, "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": { "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]", diff --git a/tests/mock_tables/state_db.json b/tests/mock_tables/state_db.json index f6d7e27f05..1b006fd1d0 100644 --- a/tests/mock_tables/state_db.json +++ b/tests/mock_tables/state_db.json @@ -286,13 +286,13 @@ "MIRRORV6": "true", "PORT_TPID_CAPABLE": "true", "LAG_TPID_CAPABLE": "true", - "PACKET_ACTION": "FORWARD" + "ACL_ACTION|PACKET_ACTION": "FORWARD" }, "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { - "acl_actions": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" + "action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" }, "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { - "acl_actions": "PACKET_ACTION,MIRROR_EGRESS_ACTION" + "action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION" }, "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": { "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]", diff --git a/tests/mock_tables/t1/state_db.json b/tests/mock_tables/t1/state_db.json index 7802acd1c7..3221fbaf74 100644 --- a/tests/mock_tables/t1/state_db.json +++ b/tests/mock_tables/t1/state_db.json @@ -6128,7 +6128,7 @@ "ttl": -0.001, "type": "hash", "value": { - "acl_actions": "PACKET_ACTION,MIRROR_INGRESS_ACTION" + "action_list": "PACKET_ACTION,MIRROR_INGRESS_ACTION" } }, "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { @@ -6136,7 +6136,7 @@ "ttl": -0.001, "type": "hash", "value": { - "acl_actions": "PACKET_ACTION" + "action_list": "PACKET_ACTION" } }, "TRANSCEIVER_DOM_SENSOR|Ethernet0": { @@ -7923,4 +7923,4 @@ "restore_count": "0" } } -} \ No newline at end of file +}