[test]: Remove duplicate legacy ACL tests (#699)

The tests in test_acl.py are duplicate with the ones in the
test_acl_portchannel.py, and those legacy tests do not have
enough clean up processes while lefting extra things in the
database.

Signed-off-by: Shu0T1an ChenG <shuche@microsoft.com>

tests/test_acl.py

@@ -47,15 +47,6 @@ def clean_up_left_over(self, dvs):
         keys = atbl.getKeys()
         assert len(keys) == 0
 
-        atbl = swsscommon.Table(adb, "ASIC_STATE:SAI_OBJECT_TYPE_LAG")
-        keys = atbl.getKeys()
-        for key in keys:
-            atbl._del(key)
-
-        atbl = swsscommon.Table(adb, "ASIC_STATE:SAI_OBJECT_TYPE_LAG")
-        keys = atbl.getKeys()
-        assert len(keys) == 0
-
     def verify_acl_group_num(self, adb, expt):
         atbl = swsscommon.Table(adb, "ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE_GROUP")
         acl_table_groups = atbl.getKeys()
@@ -68,7 +59,7 @@ def verify_acl_group_num(self, adb, expt):
                 if fv[0] == "SAI_ACL_TABLE_GROUP_ATTR_ACL_STAGE":
                     assert fv[1] == "SAI_ACL_STAGE_INGRESS"
                 elif fv[0] == "SAI_ACL_TABLE_GROUP_ATTR_ACL_BIND_POINT_TYPE_LIST":
-                    assert (fv[1] == "1:SAI_ACL_BIND_POINT_TYPE_PORT" or fv[1] == "1:SAI_ACL_BIND_POINT_TYPE_LAG")
+                    assert fv[1] == "1:SAI_ACL_BIND_POINT_TYPE_PORT"
                 elif fv[0] == "SAI_ACL_TABLE_GROUP_ATTR_TYPE":
                     assert fv[1] == "SAI_ACL_TABLE_GROUP_TYPE_PARALLEL"
                 else:
@@ -113,23 +104,6 @@ def verify_acl_port_binding(self, dvs, adb, bind_ports):
         assert len(port_groups) == len(bind_ports)
         assert set(port_groups) == set(acl_table_groups)
 
-    def verify_acl_lag_binding(self, adb, lag_ids):
-        atbl = swsscommon.Table(adb, "ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE_GROUP")
-        acl_table_groups = atbl.getKeys()
-        assert len(acl_table_groups) == len(lag_ids)
-
-        atbl_lag = swsscommon.Table(adb, "ASIC_STATE:SAI_OBJECT_TYPE_LAG")
-        port_groups = []
-        for lag_id in lag_ids:
-            (status, lagfvs) = atbl_lag.get(lag_id)
-            for lagfv in lagfvs:
-                if lagfv[0] == "SAI_LAG_ATTR_INGRESS_ACL":
-                    assert lagfv[1] in acl_table_groups
-                    port_groups.append(lagfv[1])
-
-        assert len(port_groups) == len(lag_ids)
-        assert set(port_groups) == set(acl_table_groups)
-
     def test_AclTableCreation(self, dvs, testlog):
         db = swsscommon.DBConnector(4, dvs.redis_sock, 0)
         adb = swsscommon.DBConnector(1, dvs.redis_sock, 0)
@@ -1110,160 +1084,3 @@ def test_RulesWithDiffMaskLengths(self, dvs, testlog):
         atbl = swsscommon.Table(adb, "ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE")
         keys = atbl.getKeys()
         assert len(keys) >= 1
-
-    def test_AclTableCreationOnLAGMember(self, dvs, testlog):
-        # prepare db and tables
-        self.clean_up_left_over(dvs)
-        db = swsscommon.DBConnector(4, dvs.redis_sock, 0)
-        adb = swsscommon.DBConnector(1, dvs.redis_sock, 0)
-        apldb = swsscommon.DBConnector(0, dvs.redis_sock, 0)
-
-        # create port channel
-        ps = swsscommon.ProducerStateTable(apldb, "LAG_TABLE")
-        fvs = swsscommon.FieldValuePairs([("admin", "up"), ("mtu", "1500")])
-        ps.set("PortChannel0001", fvs)
-
-        # create port channel member
-        ps = swsscommon.ProducerStateTable(apldb, "LAG_MEMBER_TABLE")
-        fvs = swsscommon.FieldValuePairs([("status", "enabled")])
-        ps.set("PortChannel0001:Ethernet12", fvs)
-        time.sleep(1)
-
-        # create acl table
-        tbl = swsscommon.Table(db, "ACL_TABLE")
-        bind_ports = ["Ethernet12"]
-        fvs = swsscommon.FieldValuePairs([("policy_desc", "test_negative"), ("type", "L3"), ("ports", ",".join(bind_ports))])
-        tbl.set("test_negative", fvs)
-        time.sleep(1)
-
-        # verify test result - ACL table creation should fail
-        assert self.verify_if_any_acl_table_created(dvs, adb) == False
-
-    def test_AclTableCreationOnLAG(self, dvs, testlog):
-        # prepare db and tables
-        self.clean_up_left_over(dvs)
-        db = swsscommon.DBConnector(4, dvs.redis_sock, 0)
-        adb = swsscommon.DBConnector(1, dvs.redis_sock, 0)
-        apldb = swsscommon.DBConnector(0, dvs.redis_sock, 0)
-
-        #create port channel
-        ps = swsscommon.ProducerStateTable(apldb, "LAG_TABLE")
-        fvs = swsscommon.FieldValuePairs([("admin", "up"), ("mtu", "1500")])
-        ps.set("PortChannel0002", fvs)
-
-        # create port channel member
-        ps = swsscommon.ProducerStateTable(apldb, "LAG_MEMBER_TABLE")
-        fvs = swsscommon.FieldValuePairs([("status", "enabled")])
-        ps.set("PortChannel0002:Ethernet16", fvs)
-        time.sleep(1)
-
-        # create acl table
-        tbl = swsscommon.Table(db, "ACL_TABLE")
-        bind_ports = ["PortChannel0002"]
-        fvs = swsscommon.FieldValuePairs([("policy_desc", "test_negative"), ("type", "L3"), ("ports", ",".join(bind_ports))])
-        tbl.set("test_LAG", fvs)
-        time.sleep(1)
-
-        # check acl table in asic db
-        test_acl_table_id = self.get_acl_table_id(dvs, adb)
-
-        # check acl table group in asic db
-        self.verify_acl_group_num(adb, 1)
-
-        # get acl table group ids and verify the id numbers
-        atbl = swsscommon.Table(adb, "ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE_GROUP")
-        acl_group_ids = atbl.getKeys()
-        assert len(acl_group_ids) == 1
-
-        # check acl table group member
-        self.verify_acl_group_member(adb, acl_group_ids, test_acl_table_id)
-
-        # get lad ids
-        atbl_lag = swsscommon.Table(adb, "ASIC_STATE:SAI_OBJECT_TYPE_LAG")
-        lag_ids = atbl_lag.getKeys();
-        assert len(lag_ids) == 1
-
-        # check lag binding
-        self.verify_acl_lag_binding(adb, lag_ids)
-
-        tbl = swsscommon.Table(db, "ACL_TABLE")
-        tbl._del("test_LAG")
-
-    def test_AclTableCreationBeforeLAG(self, dvs, testlog):
-        # prepare db and tables
-        self.clean_up_left_over(dvs)
-        db = swsscommon.DBConnector(4, dvs.redis_sock, 0)
-        adb = swsscommon.DBConnector(1, dvs.redis_sock, 0)
-        apldb = swsscommon.DBConnector(0, dvs.redis_sock, 0)
-
-        # create acl table
-        tbl = swsscommon.Table(db, "ACL_TABLE")
-        bind_ports = ["PortChannel0003"]
-        fvs = swsscommon.FieldValuePairs([("policy_desc", "test_negative"), ("type", "L3"), ("ports", ",".join(bind_ports))])
-        tbl.set("test_LAG_2", fvs)
-        time.sleep(1)
-
-        # check acl table in asic db
-        test_acl_table_id = self.get_acl_table_id(dvs, adb)
-
-        # check acl table group in asic db
-        self.verify_acl_group_num(adb, 0)
-
-        # get acl table group ids and verify the id numbers
-        atbl = swsscommon.Table(adb, "ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE_GROUP")
-        acl_group_ids = atbl.getKeys()
-        assert len(acl_group_ids) == 0
-
-        # check acl table group member
-        self.verify_acl_group_member(adb, acl_group_ids, test_acl_table_id)
-
-        # get lad ids
-        atbl_lag = swsscommon.Table(adb, "ASIC_STATE:SAI_OBJECT_TYPE_LAG")
-        lag_ids = atbl_lag.getKeys()
-        assert len(lag_ids) == 0
-
-        # check port binding
-        self.verify_acl_lag_binding(adb, lag_ids)
-
-        # create port channel
-        ps = swsscommon.ProducerStateTable(apldb, "LAG_TABLE")
-        fvs = swsscommon.FieldValuePairs([("admin", "up"), ("mtu", "1500")])
-        ps.set("PortChannel0003", fvs)
-
-        # create port channel member
-        ps = swsscommon.ProducerStateTable(apldb, "LAG_MEMBER_TABLE")
-        fvs = swsscommon.FieldValuePairs([("status", "enabled")])
-        ps.set("PortChannel0003:Ethernet20", fvs)
-        time.sleep(1)
-
-        # notify aclorch that port channel configured
-        stdb = swsscommon.DBConnector(6, dvs.redis_sock, 0)
-        tbl = swsscommon.Table(stdb, "LAG_TABLE")
-        fvs = swsscommon.FieldValuePairs([("state", "ok")])
-        tbl.set("PortChannel0003", fvs)
-        time.sleep(1)
-
-        # check acl table in asic db
-        test_acl_table_id = self.get_acl_table_id(dvs, adb)
-
-        # check acl table group in asic db
-        self.verify_acl_group_num(adb, 1)
-
-        # get acl table group ids and verify the id numbers
-        atbl = swsscommon.Table(adb, "ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE_GROUP")
-        acl_group_ids = atbl.getKeys()
-        assert len(acl_group_ids) == 1
-
-        # check acl table group member
-        self.verify_acl_group_member(adb, acl_group_ids, test_acl_table_id)
-
-        # get lad ids
-        atbl_lag = swsscommon.Table(adb, "ASIC_STATE:SAI_OBJECT_TYPE_LAG")
-        lag_ids = atbl_lag.getKeys()
-        assert len(lag_ids) == 1
-
-        # check port binding
-        self.verify_acl_lag_binding(adb, lag_ids)
-
-        tbl = swsscommon.Table(db, "ACL_TABLE")
-        tbl._del("test_LAG_2")

tests/test_acl_portchannel.py

@@ -27,6 +27,14 @@ def add_port_channel_members(self, dvs, lag, members):
             tbl.set(lag + "|" + member, fvs)
             time.sleep(1)
 
+    def activate_port_channel_members(self, dvs, lag, members):
+        tbl = swsscommon.ProducerStateTable(self.pdb, "LAG_MEMBER_TABLE")
+        fvs = swsscommon.FieldValuePairs([("status", "enabled")])
+
+        for member in members:
+            tbl.set(lag + ":" + member, fvs)
+            time.sleep(1)
+
     def remove_port_channel_members(self, dvs, lag, members):
         tbl = swsscommon.Table(self.cdb, "PORTCHANNEL_MEMBER")
         for member in members:
@@ -59,7 +67,7 @@ def remove_acl_rule(self, dvs, table_name, rule_name):
         tbl._del(table_name + "|" + rule_name, fvs)
         time.sleep(1)
 
-    def check_asic_table(self, dvs):
+    def check_asic_table_existed(self, dvs):
         tbl = swsscommon.Table(self.adb, "ASIC_STATE:SAI_OBJECT_TYPE_LAG")
         lag = tbl.getKeys()[0]
         (status, fvs) = tbl.get(lag)
@@ -106,6 +114,14 @@ def check_asic_table(self, dvs):
         (status, fvs) = tbl.get(table_id)
         assert status == True
 
+    def check_asic_table_absent(self, dvs):
+        tbl = swsscommon.Table(self.adb, "ASIC_STATE:SAI_OBJECT_TYPE_ACL_TABLE")
+        acl_tables = tbl.getKeys()
+        for key in dvs.asicdb.default_acl_tables:
+            assert key in acl_tables
+        acl_tables = [k for k in acl_tables if k not in dvs.asicdb.default_acl_tables]
+
+        assert len(acl_tables) == 0
 
     # Frist create port channel
     # Second create ACL table
@@ -119,7 +135,7 @@ def test_PortChannelAfterAcl(self, dvs):
         self.create_acl_table(dvs, "LAG_ACL_TABLE", "PortChannel01")
 
         # check ASIC table
-        self.check_asic_table(dvs)
+        self.check_asic_table_existed(dvs)
 
         # remove ACL table
         self.remove_acl_table(dvs, "LAG_ACL_TABLE")
@@ -139,7 +155,7 @@ def test_PortChannelBeforeAcl(self, dvs):
         self.create_port_channel(dvs, "PortChannel01")
 
         # check ASIC table
-        self.check_asic_table(dvs)
+        self.check_asic_table_existed(dvs)
 
         # TODO: right now it is not supported to remove port before remove ACL
         # table. Will swap the order after having it supported
@@ -148,3 +164,29 @@ def test_PortChannelBeforeAcl(self, dvs):
 
         # remove port channel
         self.remove_port_channel(dvs, "PortChannel01")
+
+    # ACL table cannot be created upon a member port of a port channel
+    def test_AclOnPortChannelMember(self, dvs):
+        self.setup_db(dvs)
+
+        # create port channel
+        self.create_port_channel(dvs, "PortChannel01")
+
+        # add port channel member
+        self.add_port_channel_members(dvs, "PortChannel01", ["Ethernet0", "Ethernet4"])
+        self.activate_port_channel_members(dvs, "PortChannel01", ["Ethernet0", "Ethernet4"])
+
+        # create ACL table
+        self.create_acl_table(dvs, "LAG_ACL_TABLE", "Ethernet0")
+
+        # check ASIC table
+        self.check_asic_table_absent(dvs)
+
+        # remove_acl_table
+        self.remove_acl_table(dvs, "LAG_ACL_TABLE")
+
+        # remove port channel member
+        self.remove_port_channel_members(dvs, "PortChannel01", ["Ethernet0", "Ethernet4"])
+
+        # remove port channel
+        self.remove_port_channel(dvs, "PortChannel01")