From a0bff26a00d63289c0cbd8ff17f5acf930588553 Mon Sep 17 00:00:00 2001 From: Stepan Blyshchak <38952541+stepanblyschak@users.noreply.github.com> Date: Tue, 23 Nov 2021 04:33:07 +0200 Subject: [PATCH] [acl-loader] modify acl-loader with change in STATE DB ACL capability table (#1896) * [acl-loader] modify acl-loader with change in STATE DB ACL capability table Signed-off-by: Stepan Blyshchak --- acl_loader/main.py | 19 +++++++++------- tests/acl_loader_test.py | 4 ++-- tests/mock_tables/asic0/state_db.json | 8 +++++-- tests/mock_tables/asic1/state_db.json | 8 +++++-- tests/mock_tables/asic2/state_db.json | 8 +++++-- tests/mock_tables/state_db.json | 8 +++++-- tests/mock_tables/t1/state_db.json | 32 +++++++++++++++++++-------- 7 files changed, 60 insertions(+), 27 deletions(-) diff --git a/acl_loader/main.py b/acl_loader/main.py index e9c61b915d71..ada71621545f 100644 --- a/acl_loader/main.py +++ b/acl_loader/main.py @@ -78,7 +78,8 @@ class AclLoader(object): POLICER = "POLICER" SESSION_PREFIX = "everflow" SWITCH_CAPABILITY_TABLE = "SWITCH_CAPABILITY" - ACL_ACTIONS_CAPABILITY_FIELD = "ACL_ACTIONS" + ACL_STAGE_CAPABILITY_TABLE = "ACL_STAGE_CAPABILITY_TABLE" + ACL_ACTIONS_CAPABILITY_FIELD = "action_list" ACL_ACTION_CAPABILITY_FIELD = "ACL_ACTION" min_priority = 1 @@ -402,16 +403,18 @@ def validate_actions(self, table_name, action_props): # Same information should be there in all state DB's # as it is static information about switch capability namespace_statedb = list(self.per_npu_statedb.values())[0] - capability = namespace_statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE)) + aclcapability = namespace_statedb.get_all(self.statedb.STATE_DB, "{}|{}".format(self.ACL_STAGE_CAPABILITY_TABLE, stage.upper())) + switchcapability = namespace_statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE)) else: - capability = self.statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE)) + aclcapability = self.statedb.get_all(self.statedb.STATE_DB, "{}|{}".format(self.ACL_STAGE_CAPABILITY_TABLE, stage.upper())) + switchcapability = self.statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE)) for action_key in dict(action_props): - key = "{}|{}".format(self.ACL_ACTIONS_CAPABILITY_FIELD, stage.upper()) - if key not in capability: + action_list_key = self.ACL_ACTIONS_CAPABILITY_FIELD + if action_list_key not in aclcapability: del action_props[action_key] continue - values = capability[key].split(",") + values = aclcapability[action_list_key].split(",") if action_key.upper() not in values: del action_props[action_key] continue @@ -420,11 +423,11 @@ def validate_actions(self, table_name, action_props): # Check if action_value is supported action_value = action_props[action_key] key = "{}|{}".format(self.ACL_ACTION_CAPABILITY_FIELD, action_key.upper()) - if key not in capability: + if key not in switchcapability: del action_props[action_key] continue - if action_value not in capability[key]: + if action_value not in switchcapability[key]: del action_props[action_key] continue diff --git a/tests/acl_loader_test.py b/tests/acl_loader_test.py index e1b7e949ea3a..bae24de9a4f9 100644 --- a/tests/acl_loader_test.py +++ b/tests/acl_loader_test.py @@ -35,7 +35,7 @@ def test_validate_mirror_action(self, acl_loader): "mirror_egress_action": "everflow0" } - # switch capability taken from mock_tables/state_db.json SWITCH_CAPABILITY table + # switch capability taken from mock_tables/state_db.json ACL_STAGE_CAPABILITY_TABLE table assert acl_loader.validate_actions("EVERFLOW", ingress_mirror_rule_props) assert not acl_loader.validate_actions("EVERFLOW", egress_mirror_rule_props) @@ -50,7 +50,7 @@ def test_validate_mirror_action(self, acl_loader): "PACKET_ACTION": "DROP" } - # switch capability taken from mock_tables/state_db.json SWITCH_CAPABILITY table + # switch capability taken from mock_tables/state_db.json ACL_STAGE_CAPABILITY_TABLE table assert acl_loader.validate_actions("DATAACL", forward_packet_action) assert not acl_loader.validate_actions("DATAACL", drop_packet_action) diff --git a/tests/mock_tables/asic0/state_db.json b/tests/mock_tables/asic0/state_db.json index 1e9ae0f848fc..0fb30da28a02 100644 --- a/tests/mock_tables/asic0/state_db.json +++ b/tests/mock_tables/asic0/state_db.json @@ -65,10 +65,14 @@ "SWITCH_CAPABILITY|switch": { "MIRROR": "true", "MIRRORV6": "true", - "ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION", - "ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION", "ACL_ACTION|PACKET_ACTION": "FORWARD" }, + "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { + "action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" + }, + "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { + "action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION" + }, "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": { "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]", "count": "4" diff --git a/tests/mock_tables/asic1/state_db.json b/tests/mock_tables/asic1/state_db.json index 1689f40d8e6c..cd5e2b38614f 100644 --- a/tests/mock_tables/asic1/state_db.json +++ b/tests/mock_tables/asic1/state_db.json @@ -65,10 +65,14 @@ "SWITCH_CAPABILITY|switch": { "MIRROR": "true", "MIRRORV6": "true", - "ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION", - "ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION", "ACL_ACTION|PACKET_ACTION": "FORWARD" }, + "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { + "action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" + }, + "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { + "action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION" + }, "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": { "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]", "count": "4" diff --git a/tests/mock_tables/asic2/state_db.json b/tests/mock_tables/asic2/state_db.json index 411101f05498..98f361b6c587 100644 --- a/tests/mock_tables/asic2/state_db.json +++ b/tests/mock_tables/asic2/state_db.json @@ -65,10 +65,14 @@ "SWITCH_CAPABILITY|switch": { "MIRROR": "true", "MIRRORV6": "true", - "ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION", - "ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION", "ACL_ACTION|PACKET_ACTION": "FORWARD" }, + "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { + "action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" + }, + "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { + "action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION" + }, "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": { "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]", "count": "4" diff --git a/tests/mock_tables/state_db.json b/tests/mock_tables/state_db.json index af2519d3ce21..7c96a5df500d 100644 --- a/tests/mock_tables/state_db.json +++ b/tests/mock_tables/state_db.json @@ -286,10 +286,14 @@ "MIRRORV6": "true", "PORT_TPID_CAPABLE": "true", "LAG_TPID_CAPABLE": "true", - "ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION", - "ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION", "ACL_ACTION|PACKET_ACTION": "FORWARD" }, + "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { + "action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION" + }, + "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { + "action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION" + }, "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": { "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]", "count": "4" diff --git a/tests/mock_tables/t1/state_db.json b/tests/mock_tables/t1/state_db.json index 366749c37841..3221fbaf74ca 100644 --- a/tests/mock_tables/t1/state_db.json +++ b/tests/mock_tables/t1/state_db.json @@ -6114,17 +6114,31 @@ }, "SWITCH_CAPABILITY|switch": { "expireat": 1602454497.423883, - "ttl": -0.001, - "type": "hash", + "ttl": -0.001, + "type": "hash", "value": { - "ACL_ACTIONS|EGRESS": "PACKET_ACTION", - "ACL_ACTIONS|INGRESS": "PACKET_ACTION,MIRROR_INGRESS_ACTION", - "ACL_ACTION|PACKET_ACTION": "DROP,FORWARD", - "MAX_NEXTHOP_GROUP_COUNT": "512", - "MIRROR": "true", - "MIRRORV6": "true" + "MAX_NEXTHOP_GROUP_COUNT": "512", + "MIRROR": "true", + "MIRRORV6": "true", + "PACKET_ACTION": "DROP,FORWARD" } }, + "ACL_STAGE_CAPABILITY_TABLE|EGRESS": { + "expireat": 1602454497.423883, + "ttl": -0.001, + "type": "hash", + "value": { + "action_list": "PACKET_ACTION,MIRROR_INGRESS_ACTION" + } + }, + "ACL_STAGE_CAPABILITY_TABLE|INGRESS": { + "expireat": 1602454497.423883, + "ttl": -0.001, + "type": "hash", + "value": { + "action_list": "PACKET_ACTION" + } + }, "TRANSCEIVER_DOM_SENSOR|Ethernet0": { "expireat": 1602454497.4302251, "ttl": -0.001, @@ -7909,4 +7923,4 @@ "restore_count": "0" } } -} \ No newline at end of file +}