X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=resources%2Flibraries%2Fpython%2FIPsecUtil.py;h=70d44e093696c40941c58e33e6d276f15797d399;hb=2fa7bbfebc28b365ca4a5db6513c0be82aaecee8;hp=6cbd48fba36db13b9976efc4caa686568adc21b6;hpb=679e08c0be3165b2cde48ba1efd8313c66a6bd0c;p=csit.git

diff --git a/resources/libraries/python/IPsecUtil.py b/resources/libraries/python/IPsecUtil.py
index 6cbd48fba3..70d44e0936 100644
--- a/resources/libraries/python/IPsecUtil.py
+++ b/resources/libraries/python/IPsecUtil.py
@@ -227,10 +227,9 @@ class IPsecUtil(object):
         """
         ckey = crypto_key.encode('hex')
         ikey = integ_key.encode('hex')
-        tunnel = ''
-        if tunnel_src is not None and tunnel_dst is not None:
-            tunnel = 'tunnel_src {0} tunnel_dst {1}'.format(tunnel_src,
-                                                            tunnel_dst)
+        tunnel = 'tunnel_src {0} tunnel_dst {1}'.format(tunnel_src, tunnel_dst)\
+            if tunnel_src is not None and tunnel_dst is not None else ''
+
         out = VatExecutor.cmd_from_template(node,
                                             "ipsec/ipsec_sad_add_entry.vat",
                                             sad_id=sad_id, spi=spi,
@@ -241,6 +240,30 @@ class IPsecUtil(object):
             out[0],
             err_msg='Add SAD entry failed on {0}'.format(node['host']))
 
+    @staticmethod
+    def vpp_ipsec_sa_set_key(node, sa_id, crypto_key, integ_key):
+        """Update Security Association (SA) keys.
+
+        :param node: VPP node to update SA keys.
+        :param sa_id: SAD entry ID.
+        :param crypto_key: The encryption key string.
+        :param integ_key: The integrity key string.
+        :type node: dict
+        :type sa_id: int
+        :type crypto_key: str
+        :type integ_key: str
+        """
+        ckey = crypto_key.encode('hex')
+        ikey = integ_key.encode('hex')
+
+        out = VatExecutor.cmd_from_template(node,
+                                            "ipsec/ipsec_sa_set_key.vat",
+                                            sa_id=sa_id,
+                                            ckey=ckey, ikey=ikey)
+        VatJsonUtil.verify_vat_retval(
+            out[0],
+            err_msg='Update SA key failed on {0}'.format(node['host']))
+
     @staticmethod
     def vpp_ipsec_add_spd(node, spd_id):
         """Create Security Policy Database on the VPP node.
@@ -267,10 +290,9 @@ class IPsecUtil(object):
         :type spd_id: int
         :type interface: str or int
         """
-        if isinstance(interface, basestring):
-            sw_if_index = Topology.get_interface_sw_index(node, interface)
-        else:
-            sw_if_index = interface
+        sw_if_index = Topology.get_interface_sw_index(node, interface)\
+            if isinstance(interface, basestring) else interface
+
         out = VatExecutor.cmd_from_template(node,
                                             "ipsec/ipsec_interface_add_spd.vat",
                                             spd_id=spd_id, sw_if_id=sw_if_index)