1 # Copyright (c) 2019 Cisco and/or its affiliates.
2 # Licensed under the Apache License, Version 2.0 (the "License");
3 # you may not use this file except in compliance with the License.
4 # You may obtain a copy of the License at:
6 # http://www.apache.org/licenses/LICENSE-2.0
8 # Unless required by applicable law or agreed to in writing, software
9 # distributed under the License is distributed on an "AS IS" BASIS,
10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 # See the License for the specific language governing permissions and
12 # limitations under the License.
15 #TODO: update based on resolution of bug https://jira.fd.io/browse/HONEYCOMB-119
18 | Library | resources.libraries.python.Classify
19 | Library | resources.libraries.python.InterfaceUtil
20 | Library | resources.libraries.python.honeycomb.HcAPIKwACL.ACLKeywords
21 | Library | resources.libraries.python.honeycomb.HcAPIKwInterfaces.InterfaceKeywords
22 | Documentation | Keywords used to manage ACLs.
25 | Honeycomb creates ACL table
26 | | [Documentation] | Uses Honeycomb API to create an ACL table.
28 | | ... | *Arguments:*
29 | | ... | - node - information about a DUT node. Type: dictionary
30 | | ... | - settings - ACL table settings. Type: dictionary
34 | | ... | \| Honeycomb creates ACL table \| ${nodes['DUT1']} \
35 | | ... | \| ${settings} \|
36 | | [Arguments] | ${node} | ${settings}
37 | | Add classify table | ${node} | ${settings}
39 | Honeycomb removes ACL table
40 | | [Documentation] | Uses Honeycomb API to remove and existing ACL table.
42 | | ... | *Arguments:*
43 | | ... | - node - information about a DUT node. Type: dictionary
44 | | ... | - table_name - name of an ACL table. Type: string
48 | | ... | \| Honeycomb removes ACL table \| ${nodes['DUT1']} \| table0 \|
49 | | [Arguments] | ${node} | ${table_name}
50 | | Remove classify table | ${node} | ${table_name}
52 | Honeycomb adds ACL session
53 | | [Documentation] | Uses Honeycomb API to create an ACL session.
55 | | ... | *Arguments:*
56 | | ... | - node - information about a DUT node. Type: dictionary
57 | | ... | - table_name - name of an ACL table. Type: string
58 | | ... | - settings - ACL session settings. Type: dictionary
62 | | ... | \| Honeycomb adds ACL session \| ${nodes['DUT1']} \
63 | | ... | \| table0 \| ${settings} \|
64 | | [Arguments] | ${node} | ${table_name} | ${settings}
65 | | Add classify session | ${node} | ${table_name} | ${settings}
67 | Honeycomb removes ACL session
68 | | [Documentation] | Uses Honeycomb API to remove an ACL session.
70 | | ... | *Arguments:*
71 | | ... | - node - information about a DUT node. Type: dictionary
72 | | ... | - table_name - name of an ACL table. Type: string
73 | | ... | - match - ACL session match setting. Type: string
77 | | ... | \| Honeycomb removes ACL session \| ${nodes['DUT1']} \
78 | | ... | \| table0 \| 00:00:00:00:00:00:01:02:03:04:05:06:00:00:00:00 \|
79 | | [Arguments] | ${node} | ${table_name} | ${match}
80 | | Remove classify session | ${node} | ${table_name} | ${match}
82 | Honeycomb enables ACL on interface
83 | | [Documentation] | Uses Honeycomb API to enable ACL on an interface.
85 | | ... | *Arguments:*
86 | | ... | - node - information about a DUT node. Type: dictionary
87 | | ... | - interface - name of an interface on the specified node. Type: string
88 | | ... | - table_name - name of an ACL table. Type: string
92 | | ... | \| Honeycomb enables ACL on interface \| ${nodes['DUT1']} \
93 | | ... | \| GigabithEthernet0/8/0 \| table0 \|
94 | | [Arguments] | ${node} | ${interface} | ${table_name}
95 | | Enable ACL on interface
96 | | ... | ${node} | ${interface} | ${table_name}
98 | Honeycomb disables ACL on interface
99 | | [Documentation] | Uses Honeycomb API to disable ACL on an interface.
101 | | ... | *Arguments:*
102 | | ... | - node - information about a DUT node. Type: dictionary
103 | | ... | - interface - name of an interface on the specified node. Type: string
107 | | ... | \| Honeycomb disables ACL on interface \| ${nodes['DUT1']} \
108 | | ... | \| GigabithEthernet0/8/0 \|
109 | | [Arguments] | ${node} | ${interface}
110 | | Disable ACL on interface | ${node} | ${interface}
112 | ACL table from Honeycomb should be
113 | | [Documentation] | Retrieves ACL table information from Honeycomb\
114 | | ... | and compares with expected settings.
116 | | ... | *Arguments:*
117 | | ... | - node - information about a DUT node. Type: dictionary
118 | | ... | - settings - expected ACL table settings. Type: dictionary
122 | | ... | \| ACL table from Honeycomb should be \| ${nodes['DUT1']} \
123 | | ... | \| ${settings} \|
124 | | [Arguments] | ${node} | ${settings}
125 | | ${data}= | Get classify table oper data | ${node} | ${settings['name']}
126 | | Compare data structures | ${data} | ${settings}
128 | ACL table from VAT should be
129 | | [Documentation] | Retrieves ACL table information from VAT\
130 | | ... | and compares with expected settings.
132 | | ... | *Arguments:*
133 | | ... | - node - information about a DUT node. Type: dictionary
134 | | ... | - table_index - VPP internal index of an ACL table. Type: integer
135 | | ... | - settings - expected ACL table settings. Type: dictionary
139 | | ... | \| ACL session from PAPI should be \| ${nodes['DUT1']} \
140 | | ... | \| ${0} \| ${settings} \|
141 | | [Arguments] | ${node} | ${table_index} | ${settings}
142 | | ${data}= | Get classify table data | ${node} | ${table_index}
143 | | Compare data structures | ${data} | ${settings}
145 | ACL table from Honeycomb should not exist
146 | | [Documentation] | Retrieves ACL table information from Honeycomb\
147 | | ... | and expects to fail.
149 | | ... | *Arguments:*
150 | | ... | - node - information about a DUT node. Type: dictionary
151 | | ... | - table_name - name of an ACL table. Type: string
155 | | ... | \| ACL table from Honeycomb should not exist \| ${nodes['DUT1']} \
156 | | ... | \| table0 \|
157 | | [Arguments] | ${node} | ${table_name}
158 | | Run keyword and expect error | *
159 | | ... | Get classify table oper data | ${node} | ${table_name}
161 | ACL table from VAT should not exist
162 | | [Documentation] | Retrieves ACL table information from VAT\
163 | | ... | and expects to fail.
165 | | ... | *Arguments:*
166 | | ... | - node - information about a DUT node. Type: dictionary
167 | | ... | - table_index - VPP internal index of an ACL table. Type: integer
171 | | ... | \| ACL table from VAT should not exist \| ${nodes['DUT1']} \
173 | | [Arguments] | ${node} | ${table_index}
174 | | Run keyword and expect error | *
175 | | ... | Get classify table data | ${node} | ${table_index}
177 | ACL session from Honeycomb should be
178 | | [Documentation] | Retrieves ACL session information from Honeycomb\
179 | | ... | and compares with expected settings.
181 | | ... | *Arguments:*
182 | | ... | - node - information about a DUT node. Type: dictionary
183 | | ... | - table_name - name of an ACL table. Type: string
184 | | ... | - settings - expected ACL session settings. Type: dictionary
188 | | ... | \| ACL session from Honeycomb should be \| ${nodes['DUT1']} \
189 | | ... | \| table0 \| ${settings} \|
190 | | [Arguments] | ${node} | ${table_name} | ${settings}
191 | | ${data}= | Get classify session oper data
192 | | ... | ${node} | ${table_name} | ${settings['match']}
193 | | Compare data structures | ${data} | ${settings}
195 | ACL session from PAPI should be
196 | | [Documentation] | Retrieves ACL session information from PAPI\
197 | | ... | and compares with expected settings.
199 | | ... | *Arguments:*
200 | | ... | - node - information about a DUT node. Type: dictionary
201 | | ... | - table_index - VPP internal index of an ACL table. Type: integer
202 | | ... | - settings - expected ACL session settings. Type: dictionary
206 | | ... | \| ACL session from PAPI should be \| ${nodes['DUT1']} \
207 | | ... | \| ${0} \| ${settings} \|
208 | | [Arguments] | ${node} | ${table_index} | ${session_index} | ${settings}
209 | | ${data}= | Get classify session data | ${node} | ${table_index}
210 | | Compare data structures | ${data} | ${settings}
212 | ACL session from Honeycomb should not exist
213 | | [Documentation] | Retrieves ACL session information from Honeycomb\
214 | | ... | and expects to fail.
216 | | ... | *Arguments:*
217 | | ... | - node - information about a DUT node. Type: dictionary
218 | | ... | - table_name - name of an ACL table. Type: string
219 | | ... | - session_match - ACL session match setting. Type: string
223 | | ... | \| ACL session from Honeycomb should not exist \| ${nodes['DUT1']} \
224 | | ... | \| table0 \| 00:00:00:00:00:00:01:02:03:04:05:06:00:00:00:00 \|
225 | | [Arguments] | ${node} | ${table_name} | ${session_match}
226 | | Run keyword and expect error | *KeyError:*
227 | | ... | Get classify session oper data
228 | | ... | ${node} | ${table_name} | ${session_match}
230 | ACL session from PAPI should not exist
231 | | [Documentation] | Retrieves ACL session information from PAPI\
232 | | ... | and compares with expected settings.
234 | | ... | *Arguments:*
235 | | ... | - node - information about a DUT node. Type: dictionary
236 | | ... | - table_index - VPP internal index of an ACL table. Type: integer
237 | | ... | - session_index - VPP internal index of an ACL session. Type: integer
241 | | ... | \| ACL session from PAPI should not exist \| ${nodes['DUT1']} \
243 | | [Arguments] | ${node} | ${table_index}
244 | | Run keyword if | ${session_index} == 0
245 | | ... | Run keyword and expect error
246 | | ... | ValueError: No JSON object could be decoded
247 | | ... | Get classify session data | ${node} | ${table_index}
248 | | Run keyword if | ${session_index} > 0
249 | | ... | Run keyword and expect error
250 | | ... | IndexError: list index out of range
251 | | ... | Get classify session data | ${node} | ${table_index}
253 | Interface ACL configuration from Honeycomb should be
254 | | [Documentation] | Retrieves ACL interface settings from Honeycomb\
255 | | ... | and compares with expected settings.
257 | | ... | *Arguments:*
258 | | ... | - node - information about a DUT node. Type: dictionary
259 | | ... | - interface - name of an interface on the specified node. Type: string
260 | | ... | - table_name - expected ACL table name. Type: string
264 | | ... | \| Interface ACL configuration from Honeycomb should be \
265 | | ... | \| ${nodes['DUT1']} \| GigabithEthernet0/8/0 \| table0 \|
266 | | [Arguments] | ${node} | ${interface} | ${table_name}
267 | | ${data}= | Get interface oper data | ${node} | ${interface}
269 | | ... | ${table_name}
270 | | ... | ${data['vpp-interface-acl:acl']['ingress']['l2-acl']['classify-table']}
271 | | ... | ${data['vpp-interface-acl:acl']['ingress']['ip4-acl']['classify-table']}
273 | Interface ACL configuration from VAT should be
274 | | [Documentation] | Retrieves ACL interface settings from VAT\
275 | | ... | and compares with expected settings.
277 | | ... | *Arguments:*
278 | | ... | - node - information about a DUT node. Type: dictionary
279 | | ... | - interface - name of an interface on the specified node. Type: string
280 | | ... | - table_index - VPP internal index of an ACL table. Type: integer
284 | | ... | \| Interface ACL configuration from VAT should be \
285 | | ... | \| ${nodes['DUT1']} \| GigabithEthernet0/8/0 \| ${0} \|
287 | | [Arguments] | ${node} | ${interface} | ${table_index}
288 | | ${data}= | Get interface classify table | ${node} | ${interface}
289 | | Should be equal | ${table_index} | ${data['l2_table_id']}
290 | | Should be equal | ${table_index} | ${data['ip4_table_id']}
292 | Interface ACL configuration from Honeycomb should be empty
293 | | [Documentation] | Retrieves ACL interface settings from Honeycomb\
294 | | ... | and expects to fail.
296 | | ... | *Arguments:*
297 | | ... | - node - information about a DUT node. Type: dictionary
298 | | ... | - interface - name of an interface on the specified node. Type: string
302 | | ... | \| Interface ACL configuration from Honeycomb should be empty \
303 | | ... | \| ${nodes['DUT1']} \| GigabithEthernet0/8/0 \|
304 | | [Arguments] | ${node} | ${interface}
305 | | ${data}= | Get interface oper data | ${node} | ${interface}
306 | | Run keyword and expect error | *KeyError: 'vpp-interface-acl:acl'
307 | | ... | Set Variable
308 | | ... | ${data['vpp-interface-acl:acl']['l2-acl']['classify-table']}
310 | Interface ACL configuration from VAT should be empty
311 | | [Documentation] | Retrieves ACL interface settings from VAT\
312 | | ... | and expects to fail.
314 | | ... | *Arguments:*
315 | | ... | - node - information about a DUT node. Type: dictionary
316 | | ... | - interface - name of an interface on the specified node. Type: string
320 | | ... | \| Interface ACL configuration from Honeycomb should be empty \
321 | | ... | \| ${nodes['DUT1']} \| GigabithEthernet0/8/0 \|
322 | | [Arguments] | ${node} | ${interface}
323 | | ${data}= | Get interface classify table | ${node} | ${interface}
324 | | ${bitwise_non_zero}= | Convert To Integer | ${0xFFFFFFFF}
325 | | Should be equal | ${data['l2_table_id']} | ${bitwise_non_zero}
326 | | Should be equal | ${data['ip4_table_id']} | ${bitwise_non_zero}
328 | Clear all ACL settings
329 | | [Documentation] | Removes all ACL sessions and tables from Honeycomb\
330 | | ... | configuration.
332 | | ... | *Arguments:*
333 | | ... | - node - information about a DUT node. Type: dictionary
337 | | ... | \| Clear all ACL settings \| ${nodes['DUT1']} \|
338 | | [Arguments] | ${node}
339 | | Remove all classify tables | ${node}
341 | Honeycomb creates ACL chain through ACL plugin
342 | | [Documentation] | Creates classify chain using the ACL plugin.
344 | | ... | *Arguments:*
345 | | ... | - node - Information about a DUT node. Type: dictionary
346 | | ... | - acl_list_name - Name for the classify chain. Type: string
347 | | ... | - acl_list_settings - classify rules. Type: dictionary
348 | | ... | - macip - Use MAC+IP classifier. Optional. Type: boolean
352 | | ... | \| Honeycomb creates ACL chain through ACL plugin \
353 | | ... | \| ${nodes['DUT1']} \| acl_test \| ${settings} \|
354 | | [Arguments] | ${node} | ${acl_list_name} | ${acl_list_settings}
355 | | ... | ${macip}=${False}
356 | | Create ACL plugin classify chain
357 | | ... | ${node} | ${acl_list_name} | ${acl_list_settings}
359 | Honeycomb assigns plugin-ACL chain to interface
360 | | [Documentation] | Applies classification through the high-level\
361 | | ... | IETF-ACL node to an interface.
363 | | ... | *Arguments:*
364 | | ... | - node - Information about a DUT node. Type: dictionary
365 | | ... | - interface - Interface to assign classifier to. Type: string
366 | | ... | - acl_list_name - Name of the clasify chain. Type: string
367 | | ... | - direction - Classifier direction, ingress or egress. Type: string
368 | | ... | - macip - Use MAC+IP classifier. Optional. Type: boolean
372 | | ... | \| Honeycomb assigns plugin-ACL chain to interface \
373 | | ... | \| ${nodes['DUT1']} \| GigabitEthernet0/8/0 \| acl_test \| ingress \|
375 | | ... | ${node} | ${interface} | ${acl_list_name} | ${direction}
376 | | ... | ${macip}=${False}
377 | | Set ACL plugin interface
378 | | ... | ${node} | ${interface} | ${acl_list_name} | ${direction}
380 | Clear plugin-ACL configuration
381 | | [Documentation] | Removes ACl assignment from interface, then deletes\
382 | | ... | IETF-ACL chain.
384 | | ... | *Arguments:*
385 | | ... | - node - Information about a DUT node. Type: dictionary
386 | | ... | - interface - Interface to clean classifiers from. | Type: string
390 | | ... | \| Clear plugin-ACL configuration | ${nodes['DUT1']} \
391 | | ... | \| GigabitEthernet0/8/0 \|
392 | | [Arguments] | ${node} | ${interface}
393 | | Delete interface plugin ACLs | ${node} | ${interface}
394 | | Delete ACL plugin classify chains | ${node}
396 | Read plugin-ACL configuration from VAT
397 | | [Documentation] | Obtains ACL-plugin configuration through VAT and logs\
400 | | ... | *Arguments:*
401 | | ... | - node - Information about a DUT node. Type: dictionary
405 | | ... | \| Read plugin-ACL configuration from VAT \| ${nodes['DUT1']} \|
406 | | [Arguments] | ${node}
407 | | VPP log plugin acl settings | ${node}
408 | | VPP log plugin acl interface assignment | ${node}
410 | Send ICMP packet with type and code and verify received packet
411 | | [Documentation] | Sends an ICMP packet with specified code and type.
413 | | ... | *Arguments:*
415 | | ... | _NOTE:_ Arguments are based on topology:
416 | | ... | TG(if1)->(if1)DUT(if2)->TG(if2)
418 | | ... | - tg_node - Node to execute scripts on (TG). Type: dictionary
419 | | ... | - src_ip - IP of source interface (TG-if1). Type: integer
420 | | ... | - dst_ip - IP of destination interface (TG-if2). Type: integer
421 | | ... | - tx_port - Source interface (TG-if1). Type: string
422 | | ... | - tx_mac - MAC address of source interface (TG-if1). Type: string
423 | | ... | - rx_port - Destionation interface (TG-if1). Type: string
424 | | ... | - rx_mac - MAC address of destination interface (TG-if1). Type: string
425 | | ... | - icmp_type - ICMP type to use. Type: int
426 | | ... | - icmp_code - ICMP code to use. Type: int
430 | | ... | \| Send ICMP packet with type and code and verify received packet \| ${nodes['TG']} \
431 | | ... | \| 16.0.0.1 \| 32.0.0.1 \| eth2 \| 08:00:27:cc:4f:54 \
432 | | ... | \| eth4 \| 08:00:27:c9:6a:d5 \| ${1} \| ${1} \|
434 | | [Arguments] | ${tg_node} | ${src_ip} | ${dst_ip} | ${tx_port} |
435 | | ... | ${tx_mac} | ${rx_port} | ${rx_mac} | ${icmp_type} | ${icmp_code}
436 | | ${tx_port_name}= | Get interface name | ${tg_node} | ${tx_port}
437 | | ${rx_port_name}= | Get interface name | ${tg_node} | ${rx_port}
438 | | ${args}= | Catenate | --src_mac | ${tx_mac}
439 | | ... | --dst_mac | ${rx_mac}
440 | | ... | --src_ip | ${src_ip}
441 | | ... | --dst_ip | ${dst_ip}
442 | | ... | --tx_if | ${tx_port_name}
443 | | ... | --rx_if | ${rx_port_name}
444 | | ... | --icmp_type | ${icmp_type}
445 | | ... | --icmp_code | ${icmp_code}
446 | | Run Traffic Script On Node | send_icmp_type_code.py
447 | | ... | ${tg_node} | ${args}
Code Review / csit.git / blob