"""This module implements keywords to manipulate ACL data structures using
Honeycomb REST API."""
+from robot.api import logger
from resources.libraries.python.topology import Topology
from resources.libraries.python.HTTPRequest import HTTPCodes
status_code, resp = HcUtil.\
delete_honeycomb_data(node, "config_classify_table", path)
- if status_code != HTTPCodes.OK:
- raise HoneycombError(
- "The configuration of classify table was not successful. "
- "Status code: {0}.".format(status_code))
+ if status_code not in (HTTPCodes.OK, HTTPCodes.ACCEPTED):
+ if data is None and '"error-tag":"data-missing"' in resp:
+ logger.debug("data does not exist in path.")
+ else:
+ raise HoneycombError(
+ "The configuration of classify table was not successful. "
+ "Status code: {0}.".format(status_code))
return resp
@staticmethod
return {}
@staticmethod
- def create_ietf_classify_chain(node, list_name, layer, data):
+ def create_acl_plugin_classify_chain(node, list_name, data, macip=False):
"""Create classify chain using the ietf-acl node.
:param node: Honeycomb node.
:param list_name: Name for the classify list.
- :param layer: Network layer to classify on.
:param data: Dictionary of settings to send to Honeycomb.
+ :param macip: Use simple MAC+IP classifier. Optional.
:type node: dict
:type list_name: str
- :type layer: string
:type data: dict
+ :type macip: bool
:return: Content of response.
:rtype: bytearray
:raises HoneycombError: If the operation fails.
"""
- if layer.lower() == "l2":
- suffix = "eth"
- elif layer.lower() in ("l3_ip4", "l3_ip6", "l4"):
- raise NotImplementedError
- else:
- raise ValueError("Unexpected value of layer argument {0}."
- "Valid options are: L2, L3_IP4, L3_IP6, L4."
- .format(layer))
- path = "/acl/ietf-access-control-list:{0}-acl/{1}".format(
- suffix, list_name)
+ if macip:
+ path = "/acl/vpp-acl:vpp-macip-acl/{0}".format(list_name)
+ else:
+ path = "/acl/vpp-acl:vpp-acl/{0}".format(list_name)
status_code, resp = HcUtil.put_honeycomb_data(
- node, "config_ietf_classify_chain", data, path)
+ node, "config_plugin_acl", data, path)
- if status_code != HTTPCodes.OK:
+ if status_code not in (HTTPCodes.OK, HTTPCodes.ACCEPTED):
raise HoneycombError(
"Could not create classify chain."
"Status code: {0}.".format(status_code))
return resp
@staticmethod
- def set_ietf_interface_acl(node, interface, layer, direction, list_name,
- default_action):
+ def set_acl_plugin_interface(node, interface, acl_name,
+ direction, macip=False):
"""Assign an interface to an ietf-acl classify chain.
:param node: Honeycomb node.
:param interface: Name of an interface on the node.
- :param layer: Network layer to classify packets on.
- Valid options are: L2, L3, L4. Mixed ACL not supported yet.
+ :param acl_name: Name of an ACL chain configured through ACL-plugin.
:param direction: Classify incoming or outgiong packets.
Valid options are: ingress, egress
- :param list_name: Name of an ietf-acl classify chain.
- :param default_action: Default classifier action: permit or deny.
+ :param macip: Use simple MAC+IP classifier. Optional.
:type node: dict
:type interface: str or int
- :type layer: str
+ :type acl_name: str
:type direction: str
- :type list_name: str
- :type default_action: str
+ :type macip: bool
:return: Content of response.
:rtype: bytearray
"Valid options are: ingress, egress."
.format(direction))
- path = "/interface/{0}/ietf-acl/{1}/access-lists".format(
+ path = "/interface/{0}/interface-acl:acl/{1}".format(
interface, direction)
- data = {
- "access-lists": {
- "acl": [{
- "type": None,
- "name": list_name
- }],
- "default-action": default_action,
- "mode": None
+ if macip:
+ data = {
+ direction: {
+ "vpp-macip-acl": {
+ "type": "vpp-acl:vpp-macip-acl",
+ "name": acl_name
}
}
-
- acl_type = "ietf-access-control-list:{suffix}-acl"
-
- if layer.lower() == "l2":
- data["access-lists"]["mode"] = "l2"
- data["access-lists"]["acl"][0]["type"] = \
- acl_type.format(suffix="eth")
-
- elif layer.lower() in ("l3_ip4", "l3_ip6", "L4"):
- raise NotImplementedError
+ }
else:
- raise ValueError("Unknown network layer {0}. "
- "Valid options are: "
- "L2, L3_IP4, L3_IP6, L4.".format(layer))
+ data = {
+ direction: {
+ "vpp-acls": [
+ {
+ "type": "vpp-acl:vpp-acl",
+ "name": acl_name
+ }
+ ]
+ }
+ }
status_code, resp = HcUtil.put_honeycomb_data(
node, "config_vpp_interfaces", data, path)
- if status_code != HTTPCodes.OK:
+ if status_code not in (HTTPCodes.OK, HTTPCodes.ACCEPTED):
raise HoneycombError(
"Could not configure ACL on interface. "
"Status code: {0}.".format(status_code))
return resp
@staticmethod
- def delete_ietf_interface_acls(node, interface):
- """Remove all ietf-acl assignments from an interface.
+ def delete_interface_plugin_acls(node, interface):
+ """Remove all plugin-acl assignments from an interface.
:param node: Honeycomb node.
:param interface: Name of an interface on the node.
:type node: dict
- :type interface: str or int"""
+ :type interface: str or int
+ """
interface = Topology.convert_interface_reference(
node, interface, "name")
interface = interface.replace("/", "%2F")
- path = "/interface/{0}/ietf-acl/".format(interface)
+ path = "/interface/{0}/interface-acl:acl/".format(interface)
status_code, _ = HcUtil.delete_honeycomb_data(
node, "config_vpp_interfaces", path)
"Status code: {0}.".format(status_code))
@staticmethod
- def delete_ietf_classify_chains(node):
- """Remove all classify chains from the ietf-acl node.
+ def delete_acl_plugin_classify_chains(node):
+ """Remove all plugin-ACL classify chains.
:param node: Honeycomb node.
:type node: dict
"""
status_code, _ = HcUtil.delete_honeycomb_data(
- node, "config_ietf_classify_chain")
+ node, "config_plugin_acl")
if status_code != HTTPCodes.OK:
raise HoneycombError(
- "Could not remove ietf-acl chain. "
+ "Could not remove plugin-acl chain. "
"Status code: {0}.".format(status_code))
Code Review / csit.git / blobdiff