CSIT-49: HC Test: Policy - security groups

author selias <samelias@cisco.com>

Tue, 12 Jul 2016 14:19:05 +0000 (16:19 +0200)

committer Samuel Eliáš <samelias@cisco.com>

Thu, 21 Jul 2016 13:44:42 +0000 (13:44 +0000)
author selias <samelias@cisco.com>
Tue, 12 Jul 2016 14:19:05 +0000 (16:19 +0200)
committer Samuel Eliáš <samelias@cisco.com>
Thu, 21 Jul 2016 13:44:42 +0000 (13:44 +0000)
diff --git a/resources/libraries/python/Classify.py b/resources/libraries/python/Classify.py

index d955a9c..dfa5c33 100644 (file)
--- a/resources/libraries/python/Classify.py
+++ b/resources/libraries/python/Classify.py
@@ -280,3 +280,46 @@ class Classify(object):
              # base value of classify hex table for IPv6 TCP/UDP ports
          else:
              raise ValueError("Invalid IP version!")
              # base value of classify hex table for IPv6 TCP/UDP ports
          else:
              raise ValueError("Invalid IP version!")
+
+    @staticmethod
+    def get_classify_table_data(node, table_index):
+        """Retrieve settings for classify table by ID.
+
+        :param node: VPP node to retrieve classify data from.
+        :param table_index: Index of a specific classify table.
+        :type node: dict
+        :type table_index: int
+        :return: Classify table settings.
+        :rtype: dict
+        """
+        with VatTerminal(node) as vat:
+            data = vat.vat_terminal_exec_cmd_from_template(
+                "classify_table_info.vat",
+                table_id=table_index
+            )
+        return data[0]
+
+    @staticmethod
+    def get_classify_session_data(node, table_index, session_index=None):
+        """Retrieve settings for all classify sessions in a table,
+        or for a specific classify session.
+
+        :param node: VPP node to retrieve classify data from.
+        :param table_index: Index of a classify table.
+        :param session_index: Index of a specific classify session. (Optional)
+        :type node: dict
+        :type table_index: int
+        :type session_index: int
+        :return: List of classify session settings, or a dictionary of settings
+         for a specific classify session.
+        :rtype: list or dict
+        """
+        with VatTerminal(node) as vat:
+            data = vat.vat_terminal_exec_cmd_from_template(
+                "classify_session_dump.vat",
+                table_id=table_index
+            )
+        if session_index is not None:
+            return data[0][session_index]
+        else:
+            return data[0]
diff --git a/resources/libraries/python/InterfaceUtil.py b/resources/libraries/python/InterfaceUtil.py

index a16a02f..69d0a59 100644 (file)
--- a/resources/libraries/python/InterfaceUtil.py
+++ b/resources/libraries/python/InterfaceUtil.py
@@ -712,6 +712,29 @@ class InterfaceUtil(object):
                                                      ip_version=ip_version,
                                                      table_index=table_index)
  
                                                      ip_version=ip_version,
                                                      table_index=table_index)
  
+    @staticmethod
+    def get_interface_classify_table(node, interface):
+        """Get name of classify table for the given interface.
+
+        :param node: VPP node to get data from.
+        :param interface: Name or sw_if_index of a specific interface.
+        :type node: dict
+        :type interface: str or int
+        :return: Classify table name.
+        :rtype: str
+        """
+        if isinstance(interface, basestring):
+            sw_if_index = InterfaceUtil.get_sw_if_index(node, interface)
+        else:
+            sw_if_index = interface
+
+        with VatTerminal(node) as vat:
+            data = vat.vat_terminal_exec_cmd_from_template(
+                "classify_interface_table.vat",
+                sw_if_index=sw_if_index
+            )
+        return data[0]
+
      @staticmethod
      def get_sw_if_index(node, interface_name):
          """Get sw_if_index for the given interface from actual interface dump.
      @staticmethod
      def get_sw_if_index(node, interface_name):
          """Get sw_if_index for the given interface from actual interface dump.
diff --git a/resources/libraries/python/honeycomb/HcAPIKwInterfaces.py b/resources/libraries/python/honeycomb/HcAPIKwInterfaces.py

index ff1589f..4eaef11 100644 (file)
--- a/resources/libraries/python/honeycomb/HcAPIKwInterfaces.py
+++ b/resources/libraries/python/honeycomb/HcAPIKwInterfaces.py
@@ -307,8 +307,8 @@ class InterfaceKeywords(object):
  
          :param node: Honeycomb node.
          :param interface: The name of interface.
  
          :param node: Honeycomb node.
          :param interface: The name of interface.
-        :type interface: str
          :type node: dict
          :type node: dict
+        :type interface: str
          :return: Operational data about bridge domain settings in the
          interface.
          :rtype: dict
          :return: Operational data about bridge domain settings in the
          interface.
          :rtype: dict
@@ -1224,27 +1224,36 @@ class InterfaceKeywords(object):
              node, super_interface, path, None)
  
      @staticmethod
              node, super_interface, path, None)
  
      @staticmethod
-    def compare_data_structures(data, ref):
+    def compare_data_structures(data, ref, ignore=()):
          """Checks if data obtained from UUT is as expected.
  
          :param data: Data to be checked.
          :param ref: Referential data used for comparison.
          """Checks if data obtained from UUT is as expected.
  
          :param data: Data to be checked.
          :param ref: Referential data used for comparison.
+        :param ignore: Dictionary keys to be ignored.
          :type data: dict
          :type ref: dict
          :type data: dict
          :type ref: dict
+        :type ignore: iterable
          :raises HoneycombError: If a parameter from referential data is not
          present in operational data or if it has different value.
          """
  
          :raises HoneycombError: If a parameter from referential data is not
          present in operational data or if it has different value.
          """
  
+        errors = ""
+
          for key, item in ref.items():
          for key, item in ref.items():
+            if key in ignore:
+                continue
              try:
                  if data[key] != item:
              try:
                  if data[key] != item:
-                    raise HoneycombError("The value of parameter '{0}' is "
-                                         "incorrect. It should be "
-                                         "'{1}' but it is '{2}'".
-                                         format(key, item, data[key]))
+                    errors += ("\nThe value of parameter '{0}' is "
+                               "incorrect. It should be "
+                               "'{1}' but it is '{2}'".
+                               format(key, item, data[key]))
              except KeyError:
              except KeyError:
-                raise HoneycombError("The parameter '{0}' is not present in "
-                                     "operational data".format(key))
+                errors += ("\nThe parameter '{0}' is not present in "
+                           "operational data".format(key))
+
+        if errors:
+            raise HoneycombError(errors)
  
      @staticmethod
      def compare_interface_lists(list1, list2):
  
      @staticmethod
      def compare_interface_lists(list1, list2):
diff --git a/resources/libraries/robot/honeycomb/access_control_lists.robot b/resources/libraries/robot/honeycomb/access_control_lists.robot

new file mode 100644 (file)

index 0000000..0fd1c7e
--- /dev/null
+++ b/resources/libraries/robot/honeycomb/access_control_lists.robot
@@ -0,0 +1,339 @@
+# Copyright (c) 2016 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*** Variables ***
+#TODO: update based on resolution of bug https://jira.fd.io/browse/HONEYCOMB-119
+| @{hc_table_ignore}= | memory_size
+
+*** Settings ***
+| Library | resources.libraries.python.Classify
+| Library | resources.libraries.python.InterfaceUtil
+| Library | resources.libraries.python.honeycomb.HcAPIKwACL.ACLKeywords
+| Library | resources.libraries.python.honeycomb.HcAPIKwInterfaces.InterfaceKeywords
+| ...     | WITH NAME | InterfaceAPI
+| Documentation | Keywords used to manage ACLs.
+
+*** Keywords ***
+| Honeycomb creates ACL table
+| | [Documentation] | Uses Honeycomb API to create an ACL table.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - settings - ACL table settings. Type: dictionary
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Honeycomb creates ACL table \| ${nodes['DUT1']} \
+| | ... | \| ${settings} \|
+| | [Arguments] | ${node} | ${settings}
+| | Add classify table | ${node} | ${settings}
+
+| Honeycomb removes ACL table
+| | [Documentation] | Uses Honeycomb API to remove and existing ACL table.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - table_name - name of an ACL table. Type: string
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Honeycomb removes ACL table \| ${nodes['DUT1']} \| table0 \|
+| | [Arguments] | ${node} | ${table_name}
+| | Remove classify table | ${node} | ${table_name}
+
+| Honeycomb adds ACL session
+| | [Documentation] | Uses Honeycomb API to create an ACL session.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - table_name - name of an ACL table. Type: string
+| | ... | - settings - ACL session settings. Type: dictionary
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Honeycomb adds ACL session \| ${nodes['DUT1']} \
+| | ... | \| table0 \| ${settings} \|
+| | [Arguments] | ${node} | ${table_name} | ${settings}
+| | Add classify session | ${node} | ${table_name} | ${settings}
+
+| Honeycomb removes ACL session
+| | [Documentation] | Uses Honeycomb API to remove an ACL session.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - table_name - name of an ACL table. Type: string
+| | ... | - match - ACL session match setting. Type: string
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Honeycomb removes ACL session \| ${nodes['DUT1']} \
+| | ... | \| table0 \| 00:00:00:00:00:00:01:02:03:04:05:06:00:00:00:00 \|
+| | [Arguments] | ${node} | ${table_name} | ${match}
+| | Remove classify session | ${node} | ${table_name} | ${match}
+
+| Honeycomb enables ACL on interface
+| | [Documentation] | Uses Honeycomb API to enable ACL on an interface.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - interface - name of an interface on the specified node. Type: string
+| | ... | - table_name - name of an ACL table. Type: string
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Honeycomb enables ACL on interface \| ${nodes['DUT1']} \
+| | ... | \| GigabithEthernet0/8/0 \| table0 \|
+| | [Arguments] | ${node} | ${interface} | ${table_name}
+| | InterfaceAPI.Enable ACL on interface
+| | ... | ${node} | ${interface} | ${table_name}
+
+| Honeycomb disables ACL on interface
+| | [Documentation] | Uses Honeycomb API to disable ACL on an interface.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - interface - name of an interface on the specified node. Type: string
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Honeycomb disables ACL on interface \| ${nodes['DUT1']} \
+| | ... | \| GigabithEthernet0/8/0 \|
+| | [Arguments] | ${node} | ${interface}
+| | InterfaceAPI.Disable ACL on interface | ${node} | ${interface}
+
+| ACL table from Honeycomb should be
+| | [Documentation] | Retrieves ACL table information from Honeycomb\
+| | ... | and compares with expected settings.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - settings - expected ACL table settings. Type: dictionary
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| ACL table from Honeycomb should be \| ${nodes['DUT1']} \
+| | ... | \| ${settings} \|
+| | [Arguments] | ${node} | ${settings}
+| | ${data}= | Get classify table oper data | ${node} | ${settings['name']}
+| | Compare data structures | ${data} | ${settings} | ignore=${hc_table_ignore}
+
+| ACL table from VAT should be
+| | [Documentation] | Retrieves ACL table information from VAT\
+| | ... | and compares with expected settings.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - table_index - VPP internal index of an ACL table. Type: integer
+| | ... | - settings - expected ACL table settings. Type: dictionary
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| ACL session from VAT should be \| ${nodes['DUT1']} \
+| | ... | \| ${0} \| ${settings} \|
+| | [Arguments] | ${node} | ${table_index} | ${settings}
+| | ${data}= | Get classify table data | ${node} | ${table_index}
+| | Compare data structures | ${data} | ${settings}
+
+| ACL table from Honeycomb should not exist
+| | [Documentation] | Retrieves ACL table information from Honeycomb\
+| | ... | and expects to fail.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - table_name - name of an ACL table. Type: string
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| ACL table from Honeycomb should not exist \| ${nodes['DUT1']} \
+| | ... | \| table0 \|
+| | [Arguments] | ${node} | ${table_name}
+| | Run keyword and expect error | ValueError: No JSON object could be decoded
+| | ... | Get classify table oper data | ${node} | ${table_name}
+
+| ACL table from VAT should not exist
+| | [Documentation] | Retrieves ACL table information from VAT\
+| | ... | and expects to fail.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - table_index - VPP internal index of an ACL table. Type: integer
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| ACL table from VAT should not exist \| ${nodes['DUT1']} \
+| | ... | \| ${0} \|
+| | [Arguments] | ${node} | ${table_index}
+| | Run keyword and expect error | No JSON data.
+| | ... | Get classify table data | ${node} | ${table_index}
+
+| ACL session from Honeycomb should be
+| | [Documentation] | Retrieves ACL session information from Honeycomb\
+| | ... | and compares with expected settings.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - table_name - name of an ACL table. Type: string
+| | ... | - settings - expected ACL session settings. Type: dictionary
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| ACL session from Honeycomb should be \| ${nodes['DUT1']} \
+| | ... | \| table0 \| ${settings} \|
+| | [Arguments] | ${node} | ${table_name} | ${settings}
+| | ${data}= | Get classify session oper data
+| | ... | ${node} | ${table_name} | ${settings['match']}
+| | Compare data structures | ${data} | ${settings}
+
+| ACL session from VAT should be
+| | [Documentation] | Retrieves ACL session information from VAT\
+| | ... | and compares with expected settings.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - table_index - VPP internal index of an ACL table. Type: integer
+| | ... | - session_index - VPP internal index of an ACL session. Type: integer
+| | ... | - settings - expected ACL session settings. Type: dictionary
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| ACL session from VAT should be \| ${nodes['DUT1']} \
+| | ... | \| ${0} \| ${0} \| ${settings} \|
+| | [Arguments] | ${node} | ${table_index} | ${session_index} | ${settings}
+| | ${data}= | Get classify session data
+| | ... | ${node} | ${table_index} | ${session_index}
+| | Compare data structures | ${data} | ${settings}
+
+| ACL session from Honeycomb should not exist
+| | [Documentation] | Retrieves ACL session information from Honeycomb\
+| | ... | and expects to fail.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - table_name - name of an ACL table. Type: string
+| | ... | - session_match - ACL session match setting. Type: string
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| ACL session from Honeycomb should not exist \| ${nodes['DUT1']} \
+| | ... | \| table0 \| 00:00:00:00:00:00:01:02:03:04:05:06:00:00:00:00 \|
+| | [Arguments] | ${node} | ${table_name} | ${session_match}
+| | Run keyword and expect error | *HoneycombError: *Status code: 404.
+| | ... | Get classify session oper data
+| | ... | ${node} | ${table_name} | ${session_match}
+
+| ACL session from VAT should not exist
+| | [Documentation] | Retrieves ACL session information from VAT\
+| | ... | and compares with expected settings.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - table_index - VPP internal index of an ACL table. Type: integer
+| | ... | - session_index - VPP internal index of an ACL session. Type: integer
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| ACL session from VAT should not exist \| ${nodes['DUT1']} \
+| | ... | \| ${0} \| ${0} \|
+| | [Arguments] | ${node} | ${table_index} | ${session_index}
+| | Run keyword if | ${session_index} == 0
+| | ... | Run keyword and expect error
+| | ... | ValueError: No JSON object could be decoded
+| | ... | Get classify session data
+| | ... | ${node} | ${table_index} | ${session_index}
+| | Run keyword if | ${session_index} > 0
+| | ... | Run keyword and expect error
+| | ... | IndexError: list index out of range
+| | ... | Get classify session data
+| | ... | ${node} | ${table_index} | ${session_index}
+
+| Interface ACL settings from Honeycomb should be
+| | [Documentation] | Retrieves ACL interface settings from Honeycomb\
+| | ... | and compares with expected settings.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - interface - name of an interface on the specified node. Type: string
+| | ... | - table_name - expected ACL table name. Type: string
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Interface ACL settings from Honeycomb should be \
+| | ... | \| ${nodes['DUT1']} \| GigabithEthernet0/8/0 \| table0 \|
+| | [Arguments] | ${node} | ${interface} | ${table_name}
+| | ${data}= | InterfaceAPI.Get interface oper data | ${node} | ${interface}
+| | Should be equal
+| | ... | ${table_name} | ${data['v3po:acl']['l2-acl']['classify-table']}
+
+| Interface ACL settings from VAT should be
+| | [Documentation] | Retrieves ACL interface settings from VAT\
+| | ... | and compares with expected settings.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - interface - name of an interface on the specified node. Type: string
+| | ... | - table_index - VPP internal index of an ACL table. Type: integer
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Interface ACL settings from VAT should be \| ${nodes['DUT1']} \
+| | ... | \| GigabithEthernet0/8/0 \| ${0} \|
+| | [Arguments] | ${node} | ${interface} | ${table_index}
+| | ${data}= | Get interface classify table | ${node} | ${interface}
+| | Should be equal | ${table_index} | ${data['l2_table_id']}
+| | Should be equal | ${table_index} | ${data['ip4_table_id']}
+
+| Interface ACL settings from Honeycomb should be empty
+| | [Documentation] | Retrieves ACL interface settings from Honeycomb\
+| | ... | and expects to fail.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - interface - name of an interface on the specified node. Type: string
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Interface ACL settings from Honeycomb should be empty \
+| | ... | \| ${nodes['DUT1']} \| GigabithEthernet0/8/0 \|
+| | [Arguments] | ${node} | ${interface}
+| | ${data}= | InterfaceAPI.Get interface oper data | ${node} | ${interface}
+| | Run keyword and expect error | *KeyError: 'v3po:acl'
+| | ... | Set Variable | ${data['v3po:acl']['l2-acl']['classify-table']}
+
+| Interface ACL settings from VAT should be empty
+| | [Documentation] | Retrieves ACL interface settings from VAT\
+| | ... | and expects to fail.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ... | - interface - name of an interface on the specified node. Type: string
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Interface ACL settings from Honeycomb should be empty \
+| | ... | \| ${nodes['DUT1']} \| GigabithEthernet0/8/0 \|
+| | [Arguments] | ${node} | ${interface}
+| | ${data}= | Get interface classify table | ${node} | ${interface}
+| | Should be equal | ${data['l2_table_id']} | ${-1}
+| | Should be equal | ${data['ip4_table_id']} | ${-1}
+
+| Clear all ACL settings
+| | [Documentation] | Removes all ACL sessions and tables from Honeycomb\
+| | ... | configuration.
+| | ...
+| | ... | *Arguments:*
+| | ... | - node - information about a DUT node. Type: dictionary
+| | ...
+| | ... | *Example:*
+| | ...
+| | ... | \| Clear all ACL settings \| ${nodes['DUT1']} \|
+| | [Arguments] | ${node}
+| | Remove all classify tables | ${node}
diff --git a/resources/templates/vat/classify_interface_table.vat b/resources/templates/vat/classify_interface_table.vat

new file mode 100644 (file)

index 0000000..f12af78
--- /dev/null
+++ b/resources/templates/vat/classify_interface_table.vat
@@ -0,0 +1 @@
+classify_table_by_interface sw_if_index {sw_if_index}
+\ No newline at end of file
diff --git a/resources/templates/vat/classify_session_dump.vat b/resources/templates/vat/classify_session_dump.vat

new file mode 100644 (file)

index 0000000..f76ecbb
--- /dev/null
+++ b/resources/templates/vat/classify_session_dump.vat
@@ -0,0 +1 @@
+classify_session_dump table_id {table_id}
+\ No newline at end of file
diff --git a/resources/templates/vat/classify_table_info.vat b/resources/templates/vat/classify_table_info.vat

new file mode 100644 (file)

index 0000000..2e8fe5a
--- /dev/null
+++ b/resources/templates/vat/classify_table_info.vat
@@ -0,0 +1 @@
+classify_table_info table_id {table_id}
+\ No newline at end of file
diff --git a/tests/suites/honeycomb/080_access_control_lists.robot b/tests/suites/honeycomb/080_access_control_lists.robot

new file mode 100644 (file)

index 0000000..84dc42e
--- /dev/null
+++ b/tests/suites/honeycomb/080_access_control_lists.robot
@@ -0,0 +1,146 @@
+# Copyright (c) 2016 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*** Variables***
+# Interface to run tests on.
+| ${interface}= | ${node['interfaces']['port1']['name']}
+
+*** Settings ***
+| Resource | resources/libraries/robot/default.robot
+| Resource | resources/libraries/robot/honeycomb/access_control_lists.robot
+| Variables | tests/suites/honeycomb/resources/acl.py
+| Suite Teardown | Clear all ACL settings | ${node}
+| Documentation | *Honeycomb access control lists test suite.*
+| Force Tags | Honeycomb_sanity
+
+*** Test Cases ***
+| Honeycomb can create ACL classify table
+| | [Documentation] | Check if Honeycomb API can create an ACL table.
+| | Given ACL table from Honeycomb should not exist
+| | ... | ${node} | ${hc_acl_table['name']}
+| | And ACL table from VAT should not exist
+| | ... | ${node} | ${table_index}
+| | When Honeycomb creates ACL table
+| | ... | ${node} | ${hc_acl_table}
+| | Then ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+
+| Honeycomb manages more than one ACL table
+| | [Documentation] | Check if Honeycomb API can create another ACL table.
+| | Given ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+| | And Honeycomb creates ACL table | ${node} | ${hc_acl_table2}
+| | Then ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+| | And ACL table from Honeycomb should be | ${node} | ${hc_acl_table2}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index2} | ${vat_acl_table2}
+
+| Honeycomb can add ACL session to table
+| | [Documentation] | Check if Honeycomb API can add an ACL session to a table.
+| | Given ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+| | When Honeycomb adds ACL session
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | Then ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session}
+
+| Honeycomb manages more than one ACL session on one table
+| | [Documentation] | Check if Honeycomb API can add another ACL session\
+| | ... | to a table.
+| | Given ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session}
+| | When Honeycomb adds ACL session
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2}
+| | Then ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session}
+| | And ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index2} | ${vat_acl_session2}
+
+| Honeycomb enables ACL on interface
+| | [Documentation] | Check if Honeycomb API can enable ACL on an interface.
+| | Given ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+| | And ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session}
+| | When Honeycomb enables ACL on interface
+| | ... | ${node} | ${interface} | ${hc_acl_table['name']}
+| | Then Interface ACL settings from Honeycomb should be
+| | ... | ${node} | ${interface} | ${hc_acl_table['name']}
+| | And Interface ACL settings from VAT should be
+| | ... | ${node} | ${interface} | ${table_index}
+
+| Honeycomb disables ACL on interface
+| | [Documentation] | Check if Honeycomb API can disable ACL on an interface.
+| | Given Interface ACL settings from Honeycomb should be
+| | ... | ${node} | ${interface} | ${hc_acl_table['name']}
+| | And Interface ACL settings from VAT should be
+| | ... | ${node} | ${interface} | ${table_index}
+| | When Honeycomb disables ACL on interface | ${node} | ${interface}
+| | Then Interface ACL settings from Honeycomb should be empty
+| | ... | ${node} | ${interface}
+| | And Interface ACL settings from VAT should be empty
+| | ... | ${node} | ${interface}
+
+| Honeycomb can remove ACL session
+| | [Documentation] | Check if Honeycomb API can remove an ACL session.
+| | Given ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session}
+| | And ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index2} | ${vat_acl_session2}
+| | When Honeycomb removes ACL session
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2['match']}
+| | Then ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session}
+| | And ACL session from Honeycomb should not exist
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2['match']}
+| | And ACL session from VAT should not exist
+| | ... | ${node} | ${table_index} | ${session_index2}
+
+| Honeycomb can remove ACL table
+| | [Documentation] | Check if Honeycomb API can delete an ACL table.
+| | Given ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+| | And ACL table from Honeycomb should be | ${node} | ${hc_acl_table2}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index2} | ${vat_acl_table2}
+| | When Honeycomb removes ACL table | ${node} | ${hc_acl_table2['name']}
+| | Then ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+| | And ACL table from Honeycomb should not exist
+| | ... | ${node} | ${hc_acl_table2['name']}
+| | And ACL table from VAT should not exist
+| | ... | ${node} | ${table_index2}
diff --git a/tests/suites/honeycomb/resources/acl.py b/tests/suites/honeycomb/resources/acl.py

new file mode 100644 (file)

index 0000000..227330c
--- /dev/null
+++ b/tests/suites/honeycomb/resources/acl.py
@@ -0,0 +1,82 @@
+# Copyright (c) 2016 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Test variables for access control list test suite."""
+
+# settings for acl tables
+hc_acl_table = {
+    "name": "acl_table_test",
+    "nbuckets": 1,
+    "memory_size": 100000,
+    "skip_n_vectors": 0,
+    "miss_next": "permit",
+    "mask": "00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:00:00:00:00"
+}
+
+hc_acl_table2 = {
+    "name": "acl_table_test2",
+    "nbuckets": 2,
+    "memory_size": 100000,
+    "skip_n_vectors": 1,
+    "next_table": "acl_table_test",
+    "miss_next": "deny",
+    "mask": "ff:ff:ff:00:00:00:ff:ff:ff:ff:ff:ff:00:00:00:00"
+}
+# representation of table settings in VAT
+table_index = 0
+vat_acl_table = {
+    "nbuckets": hc_acl_table['nbuckets'],
+    "skip": 0,
+    "match": 1,
+    "nextnode": -1,
+    "nexttbl": -1,
+    "mask": hc_acl_table['mask'].replace(":", ""),
+}
+table_index2 = 1
+vat_acl_table2 = {
+    "nbuckets": hc_acl_table2['nbuckets'],
+    "skip": 1,
+    "match": 1,
+    "nextnode": 0,
+    "nexttbl": table_index,
+    "mask": hc_acl_table2['mask'].replace(":", ""),
+}
+# setting for acl sessions
+hc_acl_session = {
+    "match": "00:00:00:00:00:00:01:02:03:04:05:06:00:00:00:00",
+    "hit_next": "permit",
+    "opaque_index": "1",
+    "advance": 1
+}
+
+hc_acl_session2 = {
+    "match": "00:00:00:00:00:00:06:05:04:03:02:01:00:00:00:00",
+    "hit_next": "deny",
+    "opaque_index": "2",
+    "advance": 1
+}
+# representation of session settings in VAT
+session_index = 0
+vat_acl_session = {
+    "match": hc_acl_session['match'].replace(":", ""),
+    "advance": hc_acl_session['advance'],
+    "opaque": 1,
+    "next_index": -1
+}
+session_index2 = 1
+vat_acl_session2 = {
+    "match": hc_acl_session2['match'].replace(":", ""),
+    "advance": hc_acl_session2['advance'],
+    "opaque": 2,
+    "next_index": session_index
+}
author	selias <samelias@cisco.com>
	Tue, 12 Jul 2016 14:19:05 +0000 (16:19 +0200)
committer	Samuel Eliáš <samelias@cisco.com>
	Thu, 21 Jul 2016 13:44:42 +0000 (13:44 +0000)
resources/libraries/python/Classify.py		patch \| blob \| history
resources/libraries/python/InterfaceUtil.py		patch \| blob \| history
resources/libraries/python/honeycomb/HcAPIKwInterfaces.py		patch \| blob \| history
resources/libraries/robot/honeycomb/access_control_lists.robot	[new file with mode: 0644]	patch \| blob
resources/templates/vat/classify_interface_table.vat	[new file with mode: 0644]	patch \| blob
resources/templates/vat/classify_session_dump.vat	[new file with mode: 0644]	patch \| blob
resources/templates/vat/classify_table_info.vat	[new file with mode: 0644]	patch \| blob
tests/suites/honeycomb/080_access_control_lists.robot	[new file with mode: 0644]	patch \| blob
tests/suites/honeycomb/resources/acl.py	[new file with mode: 0644]	patch \| blob