From: selias Date: Tue, 12 Jul 2016 14:19:05 +0000 (+0200) Subject: CSIT-49: HC Test: Policy - security groups X-Git-Url: https://gerrit.fd.io/r/gitweb?p=csit.git;a=commitdiff_plain;h=5d2ce55a8641a030ec6984089c51aa9313f46af1 CSIT-49: HC Test: Policy - security groups - add test suite for ACLs - add keywords used in tests - add resource file with variables used in ACL tests - add methods and VAT templates for reading VPP ACL data Change-Id: I98c78bfbce67309ae33ebb05c04640f5029bf4e2 Signed-off-by: selias --- diff --git a/resources/libraries/python/Classify.py b/resources/libraries/python/Classify.py index d955a9cc8c..dfa5c3377d 100644 --- a/resources/libraries/python/Classify.py +++ b/resources/libraries/python/Classify.py @@ -280,3 +280,46 @@ class Classify(object): # base value of classify hex table for IPv6 TCP/UDP ports else: raise ValueError("Invalid IP version!") + + @staticmethod + def get_classify_table_data(node, table_index): + """Retrieve settings for classify table by ID. + + :param node: VPP node to retrieve classify data from. + :param table_index: Index of a specific classify table. + :type node: dict + :type table_index: int + :return: Classify table settings. + :rtype: dict + """ + with VatTerminal(node) as vat: + data = vat.vat_terminal_exec_cmd_from_template( + "classify_table_info.vat", + table_id=table_index + ) + return data[0] + + @staticmethod + def get_classify_session_data(node, table_index, session_index=None): + """Retrieve settings for all classify sessions in a table, + or for a specific classify session. + + :param node: VPP node to retrieve classify data from. + :param table_index: Index of a classify table. + :param session_index: Index of a specific classify session. (Optional) + :type node: dict + :type table_index: int + :type session_index: int + :return: List of classify session settings, or a dictionary of settings + for a specific classify session. + :rtype: list or dict + """ + with VatTerminal(node) as vat: + data = vat.vat_terminal_exec_cmd_from_template( + "classify_session_dump.vat", + table_id=table_index + ) + if session_index is not None: + return data[0][session_index] + else: + return data[0] diff --git a/resources/libraries/python/InterfaceUtil.py b/resources/libraries/python/InterfaceUtil.py index a16a02fbe8..69d0a59680 100644 --- a/resources/libraries/python/InterfaceUtil.py +++ b/resources/libraries/python/InterfaceUtil.py @@ -712,6 +712,29 @@ class InterfaceUtil(object): ip_version=ip_version, table_index=table_index) + @staticmethod + def get_interface_classify_table(node, interface): + """Get name of classify table for the given interface. + + :param node: VPP node to get data from. + :param interface: Name or sw_if_index of a specific interface. + :type node: dict + :type interface: str or int + :return: Classify table name. + :rtype: str + """ + if isinstance(interface, basestring): + sw_if_index = InterfaceUtil.get_sw_if_index(node, interface) + else: + sw_if_index = interface + + with VatTerminal(node) as vat: + data = vat.vat_terminal_exec_cmd_from_template( + "classify_interface_table.vat", + sw_if_index=sw_if_index + ) + return data[0] + @staticmethod def get_sw_if_index(node, interface_name): """Get sw_if_index for the given interface from actual interface dump. diff --git a/resources/libraries/python/honeycomb/HcAPIKwInterfaces.py b/resources/libraries/python/honeycomb/HcAPIKwInterfaces.py index ff1589f217..4eaef11bdb 100644 --- a/resources/libraries/python/honeycomb/HcAPIKwInterfaces.py +++ b/resources/libraries/python/honeycomb/HcAPIKwInterfaces.py @@ -307,8 +307,8 @@ class InterfaceKeywords(object): :param node: Honeycomb node. :param interface: The name of interface. - :type interface: str :type node: dict + :type interface: str :return: Operational data about bridge domain settings in the interface. :rtype: dict @@ -1224,27 +1224,36 @@ class InterfaceKeywords(object): node, super_interface, path, None) @staticmethod - def compare_data_structures(data, ref): + def compare_data_structures(data, ref, ignore=()): """Checks if data obtained from UUT is as expected. :param data: Data to be checked. :param ref: Referential data used for comparison. + :param ignore: Dictionary keys to be ignored. :type data: dict :type ref: dict + :type ignore: iterable :raises HoneycombError: If a parameter from referential data is not present in operational data or if it has different value. """ + errors = "" + for key, item in ref.items(): + if key in ignore: + continue try: if data[key] != item: - raise HoneycombError("The value of parameter '{0}' is " - "incorrect. It should be " - "'{1}' but it is '{2}'". - format(key, item, data[key])) + errors += ("\nThe value of parameter '{0}' is " + "incorrect. It should be " + "'{1}' but it is '{2}'". + format(key, item, data[key])) except KeyError: - raise HoneycombError("The parameter '{0}' is not present in " - "operational data".format(key)) + errors += ("\nThe parameter '{0}' is not present in " + "operational data".format(key)) + + if errors: + raise HoneycombError(errors) @staticmethod def compare_interface_lists(list1, list2): diff --git a/resources/libraries/robot/honeycomb/access_control_lists.robot b/resources/libraries/robot/honeycomb/access_control_lists.robot new file mode 100644 index 0000000000..0fd1c7ef86 --- /dev/null +++ b/resources/libraries/robot/honeycomb/access_control_lists.robot @@ -0,0 +1,339 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*** Variables *** +#TODO: update based on resolution of bug https://jira.fd.io/browse/HONEYCOMB-119 +| @{hc_table_ignore}= | memory_size + +*** Settings *** +| Library | resources.libraries.python.Classify +| Library | resources.libraries.python.InterfaceUtil +| Library | resources.libraries.python.honeycomb.HcAPIKwACL.ACLKeywords +| Library | resources.libraries.python.honeycomb.HcAPIKwInterfaces.InterfaceKeywords +| ... | WITH NAME | InterfaceAPI +| Documentation | Keywords used to manage ACLs. + +*** Keywords *** +| Honeycomb creates ACL table +| | [Documentation] | Uses Honeycomb API to create an ACL table. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - settings - ACL table settings. Type: dictionary +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Honeycomb creates ACL table \| ${nodes['DUT1']} \ +| | ... | \| ${settings} \| +| | [Arguments] | ${node} | ${settings} +| | Add classify table | ${node} | ${settings} + +| Honeycomb removes ACL table +| | [Documentation] | Uses Honeycomb API to remove and existing ACL table. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - table_name - name of an ACL table. Type: string +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Honeycomb removes ACL table \| ${nodes['DUT1']} \| table0 \| +| | [Arguments] | ${node} | ${table_name} +| | Remove classify table | ${node} | ${table_name} + +| Honeycomb adds ACL session +| | [Documentation] | Uses Honeycomb API to create an ACL session. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - table_name - name of an ACL table. Type: string +| | ... | - settings - ACL session settings. Type: dictionary +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Honeycomb adds ACL session \| ${nodes['DUT1']} \ +| | ... | \| table0 \| ${settings} \| +| | [Arguments] | ${node} | ${table_name} | ${settings} +| | Add classify session | ${node} | ${table_name} | ${settings} + +| Honeycomb removes ACL session +| | [Documentation] | Uses Honeycomb API to remove an ACL session. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - table_name - name of an ACL table. Type: string +| | ... | - match - ACL session match setting. Type: string +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Honeycomb removes ACL session \| ${nodes['DUT1']} \ +| | ... | \| table0 \| 00:00:00:00:00:00:01:02:03:04:05:06:00:00:00:00 \| +| | [Arguments] | ${node} | ${table_name} | ${match} +| | Remove classify session | ${node} | ${table_name} | ${match} + +| Honeycomb enables ACL on interface +| | [Documentation] | Uses Honeycomb API to enable ACL on an interface. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - interface - name of an interface on the specified node. Type: string +| | ... | - table_name - name of an ACL table. Type: string +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Honeycomb enables ACL on interface \| ${nodes['DUT1']} \ +| | ... | \| GigabithEthernet0/8/0 \| table0 \| +| | [Arguments] | ${node} | ${interface} | ${table_name} +| | InterfaceAPI.Enable ACL on interface +| | ... | ${node} | ${interface} | ${table_name} + +| Honeycomb disables ACL on interface +| | [Documentation] | Uses Honeycomb API to disable ACL on an interface. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - interface - name of an interface on the specified node. Type: string +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Honeycomb disables ACL on interface \| ${nodes['DUT1']} \ +| | ... | \| GigabithEthernet0/8/0 \| +| | [Arguments] | ${node} | ${interface} +| | InterfaceAPI.Disable ACL on interface | ${node} | ${interface} + +| ACL table from Honeycomb should be +| | [Documentation] | Retrieves ACL table information from Honeycomb\ +| | ... | and compares with expected settings. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - settings - expected ACL table settings. Type: dictionary +| | ... +| | ... | *Example:* +| | ... +| | ... | \| ACL table from Honeycomb should be \| ${nodes['DUT1']} \ +| | ... | \| ${settings} \| +| | [Arguments] | ${node} | ${settings} +| | ${data}= | Get classify table oper data | ${node} | ${settings['name']} +| | Compare data structures | ${data} | ${settings} | ignore=${hc_table_ignore} + +| ACL table from VAT should be +| | [Documentation] | Retrieves ACL table information from VAT\ +| | ... | and compares with expected settings. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - table_index - VPP internal index of an ACL table. Type: integer +| | ... | - settings - expected ACL table settings. Type: dictionary +| | ... +| | ... | *Example:* +| | ... +| | ... | \| ACL session from VAT should be \| ${nodes['DUT1']} \ +| | ... | \| ${0} \| ${settings} \| +| | [Arguments] | ${node} | ${table_index} | ${settings} +| | ${data}= | Get classify table data | ${node} | ${table_index} +| | Compare data structures | ${data} | ${settings} + +| ACL table from Honeycomb should not exist +| | [Documentation] | Retrieves ACL table information from Honeycomb\ +| | ... | and expects to fail. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - table_name - name of an ACL table. Type: string +| | ... +| | ... | *Example:* +| | ... +| | ... | \| ACL table from Honeycomb should not exist \| ${nodes['DUT1']} \ +| | ... | \| table0 \| +| | [Arguments] | ${node} | ${table_name} +| | Run keyword and expect error | ValueError: No JSON object could be decoded +| | ... | Get classify table oper data | ${node} | ${table_name} + +| ACL table from VAT should not exist +| | [Documentation] | Retrieves ACL table information from VAT\ +| | ... | and expects to fail. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - table_index - VPP internal index of an ACL table. Type: integer +| | ... +| | ... | *Example:* +| | ... +| | ... | \| ACL table from VAT should not exist \| ${nodes['DUT1']} \ +| | ... | \| ${0} \| +| | [Arguments] | ${node} | ${table_index} +| | Run keyword and expect error | No JSON data. +| | ... | Get classify table data | ${node} | ${table_index} + +| ACL session from Honeycomb should be +| | [Documentation] | Retrieves ACL session information from Honeycomb\ +| | ... | and compares with expected settings. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - table_name - name of an ACL table. Type: string +| | ... | - settings - expected ACL session settings. Type: dictionary +| | ... +| | ... | *Example:* +| | ... +| | ... | \| ACL session from Honeycomb should be \| ${nodes['DUT1']} \ +| | ... | \| table0 \| ${settings} \| +| | [Arguments] | ${node} | ${table_name} | ${settings} +| | ${data}= | Get classify session oper data +| | ... | ${node} | ${table_name} | ${settings['match']} +| | Compare data structures | ${data} | ${settings} + +| ACL session from VAT should be +| | [Documentation] | Retrieves ACL session information from VAT\ +| | ... | and compares with expected settings. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - table_index - VPP internal index of an ACL table. Type: integer +| | ... | - session_index - VPP internal index of an ACL session. Type: integer +| | ... | - settings - expected ACL session settings. Type: dictionary +| | ... +| | ... | *Example:* +| | ... +| | ... | \| ACL session from VAT should be \| ${nodes['DUT1']} \ +| | ... | \| ${0} \| ${0} \| ${settings} \| +| | [Arguments] | ${node} | ${table_index} | ${session_index} | ${settings} +| | ${data}= | Get classify session data +| | ... | ${node} | ${table_index} | ${session_index} +| | Compare data structures | ${data} | ${settings} + +| ACL session from Honeycomb should not exist +| | [Documentation] | Retrieves ACL session information from Honeycomb\ +| | ... | and expects to fail. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - table_name - name of an ACL table. Type: string +| | ... | - session_match - ACL session match setting. Type: string +| | ... +| | ... | *Example:* +| | ... +| | ... | \| ACL session from Honeycomb should not exist \| ${nodes['DUT1']} \ +| | ... | \| table0 \| 00:00:00:00:00:00:01:02:03:04:05:06:00:00:00:00 \| +| | [Arguments] | ${node} | ${table_name} | ${session_match} +| | Run keyword and expect error | *HoneycombError: *Status code: 404. +| | ... | Get classify session oper data +| | ... | ${node} | ${table_name} | ${session_match} + +| ACL session from VAT should not exist +| | [Documentation] | Retrieves ACL session information from VAT\ +| | ... | and compares with expected settings. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - table_index - VPP internal index of an ACL table. Type: integer +| | ... | - session_index - VPP internal index of an ACL session. Type: integer +| | ... +| | ... | *Example:* +| | ... +| | ... | \| ACL session from VAT should not exist \| ${nodes['DUT1']} \ +| | ... | \| ${0} \| ${0} \| +| | [Arguments] | ${node} | ${table_index} | ${session_index} +| | Run keyword if | ${session_index} == 0 +| | ... | Run keyword and expect error +| | ... | ValueError: No JSON object could be decoded +| | ... | Get classify session data +| | ... | ${node} | ${table_index} | ${session_index} +| | Run keyword if | ${session_index} > 0 +| | ... | Run keyword and expect error +| | ... | IndexError: list index out of range +| | ... | Get classify session data +| | ... | ${node} | ${table_index} | ${session_index} + +| Interface ACL settings from Honeycomb should be +| | [Documentation] | Retrieves ACL interface settings from Honeycomb\ +| | ... | and compares with expected settings. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - interface - name of an interface on the specified node. Type: string +| | ... | - table_name - expected ACL table name. Type: string +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Interface ACL settings from Honeycomb should be \ +| | ... | \| ${nodes['DUT1']} \| GigabithEthernet0/8/0 \| table0 \| +| | [Arguments] | ${node} | ${interface} | ${table_name} +| | ${data}= | InterfaceAPI.Get interface oper data | ${node} | ${interface} +| | Should be equal +| | ... | ${table_name} | ${data['v3po:acl']['l2-acl']['classify-table']} + +| Interface ACL settings from VAT should be +| | [Documentation] | Retrieves ACL interface settings from VAT\ +| | ... | and compares with expected settings. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - interface - name of an interface on the specified node. Type: string +| | ... | - table_index - VPP internal index of an ACL table. Type: integer +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Interface ACL settings from VAT should be \| ${nodes['DUT1']} \ +| | ... | \| GigabithEthernet0/8/0 \| ${0} \| +| | [Arguments] | ${node} | ${interface} | ${table_index} +| | ${data}= | Get interface classify table | ${node} | ${interface} +| | Should be equal | ${table_index} | ${data['l2_table_id']} +| | Should be equal | ${table_index} | ${data['ip4_table_id']} + +| Interface ACL settings from Honeycomb should be empty +| | [Documentation] | Retrieves ACL interface settings from Honeycomb\ +| | ... | and expects to fail. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - interface - name of an interface on the specified node. Type: string +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Interface ACL settings from Honeycomb should be empty \ +| | ... | \| ${nodes['DUT1']} \| GigabithEthernet0/8/0 \| +| | [Arguments] | ${node} | ${interface} +| | ${data}= | InterfaceAPI.Get interface oper data | ${node} | ${interface} +| | Run keyword and expect error | *KeyError: 'v3po:acl' +| | ... | Set Variable | ${data['v3po:acl']['l2-acl']['classify-table']} + +| Interface ACL settings from VAT should be empty +| | [Documentation] | Retrieves ACL interface settings from VAT\ +| | ... | and expects to fail. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... | - interface - name of an interface on the specified node. Type: string +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Interface ACL settings from Honeycomb should be empty \ +| | ... | \| ${nodes['DUT1']} \| GigabithEthernet0/8/0 \| +| | [Arguments] | ${node} | ${interface} +| | ${data}= | Get interface classify table | ${node} | ${interface} +| | Should be equal | ${data['l2_table_id']} | ${-1} +| | Should be equal | ${data['ip4_table_id']} | ${-1} + +| Clear all ACL settings +| | [Documentation] | Removes all ACL sessions and tables from Honeycomb\ +| | ... | configuration. +| | ... +| | ... | *Arguments:* +| | ... | - node - information about a DUT node. Type: dictionary +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Clear all ACL settings \| ${nodes['DUT1']} \| +| | [Arguments] | ${node} +| | Remove all classify tables | ${node} diff --git a/resources/templates/vat/classify_interface_table.vat b/resources/templates/vat/classify_interface_table.vat new file mode 100644 index 0000000000..f12af78e1c --- /dev/null +++ b/resources/templates/vat/classify_interface_table.vat @@ -0,0 +1 @@ +classify_table_by_interface sw_if_index {sw_if_index} \ No newline at end of file diff --git a/resources/templates/vat/classify_session_dump.vat b/resources/templates/vat/classify_session_dump.vat new file mode 100644 index 0000000000..f76ecbbb4b --- /dev/null +++ b/resources/templates/vat/classify_session_dump.vat @@ -0,0 +1 @@ +classify_session_dump table_id {table_id} \ No newline at end of file diff --git a/resources/templates/vat/classify_table_info.vat b/resources/templates/vat/classify_table_info.vat new file mode 100644 index 0000000000..2e8fe5ae72 --- /dev/null +++ b/resources/templates/vat/classify_table_info.vat @@ -0,0 +1 @@ +classify_table_info table_id {table_id} \ No newline at end of file diff --git a/tests/suites/honeycomb/080_access_control_lists.robot b/tests/suites/honeycomb/080_access_control_lists.robot new file mode 100644 index 0000000000..84dc42ee75 --- /dev/null +++ b/tests/suites/honeycomb/080_access_control_lists.robot @@ -0,0 +1,146 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Variables*** +# Interface to run tests on. +| ${interface}= | ${node['interfaces']['port1']['name']} + +*** Settings *** +| Resource | resources/libraries/robot/default.robot +| Resource | resources/libraries/robot/honeycomb/access_control_lists.robot +| Variables | tests/suites/honeycomb/resources/acl.py +| Suite Teardown | Clear all ACL settings | ${node} +| Documentation | *Honeycomb access control lists test suite.* +| Force Tags | Honeycomb_sanity + +*** Test Cases *** +| Honeycomb can create ACL classify table +| | [Documentation] | Check if Honeycomb API can create an ACL table. +| | Given ACL table from Honeycomb should not exist +| | ... | ${node} | ${hc_acl_table['name']} +| | And ACL table from VAT should not exist +| | ... | ${node} | ${table_index} +| | When Honeycomb creates ACL table +| | ... | ${node} | ${hc_acl_table} +| | Then ACL table from Honeycomb should be | ${node} | ${hc_acl_table} +| | And ACL table from VAT should be +| | ... | ${node} | ${table_index} | ${vat_acl_table} + +| Honeycomb manages more than one ACL table +| | [Documentation] | Check if Honeycomb API can create another ACL table. +| | Given ACL table from Honeycomb should be | ${node} | ${hc_acl_table} +| | And ACL table from VAT should be +| | ... | ${node} | ${table_index} | ${vat_acl_table} +| | And Honeycomb creates ACL table | ${node} | ${hc_acl_table2} +| | Then ACL table from Honeycomb should be | ${node} | ${hc_acl_table} +| | And ACL table from VAT should be +| | ... | ${node} | ${table_index} | ${vat_acl_table} +| | And ACL table from Honeycomb should be | ${node} | ${hc_acl_table2} +| | And ACL table from VAT should be +| | ... | ${node} | ${table_index2} | ${vat_acl_table2} + +| Honeycomb can add ACL session to table +| | [Documentation] | Check if Honeycomb API can add an ACL session to a table. +| | Given ACL table from Honeycomb should be | ${node} | ${hc_acl_table} +| | And ACL table from VAT should be +| | ... | ${node} | ${table_index} | ${vat_acl_table} +| | When Honeycomb adds ACL session +| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session} +| | Then ACL session from Honeycomb should be +| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session} +| | And ACL session from VAT should be +| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session} + +| Honeycomb manages more than one ACL session on one table +| | [Documentation] | Check if Honeycomb API can add another ACL session\ +| | ... | to a table. +| | Given ACL session from Honeycomb should be +| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session} +| | And ACL session from VAT should be +| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session} +| | When Honeycomb adds ACL session +| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2} +| | Then ACL session from Honeycomb should be +| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session} +| | And ACL session from VAT should be +| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session} +| | And ACL session from Honeycomb should be +| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2} +| | And ACL session from VAT should be +| | ... | ${node} | ${table_index} | ${session_index2} | ${vat_acl_session2} + +| Honeycomb enables ACL on interface +| | [Documentation] | Check if Honeycomb API can enable ACL on an interface. +| | Given ACL table from Honeycomb should be | ${node} | ${hc_acl_table} +| | And ACL table from VAT should be +| | ... | ${node} | ${table_index} | ${vat_acl_table} +| | And ACL session from Honeycomb should be +| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session} +| | And ACL session from VAT should be +| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session} +| | When Honeycomb enables ACL on interface +| | ... | ${node} | ${interface} | ${hc_acl_table['name']} +| | Then Interface ACL settings from Honeycomb should be +| | ... | ${node} | ${interface} | ${hc_acl_table['name']} +| | And Interface ACL settings from VAT should be +| | ... | ${node} | ${interface} | ${table_index} + +| Honeycomb disables ACL on interface +| | [Documentation] | Check if Honeycomb API can disable ACL on an interface. +| | Given Interface ACL settings from Honeycomb should be +| | ... | ${node} | ${interface} | ${hc_acl_table['name']} +| | And Interface ACL settings from VAT should be +| | ... | ${node} | ${interface} | ${table_index} +| | When Honeycomb disables ACL on interface | ${node} | ${interface} +| | Then Interface ACL settings from Honeycomb should be empty +| | ... | ${node} | ${interface} +| | And Interface ACL settings from VAT should be empty +| | ... | ${node} | ${interface} + +| Honeycomb can remove ACL session +| | [Documentation] | Check if Honeycomb API can remove an ACL session. +| | Given ACL session from Honeycomb should be +| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session} +| | And ACL session from VAT should be +| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session} +| | And ACL session from Honeycomb should be +| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2} +| | And ACL session from VAT should be +| | ... | ${node} | ${table_index} | ${session_index2} | ${vat_acl_session2} +| | When Honeycomb removes ACL session +| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2['match']} +| | Then ACL session from Honeycomb should be +| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session} +| | And ACL session from VAT should be +| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session} +| | And ACL session from Honeycomb should not exist +| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2['match']} +| | And ACL session from VAT should not exist +| | ... | ${node} | ${table_index} | ${session_index2} + +| Honeycomb can remove ACL table +| | [Documentation] | Check if Honeycomb API can delete an ACL table. +| | Given ACL table from Honeycomb should be | ${node} | ${hc_acl_table} +| | And ACL table from VAT should be +| | ... | ${node} | ${table_index} | ${vat_acl_table} +| | And ACL table from Honeycomb should be | ${node} | ${hc_acl_table2} +| | And ACL table from VAT should be +| | ... | ${node} | ${table_index2} | ${vat_acl_table2} +| | When Honeycomb removes ACL table | ${node} | ${hc_acl_table2['name']} +| | Then ACL table from Honeycomb should be | ${node} | ${hc_acl_table} +| | And ACL table from VAT should be +| | ... | ${node} | ${table_index} | ${vat_acl_table} +| | And ACL table from Honeycomb should not exist +| | ... | ${node} | ${hc_acl_table2['name']} +| | And ACL table from VAT should not exist +| | ... | ${node} | ${table_index2} diff --git a/tests/suites/honeycomb/resources/acl.py b/tests/suites/honeycomb/resources/acl.py new file mode 100644 index 0000000000..227330c2a9 --- /dev/null +++ b/tests/suites/honeycomb/resources/acl.py @@ -0,0 +1,82 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Test variables for access control list test suite.""" + +# settings for acl tables +hc_acl_table = { + "name": "acl_table_test", + "nbuckets": 1, + "memory_size": 100000, + "skip_n_vectors": 0, + "miss_next": "permit", + "mask": "00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:00:00:00:00" +} + +hc_acl_table2 = { + "name": "acl_table_test2", + "nbuckets": 2, + "memory_size": 100000, + "skip_n_vectors": 1, + "next_table": "acl_table_test", + "miss_next": "deny", + "mask": "ff:ff:ff:00:00:00:ff:ff:ff:ff:ff:ff:00:00:00:00" +} +# representation of table settings in VAT +table_index = 0 +vat_acl_table = { + "nbuckets": hc_acl_table['nbuckets'], + "skip": 0, + "match": 1, + "nextnode": -1, + "nexttbl": -1, + "mask": hc_acl_table['mask'].replace(":", ""), +} +table_index2 = 1 +vat_acl_table2 = { + "nbuckets": hc_acl_table2['nbuckets'], + "skip": 1, + "match": 1, + "nextnode": 0, + "nexttbl": table_index, + "mask": hc_acl_table2['mask'].replace(":", ""), +} +# setting for acl sessions +hc_acl_session = { + "match": "00:00:00:00:00:00:01:02:03:04:05:06:00:00:00:00", + "hit_next": "permit", + "opaque_index": "1", + "advance": 1 +} + +hc_acl_session2 = { + "match": "00:00:00:00:00:00:06:05:04:03:02:01:00:00:00:00", + "hit_next": "deny", + "opaque_index": "2", + "advance": 1 +} +# representation of session settings in VAT +session_index = 0 +vat_acl_session = { + "match": hc_acl_session['match'].replace(":", ""), + "advance": hc_acl_session['advance'], + "opaque": 1, + "next_index": -1 +} +session_index2 = 1 +vat_acl_session2 = { + "match": hc_acl_session2['match'].replace(":", ""), + "advance": hc_acl_session2['advance'], + "opaque": 2, + "next_index": session_index +}