From 4ee6b6e8b56bf46806103045aec3864061bfad29 Mon Sep 17 00:00:00 2001 From: Ze Gan Date: Fri, 22 Mar 2024 07:39:02 +0800 Subject: [PATCH] [Fixbug 18418] [Yang] MACSEC_PROFILE table does not match yang definition (#18419) ### Why I did it Fix the issue [18418](https://github.com/sonic-net/sonic-buildimage/issues/18418), The YANG model to MACsec fallback cak/ckn is wrong. We should allow the fallback option is empty. ### How I did it Add a condition to check whether the fallback is providered #### How to verify it Check Azp --- .../tests/yang_model_tests/tests_config/macsec.json | 12 ++++++++++++ src/sonic-yang-models/yang-models/sonic-macsec.yang | 4 ++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/macsec.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/macsec.json index 5c748606ee..89abcb3866 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/macsec.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/macsec.json @@ -30,6 +30,18 @@ "replay_window": 64, "send_sci": "true", "rekey_period": 3600 + }, + { + "name": "test_nofallback", + "priority": 64, + "cipher_suite": "GCM-AES-XPN-256", + "primary_cak": "5207554155500e5d5157786d6c2a3d2031425a5e577e7e727f6b6c03312432262706080a00005b554f4e007975707670725b0a54540c0252445e5d7a29252b046a", + "primary_ckn": "6162636465666768696A6B6C6D6E6F706162636465666768696A6B6C6D6E6F70", + "policy": "security", + "enable_replay_protect": "true", + "replay_window": 64, + "send_sci": "true", + "rekey_period": 3600 } ] } diff --git a/src/sonic-yang-models/yang-models/sonic-macsec.yang b/src/sonic-yang-models/yang-models/sonic-macsec.yang index b3d04b725a..2d76737ee4 100644 --- a/src/sonic-yang-models/yang-models/sonic-macsec.yang +++ b/src/sonic-yang-models/yang-models/sonic-macsec.yang @@ -70,9 +70,9 @@ module sonic-macsec { } } - must "string-length(fallback_cak) = string-length(primary_cak)"; + must "string-length(fallback_cak) = 0 or string-length(fallback_cak) = string-length(primary_cak)"; - must "primary_ckn != fallback_ckn"; + must "string-length(fallback_ckn) = 0 or primary_ckn != fallback_ckn"; leaf policy { type string {