matthew/sonic-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[caclmgrd]: Add infrastructure to support adding feature specific acls (#11367)

Browse Source 
Why I did it
Add infrastructure to support adding feature specific acls.
If feature specific ACLs has to be added:

if feature_name in self.feature_present and self.feature_present.get('feature_name'):
    add_feature_specific_acls()
How I did it
Add function to get features present in feature table.

How to verify it
unit-test passes.
This commit is contained in:
SuvarnaMeenakshi 2022-07-13 10:22:23 -07:00 committed by GitHub
parent bec35df04a
commit 57a07fceab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 91 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/sonic-host-services/scripts/caclmgrd
View File

@ -52,6 +52,7 @@ class ControlPlaneAclManager(daemon_base.DaemonBase):
Attributes: Attributes:
config_db: Handle to Config Redis database via SwSS SDK config_db: Handle to Config Redis database via SwSS SDK
""" """
FEATURE_TABLE = "FEATURE"
ACL_TABLE = "ACL_TABLE" ACL_TABLE = "ACL_TABLE"
ACL_RULE = "ACL_RULE" ACL_RULE = "ACL_RULE"
DEVICE_METADATA_TABLE = "DEVICE_METADATA" DEVICE_METADATA_TABLE = "DEVICE_METADATA"
@ -117,6 +118,10 @@ class ControlPlaneAclManager(daemon_base.DaemonBase):
self.namespace_docker_mgmt_ip = {} self.namespace_docker_mgmt_ip = {}
self.namespace_docker_mgmt_ipv6 = {} self.namespace_docker_mgmt_ipv6 = {}
# Get all features that are present {feature_name : True/False}
self.feature_present = {}
self.update_feature_present()
metadata = self.config_db_map[DEFAULT_NAMESPACE].get_table(self.DEVICE_METADATA_TABLE) metadata = self.config_db_map[DEFAULT_NAMESPACE].get_table(self.DEVICE_METADATA_TABLE)
if 'subtype' in metadata['localhost'] and metadata['localhost']['subtype'] == 'DualToR': if 'subtype' in metadata['localhost'] and metadata['localhost']['subtype'] == 'DualToR':
self.DualToR = True self.DualToR = True
@ -201,6 +206,12 @@ class ControlPlaneAclManager(daemon_base.DaemonBase):
tcp_flags_str = tcp_flags_str[:-1] tcp_flags_str = tcp_flags_str[:-1]
return tcp_flags_str return tcp_flags_str
def update_feature_present(self):
feature_tb_info = self.config_db_map[DEFAULT_NAMESPACE].get_table(self.FEATURE_TABLE)
if feature_tb_info:
for k, v in feature_tb_info.items():
self.feature_present[k] = True
def generate_block_ip2me_traffic_iptables_commands(self, namespace): def generate_block_ip2me_traffic_iptables_commands(self, namespace):
INTERFACE_TABLE_NAME_LIST = [ INTERFACE_TABLE_NAME_LIST = [
"LOOPBACK_INTERFACE", "LOOPBACK_INTERFACE",

50
src/sonic-host-services/tests/caclmgrd/caclmgrd_feature_test.py Normal file
View File

@ -0,0 +1,50 @@
import os
import sys
import swsscommon
from parameterized import parameterized
from sonic_py_common.general import load_module_from_source
from unittest import TestCase, mock
from pyfakefs.fake_filesystem_unittest import patchfs
from .test_bfd_vectors import CACLMGRD_BFD_TEST_VECTOR
from tests.common.mock_configdb import MockConfigDb
from unittest.mock import MagicMock, patch
DBCONFIG_PATH = '/var/run/redis/sonic-db/database_config.json'
class TestFeature(TestCase):
"""
Test caclmgrd feature present
"""
def setUp(self):
swsscommon.swsscommon.ConfigDBConnector = MockConfigDb
test_path = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
modules_path = os.path.dirname(test_path)
scripts_path = os.path.join(modules_path, "scripts")
sys.path.insert(0, modules_path)
caclmgrd_path = os.path.join(scripts_path, 'caclmgrd')
self.caclmgrd = load_module_from_source('caclmgrd', caclmgrd_path)
@parameterized.expand(CACLMGRD_BFD_TEST_VECTOR)
@patchfs
def test_feature_present(self, test_name, test_data, fs):
if not os.path.exists(DBCONFIG_PATH):
fs.create_file(DBCONFIG_PATH) # fake database_config.json
MockConfigDb.set_config_db(test_data["config_db"])
with mock.patch("caclmgrd.subprocess") as mocked_subprocess:
popen_mock = mock.Mock()
popen_attrs = test_data["popen_attributes"]
popen_mock.configure_mock(**popen_attrs)
mocked_subprocess.Popen.return_value = popen_mock
mocked_subprocess.PIPE = -1
call_rc = test_data["call_rc"]
mocked_subprocess.call.return_value = call_rc
caclmgrd_daemon = self.caclmgrd.ControlPlaneAclManager("caclmgrd")
caclmgrd_daemon.update_feature_present()
self.assertTrue("bgp" in caclmgrd_daemon.feature_present)
self.assertEqual(caclmgrd_daemon.feature_present["bgp"], True)

6
src/sonic-host-services/tests/caclmgrd/test_bfd_vectors.py
View File

@ -15,6 +15,12 @@ CACLMGRD_BFD_TEST_VECTOR = [
"type": "ToRRouter", "type": "ToRRouter",
} }
}, },
"FEATURE": {
"bgp": {
"auto_restart": "enabled",
"state": "enabled",
}
},
}, },
"expected_subprocess_calls": [ "expected_subprocess_calls": [
call("iptables -I INPUT 2 -p udp -m multiport --dports 3784,4784 -j ACCEPT", shell=True, universal_newlines=True, stdout=subprocess.PIPE), call("iptables -I INPUT 2 -p udp -m multiport --dports 3784,4784 -j ACCEPT", shell=True, universal_newlines=True, stdout=subprocess.PIPE),

24
src/sonic-host-services/tests/caclmgrd/test_dhcp_vectors.py
View File

@ -14,6 +14,8 @@ CACLMGRD_DHCP_TEST_VECTOR = [
"type": "ToRRouter", "type": "ToRRouter",
} }
}, },
"FEATURE": {
},
}, },
"mux_update": [ "mux_update": [
("Ethernet4", {"state": "active"}), ("Ethernet4", {"state": "active"}),
@ -42,6 +44,8 @@ CACLMGRD_DHCP_TEST_VECTOR = [
"type": "ToRRouter", "type": "ToRRouter",
} }
}, },
"FEATURE": {
},
}, },
"mux_update": [ "mux_update": [
("Ethernet4", {"state": "active"}), ("Ethernet4", {"state": "active"}),
@ -67,6 +71,8 @@ CACLMGRD_DHCP_TEST_VECTOR = [
"type": "ToRRouter", "type": "ToRRouter",
} }
}, },
"FEATURE": {
},
}, },
"mux_update": [ "mux_update": [
("Ethernet4", {"state": "active"}), ("Ethernet4", {"state": "active"}),
@ -93,6 +99,8 @@ CACLMGRD_DHCP_TEST_VECTOR = [
"type": "ToRRouter", "type": "ToRRouter",
} }
}, },
"FEATURE": {
},
}, },
"mux_update": [ "mux_update": [
("Ethernet4", {"state": "active"}), ("Ethernet4", {"state": "active"}),
@ -117,6 +125,8 @@ CACLMGRD_DHCP_TEST_VECTOR = [
"type": "ToRRouter", "type": "ToRRouter",
} }
}, },
"FEATURE": {
},
}, },
"mux_update": [ "mux_update": [
("Ethernet4", {"state": "standby"}), ("Ethernet4", {"state": "standby"}),
@ -143,6 +153,8 @@ CACLMGRD_DHCP_TEST_VECTOR = [
"type": "ToRRouter", "type": "ToRRouter",
} }
}, },
"FEATURE": {
},
}, },
"mux_update": [ "mux_update": [
("Ethernet4", {"state": "standby"}), ("Ethernet4", {"state": "standby"}),
@ -167,6 +179,8 @@ CACLMGRD_DHCP_TEST_VECTOR = [
"type": "ToRRouter", "type": "ToRRouter",
} }
}, },
"FEATURE": {
},
}, },
"mux_update": [ "mux_update": [
("Ethernet4", {"state": "standby"}), ("Ethernet4", {"state": "standby"}),
@ -195,6 +209,8 @@ CACLMGRD_DHCP_TEST_VECTOR = [
"type": "ToRRouter", "type": "ToRRouter",
} }
}, },
"FEATURE": {
},
}, },
"mux_update": [ "mux_update": [
("Ethernet4", {"state": "standby"}), ("Ethernet4", {"state": "standby"}),
@ -220,6 +236,8 @@ CACLMGRD_DHCP_TEST_VECTOR = [
"type": "ToRRouter", "type": "ToRRouter",
} }
}, },
"FEATURE": {
},
}, },
"mux_update": [ "mux_update": [
("Ethernet4", {"state": "unknown"}), ("Ethernet4", {"state": "unknown"}),
@ -248,6 +266,8 @@ CACLMGRD_DHCP_TEST_VECTOR = [
"type": "ToRRouter", "type": "ToRRouter",
} }
}, },
"FEATURE": {
},
}, },
"mux_update": [ "mux_update": [
("Ethernet4", {"state": "unknown"}), ("Ethernet4", {"state": "unknown"}),
@ -273,6 +293,8 @@ CACLMGRD_DHCP_TEST_VECTOR = [
"type": "ToRRouter", "type": "ToRRouter",
} }
}, },
"FEATURE": {
},
}, },
"mux_update": [ "mux_update": [
("Ethernet4", {"state": "unknown"}), ("Ethernet4", {"state": "unknown"}),
@ -299,6 +321,8 @@ CACLMGRD_DHCP_TEST_VECTOR = [
"type": "ToRRouter", "type": "ToRRouter",
} }
}, },
"FEATURE": {
},
}, },
"mux_update": [ "mux_update": [
("Ethernet4", {"state": "unknown"}), ("Ethernet4", {"state": "unknown"}),