[yang] In ACL_RULE PRIORITY is mandatory and PACKET_ACTION for CTRLPLANE ACLs (#10248)

#### Why I did it
Fixes https://github.com/Azure/sonic-utilities/issues/2049

from caclmgr:
- PRIORITY is a required field [code](3fa18d18d4/src/sonic-host-services/scripts/caclmgrd (L548))
- PACKET_ACTION is a required field [code](3fa18d18d4/src/sonic-host-services/scripts/caclmgrd (L581))

I think PRIORITY is a required field for ACLs not only CTRLPLANE ACLs

#### How I did it
Check code.

#### How to verify it
Unit-test

#### Which release branch to backport (provide reason below if selected)

<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->

- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106
- [ ] 202111

#### Description for the changelog
<!--
Write a short (one line) summary that describes the changes in this
pull request for inclusion in the changelog:
-->

#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/SONiC/wiki/Configuration.
-->

#### A picture of a cute animal (not mandatory but encouraged)
This commit is contained in:
Mohamed Ghoneim 2022-03-22 17:12:16 -07:00 committed by GitHub
parent f8e11042b7
commit 874d7fc2c6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 71 additions and 0 deletions

View File

@ -4,6 +4,16 @@
"eStrKey" : "InvalidValue", "eStrKey" : "InvalidValue",
"eStr": ["PACKET_ACTION"] "eStr": ["PACKET_ACTION"]
}, },
"ACL_RULE_FOR_CTRLPLANE_ACL_REQUIRES_PACKET_ACTION": {
"desc": "ACL_RULE for CTRLPLANE ACLs require PACKET_ACTION.",
"eStrKey" : "Must",
"eStr": ["CTRLPLANE", "PACKET_ACTION"]
},
"ACL_RULE_MANDATORY_PRIORITY": {
"desc": "ACL_RULE MANDATORY PRIORITY field.",
"eStrKey" : "Mandatory",
"eStr": ["ACL_RULE", "PRIORITY"]
},
"ACL_TABLE_EMPTY_PORTS": { "ACL_TABLE_EMPTY_PORTS": {
"desc": "Configure ACL_TABLE with empty ports." "desc": "Configure ACL_TABLE with empty ports."
}, },

View File

@ -211,6 +211,63 @@
} }
} }
}, },
"ACL_RULE_FOR_CTRLPLANE_ACL_REQUIRES_PACKET_ACTION": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_RULE": {
"ACL_RULE_LIST": [
{
"ACL_TABLE_NAME": "MGMT_ONLY",
"DST_IP": "10.186.72.0/26",
"IP_TYPE": "IPv4ANY",
"PRIORITY": 999980,
"RULE_NAME": "Rule_20",
"SRC_IP": "10.176.0.0/15"
}
]
},
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "MGMT_ONLY",
"policy_desc": "Filter IPv4",
"services": [
"SNMP"
],
"stage": "EGRESS",
"type": "CTRLPLANE"
}
]
}
}
},
"ACL_RULE_MANDATORY_PRIORITY": {
"sonic-acl:sonic-acl": {
"sonic-acl:ACL_RULE": {
"ACL_RULE_LIST": [
{
"ACL_TABLE_NAME": "EVERFLOW",
"DST_IP": "10.186.72.0/26",
"IP_TYPE": "IPv4ANY",
"RULE_NAME": "Rule_20",
"SRC_IP": "10.176.0.0/15"
}
]
},
"sonic-acl:ACL_TABLE": {
"ACL_TABLE_LIST": [
{
"ACL_TABLE_NAME": "EVERFLOW",
"policy_desc": "Filter IPv4",
"services": [
"SNMP"
],
"stage": "EGRESS",
"type": "MIRROR"
}
]
}
}
},
"ACL_RULE_WITH_NON_EXIST_ACL_TABLE": { "ACL_RULE_WITH_NON_EXIST_ACL_TABLE": {
"sonic-acl:sonic-acl": { "sonic-acl:sonic-acl": {
"sonic-acl:ACL_RULE": { "sonic-acl:ACL_RULE": {

View File

@ -69,6 +69,9 @@ module sonic-acl {
type stypes:packet_action; type stypes:packet_action;
} }
/* Validating 'PACKET_ACTION' exist if ACL type is 'CTRLPLANE' */
must "(not(../../ACL_TABLE/ACL_TABLE_LIST[ACL_TABLE_NAME=current()/ACL_TABLE_NAME]/type = 'CTRLPLANE')) or (boolean(PACKET_ACTION))";
leaf MIRROR_INGRESS_ACTION { leaf MIRROR_INGRESS_ACTION {
type leafref { type leafref {
path "/sms:sonic-mirror-session/sms:MIRROR_SESSION/sms:MIRROR_SESSION_LIST/sms:name"; path "/sms:sonic-mirror-session/sms:MIRROR_SESSION/sms:MIRROR_SESSION_LIST/sms:name";
@ -86,6 +89,7 @@ module sonic-acl {
} }
leaf PRIORITY { leaf PRIORITY {
mandatory true;
type uint32 { type uint32 {
range 0..999999; range 0..999999;
} }