Use the macsec_enabled flag in platform to enable macsec feature state (#11998)

* Use the macsec_enabled flag in platform to enable macesc feature state * Add macsec supported metadata in DEVICE_RUNTIME_METADATA
2022-11-08 11:03:38 -08:00 · 2022-11-08 11:03:38 -08:00 · ab713dcfb6
commit ab713dcfb6
parent 4e3a0bb4ab
4 changed files with 26 additions and 1 deletions
--- a/device/arista/x86_64-arista_7800r3a_36d2_lc/platform_env.conf
+++ b/device/arista/x86_64-arista_7800r3a_36d2_lc/platform_env.conf
@ -1,2 +1,3 @@
 usemsi=1
 dmasize=64M
+macsec_enabled=1
--- a/device/nokia/x86_64-nokia_ixr7250e_36x400g-r0/platform_env.conf
+++ b/device/nokia/x86_64-nokia_ixr7250e_36x400g-r0/platform_env.conf
@ -1,3 +1,4 @@
 usemsi=1
 dmasize=512M
 default_mtu=9100
+macsec_enabled=1
--- a/files/build_templates/init_cfg.json.j2
+++ b/files/build_templates/init_cfg.json.j2
@ -51,7 +51,7 @@
 {%- if include_p4rt == "y" %}{% do features.append(("p4rt", "enabled", false, "enabled")) %}{% endif %}
 {%- if include_restapi == "y" %}{% do features.append(("restapi", "enabled", false, "enabled")) %}{% endif %}
 {%- if include_sflow == "y" %}{% do features.append(("sflow", "disabled", false, "enabled")) %}{% endif %}
-{%- if include_macsec == "y" %}{% do features.append(("macsec", "disabled", false, "enabled")) %}{% endif %}
+{%- if include_macsec == "y" %}{% do features.append(("macsec", "{% if 'type' in DEVICE_METADATA['localhost'] and DEVICE_METADATA['localhost']['type'] == 'SpineRouter' and DEVICE_RUNTIME_METADATA['MACSEC_SUPPORTED'] %}enabled{% else %}disabled{% endif %}", false, "enabled")) %}{% endif %}
 {%- if include_system_telemetry == "y" %}{% do features.append(("telemetry", "enabled", true, "enabled")) %}{% endif %}
    "FEATURE": {
 {# has_timer field if set, will start the feature systemd .timer unit instead of .service unit #}
--- a/src/sonic-py-common/sonic_py_common/device_info.py
+++ b/src/sonic-py-common/sonic_py_common/device_info.py
@ -470,6 +470,27 @@ def is_supervisor():
                    return True
        return False

+# Check if this platform has macsec capability.
+def is_macsec_supported():
+    supported = 0
+    platform_env_conf_file_path = get_platform_env_conf_file_path()
+
+    # platform_env.conf file not present for platform
+    if platform_env_conf_file_path is None:
+        return supported
+
+    # Else open the file check for keyword - macsec_enabled -
+    with open(platform_env_conf_file_path) as platform_env_conf_file:
+        for line in platform_env_conf_file:
+            tokens = line.split('=')
+            if len(tokens) < 2:
+               continue
+            if tokens[0].lower() == 'macsec_enabled':
+                supported = tokens[1].strip()
+                break
+    return int(supported)
+
+
 def get_device_runtime_metadata():
    chassis_metadata = {}
    if is_chassis():
@ -477,9 +498,11 @@ def get_device_runtime_metadata():
                                                'chassis_type': 'voq' if is_voq_chassis() else 'packet'}}

    port_metadata = {'ETHERNET_PORTS_PRESENT': True if get_path_to_port_config_file(hwsku=None, asic="0" if is_multi_npu() else None) else False}
+    macsec_support_metadata = {'MACSEC_SUPPORTED': True if is_macsec_supported() else False}
    runtime_metadata = {}
    runtime_metadata.update(chassis_metadata)
    runtime_metadata.update(port_metadata)
+    runtime_metadata.update(macsec_support_metadata)
    return {'DEVICE_RUNTIME_METADATA': runtime_metadata }

 def get_npu_id_from_name(npu_name):