diff options
| author |   selias <samelias@cisco.com> | 2016-10-19 17:40:37 +0200 |
|---|---|---|
| committer | selias <samelias@cisco.com> | 2016-10-20 10:56:20 +0200 |
| commit | 4a16abbba4ffac705b3ac389421dd21e78457cc0 (patch) | |
| tree | b19926bc6a46372e2d4ecc8b6374240f14d5936f /resources | |
| parent | 811b8dc97ccf12952d5ec460bb0a421ce8933326 (diff) | |
CSIT-427: Honeycomb ietf-ACL tests - L4 and misc.
- add test cases for:
L4 port range ACLs
multiple classify rules
L2 ACL on egress interface
- add L4 configuration to mixed ACL test
- add test variables for new test cases
- update HTTPRequests to treat code 201 as a positive response
Change-Id: If43007545fec174af12dab594f8a1b15b2e4a536
Signed-off-by: selias <samelias@cisco.com>
Diffstat (limited to 'resources')
6 files changed, 151 insertions, 38 deletions
diff --git a/resources/libraries/python/HTTPRequest.py b/resources/libraries/python/HTTPRequest.py index 567ac791b7..1f5df52c01 100644 --- a/resources/libraries/python/HTTPRequest.py +++ b/resources/libraries/python/HTTPRequest.py @@ -32,6 +32,7 @@ from requests.auth import HTTPBasicAuth class HTTPCodes(IntEnum): """HTTP status codes""" OK = 200 + ACCEPTED = 201 UNAUTHORIZED = 401 FORBIDDEN = 403 NOT_FOUND = 404 diff --git a/resources/libraries/python/honeycomb/HcAPIKwACL.py b/resources/libraries/python/honeycomb/HcAPIKwACL.py index a69ab460f6..375820283b 100644 --- a/resources/libraries/python/honeycomb/HcAPIKwACL.py +++ b/resources/libraries/python/honeycomb/HcAPIKwACL.py @@ -60,7 +60,7 @@ class ACLKeywords(object): status_code, resp = HcUtil.\ delete_honeycomb_data(node, "config_classify_table", path) - if status_code != HTTPCodes.OK: + if status_code not in (HTTPCodes.OK, HTTPCodes.ACCEPTED): raise HoneycombError( "The configuration of classify table was not successful. " "Status code: {0}.".format(status_code)) @@ -287,8 +287,6 @@ class ACLKeywords(object): "l3_ip6": "ipv6", "mixed": "mixed" } - if layer == "l4": - raise NotImplementedError try: suffix = suffix_dict[layer] except KeyError: @@ -306,7 +304,7 @@ class ACLKeywords(object): status_code, resp = HcUtil.put_honeycomb_data( node, "config_ietf_classify_chain", data, path) - if status_code != HTTPCodes.OK: + if status_code not in (HTTPCodes.OK, HTTPCodes.ACCEPTED): raise HoneycombError( "Could not create classify chain." "Status code: {0}.".format(status_code)) @@ -368,31 +366,28 @@ class ACLKeywords(object): "mixed": {"mode": mode, "acl_type": types['vpp'].format("mixed")} } - if layer == "L4": - raise NotImplementedError - else: - try: - data = { - "access-lists": { - "acl": [ - { - "type": layers[layer]['acl_type'], - "name": list_name - } - ], - "default-action": default_action, - "mode": layers[layer]['mode'] - } + try: + data = { + "access-lists": { + "acl": [ + { + "type": layers[layer]['acl_type'], + "name": list_name + } + ], + "default-action": default_action, + "mode": layers[layer]['mode'] } - except KeyError: - raise ValueError("Unknown network layer {0}. " - "Valid options are: {1}".format( - layer, layers.keys())) + } + except KeyError: + raise ValueError("Unknown network layer {0}. " + "Valid options are: {1}".format( + layer, layers.keys())) status_code, resp = HcUtil.put_honeycomb_data( node, "config_vpp_interfaces", data, path) - if status_code != HTTPCodes.OK: + if status_code not in (HTTPCodes.OK, HTTPCodes.ACCEPTED): raise HoneycombError( "Could not configure ACL on interface. " "Status code: {0}.".format(status_code)) diff --git a/resources/libraries/python/honeycomb/HcAPIKwBridgeDomain.py b/resources/libraries/python/honeycomb/HcAPIKwBridgeDomain.py index f156f096e3..38d5324da7 100644 --- a/resources/libraries/python/honeycomb/HcAPIKwBridgeDomain.py +++ b/resources/libraries/python/honeycomb/HcAPIKwBridgeDomain.py @@ -61,7 +61,7 @@ class BridgeDomainKeywords(object): status_code, resp = HcUtil.\ put_honeycomb_data(node, "config_bridge_domain", data, data_representation=data_representation) - if status_code != HTTPCodes.OK: + if status_code not in (HTTPCodes.OK, HTTPCodes.ACCEPTED): raise HoneycombError( "The configuration of bridge domain '{0}' was not successful. " "Status code: {1}.".format(bd_name, status_code)) @@ -90,7 +90,7 @@ class BridgeDomainKeywords(object): status_code, resp = HcUtil.\ get_honeycomb_data(node, "config_bridge_domain") - if status_code != HTTPCodes.OK: + if status_code not in (HTTPCodes.OK, HTTPCodes.ACCEPTED): raise HoneycombError( "Not possible to get configuration information about the " "bridge domains. Status code: {0}.".format(status_code)) diff --git a/resources/libraries/python/honeycomb/HcAPIKwInterfaces.py b/resources/libraries/python/honeycomb/HcAPIKwInterfaces.py index 83267b5e55..506db69720 100644 --- a/resources/libraries/python/honeycomb/HcAPIKwInterfaces.py +++ b/resources/libraries/python/honeycomb/HcAPIKwInterfaces.py @@ -92,7 +92,7 @@ class InterfaceKeywords(object): status_code, resp = HcUtil.\ put_honeycomb_data(node, "config_vpp_interfaces", data, data_representation=data_representation) - if status_code != HTTPCodes.OK: + if status_code not in (HTTPCodes.OK, HTTPCodes.ACCEPTED): raise HoneycombError( "The configuration of interface '{0}' was not successful. " "Status code: {1}.".format(interface, status_code)) @@ -255,7 +255,7 @@ class InterfaceKeywords(object): status_code, resp = HcUtil. \ put_honeycomb_data(node, "config_vpp_interfaces", resp, path, data_representation=DataRepresentation.JSON) - if status_code != HTTPCodes.OK: + if status_code not in (HTTPCodes.OK, HTTPCodes.ACCEPTED): raise HoneycombError( "The configuration of interface '{0}' was not successful. " "Status code: {1}.".format(interface, status_code)) @@ -1407,7 +1407,7 @@ class InterfaceKeywords(object): status_code, resp = HcUtil.\ put_honeycomb_data(node, "config_vpp_interfaces", data, path, data_representation=DataRepresentation.JSON) - if status_code != HTTPCodes.OK: + if status_code not in (HTTPCodes.OK, HTTPCodes.ACCEPTED): raise HoneycombError( "The configuration of interface '{0}' was not successful. " "Status code: {1}.".format(interface, status_code)) @@ -1466,7 +1466,7 @@ class InterfaceKeywords(object): status_code, resp = HcUtil. \ put_honeycomb_data(node, "config_vpp_interfaces", params, path, data_representation=DataRepresentation.JSON) - if status_code != HTTPCodes.OK: + if status_code not in (HTTPCodes.OK, HTTPCodes.ACCEPTED): raise HoneycombError( "The configuration of PBB sub-interface '{0}' was not " "successful. Status code: {1}.".format(intf, status_code)) diff --git a/resources/libraries/robot/honeycomb/access_control_lists.robot b/resources/libraries/robot/honeycomb/access_control_lists.robot index 5c60af30ab..7072f597c4 100644 --- a/resources/libraries/robot/honeycomb/access_control_lists.robot +++ b/resources/libraries/robot/honeycomb/access_control_lists.robot @@ -172,7 +172,7 @@ | | ... | \| ACL table from VAT should not exist \| ${nodes['DUT1']} \ | | ... | \| ${0} \| | | [Arguments] | ${node} | ${table_index} -| | Run keyword and expect error | No JSON data. +| | Run keyword and expect error | VAT: no JSON data. | | ... | Get classify table data | ${node} | ${table_index} | ACL session from Honeycomb should be diff --git a/resources/test_data/honeycomb/ietf_acl.py b/resources/test_data/honeycomb/ietf_acl.py index 6f785acf2e..aaabfa49e2 100644 --- a/resources/test_data/honeycomb/ietf_acl.py +++ b/resources/test_data/honeycomb/ietf_acl.py @@ -54,6 +54,7 @@ def get_variables(test_case, name): # IPs for DUT interface setup "dut_to_tg_if1_ip": "16.0.0.2", "dut_to_tg_if2_ip": "192.168.0.2", + "prefix_length": 24, "gateway": "192.168.0.1", # classified networks "classify_src_net": "16.0.2.0", @@ -61,7 +62,6 @@ def get_variables(test_case, name): # IPs in classified networks "classify_src": "16.0.2.1", "classify_dst": "16.0.3.1", - "prefix_length": 24 }, "l3_ip6": { # Override control packet addresses with IPv6 @@ -71,6 +71,7 @@ def get_variables(test_case, name): # IPs for DUT interface setup "dut_to_tg_if1_ip": "10::2", "dut_to_tg_if2_ip": "20::2", + "prefix_length": 64, "gateway": "20::1", # classified networks "classify_src_net": "12::", @@ -78,7 +79,17 @@ def get_variables(test_case, name): # IPs in classified networks "classify_src": "12::1", "classify_dst": "13::1", - "prefix_length": 64 + }, + "l4": { + # IPs for DUT interface and route setup + "dut_to_tg_if1_ip": "16.0.0.2", + "dut_to_tg_if2_ip": "192.168.0.2", + "prefix_length": 24, + "gateway": "192.168.0.1", + "classify_dst_net": "16.0.3.0", + # Ports in classified ranges + "classify_src": 1500, + "classify_dst": 2000, }, "mixed": { # IPs for DUT interface setup @@ -96,7 +107,21 @@ def get_variables(test_case, name): "classify_src_mac": "01:02:03:04:56:67", "classify_dst_mac": "89:9A:AB:BC:50:60", "src_mask": "00:00:00:00:FF:FF", - "dst_mask": "FF:FF:FF:FF:00:00" + "dst_mask": "FF:FF:FF:FF:00:00", + # classified ports + "classify_src_port": 1500, + "classify_dst_port": 2000, + }, + "multirule": { + # MACs classified by first rule + "classify_src": "12:23:34:45:56:67", + "classify_dst": "89:9A:AB:BC:CD:DE", + # MACs classified by second rule + "classify_src2": "01:02:03:04:56:67", + "classify_dst2": "89:9A:AB:BC:50:60", + # MAC rule masks - only match specific addresses + "src_mask": "FF:FF:FF:FF:FF:FF", + "dst_mask": "FF:FF:FF:FF:FF:FF", } } acl_data = { @@ -174,6 +199,31 @@ def get_variables(test_case, name): }]} }] }, + # ACL configuration for L4 tests + "l4": { + "acl": [{ + "acl-type": + "vpp-acl:mixed-acl", + "acl-name": name, + "access-list-entries": {"ace": [{ + "rule-name": "rule1", + "matches": { + "destination-ipv4-network": "0.0.0.0/0", + "destination-port-range": { + "lower-port": test_vars["l4"]["classify_dst"], + "upper-port": test_vars["l4"]["classify_dst"] + 50 + }, + "source-port-range": { + "lower-port": test_vars["l4"]["classify_src"], + "upper-port": test_vars["l4"]["classify_src"] + 50 + } + }, + "actions": { + "deny": {} + } + }]} + }] + }, "mixed": { "acl": [{ "acl-type": @@ -198,22 +248,89 @@ def get_variables(test_case, name): "{0}/{1}".format( test_vars["mixed"]["classify_dst_net"], test_vars["mixed"]["prefix_length"]), - "vpp-acl:protocol": 17 + "vpp-acl:protocol": 17, + "vpp-acl:destination-port-range": { + "lower-port": test_vars["l4"]["classify_dst"], + "upper-port": test_vars["l4"]["classify_dst"] + 50 + }, + "vpp-acl:source-port-range": { + "lower-port": test_vars["l4"]["classify_src"], + "upper-port": test_vars["l4"]["classify_src"] + 50 + } }, "actions": { "deny": {} } }]} }] + }, + "multirule": { + "acl": [{ + "acl-type": + "ietf-access-control-list:eth-acl", + "acl-name": name, + "access-list-entries": {"ace": [ + { + "rule-name": "rule1", + "matches": { + "source-mac-address": + test_vars["multirule"]["classify_src"], + "source-mac-address-mask": + test_vars["multirule"]["src_mask"], + "destination-mac-address": + test_vars["multirule"]["classify_dst"], + "destination-mac-address-mask": + test_vars["multirule"]["dst_mask"] + }, + "actions": { + "deny": {} + } + }, + { + "rule-name": "rule2", + "matches": { + "source-mac-address": + test_vars["multirule"]["classify_src2"], + "source-mac-address-mask": + test_vars["multirule"]["src_mask"], + "destination-mac-address": + test_vars["multirule"]["classify_dst2"], + "destination-mac-address-mask": + test_vars["multirule"]["dst_mask"] + }, + "actions": { + "deny": {} + } + }, + { + "rule-name": "rule3", + "matches": { + "source-mac-address": + variables["src_mac"], + "source-mac-address-mask": + test_vars["multirule"]["src_mask"], + "destination-mac-address": + variables["dst_mac"], + "destination-mac-address-mask": + test_vars["multirule"]["dst_mask"] + }, + "actions": { + "permit": {} + } + } + ]} + }] } } try: - variables.update(test_vars[test_case]) - variables.update( + ret_vars = {} + ret_vars.update(variables) + ret_vars.update(test_vars[test_case]) + ret_vars.update( {"acl_settings": acl_data[test_case]} ) except KeyError: raise Exception("Unrecognized test case {0}." " Valid options are: {1}".format( test_case, acl_data.keys())) - return variables + return ret_vars |