aboutsummaryrefslogtreecommitdiffstats
path: root/resources
diff options
context:
space:
mode:
Diffstat (limited to 'resources')
-rw-r--r--resources/libraries/python/honeycomb/HcAPIKwACL.py36
-rw-r--r--resources/templates/honeycomb/config_plugin_acl.url2
-rw-r--r--resources/test_data/honeycomb/plugin_acl.py632
3 files changed, 339 insertions, 331 deletions
diff --git a/resources/libraries/python/honeycomb/HcAPIKwACL.py b/resources/libraries/python/honeycomb/HcAPIKwACL.py
index 49fc351b01..19cdb37c47 100644
--- a/resources/libraries/python/honeycomb/HcAPIKwACL.py
+++ b/resources/libraries/python/honeycomb/HcAPIKwACL.py
@@ -271,10 +271,7 @@ class ACLKeywords(object):
:raises HoneycombError: If the operation fails.
"""
- if macip:
- path = "/acl/vpp-acl:vpp-macip-acl/{0}".format(list_name)
- else:
- path = "/acl/vpp-acl:vpp-acl/{0}".format(list_name)
+ path = "/acl/{0}".format(list_name)
status_code, resp = HcUtil.put_honeycomb_data(
node, "config_plugin_acl", data, path)
@@ -318,32 +315,19 @@ class ACLKeywords(object):
"Valid options are: ingress, egress."
.format(direction))
- path = "/interface/{0}/interface-acl:acl/{1}".format(
+ path = "/attachment-points/interface/{0}/{1}/acl-sets/".format(
interface, direction)
- if macip:
- data = {
- direction: {
- "vpp-macip-acl": {
- "type": "vpp-acl:vpp-macip-acl",
- "name": acl_name
- }
- }
- }
- else:
- data = {
- direction: {
- "vpp-acls": [
- {
- "type": "vpp-acl:vpp-acl",
- "name": acl_name
- }
- ]
+ data = {
+ "acl-sets": {
+ "acl-set": {
+ "name": acl_name
}
}
+ }
status_code, resp = HcUtil.put_honeycomb_data(
- node, "config_vpp_interfaces", data, path)
+ node, "config_plugin_acl", data, path)
if status_code not in (HTTPCodes.OK, HTTPCodes.ACCEPTED):
raise HoneycombError(
@@ -367,9 +351,9 @@ class ACLKeywords(object):
interface = interface.replace("/", "%2F")
- path = "/interface/{0}/interface-acl:acl/".format(interface)
+ path = "/attachment-points/interface/{0}/".format(interface)
status_code, _ = HcUtil.delete_honeycomb_data(
- node, "config_vpp_interfaces", path)
+ node, "config_plugin_acl", path)
if status_code != HTTPCodes.OK:
raise HoneycombError(
diff --git a/resources/templates/honeycomb/config_plugin_acl.url b/resources/templates/honeycomb/config_plugin_acl.url
index 19a49f2b04..739faed2be 100644
--- a/resources/templates/honeycomb/config_plugin_acl.url
+++ b/resources/templates/honeycomb/config_plugin_acl.url
@@ -1 +1 @@
-/restconf/config{odl_url_part}/ietf-access-control-list:access-lists \ No newline at end of file
+/restconf/config{odl_url_part}/ietf-access-control-list:acls \ No newline at end of file
diff --git a/resources/test_data/honeycomb/plugin_acl.py b/resources/test_data/honeycomb/plugin_acl.py
index aeb55307de..edf585eb34 100644
--- a/resources/test_data/honeycomb/plugin_acl.py
+++ b/resources/test_data/honeycomb/plugin_acl.py
@@ -152,366 +152,390 @@ def get_variables(test_case, name):
}
acl_data = {
# ACL configuration for L2 tests
+
"macip": {
"acl": [{
- "acl-type":
- "vpp-acl:vpp-macip-acl",
- "acl-name": name,
- "access-list-entries": {"ace": [
- {
- "rule-name": "rule1",
- "matches": {
- "vpp-macip-ace-nodes": {
- "source-mac-address":
- test_vars["macip"]["classify_src"],
- "source-mac-address-mask":
- test_vars["macip"]["src_mask"],
- "source-ipv4-network": "16.0.0.0/24"
+ "name": name,
+ "type": "vpp-acl:vpp-macip-acl",
+ "aces": {
+ "ace": [
+ {
+ "name": "rule1",
+ "matches": {
+
+ "eth": {
+ "source-mac-address": test_vars["macip"]["classify_src"],
+ "source-mac-address-mask": test_vars["macip"]["src_mask"]
+ },
+ "ipv4": {
+
+ "source-ipv4-network": "16.0.0.0/24"
+ }
+ },
+
+ "actions": {
+ "forwarding": "ietf-access-control-list:drop"
}
},
- "actions": {
- "deny": ["null"]
- }
- },
- {
- "rule-name": "rule_all",
- "matches": {
- "vpp-macip-ace-nodes": {
- "source-mac-address":
- test_vars["macip"]["classify_src"],
- "source-mac-address-mask": "00:00:00:00:00:00",
- "source-ipv4-network": "0.0.0.0/0"
+ {
+ "name": "rule_all",
+ "matches": {
+
+ "eth": {
+ "source-mac-address": test_vars["macip"]["classify_src"],
+ "source-mac-address-mask": "00:00:00:00:00:00"
+ },
+
+ "ipv4": {
+ "source-ipv4-network": "0.0.0.0/0"
+ }
+ },
+ "actions": {
+ "forwarding": "ietf-access-control-list:accept"
}
- },
- "actions": {
- "permit": ["null"]
}
- },
- ]}
- }]
+ ]}
+ }
+ ]
},
# ACL configuration for L3 IPv4 tests
"l3_ip4": {
- "acl": [{
- "acl-type":
- "vpp-acl:vpp-acl",
- "acl-name": name,
- "access-list-entries": {"ace": [
- {
- "rule-name": "rule1",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv4-network":
- "{0}/{1}".format(
- test_vars["l3_ip4"]["classify_src_net"],
- test_vars["l3_ip4"]["prefix_length"]),
- "destination-ipv4-network":
- "{0}/{1}".format(
- test_vars["l3_ip4"]["classify_dst_net"],
- test_vars["l3_ip4"]["prefix_length"]),
- "udp-nodes": {
- "source-port-range": {
- "lower-port": "0",
- "upper-port": "65535"
+ "acl": [
+ {
+ "name": name,
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
+ "ace": [
+ {
+ "name": "rule1",
+ "matches": {
+ "ipv4": {
+ "destination-ipv4-network": "{0}/{1}".format(
+ test_vars["l3_ip4"]["classify_dst_net"],
+ test_vars["l3_ip4"]["prefix_length"]),
+ "source-ipv4-network": "{0}/{1}".format(
+ test_vars["l3_ip4"]["classify_src_net"],
+ test_vars["l3_ip4"]["prefix_length"])
},
- "destination-port-range": {
- "lower-port": "0",
- "upper-port": "65535"
+ "udp":{
+ "source-port": {
+ "lower-port": "0",
+ "upper-port": "65535"
+ },
+ "destination-port": {
+ "lower-port": "0",
+ "upper-port": "65535"
+ }
}
+ },
+ "actions": {
+ "forwarding": "ietf-access-control-list:drop"
+ }
+ },
+ {
+ "name": "rule_all",
+ "matches": {
+ "ipv4": {
+ "destination-ipv4-network": "0.0.0.0/0",
+ "source-ipv4-network": "0.0.0.0/0"
+ }
+ },
+ "actions": {
+ "forwarding": "ietf-access-control-list:accept"
}
}
- },
- "actions": {
- "deny": ["null"]
- },
- },
- {
- "rule-name": "rule_all",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv4-network": "0.0.0.0/0",
- "destination-ipv4-network": "0.0.0.0/0",
- }
- },
- "actions": {
- "permit": ["null"]
- }
+ ]
}
- ]}
- }]
+ }
+ ]
},
# ACL settings for L3 IPv6 tests
"l3_ip6": {
- "acl": [{
- "acl-type":
- "vpp-acl:vpp-acl",
- "acl-name": name,
- "access-list-entries": {"ace": [
- {
- "rule-name": "rule1",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv6-network":
- "{0}/{1}".format(
- test_vars["l3_ip6"]["classify_src_net"],
- test_vars["l3_ip6"]["prefix_length"]),
- "destination-ipv6-network":
- "{0}/{1}".format(
- test_vars["l3_ip6"]["classify_dst_net"],
- test_vars["l3_ip6"]["prefix_length"]),
- "udp-nodes": {
- "source-port-range": {
- "lower-port": "0",
- "upper-port": "65535"
+ "acl": [
+ {
+ "name": name,
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
+ "ace": [
+ {
+ "name": "rule1",
+ "matches": {
+ "ipv6": {
+ "destination-ipv6-network": "{0}/{1}".format(
+ test_vars["l3_ip6"]["classify_dst_net"],
+ test_vars["l3_ip6"]["prefix_length"]),
+ "source-ipv6-network": "{0}/{1}".format(
+ test_vars["l3_ip6"]["classify_src_net"],
+ test_vars["l3_ip6"]["prefix_length"])
},
- "destination-port-range": {
- "lower-port": "0",
- "upper-port": "65535"
+ "udp":{
+ "source-port": {
+ "lower-port": "0",
+ "upper-port": "65535"
+ },
+ "destination-port": {
+ "lower-port": "0",
+ "upper-port": "65535"
+ }
}
+ },
+ "actions": {
+ "forwarding": "ietf-access-control-list:drop"
+ }
+ },
+ {
+ "name": "rule_all",
+ "matches": {
+ "ipv6": {
+ "destination-ipv6-network": "0::0/0",
+ "source-ipv6-network": "0::0/0"
+ }
+ },
+ "actions": {
+ "forwarding": "ietf-access-control-list:accept"
}
}
- },
- "actions": {
- "deny": ["null"]
- }
- },
- {
- "rule-name": "rule_all",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv6-network": "0::0/0",
- "destination-ipv6-network": "0::0/0",
- }
- },
- "actions": {
- "permit": ["null"]
- }
+ ]
}
- ]}
- }]
+ }
+ ]
},
# ACL configuration for L4 tests
"l4": {
- "acl": [{
- "acl-type":
- "vpp-acl:vpp-acl",
- "acl-name": name,
- "access-list-entries": {"ace": [{
- "rule-name": "rule1",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv4-network": "0.0.0.0/0",
- "tcp-nodes": {
- "destination-port-range": {
- "lower-port":
- test_vars["l4"]["classify_dst"],
- "upper-port":
- test_vars["l4"]["classify_dst"] + 10
+ "acl": [
+ {
+ "name": name,
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
+ "ace": [
+ {
+ "name": "rule1",
+ "matches": {
+ "ipv4": {
+ "source-ipv4-network": "0.0.0.0/0"
+ },
+ "tcp": {
+ "source-port": {
+ "lower-port": test_vars["l4"]["classify_src"],
+ "upper-port": test_vars["l4"]["classify_src"] + 10
+ },
+ "destination-port":{
+ "lower-port": test_vars["l4"]["classify_dst"],
+ "upper-port": test_vars["l4"]["classify_dst"] + 10
+ }
+ }
},
- "source-port-range": {
- "lower-port":
- test_vars["l4"]["classify_src"],
- "upper-port":
- test_vars["l4"]["classify_src"] + 10
+ "actions":{
+ "forwarding": "ietf-access-control-list:drop"
+ }
+ },
+ {
+ "name": "rule_all",
+ "matches": {
+ "ipv4": {
+ "source-ipv4-network": "0.0.0.0/0",
+ "destination-ipv4-network": "0.0.0.0/0"
+ }
+ },
+ "actions": {
+ "forwarding": "ietf-access-control-list:accept"
}
}
- }
- },
- "actions": {
- "deny": ["null"]
- },
- },
- {
- "rule-name": "rule_all",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv4-network": "0.0.0.0/0",
- "destination-ipv4-network": "0.0.0.0/0",
- }
- },
- "actions": {
- "permit": ["null"]
- }
+ ]
}
- ]}
- }]
+ }
+ ]
},
"mixed": {
- "acl": [{
- "acl-type":
- "vpp-acl:vpp-acl",
- "acl-name": name,
- "access-list-entries": {"ace": [{
- "rule-name": "ports",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv4-network": "0.0.0.0/0",
- "tcp-nodes": {
- "destination-port-range": {
- "lower-port":
- test_vars["l4"]["classify_dst"],
- "upper-port":
- test_vars["l4"]["classify_dst"] + 10
+ "acl": [
+ {
+ "name": name,
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
+ "ace": [
+ {
+ "name": "ports",
+ "matches": {
+ "ipv4": {
+ "source-ipv4-network": "0.0.0.0/0"
+ },
+ "tcp": {
+ "source-port": {
+ "lower-port": test_vars["l4"]["classify_src"],
+ "upper-port": test_vars["l4"]["classify_src"] + 10
+ },
+ "destination-port":{
+ "lower-port": test_vars["l4"]["classify_dst"],
+ "upper-port": test_vars["l4"]["classify_dst"] + 10
+ }
+ }
},
- "source-port-range": {
- "lower-port":
- test_vars["l4"]["classify_src"],
- "upper-port":
- test_vars["l4"]["classify_src"] + 10
+ "actions":{
+ "forwarding": "ietf-access-control-list:drop"
+ }
+ },
+ {
+ "name": "rule_all",
+ "matches": {
+ "ipv4": {
+ "destination-ipv4-network": "0.0.0.0/0",
+ "source-ipv4-network": "0.0.0.0/0"
+ }
+ },
+ "actions": {
+ "forwarding": "ietf-access-control-list:accept"
}
}
- }
- },
- "actions": {
- "deny": ["null"]
- },
- },
- {
- "rule-name": "rule_all",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv4-network": "0.0.0.0/0",
- "destination-ipv4-network": "0.0.0.0/0",
- }
- },
- "actions": {
- "permit": ["null"]
- }
+ ]
}
- ]}
- }]
+ }
+ ]
},
"icmp": {
- "acl": [{
- "acl-type":
- "vpp-acl:vpp-acl",
- "acl-name": name,
- "access-list-entries": {"ace": [
- {
- "rule-name": "rule1",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv4-network": "0.0.0.0/0",
- "icmp-nodes": {
- "icmp-type-range": {
- "first": "1",
- "last": "5"
+ "acl": [
+ {
+ "name": name,
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
+ "ace": [
+ {
+ "name": "rule1",
+ "matches": {
+ "ipv4": {
+ "source-ipv4-network": "0.0.0.0/0"
},
- "icmp-code-range": {
- "first": "1",
- "last": "5"
+ "icmp": {
+ "vpp-acl:vpp-icmp-ace": {
+ "vpp-acl:icmp-type-range": {
+ "first": "1",
+ "last": "5"
+ },
+ "vpp-acl:icmp-code-range": {
+ "first": "1",
+ "last": "5"
+ }
+ }
}
+ },
+ "actions": {
+ "forwarding": "ietf-access-control-list:drop"
+ }
+ },
+ {
+ "name": "rule_all",
+ "matches": {
+ "ipv4": {
+ "source-ipv4-network": "0.0.0.0/0",
+ "destination-ipv4-network": "0.0.0.0/0"
+ }
+ },
+ "actions": {
+ "forwarding": "ietf-access-control-list:accept"
}
}
- },
- "actions": {
- "deny": ["null"]
- },
- },
- {
- "rule-name": "rule_all",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv4-network": "0.0.0.0/0",
- "destination-ipv4-network": "0.0.0.0/0",
- }
- },
- "actions": {
- "permit": ["null"]
- }
+ ]
}
- ]}
- }]
+ }
+ ]
},
"icmpv6": {
- "acl": [{
- "acl-type":
- "vpp-acl:vpp-acl",
- "acl-name": name,
- "access-list-entries": {"ace": [
- {
- "rule-name": "rule1",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv6-network": "::/0",
- "icmp-v6-nodes": {
- "icmp-type-range": {
- "first": "1",
- "last": "5"
+ "acl": [
+ {
+ "name": name,
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
+ "ace": [
+ {
+ "name": "rule1",
+ "matches": {
+ "ipv6": {
+ "source-ipv6-network": "::/0",
},
- "icmp-code-range": {
- "first": "1",
- "last": "5"
+ "icmp": {
+ "vpp-acl:vpp-icmp-ace": {
+ "vpp-acl:icmp-type-range": {
+ "first": "1",
+ "last": "5"
+ },
+ "vpp-acl:icmp-code-range": {
+ "first": "1",
+ "last": "5"
+ }
+ }
+ }
+ },
+ "actions": {
+ "forwarding": "ietf-access-control-list:drop"
+ }
+ },
+ {
+ "name": "rule_all",
+ "matches": {
+ "ipv6": {
+ "destination-ipv6-network": "0::0/0",
+ "source-ipv6-network": "::/0",
}
+ },
+ "actions": {
+ "forwarding": "ietf-access-control-list:accept"
}
}
- },
- "actions": {
- "deny": ["null"]
- },
- },
- {
- "rule-name": "rule_all",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv6-network": "0::0/0",
- "destination-ipv6-network": "0::0/0",
- }
- },
- "actions": {
- "permit": ["null"]
- }
+ ]
}
- ]}
- }]
+ }
+ ]
},
"reflex": {
- "acl": [{
- "acl-type":
- "vpp-acl:vpp-acl",
- "acl-name": name,
- "access-list-entries": {"ace": [
- {
- "rule-name": "rule1",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv4-network":
- "{0}/{1}".format(
- test_vars["reflex"]["classify_dst_net"],
- test_vars["reflex"]["prefix_length"]),
- "destination-ipv4-network":
- "{0}/{1}".format(
- test_vars["reflex"]["classify_src_net"],
- test_vars["reflex"]["prefix_length"]),
+ "acl": [
+ {
+ "name": name,
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
+ "ace": [
+ {
+ "name": "rule1",
+ "matches": {
+ "ipv4": {
+ "destination-ipv4-network": "{0}/{1}".format(
+ test_vars["reflex"]["classify_src_net"],
+ test_vars["reflex"]["prefix_length"]),
+ "source-ipv4-network": "{0}/{1}".format(
+ test_vars["reflex"]["classify_dst_net"],
+ test_vars["reflex"]["prefix_length"])
+ }
+ },
+ "actions": {
+ "forwarding": "vpp-acl:accept-and-reflect"
+ }
}
- },
- "actions": {
- "vpp-acl:permit-and-reflect": ["null"]
- },
- },
- ]}
- }]
+ ]
+ }
+ }
+ ]
},
"block_all": {
- "acl": [{
- "acl-type":
- "vpp-acl:vpp-acl",
- "acl-name": name,
- "access-list-entries": {"ace": [
- {
- "rule-name": "rule_all",
- "matches": {
- "vpp-ace-nodes": {
- "source-ipv4-network": "0.0.0.0/0",
- "destination-ipv4-network": "0.0.0.0/0",
+ "acl": [
+ {
+ "name": name,
+ "type": "vpp-acl:vpp-acl",
+ "aces": {
+ "ace": [
+ {
+ "name": "rule_all",
+ "matches": {
+ "ipv4": {
+ "destination-ipv4-network": "0.0.0.0/0",
+ "source-ipv4-network": "0.0.0.0/0"
+ }
+ },
+ "actions": {
+ "forwarding": "ietf-access-control-list:drop"
+ }
}
- },
- "actions": {
- "deny": ["null"]
- }
+ ]
}
- ]}
- }]
+ }
+ ]
},
}