From 5d2ce55a8641a030ec6984089c51aa9313f46af1 Mon Sep 17 00:00:00 2001
From: selias <samelias@cisco.com>
Date: Tue, 12 Jul 2016 16:19:05 +0200
Subject: CSIT-49: HC Test: Policy - security groups

 - add test suite for ACLs
 - add keywords used in tests
 - add resource file with variables used in ACL tests
 - add methods and VAT templates for reading VPP ACL data

Change-Id: I98c78bfbce67309ae33ebb05c04640f5029bf4e2
Signed-off-by: selias <samelias@cisco.com>
---
 .../honeycomb/080_access_control_lists.robot       | 146 +++++++++++++++++++++
 tests/suites/honeycomb/resources/acl.py            |  82 ++++++++++++
 2 files changed, 228 insertions(+)
 create mode 100644 tests/suites/honeycomb/080_access_control_lists.robot
 create mode 100644 tests/suites/honeycomb/resources/acl.py

(limited to 'tests')

diff --git a/tests/suites/honeycomb/080_access_control_lists.robot b/tests/suites/honeycomb/080_access_control_lists.robot
new file mode 100644
index 0000000000..84dc42ee75
--- /dev/null
+++ b/tests/suites/honeycomb/080_access_control_lists.robot
@@ -0,0 +1,146 @@
+# Copyright (c) 2016 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*** Variables***
+# Interface to run tests on.
+| ${interface}= | ${node['interfaces']['port1']['name']}
+
+*** Settings ***
+| Resource | resources/libraries/robot/default.robot
+| Resource | resources/libraries/robot/honeycomb/access_control_lists.robot
+| Variables | tests/suites/honeycomb/resources/acl.py
+| Suite Teardown | Clear all ACL settings | ${node}
+| Documentation | *Honeycomb access control lists test suite.*
+| Force Tags | Honeycomb_sanity
+
+*** Test Cases ***
+| Honeycomb can create ACL classify table
+| | [Documentation] | Check if Honeycomb API can create an ACL table.
+| | Given ACL table from Honeycomb should not exist
+| | ... | ${node} | ${hc_acl_table['name']}
+| | And ACL table from VAT should not exist
+| | ... | ${node} | ${table_index}
+| | When Honeycomb creates ACL table
+| | ... | ${node} | ${hc_acl_table}
+| | Then ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+
+| Honeycomb manages more than one ACL table
+| | [Documentation] | Check if Honeycomb API can create another ACL table.
+| | Given ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+| | And Honeycomb creates ACL table | ${node} | ${hc_acl_table2}
+| | Then ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+| | And ACL table from Honeycomb should be | ${node} | ${hc_acl_table2}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index2} | ${vat_acl_table2}
+
+| Honeycomb can add ACL session to table
+| | [Documentation] | Check if Honeycomb API can add an ACL session to a table.
+| | Given ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+| | When Honeycomb adds ACL session
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | Then ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session}
+
+| Honeycomb manages more than one ACL session on one table
+| | [Documentation] | Check if Honeycomb API can add another ACL session\
+| | ... | to a table.
+| | Given ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session}
+| | When Honeycomb adds ACL session
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2}
+| | Then ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session}
+| | And ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index2} | ${vat_acl_session2}
+
+| Honeycomb enables ACL on interface
+| | [Documentation] | Check if Honeycomb API can enable ACL on an interface.
+| | Given ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+| | And ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session}
+| | When Honeycomb enables ACL on interface
+| | ... | ${node} | ${interface} | ${hc_acl_table['name']}
+| | Then Interface ACL settings from Honeycomb should be
+| | ... | ${node} | ${interface} | ${hc_acl_table['name']}
+| | And Interface ACL settings from VAT should be
+| | ... | ${node} | ${interface} | ${table_index}
+
+| Honeycomb disables ACL on interface
+| | [Documentation] | Check if Honeycomb API can disable ACL on an interface.
+| | Given Interface ACL settings from Honeycomb should be
+| | ... | ${node} | ${interface} | ${hc_acl_table['name']}
+| | And Interface ACL settings from VAT should be
+| | ... | ${node} | ${interface} | ${table_index}
+| | When Honeycomb disables ACL on interface | ${node} | ${interface}
+| | Then Interface ACL settings from Honeycomb should be empty
+| | ... | ${node} | ${interface}
+| | And Interface ACL settings from VAT should be empty
+| | ... | ${node} | ${interface}
+
+| Honeycomb can remove ACL session
+| | [Documentation] | Check if Honeycomb API can remove an ACL session.
+| | Given ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session}
+| | And ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index2} | ${vat_acl_session2}
+| | When Honeycomb removes ACL session
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2['match']}
+| | Then ACL session from Honeycomb should be
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session}
+| | And ACL session from VAT should be
+| | ... | ${node} | ${table_index} | ${session_index} | ${vat_acl_session}
+| | And ACL session from Honeycomb should not exist
+| | ... | ${node} | ${hc_acl_table['name']} | ${hc_acl_session2['match']}
+| | And ACL session from VAT should not exist
+| | ... | ${node} | ${table_index} | ${session_index2}
+
+| Honeycomb can remove ACL table
+| | [Documentation] | Check if Honeycomb API can delete an ACL table.
+| | Given ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+| | And ACL table from Honeycomb should be | ${node} | ${hc_acl_table2}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index2} | ${vat_acl_table2}
+| | When Honeycomb removes ACL table | ${node} | ${hc_acl_table2['name']}
+| | Then ACL table from Honeycomb should be | ${node} | ${hc_acl_table}
+| | And ACL table from VAT should be
+| | ... | ${node} | ${table_index} | ${vat_acl_table}
+| | And ACL table from Honeycomb should not exist
+| | ... | ${node} | ${hc_acl_table2['name']}
+| | And ACL table from VAT should not exist
+| | ... | ${node} | ${table_index2}
diff --git a/tests/suites/honeycomb/resources/acl.py b/tests/suites/honeycomb/resources/acl.py
new file mode 100644
index 0000000000..227330c2a9
--- /dev/null
+++ b/tests/suites/honeycomb/resources/acl.py
@@ -0,0 +1,82 @@
+# Copyright (c) 2016 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Test variables for access control list test suite."""
+
+# settings for acl tables
+hc_acl_table = {
+    "name": "acl_table_test",
+    "nbuckets": 1,
+    "memory_size": 100000,
+    "skip_n_vectors": 0,
+    "miss_next": "permit",
+    "mask": "00:00:00:00:00:00:ff:ff:ff:ff:ff:ff:00:00:00:00"
+}
+
+hc_acl_table2 = {
+    "name": "acl_table_test2",
+    "nbuckets": 2,
+    "memory_size": 100000,
+    "skip_n_vectors": 1,
+    "next_table": "acl_table_test",
+    "miss_next": "deny",
+    "mask": "ff:ff:ff:00:00:00:ff:ff:ff:ff:ff:ff:00:00:00:00"
+}
+# representation of table settings in VAT
+table_index = 0
+vat_acl_table = {
+    "nbuckets": hc_acl_table['nbuckets'],
+    "skip": 0,
+    "match": 1,
+    "nextnode": -1,
+    "nexttbl": -1,
+    "mask": hc_acl_table['mask'].replace(":", ""),
+}
+table_index2 = 1
+vat_acl_table2 = {
+    "nbuckets": hc_acl_table2['nbuckets'],
+    "skip": 1,
+    "match": 1,
+    "nextnode": 0,
+    "nexttbl": table_index,
+    "mask": hc_acl_table2['mask'].replace(":", ""),
+}
+# setting for acl sessions
+hc_acl_session = {
+    "match": "00:00:00:00:00:00:01:02:03:04:05:06:00:00:00:00",
+    "hit_next": "permit",
+    "opaque_index": "1",
+    "advance": 1
+}
+
+hc_acl_session2 = {
+    "match": "00:00:00:00:00:00:06:05:04:03:02:01:00:00:00:00",
+    "hit_next": "deny",
+    "opaque_index": "2",
+    "advance": 1
+}
+# representation of session settings in VAT
+session_index = 0
+vat_acl_session = {
+    "match": hc_acl_session['match'].replace(":", ""),
+    "advance": hc_acl_session['advance'],
+    "opaque": 1,
+    "next_index": -1
+}
+session_index2 = 1
+vat_acl_session2 = {
+    "match": hc_acl_session2['match'].replace(":", ""),
+    "advance": hc_acl_session2['advance'],
+    "opaque": 2,
+    "next_index": session_index
+}
-- 
cgit 1.2.3-korg