[acl-loader] modify acl-loader with change in STATE DB ACL capability table (sonic-net#1896)

* [acl-loader] modify acl-loader with change in STATE DB ACL capability table

Signed-off-by: Stepan Blyshchak <[email protected]>

Author: stepanblyschak

acl_loader/main.py

@@ -78,7 +78,8 @@ class AclLoader(object):
     POLICER = "POLICER"
     SESSION_PREFIX = "everflow"
     SWITCH_CAPABILITY_TABLE = "SWITCH_CAPABILITY"
-    ACL_ACTIONS_CAPABILITY_FIELD = "ACL_ACTIONS"
+    ACL_STAGE_CAPABILITY_TABLE = "ACL_STAGE_CAPABILITY_TABLE"
+    ACL_ACTIONS_CAPABILITY_FIELD = "action_list"
     ACL_ACTION_CAPABILITY_FIELD = "ACL_ACTION"
 
     min_priority = 1
@@ -402,16 +403,18 @@ def validate_actions(self, table_name, action_props):
             # Same information should be there in all state DB's
             # as it is static information about switch capability
             namespace_statedb = list(self.per_npu_statedb.values())[0]
-            capability = namespace_statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE))
+            aclcapability = namespace_statedb.get_all(self.statedb.STATE_DB, "{}|{}".format(self.ACL_STAGE_CAPABILITY_TABLE, stage.upper()))
+            switchcapability = namespace_statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE))
         else:
-            capability = self.statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE))
+            aclcapability = self.statedb.get_all(self.statedb.STATE_DB, "{}|{}".format(self.ACL_STAGE_CAPABILITY_TABLE, stage.upper()))
+            switchcapability = self.statedb.get_all(self.statedb.STATE_DB, "{}|switch".format(self.SWITCH_CAPABILITY_TABLE))
         for action_key in dict(action_props):
-            key = "{}|{}".format(self.ACL_ACTIONS_CAPABILITY_FIELD, stage.upper())
-            if key not in capability:
+            action_list_key = self.ACL_ACTIONS_CAPABILITY_FIELD
+            if action_list_key not in aclcapability:
                 del action_props[action_key]
                 continue
 
-            values = capability[key].split(",")
+            values = aclcapability[action_list_key].split(",")
             if action_key.upper() not in values:
                 del action_props[action_key]
                 continue
@@ -420,11 +423,11 @@ def validate_actions(self, table_name, action_props):
                 # Check if action_value is supported
                 action_value = action_props[action_key]
                 key = "{}|{}".format(self.ACL_ACTION_CAPABILITY_FIELD, action_key.upper())
-                if key not in capability:
+                if key not in switchcapability:
                     del action_props[action_key]
                     continue
 
-                if action_value not in capability[key]:
+                if action_value not in switchcapability[key]:
                     del action_props[action_key]
                     continue
 

tests/acl_loader_test.py

@@ -35,7 +35,7 @@ def test_validate_mirror_action(self, acl_loader):
             "mirror_egress_action": "everflow0"
         }
 
-        # switch capability taken from mock_tables/state_db.json SWITCH_CAPABILITY table
+        # switch capability taken from mock_tables/state_db.json ACL_STAGE_CAPABILITY_TABLE table
         assert acl_loader.validate_actions("EVERFLOW", ingress_mirror_rule_props)
         assert not acl_loader.validate_actions("EVERFLOW", egress_mirror_rule_props)
 
@@ -50,7 +50,7 @@ def test_validate_mirror_action(self, acl_loader):
             "PACKET_ACTION": "DROP"
         }
 
-        # switch capability taken from mock_tables/state_db.json SWITCH_CAPABILITY table
+        # switch capability taken from mock_tables/state_db.json ACL_STAGE_CAPABILITY_TABLE table
         assert acl_loader.validate_actions("DATAACL", forward_packet_action)
         assert not acl_loader.validate_actions("DATAACL", drop_packet_action)
 

tests/mock_tables/asic0/state_db.json

@@ -65,10 +65,14 @@
     "SWITCH_CAPABILITY|switch": {
         "MIRROR": "true",
         "MIRRORV6": "true",
-        "ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION",
-        "ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION",
         "ACL_ACTION|PACKET_ACTION": "FORWARD"
     },
+    "ACL_STAGE_CAPABILITY_TABLE|INGRESS": {
+        "action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION"
+    },
+    "ACL_STAGE_CAPABILITY_TABLE|EGRESS": {
+        "action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION"
+    },
     "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": {
         "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]",
         "count": "4"

tests/mock_tables/asic1/state_db.json

@@ -65,10 +65,14 @@
     "SWITCH_CAPABILITY|switch": {
         "MIRROR": "true",
         "MIRRORV6": "true",
-        "ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION",
-        "ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION",
         "ACL_ACTION|PACKET_ACTION": "FORWARD"
     },
+    "ACL_STAGE_CAPABILITY_TABLE|INGRESS": {
+        "action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION"
+    },
+    "ACL_STAGE_CAPABILITY_TABLE|EGRESS": {
+        "action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION"
+    },
     "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": {
         "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]",
         "count": "4"

tests/mock_tables/asic2/state_db.json

@@ -65,10 +65,14 @@
     "SWITCH_CAPABILITY|switch": {
         "MIRROR": "true",
         "MIRRORV6": "true",
-        "ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION",
-        "ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION",
         "ACL_ACTION|PACKET_ACTION": "FORWARD"
     },
+    "ACL_STAGE_CAPABILITY_TABLE|INGRESS": {
+        "action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION"
+    },
+    "ACL_STAGE_CAPABILITY_TABLE|EGRESS": {
+        "action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION"
+    },
     "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": {
         "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]",
         "count": "4"

tests/mock_tables/state_db.json

@@ -286,10 +286,14 @@
         "MIRRORV6": "true",
         "PORT_TPID_CAPABLE": "true",
         "LAG_TPID_CAPABLE": "true",
-        "ACL_ACTIONS|INGRESS": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION",
-        "ACL_ACTIONS|EGRESS": "PACKET_ACTION,MIRROR_EGRESS_ACTION",
         "ACL_ACTION|PACKET_ACTION": "FORWARD"
     },
+    "ACL_STAGE_CAPABILITY_TABLE|INGRESS": {
+        "action_list": "PACKET_ACTION,REDIRECT_ACTION,MIRROR_INGRESS_ACTION"
+    },
+    "ACL_STAGE_CAPABILITY_TABLE|EGRESS": {
+        "action_list": "PACKET_ACTION,MIRROR_EGRESS_ACTION"
+    },
     "DEBUG_COUNTER_CAPABILITIES|PORT_INGRESS_DROPS": {
         "reasons": "[IP_HEADER_ERROR,NO_L3_HEADER]",
         "count": "4"

tests/mock_tables/t1/state_db.json

@@ -6114,17 +6114,31 @@
   }, 
   "SWITCH_CAPABILITY|switch": {
     "expireat": 1602454497.423883, 
-    "ttl": -0.001, 
-    "type": "hash", 
+    "ttl": -0.001,
+    "type": "hash",
     "value": {
-      "ACL_ACTIONS|EGRESS": "PACKET_ACTION", 
-      "ACL_ACTIONS|INGRESS": "PACKET_ACTION,MIRROR_INGRESS_ACTION", 
-      "ACL_ACTION|PACKET_ACTION": "DROP,FORWARD", 
-      "MAX_NEXTHOP_GROUP_COUNT": "512", 
-      "MIRROR": "true", 
-      "MIRRORV6": "true"
+      "MAX_NEXTHOP_GROUP_COUNT": "512",
+      "MIRROR": "true",
+      "MIRRORV6": "true",
+      "PACKET_ACTION": "DROP,FORWARD"
     }
   }, 
+  "ACL_STAGE_CAPABILITY_TABLE|EGRESS": {
+    "expireat": 1602454497.423883,
+    "ttl": -0.001,
+    "type": "hash",
+    "value": {
+      "action_list": "PACKET_ACTION,MIRROR_INGRESS_ACTION"
+    }
+  },
+  "ACL_STAGE_CAPABILITY_TABLE|INGRESS": {
+    "expireat": 1602454497.423883,
+    "ttl": -0.001,
+    "type": "hash",
+    "value": {
+      "action_list": "PACKET_ACTION"
+    }
+  },
   "TRANSCEIVER_DOM_SENSOR|Ethernet0": {
     "expireat": 1602454497.4302251, 
     "ttl": -0.001, 
@@ -7909,4 +7923,4 @@
       "restore_count": "0"
     }
   }
-}
+}