Skip to content

Commit

Permalink
[AclOrch] add validation for check CRM (sonic-net#1082)
Browse files Browse the repository at this point in the history
  • Loading branch information
chaoskao authored and lguohan committed Jan 30, 2020
1 parent 1cedf6b commit e3af8ff
Showing 1 changed file with 62 additions and 7 deletions.
69 changes: 62 additions & 7 deletions tests/mock_tests/aclorch_ut.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -628,16 +628,71 @@ namespace aclorch_test
// consistency validation with CRM
bool validateResourceCountWithCrm(const AclOrch *aclOrch, CrmOrch *crmOrch)
{
auto resourceMap = Portal::CrmOrchInternal::getResourceMap(crmOrch);
auto ifpPortKey = Portal::CrmOrchInternal::getCrmAclKey(crmOrch, SAI_ACL_STAGE_INGRESS, SAI_ACL_BIND_POINT_TYPE_PORT);
auto efpPortKey = Portal::CrmOrchInternal::getCrmAclKey(crmOrch, SAI_ACL_STAGE_EGRESS, SAI_ACL_BIND_POINT_TYPE_PORT);
// Verify ACL Tables
auto const &resourceMap = Portal::CrmOrchInternal::getResourceMap(crmOrch);
uint32_t crm_acl_table_cnt = 0;
for (auto const &kv : resourceMap.at(CrmResourceType::CRM_ACL_TABLE).countersMap)
{
crm_acl_table_cnt += kv.second.usedCounter;
}

if (crm_acl_table_cnt != Portal::AclOrchInternal::getAclTables(aclOrch).size())
{
ADD_FAILURE() << "ACL table size is not consistent between CrmOrch (" << crm_acl_table_cnt
<< ") and AclOrch " << Portal::AclOrchInternal::getAclTables(aclOrch).size();
return false;
}


// Verify ACL Rules
//
// for each CRM_ACL_ENTRY and CRM_ACL_COUNTER's entry => the ACL TABLE should exist
//
for (auto acl_entry_or_counter : { CrmResourceType::CRM_ACL_ENTRY, CrmResourceType::CRM_ACL_COUNTER })
{
auto const &resourceMap = Portal::CrmOrchInternal::getResourceMap(crmOrch);
for (auto const &kv : resourceMap.at(acl_entry_or_counter).countersMap)
{
auto acl_oid = kv.second.id;

auto ifpPortAclTableCount = resourceMap.at(CrmResourceType::CRM_ACL_TABLE).countersMap[ifpPortKey].usedCounter;
auto efpPortAclTableCount = resourceMap.at(CrmResourceType::CRM_ACL_TABLE).countersMap[efpPortKey].usedCounter;
const auto &aclTables = Portal::AclOrchInternal::getAclTables(aclOrch);
if (aclTables.find(acl_oid) == aclTables.end())
{
ADD_FAILURE() << "Can't find ACL '" << sai_serialize_object_id(acl_oid) << "' in AclOrch";
return false;
}

if (kv.second.usedCounter != aclTables.at(acl_oid).rules.size())
{
ADD_FAILURE() << "CRM usedCounter (" << kv.second.usedCounter
<< ") is not equal rule in ACL (" << aclTables.at(acl_oid).rules.size() << ")";
return false;
}
}
}

return ifpPortAclTableCount + efpPortAclTableCount == Portal::AclOrchInternal::getAclTables(aclOrch).size();
//
// for each ACL TABLE with rule count larger than one => it shoule exist a corresponding entry in CRM_ACL_ENTRY and CRM_ACL_COUNTER
//
for (const auto &kv : Portal::AclOrchInternal::getAclTables(aclOrch))
{
if (0 < kv.second.rules.size())
{
auto key = Portal::CrmOrchInternal::getCrmAclTableKey(crmOrch, kv.first);
for (auto acl_entry_or_counter : { CrmResourceType::CRM_ACL_ENTRY, CrmResourceType::CRM_ACL_COUNTER })
{
const auto &cntMap = Portal::CrmOrchInternal::getResourceMap(crmOrch).at(acl_entry_or_counter).countersMap;
if (cntMap.find(key) == cntMap.end())
{
ADD_FAILURE() << "Can't find ACL (" << sai_serialize_object_id(kv.first)
<< ") in " << (acl_entry_or_counter == CrmResourceType::CRM_ACL_ENTRY ? "CrmResourceType::CRM_ACL_ENTRY" : "CrmResourceType::CRM_ACL_COUNTER");
return false;
}
}
}
}

// TODO: add rule check
return true;
}

// leakage check
Expand Down

0 comments on commit e3af8ff

Please sign in to comment.