go.ligato.io/vpp-agent/v3@v3.5.0/tests/robot/suites/crud/acl_crud.robot (about) 1 *** Settings *** 2 Library OperatingSystem 3 Library Collections 4 5 Resource ../../variables/${VARIABLES}_variables.robot 6 7 Resource ../../libraries/vpp_api.robot 8 Resource ../../libraries/vpp_term.robot 9 Resource ../../libraries/docker.robot 10 Resource ../../libraries/setup-teardown.robot 11 Resource ../../libraries/configurations.robot 12 13 Resource ../../libraries/acl/acl_etcd.robot 14 Resource ../../libraries/acl/acl_vpp.robot 15 16 Force Tags crud IPv4 17 Suite Setup Testsuite Setup 18 Suite Teardown Suite Cleanup 19 Test Setup TestSetup 20 Test Teardown TestTeardown 21 22 *** Variables *** 23 ${VARIABLES}= common 24 ${ENV}= common 25 ${ACL1_NAME}= acl1_tcp 26 ${ACL2_NAME}= acl2_tcp 27 ${ACL3_NAME}= acl3_UDP 28 ${ACL4_NAME}= acl4_UDP 29 ${ACL5_NAME}= acl5_ICMP 30 ${ACL6_NAME}= acl6_ICMP 31 ${E_INTF1}= 32 ${I_INTF1}= 33 ${E_INTF2}= 34 ${I_INTF2}= 35 ${ACTION_DENY}= 1 36 ${ACTION_PERMIT}= 2 37 ${DEST_NTW}= 10.0.0.0/32 38 ${SRC_NTW}= 10.0.0.0/32 39 ${1DEST_PORT_L}= 80 40 ${1DEST_PORT_U}= 1000 41 ${1SRC_PORT_L}= 10 42 ${1SRC_PORT_U}= 2000 43 ${2DEST_PORT_L}= 2000 44 ${2DEST_PORT_U}= 2200 45 ${2SRC_PORT_L}= 20010 46 ${2SRC_PORT_U}= 20020 47 ${TCP_FLAGS_MASK}= 20 48 ${TCP_FLAGS_VALUE}= 10 49 ${ICMP_v4}= false 50 ${ICMP_CODE_L}= 2 51 ${ICMP_CODE_U}= 4 52 ${ICMP_TYPE_L}= 1 53 ${ICMP_TYPE_U}= 3 54 ${WAIT_TIMEOUT}= 20s 55 ${SYNC_SLEEP}= 3s 56 ${NO_ACL}= 57 58 59 *** Test Cases *** 60 Configure Environment 61 [Tags] setup 62 ${DATA_FOLDER}= Catenate SEPARATOR=/ ${CURDIR} ${TEST_DATA_FOLDER} 63 Set Suite Variable ${DATA_FOLDER} 64 Configure Environment 2 acl_basic.conf 65 66 Add ACL1_TCP 67 Put ACL TCP agent_vpp_1 ${ACL1_NAME} 68 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 69 ... ${DEST_NTW} ${SRC_NTW} 70 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 71 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 72 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 73 74 Check ACL1 is created 75 Check ACL TCP agent_vpp_1 ${ACL1_NAME} 76 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 77 ... ${DEST_NTW} ${SRC_NTW} 78 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 79 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 80 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 81 82 Add ACL2_TCP 83 Put ACL TCP agent_vpp_1 ${ACL2_NAME} 84 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 85 ... ${DEST_NTW} ${SRC_NTW} 86 ... ${2DEST_PORT_L} ${2DEST_PORT_U} 87 ... ${2SRC_PORT_L} ${2SRC_PORT_U} 88 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 89 90 Check ACL2 is created and ACL1 still Configured 91 Check ACL TCP agent_vpp_1 ${ACL1_NAME} 92 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 93 ... ${DEST_NTW} ${SRC_NTW} 94 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 95 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 96 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 97 Check ACL TCP agent_vpp_1 ${ACL2_NAME} 98 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 99 ... ${DEST_NTW} ${SRC_NTW} 100 ... ${2DEST_PORT_L} ${2DEST_PORT_U} 101 ... ${2SRC_PORT_L} ${2SRC_PORT_U} 102 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 103 104 Update ACL1 105 Put ACL TCP agent_vpp_1 ${ACL1_NAME} 106 ... ${E_INTF1} ${I_INTF1} ${ACTION_PERMIT} 107 ... ${DEST_NTW} ${SRC_NTW} 108 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 109 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 110 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 111 112 Check ACL1 Is Changed and ACL2 not changed 113 Check ACL TCP agent_vpp_1 ${ACL1_NAME} 114 ... ${E_INTF1} ${I_INTF1} ${ACTION_PERMIT} 115 ... ${DEST_NTW} ${SRC_NTW} 116 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 117 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 118 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 119 Check ACL TCP agent_vpp_1 ${ACL2_NAME} 120 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 121 ... ${DEST_NTW} ${SRC_NTW} 122 ... ${2DEST_PORT_L} ${2DEST_PORT_U} 123 ... ${2SRC_PORT_L} ${2SRC_PORT_U} 124 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 125 126 Delete ACL2 127 Delete ACL agent_vpp_1 ${ACL2_NAME} 128 129 Check ACL2 Is Deleted and ACL1 Is Not Changed 130 Check ACL TCP agent_vpp_1 ${ACL1_NAME} 131 ... ${E_INTF1} ${I_INTF1} ${ACTION_PERMIT} 132 ... ${DEST_NTW} ${SRC_NTW} 133 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 134 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 135 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 136 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 137 ... ACL in VPP should not exist agent_vpp_1 ${ACL2_NAME} 138 139 Delete ACL1 140 Delete ACL agent_vpp_1 ${ACL1_NAME} 141 142 Check ACL1 Is Deleted 143 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 144 ... ACL in VPP should not exist agent_vpp_1 ${ACL1_NAME} 145 146 ADD ACL3_UDP 147 Put ACL UDP agent_vpp_1 ${ACL3_NAME} 148 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 149 ... ${DEST_NTW} ${SRC_NTW} 150 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 151 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 152 153 Check ACL3 Is Created 154 Check ACL UDP agent_vpp_1 ${ACL3_NAME} 155 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 156 ... ${DEST_NTW} ${SRC_NTW} 157 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 158 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 159 160 ADD ACL4_UDP 161 Put ACL UDP agent_vpp_1 ${ACL4_NAME} 162 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 163 ... ${DEST_NTW} ${SRC_NTW} 164 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 165 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 166 167 168 Check ACL4 Is Created And ACL3 Still Configured 169 Check ACL UDP agent_vpp_1 ${ACL4_NAME} 170 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 171 ... ${DEST_NTW} ${SRC_NTW} 172 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 173 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 174 Check ACL UDP agent_vpp_1 ${ACL3_NAME} 175 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 176 ... ${DEST_NTW} ${SRC_NTW} 177 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 178 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 179 180 Delete ACL4 181 Delete ACL agent_vpp_1 ${ACL4_NAME} 182 183 Check ACL4 Is Deleted and ACL3 Is Not Changed 184 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 185 ... ACL in VPP should not exist agent_vpp_1 ${ACL4_NAME} 186 Check ACL UDP agent_vpp_1 ${ACL3_NAME} 187 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 188 ... ${DEST_NTW} ${SRC_NTW} 189 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 190 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 191 192 Delete ACL3 193 Delete ACL agent_vpp_1 ${ACL3_NAME} 194 195 Check ACL3 Is Deleted 196 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 197 ... ACL in VPP should not exist agent_vpp_1 ${ACL3_NAME} 198 199 ADD ACL5_ICMP 200 Put ACL ICMP agent_vpp_1 ${ACL5_NAME} 201 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 202 ... ${DEST_NTW} ${SRC_NTW} 203 ... ${ICMP_v4} 204 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 205 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 206 207 Check ACL5 Is Created 208 Check ACL ICMP agent_vpp_1 ${ACL5_NAME} 209 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 210 ... ${DEST_NTW} ${SRC_NTW} 211 ... ${ICMP_v4} 212 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 213 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 214 215 ADD ACL6_ICMP 216 Put ACL ICMP agent_vpp_1 ${ACL6_NAME} 217 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 218 ... ${DEST_NTW} ${SRC_NTW} 219 ... ${ICMP_v4} 220 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 221 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 222 223 Check ACL6 Is Created And ACL5 Still Configured 224 Check ACL ICMP agent_vpp_1 ${ACL5_NAME} 225 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 226 ... ${DEST_NTW} ${SRC_NTW} 227 ... ${ICMP_v4} 228 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 229 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 230 Check ACL ICMP agent_vpp_1 ${ACL6_NAME} 231 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 232 ... ${DEST_NTW} ${SRC_NTW} 233 ... ${ICMP_v4} 234 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 235 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 236 237 Delete ACL6 238 Delete ACL agent_vpp_1 ${ACL6_NAME} 239 240 Check ACL6 Is Deleted and ACL5 Is Not Changed 241 Check ACL ICMP agent_vpp_1 ${ACL5_NAME} 242 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 243 ... ${DEST_NTW} ${SRC_NTW} 244 ... ${ICMP_v4} 245 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 246 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 247 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 248 ... ACL in VPP should not exist agent_vpp_1 ${ACL6_NAME} 249 250 Delete ACL5 251 Delete ACL agent_vpp_1 ${ACL5_NAME} 252 253 Check ACL5 Is Deleted 254 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 255 ... ACL in VPP should not exist agent_vpp_1 ${ACL5_NAME} 256 257 Add 6 ACLs 258 Put ACL TCP agent_vpp_1 ${ACL1_NAME} 259 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 260 ... ${DEST_NTW} ${SRC_NTW} 261 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 262 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 263 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 264 Put ACL TCP agent_vpp_1 ${ACL2_NAME} 265 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 266 ... ${DEST_NTW} ${SRC_NTW} 267 ... ${2DEST_PORT_L} ${2DEST_PORT_U} 268 ... ${2SRC_PORT_L} ${2SRC_PORT_U} 269 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 270 Put ACL UDP agent_vpp_1 ${ACL3_NAME} 271 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 272 ... ${DEST_NTW} ${SRC_NTW} 273 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 274 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 275 Put ACL UDP agent_vpp_1 ${ACL4_NAME} 276 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 277 ... ${DEST_NTW} ${SRC_NTW} 278 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 279 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 280 Put ACL ICMP agent_vpp_1 ${ACL5_NAME} 281 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 282 ... ${DEST_NTW} ${SRC_NTW} 283 ... ${ICMP_v4} 284 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 285 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 286 Put ACL ICMP agent_vpp_1 ${ACL6_NAME} 287 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 288 ... ${DEST_NTW} ${SRC_NTW} 289 ... ${ICMP_v4} 290 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 291 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 292 293 Check All 6 ACLs Added 294 Check ACL TCP agent_vpp_1 ${ACL1_NAME} 295 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 296 ... ${DEST_NTW} ${SRC_NTW} 297 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 298 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 299 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 300 Check ACL TCP agent_vpp_1 ${ACL2_NAME} 301 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 302 ... ${DEST_NTW} ${SRC_NTW} 303 ... ${2DEST_PORT_L} ${2DEST_PORT_U} 304 ... ${2SRC_PORT_L} ${2SRC_PORT_U} 305 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 306 Check ACL UDP agent_vpp_1 ${ACL3_NAME} 307 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 308 ... ${DEST_NTW} ${SRC_NTW} 309 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 310 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 311 Check ACL UDP agent_vpp_1 ${ACL4_NAME} 312 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 313 ... ${DEST_NTW} ${SRC_NTW} 314 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 315 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 316 Check ACL ICMP agent_vpp_1 ${ACL5_NAME} 317 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 318 ... ${DEST_NTW} ${SRC_NTW} 319 ... ${ICMP_v4} 320 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 321 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 322 Check ACL ICMP agent_vpp_1 ${ACL6_NAME} 323 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 324 ... ${DEST_NTW} ${SRC_NTW} 325 ... ${ICMP_v4} 326 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 327 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 328 329 # TODO: add tests for MACIP case 330 # TODO: test ingress/egress interfaces 331 332 *** Keywords *** 333 334 TestSetup 335 Make Datastore Snapshots ${TEST_NAME}_test_setup 336 337 TestTeardown 338 Make Datastore Snapshots ${TEST_NAME}_test_teardown 339 340 Suite Cleanup 341 Stop SFC Controller Container 342 Testsuite Teardown 343 344 Check ACL TCP 345 [Arguments] ${agent} ${acl_name} 346 ... ${egress_interface} ${ingress_interface} ${acl_action} 347 ... ${destination_network} ${source_network} 348 ... ${destination_port_min} ${destination_port_max} 349 ... ${source_port_min} ${source_port_max} 350 ... ${tcp_flags_mask} ${tcp_flags_value} 351 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 352 ... Check ACL in ETCD - TCP ${agent} ${acl_name} 353 ... ${egress_interface} ${ingress_interface} ${acl_action} 354 ... ${destination_network} ${source_network} 355 ... ${destination_port_min} ${destination_port_max} 356 ... ${source_port_min} ${source_port_max} 357 ... ${tcp_flags_mask} ${tcp_flags_value} 358 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 359 ... Check ACL in VPP - TCP ${agent} ${acl_name} 360 ... ${egress_interface} ${ingress_interface} ${acl_action} 361 ... ${destination_network} ${source_network} 362 ... ${destination_port_min} ${destination_port_max} 363 ... ${source_port_min} ${source_port_max} 364 ... ${tcp_flags_mask} ${tcp_flags_value} 365 366 Check ACL UDP 367 [Arguments] ${agent} ${acl_name} 368 ... ${egress_interface1} ${ingress_interface1} 369 ... ${egress_interface2} ${ingress_interface2} 370 ... ${acl_action} 371 ... ${destination_network} ${source_network} 372 ... ${destination_port_min} ${destination_port_max} 373 ... ${source_port_min} ${source_port_max} 374 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 375 ... Check ACL in ETCD - UDP ${agent} ${acl_name} 376 ... ${egress_interface1} ${ingress_interface1} 377 ... ${egress_interface2} ${ingress_interface2} 378 ... ${acl_action} 379 ... ${destination_network} ${source_network} 380 ... ${destination_port_min} ${destination_port_max} 381 ... ${source_port_min} ${source_port_max} 382 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 383 ... Check ACL in VPP - UDP ${agent} ${acl_name} 384 ... ${egress_interface1} ${ingress_interface1} 385 ... ${egress_interface2} ${ingress_interface2} 386 ... ${acl_action} 387 ... ${destination_network} ${source_network} 388 ... ${destination_port_min} ${destination_port_max} 389 ... ${source_port_min} ${source_port_max} 390 391 Check ACL ICMP 392 [Arguments] ${agent} ${acl_name} 393 ... ${egress_interface} ${ingress_interface} ${acl_action} 394 ... ${destination_network} ${source_network} 395 ... ${icmpv6} 396 ... ${icmp_code_min} ${icmp_code_max} 397 ... ${icmp_type_min} ${icmp_type_max} 398 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 399 ... Check ACL in ETCD - ICMP ${agent} ${acl_name} 400 ... ${egress_interface} ${ingress_interface} ${acl_action} 401 ... ${destination_network} ${source_network} 402 ... ${icmpv6} 403 ... ${icmp_code_min} ${icmp_code_max} 404 ... ${icmp_type_min} ${icmp_type_max} 405 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 406 ... Check ACL in VPP - ICMP ${agent} ${acl_name} 407 ... ${egress_interface} ${ingress_interface} ${acl_action} 408 ... ${destination_network} ${source_network} 409 ... ${icmpv6} 410 ... ${icmp_code_min} ${icmp_code_max} 411 ... ${icmp_type_min} ${icmp_type_max}