go.ligato.io/vpp-agent/v3@v3.5.0/tests/robot/suites/crudIPv6/acl_crudIPv6.robot (about) 1 *** Settings *** 2 Library OperatingSystem 3 Library Collections 4 5 Resource ../../variables/${VARIABLES}_variables.robot 6 7 Resource ../../variables/${VARIABLES}_variables.robot 8 9 Resource ../../libraries/vpp_api.robot 10 Resource ../../libraries/vpp_term.robot 11 Resource ../../libraries/docker.robot 12 Resource ../../libraries/setup-teardown.robot 13 Resource ../../libraries/configurations.robot 14 15 Resource ../../libraries/acl/acl_etcd.robot 16 Resource ../../libraries/acl/acl_vpp.robot 17 18 Force Tags crud IPv6 19 Suite Setup Testsuite Setup 20 Suite Teardown Suite Cleanup 21 Test Setup TestSetup 22 Test Teardown TestTeardown 23 24 *** Variables *** 25 ${VARIABLES}= common 26 ${ENV}= common 27 ${ACL1_NAME}= acl1_tcp 28 ${ACL2_NAME}= acl2_tcp 29 ${ACL3_NAME}= acl3_UDP 30 ${ACL4_NAME}= acl4_UDP 31 ${ACL5_NAME}= acl5_ICMP 32 ${ACL6_NAME}= acl6_ICMP 33 ${E_INTF1}= 34 ${I_INTF1}= 35 ${E_INTF2}= 36 ${I_INTF2}= 37 ${ACTION_DENY}= 1 38 ${ACTION_PERMIT}= 2 39 ${DEST_NTW}= fd30:0:0:1::/64 40 ${SRC_NTW}= fd30:0:0:1::/64 41 ${1DEST_PORT_L}= 80 42 ${1DEST_PORT_U}= 1000 43 ${1SRC_PORT_L}= 10 44 ${1SRC_PORT_U}= 2000 45 ${2DEST_PORT_L}= 2000 46 ${2DEST_PORT_U}= 2200 47 ${2SRC_PORT_L}= 20010 48 ${2SRC_PORT_U}= 20020 49 ${TCP_FLAGS_MASK}= 20 50 ${TCP_FLAGS_VALUE}= 10 51 ${ICMP_v6}= true 52 ${ICMP_CODE_L}= 2 53 ${ICMP_CODE_U}= 4 54 ${ICMP_TYPE_L}= 1 55 ${ICMP_TYPE_U}= 3 56 ${WAIT_TIMEOUT}= 20s 57 ${SYNC_SLEEP}= 3s 58 ${NO_ACL}= 59 60 61 *** Test Cases *** 62 Configure Environment 63 [Tags] setup 64 ${DATA_FOLDER}= Catenate SEPARATOR=/ ${CURDIR} ${TEST_DATA_FOLDER} 65 Set Suite Variable ${DATA_FOLDER} 66 Configure Environment 2 acl_basic.conf 67 68 Add ACL1_TCP 69 Put ACL TCP agent_vpp_1 ${ACL1_NAME} 70 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 71 ... ${DEST_NTW} ${SRC_NTW} 72 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 73 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 74 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 75 76 Check ACL1 is created 77 Check ACL TCP agent_vpp_1 ${ACL1_NAME} 78 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 79 ... ${DEST_NTW} ${SRC_NTW} 80 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 81 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 82 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 83 84 Add ACL2_TCP 85 Put ACL TCP agent_vpp_1 ${ACL2_NAME} 86 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 87 ... ${DEST_NTW} ${SRC_NTW} 88 ... ${2DEST_PORT_L} ${2DEST_PORT_U} 89 ... ${2SRC_PORT_L} ${2SRC_PORT_U} 90 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 91 92 Check ACL2 is created and ACL1 still Configured 93 Check ACL TCP agent_vpp_1 ${ACL1_NAME} 94 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 95 ... ${DEST_NTW} ${SRC_NTW} 96 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 97 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 98 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 99 Check ACL TCP agent_vpp_1 ${ACL2_NAME} 100 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 101 ... ${DEST_NTW} ${SRC_NTW} 102 ... ${2DEST_PORT_L} ${2DEST_PORT_U} 103 ... ${2SRC_PORT_L} ${2SRC_PORT_U} 104 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 105 106 Update ACL1 107 Put ACL TCP agent_vpp_1 ${ACL1_NAME} 108 ... ${E_INTF1} ${I_INTF1} ${ACTION_PERMIT} 109 ... ${DEST_NTW} ${SRC_NTW} 110 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 111 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 112 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 113 114 Check ACL1 Is Changed and ACL2 not changed 115 Check ACL TCP agent_vpp_1 ${ACL1_NAME} 116 ... ${E_INTF1} ${I_INTF1} ${ACTION_PERMIT} 117 ... ${DEST_NTW} ${SRC_NTW} 118 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 119 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 120 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 121 Check ACL TCP agent_vpp_1 ${ACL2_NAME} 122 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 123 ... ${DEST_NTW} ${SRC_NTW} 124 ... ${2DEST_PORT_L} ${2DEST_PORT_U} 125 ... ${2SRC_PORT_L} ${2SRC_PORT_U} 126 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 127 128 Delete ACL2 129 Delete ACL agent_vpp_1 ${ACL2_NAME} 130 131 Check ACL2 Is Deleted and ACL1 Is Not Changed 132 Check ACL TCP agent_vpp_1 ${ACL1_NAME} 133 ... ${E_INTF1} ${I_INTF1} ${ACTION_PERMIT} 134 ... ${DEST_NTW} ${SRC_NTW} 135 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 136 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 137 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 138 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 139 ... ACL in VPP should not exist agent_vpp_1 ${ACL2_NAME} 140 141 Delete ACL1 142 Delete ACL agent_vpp_1 ${ACL1_NAME} 143 144 Check ACL1 Is Deleted 145 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 146 ... ACL in VPP should not exist agent_vpp_1 ${ACL1_NAME} 147 148 ADD ACL3_UDP 149 Put ACL UDP agent_vpp_1 ${ACL3_NAME} 150 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 151 ... ${DEST_NTW} ${SRC_NTW} 152 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 153 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 154 155 Check ACL3 Is Created 156 Check ACL UDP agent_vpp_1 ${ACL3_NAME} 157 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 158 ... ${DEST_NTW} ${SRC_NTW} 159 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 160 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 161 162 ADD ACL4_UDP 163 Put ACL UDP agent_vpp_1 ${ACL4_NAME} 164 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 165 ... ${DEST_NTW} ${SRC_NTW} 166 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 167 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 168 169 170 Check ACL4 Is Created And ACL3 Still Configured 171 Check ACL UDP agent_vpp_1 ${ACL4_NAME} 172 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 173 ... ${DEST_NTW} ${SRC_NTW} 174 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 175 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 176 Check ACL UDP agent_vpp_1 ${ACL3_NAME} 177 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 178 ... ${DEST_NTW} ${SRC_NTW} 179 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 180 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 181 182 Delete ACL4 183 Delete ACL agent_vpp_1 ${ACL4_NAME} 184 185 Check ACL4 Is Deleted and ACL3 Is Not Changed 186 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 187 ... ACL in VPP should not exist agent_vpp_1 ${ACL4_NAME} 188 Check ACL UDP agent_vpp_1 ${ACL3_NAME} 189 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 190 ... ${DEST_NTW} ${SRC_NTW} 191 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 192 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 193 194 Delete ACL3 195 Delete ACL agent_vpp_1 ${ACL3_NAME} 196 197 Check ACL3 Is Deleted 198 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 199 ... ACL in VPP should not exist agent_vpp_1 ${ACL3_NAME} 200 201 ADD ACL5_ICMP 202 Put ACL ICMP agent_vpp_1 ${ACL5_NAME} 203 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 204 ... ${DEST_NTW} ${SRC_NTW} 205 ... ${ICMP_v6} 206 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 207 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 208 209 Check ACL5 Is Created 210 Check ACL ICMP agent_vpp_1 ${ACL5_NAME} 211 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 212 ... ${DEST_NTW} ${SRC_NTW} 213 ... ${ICMP_v6} 214 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 215 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 216 217 ADD ACL6_ICMP 218 Put ACL ICMP agent_vpp_1 ${ACL6_NAME} 219 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 220 ... ${DEST_NTW} ${SRC_NTW} 221 ... ${ICMP_v6} 222 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 223 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 224 225 Check ACL6 Is Created And ACL5 Still Configured 226 Check ACL ICMP agent_vpp_1 ${ACL5_NAME} 227 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 228 ... ${DEST_NTW} ${SRC_NTW} 229 ... ${ICMP_v6} 230 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 231 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 232 Check ACL ICMP agent_vpp_1 ${ACL6_NAME} 233 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 234 ... ${DEST_NTW} ${SRC_NTW} 235 ... ${ICMP_v6} 236 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 237 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 238 239 Delete ACL6 240 Delete ACL agent_vpp_1 ${ACL6_NAME} 241 242 Check ACL6 Is Deleted and ACL5 Is Not Changed 243 Check ACL ICMP agent_vpp_1 ${ACL5_NAME} 244 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 245 ... ${DEST_NTW} ${SRC_NTW} 246 ... ${ICMP_v6} 247 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 248 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 249 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 250 ... ACL in VPP should not exist agent_vpp_1 ${ACL6_NAME} 251 252 Delete ACL5 253 Delete ACL agent_vpp_1 ${ACL5_NAME} 254 255 Check ACL5 Is Deleted 256 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 257 ... ACL in VPP should not exist agent_vpp_1 ${ACL5_NAME} 258 259 Add 6 ACLs 260 Put ACL TCP agent_vpp_1 ${ACL1_NAME} 261 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 262 ... ${DEST_NTW} ${SRC_NTW} 263 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 264 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 265 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 266 Put ACL TCP agent_vpp_1 ${ACL2_NAME} 267 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 268 ... ${DEST_NTW} ${SRC_NTW} 269 ... ${2DEST_PORT_L} ${2DEST_PORT_U} 270 ... ${2SRC_PORT_L} ${2SRC_PORT_U} 271 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 272 Put ACL UDP agent_vpp_1 ${ACL3_NAME} 273 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 274 ... ${DEST_NTW} ${SRC_NTW} 275 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 276 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 277 Put ACL UDP agent_vpp_1 ${ACL4_NAME} 278 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 279 ... ${DEST_NTW} ${SRC_NTW} 280 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 281 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 282 Put ACL ICMP agent_vpp_1 ${ACL5_NAME} 283 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 284 ... ${DEST_NTW} ${SRC_NTW} 285 ... ${ICMP_v6} 286 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 287 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 288 Put ACL ICMP agent_vpp_1 ${ACL6_NAME} 289 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 290 ... ${DEST_NTW} ${SRC_NTW} 291 ... ${ICMP_v6} 292 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 293 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 294 295 Check All 6 ACLs Added 296 Check ACL TCP agent_vpp_1 ${ACL1_NAME} 297 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 298 ... ${DEST_NTW} ${SRC_NTW} 299 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 300 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 301 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 302 Check ACL TCP agent_vpp_1 ${ACL2_NAME} 303 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 304 ... ${DEST_NTW} ${SRC_NTW} 305 ... ${2DEST_PORT_L} ${2DEST_PORT_U} 306 ... ${2SRC_PORT_L} ${2SRC_PORT_U} 307 ... ${TCP_FLAGS_MASK} ${TCP_FLAGS_VALUE} 308 Check ACL UDP agent_vpp_1 ${ACL3_NAME} 309 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 310 ... ${DEST_NTW} ${SRC_NTW} 311 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 312 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 313 Check ACL UDP agent_vpp_1 ${ACL4_NAME} 314 ... ${E_INTF1} ${I_INTF1} ${E_INTF2} ${I_INTF2} ${ACTION_DENY} 315 ... ${DEST_NTW} ${SRC_NTW} 316 ... ${1DEST_PORT_L} ${1DEST_PORT_U} 317 ... ${1SRC_PORT_L} ${1SRC_PORT_U} 318 Check ACL ICMP agent_vpp_1 ${ACL5_NAME} 319 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 320 ... ${DEST_NTW} ${SRC_NTW} 321 ... ${ICMP_v6} 322 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 323 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 324 Check ACL ICMP agent_vpp_1 ${ACL6_NAME} 325 ... ${E_INTF1} ${I_INTF1} ${ACTION_DENY} 326 ... ${DEST_NTW} ${SRC_NTW} 327 ... ${ICMP_v6} 328 ... ${ICMP_CODE_L} ${ICMP_CODE_U} 329 ... ${ICMP_TYPE_L} ${ICMP_TYPE_U} 330 331 # TODO: add tests for MACIP case 332 # TODO: test ingress/egress interfaces 333 334 *** Keywords *** 335 336 TestSetup 337 Make Datastore Snapshots ${TEST_NAME}_test_setup 338 339 TestTeardown 340 Make Datastore Snapshots ${TEST_NAME}_test_teardown 341 342 Suite Cleanup 343 Stop SFC Controller Container 344 Testsuite Teardown 345 346 Check ACL TCP 347 [Arguments] ${agent} ${acl_name} 348 ... ${egress_interface} ${ingress_interface} ${acl_action} 349 ... ${destination_network} ${source_network} 350 ... ${destination_port_min} ${destination_port_max} 351 ... ${source_port_min} ${source_port_max} 352 ... ${tcp_flags_mask} ${tcp_flags_value} 353 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 354 ... Check ACL in ETCD - TCP ${agent} ${acl_name} 355 ... ${egress_interface} ${ingress_interface} ${acl_action} 356 ... ${destination_network} ${source_network} 357 ... ${destination_port_min} ${destination_port_max} 358 ... ${source_port_min} ${source_port_max} 359 ... ${tcp_flags_mask} ${tcp_flags_value} 360 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 361 ... Check ACL in VPP - TCP ${agent} ${acl_name} 362 ... ${egress_interface} ${ingress_interface} ${acl_action} 363 ... ${destination_network} ${source_network} 364 ... ${destination_port_min} ${destination_port_max} 365 ... ${source_port_min} ${source_port_max} 366 ... ${tcp_flags_mask} ${tcp_flags_value} 367 368 Check ACL UDP 369 [Arguments] ${agent} ${acl_name} 370 ... ${egress_interface1} ${ingress_interface1} 371 ... ${egress_interface2} ${ingress_interface2} 372 ... ${acl_action} 373 ... ${destination_network} ${source_network} 374 ... ${destination_port_min} ${destination_port_max} 375 ... ${source_port_min} ${source_port_max} 376 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 377 ... Check ACL in ETCD - UDP ${agent} ${acl_name} 378 ... ${egress_interface1} ${ingress_interface1} 379 ... ${egress_interface2} ${ingress_interface2} 380 ... ${acl_action} 381 ... ${destination_network} ${source_network} 382 ... ${destination_port_min} ${destination_port_max} 383 ... ${source_port_min} ${source_port_max} 384 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 385 ... Check ACL in VPP - UDP ${agent} ${acl_name} 386 ... ${egress_interface1} ${ingress_interface1} 387 ... ${egress_interface2} ${ingress_interface2} 388 ... ${acl_action} 389 ... ${destination_network} ${source_network} 390 ... ${destination_port_min} ${destination_port_max} 391 ... ${source_port_min} ${source_port_max} 392 393 Check ACL ICMP 394 [Arguments] ${agent} ${acl_name} 395 ... ${egress_interface} ${ingress_interface} ${acl_action} 396 ... ${destination_network} ${source_network} 397 ... ${icmpv6} 398 ... ${icmp_code_min} ${icmp_code_max} 399 ... ${icmp_type_min} ${icmp_type_max} 400 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 401 ... Check ACL in ETCD - ICMP ${agent} ${acl_name} 402 ... ${egress_interface} ${ingress_interface} ${acl_action} 403 ... ${destination_network} ${source_network} 404 ... ${icmpv6} 405 ... ${icmp_code_min} ${icmp_code_max} 406 ... ${icmp_type_min} ${icmp_type_max} 407 Wait Until Keyword Succeeds ${WAIT_TIMEOUT} ${SYNC_SLEEP} 408 ... Check ACL in VPP - ICMP ${agent} ${acl_name} 409 ... ${egress_interface} ${ingress_interface} ${acl_action} 410 ... ${destination_network} ${source_network} 411 ... ${icmpv6} 412 ... ${icmp_code_min} ${icmp_code_max} 413 ... ${icmp_type_min} ${icmp_type_max}