def erspan_post_config(): """ Author: Lakshminarayana D ([email protected]) Using this post config at module level. So, applicable for all test cases which includes in this module. :return: None """ # Unconfig ip address on DUT-1 for port, ip_addr, in zip(data.port_list_d1, data.ip_list_d1): ip.delete_ip_interface(vars.D1, port, ip_addr, data.subnet_mask) # Unconfig ip address on DUT-2 for port, ip_addr in zip(data.port_list_d2, data.ip_list_d2): ip.delete_ip_interface(vars.D2, port, ip_addr, data.subnet_mask) # Unconfig static route _, network = ip.get_network_addr("{}/{}".format(data.ip_T1D2P1, data.subnet_mask)) ip.delete_static_route(vars.D1, data.ip_D2D1P1, network) _, network = ip.get_network_addr("{}/{}".format(data.ip_T1D1P1, data.subnet_mask)) ip.delete_static_route(vars.D2, data.ip_D1D2P1, network) # Unconfig mirror session mirror.delete_session(vars.D1, data.session_name) # Unconfig acl rule acl_dscp.config_classifier_table(dut=vars.D1, enable="del", class_name=data.acl_rule) # Unconfig acl table acl_dscp.config_service_policy_table(dut=vars.D1, policy_kind='unbind', interface_name=vars.D1T1P1, stage='in', service_policy_name=data.acl_table_name, policy_type=data.type) acl_dscp.config_service_policy_table(dut=vars.D1, policy_kind='unbind', interface_name=vars.D1T1P2, stage='in', service_policy_name=data.acl_table_name, policy_type=data.type) acl_dscp.config_policy_table(dut=vars.D1, enable='del', policy_name=data.acl_table_name) acl.delete_acl_table(vars.D1, acl_table_name="L3_IPV6_INGRESS", acl_type="L3V6")
def ssh_module_hooks(request): global vars vars = st.ensure_min_topology("D1D2:2") initialize_variables() ssh_module_prolog() config_ip_address() enable_sshv6(vars.D1) yield config_ip_address(oper='remove') acl_obj.delete_acl_table(vars.D1) disable_sshv6(vars.D1) snmp_config(config='remove')
def delete_ACLtable_scale(dut, **kwargs): """ Author: delete_ACLtable_scale(dut=dut1,max_acl=10,acl_name='ACL') :return: """ result = True if 'max_acl' in kwargs: max_acl = kwargs['max_acl'] else: max_acl = 1 if 'acl_name' in kwargs: acl_name = kwargs['acl_name'] else: st.log('Mandatory parameter aclName is not found') return False st.log('Deleting ACL tables ') for i in range(max_acl): acl_obj.delete_acl_table(dut=dut, acl_table_name=acl_name + str(i)) return result
def test_ft_ssh_add_user_verify(): """ Author : Prudvi Mangadu ([email protected]) """ user_ssh = 0 acl_sshv4 = 0 acl_sshv6 = 0 acl_snmp = 0 if not snmp_config(config='add'): acl_snmp = +1 ipaddress = st.get_mgmt_ip(vars.D1) if not ipaddress: st.report_env_fail("ip_verification_fail") snmp_cmd = "snmpget -Oqv -v 2c -c {} {} {}".format(ssh_data.ro_community, ipaddress, ssh_data.oid_sysName) out = config_nondefault_user() if not out: user_ssh = +1 st.log("connecting to device with username={},password={}".format( ssh_data.usr_default, ssh_data.pwd_final)) if not st.exec_ssh(vars.D1, ssh_data.usr_default, ssh_data.pwd_final, ssh_data.commands_to_verify): st.error('Cannot SSH into Device with default credentials') user_ssh = +1 st.log('connecting to device with username={},password={}'.format( ssh_data.usr_non_default, ssh_data.pwd_non_default)) if not st.exec_ssh(vars.D1, ssh_data.usr_non_default, ssh_data.pwd_non_default, ssh_data.commands_to_verify): st.error('Cannot SSH into Device with non-default credentials') user_ssh = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P2, ssh_data.usr_default, ssh_data.pwd_final) if not output: user_ssh = +1 IPAddr = ensure_service_params(vars.D1, "snmptrap", "ip") + "/32" change_acl_rules(acl_data.acl_json_config_control_plane, "SNMP_ACL|RULE_1", "SRC_IP", IPAddr) change_acl_rules(acl_data.acl_json_config_control_plane, "SSH_ONLY|RULE_1", "SRC_IP", IPAddr) change_acl_rules(acl_data.acl_json_config_control_plane, "SSH_ONLY|RULE_2", "SRC_IP", ssh_data.ipv4_network) change_acl_rules(acl_data.acl_json_config_control_plane, "V6_SSH_ONLY|RULE_1", "SRC_IPV6", ssh_data.ipv6_network_D1) acl_config = acl_data.acl_json_config_control_plane st.log("ACL_DATA: {}".format(acl_config)) apply_acl_config(vars.D1, acl_config) acl_obj.show_acl_table(vars.D1) acl_obj.show_acl_rule(vars.D1) if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SNMP_ACL", "RULE_1"): st.error("Failed to create ACL rule '{}' ".format("SNMP_ACL")) acl_snmp = +1 if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SSH_ONLY", "RULE_1"): st.error("Failed to create ACL rule '{}' ".format("SSH_ONLY")) acl_sshv4 = +1 if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "V6_SSH_ONLY", "RULE_1"): st.error("Failed to create ACL rule '{}' ".format("V6_SSH_ONLY")) acl_sshv6 = +1 hostname = basic_obj.get_hostname(vars.D1) st.log("HOSTNAME: {}".format(hostname)) snmp_out = execute_command(ssh_conn_obj, snmp_cmd) if hostname not in snmp_out: acl_snmp = +1 st.log("connecting to device with default username={},password={}".format( ssh_data.usr_default, ssh_data.pwd_final)) output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P2, ssh_data.usr_default, ssh_data.pwd_final) if output: acl_sshv4 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P2, ssh_data.usr_default, ssh_data.pwd_final) if output: acl_sshv6 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P1, ssh_data.usr_default, ssh_data.pwd_final) if not output: acl_sshv4 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P1, ssh_data.usr_default, ssh_data.pwd_final) if not output: acl_sshv6 = +1 st.log( "connecting to device with non default username={},password={}".format( ssh_data.usr_non_default, ssh_data.pwd_non_default)) output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P1, ssh_data.usr_non_default, ssh_data.pwd_non_default) if not output: acl_sshv4 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P1, ssh_data.usr_non_default, ssh_data.pwd_non_default) if not output: acl_sshv6 = +1 config_save(vars.D1) st.log('rebooting the device.') st.reboot(vars.D1, 'fast') acl_obj.show_acl_table(vars.D1) acl_obj.show_acl_rule(vars.D1) if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SSH_ONLY", "RULE_1"): st.log("Failed to create ACL rule '{}' ".format("SSH_ONLY")) acl_sshv4 = +1 if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "V6_SSH_ONLY", "RULE_1"): st.log("Failed to create ACL rule '{}' ".format("V6_SSH_ONLY")) acl_sshv4 = +1 if not poll_wait(acl_obj.verify_acl_table_rule, 5, vars.D1, "SNMP_ACL", "RULE_1"): st.error("Failed to create ACL rule '{}' ".format("SNMP_ACL")) acl_snmp = +1 hostname = basic_obj.get_hostname(vars.D1) snmp_out = execute_command(ssh_conn_obj, snmp_cmd) if hostname not in snmp_out: acl_snmp = +1 ''' change_acl_rules(acl_data.acl_json_config_control_plane, "SNMP_ACL|RULE_1", "SRC_IP", "2.2.2.2/24") acl_config = acl_data.acl_json_config_control_plane apply_acl_config(vars.D1, acl_config) acl_obj.show_acl_rule(vars.D1) snmp_out = execute_command(ssh_conn_obj, snmp_cmd) if "Timeout" not in snmp_out: acl_snmp = + 1 ''' st.log("connecting to device with default username={},password={}".format( ssh_data.usr_default, ssh_data.pwd_final)) output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P2, ssh_data.usr_default, ssh_data.pwd_final) if output: acl_sshv4 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P2, ssh_data.usr_default, ssh_data.pwd_final) if output: acl_sshv6 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv4_address_D1D2P1, ssh_data.usr_default, ssh_data.pwd_final) if not output: acl_sshv4 = +1 output = verify_ssh_connection(vars.D2, ssh_data.ipv6_address_D1D2P1, ssh_data.usr_default, ssh_data.pwd_final) if not output: acl_sshv6 = +1 if acl_sshv4: st.report_tc_fail("test_ft_controlplane_acl_service_sshv4", "ssh_failed", "with control plane ACL service SSHv4 after reboot") else: st.report_tc_pass("test_ft_controlplane_acl_service_sshv4", "ssh_failed", "with control plane ACL service SSHv4 after reboot") if acl_sshv6: st.report_tc_fail("test_ft_controlplane_acl_service_sshv6", "ssh_failed", "with control plane ACL service SSHv6 after reboot") else: st.report_tc_pass("test_ft_controlplane_acl_service_sshv6", "ssh_failed", "with control plane ACL service SSHv6 after reboot") if acl_snmp: st.report_tc_fail("test_ft_controlplane_acl_service_snmp", "snmp_output_failed", "with control plane ACL service SNMP after reboot") else: st.report_tc_pass("test_ft_controlplane_acl_service_snmp", "snmp_output_failed", "with control plane ACL service SNMP after reboot") acl_obj.delete_acl_table(vars.D1) if acl_sshv4 or acl_sshv6 or acl_snmp: st.generate_tech_support(vars.D1, "controlplane_acl_services_after_reboot") st.log("connecting to device with username={},password={}".format( ssh_data.usr_default, ssh_data.pwd_final)) if not st.exec_ssh(vars.D1, ssh_data.usr_default, ssh_data.pwd_final, ssh_data.commands_to_verify): st.error( 'Cannot SSH into Device with default credentials after reboot') user_ssh = +1 st.log('connecting to device with username={},password={}'.format( ssh_data.usr_non_default, ssh_data.pwd_non_default)) if not st.exec_ssh(vars.D1, ssh_data.usr_non_default, ssh_data.pwd_non_default, ssh_data.commands_to_verify): st.error( 'Cannot SSH into Device with non-default credentials after reboot') user_ssh = +1 config_nondefault_user(config='remove') if user_ssh: st.report_fail("ssh_failed") st.report_pass("test_case_passed")
def crm_acl_unconfig(data=[]): acl_obj.show_ip_access_list(data.D1) tables = ["ACL_TABLE0", "ACL_TABLE1"] for table in tables: acl_obj.delete_acl_table(data.D1, acl_table_name=table, acl_type='ip') acl_obj.show_ip_access_list(data.D1)
def test_fuctPBR_02(): global description global descriptionv6 global vars vars = st.get_testbed_vars() final_result = True description = 'IPv4_ACL_redirect_NH' descriptionv6 = 'IPv6_ACL_redirect_NH' st.log( 'This test covers StSoSeConf014 StSoSeConf015 StSoSeVer014 StSoSeVer015' ) st.log('creating IPv4 static route') ipfeature.create_static_route(dut1, static_ip=srpIP, next_hop=nextHop_ip, shell='') ipfeature.create_static_route(dut1, static_ip=srpIPv6, next_hop=nextHop_ipv6, shell='', family='ipv6') st.log( 'creating IPv4 ACL table and binding to the ports in Ingress direction' ) acl_obj.create_acl_table(dut1, name=acl_table_name, stage=stage, type=type, description=description, ports=[r1_tg_ports1]) acl_obj.create_acl_table(dut1, name=acl_table_namev6, stage=stage, type=typev6, description=descriptionv6, ports=[r1_tg_ports1]) st.log( 'Creating ACL rules with src_ip dst_ip port and action as forward drop' ) acl_obj.create_acl_rule(dut1, table_name=acl_table_name, rule_name=rule_list[0], priority=priority_list[0], packet_action=pktAction + nextHop_ip + '|' + r1_tg_ports2, SRC_IP="{}/{}".format(srpIP, maskACL), DST_IP="{}/{}".format(dstIP, maskACL)) acl_obj.create_acl_rule(dut1, table_name=acl_table_name, rule_name=rule_list[9], priority=priority_list[9], packet_action='drop', IP_TYPE='ipv4any') acl_obj.create_acl_rule(dut1, table_name=acl_table_namev6, rule_name=rule_list[0], priority=priority_list[0], packet_action=pktAction + nextHop_ipv6 + '|' + r1_tg_ports2, SRC_IPV6="{}/{}".format(srpIPv6, '128'), DST_IPV6="{}/{}".format(dstIPv6, '128')) acl_obj.create_acl_rule(dut1, table_name=acl_table_namev6, rule_name=rule_list[9], priority=priority_list[9], packet_action='drop', IP_TYPE='ipv6any') #acl_obj.create_acl_rule(dut1, table_name=acl_table_name, rule_name=rule_list[0],priority=priority_list[0], packet_action=pktAction+nextHop_ip+'|'+r1_tg_ports2, SRC_IP="{}/{}".format(srpIP, maskACL),DST_IP="{}/{}".format(dstIP, maskACL)) start_stop_traffic(tg1, tg2, tg_dut1_p1_handle, tg_dut1_p2_handle) traffic_details = { '1': { 'tx_ports': [vars.T1D1P1], 'tx_obj': [tg1], 'exp_ratio': [[1, 0, 1, 0]], 'rx_ports': [vars.T1D1P2], 'rx_obj': [tg2], 'stream_list': [[stream_id1, stream_id2, stream_id3, stream_id4]] } } test1 = tgapi.validate_tgen_traffic(traffic_details=traffic_details, mode='streamblock', comp_type='packet_count') if test1 is False: st.error("Traffic Verification Failed") final_result = False t1 = acl_obj.verify_acl_stats(dut1, table_name=acl_table_name, rule_name=rule_list[0], packet_count=expCount) t2 = acl_obj.verify_acl_stats(dut1, table_name=acl_table_name, rule_name=rule_list[9], packet_count=expCount) t3 = acl_obj.verify_acl_stats(dut1, table_name=acl_table_namev6, rule_name=rule_list[0], packet_count=expCount) t4 = acl_obj.verify_acl_stats(dut1, table_name=acl_table_namev6, rule_name=rule_list[9], packet_count=int(expCount) + 16) if False in list(set([t1, t2, t3, t4])): tc = [t1, t2, t3, t4].index(False) print("TC failed for rule : " + str((tc + 1))) st.error("ACL stats validation Failed") final_result = False else: st.log('ACL stats validation Passed') st.log('Deleting IPv4/v6 static route') ipfeature.delete_static_route(dut1, static_ip=srpIP, next_hop=nextHop_ip, shell='') ipfeature.delete_static_route(dut1, static_ip=srpIPv6, next_hop=nextHop_ipv6, shell='', family='ipv6') st.log('Removing the ACL table config') acl_obj.delete_acl_table(dut=dut1, acl_table_name=acl_table_name) acl_obj.delete_acl_table(dut=dut1, acl_table_name=acl_table_namev6) if final_result: st.log( "PBR-Test:Validation of PBR REDIRECT_TO_Next-Hop interface Passed") st.report_pass('test_case_passed') else: st.error( "PBR-Test : Validation of PBR REDIRECT_TO_Next-Hop interface failed" ) st.report_fail('test_case_failed')