[Mellanox] disable test_secure_upgrade.py on systems who does not support it

[congh-nvidia]

Description of PR

Summary: Test failed for 2 reasons:

1. When assigning value to "output_msg"(line 70), there is no "module_output" key in the err.result, the message needed in the check is in "msg", which is assigned to "err_msg"in line 71.
2. There are 2 letters should be upper case(Failure: CMS signature Verification Failed)

(Pdb) l 69 except RunAnsibleModuleFail as err: 70 output_msg = str(err.results._check_key("module_stdout")) 71 err_msg = str(err.results._check_key("msg")) 72 import pdb 73 pdb.set_trace() 74 -> logger.info("Expected fail, err msg is : {}\n\noutput_msg is {}".format(err_msg, output_msg)) 75 pytest_assert( 76 "Failure: CMS signature Verification Failed" in str(err_msg), 77 "failure was not due to security limitations") 78 finally: 79 pytest_assert(result == "image install failure", "non-secure image was successfully installed") (Pdb) err run module reduce_and_add_sonic_images failed, Ansible Results => {"changed": false, "failed": true, "msg": "Image installation failed: rc=1, out=\nVerifing image SONiC-OS-202211_SPC4_ES2.1-f8737c490_Internal signature...\nVerifying image signature\nFailure: CMS signature Verification Failed: \n\n, err=Warning: 'sonic_installer' command is deprecated and will be removed in the future\nPlease use 'sonic-installer' instead\nError: Failed verify image signature\nAborted!\n"} (Pdb) err.results {'failed': True, 'msg': "Image installation failed: rc=1, out=\nVerifing image SONiC-OS-202211_SPC4_ES2.1-f8737c490_Internal signature...\nVerifying image signature\nFailure: CMS signature Verification Failed: \n\n, err=Warning: 'sonic_installer' command is deprecated and will be removed in the future\nPlease use 'sonic-installer' instead\nError: Failed verify image signature\nAborted!\n", 'invocation': {'module_args': {'new_image_url': 'http://nbu-nfs.mellanox.com/auto/sw_regression/system/SONIC/security/secure_boot/sig_mismatch_image/sonic-mellanox.bin', 'disk_used_pcent': 8, 'required_space': 1600, 'save_as': None}}, '_ansible_no_log': False, 'changed': False} - No key module_stdout in the err.results

And add the skip condition for Nvidia platforms which don't support secure upgrade.

Type of change

• [x] Bug fix
• [ ] Testbed and Framework(new/improvement)
• [ ] Test case(new/improvement)

Back port request

• [ ] 201911
• [ ] 202012
• [ ] 202205
• [ ] 202305
• [x] 202311

Approach

What is the motivation for this PR?

Fix test_secure_upgrade.py test issue

How did you do it?

1. Fix the test by checking the information in "err_msg = str(err.results._check_key("msg"))"
2. Fix the lowercase letters.
3. Add skip condition.

How did you verify/test it?

Run the test on 5600 platform, it passed.

Any platform specific information?

Supported testbed topology if it's a new test case?

Documentation

[mssonicbld]

The pre-commit check detected issues in the files touched by this pull request. The pre-commit check is a mandatory check, please fix detected issues.

Detailed pre-commit check results: trim trailing whitespace.................................................Passed
fix end of files.........................................................Passed
check yaml...............................................................Passed
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Passed
flake8...............................................(no files to check)Skipped
check conditional mark sort..............................................Failed
- hook id: check-conditional-mark-sort
- exit code: 1

The entries in tests/common/plugins/conditional_mark/tests_mark_conditions.yaml tests/common/plugins/conditional_mark/tests_mark_conditions_acl.yaml tests/common/plugins/conditional_mark/tests_mark_conditions_drop_packets.yaml tests/common/plugins/conditional_mark/tests_mark_conditions_platform_tests.yaml are not sorted in alphabetic order.

To run the pre-commit checks locally, you can follow below steps:

1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt docker container.
2. Ensure that the pre-commit package is installed:

sudo pip install pre-commit

3. Go to repository root folder
4. Install the pre-commit hooks:

pre-commit install

5. Use pre-commit to check staged file:

pre-commit

6. Alternatively, you can check committed files using:

pre-commit run --from-ref <commit_id> --to-ref <commit_id>

[mssonicbld]

The pre-commit check detected issues in the files touched by this pull request. The pre-commit check is a mandatory check, please fix detected issues.

Detailed pre-commit check results: trim trailing whitespace.................................................Passed
fix end of files.........................................................Passed
check yaml...............................................................Passed
check for added large files..............................................Passed
check python ast.........................................................Passed
flake8...................................................................Passed
flake8...............................................(no files to check)Skipped
check conditional mark sort..............................................Failed
- hook id: check-conditional-mark-sort
- exit code: 1

The entries in tests/common/plugins/conditional_mark/tests_mark_conditions.yaml tests/common/plugins/conditional_mark/tests_mark_conditions_acl.yaml tests/common/plugins/conditional_mark/tests_mark_conditions_drop_packets.yaml tests/common/plugins/conditional_mark/tests_mark_conditions_platform_tests.yaml are not sorted in alphabetic order.

To run the pre-commit checks locally, you can follow below steps:

1. Ensure that default python is python3. In sonic-mgmt docker container, default python is python2. You can run the check by activating the python3 virtual environment in sonic-mgmt docker container or outside of sonic-mgmt docker container.
2. Ensure that the pre-commit package is installed:

sudo pip install pre-commit

3. Go to repository root folder
4. Install the pre-commit hooks:

pre-commit install

5. Use pre-commit to check staged file:

pre-commit

6. Alternatively, you can check committed files using:

pre-commit run --from-ref <commit_id> --to-ref <commit_id>

[liat-grozovik]

@congh-nvidia can you please handle the conflicts so i can merge ?

[congh-nvidia]

@congh-nvidia can you please handle the conflicts so i can merge ?

Hi @liat-grozovik, the conflict is fixed, waiting for the checkers to pass.

[congh-nvidia]

PR checker failed in test_duplicate_route.py, failure is caused by PR https://github.com/sonic-net/sonic-mgmt/pull/12460, I have left message for the author. Will retrigger the checker after the issue is fixed.

[congh-nvidia]

/azpw run

[mssonicbld]

/AzurePipelines run

[azure-pipelines[bot]]

Azure Pipelines successfully started running 1 pipeline(s).

[congh-nvidia]

/azpw run

[mssonicbld]

/AzurePipelines run

[azure-pipelines[bot]]

Azure Pipelines successfully started running 1 pipeline(s).

[DavidZagury]

This should fix this issue - https://github.com/sonic-net/sonic-buildimage/issues/17153

[congh-nvidia]

Hi @liat-grozovik, the checkers passed, could you please help merged? Thanks.