sonic-utilities icon indicating copy to clipboard operation
sonic-utilities copied to clipboard

Published 20 hours ago verified publisher icon sonic-net

Add time-based ACL support for acl-loader

Open wsycqyz opened this issue 2 years ago • 5 comments

What I did

Add time-based ACL support for acl-loader

How I did it

Modify code according to HLD: Dynamic-ACL-Design.md (Currently is under PR review) New acl-loader CLIs are introduced: acl-loader update time-based-acl <filename.json> acl-loader delete-time-based-acl

How to verify it

See HLD unit test and system test. https://github.com/sonic-net/SONiC/pull/1078

Previous command output (if the output of a command-line utility has changed)

N/A

New command output (if the output of a command-line utility has changed)

admin@hostname: acl-loader update time-based-acl dacl.json Info: Added CONFIG_DB entry for rule DYNAMIC_RULE_1 Info: {'PRIORITY': '9999', 'ETHER_TYPE': '2048', 'PACKET_ACTION': 'DROP', 'DST_IP': '10.0.0.57/32', 'is_dynamic': 'True', 'ttl': '3600', 'creation_time': '1662515645', 'expiration_time': '1662519245'} Info: Added CONFIG_DB entry for rule DYNAMIC_RULE_2 Info: {'PRIORITY': '9998', 'ETHER_TYPE': '2048', 'PACKET_ACTION': 'DROP', 'DST_IP': '192.168.0.101/32', 'is_dynamic': 'True', 'ttl': '10', 'creation_time': '1662515645', 'expiration_time': '1662515655'}

admin@hostname: acl-loader delete-time-based-acl BMC_ACL_SOUTHBOUND 1 Info: Removed a dynamic ACL rule BMC_ACL_SOUTHBOUND|DYNAMIC_RULE_1

wsycqyz avatar Sep 07 '22 01:09 wsycqyz

This pull request introduces 2 alerts when merging 0006a606242d14ef18f8bc5b3a61a90c84237457 into 3be2ad7deea5f00fe20f1e54589a738f066d9ca2 - view on LGTM.com

new alerts:

  • 1 for Except block handles 'BaseException'
  • 1 for Unused import

lgtm-com[bot] avatar Sep 07 '22 02:09 lgtm-com[bot]

This pull request introduces 1 alert when merging 2371472a0e340ab035f34a48461e18b7902142d4 into 3be2ad7deea5f00fe20f1e54589a738f066d9ca2 - view on LGTM.com

new alerts:

  • 1 for Except block handles 'BaseException'

lgtm-com[bot] avatar Sep 07 '22 03:09 lgtm-com[bot]

Let's mark this as draft here since the HLD is still under reviewing

Blueve avatar Sep 07 '22 04:09 Blueve

Let's mark this as draft here since the HLD is still under reviewing

Sure.

wsycqyz avatar Sep 07 '22 04:09 wsycqyz

This pull request introduces 1 alert when merging 9ab1f48fb8ee4d3a106287e4f058160d86ce5bec into 1ac584bb3d30ab6dac0396b8998ea12883acde87 - view on LGTM.com

new alerts:

  • 1 for Unused import

lgtm-com[bot] avatar Sep 15 '22 03:09 lgtm-com[bot]