From 91fb8f3a5f98e2b5941abab592a2600e8c3a179b Mon Sep 17 00:00:00 2001 From: ghooo Date: Tue, 15 Mar 2022 20:38:15 -0700 Subject: [PATCH] [yang] In ACL_RULE PRIORITY is mandatory and PACKET_ACTION for CTRLPLANE ACLs --- .../tests/yang_model_tests/tests/acl.json | 10 ++++ .../yang_model_tests/tests_config/acl.json | 57 +++++++++++++++++++ .../yang-templates/sonic-acl.yang.j2 | 4 ++ 3 files changed, 71 insertions(+) diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json b/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json index 980622cbd3e8..6896cd5c771e 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json @@ -4,6 +4,16 @@ "eStrKey" : "InvalidValue", "eStr": ["PACKET_ACTION"] }, + "ACL_RULE_FOR_CTRLPLANE_ACL_REQUIRES_PACKET_ACTION": { + "desc": "ACL_RULE for CTRLPLANE ACLs require PACKET_ACTION.", + "eStrKey" : "Must", + "eStr": ["CTRLPLANE", "PACKET_ACTION"] + }, + "ACL_RULE_MANDATORY_PRIORITY": { + "desc": "ACL_RULE MANDATORY PRIORITY field.", + "eStrKey" : "Mandatory", + "eStr": ["ACL_RULE", "PRIORITY"] + }, "ACL_TABLE_EMPTY_PORTS": { "desc": "Configure ACL_TABLE with empty ports." }, diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json index b2aa6b3fb15d..ddb3a72d1b98 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json @@ -211,6 +211,63 @@ } } }, + "ACL_RULE_FOR_CTRLPLANE_ACL_REQUIRES_PACKET_ACTION": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "MGMT_ONLY", + "DST_IP": "10.186.72.0/26", + "IP_TYPE": "IPv4ANY", + "PRIORITY": 999980, + "RULE_NAME": "Rule_20", + "SRC_IP": "10.176.0.0/15" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "MGMT_ONLY", + "policy_desc": "Filter IPv4", + "services": [ + "SNMP" + ], + "stage": "EGRESS", + "type": "CTRLPLANE" + } + ] + } + } + }, + "ACL_RULE_MANDATORY_PRIORITY": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "EVERFLOW", + "DST_IP": "10.186.72.0/26", + "IP_TYPE": "IPv4ANY", + "RULE_NAME": "Rule_20", + "SRC_IP": "10.176.0.0/15" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "EVERFLOW", + "policy_desc": "Filter IPv4", + "services": [ + "SNMP" + ], + "stage": "EGRESS", + "type": "MIRROR" + } + ] + } + } + }, "ACL_RULE_WITH_NON_EXIST_ACL_TABLE": { "sonic-acl:sonic-acl": { "sonic-acl:ACL_RULE": { diff --git a/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 b/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 index d007f82e0964..358533c68c08 100644 --- a/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 +++ b/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 @@ -69,6 +69,9 @@ module sonic-acl { type stypes:packet_action; } + /* Validating 'PACKET_ACTION' exist if ACL type is 'CTRLPLANE' */ + must "(not(../../ACL_TABLE/ACL_TABLE_LIST[ACL_TABLE_NAME=current()/ACL_TABLE_NAME]/type = 'CTRLPLANE')) or (boolean(PACKET_ACTION))"; + leaf MIRROR_INGRESS_ACTION { type leafref { path "/sms:sonic-mirror-session/sms:MIRROR_SESSION/sms:MIRROR_SESSION_LIST/sms:name"; @@ -86,6 +89,7 @@ module sonic-acl { } leaf PRIORITY { + mandatory true; type uint32 { range 0..999999; }