diff --git a/src/device/service/driver_api/_Driver.py b/src/device/service/driver_api/_Driver.py
index f30165a178a5946c414157da5d09df07bf060a39..7dbb9eddb238dcaae9d00b579a1851aacf53225d 100644
--- a/src/device/service/driver_api/_Driver.py
+++ b/src/device/service/driver_api/_Driver.py
@@ -21,6 +21,7 @@ RESOURCE_ENDPOINTS = '__endpoints__'
RESOURCE_INTERFACES = '__interfaces__'
RESOURCE_NETWORK_INSTANCES = '__network_instances__'
RESOURCE_ROUTING_POLICIES = '__routing_policies__'
+RESOURCE_ACL = '__acl__'
class _Driver:
def __init__(self, address : str, port : int, **settings) -> None:
diff --git a/src/device/service/drivers/openconfig/OpenConfigDriver.py b/src/device/service/drivers/openconfig/OpenConfigDriver.py
index 7f582c4880bafd08aee0204c7498ea3a3e7ad279..e315b8442ed7f9b84016c26775705a4a106f7653 100644
--- a/src/device/service/drivers/openconfig/OpenConfigDriver.py
+++ b/src/device/service/drivers/openconfig/OpenConfigDriver.py
@@ -31,7 +31,11 @@ from device.service.driver_api.AnyTreeTools import TreeNode, get_subnode, set_su
from .templates import ALL_RESOURCE_KEYS, EMPTY_CONFIG, compose_config, get_filter, parse
from .RetryDecorator import retry
-DEBUG_MODE = False
+
+from ncclient import manager
+
+
+DEBUG_MODE = True
#logging.getLogger('ncclient.transport.ssh').setLevel(logging.DEBUG if DEBUG_MODE else logging.WARNING)
logging.getLogger('apscheduler.executors.default').setLevel(logging.INFO if DEBUG_MODE else logging.ERROR)
logging.getLogger('apscheduler.scheduler').setLevel(logging.INFO if DEBUG_MODE else logging.ERROR)
@@ -65,14 +69,14 @@ class NetconfSessionHandler:
self.__netconf_session : Session = None
self.__netconf_manager : Manager = None
- def connect(self):
+ def connect(self):
with self.__lock:
self.__netconf_session = connect_ssh(
host=self.__address, port=self.__port, username=self.__username, password=self.__password)
self.__netconf_manager = Manager(self.__netconf_session, timeout=self.__timeout)
self.__netconf_manager.set_logger_level(logging.DEBUG if DEBUG_MODE else logging.WARNING)
self.__connected.set()
-
+
def disconnect(self):
if not self.__connected.is_set(): return
with self.__lock:
@@ -239,14 +243,25 @@ class OpenConfigDriver(_Driver):
resource_key,resource_value = resource
chk_string(str_resource_name + '.key', resource_key, allow_empty=False)
str_config_message = compose_config(resource_key, resource_value)
+
+ with manager.connect(host=address, port=830, username='admin', password='admin',
+ hostkey_verify=False, device_params={'name':'huaweiyang'},
+ look_for_keys=False, allow_agent=False) as m:
+ assert(":candidate" in m.server_capabilities)
+ with m.locked(target='candidate'):
+ m.edit_config(config=str_config_message, default_operation="merge", target="candidate")
+ m.commit()
+ results.append(True)
+ """
if str_config_message is None: raise UnsupportedResourceKeyException(resource_key)
LOGGER.info('[SetConfig] str_config_message[{:d}] = {:s}'.format(
len(str_config_message), str(str_config_message)))
self.__netconf_handler.edit_config(str_config_message, target='running')
results.append(True)
+ """
except Exception as e: # pylint: disable=broad-except
LOGGER.exception('Exception setting {:s}: {:s}'.format(str_resource_name, str(resource)))
- results.append(e) # if validation fails, store the exception
+ results.append(e) # if validation fails, store the exception
return results
def DeleteConfig(self, resources : List[Tuple[str, Any]]) -> List[Union[bool, Exception]]:
@@ -264,11 +279,23 @@ class OpenConfigDriver(_Driver):
resource_key,resource_value = resource
chk_string(str_resource_name + '.key', resource_key, allow_empty=False)
str_config_message = compose_config(resource_key, resource_value, delete=True)
+
+ with manager.connect(host=address, port=830, username='admin', password='admin',
+ hostkey_verify=False, device_params={'name':'huaweiyang'},
+ look_for_keys=False, allow_agent=False) as m:
+ assert(":candidate" in m.server_capabilities)
+ with m.locked(target='candidate'):
+ m.edit_config(config=str_config_message, default_operation="merge", target="candidate")
+ m.commit()
+ results.append(True)
+
+ """
if str_config_message is None: raise UnsupportedResourceKeyException(resource_key)
LOGGER.info('[DeleteConfig] str_config_message[{:d}] = {:s}'.format(
len(str_config_message), str(str_config_message)))
self.__netconf_handler.edit_config(str_config_message, target='running')
results.append(True)
+ """
except Exception as e: # pylint: disable=broad-except
LOGGER.exception('Exception deleting {:s}: {:s}'.format(str_resource_name, str(resource_key)))
results.append(e) # if validation fails, store the exception
@@ -364,3 +391,4 @@ class OpenConfigDriver(_Driver):
return
if sample is None: continue
yield sample
+
\ No newline at end of file
diff --git a/src/device/service/drivers/openconfig/templates/Acl.py b/src/device/service/drivers/openconfig/templates/Acl.py
new file mode 100644
index 0000000000000000000000000000000000000000..ab07fe6fd10909643e4f1276b078b3db8bd40b59
--- /dev/null
+++ b/src/device/service/drivers/openconfig/templates/Acl.py
@@ -0,0 +1,123 @@
+# Copyright 2021-2023 H2020 TeraFlow (https://www.teraflow-h2020.eu/)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import logging, lxml.etree as ET
+from typing import Any, Dict, List, Tuple
+from .Namespace import NAMESPACES
+from .Tools import add_value_from_collection, add_value_from_tag
+
+LOGGER = logging.getLogger(__name__)
+
+XPATH_ACL_SET = "//ocacl:acl/ocacl:acl-sets/ocacl:acl-set"
+XPATH_A_ACL_ENTRY = ".//ocacl:acl-entries/ocacl:ecl-entry"
+XPATH_A_IPv4 = ".//ocacl:ipv4/ocacl:config"
+XPATH_A_TRANSPORT = ".//ocacl:transport/ocacl:config"
+XPATH_A_ACTIONS = ".//ocacl:actions/ocacl:config"
+
+XPATH_INTERFACE = "//ocacl:acl/ocacl:interfaces/ocacl:interface"
+XPATH_I_INGRESS = ".//ocacl:ingress-acl-sets/ocacl:ingress-acl-set"
+XPATH_I_EGRESS = ".//ocacl:egress-acl-sets/ocacl:egress-acl-set"
+
+def parse(xml_data : ET.Element) -> List[Tuple[str, Dict[str, Any]]]:
+ #LOGGER.info('[ACL] xml_data = {:s}'.format(str(ET.tostring(xml_data))))
+
+ response = []
+ acl = {}
+
+ for xml_acl in xml_data.xpath(XPATH_ACL_SET, namespaces=NAMESPACES):
+ #LOGGER.info('xml_acl = {:s}'.format(str(ET.tostring(xml_acl))))
+
+ acl_name = xml_acl.find('ocacl:name', namespaces=NAMESPACES)
+ if acl_name is None or acl_name.text is None: continue
+ add_value_from_tag(acl, 'name', acl_name)
+
+ acl_type = xml_acl.find('ocacl:type', namespaces=NAMESPACES)
+ add_value_from_tag(acl, 'type', acl_type)
+
+ for xml_acl_entries in xml_acl.xpath(XPATH_A_ACL_ENTRY, namespaces=NAMESPACES):
+
+ acl_id = xml_acl_entries.find('ocacl:sequence_id', namespaces=NAMESPACES)
+ add_value_from_tag(acl, 'sequence_id', acl_id)
+
+ for xml_ipv4 in xml_acl_entries.xpath(XPATH_A_IPv4, namespaces=NAMESPACES):
+
+ ipv4_source = xml_ipv4.find('ocacl:source_address', namespaces=NAMESPACES)
+ add_value_from_tag(acl, 'source_address' , ipv4_source)
+
+ ipv4_destination = xml_ipv4.find('ocacl:destination_address', namespaces=NAMESPACES)
+ add_value_from_tag(acl, 'destination_address' , ipv4_destination)
+
+ ipv4_protocol = xml_ipv4.find('ocacl:protocol', namespaces=NAMESPACES)
+ add_value_from_tag(acl, 'protocol' , ipv4_protocol)
+
+ ipv4_dscp = xml_ipv4.find('ocacl:dscp', namespaces=NAMESPACES)
+ add_value_from_tag(acl, 'dscp' , ipv4_dscp)
+
+ ipv4_hop_limit = xml_ipv4.find('ocacl:hop_limit', namespaces=NAMESPACES)
+ add_value_from_tag(acl, 'hop_limit' , ipv4_hop_limit)
+
+ for xml_transport in xml_acl_entries.xpath(XPATH_A_TRANSPORT, namespaces=NAMESPACES):
+
+ transport_source = xml_transport.find('ocacl:source_port', namespaces=NAMESPACES)
+ add_value_from_tag(acl, 'source_port' ,transport_source)
+
+ transport_destination = xml_transport.find('ocacl:destination_port', namespaces=NAMESPACES)
+ add_value_from_tag(acl, 'destination_port' ,transport_destination)
+
+ transport_tcp_flags = xml_transport.find('ocacl:tcp_flags', namespaces=NAMESPACES)
+ add_value_from_tag(acl, 'tcp_flags' ,transport_tcp_flags)
+
+ for xml_action in xml_acl_entries.xpath(XPATH_A_ACTIONS, namespaces=NAMESPACES):
+
+ action = xml_action.find('ocacl:forwarding_action', namespaces=NAMESPACES)
+ add_value_from_tag(acl, 'forwarding_action' ,action)
+
+ log_action = xml_action.find('ocacl:log_action', namespaces=NAMESPACES)
+ add_value_from_tag(acl, 'log_action' ,log_action)
+
+ resource_key = '/acl/acl-set[{:s}][{:s}]/acl-entry[{:s}]'.format(
+ acl['name'], acl['type'], acl['sequence-id'])
+ response.append((resource_key,acl))
+
+ for xml_interface in xml_data.xpath(XPATH_INTERFACE, namespaces=NAMESPACES):
+
+ interface = {}
+
+ interface_id = xml_interface.find('ocacl:id', namespaces=NAMESPACES)
+ add_value_from_tag(interface, 'id' , interface_id)
+
+ for xml_ingress in xml_interface.xpath(XPATH_I_INGRESS, namespaces=NAMESPACES):
+
+ i_name = xml_ingress.find('ocacl:set_name_ingress', namespaces=NAMESPACES)
+ add_value_from_tag(interface, 'ingress_set_name' , i_name)
+
+ i_type = xml_ingress.find('ocacl:type_ingress', namespaces=NAMESPACES)
+ add_value_from_tag(interface, 'ingress_type' , i_type)
+
+ resource_key = '/acl/interfaces/ingress[{:s}][{:s}]'.format(
+ acl['name'], acl['type'])
+ response.append((resource_key,interface))
+
+ for xml_egress in xml_interface.xpath(XPATH_I_EGRESS, namespaces=NAMESPACES):
+
+ e_name = xml_egress.find('ocacl:set_name_egress', namespaces=NAMESPACES)
+ add_value_from_tag(interface, 'egress_set_name' , e_name)
+
+ e_type = xml_egress.find('ocacl:type_egress', namespaces=NAMESPACES)
+ add_value_from_tag(interface, 'egress_type' , e_type)
+
+ resource_key = '/acl/interfaces/egress[{:s}][{:s}]'.format(
+ acl['name'], acl['type'])
+ response.append((resource_key,interface))
+ return response
diff --git a/src/device/service/drivers/openconfig/templates/Namespace.py b/src/device/service/drivers/openconfig/templates/Namespace.py
index 35be5827db892541847a3c02af42e2fd08ee0e1d..d9bdae323a07c42f074448d6f09f1c3a25ee84a5 100644
--- a/src/device/service/drivers/openconfig/templates/Namespace.py
+++ b/src/device/service/drivers/openconfig/templates/Namespace.py
@@ -28,8 +28,11 @@ NAMESPACE_POLICY_TYPES_2 = 'http://openconfig.net/yang/policy_types'
NAMESPACE_ROUTING_POLICY = 'http://openconfig.net/yang/routing-policy'
NAMESPACE_VLAN = 'http://openconfig.net/yang/vlan'
+NAMESPACE_ACL = 'http://openconfig.net/yang/acl'
+
NAMESPACES = {
'nc' : NAMESPACE_NETCONF,
+ 'ocacl': NAMESPACE_ACL,
'ocbp' : NAMESPACE_BGP_POLICY,
'oci' : NAMESPACE_INTERFACES,
'ociip': NAMESPACE_INTERFACES_IP,
diff --git a/src/device/service/drivers/openconfig/templates/__init__.py b/src/device/service/drivers/openconfig/templates/__init__.py
index eb7842ea8d5b62798f08429776700a792f69dc91..a6825ea41cb5e2b01d4309c84f01a3dd3fe16d6f 100644
--- a/src/device/service/drivers/openconfig/templates/__init__.py
+++ b/src/device/service/drivers/openconfig/templates/__init__.py
@@ -16,17 +16,19 @@ import json, logging, lxml.etree as ET, re
from typing import Any, Dict
from jinja2 import Environment, PackageLoader, select_autoescape
from device.service.driver_api._Driver import (
- RESOURCE_ENDPOINTS, RESOURCE_INTERFACES, RESOURCE_NETWORK_INSTANCES, RESOURCE_ROUTING_POLICIES)
+ RESOURCE_ENDPOINTS, RESOURCE_INTERFACES, RESOURCE_NETWORK_INSTANCES, RESOURCE_ROUTING_POLICIES,RESOURCE_ACL)
from .EndPoints import parse as parse_endpoints
from .Interfaces import parse as parse_interfaces, parse_counters
from .NetworkInstances import parse as parse_network_instances
from .RoutingPolicy import parse as parse_routing_policy
+from .Acl import parse as parse_acl
ALL_RESOURCE_KEYS = [
RESOURCE_ENDPOINTS,
RESOURCE_INTERFACES,
RESOURCE_ROUTING_POLICIES, # routing policies should come before network instances
RESOURCE_NETWORK_INSTANCES,
+ RESOURCE_ACL,
]
RESOURCE_KEY_MAPPINGS = {
@@ -34,6 +36,7 @@ RESOURCE_KEY_MAPPINGS = {
RESOURCE_INTERFACES : 'interface',
RESOURCE_NETWORK_INSTANCES: 'network_instance',
RESOURCE_ROUTING_POLICIES : 'routing_policy',
+ RESOURCE_ACL : 'acl',
}
RESOURCE_PARSERS = {
@@ -42,6 +45,7 @@ RESOURCE_PARSERS = {
'network_instance': parse_network_instances,
'routing_policy' : parse_routing_policy,
'interfaces/interface/state/counters': parse_counters,
+ 'acl' : parse_acl,
}
LOGGER = logging.getLogger(__name__)
diff --git a/src/device/service/drivers/openconfig/templates/acl/acl-set/acl-entry/edit_config.xml b/src/device/service/drivers/openconfig/templates/acl/acl-set/acl-entry/edit_config.xml
new file mode 100644
index 0000000000000000000000000000000000000000..fac259b6fdcd3cbded93088ddc6335ea2bfe5f69
--- /dev/null
+++ b/src/device/service/drivers/openconfig/templates/acl/acl-set/acl-entry/edit_config.xml
@@ -0,0 +1,42 @@
+<acl xmlns="http://openconfig.net/yang/acl">
+ <acl-sets>
+ <acl-set{% if operation is defined %} xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" nc:operation="{{operation}}"{% endif %}>
+ <name>{{name}}</name>
+ <type>{{type}}</type>
+ <config>
+ <name>{{name}}</name>
+ <type>{{type}}</type>
+ </config>
+ <acl-entries>
+ <acl-entry>
+ <sequence-id>{{sequence_id}}</sequence-id>
+ <config>
+ <sequence-id>{{sequence_id}}</sequence-id>
+ </config>
+ <ipv4>
+ <config>
+ {% if source_address is defined %}<source-address>{{source_address}}</source-address>{% endif%}
+ {% if destination_address is defined %}<destination-address>{{destination_address}}</destination-address>{% endif%}
+ {% if protocol is defined %}<protocol>{{protocol}}</protocol>{% endif%}
+ {% if dscp is defined %}<dscp>{{dscp}}</dscp>{% endif%}
+ {% if hop_limit is defined %}<hop-limit>{{hop_limit}}</hop-limit>{% endif%}
+ </config>
+ </ipv4>
+ <transport>
+ <config>
+ {% if source_port is defined %}<source-port>{{source_port}}</source-port>{% endif%}
+ {% if destination_port is defined %}<destination-port>{{destination_port}}</destination-port>{% endif%}
+ {% if tcp_flags is defined %}<tcp-flags>{{tcp_flags}}</tcp-flags>{% endif%}
+ </config>
+ </transport>
+ <actions>
+ <config>
+ {% if forwarding_action is defined %}<forwarding-action>{{forwarding_action}}</forwarding-action>{% endif%}
+ {% if log_action is defined %}<log-action>{{log_action}}</log-action>{% endif%}
+ </config>
+ </actions>
+ </acl-entry>
+ </acl-entries>
+ </acl-set>
+ </acl-sets>
+</acl>
diff --git a/src/device/service/drivers/openconfig/templates/acl/get.xml b/src/device/service/drivers/openconfig/templates/acl/get.xml
new file mode 100644
index 0000000000000000000000000000000000000000..dfed162427d03953890ecf1f90352cc26a76cbc9
--- /dev/null
+++ b/src/device/service/drivers/openconfig/templates/acl/get.xml
@@ -0,0 +1,7 @@
+<acl xmlns="http://openconfig.net/yang/acl">
+ <acl-sets>
+ </acl-sets>
+ <interfaces>
+ </interfaces>
+</acl>
+
\ No newline at end of file
diff --git a/src/device/service/drivers/openconfig/templates/acl/interfaces/egress/edit_config.xml b/src/device/service/drivers/openconfig/templates/acl/interfaces/egress/edit_config.xml
new file mode 100644
index 0000000000000000000000000000000000000000..d987b0cc4b40298533f140f71af83c6fad884020
--- /dev/null
+++ b/src/device/service/drivers/openconfig/templates/acl/interfaces/egress/edit_config.xml
@@ -0,0 +1,26 @@
+<acl xmlns="http://openconfig.net/yang/acl">
+ <interfaces>
+ <interface{% if operation is defined %} xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" nc:operation="{{operation}}"{% endif %}>
+ <id>{{id}}</id>
+ <config>
+ <id>{{id}}</id>
+ </config>
+ <interface-ref>
+ <config>
+ <interface>{{interface}}</interface>
+ {% if subinterface is defined %}<subinterface>{{subinterface}}</subinterface>{% endif%}
+ </config>
+ </interface-ref>
+ <egress-acl-sets>
+ <egress-acl-set>
+ <set-name>{{set_name_egress}}</set-name>
+ <type>{{type_egress}}</type>
+ <config>
+ <set-name>{{set_name_egress}}</set-name>
+ <type>{{type_egress}}</type>
+ </config>
+ </egress-acl-set>
+ </egress-acl-sets>
+ </interface>
+ </interfaces>
+</acl>
diff --git a/src/device/service/drivers/openconfig/templates/acl/interfaces/ingress/edit_config.xml b/src/device/service/drivers/openconfig/templates/acl/interfaces/ingress/edit_config.xml
new file mode 100644
index 0000000000000000000000000000000000000000..144a03c55477e532379541be5443063fe3aa2f10
--- /dev/null
+++ b/src/device/service/drivers/openconfig/templates/acl/interfaces/ingress/edit_config.xml
@@ -0,0 +1,26 @@
+<acl xmlns="http://openconfig.net/yang/acl">
+ <interfaces>
+ <interface{% if operation is defined %} xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" nc:operation="{{operation}}"{% endif %}>
+ <id>{{id}}</id>
+ <config>
+ <id>{{id}}</id>
+ </config>
+ <interface-ref>
+ <config>
+ <interface>{{interface}}</interface>
+ {% if subinterface is defined %}<subinterface>{{subinterface}}</subinterface>{% endif%}
+ </config>
+ </interface-ref>
+ <ingress-acl-sets>
+ <ingress-acl-set>
+ <set-name>{{set_name_ingress}}</set-name>
+ <type>{{type_ingress}}</type>
+ <config>
+ <set-name>{{set_name_ingress}}</set-name>
+ <type>{{type_ingress}}</type>
+ </config>
+ </ingress-acl-set>
+ </ingress-acl-sets>
+ </interface>
+ </interfaces>
+</acl>
diff --git a/src/device/tests/.gitignore b/src/device/tests/.gitignore
index b5f6bc13b7b17daa79d9e67c5fc0c50338d089a1..4cbf5059c2f905c16aac6234e2b9ca0ac7584c09 100644
--- a/src/device/tests/.gitignore
+++ b/src/device/tests/.gitignore
@@ -1,3 +1,5 @@
# Add here your files containing confidential testbed details such as IP addresses, ports, usernames, passwords, etc.
+Device_OpenConfig_Adva*
+Device_OpenConfig_Cisco*
Device_OpenConfig_Infinera*
Device_Transport_Api*
diff --git a/src/device/tests/test_unitary.py b/src/device/tests/test_unitary.py
index 411cbba05957425687b0b03e3e868febe82a944d..0853da9a5e3572b15e5581413d1a5c765e02444e 100644
--- a/src/device/tests/test_unitary.py
+++ b/src/device/tests/test_unitary.py
@@ -55,6 +55,9 @@ ENABLE_EMULATED = True
try:
from .Device_OpenConfig_Infinera1 import(
#from .Device_OpenConfig_Infinera2 import(
+ #from .Device_OpenConfig_Cisco import(
+ #from .Device_OpenConfig_Adva import(
+
DEVICE_OC, DEVICE_OC_CONFIG_RULES, DEVICE_OC_DECONFIG_RULES, DEVICE_OC_CONNECT_RULES, DEVICE_OC_ID,
DEVICE_OC_UUID)
ENABLE_OPENCONFIG = True