[aclorch] Validate that provided IN/OUT_PORTS are physical interfaces

[daall]

• Add a check during the rule validation step to make sure provided IN/OUT_PORTS rules only include physical interfaces
• Add vs test cases for invalid IN/OUT_PORTS inputs

Signed-off-by: Danny Allen [email protected]

What I did
Added a safety check to the rule validation step in AclOrch so that rules that include the IN_PORTS or OUT_PORTS field can only include physical interfaces.

Why I did it
The SAI only supports physical ports for this particular ACL field, so it'll throw an error if a user tries to pass in a PortChannel, VLAN, or some other interface in one of the PORTS lists. This prevents that from happening.

How I verified it
I added tests to the virtual switch to confirm that invalid rules are being rejected:

daall@valhalla:~/dev/sonic-swss/tests$ sudo pytest -s -v --dvsname=vs test_acl.py::TestAcl
=============================================================================================== test session starts ===============================================================================================
platform linux2 -- Python 2.7.15+, pytest-3.3.0, py-1.8.0, pluggy-0.6.0 -- /usr/bin/python2
cachedir: .cache
rootdir: /home/daall/dev/sonic-swss/tests, inifile:
collected 25 items                                                                                                                                                                                                

test_acl.py::TestAcl::test_AclTableCreation remove extra link dummy PASSED                                                                                                                                  [  4%]
test_acl.py::TestAcl::test_AclRuleL4SrcPort PASSED                                                                                                                                                          [  8%]
test_acl.py::TestAcl::test_AclRuleInOutPorts PASSED                                                                                                                                                         [ 12%]
test_acl.py::TestAcl::test_AclRuleInPortsNonexistentInterface PASSED                                                                                                                                        [ 16%]
test_acl.py::TestAcl::test_AclRuleOutPortsNonexistentInterface PASSED                                                                                                                                       [ 20%]
test_acl.py::TestAcl::test_AclRuleInPortsInvalidInterface PASSED                                                                                                                                            [ 24%]
test_acl.py::TestAcl::test_AclRuleOutPortsInvalidInterface PASSED                                                                                                                                           [ 28%]
test_acl.py::TestAcl::test_AclTableDeletion PASSED                                                                                                                                                          [ 32%]
test_acl.py::TestAcl::test_V6AclTableCreation PASSED                                                                                                                                                        [ 36%]
test_acl.py::TestAcl::test_V6AclRuleIPv6Any PASSED                                                                                                                                                          [ 40%]
test_acl.py::TestAcl::test_V6AclRuleIPv6AnyDrop PASSED                                                                                                                                                      [ 44%]
test_acl.py::TestAcl::test_V6AclRuleIpProtocol PASSED                                                                                                                                                       [ 48%]
test_acl.py::TestAcl::test_V6AclRuleSrcIPv6 PASSED                                                                                                                                                          [ 52%]
test_acl.py::TestAcl::test_V6AclRuleDstIPv6 PASSED                                                                                                                                                          [ 56%]
test_acl.py::TestAcl::test_V6AclRuleL4SrcPort PASSED                                                                                                                                                        [ 60%]
test_acl.py::TestAcl::test_V6AclRuleL4DstPort PASSED                                                                                                                                                        [ 64%]
test_acl.py::TestAcl::test_V6AclRuleTCPFlags PASSED                                                                                                                                                         [ 68%]
test_acl.py::TestAcl::test_V6AclRuleL4SrcPortRange PASSED                                                                                                                                                   [ 72%]
test_acl.py::TestAcl::test_V6AclRuleL4DstPortRange PASSED                                                                                                                                                   [ 76%]
test_acl.py::TestAcl::test_V6AclTableDeletion PASSED                                                                                                                                                        [ 80%]
test_acl.py::TestAcl::test_InsertAclRuleBetweenPriorities PASSED                                                                                                                                            [ 84%]
test_acl.py::TestAcl::test_RulesWithDiffMaskLengths PASSED                                                                                                                                                  [ 88%]
test_acl.py::TestAcl::test_AclRuleIcmp PASSED                                                                                                                                                               [ 92%]
test_acl.py::TestAcl::test_AclRuleIcmpV6 PASSED                                                                                                                                                             [ 96%]
test_acl.py::TestAcl::test_AclRuleRedirectToNexthop PASSED                                                                                                                                                  [100%]

=========================================================================================== 25 passed in 127.22 seconds ===========================================================================================

Details if related

• Opened [testing] vs tests in TestAcl in test_acl.py have dependency on each other #1154 to go back and address dependencies in the test setup
• Opened [testing] Create common methods for creating, deleting portchannels in vs #1155 to go back and create some common utility for interacting with portchannels

[qiluo-msft]

with naming suggestion

[daall]

retest this please

[daall]

retest this please

[daall]

retest this please

[daall]

retest this please

[daall]

retest this please

[daall]

retest this please