Merge commit 'd433b2f954e446db7a655e882a7274cd5bce3a50' into teamd-re…

…try-count-cli

acl_loader/main.py

@@ -72,6 +72,10 @@ class AclLoader(object):
 
     ACL_TABLE = "ACL_TABLE"
     ACL_RULE = "ACL_RULE"
+    CFG_ACL_TABLE = "ACL_TABLE"
+    STATE_ACL_TABLE = "ACL_TABLE_TABLE"
+    CFG_ACL_RULE = "ACL_RULE"
+    STATE_ACL_RULE = "ACL_RULE_TABLE"
     ACL_TABLE_TYPE_MIRROR = "MIRROR"
     ACL_TABLE_TYPE_CTRLPLANE = "CTRLPLANE"
     CFG_MIRROR_SESSION_TABLE = "MIRROR_SESSION"
@@ -117,11 +121,16 @@ def __init__(self):
         self.tables_db_info = {}
         self.rules_db_info = {}
         self.rules_info = {}
+        self.tables_state_info = None
+        self.rules_state_info = None
 
         # Load database config files
         load_db_config()
 
         self.sessions_db_info = {}
+        self.acl_table_status = {}
+        self.acl_rule_status = {}
+
         self.configdb = ConfigDBConnector()
         self.configdb.connect()
         self.statedb = SonicV2Connector(host="127.0.0.1")
@@ -156,6 +165,8 @@ def __init__(self):
         self.read_rules_info()
         self.read_sessions_info()
         self.read_policers_info()
+        self.acl_table_status = self.read_acl_object_status_info(self.CFG_ACL_TABLE, self.STATE_ACL_TABLE)
+        self.acl_rule_status = self.read_acl_object_status_info(self.CFG_ACL_RULE, self.STATE_ACL_RULE)
 
     def read_tables_info(self):
         """
@@ -210,7 +221,7 @@ def read_sessions_info(self):
         for key in self.sessions_db_info:
             if self.per_npu_statedb:
                 # For multi-npu platforms we will read from all front asic name space
-                # statedb as the monitor port will be differnt for each asic
+                # statedb as the monitor port will be different for each asic
                 # and it's status also might be different (ideally should not happen)
                 # We will store them as dict of 'asic' : value
                 self.sessions_db_info[key]["status"] = {}
@@ -224,6 +235,35 @@ def read_sessions_info(self):
                 self.sessions_db_info[key]["status"] = state_db_info.get("status", "inactive") if state_db_info else "error"
                 self.sessions_db_info[key]["monitor_port"] = state_db_info.get("monitor_port", "") if state_db_info else ""
 
+    def read_acl_object_status_info(self, cfg_db_table_name, state_db_table_name):
+        """
+        Read ACL_TABLE status or ACL_RULE status from STATE_DB
+        """
+        if self.per_npu_configdb:
+            namespace_configdb = list(self.per_npu_configdb.values())[0]
+            keys = namespace_configdb.get_table(cfg_db_table_name).keys()
+        else:
+            keys = self.configdb.get_table(cfg_db_table_name).keys()
+
+        status = {}
+        for key in keys:
+            # For ACL_RULE, the key is (acl_table_name, acl_rule_name)
+            if isinstance(key, tuple):
+                state_db_key = key[0] + "|" + key[1]
+            else:
+                state_db_key = key
+            status[key] = {}
+            if self.per_npu_statedb:
+                status[key]['status'] = {}
+                for namespace_key, namespace_statedb in self.per_npu_statedb.items():
+                    state_db_info = namespace_statedb.get_all(self.statedb.STATE_DB, "{}|{}".format(state_db_table_name, state_db_key))
+                    status[key]['status'][namespace_key] = state_db_info.get("status", "N/A") if state_db_info else "N/A"
+            else:
+                state_db_info = self.statedb.get_all(self.statedb.STATE_DB, "{}|{}".format(state_db_table_name, state_db_key))
+                status[key]['status'] = state_db_info.get("status", "N/A") if state_db_info else "N/A"
+
+        return status
+
     def get_sessions_db_info(self):
         return self.sessions_db_info
 
@@ -786,32 +826,36 @@ def show_table(self, table_name):
         :param table_name: Optional. ACL table name. Filter tables by specified name.
         :return:
         """
-        header = ("Name", "Type", "Binding", "Description", "Stage")
+        header = ("Name", "Type", "Binding", "Description", "Stage", "Status")
 
         data = []
         for key, val in self.get_tables_db_info().items():
             if table_name and key != table_name:
                 continue
-
+            
             stage = val.get("stage", Stage.INGRESS).lower()
-
+            # Get ACL table status from STATE_DB
+            if key in self.acl_table_status:
+                status = self.acl_table_status[key]['status']
+            else:
+                status = 'N/A'
             if val["type"] == AclLoader.ACL_TABLE_TYPE_CTRLPLANE:
                 services = natsorted(val["services"])
-                data.append([key, val["type"], services[0], val["policy_desc"], stage])
+                data.append([key, val["type"], services[0], val["policy_desc"], stage, status])
 
                 if len(services) > 1:
                     for service in services[1:]:
-                        data.append(["", "", service, "", ""])
+                        data.append(["", "", service, "", "", ""])
             else:
                 if not val["ports"]:
-                    data.append([key, val["type"], "", val["policy_desc"], stage])
+                    data.append([key, val["type"], "", val["policy_desc"], stage, status])
                 else:
                     ports = natsorted(val["ports"])
-                    data.append([key, val["type"], ports[0], val["policy_desc"], stage])
+                    data.append([key, val["type"], ports[0], val["policy_desc"], stage, status])
 
                     if len(ports) > 1:
                         for port in ports[1:]:
-                            data.append(["", "", port, "", ""])
+                            data.append(["", "", port, "", "", ""])
 
         print(tabulate.tabulate(data, headers=header, tablefmt="simple", missingval=""))
 
@@ -873,7 +917,7 @@ def show_rule(self, table_name, rule_id):
         :param rule_id: Optional. ACL rule name. Filter rule by specified rule name.
         :return:
         """
-        header = ("Table", "Rule", "Priority", "Action", "Match")
+        header = ("Table", "Rule", "Priority", "Action", "Match", "Status")
 
         def pop_priority(val):
             priority = "N/A"
@@ -919,11 +963,16 @@ def pop_matches(val):
             priority = pop_priority(val)
             action = pop_action(val)
             matches = pop_matches(val)
-
-            rule_data = [[tname, rid, priority, action, matches[0]]]
+            # Get ACL rule status from STATE_DB
+            status_key = (tname, rid)
+            if status_key in self.acl_rule_status:
+                status = self.acl_rule_status[status_key]['status']
+            else:
+                status = "N/A"
+            rule_data = [[tname, rid, priority, action, matches[0], status]]
             if len(matches) > 1:
                 for m in matches[1:]:
-                    rule_data.append(["", "", "", "", m])
+                    rule_data.append(["", "", "", "", m, ""])
 
             raw_data.append([priority, rule_data])
 

azure-pipelines.yml

@@ -45,11 +45,14 @@ stages:
         artifact: sonic-buildimage.vs
         runVersion: 'latestFromBranch'
         runBranch: 'refs/heads/$(sourceBranch)'
+        patterns: |
+          **/*.deb
+          **/*.whl
       displayName: "Download artifacts from latest sonic-buildimage build"
 
     - script: |
         set -xe
-        sudo apt-get -y purge libhiredis-dev libnl-3-dev libnl-route-3-dev
+        sudo apt-get -y purge libhiredis-dev libnl-3-dev libnl-route-3-dev || true
         sudo dpkg -i libnl-3-200_*.deb
         sudo dpkg -i libnl-genl-3-200_*.deb
         sudo dpkg -i libnl-route-3-200_*.deb
@@ -66,9 +69,9 @@ stages:
         source: specific
         project: build
         pipeline: 9
-        artifact: sonic-swss-common.bullseye.amd64
+        artifact: sonic-swss-common
         runVersion: 'latestFromBranch'
-        runBranch: 'refs/heads/master'
+        runBranch: 'refs/heads/$(sourceBranch)'
       displayName: "Download sonic swss common deb packages"
 
     - script: |

config/aaa.py

@@ -405,8 +405,8 @@ def sourceip(ctx, src_ip):
         click.echo('Invalid ip address')
         return
 
-    v6_invalid_list = [ipaddress.IPv6Address(unicode('0::0')), ipaddress.IPv6Address(unicode('0::1'))]
-    net = ipaddress.ip_network(unicode(src_ip), strict=False)
+    v6_invalid_list = [ipaddress.IPv6Address('0::0'), ipaddress.IPv6Address('0::1')]
+    net = ipaddress.ip_network(src_ip, strict=False)
     if (net.version == 4):
         if src_ip == "0.0.0.0":
             click.echo('enter non-zero ip address')
@@ -446,8 +446,8 @@ def nasip(ctx, nas_ip):
         click.echo('Invalid ip address')
         return
 
-    v6_invalid_list = [ipaddress.IPv6Address(unicode('0::0')), ipaddress.IPv6Address(unicode('0::1'))]
-    net = ipaddress.ip_network(unicode(nas_ip), strict=False)
+    v6_invalid_list = [ipaddress.IPv6Address('0::0'), ipaddress.IPv6Address('0::1')]
+    net = ipaddress.ip_network(nas_ip, strict=False)
     if (net.version == 4):
         if nas_ip == "0.0.0.0":
             click.echo('enter non-zero ip address')

config/console.py

@@ -1,6 +1,7 @@
 import click
 import utilities_common.cli as clicommon
-
+from .validated_config_db_connector import ValidatedConfigDBConnector
+from jsonpatch import JsonPatchConflict
 #
 # 'console' group ('config console ...')
 #
@@ -16,14 +17,18 @@ def console():
 @clicommon.pass_db
 def enable_console_switch(db):
     """Enable console switch"""
-    config_db = db.cfgdb
+    config_db = ValidatedConfigDBConnector(db.cfgdb)
 
     table = "CONSOLE_SWITCH"
     dataKey1 = 'console_mgmt'
     dataKey2 = 'enabled'
 
     data = { dataKey2 : "yes" }
-    config_db.mod_entry(table, dataKey1, data)
+    try:
+        config_db.mod_entry(table, dataKey1, data)
+    except ValueError as e:
+        ctx = click.get_current_context()
+        ctx.fail("Invalid ConfigDB. Error: {}".format(e))
 
 #
 # 'console disable' group ('config console disable')
@@ -32,14 +37,18 @@ def enable_console_switch(db):
 @clicommon.pass_db
 def disable_console_switch(db):
     """Disable console switch"""
-    config_db = db.cfgdb
+    config_db = ValidatedConfigDBConnector(db.cfgdb)
 
     table = "CONSOLE_SWITCH"
     dataKey1 = 'console_mgmt'
     dataKey2 = 'enabled'
 
     data = { dataKey2 : "no" }
-    config_db.mod_entry(table, dataKey1, data)
+    try:
+        config_db.mod_entry(table, dataKey1, data)
+    except ValueError as e:
+        ctx = click.get_current_context()
+        ctx.fail("Invalid ConfigDB. Error: {}".format(e))
 
 #
 # 'console add' group ('config console add ...')
@@ -52,7 +61,7 @@ def disable_console_switch(db):
 @click.option('--devicename', '-d', metavar='<device_name>', required=False)
 def add_console_setting(db, linenum, baud, flowcontrol, devicename):
     """Add Console-realted configuration tasks"""
-    config_db = db.cfgdb
+    config_db = ValidatedConfigDBConnector(db.cfgdb)
 
     table = "CONSOLE_PORT"
     dataKey1 = 'baud_rate'
@@ -72,7 +81,10 @@ def add_console_setting(db, linenum, baud, flowcontrol, devicename):
                 ctx.fail("Given device name {} has been used. Please enter a valid device name or remove the existing one !!".format(devicename))
             console_entry[dataKey3] = devicename
 
-        config_db.set_entry(table, linenum, console_entry)
+        try:
+            config_db.set_entry(table, linenum, console_entry)
+        except ValueError as e:
+            ctx.fail("Invalid ConfigDB. Error: {}".format(e))
 
 
 #
@@ -83,15 +95,18 @@ def add_console_setting(db, linenum, baud, flowcontrol, devicename):
 @click.argument('linenum', metavar='<line_number>', required=True, type=click.IntRange(0, 65535))
 def remove_console_setting(db, linenum):
     """Remove Console-related configuration tasks"""
-    config_db = db.cfgdb
+    config_db = ValidatedConfigDBConnector(db.cfgdb)
+    ctx = click.get_current_context()
 
     table = "CONSOLE_PORT"
 
     data = config_db.get_entry(table, linenum)
     if data:
-        config_db.mod_entry(table, linenum, None)
+        try:
+            config_db.set_entry(table, linenum, None)
+        except JsonPatchConflict as e:
+            ctx.fail("Invalid ConfigDB. Error: {}".format(e))
     else:
-        ctx = click.get_current_context()
         ctx.fail("Trying to delete console port setting, which is not present.")
 
 #
@@ -103,7 +118,7 @@ def remove_console_setting(db, linenum):
 @click.argument('devicename', metavar='<device_name>', required=False)
 def upate_console_remote_device_name(db, linenum, devicename):
     """Update remote device name for a console line"""
-    config_db = db.cfgdb
+    config_db = ValidatedConfigDBConnector(db.cfgdb)
     ctx = click.get_current_context()
 
     table = "CONSOLE_PORT"
@@ -117,12 +132,18 @@ def upate_console_remote_device_name(db, linenum, devicename):
         elif not devicename:
             # remove configuration key from console setting if user not give a remote device name
             data.pop(dataKey, None)
-            config_db.mod_entry(table, linenum, data)
+            try:
+                config_db.mod_entry(table, linenum, data)
+            except ValueError as e:
+                ctx.fail("Invalid ConfigDB. Error: {}".format(e))
         elif isExistingSameDevice(config_db, devicename, table):
             ctx.fail("Given device name {} has been used. Please enter a valid device name or remove the existing one !!".format(devicename))
         else:
             data[dataKey] = devicename
-            config_db.mod_entry(table, linenum, data)
+            try:
+                config_db.mod_entry(table, linenum, data)
+            except ValueError as e:
+                ctx.fail("Invalid ConfigDB. Error: {}".format(e))
     else:
         ctx.fail("Trying to update console port setting, which is not present.")
 
@@ -135,7 +156,7 @@ def upate_console_remote_device_name(db, linenum, devicename):
 @click.argument('baud', metavar='<baud>', required=True, type=click.INT)
 def update_console_baud(db, linenum, baud):
     """Update baud for a console line"""
-    config_db = db.cfgdb
+    config_db = ValidatedConfigDBConnector(db.cfgdb)
     ctx = click.get_current_context()
 
     table = "CONSOLE_PORT"
@@ -149,7 +170,10 @@ def update_console_baud(db, linenum, baud):
             return
         else:
             data[dataKey] = baud
-            config_db.mod_entry(table, linenum, data)
+            try:
+                config_db.mod_entry(table, linenum, data)
+            except ValueError as e:
+                ctx.fail("Invalid ConfigDB. Error: {}".format(e))
     else:
         ctx.fail("Trying to update console port setting, which is not present.")
 
@@ -162,7 +186,7 @@ def update_console_baud(db, linenum, baud):
 @click.argument('linenum', metavar='<line_number>', required=True, type=click.IntRange(0, 65535))
 def update_console_flow_control(db, mode, linenum):
     """Update flow control setting for a console line"""
-    config_db = db.cfgdb
+    config_db = ValidatedConfigDBConnector(db.cfgdb)
     ctx = click.get_current_context()
 
     table = "CONSOLE_PORT"
@@ -177,7 +201,10 @@ def update_console_flow_control(db, mode, linenum):
             return
         else:
             data[dataKey] = innerMode
-            config_db.mod_entry(table, linenum, data)
+            try:
+                config_db.mod_entry(table, linenum, data)
+            except ValueError as e:
+                ctx.fail("Invalid ConfigDB. Error: {}".format(e))
     else:
         ctx.fail("Trying to update console port setting, which is not present.")