Migrate to libyang2
Explanation of some of the changes:
1) New libyang produces different schema paths, that don't include
choice/case nodes. This can be seen in Firewall.cpp.
2) New sysrepo does not use <map>, so it has to be included at multiple
places.
3) getUniqueSubtree is now just one line of code. Another commit can get
rid of it.
4) dataFromSysrepo sometimes gives less and sometimes more data. This is
because it now uses libyang instead of sr_val_t
- When it gives more data it's usually just lists or empty containers,
sr_val_t didn't give those.
- When it gives less data it's also just empty containers. This can
be seen with "sensor-data" in hardware_ietf-hardware.cpp.
Depends-on: https://gerrit.cesnet.cz/c/CzechLight/dependencies/+/5171
Change-Id: I388536269e790b8b74ea7791c79b180adc5d80a6
Co-authored-by: Jan Kundrát <jan.kundrat@cesnet.cz>
diff --git a/tests/sysrepo-firewall.cpp b/tests/sysrepo-firewall.cpp
index 0daf255..2873056 100644
--- a/tests/sysrepo-firewall.cpp
+++ b/tests/sysrepo-firewall.cpp
@@ -6,6 +6,7 @@
*/
#include "trompeloeil_doctest.h"
+#include <sysrepo-cpp/Connection.hpp>
#include "firewall/Firewall.h"
#include "test_log_setup.h"
@@ -25,14 +26,16 @@
add rule inet filter acls iif lo accept comment "Accept any localhost traffic"
)";
+const auto TIMEOUT = std::chrono::milliseconds{1000};
+
TEST_CASE("nftables generator")
{
- TEST_INIT_LOGS;
- auto srConn = std::make_shared<sysrepo::Connection>();
- auto srSess = std::make_shared<sysrepo::Session>(srConn);
+ TEST_SYSREPO_INIT_LOGS;
+ sysrepo::Connection srConn;
+ auto srSess = srConn.sessionStart();
// Delete all acls at the start so we know what we're dealing with.
- srSess->delete_item("/ietf-access-control-list:acls");
- srSess->apply_changes(1000, 1);
+ srSess.deleteItem("/ietf-access-control-list:acls");
+ srSess.applyChanges(TIMEOUT);
MockNft nft;
REQUIRE_CALL(nft, consumeConfig(NFTABLES_OUTPUT_START));
@@ -45,49 +48,49 @@
// Add an empty ACL
{
REQUIRE_CALL(nft, consumeConfig(NFTABLES_OUTPUT_START));
- srSess->set_item_str("/ietf-access-control-list:acls/acl[name='acls']/type", "mixed-eth-ipv4-ipv6-acl-type");
- srSess->apply_changes(1000, 1);
+ srSess.setItem("/ietf-access-control-list:acls/acl[name='acls']/type", "mixed-eth-ipv4-ipv6-acl-type");
+ srSess.applyChanges(TIMEOUT);
}
SECTION("add an IPv4 ACE")
{
expectedOutput = NFTABLES_OUTPUT_START +
"add rule inet filter acls ip saddr 192.168.0.0/24 drop comment \"deny 192.168.0.0/24\"\n";
- srSess->set_item_str(
+ srSess.setItem(
"/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.0.0/24']/matches/ipv4/source-ipv4-network",
"192.168.0.0/24");
- srSess->set_item_str("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.0.0/24']/actions/forwarding", "drop");
+ srSess.setItem("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.0.0/24']/actions/forwarding", "drop");
}
SECTION("add an IPv6 ACE")
{
expectedOutput = NFTABLES_OUTPUT_START +
"add rule inet filter acls ip6 saddr 2001:db8:85a3::8a2e:370:7334/128 accept comment \"deny an ipv6 address\"\n";
- srSess->set_item_str(
+ srSess.setItem(
"/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny an ipv6 address']/matches/ipv6/source-ipv6-network",
"2001:0db8:85a3:0000:0000:8a2e:0370:7334/128");
- srSess->set_item_str("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny an ipv6 address']/actions/forwarding", "accept");
+ srSess.setItem("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny an ipv6 address']/actions/forwarding", "accept");
}
SECTION("add ACE without 'matches'")
{
expectedOutput = NFTABLES_OUTPUT_START +
"add rule inet filter acls drop comment \"drop eveything\"\n";
- srSess->set_item_str("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='drop eveything']/actions/forwarding", "drop");
+ srSess.setItem("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='drop eveything']/actions/forwarding", "drop");
}
SECTION("add ACE with 'reject'")
{
expectedOutput = NFTABLES_OUTPUT_START +
"add rule inet filter acls reject comment \"reject eveything\"\n";
- srSess->set_item_str("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='reject eveything']/actions/forwarding", "reject");
+ srSess.setItem("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='reject eveything']/actions/forwarding", "reject");
}
SECTION("add ACE with 'reject'")
{
expectedOutput = NFTABLES_OUTPUT_START +
"add rule inet filter acls reject comment \"reject eveything\"\n";
- srSess->set_item_str("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='reject eveything']/actions/forwarding", "reject");
+ srSess.setItem("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='reject eveything']/actions/forwarding", "reject");
}
SECTION("add two ACEs")
@@ -95,30 +98,30 @@
expectedOutput = NFTABLES_OUTPUT_START +
"add rule inet filter acls ip saddr 192.168.0.0/24 drop comment \"deny 192.168.0.0/24\"\n"
"add rule inet filter acls reject comment \"reject eveything\"\n";
- srSess->set_item_str(
+ srSess.setItem(
"/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.0.0/24']/matches/ipv4/source-ipv4-network",
"192.168.0.0/24");
- srSess->set_item_str("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.0.0/24']/actions/forwarding", "drop");
- srSess->set_item_str("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='reject eveything']/actions/forwarding", "reject");
+ srSess.setItem("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.0.0/24']/actions/forwarding", "drop");
+ srSess.setItem("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='reject eveything']/actions/forwarding", "reject");
}
REQUIRE_CALL(nft, consumeConfig(expectedOutput));
- srSess->apply_changes(1000, 1);
+ srSess.applyChanges(TIMEOUT);
}
SECTION("non-empty ACL start")
{
- // Add an non-empty ACL
+ // Add a non-empty ACL
{
REQUIRE_CALL(nft, consumeConfig(NFTABLES_OUTPUT_START +
"add rule inet filter acls ip saddr 192.168.0.0/24 drop comment \"deny 192.168.0.0/24\"\n"));
- srSess->set_item_str("/ietf-access-control-list:acls/acl[name='acls']/type", "mixed-eth-ipv4-ipv6-acl-type");
- srSess->set_item_str(
+ srSess.setItem("/ietf-access-control-list:acls/acl[name='acls']/type", "mixed-eth-ipv4-ipv6-acl-type");
+ srSess.setItem(
"/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.0.0/24']/matches/ipv4/source-ipv4-network",
"192.168.0.0/24");
- srSess->set_item_str("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.0.0/24']/actions/forwarding", "drop");
- srSess->apply_changes(1000, 1);
+ srSess.setItem("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.0.0/24']/actions/forwarding", "drop");
+ srSess.applyChanges(TIMEOUT);
}
SECTION("add another ACE")
@@ -126,37 +129,37 @@
expectedOutput = NFTABLES_OUTPUT_START +
"add rule inet filter acls ip saddr 192.168.0.0/24 drop comment \"deny 192.168.0.0/24\"\n"
"add rule inet filter acls ip saddr 192.168.13.0/24 drop comment \"also deny 192.168.13.0/24\"\n";
- srSess->set_item_str(
+ srSess.setItem(
"/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='also deny 192.168.13.0/24']/matches/ipv4/source-ipv4-network",
"192.168.13.0/24");
- srSess->set_item_str("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='also deny 192.168.13.0/24']/actions/forwarding", "drop");
+ srSess.setItem("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='also deny 192.168.13.0/24']/actions/forwarding", "drop");
}
SECTION("remove ACE")
{
expectedOutput = NFTABLES_OUTPUT_START;
- srSess->delete_item("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.0.0/24']");
+ srSess.deleteItem("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.0.0/24']");
}
SECTION("remove previous ACE and add another")
{
expectedOutput = NFTABLES_OUTPUT_START +
"add rule inet filter acls ip saddr 192.168.13.0/24 drop comment \"deny 192.168.13.0/24\"\n";
- srSess->delete_item("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.0.0/24']");
- srSess->set_item_str(
+ srSess.deleteItem("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.0.0/24']");
+ srSess.setItem(
"/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.13.0/24']/matches/ipv4/source-ipv4-network",
"192.168.13.0/24");
- srSess->set_item_str("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.13.0/24']/actions/forwarding", "drop");
+ srSess.setItem("/ietf-access-control-list:acls/acl[name='acls']/aces/ace[name='deny 192.168.13.0/24']/actions/forwarding", "drop");
}
SECTION("remove entire ACL")
{
expectedOutput = NFTABLES_OUTPUT_START;
- srSess->delete_item("/ietf-access-control-list:acls/acl[name='acls']");
+ srSess.deleteItem("/ietf-access-control-list:acls/acl[name='acls']");
}
REQUIRE_CALL(nft, consumeConfig(expectedOutput));
- srSess->apply_changes(1000, 1);
+ srSess.applyChanges(TIMEOUT);
}
}