diff --git a/dockers/docker-macsec/cli-plugin-tests/conftest.py b/dockers/docker-macsec/cli-plugin-tests/conftest.py index 8812a8dd2ce3..827c4e18d150 100644 --- a/dockers/docker-macsec/cli-plugin-tests/conftest.py +++ b/dockers/docker-macsec/cli-plugin-tests/conftest.py @@ -22,8 +22,12 @@ def set_entry(table, key, data): CONFIG[table].setdefault(key, {}) CONFIG[table][key] = data + def get_keys(table): + return CONFIG[table].keys() + cfgdb.get_entry = mock.Mock(side_effect=get_entry) cfgdb.set_entry = mock.Mock(side_effect=set_entry) + cfgdb.get_keys = mock.Mock(side_effect=get_keys) yield cfgdb diff --git a/dockers/docker-macsec/cli-plugin-tests/test_config_macsec.py b/dockers/docker-macsec/cli-plugin-tests/test_config_macsec.py index c0c0d25d38c4..d7f008625803 100644 --- a/dockers/docker-macsec/cli-plugin-tests/test_config_macsec.py +++ b/dockers/docker-macsec/cli-plugin-tests/test_config_macsec.py @@ -18,7 +18,7 @@ class TestConfigMACsec(object): def test_plugin_registration(self): cli = mock.MagicMock() macsec.register(cli) - cli.commands['macsec'].add_command.assert_called_once_with(macsec.macsec) + cli.add_command.assert_called_once_with(macsec.macsec) def test_default_profile(self, mock_cfgdb): runner = CliRunner() @@ -118,6 +118,9 @@ def test_macsec_port(self, mock_cfgdb): assert port_table assert port_table["macsec"] == "test" + result = runner.invoke(macsec.macsec.commands["profile"].commands["del"], ["test"], obj=db) + assert result.exit_code != 0 + result = runner.invoke(macsec.macsec.commands["port"].commands["del"], ["Ethernet0"], obj=db) assert result.exit_code == 0, "exit code: {}, Exception: {}, Traceback: {}".format(result.exit_code, result.exception, result.exc_info) port_table = db.cfgdb.get_entry("PORT", "Ethernet0") diff --git a/dockers/docker-macsec/cli/config/plugins/macsec.py b/dockers/docker-macsec/cli/config/plugins/macsec.py index 53578f0c7e8c..e5bc628b8cd0 100644 --- a/dockers/docker-macsec/cli/config/plugins/macsec.py +++ b/dockers/docker-macsec/cli/config/plugins/macsec.py @@ -164,11 +164,17 @@ def del_profile(db, profile): if len(profile_entry) == 0: ctx.fail("{} doesn't exist".format(profile)) + # Check if the profile is being used by any port + for port in db.cfgdb.get_keys('PORT'): + attr = db.cfgdb.get_entry('PORT', port) + if 'macsec' in attr and attr['macsec'] == profile: + ctx.fail("{} is being used by port {}, Please remove the MACsec from the port firstly".format(profile, port)) + db.cfgdb.set_entry("MACSEC_PROFILE", profile, None) def register(cli): - cli.commands['macsec'].add_command(macsec) + cli.add_command(macsec) if __name__ == '__main__': diff --git a/rules/docker-macsec.mk b/rules/docker-macsec.mk index c364f60a60d1..f31b0f6cf1ef 100644 --- a/rules/docker-macsec.mk +++ b/rules/docker-macsec.mk @@ -17,14 +17,16 @@ $(DOCKER_MACSEC)_LOAD_DOCKERS += $(DOCKER_CONFIG_ENGINE_BULLSEYE) $(DOCKER_MACSEC)_INSTALL_PYTHON_WHEELS = $(SONIC_UTILITIES_PY3) $(DOCKER_MACSEC)_INSTALL_DEBS = $(PYTHON3_SWSSCOMMON) $(LIBYANG_PY3) -ifeq ($(INCLUDE_MACSEC), y) -SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_MACSEC) -endif +SONIC_DOCKER_IMAGES += $(DOCKER_MACSEC) +SONIC_DOCKER_DBG_IMAGES += $(DOCKER_MACSEC_DBG) -ifeq ($(INCLUDE_MACSEC), y) -SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_MACSEC_DBG) +ifeq ($(INCLUDE_KUBERNETES),y) +$(DOCKER_MACSEC)_DEFAULT_FEATURE_OWNER = kube endif +$(DOCKER_MACSEC)_DEFAULT_FEATURE_STATE_ENABLED = y + + ifeq ($(INCLUDE_MACSEC),y) ifeq ($(INSTALL_DEBUG_TOOLS),y) SONIC_PACKAGES_LOCAL += $(DOCKER_MACSEC_DBG) @@ -41,8 +43,6 @@ $(DOCKER_MACSEC)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro $(DOCKER_MACSEC)_RUN_OPT += -v /host/warmboot:/var/warmboot $(DOCKER_MACSEC)_CLI_CONFIG_PLUGIN = /cli/config/plugins/macsec.py +# $(DOCKER_MACSEC)_CLI_SHOW_PLUGIN = /cli/show/plugins/show_macsec.py $(DOCKER_MACSEC)_FILES += $(SUPERVISOR_PROC_EXIT_LISTENER_SCRIPT) - -SONIC_BULLSEYE_DOCKERS += $(DOCKER_MACSEC) -SONIC_BULLSEYE_DBG_DOCKERS += $(DOCKER_MACSEC_DBG)