Updated for new R24.3 ACL syntax, add per-ACL stats (#366)

* * Updated for new R24.3 ACL syntax * Generate per-ACL stats by default, add option 'nostats' to disable * add test and update documentation * Update poetry lock * * Add test case for pre2024 * Fix mixed ACL output
aerleon · Apr 15, 2024 · d971eb0 · d971eb0
1 parent 8ba9321
commit d971eb0
Show file tree

Hide file tree

Showing 19 changed files with 496 additions and 265 deletions.
diff --git a/aerleon/lib/nokiasrl.py b/aerleon/lib/nokiasrl.py
@@ -60,9 +60,16 @@
 )
 Entries = TypedDict(
     "Entries",
-    {"entry": List[ACLEntry], "description": str, "name": str, "_annotate": str},
+    {
+        "entry": List[ACLEntry],
+        "description": str,
+        "name": str,
+        "type": str,
+        "_annotate": str,
+        "statistics-per-entry": bool,
+    },
 )
-IPFilters = TypedDict("IPFilters", {"ipv4-filter": Entries, "ipv6-filter": Entries})
+IPFilters = TypedDict("IPFilters", {"acl-filter": Entries})
 
 
 # generic error class
@@ -216,32 +223,41 @@ def _InitACLSet(self) -> None:
         self.acl_sets: List[IPFilters] = []
 
     def _TranslateTerms(
-        self, terms: List[Term], address_family: str, filter_name: str, hdr_comments: List[str]
+        self,
+        terms: List[Term],
+        address_family: str,
+        filter_name: str,
+        hdr_comments: List[str],
+        filter_options: List[str],
     ) -> None:
-        srl_acl_entries: List[ACLEntry] = []
+        srl_acl_entries: Dict[str, List[ACLEntry]] = {'inet': [], 'inet6': []}
+        afs = ['inet', 'inet6'] if address_family == 'mixed' else [address_family]
         for term in terms:
-            # Handle mixed for each indvidual term as inet and inet6.
-            # inet/inet6 are treated the same.
-            term_address_families = []
-            if address_family == 'mixed':
-                term_address_families = ['inet', 'inet6']
-            else:
-                term_address_families = [address_family]
-            for term_af in term_address_families:
+            for term_af in afs:
                 t = SRLTerm(term, term_af)
                 for rule in t.ConvertToDict():
                     self.total_rule_count += 1
-                    rule['sequence-id'] = (len(srl_acl_entries) + 1) * 5
-                    srl_acl_entries.append(rule)
+                    rule['sequence-id'] = (len(srl_acl_entries[term_af]) + 1) * 5
+                    srl_acl_entries[term_af].append(rule)
         desc = "_".join(hdr_comments)[:255] if hdr_comments else ""
-        ip_filter = {
-            'ipv4-filter'
-            if address_family == 'inet'
-            else 'ipv6-filter': {
-                '_annotate': " ".join(aclgenerator.AddRepositoryTags()),
-                'description': desc,
-                'entry': srl_acl_entries,
-                'name': filter_name,
-            }
-        }
-        self.acl_sets.append(ip_filter)
+
+        for af in srl_acl_entries.keys():
+            if srl_acl_entries[af]:
+                # Accomodate pre-2024 filter syntax if requested
+                if 'pre2024' in filter_options:
+                    key = "ipv4-filter" if af == 'inet' else "ipv6-filter"
+                else:
+                    key = "acl-filter"
+
+                ip_filter = {
+                    key: {
+                        '_annotate': " ".join(aclgenerator.AddRepositoryTags()),
+                        'name': filter_name,
+                        'description': desc,
+                        'statistics-per-entry': 'nostats' not in filter_options,
+                        'entry': srl_acl_entries[af],
+                    }
+                }
+                if 'pre2024' not in filter_options:
+                    ip_filter[key]['type'] = "ipv4" if af == 'inet' else "ipv6"
+                self.acl_sets.append(ip_filter)
diff --git a/aerleon/lib/openconfig.py b/aerleon/lib/openconfig.py
@@ -321,12 +321,19 @@ def _TranslatePolicy(self, pol: policy.Policy, exp_info: int) -> None:
                 if i in filter_options:
                     address_family = i
                     filter_options.remove(i)
-            self._TranslateTerms(terms, address_family, filter_name, header.comment)
+            self._TranslateTerms(
+                terms, address_family, filter_name, header.comment, filter_options
+            )
 
         logging.info('Total rule count of policy %s is: %d', filter_name, self.total_rule_count)
 
     def _TranslateTerms(
-        self, terms: List[Term], address_family: str, filter_name: str, hdr_comments: List[str]
+        self,
+        terms: List[Term],
+        address_family: str,
+        filter_name: str,
+        hdr_comments: List[str],
+        filter_options: List[str],
     ) -> None:
         """
         Factor out the translation of terms, such that it can be overridden by subclasses

diff --git a/docs/reference/generators.md b/docs/reference/generators.md
@@ -1083,14 +1083,15 @@ The Nokia SR Linux header designation has the following format:
 
 ```yaml
 targets:
-    nokiasrl: {section_name} {inet|inet6|mixed} section-id
+    nokiasrl: {section_name} {inet|inet6|mixed} {nostats} {pre2024}
 ```
 
 * _section_name_: specifies the name of the section all terms in this header apply to.
 * _inet_: specifies that the resulting filter should only render IPv4 addresses.
 * _inet6_: specifies that the resulting filter should only render IPv6 addresses.
 * _mixed_: specifies that the resulting filter should render both IPv4 and IPv6 addresses.
-* _section-id_: specifies the id for the section (optional)
+* _nostats_: Do not collect stats for ACL entries (default: enable per ACL stats)
+* _pre2024_: Use old format (pre release 24.3.1)
 
 (Required keywords option and verbatim are not supported)