Permit openconfig policy to include platform / platform_exclude.

This permits you to have the same base policy for more than just OpenConfig.

PiperOrigin-RevId: 603135359

capirca/lib/openconfig.py

@@ -193,9 +193,7 @@ def _BuildTokens(self):
     supported_tokens, supported_sub_tokens = super()._BuildTokens()
 
     # Remove unsupported things
-    supported_tokens -= {'platform',
-                         'platform_exclude',
-                         'icmp-type',
+    supported_tokens -= {'icmp-type',
                          'verbatim'}
 
     # OpenConfig ACL model only supports these three forwarding actions.
@@ -229,6 +227,14 @@ def _TranslatePolicy(self, pol, exp_info):
 
       for term in terms:
 
+        if term.platform_exclude:
+          if self._PLATFORM in term.platform_exclude:
+            continue
+
+        if term.platform:
+          if self._PLATFORM not in term.platform:
+            continue
+
         if term.expiration:
           if term.expiration <= exp_info_date:
             logging.info('INFO: Term %s in policy %s expires '

tests/lib/openconfig_test.py

@@ -87,6 +87,42 @@
 }
 """
 
+PLATFORM_EXCLUDE = """
+term excluded-term-2 {
+  comment:: "Allow TCP & UDP 53 with saddr/daddr."
+  source-address:: CORP_INTERNAL
+  action:: accept
+  platform-exclude:: openconfig
+}
+"""
+
+PLATFORM_EXCLUDE_NOTOC = """
+term not-excluded-term-1 {
+  comment:: "Allow TCP & UDP 53 with saddr/daddr."
+  source-address:: CORP_EXTERNAL
+  action:: accept
+  platform-exclude:: juniper
+}
+"""
+
+PLATFORM_OC = """
+term platform-term-1 {
+  comment:: "Allow TCP & UDP 53 with saddr/daddr."
+  source-address:: CORP_EXTERNAL
+  action:: accept
+  platform:: openconfig
+}
+"""
+
+PLATFORM_NOTOC = """
+term not-excluded-term-1 {
+  comment:: "Allow TCP & UDP 53 with saddr/daddr."
+  source-address:: CORP_EXTERNAL
+  action:: accept
+  platform:: juniper
+}
+"""
+
 GOOD_JSON_SADDR = """
 [
   {
@@ -338,10 +374,6 @@ def setUp(self):
     super().setUp()
     self.naming = mock.create_autospec(naming.Naming)
 
-  def _StripAclHeaders(self, acl):
-    return '\n'.join([line for line in str(acl).split('\n')
-                      if not line.lstrip().startswith('#')])
-
   def testSaddr(self):
     self.naming.GetNetAddr.return_value = TEST_IPS
 
@@ -352,6 +384,44 @@ def testSaddr(self):
 
     self.naming.GetNetAddr.assert_called_once_with('CORP_EXTERNAL')
 
+  def testPlatformExclude(self):
+    self.naming.GetNetAddr.return_value = TEST_IPS
+
+    acl = openconfig.OpenConfig(
+        policy.ParsePolicy(GOOD_HEADER + GOOD_SADDR + PLATFORM_EXCLUDE,
+                           self.naming), EXP_INFO)
+    expected = json.loads(GOOD_JSON_SADDR)
+    self.assertEqual(expected, json.loads(str(acl)))
+
+  def testPlatformExcludeNoTOC(self):
+    self.naming.GetNetAddr.return_value = TEST_IPS
+
+    acl = openconfig.OpenConfig(policy.ParsePolicy(
+        GOOD_HEADER + PLATFORM_EXCLUDE_NOTOC, self.naming), EXP_INFO)
+    expected = json.loads(GOOD_JSON_SADDR)
+    self.assertEqual(expected, json.loads(str(acl)))
+
+    self.naming.GetNetAddr.assert_called_once_with('CORP_EXTERNAL')
+
+  def testPlatformOC(self):
+    self.naming.GetNetAddr.return_value = TEST_IPS
+
+    acl = openconfig.OpenConfig(policy.ParsePolicy(
+        GOOD_HEADER + PLATFORM_OC, self.naming), EXP_INFO)
+    expected = json.loads(GOOD_JSON_SADDR)
+    self.assertEqual(expected, json.loads(str(acl)))
+
+    self.naming.GetNetAddr.assert_called_once_with('CORP_EXTERNAL')
+
+  def testPlatformJNPR(self):
+    self.naming.GetNetAddr.return_value = TEST_IPS
+
+    acl = openconfig.OpenConfig(policy.ParsePolicy(
+        GOOD_HEADER + GOOD_SADDR + PLATFORM_NOTOC, self.naming), EXP_INFO)
+    expected = json.loads(GOOD_JSON_SADDR)
+    self.assertEqual(expected, json.loads(str(acl)))
+
+
   def testDaddr(self):
     self.naming.GetNetAddr.return_value = TEST_IPS