Add time-based ACL support #11989
Add time-based ACL support #11989
Conversation
Signed-off-by: bingwang <[email protected]>
Signed-off-by: bingwang <[email protected]>
wsycqyz
requested review from
dgsudharsan,
qiluo-msft and
lguohan
as code owners
|
Let's mark this as draft here since the HLD is still under reviewing |
Sure. |
| @@ -288,3 +288,19 @@ dependent_startup_wait_for=swssconfig:exited | |||
| environment=ASAN_OPTIONS="log_path=/var/log/asan/fdbsyncd-asan.log{{ asan_extra_options }}" | |||
| {% endif %} | |||
| {%- endif %} | |||
|
|
|||
| {% if DEVICE_METADATA.localhost.type %} | |||
| {% if DEVICE_METADATA.localhost.type == "BmcMgmtToRRouter" %} | |||
There was a problem hiding this comment.
Should we use a more general flag?
Such as add a time_based_acl: enabled in device metadata?
|
Could you share the HLD link in PR description? |
|
i feel there are quite a few concerns on the hld from the community? can we see how we address those concerns? |
PR description is updated. |
The questions are concerns are well collected. As Jing is on DRI until Friday, I will have a meeting with him next Monday to address these questions and concerns. |
Why I did it
Add time-based ACL support for:
How I did it
Modify code according to HLD: Dynamic-ACL-Design.md (Currently is under PR review)
sonic-net/SONiC#1078
How to verify it
See HLD unit test and system test.
Which release branch to backport (provide reason below if selected)
Description for the changelog
Link to config_db schema for YANG module changes
src/sonic-yang-models/yang-templates/sonic-time-based-acl.yang.j2
A picture of a cute animal (not mandatory but encouraged)