You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GCU Field validation for interface fields fec and speed is not properly done with as a result to result with not-allowed configuartion.
The check is applied in CLI command thus prevents the faulty config, while in config apply-patch check fails and faulty value is allowed to be configured.
The issue is that statedb read is failed and function read_statedb_entry returns empty for supported_fecs, thus the code in _validate_field sets as supported_fecs_list the DEFAULT_SUPPORTED_FECS_LIST. However the DEFAULT_SUPPORTED_FECS_LIST include the value 'fc' that is not supported for the platform. This results to accept the value 'fc; when applying patch and eventually the confoig change to erronneously succeed.
The empty value from the read in statedb might indicate an attempt to read wrong namespace, please see below the manual fetches from database for the supported_fec values. You will see the success values returned when using correct namespace (asic0 for Ethernet0) while getting empty value "" when erronneously trying to fetch value from namespace localhost.
$ sudo config apply-patch fec.json
Patch Applier: asic0: Patch application starting.
Patch Applier: asic0: Patch: [{"op": "add", "path": "/PORT/Ethernet0/fec", "value": "fc"}]
Patch Applier: asic0 getting current config db.
Patch Applier: asic0: simulating the target full config after applying the patch.
Patch Applier: asic0: validating all JsonPatch operations are permitted on the specified fields
Patch Applier: asic0: validating target config does not have empty tables,
since they do not show up in ConfigDb.
Patch Applier: asic0: sorting patch updates.
Patch Applier: The asic0 patch was converted into 1 change:
Patch Applier: asic0: applying 1 change in order:
Patch Applier: * [{"op": "add", "path": "/PORT/Ethernet0/fec", "value": "fc"}]
Patch Applier: asic0: verifying patch updates are reflected on ConfigDB.
Patch Applier: asic0 patch application completed.
Patch applied successfully.
$ show int status Ethernet0
Interface Lanes Speed MTU FEC Alias Vlan Oper Admin Type Asym PFC
----------- ----------------------- ------- ----- ----- ----------- -------------- ------ ------- ----------------------------------------------- ----------
Ethernet0 72,73,74,75,76,77,78,79 400G 9100 fc Ethernet1/1 PortChannel101 up up QSFP-DD Double Density 8X Pluggable Transceiver off
$
Describe the results you expected
Apply-patch should have failed as value "fec" is not in supported values for the duthost.
Please check the output when trying to apply the same config change via CLI:
$ sudo config interface -n asic0 fec Ethernet0 fc
fec fc is not in ['rs']
Additional information you deem important (e.g. issue happens only occasionally)
Description
GCU Field validation for interface fields fec and speed is not properly done with as a result to result with not-allowed configuartion.
The check is applied in CLI command thus prevents the faulty config, while in config apply-patch check fails and faulty value is allowed to be configured.
Analysis of Failure/Debugging
Based on debugging it seems that there is a failure in function read_statedb_entry for multi-asic duthost:
https://github.com/sonic-net/sonic-utilities/blob/772ee793d067be40eeb8779d20b645aa7f97ea30/generic_config_updater/field_operation_validators.py#L136
The code results there in below order:
The issue is that statedb read is failed and function read_statedb_entry returns empty for supported_fecs, thus the code in _validate_field sets as supported_fecs_list the DEFAULT_SUPPORTED_FECS_LIST. However the DEFAULT_SUPPORTED_FECS_LIST include the value 'fc' that is not supported for the platform. This results to accept the value 'fc; when applying patch and eventually the confoig change to erronneously succeed.
The empty value from the read in statedb might indicate an attempt to read wrong namespace, please see below the manual fetches from database for the supported_fec values. You will see the success values returned when using correct namespace (asic0 for Ethernet0) while getting empty value "" when erronneously trying to fetch value from namespace localhost.
Steps to reproduce the issue
Describe the results you received
Describe the results you expected
Apply-patch should have failed as value "fec" is not in supported values for the duthost.
Please check the output when trying to apply the same config change via CLI:
Additional information you deem important (e.g. issue happens only occasionally)
Output of
show version
The text was updated successfully, but these errors were encountered: