config MACsec CLI

[Pterosaur]

What I did

Added support for MACsec config

How I did it

Add macsec.py and register macsec command in config/main.py

How to verify it

1. Add MACsec profile

config macsec profile add [OPTIONS] <profile_name>

2. Delete MACsec profile

config macsec profile del [OPTIONS] <profile_name>

3. Add MACsec port

 config macsec port add [OPTIONS] <port_name> <profile_name>

4. Delete MACsec port

 config macsec port del [OPTIONS] <port_name>

Previous command output (if the output of a command-line utility has changed)

New command output (if the output of a command-line utility has changed)

admin@sonic:$ sudo config macsec profile add -h
Usage: config macsec profile add [OPTIONS] <profile_name>

  Add MACsec profile

Options:
  --priority <priority>           For Key server election. In 0-255 range with
                                  0 being the highest priority.  [default:
                                  255]
  --cipher_suite <cipher_suite>   The cipher suite for MACsec.  [default: GCM-
                                  AES-128]
  --primary_cak <primary_cak>     Primary Connectivity Association Key.
                                  [required]
  --primary_ckn <primary_cak>     Primary CAK Name.  [required]
  --policy <policy>               MACsec policy. INTEGRITY_ONLY: All traffics,
                                  except EAPOL, will be converted to MACsec
                                  packets without encryption.SECURITY: All
                                  traffics, except EAPOL, will be encrypted by
                                  SecY.  [default: security]
  --enable_replay_protect / --disable_replay_protect
                                  Whether enable replay protect.  [default:
                                  False]
  --replay_window <enable_replay_protect>
                                  Replay window size that is the number of
                                  packets that could be out of order. This
                                  filed works only if ENABLE_REPLAY_PROTECT is
                                  true.  [default: 0]
  --send_sci / --no_send_sci      Whether send SCI.  [default: True]
  --rekey_period <rekey_period>   The period of proactively refresh (Unit
                                  second).  [default: 0]
  -?, -h, --help                  Show this message and exit.

admin@sonic:$ sudo config macsec profile del -h

Usage: config macsec profile del [OPTIONS] <profile_name>

  Delete MACsec profile

Options:
  -h, -?, --help  Show this message and exit.

admin@sonic$ sudo config macsec port add -h
Usage: config macsec port add [OPTIONS] <port_name> <profile_name>

  Add MACsec port

Options:
  -h, -?, --help  Show this message and exit.

admin@sonic$ sudo config macsec port del -h
Usage: config macsec port del [OPTIONS] <port_name>

  Delete MACsec port

Options:
  -h, -?, --help  Show this message and exit.

[lgtm-com]

This pull request introduces 1 alert when merging 5eda315 into 8ea834b - view on LGTM.com

new alerts:

• 1 for Unused import

[Pterosaur]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[Pterosaur]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[qbdwlr]

Minor typos: change traffics to traffic and add space between period and SECURITY.

[qbdwlr]

Minor typo: change filed to field.

[qbdwlr]

replay_period should be rekey_period

[qbdwlr]

I don't think there is any field called replay_period? There is only replay_window and rekey_period AFAIK?

[qbdwlr]

AFAIK, replay_period should be rekey_period?

[qbdwlr]

I have implemented and tested the changes I suggested above... You can find the updated files if you want to copy the changes in #1727

[Pterosaur]

MACsec CLI implemented by PR: sonic-net/sonic-buildimage#9390