Update ixia-c/snappi to fix #357 (TLS 1.0/1.1 security concerns) #372 (…

…#384)

* Update config file

* Use newer snappi in SAI-Challenger.

* Update SAI Challenger, snappi, ixia-c to fix #357 TLS 1.0 and 1.1 security risk in ixiac Controller.
This requires changes to various dockerfiles. Added long-overdue dependencies to Makefile to rebuild Docker base images as needed.

* Updated to latest SAI Challenger which includes updated snappi.

.gitmodules

@@ -4,5 +4,5 @@
 	branch = dash-ptf-ci
 [submodule "test/SAI-Challenger"]
 	path = test/SAI-Challenger
-	url = https://github.com/opencomputeproject/SAI-Challenger
+	url = https://github.com/opencomputeproject/SAI-Challenger.git
 	branch = main

dash-pipeline/Makefile

@@ -411,6 +411,9 @@ docker-publish-saithrift-bldr:
 DOCKER_SAITHRIFT_CLIENT_BLDR_IMG_TAG = $(shell cat dockerfiles/Dockerfile.saithrift-client-bldr | $(SHA1SUM))
 DOCKER_SAITHRIFT_CLIENT_BLDR_IMG = $(DOCKER_SAITHRIFT_CLIENT_BLDR_IMG_NAME):$(DOCKER_SAITHRIFT_CLIENT_BLDR_IMG_TAG)
 
+docker-saithrift-client-bldr-image-exists:
+	docker images --format "{{.Repository}}:{{.Tag}}" |grep $(DOCKER_SAITHRIFT_CLIENT_BLDR_IMG) || make docker-saithrift-client-bldr
+
 docker-saithrift-client-bldr:
 	{ [ x$(ENABLE_DOCKER_PULL) == xy ] && docker pull $(DOCKER_SAITHRIFT_CLIENT_BLDR_IMG); } || \
 	docker build \
@@ -440,7 +443,7 @@ docker-publish-saithrift-client-bldr:
 
 # Client image, rebuild any time SAI interface changes
 # TODO - add sai header (inc/ and experimental) dependencies
-docker-saithrift-client:
+docker-saithrift-client: docker-saithrift-client-bldr-image-exists
 	docker build \
 		-f dockerfiles/Dockerfile.saithrift-client \
 	    -t $(DOCKER_SAITHRIFT_CLIENT_IMG) \
@@ -655,6 +658,10 @@ endif
 DOCKER_SAI_CHALLENGER_CLIENT_BLDR_IMG_TAG = $(shell cat dockerfiles/Dockerfile.saichallenger-client-bldr | $(SHA1SUM))
 DOCKER_SAI_CHALLENGER_CLIENT_BLDR_IMG = $(DOCKER_SAI_CHALLENGER_CLIENT_BLDR_IMG_NAME):$(DOCKER_SAI_CHALLENGER_CLIENT_BLDR_IMG_TAG)
 
+
+docker-saichallenger-client-bldr-image-exists:
+	docker images --format "{{.Repository}}:{{.Tag}}" |grep $(DOCKER_SAI_CHALLENGER_CLIENT_BLDR_IMG) || make docker-saichallenger-client-bldr
+
 docker-saichallenger-client-bldr:
 	{ [ x$(ENABLE_DOCKER_PULL) == xy ] && docker pull $(DOCKER_SAI_CHALLENGER_CLIENT_BLDR_IMG); } || \
 		{ pushd $(SAI_CHALLENGER_PATH) && git submodule update --init && ./build.sh -i client && popd; \
@@ -674,7 +681,7 @@ docker-publish-saichallenger-client-bldr:
 docker-pull-saichallenger-client-bldr:
 	docker pull $(DOCKER_SAI_CHALLENGER_CLIENT_BLDR_IMG)
 
-docker-saichallenger-client: docker-saichallenger-client-bldr
+docker-saichallenger-client: docker-saichallenger-client-bldr-image-exists
 	docker build \
 		-f dockerfiles/Dockerfile.saichallenger-client \
 		-t $(DOCKER_SAI_CHALLENGER_CLIENT_IMG) \

dash-pipeline/dockerfiles/DOCKER_SAITHRIFT_CLIENT_BLDR_IMG.env

@@ -2,4 +2,4 @@
 # Changing this will cause build/publish to occur in CI actions
 export DASH_ACR_REGISTRY=sonicdash.azurecr.io
 export DOCKER_SAITHRIFT_CLIENT_BLDR_IMG_NAME?=${DASH_ACR_REGISTRY}/dash-saithrift-client-bldr
-export DOCKER_SAITHRIFT_CLIENT_BLDR_IMG_CTAG?=220819
+export DOCKER_SAITHRIFT_CLIENT_BLDR_IMG_CTAG?=230523

dash-pipeline/dockerfiles/Dockerfile.saichallenger-client-bldr

@@ -1,5 +1,5 @@
 # Requires <url of sai-challenger branch> <commit sha> or something
-# sc-client:230601
+# sc-client:230607
 FROM sc-client
 
 ADD tests/ /tests/

dash-pipeline/dockerfiles/Dockerfile.saithrift-client

@@ -1,5 +1,5 @@
 
-FROM sonicdash.azurecr.io/dash-saithrift-client-bldr:220819
+FROM sonicdash.azurecr.io/dash-saithrift-client-bldr:230523
 LABEL maintainer="SONiC-DASH Community "
 LABEL description="This Docker image contains the toolchain to run\
 the saithrift client and test programs for DASH."

dash-pipeline/dockerfiles/Dockerfile.saithrift-client-bldr

@@ -6,6 +6,7 @@ LABEL maintainer="SONiC-DASH Community "
 LABEL description="This Docker image contains the toolchain to build and install \
 the saithrift client and test programs for DASH. It does not contain thrift/saithrift libraries"
 ADD requirements.txt /tests/
+# ctag 230523
 
 # Below we build the baseline set of tools to run saithrift client tests
 # Contents do not include the thrift and saithrift client libraries, which need

dash-pipeline/tests/requirements.txt

@@ -1,2 +1,2 @@
-snappi==0.9.4
+snappi==0.11.14
 pytest>=6.0.1

test/requirements.txt

@@ -1,2 +1,2 @@
-snappi==0.9.4
-pytest>=6.0.1
+snappi==0.11.14
+pytest=>=6.0.1

test/test-cases/functional/saic/sai_dpu_client_server_snappi.json

@@ -20,7 +20,7 @@
       "alias": "ixia",
       "type": "snappi",
       "mode": "ixia_c",
-      "controller": "https://127.0.0.1:443",
+      "controller": "https://127.0.0.1:8443",
       "port_groups": [
         {"alias": 0, "name": "veth1", "speed": "10G"},
         {"alias": 1, "name": "veth3", "speed": "10G"}

test/test-cases/scale/saic/sai_dpu_client_server_snappi.json

@@ -20,7 +20,7 @@
       "alias": "ixia",
       "type": "snappi",
       "mode": "ixia_c",
-      "controller": "https://127.0.0.1:443",
+      "controller": "https://127.0.0.1:8443",
       "port_groups": [
         {"alias": 0, "name": "veth1", "speed": "10G"},
         {"alias": 1, "name": "veth3", "speed": "10G"}

test/third-party/traffic_gen/deployment/.env

@@ -1,6 +1,6 @@
 DOCKER_REGISTRY=ghcr.io/open-traffic-generator
-CONTROLLER_VERSION=0.0.1-3587
-TRAFFIC_ENGINE_VERSION=1.6.0.19
+CONTROLLER_VERSION=0.0.1-4064
+TRAFFIC_ENGINE_VERSION=1.6.0.35
 IFC1=veth1
 IFC2=veth3
 TCP_PORT_IFC1=5555