[macsec]: test macsec counters over rekey, and clear command

[liamkearney-msft]

• test macsec counters over rekey
• use show command for counters
• test sonic-clear macsec

Summary:
Fixes #13347

Type of change

• Bug fix
• Testbed and Framework(new/improvement)
• [ x] Test case(new/improvement)

Back port request

• 202012
• 202205
• 202305
• 202311
• [x ] 202405

Approach

What is the motivation for this PR?

Fix test gap by adding sonic-clear macsec tests and testing over rekeys

How did you verify/test it?

Ran on macsec t2 chassis, using profiles with rekeys and without
https://elastictest.org/scheduler/testplan/6720229a42c9736d8d478924

[liamkearney-msft]

Note that the test across rekey is a known failure - see : sonic-net/sonic-buildimage#19311

[arlakshm]

This command is support at the Linecard level. We can get the output from duthost?

[arlakshm]

changes lgtm. couple of minor comments

[arlakshm]

I think we do not have get te asic instance here the. show macsec works on the linecard level

[liamkearney-msft]

@arlakshm I've addressed your comments, and also updated macsec setup to use config commands rather than poking the configdb directly. Would appreciate a re-review

[liamkearney-msft]

pipeline is failing due to a bug in config macsec command - If a port has macsec config deleted without it existing, the command crashes with the following backtrace:

Traceback (most recent call last):
  File "/usr/local/bin/config", line 8, in <module>
    sys.exit(config())
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/config/plugins/macsec.py", line 87, in del_port
    del port_entry['macsec']
KeyError: 'macsec'

Ticket in buildimage for this : sonic-net/sonic-buildimage#20631

[liamkearney-msft]

Ive reverted the change to use config - will address in future PR

[judyjoseph]

@liamkearney-msft I feel it is good to have a separate test : test_clear_counters : than modifying the existing counter test.

Additionally, as a first step let us add the test to do clear counters functionality without rekey. We have a Brcm CSP still open (sonic-net/sonic-buildimage#19311) to fix the clear counters after rekey. Will enhance the test_clear_counters for rekey once this fix is merged.

[liamkearney-msft]

@liamkearney-msft I feel it is good to have a separate test : test_clear_counters : than modifying the existing counter test.

Additionally, as a first step let us add the test to do clear counters functionality without rekey. We have a Brcm CSP still open (sonic-net/sonic-buildimage#19311) to fix the clear counters after rekey. Will enhance the test_clear_counters for rekey once this fix is merged.

Sure. Will close this and reopen with "just counters", and another with "test across rekey"