[cacl]: Fix fixture used in module level fixture. (sonic-net#5358)

What is the motivation for this PR?
fixes: sonic-net#5303
Issues:

Test case runs on rand_one_dut_hostname(randomly selected dut) but the module level fixture docker_network uses duthost(first dut in the testbed). This could cause mismatch when running on multi-dut testbed or chassis testbed.
rand_one_dut_hostname selects on hostname to run the test, but enum_frontend_asic_index fixture is invoked much earlier and enum_frontend_asic_index generates list of frontend asic index based on first DUT of a multi-dut testbed.
This can cause mismatch when running for chassis, where the rand_one_dut_hostname and enum_frontend_asic_index might not match. So modify to use enum_rand_one_per_hwsku_hostname.
In case of chassis, the test case will now run for one of the LC and Supervisor. When running on supervisor, it will not have any frontend_asic_index which can cause failure in verify_nat_cacl, so ensure that nat_cacl check is run only when asic_index is not None.
How did you do it?
Run on each hwsku in testbed.
Fix docker_network() to use the correct hostname.
Execute verify_nat_cacl only when asic_index is not None.
How did you verify/test it?
Verified on chassis.

Author: SuvarnaMeenakshi

tests/cacl/test_cacl_application.py

@@ -61,8 +61,9 @@ def expected_dhcp_rules_for_standby(duthost_dualtor):
     return expected_dhcp_rules
 
 @pytest.fixture(scope="module")
-def docker_network(duthost):
+def docker_network(duthosts, enum_rand_one_per_hwsku_hostname):
 
+    duthost = duthosts[enum_rand_one_per_hwsku_hostname]
     output = duthost.command("docker inspect bridge")
 
     docker_containers_info = json.loads(output['stdout'])[0]['Containers']
@@ -92,18 +93,18 @@ def docker_network(duthost):
     return docker_network
 
 @pytest.fixture(scope="function")
-def collect_ignored_rules(duthosts, rand_one_dut_hostname):
+def collect_ignored_rules(duthosts, enum_rand_one_per_hwsku_hostname):
     """
     Collect existing iptables rules before test, set them as ignored as they are not related to CACL test cases.
 
     Args:
         duthosts: All DUTs belong to the testbed.
-        rand_one_dut_hostname: hostname of a random chosen dut to run test.
+        enum_rand_one_per_hwsku_hostname: hostname of a random chosen dut to run test.
 
     Returns:
         None
     """
-    duthost = duthosts[rand_one_dut_hostname]
+    duthost = duthosts[enum_rand_one_per_hwsku_hostname]
 
     ignored_rules_v4 = duthost.command("iptables -S")["stdout_lines"]
     ignored_rules_v6 = duthost.command("ip6tables -S")["stdout_lines"]
@@ -114,20 +115,20 @@ def collect_ignored_rules(duthosts, rand_one_dut_hostname):
     return ignored_rules
 
 @pytest.fixture(scope="function")
-def clean_scale_rules(duthosts, rand_one_dut_hostname, collect_ignored_rules):
+def clean_scale_rules(duthosts, enum_rand_one_per_hwsku_hostname, collect_ignored_rules):
     """
     Clear other control ACL rules before test to avoid miscalucation,
     delete ACL template json file and clean ACL rules, recover configuration after test.
 
     Args:
         duthosts: All DUTs belong to the testbed.
-        rand_one_dut_hostname: hostname of a random chosen dut to run test.
+        enum_rand_one_per_hwsku_hostname: hostname of a random chosen dut to run test.
         collect_ignored_rules: ignored iptable/ip6table rules.
 
     Returns:
         None
     """
-    duthost = duthosts[rand_one_dut_hostname]
+    duthost = duthosts[enum_rand_one_per_hwsku_hostname]
 
     yield
 
@@ -805,15 +806,15 @@ def verify_nat_cacl(duthost, localhost, creds, docker_network, asic_index):
     unexpected_ip6tables_rules = set(actual_ip6tables_rules) - set(expected_ip6tables_rules)
     pytest_assert(len(unexpected_ip6tables_rules) == 0, "Unexpected ip6tables nat rules: {}".format(repr(unexpected_ip6tables_rules)))
 
-def test_cacl_application_nondualtor(duthosts, tbinfo, rand_one_dut_hostname, localhost, creds, docker_network):
+def test_cacl_application_nondualtor(duthosts, tbinfo, enum_rand_one_per_hwsku_hostname, localhost, creds, docker_network):
     """
     Test case to ensure caclmgrd is applying control plane ACLs properly
 
     This is done by generating our own set of expected iptables and ip6tables
     rules based on the DuT's configuration and comparing them against the
     actual iptables/ip6tables rules on the DuT.
     """
-    duthost = duthosts[rand_one_dut_hostname]
+    duthost = duthosts[enum_rand_one_per_hwsku_hostname]
     verify_cacl(duthost, tbinfo, localhost, creds, docker_network)
 
 def test_cacl_application_dualtor(duthost_dualtor, tbinfo, localhost, creds, docker_network, expected_dhcp_rules_for_standby):
@@ -826,23 +827,25 @@ def test_cacl_application_dualtor(duthost_dualtor, tbinfo, localhost, creds, doc
     """
     verify_cacl(duthost_dualtor, tbinfo, localhost, creds, docker_network, expected_dhcp_rules_for_standby)
 
-def test_multiasic_cacl_application(duthosts, tbinfo, rand_one_dut_hostname, localhost, creds, docker_network, enum_frontend_asic_index):
+def test_multiasic_cacl_application(duthosts, tbinfo, enum_rand_one_per_hwsku_hostname, localhost, creds, docker_network, enum_frontend_asic_index):
     """
     Test case to ensure caclmgrd is applying control plane ACLs properly on multi-ASIC platform.
     """
-    duthost = duthosts[rand_one_dut_hostname]
+    duthost = duthosts[enum_rand_one_per_hwsku_hostname]
     verify_cacl(duthost, tbinfo, localhost, creds, docker_network, None, enum_frontend_asic_index)
-    verify_nat_cacl(duthost, localhost, creds, docker_network, enum_frontend_asic_index)
+    # Check added to handle testing on supervisor which could be multi-asic dut without any frontend asic 
+    if enum_frontend_asic_index:
+        verify_nat_cacl(duthost, localhost, creds, docker_network, enum_frontend_asic_index)
 
-def test_cacl_scale_rules_ipv4(duthosts, rand_one_dut_hostname, collect_ignored_rules, clean_scale_rules):
+def test_cacl_scale_rules_ipv4(duthosts, enum_rand_one_per_hwsku_hostname, collect_ignored_rules, clean_scale_rules):
     """
     Test case to ensure cover scale rules for control plan ACL for ipv4
 
     This is done by collecting existing iptable rules as ingnored rules list, creating scale rules for SNMP-ACL, SSH-ONLY, NTP-ACL tables
     and generating our own set of expected iptables rules based on the DUT's configuration and comparing them against the actual iptables
     rules on the DuT.
     """
-    duthost = duthosts[rand_one_dut_hostname]
+    duthost = duthosts[enum_rand_one_per_hwsku_hostname]
     ignored_iptable_rules_v4 = collect_ignored_rules["v4"]
 
     generate_scale_rules(duthost, "ipv4")
@@ -868,15 +871,15 @@ def test_cacl_scale_rules_ipv4(duthosts, rand_one_dut_hostname, collect_ignored_
     unexpected_iptables_rules = set(actual_iptables_rules) - set(expected_iptables_rules) - set(ignored_iptable_rules_v4)
     pytest_assert(len(unexpected_iptables_rules) == 0, "Unexpected iptables rules: {}".format(repr(unexpected_iptables_rules)))
 
-def test_cacl_scale_rules_ipv6(duthosts, rand_one_dut_hostname, collect_ignored_rules, clean_scale_rules):
+def test_cacl_scale_rules_ipv6(duthosts, enum_rand_one_per_hwsku_hostname, collect_ignored_rules, clean_scale_rules):
     """
     Test case to ensure cover scale rules for control plan ACL for ipv6
 
     This is done by collecting existing ip6table rules as ingnored rules list, creating scale rules for SNMP-ACL, SSH-ONLY, NTP-ACL tables
     and generating our own set of expected ip6tables rules based on the DUT's configuration and comparing them against the actual ip6tables
     rules on the DuT.
     """
-    duthost = duthosts[rand_one_dut_hostname]
+    duthost = duthosts[enum_rand_one_per_hwsku_hostname]
     ignored_iptable_rules_v6 = collect_ignored_rules["v6"]
 
     generate_scale_rules(duthost, "ipv6")