[dash] add a retry for an ACL rule creation if a tag is not created y…

…et (sonic-net#2972) * [dash] add a retry for an ACL rule creation if a tag is not created yet
Pterosaur · Dec 13, 2023 · ff524e6 · ff524e6
1 parent 620db3d
commit ff524e6
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 0 deletions.
diff --git a/orchagent/dash/dashaclgroupmgr.cpp b/orchagent/dash/dashaclgroupmgr.cpp
@@ -477,6 +477,24 @@ task_process_status DashAclGroupMgr::createRule(const string& group_id, const st
     auto acl_rule_it = group.m_dash_acl_rule_table.find(rule_id);
     ABORT_IF_NOT(acl_rule_it == group.m_dash_acl_rule_table.end(), "Failed to create ACL rule %s. Rule already exist in ACL group %s", rule_id.c_str(), group_id.c_str());
 
+    for (const auto& tag_id : rule.m_src_tags)
+    {
+        if (!m_dash_acl_orch->getDashAclTagMgr().exists(tag_id))
+        {
+            SWSS_LOG_INFO("ACL tag %s doesn't exist, waiting for tag creating before creating rule %s", tag_id.c_str(), rule_id.c_str());
+            return task_need_retry;
+        }
+    }
+
+    for (const auto& tag_id : rule.m_dst_tags)
+    {
+        if (!m_dash_acl_orch->getDashAclTagMgr().exists(tag_id))
+        {
+            SWSS_LOG_INFO("ACL tag %s doesn't exist, waiting for tag creating before creating rule %s", tag_id.c_str(), rule_id.c_str());
+            return task_need_retry;
+        }
+    }
+
     createRule(group, rule);
 
     group.m_dash_acl_rule_table.emplace(rule_id, rule);

diff --git a/tests/test_dash_acl.py b/tests/test_dash_acl.py
@@ -812,6 +812,41 @@ def test_tag_remove(self, ctx):
         ctx.remove_prefix_tag(TAG_1)
         ctx.remove_prefix_tag(TAG_2)
 
+    def test_tag_create_delay(self, ctx):
+        ctx.create_acl_group(ACL_GROUP_1, IpVersion.IP_VERSION_IPV4)
+        ctx.asic_dash_acl_group_table.wait_for_n_keys(num_keys=1)[0]
+
+        # Create acl rule before the TAG1, TAG_2
+        ctx.create_acl_rule(ACL_GROUP_1, ACL_RULE_1,
+                            priority=1, action=Action.ACTION_PERMIT, terminating=False,
+                            src_tag=[TAG_1], dst_tag=[TAG_2],
+                            src_port=[PortRange(0,1)], dst_port=[PortRange(0,1)])
+
+        # The rule should not be created since the TAG_1, TAG_2 are not created yet
+        time.sleep(3)
+        ctx.asic_dash_acl_rule_table.wait_for_n_keys(num_keys=0)
+
+        tagsrc_prefixes = {"1.2.3.4/32", "5.6.0.0/16"}
+        ctx.create_prefix_tag(TAG_1, IpVersion.IP_VERSION_IPV4, tagsrc_prefixes)
+
+        # The rule should not be created since the TAG_2 is not created yet
+        time.sleep(3)
+        ctx.asic_dash_acl_rule_table.wait_for_n_keys(num_keys=0)
+
+        tagdst_prefixes = {"10.20.30.40/32", "50.60.0.0/16"}
+        ctx.create_prefix_tag(TAG_2, IpVersion.IP_VERSION_IPV4, tagdst_prefixes)
+
+        rule_id= ctx.asic_dash_acl_rule_table.wait_for_n_keys(num_keys=1)[0]
+        rule_attr = ctx.asic_dash_acl_rule_table[rule_id]
+
+        assert prefix_list_to_set(rule_attr["SAI_DASH_ACL_RULE_ATTR_SIP"]) == tagsrc_prefixes
+        assert prefix_list_to_set(rule_attr["SAI_DASH_ACL_RULE_ATTR_DIP"]) == tagdst_prefixes
+
+        ctx.remove_acl_rule(ACL_GROUP_1, ACL_RULE_1)
+        ctx.remove_acl_group(ACL_GROUP_1)
+        ctx.remove_prefix_tag(TAG_1)
+        ctx.remove_prefix_tag(TAG_2)
+
 # Add Dummy always-pass test at end as workaroud
 # for issue when Flaky fail on final test it invokes module tear-down
 # before retrying