From ff524e6dc828a8dca2f4bf6fccabc819e77710f0 Mon Sep 17 00:00:00 2001
From: Yakiv Huryk <62013282+Yakiv-Huryk@users.noreply.github.com>
Date: Wed, 13 Dec 2023 21:45:00 +0200
Subject: [PATCH] [dash] add a retry for an ACL rule creation if a tag is not
 created yet (#2972)

* [dash] add a retry for an ACL rule creation if a tag is not created yet
---
 orchagent/dash/dashaclgroupmgr.cpp | 18 +++++++++++++++
 tests/test_dash_acl.py             | 35 ++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+)

diff --git a/orchagent/dash/dashaclgroupmgr.cpp b/orchagent/dash/dashaclgroupmgr.cpp
index 5563a3af2f..3b5a87db49 100644
--- a/orchagent/dash/dashaclgroupmgr.cpp
+++ b/orchagent/dash/dashaclgroupmgr.cpp
@@ -477,6 +477,24 @@ task_process_status DashAclGroupMgr::createRule(const string& group_id, const st
     auto acl_rule_it = group.m_dash_acl_rule_table.find(rule_id);
     ABORT_IF_NOT(acl_rule_it == group.m_dash_acl_rule_table.end(), "Failed to create ACL rule %s. Rule already exist in ACL group %s", rule_id.c_str(), group_id.c_str());
 
+    for (const auto& tag_id : rule.m_src_tags)
+    {
+        if (!m_dash_acl_orch->getDashAclTagMgr().exists(tag_id))
+        {
+            SWSS_LOG_INFO("ACL tag %s doesn't exist, waiting for tag creating before creating rule %s", tag_id.c_str(), rule_id.c_str());
+            return task_need_retry;
+        }
+    }
+
+    for (const auto& tag_id : rule.m_dst_tags)
+    {
+        if (!m_dash_acl_orch->getDashAclTagMgr().exists(tag_id))
+        {
+            SWSS_LOG_INFO("ACL tag %s doesn't exist, waiting for tag creating before creating rule %s", tag_id.c_str(), rule_id.c_str());
+            return task_need_retry;
+        }
+    }
+
     createRule(group, rule);
 
     group.m_dash_acl_rule_table.emplace(rule_id, rule);
diff --git a/tests/test_dash_acl.py b/tests/test_dash_acl.py
index 87ff5fa9ca..c85fbf532b 100644
--- a/tests/test_dash_acl.py
+++ b/tests/test_dash_acl.py
@@ -812,6 +812,41 @@ def test_tag_remove(self, ctx):
         ctx.remove_prefix_tag(TAG_1)
         ctx.remove_prefix_tag(TAG_2)
 
+    def test_tag_create_delay(self, ctx):
+        ctx.create_acl_group(ACL_GROUP_1, IpVersion.IP_VERSION_IPV4)
+        ctx.asic_dash_acl_group_table.wait_for_n_keys(num_keys=1)[0]
+
+        # Create acl rule before the TAG1, TAG_2
+        ctx.create_acl_rule(ACL_GROUP_1, ACL_RULE_1,
+                            priority=1, action=Action.ACTION_PERMIT, terminating=False,
+                            src_tag=[TAG_1], dst_tag=[TAG_2],
+                            src_port=[PortRange(0,1)], dst_port=[PortRange(0,1)])
+
+        # The rule should not be created since the TAG_1, TAG_2 are not created yet
+        time.sleep(3)
+        ctx.asic_dash_acl_rule_table.wait_for_n_keys(num_keys=0)
+
+        tagsrc_prefixes = {"1.2.3.4/32", "5.6.0.0/16"}
+        ctx.create_prefix_tag(TAG_1, IpVersion.IP_VERSION_IPV4, tagsrc_prefixes)
+
+        # The rule should not be created since the TAG_2 is not created yet
+        time.sleep(3)
+        ctx.asic_dash_acl_rule_table.wait_for_n_keys(num_keys=0)
+
+        tagdst_prefixes = {"10.20.30.40/32", "50.60.0.0/16"}
+        ctx.create_prefix_tag(TAG_2, IpVersion.IP_VERSION_IPV4, tagdst_prefixes)
+
+        rule_id= ctx.asic_dash_acl_rule_table.wait_for_n_keys(num_keys=1)[0]
+        rule_attr = ctx.asic_dash_acl_rule_table[rule_id]
+
+        assert prefix_list_to_set(rule_attr["SAI_DASH_ACL_RULE_ATTR_SIP"]) == tagsrc_prefixes
+        assert prefix_list_to_set(rule_attr["SAI_DASH_ACL_RULE_ATTR_DIP"]) == tagdst_prefixes
+
+        ctx.remove_acl_rule(ACL_GROUP_1, ACL_RULE_1)
+        ctx.remove_acl_group(ACL_GROUP_1)
+        ctx.remove_prefix_tag(TAG_1)
+        ctx.remove_prefix_tag(TAG_2)
+
 # Add Dummy always-pass test at end as workaroud
 # for issue when Flaky fail on final test it invokes module tear-down
 # before retrying