[agent] remove acl from iface before deleting subifaces

githedgehog · Dec 17, 2023 · 567de6b · 567de6b
1 parent bb1f2c2
commit 567de6b
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/pkg/agent/dozer/bcm/enforcer.go b/pkg/agent/dozer/bcm/enforcer.go
@@ -74,6 +74,7 @@ const (
 
 	ActionWeightInterfaceSubinterfaceIPsDelete
 	ActionWeightVRFInterfaceDelete
+	ActionWeightACLInterfaceDelete
 	ActionWeightInterfaceSubinterfaceDelete
 	ActionWeightInterfaceSubinterfaceUpdate
 	ActionWeightVRFInterfaceUpdate
@@ -152,7 +153,6 @@ const (
 	ActionWeightInterfaceVLANIPsDelete
 	ActionWeightInterfaceVLANAnycastGatewayDelete
 
-	ActionWeightACLInterfaceDelete
 	ActionWeightACLBaseDelete
 
 	ActionWeightInterfaceBaseDelete

diff --git a/pkg/agent/dozer/bcm/plan.go b/pkg/agent/dozer/bcm/plan.go
@@ -1552,6 +1552,10 @@ func planExternalPeerings(agent *agentapi.Agent, spec *dozer.Spec) error {
 			spec.VRFs[vpcVrf].Interfaces[sub1] = &dozer.SpecVRFInterface{}
 			spec.VRFs[ipnsVrf].Interfaces[sub2] = &dozer.SpecVRFInterface{}
 
+			spec.ACLInterfaces[sub1] = &dozer.SpecACLInterface{
+				Egress: stringPtr(ipnsEgressAccessList(external.IPv4Namespace)),
+			}
+
 			for _, subnetName := range peering.Permit.VPC.Subnets {
 				subnet, exists := vpc.Subnets[subnetName]
 				if !exists {