From ab53324249409c115e24bfb85b60fcaa09433407 Mon Sep 17 00:00:00 2001 From: AnantKishorSharma Date: Fri, 12 Jun 2026 16:40:02 +0530 Subject: [PATCH] sonic-yang-models: add POLICER_ACTION leafref to ACL_RULE Add a POLICER_ACTION leaf to ACL_RULE in the sonic-acl YANG model as a leafref to /sonic-policer/POLICER/POLICER_LIST/name, so that an ACL rule with a policer action passes config validation (config reload, GCU, load_minigraph). Without it, a CONFIG_DB rule carrying POLICER_ACTION is rejected at YANG validation before reaching orchagent. Add positive (valid policer reference) and negative (non-existent policer -> LeafRef error) test cases. Signed-off-by: AnantKishorSharma --- .../tests/yang_model_tests/tests/acl.json | 7 ++ .../yang_model_tests/tests_config/acl.json | 70 +++++++++++++++++++ .../yang-templates/sonic-acl.yang.j2 | 11 +++ 3 files changed, 88 insertions(+) diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json b/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json index da7258a0d8b..c044a3c0388 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests/acl.json @@ -38,6 +38,13 @@ "desc": "Configure non-existing ACL_TABLE in ACL_RULE.", "eStrKey" : "LeafRef" }, + "ACL_RULE_WITH_VALID_POLICER_ACTION": { + "desc": "Configure ACL_RULE with valid POLICER_ACTION." + }, + "ACL_RULE_WITH_INVALID_POLICER_ACTION": { + "desc": "Configure ACL_RULE with non-existing POLICER_ACTION.", + "eStrKey" : "LeafRef" + }, "ACL_RULE_IP_TYPE_SRC_IPV6ANY": { "desc": "Configure IP_TYPE as ipv6any and SRC_IPV6 in ACL_RULE." }, diff --git a/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json b/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json index fdd37304a82..ab629a0cb2e 100644 --- a/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json +++ b/src/sonic-yang-models/tests/yang_model_tests/tests_config/acl.json @@ -1545,6 +1545,76 @@ } } }, + "ACL_RULE_WITH_VALID_POLICER_ACTION": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "DATAACL", + "POLICER_ACTION": "test_policer", + "PRIORITY": 9999, + "RULE_NAME": "Rule_20", + "SRC_IP": "10.0.0.1/32" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "DATAACL", + "policy_desc": "DATAACL", + "ports": [ + "" + ], + "stage": "ingress", + "type": "L3" + } + ] + } + }, + "sonic-policer:sonic-policer": { + "sonic-policer:POLICER": { + "POLICER_LIST": [ + { + "name": "test_policer", + "meter_type": "packets", + "mode": "sr_tcm", + "cir": "5000", + "cbs": "5000", + "red_packet_action": "drop" + } + ] + } + } + }, + "ACL_RULE_WITH_INVALID_POLICER_ACTION": { + "sonic-acl:sonic-acl": { + "sonic-acl:ACL_RULE": { + "ACL_RULE_LIST": [ + { + "ACL_TABLE_NAME": "DATAACL", + "POLICER_ACTION": "non_existent_policer", + "PRIORITY": 9999, + "RULE_NAME": "Rule_20", + "SRC_IP": "10.0.0.1/32" + } + ] + }, + "sonic-acl:ACL_TABLE": { + "ACL_TABLE_LIST": [ + { + "ACL_TABLE_NAME": "DATAACL", + "policy_desc": "DATAACL", + "ports": [ + "" + ], + "stage": "ingress", + "type": "L3" + } + ] + } + } + }, "ACL_RULE_VALID_TCP_FLAGS": { "sonic-acl:sonic-acl": { "sonic-acl:ACL_RULE": { diff --git a/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 b/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 index a0f099447c6..66730d4d2b3 100644 --- a/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 +++ b/src/sonic-yang-models/yang-templates/sonic-acl.yang.j2 @@ -41,6 +41,10 @@ module sonic-acl { prefix sms; } + import sonic-policer { + prefix policer; + } + description "ACL YANG Module for SONiC OS"; revision 2019-07-01 { @@ -96,6 +100,13 @@ module sonic-acl { type yang:mac-address; } + leaf POLICER_ACTION { + description "Policer to apply to matching packets, referencing a POLICER entry"; + type leafref { + path "/policer:sonic-policer/policer:POLICER/policer:POLICER_LIST/policer:name"; + } + } + leaf IP_TYPE { description "IP type to match (IPv4, IPv6, ARP, etc.)"; type stypes:ip_type;