From ace08ac0526b6d0b0503d1016a0168eec235dc65 Mon Sep 17 00:00:00 2001
From: Pim van Pelt <pim@ipng.nl>
Date: Mon, 16 Jan 2023 19:07:04 +0000
Subject: [PATCH] Refuse to work with ACLs if there are duplicate tags -- it
 means something/somebody has been inserting them outside of vppcfg, and this
 breaks the requirement that vppcfg.acls. is the same uniquely identified
 vpp.acl.tag

---
 vppcfg/vpp/vppapi.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/vppcfg/vpp/vppapi.py b/vppcfg/vpp/vppapi.py
index 3071841..4b11a0e 100644
--- a/vppcfg/vpp/vppapi.py
+++ b/vppcfg/vpp/vppapi.py
@@ -127,6 +127,7 @@ class VPPApi:
             "l2xcs": {},
             "taps": {},
             "acls": {},
+            "acl_tags": {},
         }
         return True
 
@@ -355,6 +356,12 @@ class VPPApi:
         api_response = self.vpp.api.acl_dump(acl_index=0xFFFFFFFF)
         for acl in api_response:
             self.cache["acls"][acl.acl_index] = acl
+            if acl.tag in self.cache["acl_tags"]:
+                self.logger.error(
+                    f"Duplicate ACL tag '{acl.tag}' found - cannot safely preoceed, bailing"
+                )
+                return False
+            self.cache["acl_tags"][acl.tag] = acl.acl_index
 
         self.logger.debug("Retrieving interface ACLs")
         api_response = self.vpp.api.acl_interface_list_dump()