ACLs applied on multiple endpoints of a device are not removed by deleting the ACL

Reporters

• Shayan Hajipour

Description

When multiple endpoints of a device are assigned to an ACL, like the following:

• /device[r2]/endpoint[Ethernet1]/acl_ruleset[33ac7493-e195-4ae0-b965-0c071fcd98af]
• /device[r2]/endpoint[Ethernet10]/acl_ruleset[33ac7493-e195-4ae0-b965-0c071fcd98af]

By removing ACL 33ac7493-e195-4ae0-b965-0c071fcd98af] on device r2, only one of the config rules is removed.

Sequence of actions that resulted in the bug

• create ACL on device r2 with uuid 33ac7493-e195-4ae0-b965-0c071fcd98af and associate it to Ethernet1 endpoint
• create ACL on device r2 with uuid 33ac7493-e195-4ae0-b965-0c071fcd98af and associate it to Ethernet10 endpoint
• Delete the ACL 33ac7493-e195-4ae0-b965-0c071fcd98af] using NBI
• One ACL remains

Expected behaviour

• It is expected that all ACL config rules with uuid 33ac7493-e195-4ae0-b965-0c071fcd98af of the device should be removed when the ACL is removed from the NBI.

Acknowledgements

This work is funded by the European Commission through the HORIZON-JU-SNS-2022 ACROSS project with Grant Agreement number 101097122.