DASH: configuration reordering leads to incorrect ACL configuration

[Yakiv-Huryk]

When we send a DASH config to a gnmi server, the order in which the configuration arrives to the orchagent is not defined. This is an issue for ACL configuration, for example:

1. DASH_ACL_GROUP_TABLE:eni0 - create an ACL group
2. DASH_ACL_RULE_TABLE:eni0:rule0 – create a rule
3. DASH_ACL_OUT_TABLE:eni0:1 – bind a group to ENI

This can get reordered so the bind(3) happens before rule creation(2), which is not allowed according to the requirements: User can add/remove rules in a group as long as it is not currently bound to an ENI

Example of reordering:

DASH ACL config

[
    {
        "DASH_ACL_GROUP_TABLE:eni0g": {
            "ip_version": "ipv4",
            "guid": "3bf2464e-0282-434f-a943-e6e033a945ab"
        },
        "OP": "SET"
    },
    {
        "DASH_ACL_RULE_TABLE:eni0g:rule0": {
            "priority": 0,
            "action": "allow",
            "terminating": "true",
            "src_addr": "33.33.33.1/32",
            "dst_addr": "33.33.33.2/32",
            "src_port": "0-65535",
            "dst_port": "33"
        },
        "OP": "SET"
    },
    {
        "DASH_ACL_OUT_TABLE:eni0:1": {
            "acl_group_id": "eni0g"
        },
        "OP": "SET"
    }
]

swss.rec

2024-03-05.14:29:49.524614|DASH_ACL_RULE_TABLE:eni0g:rule0|SET|pb:*
2!!
:!!
2024-03-05.14:29:49.524953|DASH_ACL_OUT_TABLE:eni0:1|SET|pb:
        eni0g
2024-03-05.14:29:49.544711|DASH_ACL_GROUP_TABLE:eni0g|SET|pb:
X̧Wr