From 8f1d035c01dee356955e7c562883a0e0142700ca Mon Sep 17 00:00:00 2001
From: byu343 <byu@arista.com>
Date: Mon, 15 Nov 2021 17:41:08 -0800
Subject: [PATCH] [macsecmgr]: Wait for port up before enabling macsec (#2032)

What I did
Change the prerequisite of enabling macsec to port up

Why I did it
The macsec-related API calls have to be executed after the API calls for gearbox port setup have been done. For that reason, before this change, enabling macsec through config_db.json after reboot cannot succeed. To fix it by this change, the API calls for enabling macsec are executed only after the port is up.

How I verified it

Details if related
---
 cfgmgr/macsecmgr.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cfgmgr/macsecmgr.cpp b/cfgmgr/macsecmgr.cpp
index bcd693d427..39cf9eae02 100644
--- a/cfgmgr/macsecmgr.cpp
+++ b/cfgmgr/macsecmgr.cpp
@@ -547,10 +547,13 @@ bool MACsecMgr::isPortStateOk(const std::string & port_name)
 
     std::vector<FieldValueTuple> temp;
     std::string state;
+    std::string oper_status;
 
     if (m_statePortTable.get(port_name, temp)
         && get_value(temp, "state", state)
-        && state == "ok")
+        && state == "ok"
+        && get_value(temp, "netdev_oper_status", oper_status)
+        && oper_status == "up")
     {
         SWSS_LOG_DEBUG("Port '%s' is ready", port_name.c_str());
         return true;