From 2001633f215abadc98fbf91b59e36acd623e6424 Mon Sep 17 00:00:00 2001 From: Sagar Paul Date: Fri, 22 Sep 2023 13:49:02 +0530 Subject: [PATCH] [acls] fixes aces rendering, overridden and replaced state operations. (#929) * acls fixes * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * check tests * fix parsed * fix action state bug * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * remove extra test * add tests * fix ansible-lint * add a changelog * format test * fix lint * lint fix lint * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * lgtm * remove comments * fix range as port_protocol issue * bump ansible version * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * the requires_ansible version * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * fix sanity --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .ansible-lint | 5 ++ .github/workflows/lint.yml | 12 ++++ .github/workflows/tests.yml | 4 -- README.md | 2 +- changelogs/fragments/ios_acls_fix.yaml | 6 ++ docs/cisco.ios.ios_command_module.rst | 2 +- meta/runtime.yml | 2 +- .../network/ios/config/acls/acls.py | 13 ++++- .../network/ios/rm_templates/acls.py | 55 +++++++++++-------- plugins/modules/ios_command.py | 2 +- tests/sanity/ignore-2.17.txt | 1 + .../unit/modules/network/ios/test_ios_acls.py | 45 +++++++++++---- 12 files changed, 105 insertions(+), 44 deletions(-) create mode 100644 .ansible-lint create mode 100644 .github/workflows/lint.yml create mode 100644 changelogs/fragments/ios_acls_fix.yaml create mode 100644 tests/sanity/ignore-2.17.txt diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 000000000..8d9bb70b8 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,5 @@ +--- +profile: production + +exclude_paths: + - changelogs/changelog.yaml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 000000000..853e4b69c --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,12 @@ +--- +name: ansible-lint +on: # yamllint disable-line rule:truthy + pull_request: + branches: ["main"] +jobs: + build: + name: Ansible Lint + runs-on: ubuntu-latest + steps: + - name: Run ansible-lint + uses: ansible/ansible-lint@main diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 810680051..0fb4cc0cf 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -14,8 +14,6 @@ on: # yamllint disable-line rule:truthy jobs: - ansible-lint: - uses: ansible-network/github_actions/.github/workflows/ansible-lint.yml@main changelog: uses: ansible-network/github_actions/.github/workflows/changelog.yml@main if: github.event_name != 'schedule' @@ -32,7 +30,6 @@ jobs: all_green: if: ${{ always() && (github.event_name != 'schedule') }} needs: - - ansible-lint - changelog - sanity - unit-galaxy @@ -42,7 +39,6 @@ jobs: - run: >- python -c "assert 'failure' not in set([ - '${{ needs.ansible-lint.result }}', '${{ needs.changelog.result }}', '${{ needs.sanity.result }}', '${{ needs.unit-galaxy.result }}', diff --git a/README.md b/README.md index 18c333bd9..ac061831b 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ This collection has been tested against Cisco IOS XE Version 17.3 on CML. ## Ansible version compatibility -This collection has been tested against following Ansible versions: **>=2.9.10**. +This collection has been tested against following Ansible versions: **>=2.13.11**. For collections that support Ansible 2.9, please ensure you update your `network_os` to use the fully qualified collection name (for example, `cisco.ios.ios`). diff --git a/changelogs/fragments/ios_acls_fix.yaml b/changelogs/fragments/ios_acls_fix.yaml new file mode 100644 index 000000000..112c0347e --- /dev/null +++ b/changelogs/fragments/ios_acls_fix.yaml @@ -0,0 +1,6 @@ +--- +doc_changes: + - "ios_command - Fix formatting of examples." +bugfixes: + - "ios_acls - Fix standard acls rendering." + - "ios_acls - Fix protocol_options rendering corrects processing of overridden/ replaced state." diff --git a/docs/cisco.ios.ios_command_module.rst b/docs/cisco.ios.ios_command_module.rst index 305641a9a..51437902e 100644 --- a/docs/cisco.ios.ios_command_module.rst +++ b/docs/cisco.ios.ios_command_module.rst @@ -141,7 +141,7 @@ Examples - name: Run show version on remote devices cisco.ios.ios_command: - commands: show version' + commands: show version # output- diff --git a/meta/runtime.yml b/meta/runtime.yml index 55584b22f..14d31cd1c 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -206,4 +206,4 @@ plugin_routing: redirect: cisco.ios.ios_vlans vrf: redirect: cisco.ios.ios_vrf -requires_ansible: ">=2.9.10" +requires_ansible: ">=2.13.11" diff --git a/plugins/module_utils/network/ios/config/acls/acls.py b/plugins/module_utils/network/ios/config/acls/acls.py index 9d29555cc..c40157c28 100644 --- a/plugins/module_utils/network/ios/config/acls/acls.py +++ b/plugins/module_utils/network/ios/config/acls/acls.py @@ -192,6 +192,7 @@ def sanitize_protocol_options(self, wace, hace): list(wace.get("protocol_options"))[0] == hace.get("protocol") ): hace.pop("protocol") + hace["protocol_options"] = wace.get("protocol_options") return hace def acl_name_cmd(self, name, afi, acl_type): @@ -226,9 +227,15 @@ def list_to_dict(self, param): if acl.get("aces"): temp_rem = [] # remarks if defined in an ace for ace in acl.get("aces"): # each ace turned to dict - if ace.get("destination") and ace.get("destination", {}).get( - "port_protocol", - {}, + if ( + ace.get("destination") + and ace.get("destination", {}).get( + "port_protocol", + {}, + ) + and not ace.get("destination", {}) + .get("port_protocol", {}) + .get("range") ): for k, v in ( ace.get("destination", {}).get("port_protocol", {}).items() diff --git a/plugins/module_utils/network/ios/rm_templates/acls.py b/plugins/module_utils/network/ios/rm_templates/acls.py index 164c93caf..a67b53d0b 100644 --- a/plugins/module_utils/network/ios/rm_templates/acls.py +++ b/plugins/module_utils/network/ios/rm_templates/acls.py @@ -149,7 +149,7 @@ def __init__(self, lines=None): r"""^(ip|ipv6) (\s(access-list)) (\s(standard|extended)) - (\s(?P\S+))? + (\s(?P\S+)) $""", re.VERBOSE, ), @@ -159,13 +159,12 @@ def __init__(self, lines=None): "shared": True, }, { - "name": "_mac_acls_name", # + "name": "_mac_acls_name", # mac acls to be removed "getval": re.compile( - r"""^(?PStandard|Extended|Reflexive)* - \s*(?PMAC)* - \s*access - \s*list* - \s*(?P.+)* + r"""^(?PStandard|Extended|Reflexive) + (\s(?PMAC)) + (\saccess\slist) + (\s(?P.+)) $""", re.VERBOSE, ), @@ -204,8 +203,8 @@ def __init__(self, lines=None): "name": "remarks_type_linear", "getval": re.compile( r"""^(access-list) - (\s(?P\S+))? - (\sremark\s(?P.+))? + (\s(?P\S+)) + (\sremark\s(?P.+)) $""", re.VERBOSE, ), @@ -224,7 +223,7 @@ def __init__(self, lines=None): "getval": re.compile( r"""\s*(?P\d+)* \s(?Pdeny|permit)? - (\s+(?P
(?!ahp|eigrp|esp|gre|icmp|igmp|ipv6|ipinip|ip|nos|object-group|ospf|pcp|pim|sctp|tcp|udp)\S+|\S+,))? + (\s+(?P
(?!ahp|any|eigrp|esp|gre|icmp|igmp|ipv6|ipinip|ip|nos|object-group|ospf|pcp|pim|sctp|tcp|udp)\S+|\S+,))? (\s*(?Pany))? (\swildcard\sbits\s(?P\S+))? (\shost\s(?P\S+))? @@ -266,19 +265,27 @@ def __init__(self, lines=None): (\sobject-group\s(?P\S+))| (\shost\s(?P\S+))| (\s(?P(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\s\S+)))? - (\s(?P(eq|gts|gt|lt|neq)\s(\S+|\d+)))? + (\seq\s(?P(\S+|\d+)))? + (\sgt\s(?P(\S+|\d+)))? + (\slt\s(?P(\S+|\d+)))? + (\sneq\s(?P(\S+|\d+)))? (\srange\s(?P\d+)\s(?P\d+))? (\s(?Pany))? (\sobject-group\s(?P\S+))? (\shost\s(?P\S+))? (\s(?P(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})\s\S+))? - (\s(?P(eq|gts|lt|neq)\s(\S+|\d+)))? + (\seq\s(?P(\S+|\d+)))? + (\sgt\s(?P(\S+|\d+)))? + (\slt\s(?P(\S+|\d+)))? + (\sneq\s(?P(\S+|\d+)))? (\srange\s(?P\d+)\s(?P\d+))? (\s(?Padministratively-prohibited|alternate-address|conversion-error|dod-host-prohibited|dod-net-prohibited|echo-reply|echo|general-parameter-problem|host-isolated|host-precedence-unreachable|host-redirect|host-tos-redirect|host-tos-unreachable|host-unknown|host-unreachable|information-reply|information-request|mask-reply|mask-request|mobile-redirect|net-redirect|net-tos-redirect|net-tos-unreachable|net-unreachable|network-unknown|no-room-for-option|option-missing|packet-too-big|parameter-problem|port-unreachable|precedence-unreachable|protocol-unreachable|reassembly-timeout|redirect|router-advertisement|router-solicitation|source-quench|source-route-failed|time-exceeded|timestamp-reply|timestamp-request|traceroute|ttl-exceeded|unreachable|dvmrp|host-query|mtrace-resp|mtrace-route|pim|trace|v1host-report|v2host-report|v2leave-group|v3host-report|ack|established|fin|psh|rst|syn|urg))? (\sdscp\s(?P\S+))? (\s(?Pfragments))? - (\s(?Plog-input\s\(tag\s=\s\S+\)|log-input))? - (\s(?Plog\s\(tag\s=\s\S+\)|log))? + (\slog-input\s\(tag\s=\s(?P\S+\)|log-input))? + (\s(?Plog-input))? + (\slog\s\(tag\s=\s(?P\S+\)|log))? + (\s(?Plog))? (\soption\s(?P