diff --git a/changelogs/fragments/ios_acls_replaced_state.yml b/changelogs/fragments/ios_acls_replaced_state.yml new file mode 100644 index 000000000..877042a69 --- /dev/null +++ b/changelogs/fragments/ios_acls_replaced_state.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - ios_acls - Fix replaced state to consider remarks and ace entries while comparing configuration. diff --git a/plugins/module_utils/network/ios/config/acls/acls.py b/plugins/module_utils/network/ios/config/acls/acls.py index 421725100..40c6c4062 100644 --- a/plugins/module_utils/network/ios/config/acls/acls.py +++ b/plugins/module_utils/network/ios/config/acls/acls.py @@ -221,7 +221,10 @@ def pop_remark(r_entry, afi): for k_wrems, wrems in rem_wentry.get("remarks").items(): if k_wrems not in rem_hentry.get("remarks", {}).keys(): self.addcmd( - {"remarks": wrems, "sequence": hentry.get("sequence", "")}, + { + "remarks": wrems, + "sequence": hentry.get("sequence", ""), + }, "remarks", ) else: @@ -247,8 +250,12 @@ def pop_remark(r_entry, afi): "remarks", negate=True, ) - else: # remove extra aces - self.addcmd(add_afi(hseq, afi), "aces", negate=True) + hseq.pop("remarks") + self.addcmd( + add_afi(hseq, afi), + "aces", + negate=True, + ) # deal with the rest of ace entry def sanitize_protocol_options(self, wace, hace): """handles protocol and protocol options as optional attribute""" @@ -291,7 +298,9 @@ def list_to_dict(self, param): temp_aces = {} if acl.get("aces"): rem_idx = 0 # remarks if defined in an ace - for count, ace in enumerate(acl.get("aces")): # each ace turned to dict + for count, ace in enumerate( + acl.get("aces"), + ): # each ace turned to dict if ( ace.get("destination") and ace.get("destination", {}).get( @@ -346,7 +355,12 @@ def list_to_dict(self, param): if acl.get("acl_type"): # update acl dict with req info temp_acls.update( - {acl.get("name"): {"aces": temp_aces, "acl_type": acl["acl_type"]}}, + { + acl.get("name"): { + "aces": temp_aces, + "acl_type": acl["acl_type"], + }, + }, ) else: # if no acl type then here eg: ipv6 temp_acls.update({acl.get("name"): {"aces": temp_aces}}) diff --git a/tests/unit/modules/network/ios/test_ios_acls.py b/tests/unit/modules/network/ios/test_ios_acls.py index 7f1cf97b5..5d8dc81c9 100644 --- a/tests/unit/modules/network/ios/test_ios_acls.py +++ b/tests/unit/modules/network/ios/test_ios_acls.py @@ -561,7 +561,6 @@ def test_ios_acls_merged_idempotent(self): ) result = self.execute_module(changed=False) self.assertEqual(sorted(result["commands"]), []) - # self.execute_module(changed=False, commands=[], sort=True) def test_ios_acls_replaced(self): self.execute_show_command.return_value = dedent( @@ -575,11 +574,23 @@ def test_ios_acls_replaced(self): ip access-list standard test_acl remark remark check 1 remark some random remark 2 + ip access-list standard testRobustReplace + 10 remark Remarks for 10 + 10 permit 192.168.1.0 0.0.0.255 + 20 remark Remarks for 20 + 20 permit 0.0.0.0 255.0.0.0 + 30 remark Remarks for 30 + 30 permit 172.16.0.0 0.15.255.255 + 40 remark Remarks for 40 + 40 permit 192.0.2.0 0.0.0.255 + 50 remark Remarks for 50 + 50 permit 198.51.100.0 0.0.0.255 """, ) self.execute_show_command_name.return_value = dedent( """\ Standard IP access list test_acl + Standard IP access list testRobustReplace """, ) set_module_args( @@ -613,6 +624,21 @@ def test_ios_acls_replaced(self): acl_type="standard", aces=[dict(remarks=["Another remark here"])], ), + dict( + name="testRobustReplace", + acl_type="standard", + aces=[ + dict( + sequence=10, + grant="permit", + remarks=["Remarks for 10"], + source=dict( + address="192.168.1.0", + wildcard_bits="0.0.0.255", + ), + ), + ], + ), ], ), ], @@ -627,6 +653,15 @@ def test_ios_acls_replaced(self): "no remark remark check 1", "no remark some random remark 2", "remark Another remark here", + "ip access-list standard testRobustReplace", + "no 20 remark Remarks for 20", + "no 20 permit 0.0.0.0 255.0.0.0", + "no 30 remark Remarks for 30", + "no 30 permit 172.16.0.0 0.15.255.255", + "no 40 remark Remarks for 40", + "no 40 permit 192.0.2.0 0.0.0.255", + "no 50 remark Remarks for 50", + "no 50 permit 198.51.100.0 0.0.0.255", ] self.assertEqual(sorted(result["commands"]), sorted(commands))