diff --git a/plugins/module_utils/network/iosxr/argspec/acls/acls.py b/plugins/module_utils/network/iosxr/argspec/acls/acls.py index e8cb5f9cb..0a5ceef27 100644 --- a/plugins/module_utils/network/iosxr/argspec/acls/acls.py +++ b/plugins/module_utils/network/iosxr/argspec/acls/acls.py @@ -60,7 +60,6 @@ def __init__(self, **kwargs): "host", "prefix", "net_group", - "port_group", ], [ "wildcard_bits", @@ -68,13 +67,11 @@ def __init__(self, **kwargs): "host", "prefix", "net_group", - "port_group", ], ], "options": { "host": {"type": "str"}, "net_group": {"type": "str"}, - "port_group": {"type": "str"}, "address": {"type": "str"}, "any": {"type": "bool"}, "prefix": {"type": "str"}, @@ -85,6 +82,7 @@ def __init__(self, **kwargs): "gt", "lt", "neq", + "port_group", "range", ], ], @@ -93,6 +91,7 @@ def __init__(self, **kwargs): "gt": {"type": "str"}, "lt": {"type": "str"}, "neq": {"type": "str"}, + "port_group": {"type": "str"}, "range": { "options": { "end": {"type": "str"}, @@ -456,7 +455,6 @@ def __init__(self, **kwargs): "host", "prefix", "net_group", - "port_group", ], [ "wildcard_bits", @@ -464,13 +462,11 @@ def __init__(self, **kwargs): "host", "prefix", "net_group", - "port_group", ], ], "options": { "host": {"type": "str"}, "net_group": {"type": "str"}, - "port_group": {"type": "str"}, "address": {"type": "str"}, "any": {"type": "bool"}, "prefix": {"type": "str"}, @@ -481,6 +477,7 @@ def __init__(self, **kwargs): "gt", "lt", "neq", + "port_group", "range", ], ], @@ -489,6 +486,7 @@ def __init__(self, **kwargs): "gt": {"type": "str"}, "lt": {"type": "str"}, "neq": {"type": "str"}, + "port_group": {"type": "str"}, "range": { "options": { "end": {"type": "str"}, diff --git a/plugins/module_utils/network/iosxr/config/acls/acls.py b/plugins/module_utils/network/iosxr/config/acls/acls.py index dfb6e4cf5..ee4836ffc 100644 --- a/plugins/module_utils/network/iosxr/config/acls/acls.py +++ b/plugins/module_utils/network/iosxr/config/acls/acls.py @@ -374,8 +374,6 @@ def _compute_src_dest(dir_dict): cmd += "host {0} ".format(dir_dict["host"]) elif "net_group" in dir_dict: cmd += "net-group {0} ".format(dir_dict["net_group"]) - elif "port_group" in dir_dict: - cmd += "port-group {0} ".format(dir_dict["port_group"]) elif "prefix" in dir_dict: cmd += "{0} ".format(dir_dict["prefix"]) else: @@ -386,11 +384,15 @@ def _compute_src_dest(dir_dict): if "port_protocol" in dir_dict: protocol_range = dir_dict["port_protocol"].get("range") + port_group = dir_dict["port_protocol"].get("port_group") if protocol_range: cmd += "range {0} {1} ".format( protocol_range["start"], protocol_range["end"], ) + elif port_group: + for key, value in iteritems(dir_dict["port_protocol"]): + cmd += "port-group {1} ".format(key, value) else: for key, value in iteritems(dir_dict["port_protocol"]): cmd += "{0} {1} ".format(key, value) diff --git a/tests/unit/modules/network/iosxr/test_iosxr_acls.py b/tests/unit/modules/network/iosxr/test_iosxr_acls.py index d301bda7b..353867421 100644 --- a/tests/unit/modules/network/iosxr/test_iosxr_acls.py +++ b/tests/unit/modules/network/iosxr/test_iosxr_acls.py @@ -101,7 +101,22 @@ def test_iosxr_acls_merged(self): wildcard_bits="0.0.255.255", ), destination=dict( - port_group="portgroup1", + prefix="192.168.0.0/24", + ), + ), + dict( + sequence="60", + grant="deny", + protocol="ipv4", + source=dict( + address="10.233.0.0", + wildcard_bits="0.0.255.255", + ), + destination=dict( + host="1.1.1.1", + port_protocol=dict( + port_group="portgroup1", + ), ), ), ], @@ -116,7 +131,8 @@ def test_iosxr_acls_merged(self): "ipv4 access-list acl_1", "30 permit ospf 192.168.1.0 0.0.0.255 any log", "40 deny ipv4 10.233.0.0 0.0.255.255 net-group netgroup1", - "50 deny ipv4 10.233.0.0 0.0.255.255 port-group portgroup1", + "50 deny ipv4 10.233.0.0 0.0.255.255 192.168.0.0 0.0.0.255", + "60 deny ipv4 10.233.0.0 0.0.255.255 net-group netgroup1 port-group portgroup1", ] self.execute_module(changed=True, commands=commands) @@ -188,7 +204,10 @@ def test_iosxr_acls_replaced(self): wildcard_bits="0.0.255.255", ), destination=dict( - port_group="portgroup1", + host="1.1.1.1", + port_protocol=dict( + port_group="portgroup1", + ), ), ), ], @@ -205,7 +224,7 @@ def test_iosxr_acls_replaced(self): "no 20", "30 permit ospf 10.0.0.0 0.255.255.255 any log", "40 deny ipv4 10.233.0.0 0.0.255.255 net-group netgroup1", - "50 deny ipv4 10.233.0.0 0.0.255.255 port-group portgroup1", + "50 deny ipv4 10.233.0.0 0.0.255.255 host 1.1.1.1 port-group portgroup1", ] self.execute_module(changed=True, commands=commands) @@ -284,7 +303,10 @@ def test_iosxr_acls_overridden(self): wildcard_bits="0.0.255.255", ), destination=dict( - port_group="portgroup1", + host="1.1.1.1", + port_protocol=dict( + port_group="portgroup1", + ), ), ), ], @@ -303,7 +325,7 @@ def test_iosxr_acls_overridden(self): "no 20", "40 permit ospf any any log", "50 deny ipv4 10.233.0.0 0.0.255.255 net-group netgroup1", - "60 deny ipv4 10.233.0.0 0.0.255.255 port-group portgroup1", + "60 deny ipv4 10.233.0.0 0.0.255.255 host 1.1.1.1 port-group portgroup1", ] self.execute_module(changed=True, commands=commands) @@ -339,7 +361,7 @@ def test_iosxr_acls_overridden_idempotent(self): wildcard_bits="0.0.255.255", ), destination=dict( - port_group="portgroup1", + any="true", ), ), ],