Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update acl_facts to render data correctly #519

Closed
wants to merge 0 commits into from
Closed

Update acl_facts to render data correctly #519

wants to merge 0 commits into from

Conversation

sean-m-sullivan
Copy link
Contributor

@sean-m-sullivan sean-m-sullivan commented Oct 23, 2024
edited by Ruchip16
Loading

SUMMARY

Resource module cisco.iosxr.iosxr_acls returned facts are not rendered accurately for some acl entries.
ansible_facts returned included the acl matches on an entry as well, instead of just the entry parameters. Issue seems to be in: https://github.com/ansible-collections/cisco.iosxr/blob/main/plugins/module_utils/network/iosxr/facts/acls/acls.py
Tested on Ansible 2.15.8. When applying the data from facts to a host device, it errors on the device with the following error message:
TASK [Configure ACLs] **************************************************************
{
"module_stdout": "",
"module_stderr": "60 deny ipv4 10.0.0.0 0.255.255.255 any (1 match)\r\n\r ^\r\n% Invalid input detected at '^' marker.\r\nRP/0/RP0/CPU0:BRCELG51(config-ipv4-acl)#",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"_ansible_no_log": false,
"changed": false
}

Fixes: ANA-525

ISSUE TYPE
  • Bug Report
COMPONENT NAME

cisco.iosxr.iosxr_acls

ANSIBLE VERSION
(ansible215) [achada2@YETI_RHEL8 yeti-modular-network-services]$ ansible --version
ansible [core 2.15.8]
  config file = /home/achada2/.ansible.cfg
  configured module search path = ['/home/achada2/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/achada2/ansible215/lib64/python3.9/site-packages/ansible
  ansible collection location = /home/achada2/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/achada2/ansible215/bin/ansible
  python version = 3.9.6 (default, Aug 11 2021, 06:39:25) [GCC 8.5.0 [20210514](https://access.redhat.com/support/cases/#/case/20210514) (Red Hat 8.5.0-3)] (/home/achada2/ansible215/bin/python3.9)
  jinja version = 3.1.3
  libyaml = True
COLLECTION VERSION
(RHEL8 ~]$ ansible-galaxy collection list cisco.iosxr

Collection Version
---------- -------
cisco.iosxr 10.0.0
CONFIGURATION
(ansible215) [achada2@YETI_RHEL8 yeti-modular-network-services]$ ansible-config dump --only-changed
CONFIG_FILE() = /home/achada2/.ansible.cfg
DEFAULT_EXECUTABLE(/home/achada2/.ansible.cfg) = /bin/bash
DEFAULT_JINJA2_EXTENSIONS(/home/achada2/.ansible.cfg) = jinja2.ext.do,jinja2.ext.i18n
DEFAULT_LOCAL_TMP(/home/achada2/.ansible.cfg) = /home/achada2/.ansible/tmp/ansible-local-3006926jdl1qqar
DEFAULT_LOG_PATH(/home/achada2/.ansible.cfg) = /home/achada2/.ansible/log
DEFAULT_REMOTE_PORT(/home/achada2/.ansible.cfg) = 22
DEFAULT_STDOUT_CALLBACK(/home/achada2/.ansible.cfg) = skippy
DEFAULT_TIMEOUT(/home/achada2/.ansible.cfg) = 1800
DEFAULT_TRANSPORT(/home/achada2/.ansible.cfg) = smart
DEPRECATION_WARNINGS(/home/achada2/.ansible.cfg) = False
DISPLAY_SKIPPED_HOSTS(/home/achada2/.ansible.cfg) = True
GALAXY_IGNORE_CERTS(/home/achada2/.ansible.cfg) = True
GALAXY_SERVER_LIST(/home/achada2/.ansible.cfg) = ['published_repo', 'rh-certified_repo', 'release_galaxy', 'community_repo']
HOST_KEY_CHECKING(/home/achada2/.ansible.cfg) = False
PARAMIKO_HOST_KEY_AUTO_ADD(/home/achada2/.ansible.cfg) = True
PERSISTENT_COMMAND_TIMEOUT(/home/achada2/.ansible.cfg) = 1800
PERSISTENT_CONNECT_TIMEOUT(/home/achada2/.ansible.cfg) = 120
RETRY_FILES_ENABLED(/home/achada2/.ansible.cfg) = False
SYSTEM_WARNINGS(/home/achada2/.ansible.cfg) = False
OS / ENVIRONMENT

cisco IOSXR MODEL: cisco 8201-32FH
"ansible_net_system": "iosxr",
"ansible_net_model": "8000 Series",
"ansible_net_version": "7.7.2 LNT",

yeti_network_services:

  • configs:
    • acls:
      • acls:
        • name: INTERNET-IN
          aces:
          • sequence: 407
            state: append
            grant: permit
            protocol: ip
            source:
            any: true
            destination:
            prefix: x.x.x.x/y
            state: replaced
  • name: Configure acls configurations
    cisco.iosxr.iosxr_acls:
    config: "{{ network_service_config['acls'] }}"
    state: "{{ network_service_config['state'] }}"
    register: acls_config

<!--- HINT: You can paste gist.github.com links for larger files -->

##### EXPECTED RESULTS

"acls": [
    {
      "afi": "ipv4",
      "acls": [
        {
          "name": "INTERNET-IN",
          "aces": [
            {
              "destination": {
                "any": true
              },
              "grant": "deny",
              "protocol": "ipv4",
              "sequence": 10,
              "source": {
                "host": "x.x.x.x"
              }
            },
            {
              "remark": "DENY MARTIANS",
              "sequence": 40
            },
            {
              "destination": {
                "any": true
              },
              "grant": "deny",
              "protocol": "ipv4",
              "sequence": 50,
              "source": {
                "address": "0.0.0.0",
                "wildcard_bits": "0.255.255.255"
              }
            },
            {
              "line": "deny ipv4 10.0.0.0 0.255.255.255 any",
              "sequence": 60
            }
          ]
        }

##### ACTUAL RESULTS
<!--- Describe what actually happened. If possible run with extra
verbosity (-vvvv) -->
"acls": [
    {
      "afi": "ipv4",
      "acls": [
        {
          "name": "INTERNET-IN",
          "aces": [
            {
              "destination": {
                "any": true
              },
              "grant": "deny",
              "protocol": "ipv4",
              "sequence": 10,
              "source": {
                "host": "x.x.x.x"
              }
            },
            {
              "remark": "DENY MARTIANS",
              "sequence": 40
            },
            {
              "destination": {
                "any": true
              },
              "grant": "deny",
              "protocol": "ipv4",
              "sequence": 50,
              "source": {
                "address": "0.0.0.0",
                "wildcard_bits": "0.255.255.255"
              }
            },
            {
              "line": "deny ipv4 10.0.0.0 0.255.255.255 any (1 match)",
              "sequence": 60
            }
          ]
        }
<!--- Paste verbatim command output between quotes -->
```paste below
module errors out trying to convert ftp-data to int()

{
  "module_stdout": "",
  "module_stderr": "60 deny ipv4 10.0.0.0 0.255.255.255 any (1 match)\r\n\r                                                                                ^\r\n% Invalid input detected at '^' marker.\r\nRP/0/RP0/CPU0:BRCELG51(config-ipv4-acl)#",
  "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
  "_ansible_no_log": false,
  "changed": false
}

closed in : #521

@Ruchip16 Ruchip16 changed the title update acl facts to reder better Update acl facts to render data correctly Oct 24, 2024
@Ruchip16 Ruchip16 changed the title Update acl facts to render data correctly Update acl_facts to render data correctly Oct 24, 2024
@Ruchip16 Ruchip16 self-requested a review October 24, 2024 06:28
@Ruchip16 Ruchip16 closed this Oct 25, 2024
@Ruchip16
Copy link
Contributor

closing this due to push permission issue, opened a new one: #521 in favor of this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ruchip16 Ruchip16 Awaiting requested review from Ruchip16

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sean-m-sullivan @Ruchip16