Skip to content

Commit

Permalink
[nxos_acls] Fix parsing of aces with range (#816)
Browse files Browse the repository at this point in the history 
* fix ace with range

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* comment addressed

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
  • Loading branch information
@KB-perByte @pre-commit-ci
KB-perByte and pre-commit-ci[bot] authored Feb 14, 2024
1 parent 90a5352 commit 1e5f253
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 13 deletions.
3 changes: 3 additions & 0 deletions changelogs/fragments/acls_gather_fix.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
bugfixes:
- nxos_acls - Fix parsing of ace entries with range in it. (https://github.com/ansible-collections/cisco.nxos/issues/788)
11 changes: 6 additions & 5 deletions plugins/module_utils/network/nxos/facts/acls/acls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,11 +119,12 @@ def get_endpoint(self, ace, pro):
keywords = ["eq", "lt", "gt", "neq", "range"]
if len(ace.split()) and ace.split()[0] in keywords:
port_protocol = {}
port_pro = re.search(r"(eq|lt|gt|neq) (\S+)", ace)
if port_pro:
port_protocol.update({port_pro.group(1): port_pro.group(2)})
ace = re.sub(port_pro.group(1), "", ace, 1)
ace = re.sub(port_pro.group(2), "", ace, 1)
if "range" not in ace.split()[0]:
port_pro = re.search(r"(eq|lt|gt|neq) (\S+)", ace)
if port_pro:
port_protocol.update({port_pro.group(1): port_pro.group(2)})
ace = re.sub(port_pro.group(1), "", ace, 1)
ace = re.sub(port_pro.group(2), "", ace, 1)
else:
limit = re.search(r"range\s(?P<rstart>\S+)\s(?P<rend>\S+)", ace)
if limit:
Expand Down
46 changes: 38 additions & 8 deletions tests/unit/modules/network/nxos/test_nxos_acls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -475,46 +475,76 @@ def test_nxos_acls_parsed(self):
self.assertEqual(result["parsed"], compare_list, result["parsed"])

def test_nxos_acls_gathered(self):
self.execute_show_command.return_value = dedent(
"""\
ip access-list ACL1v4
10 permit ip any any
20 deny udp any any
ip access-list ComplicatedAcl
10 permit tcp any range 1024 65500 192.168.0.0 0.0.0.255 eq 1700
ipv6 access-list ACL1v6
10 permit sctp any any
""",
)
set_module_args(dict(config=[], state="gathered"))
result = self.execute_module(changed=False)
compare_list = [
{
"acls": [
{
"name": "ACL1v6",
"aces": [
{
"destination": {"any": True},
"sequence": 10,
"grant": "permit",
"protocol": "sctp",
"source": {"any": True},
"grant": "permit",
"destination": {"any": True},
},
],
"name": "ACL1v6",
},
],
"afi": "ipv6",
},
{
"acls": [
{
"name": "ACL1v4",
"aces": [
{
"destination": {"any": True},
"sequence": 10,
"grant": "permit",
"protocol": "ip",
"source": {"any": True},
"grant": "permit",
"destination": {"any": True},
},
{
"destination": {"any": True},
"sequence": 20,
"grant": "deny",
"protocol": "udp",
"source": {"any": True},
"grant": "deny",
"destination": {"any": True},
},
],
},
{
"name": "ComplicatedAcl",
"aces": [
{
"sequence": 10,
"grant": "permit",
"protocol": "tcp",
"source": {
"any": True,
"port_protocol": {"range": {"start": "1024", "end": "65500"}},
},
"destination": {
"address": "192.168.0.0",
"wildcard_bits": "0.0.0.255",
"port_protocol": {"eq": "1700"},
},
},
],
"name": "ACL1v4",
},
],
"afi": "ipv4",
Expand Down

0 comments on commit 1e5f253

Please sign in to comment.