Merge branch 'main' into gh_integration

ansible-collections · Feb 16, 2024 · 8674207 · 8674207
2 parents c1e2782 + fdbfe11
commit 8674207
Show file tree

Hide file tree

Showing 6 changed files with 65 additions and 16 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -5,6 +5,14 @@ Cisco Nxos Collection Release Notes
 .. contents:: Topics
 
 
+v6.0.3
+======
+
+Bugfixes
+--------
+
+- nxos_acls - Fix parsing of ace entries with range in it. (https://github.com/ansible-collections/cisco.nxos/issues/788)
+
 v6.0.2
 ======
 

diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
@@ -1055,3 +1055,10 @@ releases:
     fragments:
       - fix_749.yaml
     release_date: "2024-02-06"
+  6.0.3:
+    changes:
+      bugfixes:
+        - nxos_acls - Fix parsing of ace entries with range in it. (https://github.com/ansible-collections/cisco.nxos/issues/788)
+    fragments:
+      - acls_gather_fix.yml
+    release_date: "2024-02-14"
diff --git a/galaxy.yml b/galaxy.yml
@@ -10,4 +10,4 @@ readme: README.md
 repository: https://github.com/ansible-collections/cisco.nxos
 issues: https://github.com/ansible-collections/cisco.nxos/issues
 tags: [cisco, nxos, networking, nxapi, netconf]
-version: 6.0.2
+version: 6.0.3
diff --git a/platform_guide.rst b/platform_guide.rst
@@ -37,8 +37,6 @@ Connections available
     ====================  ==========================================  =========================
 
 
-The ``ansible_connection: local`` has been deprecated. Please use ``ansible_connection: ansible.netcommon.network_cli`` or ``ansible_connection: ansible.netcommon.httpapi`` instead.
-
 Using CLI in Ansible
 ====================
 
@@ -61,6 +59,11 @@ Example CLI ``group_vars/nxos.yml``
 - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration.
 - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords through environment variables.
 
+Note
+-----
+
+When using ``ansible_connection: ansible.netcommon.network_cli``, the ``ansible_user`` must have permissions to execute the ``terminal length 0`` and ``terminal width 511`` commands on the target device.
+
 Example CLI task
 ----------------
 

diff --git a/plugins/module_utils/network/nxos/facts/acls/acls.py b/plugins/module_utils/network/nxos/facts/acls/acls.py
@@ -119,11 +119,12 @@ def get_endpoint(self, ace, pro):
             keywords = ["eq", "lt", "gt", "neq", "range"]
             if len(ace.split()) and ace.split()[0] in keywords:
                 port_protocol = {}
-                port_pro = re.search(r"(eq|lt|gt|neq) (\S+)", ace)
-                if port_pro:
-                    port_protocol.update({port_pro.group(1): port_pro.group(2)})
-                    ace = re.sub(port_pro.group(1), "", ace, 1)
-                    ace = re.sub(port_pro.group(2), "", ace, 1)
+                if "range" not in ace.split()[0]:
+                    port_pro = re.search(r"(eq|lt|gt|neq) (\S+)", ace)
+                    if port_pro:
+                        port_protocol.update({port_pro.group(1): port_pro.group(2)})
+                        ace = re.sub(port_pro.group(1), "", ace, 1)
+                        ace = re.sub(port_pro.group(2), "", ace, 1)
                 else:
                     limit = re.search(r"range\s(?P<rstart>\S+)\s(?P<rend>\S+)", ace)
                     if limit:

diff --git a/tests/unit/modules/network/nxos/test_nxos_acls.py b/tests/unit/modules/network/nxos/test_nxos_acls.py
@@ -475,46 +475,76 @@ def test_nxos_acls_parsed(self):
         self.assertEqual(result["parsed"], compare_list, result["parsed"])
 
     def test_nxos_acls_gathered(self):
+        self.execute_show_command.return_value = dedent(
+            """\
+            ip access-list ACL1v4
+                10 permit ip any any
+                20 deny udp any any
+            ip access-list ComplicatedAcl
+                10 permit tcp any range 1024 65500 192.168.0.0 0.0.0.255 eq 1700
+            ipv6 access-list ACL1v6
+                10 permit sctp any any
+            """,
+        )
         set_module_args(dict(config=[], state="gathered"))
         result = self.execute_module(changed=False)
         compare_list = [
             {
                 "acls": [
                     {
+                        "name": "ACL1v6",
                         "aces": [
                             {
-                                "destination": {"any": True},
                                 "sequence": 10,
+                                "grant": "permit",
                                 "protocol": "sctp",
                                 "source": {"any": True},
-                                "grant": "permit",
+                                "destination": {"any": True},
                             },
                         ],
-                        "name": "ACL1v6",
                     },
                 ],
                 "afi": "ipv6",
             },
             {
                 "acls": [
                     {
+                        "name": "ACL1v4",
                         "aces": [
                             {
-                                "destination": {"any": True},
                                 "sequence": 10,
+                                "grant": "permit",
                                 "protocol": "ip",
                                 "source": {"any": True},
-                                "grant": "permit",
+                                "destination": {"any": True},
                             },
                             {
-                                "destination": {"any": True},
                                 "sequence": 20,
+                                "grant": "deny",
                                 "protocol": "udp",
                                 "source": {"any": True},
-                                "grant": "deny",
+                                "destination": {"any": True},
+                            },
+                        ],
+                    },
+                    {
+                        "name": "ComplicatedAcl",
+                        "aces": [
+                            {
+                                "sequence": 10,
+                                "grant": "permit",
+                                "protocol": "tcp",
+                                "source": {
+                                    "any": True,
+                                    "port_protocol": {"range": {"start": "1024", "end": "65500"}},
+                                },
+                                "destination": {
+                                    "address": "192.168.0.0",
+                                    "wildcard_bits": "0.0.0.255",
+                                    "port_protocol": {"eq": "1700"},
+                                },
                             },
                         ],
-                        "name": "ACL1v4",
                     },
                 ],
                 "afi": "ipv4",
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,6 +5,14 @@ Cisco Nxos Collection Release Notes @@
     .. contents:: Topics
+    v6.0.3
+    ======
+    Bugfixes
+    --------
+    - nxos_acls - Fix parsing of ace entries with range in it. (https://github.com/ansible-collections/cisco.nxos/issues/788)
     v6.0.2
     ======
@@ Expand Down @@