From 1e5f253515ccf61aacf2244aa03d54dcd1b235ea Mon Sep 17 00:00:00 2001 From: Sagar Paul Date: Wed, 14 Feb 2024 15:02:46 +0530 Subject: [PATCH 1/2] [nxos_acls] Fix parsing of aces with range (#816) * fix ace with range * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * comment addressed --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- changelogs/fragments/acls_gather_fix.yml | 3 ++ .../network/nxos/facts/acls/acls.py | 11 +++-- .../modules/network/nxos/test_nxos_acls.py | 46 +++++++++++++++---- 3 files changed, 47 insertions(+), 13 deletions(-) create mode 100644 changelogs/fragments/acls_gather_fix.yml diff --git a/changelogs/fragments/acls_gather_fix.yml b/changelogs/fragments/acls_gather_fix.yml new file mode 100644 index 000000000..057c950a8 --- /dev/null +++ b/changelogs/fragments/acls_gather_fix.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - nxos_acls - Fix parsing of ace entries with range in it. (https://github.com/ansible-collections/cisco.nxos/issues/788) diff --git a/plugins/module_utils/network/nxos/facts/acls/acls.py b/plugins/module_utils/network/nxos/facts/acls/acls.py index ca086bcf9..2a7366bc2 100644 --- a/plugins/module_utils/network/nxos/facts/acls/acls.py +++ b/plugins/module_utils/network/nxos/facts/acls/acls.py @@ -119,11 +119,12 @@ def get_endpoint(self, ace, pro): keywords = ["eq", "lt", "gt", "neq", "range"] if len(ace.split()) and ace.split()[0] in keywords: port_protocol = {} - port_pro = re.search(r"(eq|lt|gt|neq) (\S+)", ace) - if port_pro: - port_protocol.update({port_pro.group(1): port_pro.group(2)}) - ace = re.sub(port_pro.group(1), "", ace, 1) - ace = re.sub(port_pro.group(2), "", ace, 1) + if "range" not in ace.split()[0]: + port_pro = re.search(r"(eq|lt|gt|neq) (\S+)", ace) + if port_pro: + port_protocol.update({port_pro.group(1): port_pro.group(2)}) + ace = re.sub(port_pro.group(1), "", ace, 1) + ace = re.sub(port_pro.group(2), "", ace, 1) else: limit = re.search(r"range\s(?P\S+)\s(?P\S+)", ace) if limit: diff --git a/tests/unit/modules/network/nxos/test_nxos_acls.py b/tests/unit/modules/network/nxos/test_nxos_acls.py index b7c0e8663..75087f082 100644 --- a/tests/unit/modules/network/nxos/test_nxos_acls.py +++ b/tests/unit/modules/network/nxos/test_nxos_acls.py @@ -475,22 +475,33 @@ def test_nxos_acls_parsed(self): self.assertEqual(result["parsed"], compare_list, result["parsed"]) def test_nxos_acls_gathered(self): + self.execute_show_command.return_value = dedent( + """\ + ip access-list ACL1v4 + 10 permit ip any any + 20 deny udp any any + ip access-list ComplicatedAcl + 10 permit tcp any range 1024 65500 192.168.0.0 0.0.0.255 eq 1700 + ipv6 access-list ACL1v6 + 10 permit sctp any any + """, + ) set_module_args(dict(config=[], state="gathered")) result = self.execute_module(changed=False) compare_list = [ { "acls": [ { + "name": "ACL1v6", "aces": [ { - "destination": {"any": True}, "sequence": 10, + "grant": "permit", "protocol": "sctp", "source": {"any": True}, - "grant": "permit", + "destination": {"any": True}, }, ], - "name": "ACL1v6", }, ], "afi": "ipv6", @@ -498,23 +509,42 @@ def test_nxos_acls_gathered(self): { "acls": [ { + "name": "ACL1v4", "aces": [ { - "destination": {"any": True}, "sequence": 10, + "grant": "permit", "protocol": "ip", "source": {"any": True}, - "grant": "permit", + "destination": {"any": True}, }, { - "destination": {"any": True}, "sequence": 20, + "grant": "deny", "protocol": "udp", "source": {"any": True}, - "grant": "deny", + "destination": {"any": True}, + }, + ], + }, + { + "name": "ComplicatedAcl", + "aces": [ + { + "sequence": 10, + "grant": "permit", + "protocol": "tcp", + "source": { + "any": True, + "port_protocol": {"range": {"start": "1024", "end": "65500"}}, + }, + "destination": { + "address": "192.168.0.0", + "wildcard_bits": "0.0.0.255", + "port_protocol": {"eq": "1700"}, + }, }, ], - "name": "ACL1v4", }, ], "afi": "ipv4", From fdbfe11173aca042a47d96ddf62a069c24235f6b Mon Sep 17 00:00:00 2001 From: Nilashish Chakraborty Date: Thu, 15 Feb 2024 11:16:42 +0530 Subject: [PATCH 2/2] Prepare for v6.0.3 (#818) * Prepare for v6.0.3 Signed-off-by: NilashishC * Update galaxy.yml Signed-off-by: NilashishC * Add a note in platform_guide Signed-off-by: NilashishC --------- Signed-off-by: NilashishC --- CHANGELOG.rst | 8 ++++++++ changelogs/changelog.yaml | 7 +++++++ changelogs/fragments/acls_gather_fix.yml | 3 --- galaxy.yml | 2 +- platform_guide.rst | 7 +++++-- 5 files changed, 21 insertions(+), 6 deletions(-) delete mode 100644 changelogs/fragments/acls_gather_fix.yml diff --git a/CHANGELOG.rst b/CHANGELOG.rst index b92e441a2..ffab656bf 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,14 @@ Cisco Nxos Collection Release Notes .. contents:: Topics +v6.0.3 +====== + +Bugfixes +-------- + +- nxos_acls - Fix parsing of ace entries with range in it. (https://github.com/ansible-collections/cisco.nxos/issues/788) + v6.0.2 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index e043cc061..6a4ace8d8 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -1055,3 +1055,10 @@ releases: fragments: - fix_749.yaml release_date: "2024-02-06" + 6.0.3: + changes: + bugfixes: + - nxos_acls - Fix parsing of ace entries with range in it. (https://github.com/ansible-collections/cisco.nxos/issues/788) + fragments: + - acls_gather_fix.yml + release_date: "2024-02-14" diff --git a/changelogs/fragments/acls_gather_fix.yml b/changelogs/fragments/acls_gather_fix.yml deleted file mode 100644 index 057c950a8..000000000 --- a/changelogs/fragments/acls_gather_fix.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - nxos_acls - Fix parsing of ace entries with range in it. (https://github.com/ansible-collections/cisco.nxos/issues/788) diff --git a/galaxy.yml b/galaxy.yml index be9792ba9..020c0f8aa 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -10,4 +10,4 @@ readme: README.md repository: https://github.com/ansible-collections/cisco.nxos issues: https://github.com/ansible-collections/cisco.nxos/issues tags: [cisco, nxos, networking, nxapi, netconf] -version: 6.0.2 +version: 6.0.3 diff --git a/platform_guide.rst b/platform_guide.rst index 250854561..ab6035f32 100644 --- a/platform_guide.rst +++ b/platform_guide.rst @@ -37,8 +37,6 @@ Connections available ==================== ========================================== ========================= -The ``ansible_connection: local`` has been deprecated. Please use ``ansible_connection: ansible.netcommon.network_cli`` or ``ansible_connection: ansible.netcommon.httpapi`` instead. - Using CLI in Ansible ==================== @@ -61,6 +59,11 @@ Example CLI ``group_vars/nxos.yml`` - If you are accessing your host directly (not through a bastion/jump host) you can remove the ``ansible_ssh_common_args`` configuration. - If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the ``ProxyCommand`` directive. To prevent secrets from leaking out (for example in ``ps`` output), SSH does not support providing passwords through environment variables. +Note +----- + +When using ``ansible_connection: ansible.netcommon.network_cli``, the ``ansible_user`` must have permissions to execute the ``terminal length 0`` and ``terminal width 511`` commands on the target device. + Example CLI task ----------------