From abed08a8165d5f3647e1075efe37693a5894357a Mon Sep 17 00:00:00 2001 From: Sean Sullivan Date: Wed, 28 Aug 2024 04:56:18 -0400 Subject: [PATCH] Fixes Resource module cisco.nxos.nxos_acls is not correctly converting the ports under port_protocol range keys (#888) * bugfix/acl port protocol lookup for range start and end * Create bugfix_vrf_range_resolution.yml Create Changelog Fragment * chore: auto fixes from pre-commit.com hooks * updates * chore: auto fixes from pre-commit.com hooks * add unit test case * chore: auto fixes from pre-commit.com hooks * update test * allow non-numeric values to pass through as strings * chore: auto fixes from pre-commit.com hooks * allow non-numeric values to pass through as strings * chore: auto fixes from pre-commit.com hooks * fix test * chore: auto fixes from pre-commit.com hooks --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Sagar Paul Co-authored-by: Ruchi Pakhle --- .../fragments/bugfix_vrf_range_resolution.yml | 3 ++ .../network/nxos/config/acls/acls.py | 34 ++++++++++------ .../modules/network/nxos/test_nxos_acls.py | 39 +++++++++++++++++++ 3 files changed, 65 insertions(+), 11 deletions(-) create mode 100644 changelogs/fragments/bugfix_vrf_range_resolution.yml diff --git a/changelogs/fragments/bugfix_vrf_range_resolution.yml b/changelogs/fragments/bugfix_vrf_range_resolution.yml new file mode 100644 index 000000000..ca0106ce5 --- /dev/null +++ b/changelogs/fragments/bugfix_vrf_range_resolution.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - "acls - Fix lookup of range port conversion from int to string to allow strings (https://github.com/ansible-collections/cisco.nxos/pull/888)." diff --git a/plugins/module_utils/network/nxos/config/acls/acls.py b/plugins/module_utils/network/nxos/config/acls/acls.py index a62489b28..14462f45d 100644 --- a/plugins/module_utils/network/nxos/config/acls/acls.py +++ b/plugins/module_utils/network/nxos/config/acls/acls.py @@ -242,17 +242,29 @@ def convert_values(self, want): int(val) ] else: - st = int(ace[x]["port_protocol"]["range"]["start"]) - end = int(ace[x]["port_protocol"]["range"]["end"]) - - if st in port_protocol.keys(): - ace[x]["port_protocol"]["range"]["start"] = ( - port_protocol[st] - ) - if end in port_protocol.keys(): - ace[x]["port_protocol"]["range"]["end"] = ( - port_protocol[end] - ) + st = ace[x]["port_protocol"]["range"]["start"] + end = ace[x]["port_protocol"]["range"]["end"] + + if st.isdigit(): + if int(st) in port_protocol.keys(): + ace[x]["port_protocol"]["range"]["start"] = ( + port_protocol[int(st)] + ) + else: + if st in port_protocol.keys(): + ace[x]["port_protocol"]["range"]["start"] = ( + port_protocol[st] + ) + if end.isdigit(): + if int(end) in port_protocol.keys(): + ace[x]["port_protocol"]["range"]["end"] = ( + port_protocol[int(end)] + ) + else: + if end in port_protocol.keys(): + ace[x]["port_protocol"]["range"]["end"] = ( + port_protocol[end] + ) return want def set_state(self, want, have): diff --git a/tests/unit/modules/network/nxos/test_nxos_acls.py b/tests/unit/modules/network/nxos/test_nxos_acls.py index de3595cef..b473d82a9 100644 --- a/tests/unit/modules/network/nxos/test_nxos_acls.py +++ b/tests/unit/modules/network/nxos/test_nxos_acls.py @@ -990,3 +990,42 @@ def test_nxos_acls_ranges(self): ] result = self.execute_module(changed=False) self.assertEqual(result["gathered"], gathered) + + def test_nxos_acls_protocol_conversion(self): + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + acls=[ + dict( + name="SIPS_Automation_Test_ACL_Create", + aces=[ + dict( + sequence=17, + grant="permit", + protocol="tcp", + source=dict(any=True), + destination=dict( + prefix="10.247.12.0/24", + port_protocol=dict( + range=dict( + start="ftp-data", + end=23, + ), + ), + ), + ), + ], + ), + ], + ), + ], + state="merged", + ), + ) + commands = [ + "ip access-list SIPS_Automation_Test_ACL_Create", + "17 permit tcp any 10.247.12.0/24 range ftp-data telnet", + ] + self.execute_module(changed=True, commands=commands)