a-c-m
/
community.general
mirror of https://github.com/ansible-collections/community.general.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix nxos_acl issues (#38283) 

* fix nxos_acl issues

* typo fix

* typo fix in sanity.yaml

* another typo fix in sanity.yaml
pull/4420/head
saichint 2018-04-05 21:57:13 -07:00 committed by Trishna Guha
parent f355eb621a
commit 1bf29651af
2 changed files with 208 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
lib/ansible/modules/network/nxos/nxos_acl.py
View File

@ -203,6 +203,7 @@ def get_acl(module, acl_name, seq_number):
for acl in all_acl_body: for acl in all_acl_body:
if acl.get('acl_name') == acl_name: if acl.get('acl_name') == acl_name:
acl_body = acl acl_body = acl
break
try: try:
acl_entries = acl_body['TABLE_seqno']['ROW_seqno'] acl_entries = acl_body['TABLE_seqno']['ROW_seqno']
@ -226,7 +227,7 @@ def get_acl(module, acl_name, seq_number):
temp['action'] = 'remark' temp['action'] = 'remark'
else: else:
temp['action'] = each.get('permitdeny') temp['action'] = each.get('permitdeny')
temp['proto'] = each.get('proto', each.get('proto_str', each.get('ip'))) temp['proto'] = str(each.get('proto', each.get('proto_str', each.get('ip'))))
temp['src'] = each.get('src_any', each.get('src_ip_prefix')) temp['src'] = each.get('src_any', each.get('src_ip_prefix'))
temp['src_port_op'] = each.get('src_port_op') temp['src_port_op'] = each.get('src_port_op')
temp['src_port1'] = each.get('src_port1_num') temp['src_port1'] = each.get('src_port1_num')
@ -458,13 +459,35 @@ def main():
delta_options = {} delta_options = {}
if not existing_core.get('remark'): if not existing_core.get('remark'):
delta_core = dict( dcore = dict(
set(proposed_core.items()).difference( set(proposed_core.items()).difference(
existing_core.items()) existing_core.items())
) )
delta_options = dict( if not dcore:
set(proposed_options.items()).difference( # check the diff in the other way just in case
existing_options.items()) dcore = dict(
set(existing_core.items()).difference(
proposed_core.items())
)
delta_core = dcore
if delta_core:
delta_options = proposed_options
else:
doptions = dict(
set(proposed_options.items()).difference(
existing_options.items())
)
# check the diff in the other way just in case
if not doptions:
doptions = dict(
set(existing_options.items()).difference(
proposed_options.items())
)
delta_options = doptions
else:
delta_core = dict(
set(proposed_core.items()).difference(
existing_core.items())
) )
if state == 'present': if state == 'present':

184
test/integration/targets/nxos_acl/tests/common/sanity.yaml
View File

@ -10,12 +10,12 @@
nxos_acl: &remove nxos_acl: &remove
name: TEST_ACL name: TEST_ACL
seq: 10 seq: 10
state: absent state: delete_acl
provider: "{{ connection }}" provider: "{{ connection }}"
ignore_errors: yes ignore_errors: yes
- name: "Configure ACL" - name: "Configure ACE10"
nxos_acl: &configure nxos_acl: &conf10
name: TEST_ACL name: TEST_ACL
seq: 10 seq: 10
action: permit action: permit
@ -27,6 +27,8 @@
ack: 'enable' ack: 'enable'
dscp: 'af43' dscp: 'af43'
dest: any dest: any
dest_port_op: neq
dest_port1: 1899
urg: 'enable' urg: 'enable'
psh: 'enable' psh: 'enable'
established: 'enable' established: 'enable'
@ -44,13 +46,187 @@
- "result.changed == true" - "result.changed == true"
- name: "Check Idempotence" - name: "Check Idempotence"
nxos_acl: *configure nxos_acl: *conf10
register: result register: result
- assert: &false - assert: &false
that: that:
- "result.changed == false" - "result.changed == false"
- name: "Change ACE10"
nxos_acl: &chg10
name: TEST_ACL
seq: 10
action: deny
proto: tcp
src: 1.1.1.1/24
src_port_op: range
src_port1: 1900
src_port2: 1910
ack: 'enable'
dscp: 'af43'
dest: any
dest_port_op: neq
dest_port1: 1899
urg: 'enable'
psh: 'enable'
established: 'enable'
log: 'enable'
fin: 'enable'
rst: 'enable'
syn: 'enable'
time_range: "{{time_range|default(omit)}}"
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence"
nxos_acl: *chg10
register: result
- assert: *false
- name: "ace remark"
nxos_acl: &remark
name: TEST_ACL
seq: 20
action: remark
remark: test_remark
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence"
nxos_acl: *remark
register: result
- assert: *false
- name: "change remark"
nxos_acl: &chgremark
name: TEST_ACL
seq: 20
action: remark
remark: changed_remark
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence"
nxos_acl: *chgremark
register: result
- assert: *false
- name: "ace 30"
nxos_acl: &ace30
name: TEST_ACL
seq: 30
action: deny
proto: 24
src: any
dest: any
fragments: enable
precedence: network
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence"
nxos_acl: *ace30
register: result
- assert: *false
- name: "change ace 30 options"
nxos_acl: &chgace30opt
name: TEST_ACL
seq: 30
action: deny
proto: 24
src: any
dest: any
precedence: network
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence"
nxos_acl: *chgace30opt
register: result
- assert: *false
- name: "ace 40"
nxos_acl: &ace40
name: TEST_ACL
seq: 40
action: permit
proto: udp
src: any
src_port_op: neq
src_port1: 1200
dest: any
precedence: network
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence"
nxos_acl: *ace40
register: result
- assert: *false
- name: "change ace 40"
nxos_acl: &chgace40
name: TEST_ACL
seq: 40
action: permit
proto: udp
src: any
dest: any
precedence: network
state: present
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence"
nxos_acl: *chgace40
register: result
- assert: *false
- name: "remove ace 30"
nxos_acl: &remace30
name: TEST_ACL
seq: 30
state: absent
provider: "{{ connection }}"
register: result
- assert: *true
- name: "Check Idempotence"
nxos_acl: *remace30
register: result
- assert: *false
- name: "Remove ACL" - name: "Remove ACL"
nxos_acl: *remove nxos_acl: *remove
register: result register: result