search

ansible-collections / arista.eos

Ansible Network Collection for Arista EOS
GNU General Public License v3.0
81 stars 64 forks source link

Standard ACL not being treated as Standard ACL #378

Open mostdaysarebaddays opened 1 year ago

mostdaysarebaddays commented 1 year ago
SUMMARY

'standard' access-lists not being respected

ISSUE TYPE

arista.eos.eos_acls

COMPONENT NAME

arista.eos.eos_acls

ANSIBLE VERSION
ansible [core 2.13.4]
  config file = /home/xxx/colo/arista_ansible/ansible.cfg
  configured module search path = ['/home/xxx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/xxx/.local/lib/python3.9/site-packages/ansible
  ansible collection location = /home/xxx/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.6 (default, Jul 27 2022, 17:34:46) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
  jinja version = 3.1.2
  libyaml = True
COLLECTION VERSION
# /home/xxx/.ansible/collections/ansible_collections
Collection Version
---------- -------
arista.eos 5.0.1

# /home/xxx/.local/lib/python3.9/site-packages/ansible_collections
Collection Version
---------- -------
arista.eos 5.0.1

# /usr/local/lib/python3.9/site-packages/ansible_collections
Collection Version
---------- -------
arista.eos 5.0.1

# /usr/share/ansible/collections/ansible_collections
Collection Version
---------- -------
arista.eos 5.0.0
CONFIGURATION
DEFAULT_CLICONF_PLUGIN_PATH(/home/xxx/colo/arista_ansible/ansible.cfg) = ['/root/.ansible/collections/ansible_collections/a10/acos_cli/plugins/cliconf']
DEFAULT_FORKS(/home/xxx/colo/arista_ansible/ansible.cfg) = 50
DEFAULT_HOST_LIST(/home/xxx/colo/arista_ansible/ansible.cfg) = ['/home/xxx/colo/arista_ansible/ansible-hosts']
DEFAULT_STDOUT_CALLBACK(/home/xxx/colo/arista_ansible/ansible.cfg) = yaml
DEFAULT_TERMINAL_PLUGIN_PATH(/home/xxx/colo/arista_ansible/ansible.cfg) = ['/root/.ansible/collections/ansible_collections/a10/acos_cli/plugins/terminal']
DEPRECATION_WARNINGS(/home/xxx/colo/arista_ansible/ansible.cfg) = False
HOST_KEY_CHECKING(/home/xxx/colo/arista_ansible/ansible.cfg) = False
RETRY_FILES_ENABLED(/home/xxx/colo/arista_ansible/ansible.cfg) = False
OS / ENVIRONMENT

Centos 7 Arista 4.23.6M-2GB

STEPS TO REPRODUCE
---
- name: Parsed state play
  hosts: "{{ aristas }} "
  gather_facts: false
  vars_prompt:

  - name: "aristas"
    prompt: "Which switches would you like to run this on? (a group or device from ansible-hosts)"
    private: no

  - name: "username"
    prompt: "Username?"
    private: no

  - name: "password"
    prompt: "Password?"
    private: yes

  vars:
     ansible_connection: network_cli
     ansible_network_os: eos
     ansible_user: "{{ username }}"
     ansible_password: "{{ password }}"

  tasks:
    - name: ACL file to parse
      set_fact:
        acltoparse: "{{ lookup('file','acl.txt') }}"

    - name: Parse the provided ACLs configuration
      arista.eos.eos_acls:
       running_config:  "{{ acltoparse }}"
       state: parsed
      register: aclstoapply

    - name: "Print ACLs"
      debug:
       msg: "{{ aclstoapply }}"

    - name: Replace ACLs config with device existing ACLs config
      arista.eos.eos_acls:
       state: replaced
       config: "{{ aclstoapply.parsed }}"
      register: applied

    #- name: "Print ACLs"
    #  debug:
    #    msg: "{{ applied.before }}"

    - name: Render before
      arista.eos.eos_acls:
       config: "{{ applied.before }}"
       state: rendered
      register: renderedbefore

    - name: Render after
      arista.eos.eos_acls:
       config: "{{ applied.after }}"
       state: rendered
      register: renderedafter
      when: not ansible_check_mode

    - name:  Before/after diff (Failed means there's no after output AKA nothing has changed)
      ansible.utils.fact_diff:
        before: "{{ renderedbefore|to_nice_yaml  }}"
        after: "{{ renderedafter|to_nice_yaml  }}"
      register: aclsdiff
EXPECTED RESULTS

We'd expect the ACLs to be replaced correctly

ACTUAL RESULTS

It's not treating it as a standard ACL so fails.

It is seen as 'standard' in the output for applyig

    ansible.module_utils.connection.ConnectionError: ip access-list XXXXX
    % Error: Cannot modify ip ACL XXXXX(Not extended access-list)

      - aces:
        - grant: permit
          sequence: 10
          source:
            subnet_address: 8.8.8.0/24
        name: XXXXX
        standard: true
averyhabbott commented 8 months ago

Same problem, still not resolved