ios_acls no longer idempotent

SUMMARY

Latest cisco.ios.ios_acls always reports a change and is no longer idempotent. This worked in previous versions. For example, idempotence works as expected with ansible galaxy collection cisco.ios 4.6.1

ISSUE TYPE

Bug Report

COMPONENT NAME

cisco.ios.ios_acls

ANSIBLE VERSION

ansible [core 2.16.2]
  config file = None
  configured module search path = ['/home/semaphore/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/semaphore/.local/lib/python3.10/site-packages/ansible
  ansible collection location = /home/semaphore/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/semaphore/.local/bin/ansible
  python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True

COLLECTION VERSION

Collection Version
---------- -------
cisco.ios  5.3.0

CONFIGURATION

CONFIG_FILE() = /tmp/semaphore/repository_1_3/ansible.cfg
DEFAULT_GATHERING(/tmp/semaphore/repository_1_3/ansible.cfg) = explicit
DEFAULT_HOST_LIST(/tmp/semaphore/repository_1_3/ansible.cfg) = ['/tmp/semaphore/repository_1_3/hosts.yaml']
DEFAULT_JINJA2_EXTENSIONS(/tmp/semaphore/repository_1_3/ansible.cfg) = jinja2.ext.loopcontrols,jinja2.ext.do
DISPLAY_SKIPPED_HOSTS(/tmp/semaphore/repository_1_3/ansible.cfg) = False
DUPLICATE_YAML_DICT_KEY(/tmp/semaphore/repository_1_3/ansible.cfg) = error
HOST_KEY_CHECKING(/tmp/semaphore/repository_1_3/ansible.cfg) = False
PERSISTENT_COMMAND_TIMEOUT(/tmp/semaphore/repository_1_3/ansible.cfg) = 30
PERSISTENT_CONNECT_TIMEOUT(/tmp/semaphore/repository_1_3/ansible.cfg) = 60
RETRY_FILES_ENABLED(/tmp/semaphore/repository_1_3/ansible.cfg) = False

OS / ENVIRONMENT

Ubuntu Server 22.04.4

STEPS TO REPRODUCE

Run playbook to configure simple acl on router and observe that module attempts to change acl even though it already matches desired config.

# Playbook task example

    - name: "Configure management ACL"
      cisco.ios.ios_acls:
        config: "{{ access_lists }}"
        state: replaced
      register: results

    - name: "Print management acl config changes"
      ansible.builtin.debug:
        msg: "{{ results.commands }}"
      when:
        - results.changed | bool
        - results.commands is defined

# access_lists var for acl
access_lists:
  - afi: "ipv4"
    acls:
      - name: "mgmt-acl"
        acl_type: "extended"
        aces:
          - sequence: 10
            grant: "permit"
            protocol: "ip"
            source:
              address: "192.168.122.0"
              wildcard_bits: "0.0.0.255"
            destination:
              any: true

EXPECTED RESULTS

Task/module should report no changes when config on device matches desired ACL

ACTUAL RESULTS

Task/module attempts to configure acl even though it matches

TASK [Configure management ACL] ****************************************************************************************************************************************************************************
changed: [R2]                                                                                         
changed: [R1]                                                                                         

TASK [Print management acl config changes] *****************************************************************************************************************************************************************
ok: [R1] => {
    "msg": [
        "ip access-list extended mgmt-acl",
        "no permit ip 192.168.122.0 0.0.0.255 any", 
        "10 permit ip 192.168.122.0 0.0.0.255 any"
    ]
}
ok: [R2] => {
    "msg": [
        "ip access-list extended mgmt-acl",
        "no permit ip 192.168.122.0 0.0.0.255 any", 
        "10 permit ip 192.168.122.0 0.0.0.255 any"
    ]
}

ansible-collections / cisco.ios