Closed tokyo-kinney closed 11 months ago
When gathering ACL facts using the nxos_acls module, if an ACL contains an ACE which contains a source host with a source port range to a destination, it is parsed incorrectly if it is a named port. Numeric ports were fixed with issue #731.
nxos_acls
ansible 2.10.14 config file = /Users/admin/.ansible.cfg configured module search path = ['/Users/admin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /Users/admin/.venvs/two-ten/lib/python3.6/site-packages/ansible executable location = /Users/admin/.venvs/two-ten/bin/ansible python version = 3.6.15 (default, Apr 21 2023, 11:04:18) [GCC Apple LLVM 14.0.3 (clang-1403.0.22.14.1)]
# /Users/admin/.ansible/collections/ansible_collections Collection Version ---------- ------- cisco.nxos 5.2.0
HOST_KEY_CHECKING(/Users/admin/Development/netbox/ansible.cfg) = False PERSISTENT_COMMAND_TIMEOUT(/Users/admin/Development/netbox/ansible.cfg) = 300
cisco Nexus9000 C93108TC-EX chassis NXOS: version 7.0(3)I7(3)
Using the nxos_acls module, gather ACL facts from an NX-OS device which contains an ACL which contains an ACE of the following format:
400 permit tcp any range ftp-data ftp any
The above ACE is being parsed as below:
{ "sequence": 400, "grant": "permit", "protocol": "tcp", "source": { "any": true }, "destination": { "address": "range", "wildcard_bits": "ftp-data" } },
As can be observed, the destination component of the dictionary is incorrect (as it was originally).
Furthermore, I am finding ACEs which have a destination port-range in port name format are also being parsed incorrectly in the latest release, e.g.
390 permit tcp any any range ftp-data ftp
is being parsed as:
{ "sequence": 390, "grant": "permit", "protocol": "tcp", "source": { "any": true }, "destination": { "any": true } },
The named port for both source and/or destination should be parsed properly.
"end": "ftp", "start": "ftp-data"
SUMMARY
When gathering ACL facts using the nxos_acls module, if an ACL contains an ACE which contains a source host with a source port range to a destination, it is parsed incorrectly if it is a named port. Numeric ports were fixed with issue #731.
ISSUE TYPE
COMPONENT NAME
nxos_acls
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
cisco Nexus9000 C93108TC-EX chassis NXOS: version 7.0(3)I7(3)
STEPS TO REPRODUCE
Using the nxos_acls module, gather ACL facts from an NX-OS device which contains an ACL which contains an ACE of the following format:
The above ACE is being parsed as below:
As can be observed, the destination component of the dictionary is incorrect (as it was originally).
Furthermore, I am finding ACEs which have a destination port-range in port name format are also being parsed incorrectly in the latest release, e.g.
is being parsed as:
EXPECTED RESULTS
The named port for both source and/or destination should be parsed properly.
ACTUAL RESULTS