search

nuagenetworks / vspk-ansible

An ansible module to manage Nuage VSP environments
BSD 3-Clause "New" or "Revised" License
7 stars 4 forks source link

addressOverride being ignored in vspk (ansible) #5

Closed coarasa closed 7 years ago

coarasa commented 7 years ago

The issue has been tested under vspk 4.0.7, 4.0.8 and 5.0.21 and discussed Marc Wolf of Nokia.

When trying to add a ACLs into the VSD (a IngressACLEntryTemplate) using ansible and vspk the following output is given (and marked with =>), where you can see that the addressOverride values have been ignored:

changed: [localhost] => {
"changed": true,
"entities": [
    {
        "ACLTemplateName": "default",
        "DSCP": "*",
        "ICMPCode": null,
        "ICMPType": null,
        "ID": "90a33493-5ecc-4172-b21c-7b3e47c016d4",
        "IPv6AddressOverride": null,
        "action": "FORWARD",

=> "addressOverride": null, "associatedApplicationID": null, "associatedApplicationObjectID": null, "associatedApplicationObjectType": null, "associatedLiveEntityID": null, "creationDate": 1503480166000, "description": "test-marc2", "destinationPort": "7443", "domainName": "sdn-ext_and_int_svc-l3-s-001", "enterpriseName": "toni-vCPE-test1", "entityScope": "ENTERPRISE", "etherType": "0x0800", "externalID": null, "flowLoggingEnabled": false, "lastUpdatedBy": "6be3de5e-b228-454d-a6c8-ad050d726f66", "lastUpdatedDate": 1503480166000, "locationID": null, "locationType": "ANY", "mirrorDestinationID": null, "networkID": "5a0d5a3c-e3b5-4a79-a2be-b997bd685b06", "networkType": "NETWORK_MACRO_GROUP", "owner": "6be3de5e-b228-454d-a6c8-ad050d726f66", "parentID": "6af506b8-d72d-46e9-99b6-a22893b55d36", "parentType": "ingressacltemplate", "policyState": "LIVE", "priority": 29, "protocol": "6", "reflexive": false, "sourcePort": "*", "stateful": false, "statsID": "426a401a-98c6-47e9-9be5-e55ae3022884", "statsLoggingEnabled": false } ], "id": "90a33493-5ecc-4172-b21c-7b3e47c016d4", "invocation": { "module_args": { "auth": { "api_enterprise": "toni-vCPE-test1", "api_password": "*EDITED", "api_url": "https://10.232.103.11:8443", "api_username": "admin", "api_version": "v4_0" }, "children": null, "command": null, "id": null, "match_filter": "description == 'test-marc2'", "parent_id": "6af506b8-d72d-46e9-99b6-a22893b55d36", "parent_type": "IngressACLTemplate", "properties": { "action": "FORWARD", => "addressOverride": "194.128.99.3/32", "description": "test-marc2", "destination_port": 7443, "ether_type": "0x0800", "location_type": "ANY", "network_id": "5a0d5a3c-e3b5-4a79-a2be-b997bd685b06", "network_type": "NETWORK_MACRO_GROUP", "priority": 29, "protocol": 6, "source_port": "*" }, "state": "present", "type": "IngressACLEntryTemplate" } }, "state": "present" }

Using Ansible and VSPK does not send the addressOverride parameter, but implemented in VSD.

::

Aug 23 11:22:46 vsd-t1-01.test.kpn.com java {"userName":"admin","enterpriseName":"toni-vCPE-test1","type":"CREATE","entityType":"ingressaclentrytemplate","entityVersion":null,"eventReceivedTime":1503480166972,"entities":[{"parentType":"ingressacltemplate","entityScope":"ENTERPRISE","policyState":"LIVE","reflexive":false,"stateful":false,"locationType":"ANY","networkType":"NETWORK_MACRO_GROUP","etherType":"0x0800","description":"test-marc2","sourcePort":"*","destinationPort":"7443","protocol":"6","priority":29,"action":"FORWARD","domainName":"sdn-ext_and_int_svc-l3-s-001","enterpriseName":"toni-vCPE-test1","ID":"90a33493-5ecc-4172-b21c-7b3e47c016d4","networkID":"5a0d5a3c-e3b5-4a79-a2be-b997bd685b06","DSCP":"*","ACLTemplateName":"default"}],"diffMap":null,"ignoreDiffInMediationEvents":false,"updateMechanism":"DEFAULT"}

In case the ACL is created manually using the VSD GUI the following CREATE action is send to the VSD and it works:

::

Aug 23 11:19:29 vsd-t1-01.test.kpn.com java {"userName":"admin","enterpriseName":"toni-vCPE-test1","type":"CREATE","entityType":"ingressaclentrytemplate","entityVersion":null,"eventReceivedTime":1503479969501,"entities":[{"parentType":"ingressacltemplate","entityScope":"ENTERPRISE","policyState":"DRAFT","reflexive":false,"stateful":false,"locationType":"ANY","networkType":"NETWORK_MACRO_GROUP","etherType":"0x0800","description":"test-marc","sourcePort":"","destinationPort":"7443","protocol":"6","priority":31,"action":"FORWARD","addressOverride":"194.128.0.0/32","domainName":"sdn-ext_and_int_svc-l3-s-001","enterpriseName":"toni-vCPE-test1","ID":"9b869b8b-2a08-4ac8-9cc2-dabc5bf1c923","networkID":"5a0d5a3c-e3b5-4a79-a2be-b997bd685b06","DSCP":"","ACLTemplateName":"default"}],"diffMap":null,"ignoreDiffInMediationEvents":false,"updateMechanism":"DEFAULT"}

aclmanualentry

The ansible code used was:

::

  nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: IngressACLEntryTemplate
    parent_id: "{{ nuage_top_ingress_policy.id }}"
    parent_type: IngressACLTemplate
    state: present
    match_filter: "description == 'test-marc2'"
    properties:
      action: FORWARD
      description: "test-marc2"
      ether_type: "0x0800"
      location_type: ANY
      addressOverride: '194.128.99.3/32'
      network_type: NETWORK_MACRO_GROUP
      network_id: "5a0d5a3c-e3b5-4a79-a2be-b997bd685b06"
      source_port: "*"
      priority: 29
      destination_port: 7443
      protocol: 6
coarasa commented 7 years ago 
  addressOverride: '194.128.99.3/32'

has to read 

  address_override: '194.128.99.3/32'