[acls] Fix parsing error when ACE has named source port range

Question

[acls] Fix parsing error when ACE has named source port range

tokyo-kinney opened this issue a year ago · 0 comments

SUMMARY

When gathering ACL facts using the nxos_acls module, if an ACL contains an ACE which contains a source host with a source port range to a destination, it is parsed incorrectly if it is a named port.
Numeric ports were fixed with issue #731.

ISSUE TYPE

Bug Report

COMPONENT NAME

nxos_acls

ANSIBLE VERSION

ansible 2.10.14
  config file = /Users/admin/.ansible.cfg
  configured module search path = ['/Users/admin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/admin/.venvs/two-ten/lib/python3.6/site-packages/ansible
  executable location = /Users/admin/.venvs/two-ten/bin/ansible
  python version = 3.6.15 (default, Apr 21 2023, 11:04:18) [GCC Apple LLVM 14.0.3 (clang-1403.0.22.14.1)]

COLLECTION VERSION

# /Users/admin/.ansible/collections/ansible_collections
Collection Version
---------- -------
cisco.nxos 5.2.0

CONFIGURATION

HOST_KEY_CHECKING(/Users/admin/Development/netbox/ansible.cfg) = False
PERSISTENT_COMMAND_TIMEOUT(/Users/admin/Development/netbox/ansible.cfg) = 300

OS / ENVIRONMENT

cisco Nexus9000 C93108TC-EX chassis
NXOS: version 7.0(3)I7(3)

STEPS TO REPRODUCE

Using the nxos_acls module, gather ACL facts from an NX-OS device which contains an ACL which contains an ACE of the following format:

400 permit tcp any range ftp-data ftp any

The above ACE is being parsed as below:

{
    "sequence": 400,
    "grant": "permit",
    "protocol": "tcp",
    "source": {
        "any": true
    },
    "destination": {
        "address": "range",
        "wildcard_bits": "ftp-data"
    }
},

As can be observed, the destination component of the dictionary is incorrect (as it was originally).

Furthermore, I am finding ACEs which have a destination port-range in port name format are also being parsed incorrectly in the latest release, e.g.

390 permit tcp any any range ftp-data ftp

is being parsed as:

{
    "sequence": 390,
    "grant": "permit",
    "protocol": "tcp",
    "source": {
        "any": true
    },
    "destination": {
        "any": true
    }
},

EXPECTED RESULTS

The named port for both source and/or destination should be parsed properly.

                                        "end": "ftp",
                                        "start": "ftp-data"

ACTUAL RESULTS

{
    "sequence": 400,
    "grant": "permit",
    "protocol": "tcp",
    "source": {
        "any": true
    },
    "destination": {
        "address": "range",
        "wildcard_bits": "ftp-data"
    }
},

{
    "sequence": 390,
    "grant": "permit",
    "protocol": "tcp",
    "source": {
        "any": true
    },
    "destination": {
        "any": true
    }
},