nxos_acls - Parsing error when gathering ACL

Question

nxos_acls - Parsing error when gathering ACL

mattspera opened this issue 9 months ago · 0 comments

SUMMARY

When gathering ACL facts using the nxos_acls module, if an ACL contains an ACE of the below format, it is parsed incorrectly.

nexus-01(config-acl)# sh ip access-lists RH-SUPPORT-ACL

IP access list RH-SUPPORT-ACL
        10 permit tcp any range 1024 65535 192.168.0.0 0.0.0.255 eq 1720

ISSUE TYPE

Bug Report

COMPONENT NAME

nxos_acls

ANSIBLE VERSION

ansible 2.10.14
  config file = /Users/admin/Development/netbox/ansible.cfg
  configured module search path = ['/Users/admin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/admin/.venv/two-ten/lib/python3.9/site-packages/ansible
  executable location = /Users/admin/.venv/two-ten/bin/ansible
  python version = 3.9.6 (default, Aug 11 2023, 19:44:49) [Clang 15.0.0 (clang-1500.0.40.1)]

COLLECTION VERSION

# /Users/admin/.ansible/collections/ansible_collections
Collection Version
---------- -------
cisco.nxos 5.3.0

CONFIGURATION

HOST_KEY_CHECKING(/Users/admin/Development/netbox/ansible.cfg) = False
PERSISTENT_COMMAND_TIMEOUT(/Users/admin/Development/netbox/ansible.cfg) = 300

OS / ENVIRONMENT

cisco Nexus9000 C93108TC-EX chassis
NXOS: version 7.0(3)I7(3)

STEPS TO REPRODUCE

Using the nxos_acls module, gather ACL facts from an NX-OS device which contains the following ACL:

ip access-list RH-SUPPORT-ACL
  10 permit tcp any range 1024 65535 192.168.0.0 0.0.0.255 eq 1720

---

- name: DISCOVER CISCO NX-OS ACL CONFIG
  hosts: all
  gather_facts: false

  tasks:

    - name: GATHER NXOS ACL FACTS
      cisco.nxos.nxos_acls:
        state: gathered
      register: acls

EXPECTED RESULTS

It is expected the ACE is parsed correctly, like so:

{
    "aces": [
        {
            "destination": {
                "address": "192.168.0.0",
                "wildcard_bits": "0.0.0.255"
                "port_protocol": {
                    "eq": "1720"
                },
            },
            "grant": "permit",
            "protocol": "tcp",
            "sequence": 10,
            "source": {
                "any": true,
                "port_protocol": {
                    "range": {
                        "end": "65535",
                        "start": "1024"
                    }
                },
            }
        }
    ],
    "name": "RH-SUPPORT-ACL"
}

ACTUAL RESULTS

As can be observed, the source and destination components are parsed incorrectly.

{
    "aces": [
        {
            "destination": {
                "address": "range",
                "wildcard_bits": "1024"
            },
            "grant": "permit",
            "protocol": "tcp",
            "sequence": 10,
            "source": {
                "any": true,
                "port_protocol": {
                    "eq": "1720"
                }
            }
        }
    ],
    "name": "RH-SUPPORT-ACL"
}