Standard ACL not being treated as Standard ACL #378
Description
SUMMARY
'standard' access-lists not being respected
ISSUE TYPE
arista.eos.eos_acls
COMPONENT NAME
arista.eos.eos_acls
ANSIBLE VERSION
ansible [core 2.13.4]
config file = /home/xxx/colo/arista_ansible/ansible.cfg
configured module search path = ['/home/xxx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/xxx/.local/lib/python3.9/site-packages/ansible
ansible collection location = /home/xxx/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.9.6 (default, Jul 27 2022, 17:34:46) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
jinja version = 3.1.2
libyaml = True
COLLECTION VERSION
# /home/xxx/.ansible/collections/ansible_collections
Collection Version
---------- -------
arista.eos 5.0.1
# /home/xxx/.local/lib/python3.9/site-packages/ansible_collections
Collection Version
---------- -------
arista.eos 5.0.1
# /usr/local/lib/python3.9/site-packages/ansible_collections
Collection Version
---------- -------
arista.eos 5.0.1
# /usr/share/ansible/collections/ansible_collections
Collection Version
---------- -------
arista.eos 5.0.0
CONFIGURATION
DEFAULT_CLICONF_PLUGIN_PATH(/home/xxx/colo/arista_ansible/ansible.cfg) = ['/root/.ansible/collections/ansible_collections/a10/acos_cli/plugins/cliconf']
DEFAULT_FORKS(/home/xxx/colo/arista_ansible/ansible.cfg) = 50
DEFAULT_HOST_LIST(/home/xxx/colo/arista_ansible/ansible.cfg) = ['/home/xxx/colo/arista_ansible/ansible-hosts']
DEFAULT_STDOUT_CALLBACK(/home/xxx/colo/arista_ansible/ansible.cfg) = yaml
DEFAULT_TERMINAL_PLUGIN_PATH(/home/xxx/colo/arista_ansible/ansible.cfg) = ['/root/.ansible/collections/ansible_collections/a10/acos_cli/plugins/terminal']
DEPRECATION_WARNINGS(/home/xxx/colo/arista_ansible/ansible.cfg) = False
HOST_KEY_CHECKING(/home/xxx/colo/arista_ansible/ansible.cfg) = False
RETRY_FILES_ENABLED(/home/xxx/colo/arista_ansible/ansible.cfg) = False
OS / ENVIRONMENT
Centos 7
Arista
4.23.6M-2GB
STEPS TO REPRODUCE
---
- name: Parsed state play
hosts: "{{ aristas }} "
gather_facts: false
vars_prompt:
- name: "aristas"
prompt: "Which switches would you like to run this on? (a group or device from ansible-hosts)"
private: no
- name: "username"
prompt: "Username?"
private: no
- name: "password"
prompt: "Password?"
private: yes
vars:
ansible_connection: network_cli
ansible_network_os: eos
ansible_user: "{{ username }}"
ansible_password: "{{ password }}"
tasks:
- name: ACL file to parse
set_fact:
acltoparse: "{{ lookup('file','acl.txt') }}"
- name: Parse the provided ACLs configuration
arista.eos.eos_acls:
running_config: "{{ acltoparse }}"
state: parsed
register: aclstoapply
- name: "Print ACLs"
debug:
msg: "{{ aclstoapply }}"
- name: Replace ACLs config with device existing ACLs config
arista.eos.eos_acls:
state: replaced
config: "{{ aclstoapply.parsed }}"
register: applied
#- name: "Print ACLs"
# debug:
# msg: "{{ applied.before }}"
- name: Render before
arista.eos.eos_acls:
config: "{{ applied.before }}"
state: rendered
register: renderedbefore
- name: Render after
arista.eos.eos_acls:
config: "{{ applied.after }}"
state: rendered
register: renderedafter
when: not ansible_check_mode
- name: Before/after diff (Failed means there's no after output AKA nothing has changed)
ansible.utils.fact_diff:
before: "{{ renderedbefore|to_nice_yaml }}"
after: "{{ renderedafter|to_nice_yaml }}"
register: aclsdiff
EXPECTED RESULTS
We'd expect the ACLs to be replaced correctly
ACTUAL RESULTS
It's not treating it as a standard ACL so fails.
It is seen as 'standard' in the output for applyig
ansible.module_utils.connection.ConnectionError: ip access-list XXXXX
% Error: Cannot modify ip ACL XXXXX(Not extended access-list)
- aces:
- grant: permit
sequence: 10
source:
subnet_address: 8.8.8.0/24
name: XXXXX
standard: true