Skip to content

Correct indentation in ACL comparator #564

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Ruchip16 merged 7 commits into from
Jun 5, 2025
Merged

Correct indentation in ACL comparator #564

Ruchip16 merged 7 commits into from
Jun 5, 2025

Conversation

@bewing
Copy link
Contributor

@bewing bewing commented Dec 30, 2024

SUMMARY

Change indentation of ACL present check in _state_replaced to only try to add a missing wanted ACL after processing all have ACLs.

Possibly fixes #512

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

arista.eos.eos_acls

ADDITIONAL INFORMATION

@bewing
Add unit test for ansible-collections#512
d8c915d
@bewing
Correct indentation of ACL comparator
d6286e1 
Only check for missing wanted ACLs after processing all had ACLs, not
just the first one.  Addresses ansible-collections#512
@roverflow roverflow requested a review from Ruchip16 January 8, 2025 09:48
@bewing
Copy link
Contributor Author

bewing commented Feb 13, 2025

@Ruchip16 is there anything needed from my side to move this PR forward?

@Ruchip16
Copy link
Member

Ruchip16 commented Mar 24, 2025

@Ruchip16 is there anything needed from my side to move this PR forward?

hey thank you for raising the PR, can you kindly add integration tests as well to validate the change on device?

@bewing
Copy link
Contributor Author

bewing commented Mar 24, 2025

I will take a look at the integration test framework this week, thanks!

@bewing
Copy link
Contributor Author

bewing commented Mar 25, 2025

After a few hours screwing around, I was able to generate a Containerlab cEOS image that I can run integration tests on. It appears that this change does affect one of the integration tests:

TASK [eos_acls : ansible.builtin.debug] ****************************************
ok: [clab-ceos-ceos1] => {
    "msg": "Start eos_acls replaced integration tests ansible_connection=ansible.netcommon.network_cli"
}

TASK [eos_acls : ansible.builtin.include_tasks] ********************************
included: /home/bewing/projects/network/naac/ansible_collections/arista/eos/tests/output/.tmp/integration/eos_acls-1h0nrzag-ÅÑŚÌβŁÈ/tests/integration/targets/eos_acls/tests/common/_populate.yaml for clab-ceos-ceos1

TASK [eos_acls : Setup] ********************************************************
changed: [clab-ceos-ceos1]

TASK [eos_acls : ansible.builtin.set_fact] *************************************
ok: [clab-ceos-ceos1]

TASK [eos_acls : replace attributes with given acls.] **************************
changed: [clab-ceos-ceos1]

TASK [eos_acls : arista.eos.eos_facts] *****************************************
ok: [clab-ceos-ceos1]

TASK [eos_acls : ansible.builtin.assert] ***************************************
ok: [clab-ceos-ceos1] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [eos_acls : Idempotency check] ********************************************
ok: [clab-ceos-ceos1]

TASK [eos_acls : arista.eos.eos_facts] *****************************************
ok: [clab-ceos-ceos1]

TASK [eos_acls : ansible.builtin.assert] ***************************************
fatal: [clab-ceos-ceos1]: FAILED! => {
    "assertion": "result.changed == true",
    "changed": false,
    "evaluated_to": false,
    "msg": "Assertion failed"
}

TASK [eos_acls : ansible.builtin.include_tasks] ********************************
included: /home/bewing/projects/network/naac/ansible_collections/arista/eos/tests/output/.tmp/integration/eos_acls-1h0nrzag-ÅÑŚÌβŁÈ/tests/integration/targets/eos_acls/tests/common/_remove_config.yaml for clab-ceos-ceos1

TASK [eos_acls : Setup] ********************************************************
changed: [clab-ceos-ceos1]

PLAY RECAP *********************************************************************
clab-ceos-ceos1            : ok=27   changed=6    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

NOTICE: To resume at this test target, use the option: --start-at eos_acls
FATAL: Command "ansible-playbook eos_acls-pasd2sq0.yml -i inventory.networking" returned exit status 2.

I'll have to check what the test is supposed to test, and if it was just written to pass incorrectly prior to this change, or if there is a breaking change included in this PR

@bewing
Correct ACL replaced idempotency check
3c2080b 
An idempotency check should ensure that there is NO change and
NO commands.
@bewing
Copy link
Contributor Author

bewing commented Mar 25, 2025

After digging into the newly failing integration test, it appears that an idempotency check was incorrectly written to pass when it shouldn't -- if we re-run the same "replaced" operation with the same config as before, we should send no commands, and there should be no changes.

Updated test to reflect.

@Ruchip16
Copy link
Member

Ruchip16 commented Mar 25, 2025

After a few hours screwing around, I was able to generate a Containerlab cEOS image that I can run integration tests on. It appears that this change does affect one of the integration tests:

TASK [eos_acls : ansible.builtin.debug] ****************************************
ok: [clab-ceos-ceos1] => {
    "msg": "Start eos_acls replaced integration tests ansible_connection=ansible.netcommon.network_cli"
}

TASK [eos_acls : ansible.builtin.include_tasks] ********************************
included: /home/bewing/projects/network/naac/ansible_collections/arista/eos/tests/output/.tmp/integration/eos_acls-1h0nrzag-ÅÑŚÌβŁÈ/tests/integration/targets/eos_acls/tests/common/_populate.yaml for clab-ceos-ceos1

TASK [eos_acls : Setup] ********************************************************
changed: [clab-ceos-ceos1]

TASK [eos_acls : ansible.builtin.set_fact] *************************************
ok: [clab-ceos-ceos1]

TASK [eos_acls : replace attributes with given acls.] **************************
changed: [clab-ceos-ceos1]

TASK [eos_acls : arista.eos.eos_facts] *****************************************
ok: [clab-ceos-ceos1]

TASK [eos_acls : ansible.builtin.assert] ***************************************
ok: [clab-ceos-ceos1] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [eos_acls : Idempotency check] ********************************************
ok: [clab-ceos-ceos1]

TASK [eos_acls : arista.eos.eos_facts] *****************************************
ok: [clab-ceos-ceos1]

TASK [eos_acls : ansible.builtin.assert] ***************************************
fatal: [clab-ceos-ceos1]: FAILED! => {
    "assertion": "result.changed == true",
    "changed": false,
    "evaluated_to": false,
    "msg": "Assertion failed"
}

TASK [eos_acls : ansible.builtin.include_tasks] ********************************
included: /home/bewing/projects/network/naac/ansible_collections/arista/eos/tests/output/.tmp/integration/eos_acls-1h0nrzag-ÅÑŚÌβŁÈ/tests/integration/targets/eos_acls/tests/common/_remove_config.yaml for clab-ceos-ceos1

TASK [eos_acls : Setup] ********************************************************
changed: [clab-ceos-ceos1]

PLAY RECAP *********************************************************************
clab-ceos-ceos1            : ok=27   changed=6    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

NOTICE: To resume at this test target, use the option: --start-at eos_acls
FATAL: Command "ansible-playbook eos_acls-pasd2sq0.yml -i inventory.networking" returned exit status 2.

I'll have to check what the test is supposed to test, and if it was just written to pass incorrectly prior to this change, or if there is a breaking change included in this PR

kudos that you spawned up an instance to run the integration tests on and yep generally integration tests might break if the changes in PR are not validated hence its a good way to add integration tests and test them on device such that we are sure that we aren't introducing any breaking changes or infact changes that could fail the CI, thanks again and awesome work 💯

@bewing
Copy link
Contributor Author

bewing commented Apr 9, 2025

Any more action required from me for this to be reviewed/merged?

Ruchip16
Ruchip16 approved these changes Jun 5, 2025
View reviewed changes
Copy link
Member

@Ruchip16 Ruchip16 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me now, thanks for your contribution on this one 💯

@Ruchip16 Ruchip16 merged commit 5f9357d into ansible-collections:main Jun 5, 2025
50 checks passed
@bewing bewing deleted the iss512 branch June 5, 2025 13:52
PcInfamy pushed a commit to PcInfamy/arista.eos that referenced this pull request Nov 24, 2025
@bewing @roverflow
@Ruchip16 @KB-perByte
Correct indentation in ACL comparator (ansible-collections#564)
948a6cc 
* Add unit test for ansible-collections#512

* Correct indentation of ACL comparator

Only check for missing wanted ACLs after processing all had ACLs, not
just the first one.  Addresses ansible-collections#512

* Add changelog entry for replaced acls idempotency

* Correct ACL replaced idempotency check

An idempotency check should ensure that there is NO change and
NO commands.

---------

Co-authored-by: Vinay M <[email protected]>
Co-authored-by: Ruchi Pakhle <[email protected]>
Co-authored-by: Sagar Paul <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Ruchip16 Ruchip16 Ruchip16 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

"arista.eos.eos_acls" idempotency is not working correctly

4 participants

@bewing @Ruchip16 @KB-perByte @roverflow