Skip to content

eos_acls: Fix missing 'standard' keyword in replaced state #613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
PcInfamy wants to merge 1 commit into
base: main
Choose a base branch
from
Open

eos_acls: Fix missing 'standard' keyword in replaced state #613

PcInfamy wants to merge 1 commit into from

Conversation

@PcInfamy
Copy link

@PcInfamy PcInfamy commented Nov 24, 2025

SUMMARY

Fixes issue where eos_acls module with state: replaced did not generate the standard keyword for standard ACLs.

When using state: "replaced" on a standard ACL, the generated commands were missing the standard keyword (e.g., ip access-list test-acl instead of ip access-list standard test-acl). This caused the ACL to be created as an extended ACL instead of a standard one.

The fix ensures that the standard key from the ACL configuration is properly passed to the command generation logic for new ACLs in replaced state.

Fixes #608

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

eos_acls

ADDITIONAL INFORMATION

Before the fix:

- name: "Deploy test ACL"
  arista.eos.eos_acls:
    config:
      - afi: "ipv4"
        acls:
          - name: "test-acl"
            standard: true
            aces:
              - grant: "permit"
                sequence: 10
                source:
                  host: "192.168.1.1"
    state: "replaced"

Generated commands (incorrect):

ip access-list test-acl
10 permit host 192.168.1.1

After the fix:
Generated commands (correct):

ip access-list standard test-acl
10 permit host 192.168.1.1

Changes made:

  • Modified _state_replaced in plugins/module_utils/network/eos/config/acls/acls.py to pass the full ACL configuration (including standard key) when creating new ACLs
  • Added unit tests test_eos_acls_replaced_standard and test_eos_acls_replaced_extended
  • Added changelog fragment documenting the fix

**Test Results:**
The new test `test_eos_acls_replaced_standard` passes, confirming that `state: replaced` now correctly generates the `standard` keyword for standard ACLs. The fix ensures consistency with `state: merged` behavior.

@PcInfamy PcInfamy mentioned this pull request Nov 24, 2025
Closed
@PcInfamy
Fix eos_acls state replaced for standard ACLs
319ee9c 
- Fix issue where state: replaced did not generate the standard keyword for standard ACLs
- Refactor ACL command generation to pass full ACL object instead of individual ACEs
- Add unit tests for both standard and extended ACL replacement
- Resolves issue ansible-collections#608
@PcInfamy PcInfamy force-pushed the fix-acl-standard-replaced branch from 86d9a5d to 319ee9c Compare November 24, 2025 15:29
@PcInfamy PcInfamy marked this pull request as ready for review November 24, 2025 15:30
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 24, 2025

Quality Gate Passed Quality Gate passed

Issues
12 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@PcInfamy
Copy link
Author

PcInfamy commented Nov 24, 2025

@Ruchip16
@komaldesai13
@rohitthakur2590

Sorry for the headache - I messed up my previous PR. This one should be good to go.

@komaldesai13 komaldesai13 self-requested a review December 3, 2025 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@komaldesai13 komaldesai13 Awaiting requested review from komaldesai13

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

eos_acls | state: "replaced" breaks standard ACLs

1 participant

@PcInfamy