From 869fdcd7d4911ad456c38a38c9e24793cfc1f71c Mon Sep 17 00:00:00 2001
From: Chris Van Heuveln <cvanheuv@cisco.com>
Date: Thu, 2 May 2019 08:33:27 -0400
Subject: [PATCH] nxos_acl: some platforms/versions raise when no ACLs are
 present (#55609)

* `nxos_acl` may fail with `IndexError: list index out of range` while attempting to delete a non-existent ACL.

The failure occurs when the `acl` var is an empty list.

* nxos_acl: catch 501 'Structured output unsupported' when no ACLs present

With some older image versions, `show ip access-list | json` will raise a 501 error indicating `'Structured output unsupported'` when there are no access-lists configured. This change turns off the `check_rc` and then looks for the failure condition.

* Fix kwarg

* Fix lint issues
---
 lib/ansible/modules/network/nxos/nxos_acl.py     | 16 ++++++++++------
 .../targets/nxos_acl/tests/common/sanity.yaml    |  2 +-
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/lib/ansible/modules/network/nxos/nxos_acl.py b/lib/ansible/modules/network/nxos/nxos_acl.py
index a2446a7c10f..17c2f81c0c5 100644
--- a/lib/ansible/modules/network/nxos/nxos_acl.py
+++ b/lib/ansible/modules/network/nxos/nxos_acl.py
@@ -175,10 +175,10 @@ from ansible.module_utils.network.nxos.nxos import nxos_argument_spec, check_arg
 from ansible.module_utils.basic import AnsibleModule
 
 
-def execute_show_command(command, module):
+def execute_show_command(command, module, check_rc=True):
     command += ' | json'
     cmds = [command]
-    body = run_commands(module, cmds)
+    body = run_commands(module, cmds, check_rc=check_rc)
     return body
 
 
@@ -188,9 +188,13 @@ def get_acl(module, acl_name, seq_number):
     saveme = {}
     acl_body = {}
 
-    body = execute_show_command(command, module)[0]
-    if body:
-        all_acl_body = body['TABLE_ip_ipv6_mac']['ROW_ip_ipv6_mac']
+    body = execute_show_command(command, module, check_rc=False)
+    if 'Structured output unsupported' in repr(body):
+        # Some older versions raise 501 and return a string when no ACLs exist
+        return {}, []
+
+    if body and body[0]:
+        all_acl_body = body[0]['TABLE_ip_ipv6_mac']['ROW_ip_ipv6_mac']
     else:
         # no access-lists configured on the device
         return {}, []
@@ -505,7 +509,7 @@ def main():
         if existing_core:
             commands.append(['no {0}'.format(seq)])
     elif state == 'delete_acl':
-        if acl[0].get('acl') != 'no_entries':
+        if acl and acl[0].get('acl') != 'no_entries':
             commands.append(['no ip access-list {0}'.format(name)])
 
     cmds = []
diff --git a/test/integration/targets/nxos_acl/tests/common/sanity.yaml b/test/integration/targets/nxos_acl/tests/common/sanity.yaml
index 432e53f67ff..ed7cb4f5f88 100644
--- a/test/integration/targets/nxos_acl/tests/common/sanity.yaml
+++ b/test/integration/targets/nxos_acl/tests/common/sanity.yaml
@@ -4,7 +4,7 @@
   when: ansible_connection == "local"
 
 - set_fact: time_range="ans-range"
-  when: not (platform is match("N5K")) and not (platform is match("N35"))
+  when: platform is not search('N35|N5K|N6K')
 
 - name: "Setup: Cleanup possibly existing acl."
   nxos_acl: &remove