nxos_acl: some platforms/versions raise when no ACLs are present (#55609)

* `nxos_acl` may fail with `IndexError: list index out of range` while attempting to delete a non-existent ACL.

The failure occurs when the `acl` var is an empty list.

* nxos_acl: catch 501 'Structured output unsupported' when no ACLs present

With some older image versions, `show ip access-list | json` will raise a 501 error indicating `'Structured output unsupported'` when there are no access-lists configured. This change turns off the `check_rc` and then looks for the failure condition.

* Fix kwarg

* Fix lint issues

(cherry picked from commit 869fdcd7d4)
This commit is contained in:
Chris Van Heuveln 2019-05-02 08:33:27 -04:00 committed by Toshio Kuratomi
parent 3a237b505f
commit a85461e569
3 changed files with 13 additions and 7 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- nxos_acl some platforms/versions raise when no ACLs are present (https://github.com/ansible/ansible/pull/55609).

View file

@ -175,10 +175,10 @@ from ansible.module_utils.network.nxos.nxos import nxos_argument_spec, check_arg
from ansible.module_utils.basic import AnsibleModule
def execute_show_command(command, module):
def execute_show_command(command, module, check_rc=True):
command += ' | json'
cmds = [command]
body = run_commands(module, cmds)
body = run_commands(module, cmds, check_rc=check_rc)
return body
@ -188,9 +188,13 @@ def get_acl(module, acl_name, seq_number):
saveme = {}
acl_body = {}
body = execute_show_command(command, module)[0]
if body:
all_acl_body = body['TABLE_ip_ipv6_mac']['ROW_ip_ipv6_mac']
body = execute_show_command(command, module, check_rc=False)
if 'Structured output unsupported' in repr(body):
# Some older versions raise 501 and return a string when no ACLs exist
return {}, []
if body and body[0]:
all_acl_body = body[0]['TABLE_ip_ipv6_mac']['ROW_ip_ipv6_mac']
else:
# no access-lists configured on the device
return {}, []
@ -505,7 +509,7 @@ def main():
if existing_core:
commands.append(['no {0}'.format(seq)])
elif state == 'delete_acl':
if acl[0].get('acl') != 'no_entries':
if acl and acl[0].get('acl') != 'no_entries':
commands.append(['no ip access-list {0}'.format(name)])
cmds = []

View file

@ -4,7 +4,7 @@
when: ansible_connection == "local"
- set_fact: time_range="ans-range"
when: not (platform is match("N5K")) and not (platform is match("N35"))
when: platform is not search('N35|N5K|N6K')
- name: "Setup: Cleanup possibly existing acl."
nxos_acl: &remove