nxos_acl: some platforms/versions raise when no ACLs are present (#55609)
* `nxos_acl` may fail with `IndexError: list index out of range` while attempting to delete a non-existent ACL.
The failure occurs when the `acl` var is an empty list.
* nxos_acl: catch 501 'Structured output unsupported' when no ACLs present
With some older image versions, `show ip access-list | json` will raise a 501 error indicating `'Structured output unsupported'` when there are no access-lists configured. This change turns off the `check_rc` and then looks for the failure condition.
* Fix kwarg
* Fix lint issues
(cherry picked from commit 869fdcd7d4
)
This commit is contained in:
parent
3a237b505f
commit
a85461e569
3 changed files with 13 additions and 7 deletions
2
changelogs/fragments/nxos_acl_28.yaml
Normal file
2
changelogs/fragments/nxos_acl_28.yaml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- nxos_acl some platforms/versions raise when no ACLs are present (https://github.com/ansible/ansible/pull/55609).
|
|
@ -175,10 +175,10 @@ from ansible.module_utils.network.nxos.nxos import nxos_argument_spec, check_arg
|
||||||
from ansible.module_utils.basic import AnsibleModule
|
from ansible.module_utils.basic import AnsibleModule
|
||||||
|
|
||||||
|
|
||||||
def execute_show_command(command, module):
|
def execute_show_command(command, module, check_rc=True):
|
||||||
command += ' | json'
|
command += ' | json'
|
||||||
cmds = [command]
|
cmds = [command]
|
||||||
body = run_commands(module, cmds)
|
body = run_commands(module, cmds, check_rc=check_rc)
|
||||||
return body
|
return body
|
||||||
|
|
||||||
|
|
||||||
|
@ -188,9 +188,13 @@ def get_acl(module, acl_name, seq_number):
|
||||||
saveme = {}
|
saveme = {}
|
||||||
acl_body = {}
|
acl_body = {}
|
||||||
|
|
||||||
body = execute_show_command(command, module)[0]
|
body = execute_show_command(command, module, check_rc=False)
|
||||||
if body:
|
if 'Structured output unsupported' in repr(body):
|
||||||
all_acl_body = body['TABLE_ip_ipv6_mac']['ROW_ip_ipv6_mac']
|
# Some older versions raise 501 and return a string when no ACLs exist
|
||||||
|
return {}, []
|
||||||
|
|
||||||
|
if body and body[0]:
|
||||||
|
all_acl_body = body[0]['TABLE_ip_ipv6_mac']['ROW_ip_ipv6_mac']
|
||||||
else:
|
else:
|
||||||
# no access-lists configured on the device
|
# no access-lists configured on the device
|
||||||
return {}, []
|
return {}, []
|
||||||
|
@ -505,7 +509,7 @@ def main():
|
||||||
if existing_core:
|
if existing_core:
|
||||||
commands.append(['no {0}'.format(seq)])
|
commands.append(['no {0}'.format(seq)])
|
||||||
elif state == 'delete_acl':
|
elif state == 'delete_acl':
|
||||||
if acl[0].get('acl') != 'no_entries':
|
if acl and acl[0].get('acl') != 'no_entries':
|
||||||
commands.append(['no ip access-list {0}'.format(name)])
|
commands.append(['no ip access-list {0}'.format(name)])
|
||||||
|
|
||||||
cmds = []
|
cmds = []
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
when: ansible_connection == "local"
|
when: ansible_connection == "local"
|
||||||
|
|
||||||
- set_fact: time_range="ans-range"
|
- set_fact: time_range="ans-range"
|
||||||
when: not (platform is match("N5K")) and not (platform is match("N35"))
|
when: platform is not search('N35|N5K|N6K')
|
||||||
|
|
||||||
- name: "Setup: Cleanup possibly existing acl."
|
- name: "Setup: Cleanup possibly existing acl."
|
||||||
nxos_acl: &remove
|
nxos_acl: &remove
|
||||||
|
|
Loading…
Add table
Reference in a new issue