nxos_acl: some platforms/versions raise when no ACLs are present (#55609)
* `nxos_acl` may fail with `IndexError: list index out of range` while attempting to delete a non-existent ACL.
The failure occurs when the `acl` var is an empty list.
* nxos_acl: catch 501 'Structured output unsupported' when no ACLs present
With some older image versions, `show ip access-list | json` will raise a 501 error indicating `'Structured output unsupported'` when there are no access-lists configured. This change turns off the `check_rc` and then looks for the failure condition.
* Fix kwarg
* Fix lint issues
(cherry picked from commit 869fdcd7d4
)
This commit is contained in:
parent
3a237b505f
commit
a85461e569
3 changed files with 13 additions and 7 deletions
2
changelogs/fragments/nxos_acl_28.yaml
Normal file
2
changelogs/fragments/nxos_acl_28.yaml
Normal file
|
@ -0,0 +1,2 @@
|
|||
bugfixes:
|
||||
- nxos_acl some platforms/versions raise when no ACLs are present (https://github.com/ansible/ansible/pull/55609).
|
|
@ -175,10 +175,10 @@ from ansible.module_utils.network.nxos.nxos import nxos_argument_spec, check_arg
|
|||
from ansible.module_utils.basic import AnsibleModule
|
||||
|
||||
|
||||
def execute_show_command(command, module):
|
||||
def execute_show_command(command, module, check_rc=True):
|
||||
command += ' | json'
|
||||
cmds = [command]
|
||||
body = run_commands(module, cmds)
|
||||
body = run_commands(module, cmds, check_rc=check_rc)
|
||||
return body
|
||||
|
||||
|
||||
|
@ -188,9 +188,13 @@ def get_acl(module, acl_name, seq_number):
|
|||
saveme = {}
|
||||
acl_body = {}
|
||||
|
||||
body = execute_show_command(command, module)[0]
|
||||
if body:
|
||||
all_acl_body = body['TABLE_ip_ipv6_mac']['ROW_ip_ipv6_mac']
|
||||
body = execute_show_command(command, module, check_rc=False)
|
||||
if 'Structured output unsupported' in repr(body):
|
||||
# Some older versions raise 501 and return a string when no ACLs exist
|
||||
return {}, []
|
||||
|
||||
if body and body[0]:
|
||||
all_acl_body = body[0]['TABLE_ip_ipv6_mac']['ROW_ip_ipv6_mac']
|
||||
else:
|
||||
# no access-lists configured on the device
|
||||
return {}, []
|
||||
|
@ -505,7 +509,7 @@ def main():
|
|||
if existing_core:
|
||||
commands.append(['no {0}'.format(seq)])
|
||||
elif state == 'delete_acl':
|
||||
if acl[0].get('acl') != 'no_entries':
|
||||
if acl and acl[0].get('acl') != 'no_entries':
|
||||
commands.append(['no ip access-list {0}'.format(name)])
|
||||
|
||||
cmds = []
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
when: ansible_connection == "local"
|
||||
|
||||
- set_fact: time_range="ans-range"
|
||||
when: not (platform is match("N5K")) and not (platform is match("N35"))
|
||||
when: platform is not search('N35|N5K|N6K')
|
||||
|
||||
- name: "Setup: Cleanup possibly existing acl."
|
||||
nxos_acl: &remove
|
||||
|
|
Loading…
Add table
Reference in a new issue