Backport/2.8/57268 update acl (#57268) (#57890)

* update acl (#57268)


(cherry picked from commit e009936f87)

* add a changelog fragment for PR 57890.

* add a changelog fragment for PR 27890.
This commit is contained in:
YuandongXu 2019-06-18 12:37:43 +08:00 committed by Toshio Kuratomi
parent da9f3021be
commit ad0cc5dc1e
4 changed files with 105 additions and 54 deletions

View file

@ -0,0 +1,5 @@
bugfixes:
- update acl to fix bugs.(https://github.com/ansible/ansible/pull/57268)
- ce_acl - tag named data of a xpath is unnecessay for old sotfware version to find a element from xml tree, but element can not be found with 'data' tag for new version, so remove.
- ce_acl_advance - remove 'data' tag, and fix a bug that the 'changed' of result is not correct.
- ce_acl_interface - do not used 'get_config' to show specific configuration, and use display command directly.

View file

@ -427,7 +427,7 @@ class BaseAcl(object):
if self.acl_type:
conf_str += "<aclType></aclType>"
if self.acl_num:
if self.acl_num or self.acl_name.isdigit():
conf_str += "<aclNumber></aclNumber>"
if self.acl_step:
conf_str += "<aclStep></aclStep>"
@ -444,12 +444,11 @@ class BaseAcl(object):
xml_str = recv_xml.replace('\r', '').replace('\n', '').\
replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\
replace('xmlns="http://www.huawei.com/netconf/vrp"', "")
root = ElementTree.fromstring(xml_str)
# parse acl
acl_info = root.findall(
"data/acl/aclGroups/aclGroup")
"acl/aclGroups/aclGroup")
if acl_info:
for tmp in acl_info:
tmp_dict = dict()
@ -460,22 +459,43 @@ class BaseAcl(object):
self.cur_acl_cfg["acl_info"].append(tmp_dict)
if self.cur_acl_cfg["acl_info"]:
find_list = list()
for tmp in self.cur_acl_cfg["acl_info"]:
find_flag = True
cur_cfg_dict = dict()
exist_cfg_dict = dict()
if self.acl_name:
if self.acl_name.isdigit() and tmp.get("aclNumber"):
cur_cfg_dict["aclNumber"] = self.acl_name
exist_cfg_dict["aclNumber"] = tmp.get("aclNumber")
else:
cur_cfg_dict["aclNumOrName"] = self.acl_name
exist_cfg_dict["aclNumOrName"] = tmp.get("aclNumOrName")
if self.acl_type:
cur_cfg_dict["aclType"] = self.acl_type
exist_cfg_dict["aclType"] = tmp.get("aclType")
if self.acl_num:
cur_cfg_dict["aclNumber"] = self.acl_num
exist_cfg_dict["aclNumber"] = tmp.get("aclNumber")
if self.acl_step:
cur_cfg_dict["aclStep"] = self.acl_step
exist_cfg_dict["aclStep"] = tmp.get("aclStep")
if self.acl_description:
cur_cfg_dict["aclDescription"] = self.acl_description
exist_cfg_dict["aclDescription"] = tmp.get("aclDescription")
if self.acl_name and tmp.get("aclNumOrName") != self.acl_name:
find_flag = False
if self.acl_type and tmp.get("aclType") != self.acl_type:
find_flag = False
if self.acl_num and tmp.get("aclNumber") != self.acl_num:
find_flag = False
if self.acl_step and tmp.get("aclStep") != self.acl_step:
find_flag = False
if self.acl_description and tmp.get("aclDescription") != self.acl_description:
find_flag = False
if cur_cfg_dict == exist_cfg_dict:
find_bool = True
else:
find_bool = False
find_list.append(find_bool)
if find_flag:
for mem in find_list:
if mem:
find_flag = True
break
else:
find_flag = False
else:
find_flag = False
@ -593,7 +613,7 @@ class BaseAcl(object):
# parse base rule
base_rule_info = root.findall(
"data/acl/aclGroups/aclGroup/aclRuleBas4s/aclRuleBas4")
"acl/aclGroups/aclGroup/aclRuleBas4s/aclRuleBas4")
if base_rule_info:
for tmp in base_rule_info:
tmp_dict = dict()

View file

@ -602,7 +602,7 @@ class AdvanceAcl(object):
if self.acl_type:
conf_str += "<aclType></aclType>"
if self.acl_num:
if self.acl_num or self.acl_name.isdigit():
conf_str += "<aclNumber></aclNumber>"
if self.acl_step:
conf_str += "<aclStep></aclStep>"
@ -624,7 +624,7 @@ class AdvanceAcl(object):
# parse acl
acl_info = root.findall(
"data/acl/aclGroups/aclGroup")
"acl/aclGroups/aclGroup")
if acl_info:
for tmp in acl_info:
tmp_dict = dict()
@ -635,22 +635,42 @@ class AdvanceAcl(object):
self.cur_acl_cfg["acl_info"].append(tmp_dict)
if self.cur_acl_cfg["acl_info"]:
find_list = list()
for tmp in self.cur_acl_cfg["acl_info"]:
find_flag = True
cur_cfg_dict = dict()
exist_cfg_dict = dict()
if self.acl_name and tmp.get("aclNumOrName") != self.acl_name:
find_flag = False
if self.acl_type and tmp.get("aclType") != self.acl_type:
find_flag = False
if self.acl_num and tmp.get("aclNumber") != self.acl_num:
find_flag = False
if self.acl_step and tmp.get("aclStep") != self.acl_step:
find_flag = False
if self.acl_description and tmp.get("aclDescription") != self.acl_description:
find_flag = False
if self.acl_name:
if self.acl_name.isdigit() and tmp.get("aclNumber"):
cur_cfg_dict["aclNumber"] = self.acl_name
exist_cfg_dict["aclNumber"] = tmp.get("aclNumber")
else:
cur_cfg_dict["aclNumOrName"] = self.acl_name
exist_cfg_dict["aclNumOrName"] = tmp.get("aclNumOrName")
if self.acl_type:
cur_cfg_dict["aclType"] = self.acl_type
exist_cfg_dict["aclType"] = tmp.get("aclType")
if self.acl_num:
cur_cfg_dict["aclNumber"] = self.acl_num
exist_cfg_dict["aclNumber"] = tmp.get("aclNumber")
if self.acl_step:
cur_cfg_dict["aclStep"] = self.acl_step
exist_cfg_dict["aclStep"] = tmp.get("aclStep")
if self.acl_description:
cur_cfg_dict["aclDescription"] = self.acl_description
exist_cfg_dict["aclDescription"] = tmp.get("aclDescription")
if find_flag:
if cur_cfg_dict == exist_cfg_dict:
find_bool = True
else:
find_bool = False
find_list.append(find_bool)
for mem in find_list:
if mem:
find_flag = True
break
else:
find_flag = False
else:
find_flag = False
@ -1001,7 +1021,7 @@ class AdvanceAcl(object):
# parse advance rule
adv_rule_info = root.findall(
"data/acl/aclGroups/aclGroup/aclRuleAdv4s/aclRuleAdv4")
"acl/aclGroups/aclGroup/aclRuleAdv4s/aclRuleAdv4")
if adv_rule_info:
for tmp in adv_rule_info:
tmp_dict = dict()

View file

@ -122,7 +122,7 @@ updates:
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.network.cloudengine.ce import get_config, load_config
from ansible.module_utils.network.cloudengine.ce import get_config, load_config, exec_command
from ansible.module_utils.network.cloudengine.ce import ce_argument_spec
@ -169,11 +169,18 @@ class AclInterface(object):
msg='Error: The len of acl_name is out of [1 - 32].')
if self.interface:
regular = "| ignore-case section include ^interface %s$" % self.interface
result = self.cli_get_config(regular)
if not result:
self.module.fail_json(
msg='Error: The interface %s is not in the device.' % self.interface)
cmd = "display current-configuration | ignore-case section include ^interface %s$" % self.interface
rc, out, err = exec_command(self.module, cmd)
if rc != 0:
self.module.fail_json(msg=err)
result = str(out).strip()
if result:
tmp = result.split('\n')
if "display" in tmp[0]:
tmp.pop(0)
if not tmp:
self.module.fail_json(
msg='Error: The interface %s is not in the device.' % self.interface)
def get_proposed(self):
""" Get proposed config """
@ -192,28 +199,36 @@ class AclInterface(object):
def get_existing(self):
""" Get existing config """
regular = "| ignore-case section include ^interface %s$ | include traffic-filter" % self.interface
result = self.cli_get_config(regular)
cmd = "display current-configuration | ignore-case section include ^interface %s$ | include traffic-filter" % self.interface
rc, out, err = exec_command(self.module, cmd)
if rc != 0:
self.module.fail_json(msg=err)
result = str(out).strip()
end = []
if result:
tmp = result.split('\n')
if "display" in tmp[0]:
tmp.pop(0)
for item in tmp:
end.append(item)
end.append(item.strip())
self.cur_cfg["acl interface"] = end
self.existing["acl interface"] = end
def get_end_state(self):
""" Get config end state """
regular = "| ignore-case section include ^interface %s$ | include traffic-filter" % self.interface
result = self.cli_get_config(regular)
cmd = "display current-configuration | ignore-case section include ^interface %s$ | include traffic-filter" % self.interface
rc, out, err = exec_command(self.module, cmd)
if rc != 0:
self.module.fail_json(msg=err)
result = str(out).strip()
end = []
if result:
tmp = result.split('\n')
if "display" in tmp[0]:
tmp.pop(0)
for item in tmp:
item = item[1:-1]
end.append(item)
end.append(item.strip())
self.end_state["acl interface"] = end
def cli_load_config(self, commands):
@ -222,15 +237,6 @@ class AclInterface(object):
if not self.module.check_mode:
load_config(self.module, commands)
def cli_get_config(self, regular):
""" Cli method to get config """
flags = list()
flags.append(regular)
tmp_cfg = get_config(self.module, flags)
return tmp_cfg
def work(self):
""" Work function """