diff --git a/lib/ansible/module_utils/asa.py b/lib/ansible/module_utils/asa.py index c5d913c8e9..14fad92dd4 100644 --- a/lib/ansible/module_utils/asa.py +++ b/lib/ansible/module_utils/asa.py @@ -47,6 +47,7 @@ class Cli(CliBase): CLI_ERRORS_RE = [ re.compile(r"error:", re.I), + re.compile(r"^Removing.* not allowed") ] NET_PASSWD_RE = re.compile(r"[\r\n]?password: $", re.I) diff --git a/test/integration/targets/asa_config/tests/cli/removal_error.yaml b/test/integration/targets/asa_config/tests/cli/removal_error.yaml new file mode 100644 index 0000000000..d931d336d7 --- /dev/null +++ b/test/integration/targets/asa_config/tests/cli/removal_error.yaml @@ -0,0 +1,46 @@ +--- +- debug: msg="START cli/removal_error.yaml" + +- name: setup + asa_config: + commands: + - clear configure access-list ANSIBLE-DNS + - no object-group network OGA-GOOGLE-DNS + provider: "{{ cli }}" + ignore_errors: yes + +- name: configure test object-group + asa_config: + parents: object-group network OGA-GOOGLE-DNS + lines: network-object host 8.8.8.8 + provider: "{{ cli }}" + register: result + + +- name: configure test access-list + asa_config: + lines: access-list ANSIBLE-DNS extended permit udp any object-group OGA-GOOGLE-DNS eq domain + provider: "{{ cli }}" + +- name: try to remove object-group (should fail) + asa_config: + commands: + - no object-group network OGA-GOOGLE-DNS + provider: "{{ cli }}" + ignore_errors: yes + register: result + + +- name: Last command should fail + assert: + that: + - "result.failed == true" + +- name: teardown + asa_config: + commands: + - clear configure access-list ANSIBLE-DNS + - no object-group network OGA-GOOGLE-DNS + provider: "{{ cli }}" + +- debug: msg="END cli/removal_error.yaml"