diff --git a/lib/ansible/modules/network/nxos/nxos_acl_interface.py b/lib/ansible/modules/network/nxos/nxos_acl_interface.py
index 9a07f0436f..b47d796b87 100644
--- a/lib/ansible/modules/network/nxos/nxos_acl_interface.py
+++ b/lib/ansible/modules/network/nxos/nxos_acl_interface.py
@@ -16,9 +16,11 @@
# along with Ansible. If not, see .
#
-ANSIBLE_METADATA = {'metadata_version': '1.0',
- 'status': ['preview'],
- 'supported_by': 'community'}
+ANSIBLE_METADATA = {
+ 'metadata_version': '1.0',
+ 'status': ['preview'],
+ 'supported_by': 'community'
+}
DOCUMENTATION = '''
@@ -28,30 +30,30 @@ extends_documentation_fragment: nxos
version_added: "2.2"
short_description: Manages applying ACLs to interfaces.
description:
- - Manages applying ACLs to interfaces.
+ - Manages applying ACLs to interfaces.
author:
- - Jason Edelman (@jedelman8)
- - Gabriele Gerbino (@GGabriele)
+ - Jason Edelman (@jedelman8)
+ - Gabriele Gerbino (@GGabriele)
options:
- name:
- description:
- - Case sensitive name of the access list (ACL).
- required: true
- interface:
- description:
- - Full name of interface, e.g. I(Ethernet1/1).
- required: true
- direction:
- description:
- - Direction ACL to be applied in on the interface.
- required: true
- choices: ['ingress', 'egress']
- state:
- description:
- - Specify desired state of the resource.
- required: false
- default: present
- choices: ['present','absent']
+ name:
+ description:
+ - Case sensitive name of the access list (ACL).
+ required: true
+ interface:
+ description:
+ - Full name of interface, e.g. I(Ethernet1/1).
+ required: true
+ direction:
+ description:
+ - Direction ACL to be applied in on the interface.
+ required: true
+ choices: ['ingress', 'egress']
+ state:
+ description:
+ - Specify desired state of the resource.
+ required: false
+ default: present
+ choices: ['present','absent']
'''
EXAMPLES = '''
@@ -61,45 +63,20 @@ EXAMPLES = '''
interface: ethernet1/41
direction: egress
state: present
- username: "{{ un }}"
- password: "{{ pwd }}"
- host: "{{ inventory_hostname }}"
'''
RETURN = '''
-proposed:
- description: k/v pairs of parameters passed into module
- returned: always
- type: dict
- sample: {"direction": "egress", "interface": "ethernet1/41",
- "name": "ANSIBLE"}
-existing:
- description: k/v pairs of existing ACL applied to the interface
- returned: always
- type: dict
- sample: {}
-end_state:
- description: k/v pairs of interface ACL after module execution
- returned: always
- type: dict
- sample: {"direction": "egress", "interface": "ethernet1/41",
- "name": "ANSIBLE"}
acl_applied_to:
description: list of interfaces the ACL is applied to
returned: always
type: list
sample: [{"acl_type": "Router ACL", "direction": "egress",
"interface": "Ethernet1/41", "name": "ANSIBLE"}]
-updates:
+commands:
description: commands sent to the device
returned: always
type: list
sample: ["interface ethernet1/41", "ip access-group ANSIBLE out"]
-changed:
- description: check to see if a change was made on the device
- returned: always
- type: boolean
- sample: true
'''
import re
@@ -108,34 +85,21 @@ from ansible.module_utils.nxos import nxos_argument_spec, check_args
from ansible.module_utils.basic import AnsibleModule
-def execute_show_command(command, module, command_type='cli_show'):
- if module.params['transport'] == 'cli':
- if 'summary' not in command:
- command += ' | json'
- cmds = [command]
- body = run_commands(module, cmds)
- elif module.params['transport'] == 'nxapi':
- cmds = [command]
- body = run_commands(module, cmds)
-
- return body
+NAME = r'.*IP?\s+access list\s+(?P\S+).*'
+INTERFACE = r'.*\s+(?P\w+(\d+)?\/?(\d+)?)\s-\s(?P\w+)\s+\W(?P\w+\s\w+)\W.*'
def get_acl_interface(module, acl):
- command = 'show ip access-list summary'
- name_regex = '.*IPV4\s+ACL\s+(?P\S+).*'
- interface_regex = ('.*\s+(?P\w+(\d+)?\/?(\d+)?)\s-\s'
- '(?P\w+)\s+\W(?P\w+\s\w+)\W.*')
+ command = ['show ip access-list summary']
acl_list = []
- body = execute_show_command(command, module, command_type='cli_show_ascii')
+ body = run_commands(module, command)
body_split = body[0].split('Active on interfaces:')
for each_acl in body_split:
- intf_list = []
temp = {}
try:
- match_name = re.match(name_regex, each_acl, re.DOTALL)
+ match_name = re.match(NAME, each_acl, re.DOTALL)
name_dict = match_name.groupdict()
name = name_dict['name']
except AttributeError:
@@ -143,9 +107,8 @@ def get_acl_interface(module, acl):
temp['interfaces'] = []
for line in each_acl.split('\n'):
- intf_temp = {}
try:
- match_interface = re.match(interface_regex, line, re.DOTALL)
+ match_interface = re.match(INTERFACE, line, re.DOTALL)
interface_dict = match_interface.groupdict()
interface = interface_dict['interface']
direction = interface_dict['direction']
@@ -155,6 +118,7 @@ def get_acl_interface(module, acl):
direction = ''
acl_type = ''
+ intf_temp = {}
if interface:
intf_temp['interface'] = interface
if acl_type:
@@ -185,21 +149,17 @@ def other_existing_acl(get_existing, interface, direction):
# now we'll just get the interface in question
# needs to be a list since same acl could be applied in both dirs
acls_interface = []
+ this = {}
+
if get_existing:
for each in get_existing:
if each.get('interface').lower() == interface:
acls_interface.append(each)
- else:
- acls_interface = []
- if acls_interface:
- this = {}
- for each in acls_interface:
- if each.get('direction') == direction:
- this = each
- else:
- acls_interface = []
- this = {}
+ if acls_interface:
+ for each in acls_interface:
+ if each.get('direction') == direction:
+ this = each
return acls_interface, this
@@ -247,21 +207,18 @@ def main():
name=dict(required=False, type='str'),
interface=dict(required=True),
direction=dict(required=True, choices=['egress', 'ingress']),
- state=dict(choices=['absent', 'present'],
- default='present'),
- include_defaults=dict(default=True),
- config=dict(),
- save=dict(type='bool', default=False)
+ state=dict(choices=['absent', 'present'], default='present'),
)
argument_spec.update(nxos_argument_spec)
module = AnsibleModule(argument_spec=argument_spec,
- supports_check_mode=True)
+ supports_check_mode=True)
warnings = list()
check_args(module, warnings)
+ results = dict(changed=False, warnings=warnings)
state = module.params['state']
name = module.params['name']
@@ -275,12 +232,9 @@ def main():
# interface_acls = includes entries of this ACL on the interface (list)
# this_dir_acl_intf = dict - not null if it already exists
- interfaces_acls, existing = other_existing_acl(
- get_existing, interface, direction)
+ interfaces_acls, existing = other_existing_acl(get_existing, interface, direction)
- end_state = existing
end_state_acls = get_existing
- changed = False
cmds = []
commands = []
@@ -303,23 +257,15 @@ def main():
module.exit_json(changed=True, commands=cmds)
else:
load_config(module, cmds)
- changed = True
+ results['changed'] = True
end_state_acls = get_acl_interface(module, name)
- interfaces_acls, this_dir_acl_intf = other_existing_acl(
- end_state_acls, interface, direction)
- end_state = this_dir_acl_intf
+ interfaces_acls, this_dir_acl_intf = other_existing_acl(end_state_acls, interface, direction)
if 'configure' in cmds:
cmds.pop(0)
else:
cmds = []
- results = {}
- results['proposed'] = proposed
- results['existing'] = existing
- results['updates'] = cmds
- results['changed'] = changed
- results['warnings'] = warnings
- results['end_state'] = end_state
+ results['commands'] = cmds
results['acl_applied_to'] = end_state_acls
module.exit_json(**results)
@@ -327,4 +273,3 @@ def main():
if __name__ == '__main__':
main()
-
diff --git a/test/sanity/pep8/legacy-files.txt b/test/sanity/pep8/legacy-files.txt
index 35aaa0d76d..9f15886d6a 100644
--- a/test/sanity/pep8/legacy-files.txt
+++ b/test/sanity/pep8/legacy-files.txt
@@ -541,7 +541,6 @@ lib/ansible/modules/network/nxos/_nxos_mtu.py
lib/ansible/modules/network/nxos/_nxos_template.py
lib/ansible/modules/network/nxos/nxos_aaa_server.py
lib/ansible/modules/network/nxos/nxos_aaa_server_host.py
-lib/ansible/modules/network/nxos/nxos_acl_interface.py
lib/ansible/modules/network/nxos/nxos_bgp.py
lib/ansible/modules/network/nxos/nxos_bgp_af.py
lib/ansible/modules/network/nxos/nxos_bgp_neighbor.py
diff --git a/test/units/modules/network/nxos/fixtures/nxos_acl_interface/show_ip_access-list_summary.txt b/test/units/modules/network/nxos/fixtures/nxos_acl_interface/show_ip_access-list_summary.txt
new file mode 100644
index 0000000000..7c8b16a8b2
--- /dev/null
+++ b/test/units/modules/network/nxos/fixtures/nxos_acl_interface/show_ip_access-list_summary.txt
@@ -0,0 +1,34 @@
+IP access list __urpf_v4_acl__
+ Total ACEs Configured: 1
+ Configured on interfaces:
+ Active on interfaces:
+IP access list copp-system-p-acl-bgp
+ Total ACEs Configured: 2
+ Configured on interfaces:
+ ethernet1/41 - egress (Router ACL)
+ Active on interfaces:
+ ethernet1/41 - egress (Router ACL)
+IP access list copp-system-p-acl-cts
+ Total ACEs Configured: 2
+ Configured on interfaces:
+ Active on interfaces:
+IP access list copp-system-p-acl-dhcp
+ Total ACEs Configured: 2
+ Configured on interfaces:
+ Active on interfaces:
+IP access list copp-system-p-acl-dhcp-relay-response
+ Total ACEs Configured: 2
+ Configured on interfaces:
+ Active on interfaces:
+IP access list copp-system-p-acl-eigrp
+ Total ACEs Configured: 1
+ Configured on interfaces:
+ Active on interfaces:
+IP access list copp-system-p-acl-ftp
+ Total ACEs Configured: 4
+ Configured on interfaces:
+ Active on interfaces:
+IP access list copp-system-p-acl-glbp
+ Total ACEs Configured: 1
+ Configured on interfaces:
+ Active on interfaces:
diff --git a/test/units/modules/network/nxos/test_nxos_acl_interface.py b/test/units/modules/network/nxos/test_nxos_acl_interface.py
new file mode 100644
index 0000000000..0b7e228821
--- /dev/null
+++ b/test/units/modules/network/nxos/test_nxos_acl_interface.py
@@ -0,0 +1,72 @@
+# (c) 2016 Red Hat Inc.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see .
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metacl_interfaceass__ = type
+
+import json
+
+from ansible.compat.tests.mock import patch
+from ansible.modules.network.nxos import nxos_acl_interface
+from .nxos_module import TestNxosModule, load_fixture, set_module_args
+
+
+class TestNxosAclInterfaceModule(TestNxosModule):
+
+ module = nxos_acl_interface
+
+ def setUp(self):
+ self.mock_run_commands = patch('ansible.modules.network.nxos.nxos_acl_interface.run_commands')
+ self.run_commands = self.mock_run_commands.start()
+
+ self.mock_load_config = patch('ansible.modules.network.nxos.nxos_acl_interface.load_config')
+ self.load_config = self.mock_load_config.start()
+
+ def tearDown(self):
+ self.mock_run_commands.stop()
+ self.mock_load_config.stop()
+
+ def load_fixtures(self, commands=None):
+ def load_from_file(*args, **kwargs):
+ module, commands = args
+ output = list()
+
+ for item in commands:
+ try:
+ obj = json.loads(item)
+ command = obj['command']
+ except ValueError:
+ command = item
+ filename = str(command).split(' | ')[0].replace(' ', '_')
+ filename = 'nxos_acl_interface/%s.txt' % filename
+ output.append(load_fixture(filename))
+ return output
+
+ self.run_commands.side_effect = load_from_file
+ self.load_config.return_value = None
+
+ def test_nxos_acl_interface(self):
+ set_module_args(dict(name='ANSIBLE', interface='ethernet1/41', direction='egress'))
+ result = self.execute_module(changed=True)
+ self.assertEqual(result['commands'], ['interface ethernet1/41', 'ip access-group ANSIBLE out'])
+
+ def test_nxos_acl_interface_remove(self):
+ set_module_args(dict(name='copp-system-p-acl-bgp', interface='ethernet1/41',
+ direction='egress', state='absent'))
+ result = self.execute_module(changed=True)
+ self.assertEqual(result['commands'], ['interface ethernet1/41', 'no ip access-group copp-system-p-acl-bgp out'])