[ios_acls] Update acls action states to support sticky behaviour of r…

…emarks (#1039) * Update acls action states with sticky remarks * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * remove debug code * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
ansible-collections · Mar 8, 2024 · 4634a28 · 4634a28
1 parent 53a071a
commit 4634a28
Show file tree

Hide file tree

Showing 3 changed files with 69 additions and 0 deletions.
diff --git a/changelogs/fragments/ios_acls_sticky.yml b/changelogs/fragments/ios_acls_sticky.yml
@@ -0,0 +1,4 @@
+---
+bugfixes:
+  - ios_acls - Adds back existing remarks for an ace entry when updated with replaced or
+    overridden state, as all remarks for a specific sequence gets removed when ace entry is updated.
diff --git a/plugins/module_utils/network/ios/config/acls/acls.py b/plugins/module_utils/network/ios/config/acls/acls.py
@@ -215,8 +215,16 @@ def pop_remark(r_entry, afi):
                                             negate=True,
                                         )
                         # remove ace if not in want
+                        # we might think why not update it directly,
+                        # if we try to update without negating the entry appliance
+                        # reports % Duplicate sequence number
                         if hentry != wentry:
                             self.addcmd(add_afi(hentry, afi), "aces", negate=True)
+                            # once an ace is negated intentionally emptying out have so that
+                            # the remarks are repopulated, as the remarks and ace behavior is sticky
+                            # if an ace is taken out all the remarks is removed automatically.
+                            rem_hentry["remarks"] = {}
+
                 if rem_wentry.get("remarks"):  # add remark if not in have
                     for k_wrems, wrems in rem_wentry.get("remarks").items():
                         if k_wrems not in rem_hentry.get("remarks", {}).keys():

diff --git a/tests/unit/modules/network/ios/test_ios_acls.py b/tests/unit/modules/network/ios/test_ios_acls.py
@@ -2033,3 +2033,60 @@ def test_ios_acls_rendered_muiltioption(self):
         ]
         result = self.execute_module(changed=False)
         self.assertEqual(sorted(result["rendered"]), sorted(commands))
+
+    def test_ios_acls_overridden_sticky_remarks(self):
+        self.execute_show_command.return_value = dedent(
+            """\
+            ip access-list standard test123
+             10 remark TEST
+             10 permit 8.8.8.8
+             20 remark TEST
+             20 permit 8.8.4.4
+            """,
+        )
+        self.execute_show_command_name.return_value = dedent("")
+
+        set_module_args(
+            dict(
+                config=[
+                    dict(
+                        afi="ipv4",
+                        acls=[
+                            dict(
+                                name="test123",
+                                acl_type="standard",
+                                aces=[
+                                    dict(
+                                        grant="permit",
+                                        source=dict(
+                                            address="8.8.128.0",
+                                            wildcard_bits="0.0.0.63",
+                                        ),
+                                        remarks=["TEST", "TEST 2"],
+                                        sequence=10,
+                                    ),
+                                    dict(
+                                        grant="permit",
+                                        source=dict(
+                                            host="8.8.4.4",
+                                        ),
+                                        remarks=["TEST"],
+                                        sequence=20,
+                                    ),
+                                ],
+                            ),
+                        ],
+                    ),
+                ],
+                state="overridden",
+            ),
+        )
+        result = self.execute_module(changed=True)
+        commands = [
+            "ip access-list standard test123",
+            "no 10 permit host 8.8.8.8",
+            "10 remark TEST",
+            "10 remark TEST 2",
+            "10 permit 8.8.128.0 0.0.0.63",
+        ]
+        self.assertEqual(sorted(result["commands"]), sorted(commands))