Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug(eos_acls): tcp/udp port name resolution breaks pushing ACL changes to EOS #431

Open
noredistribution opened this issue Aug 12, 2023 · 0 comments · May be fixed by #432
Open

Bug(eos_acls): tcp/udp port name resolution breaks pushing ACL changes to EOS #431

noredistribution opened this issue Aug 12, 2023 · 0 comments · May be fixed by #432
Labels
bug This issue/PR relates to a bug. has_pr This issue has an associated PR.

Comments

@noredistribution
Copy link

Issue Summary

When trying to create ACLs on EOS using arista.eos_acls tcp or udp ports are always attempted to be resolved to their IANA assigned names which may or may not work

Steps to reproduce

example_playbok:

- hosts: 10.83.13.214
  gather_facts: no
  vars:
    acls:
    - acls:
      - aces:
        - destination:
            host: 192.168.150.1
          grant: permit
          log: true
          protocol: tcp
          sequence: 15
          source:
            host: 192.168.1.1
            port_protocol:
              eq: '8082'
        name: acl-test
      afi: ipv4

  tasks:
    - name: Push acls to device
      arista.eos.eos_acls:
        state: replaced
        config: "{{ acls }}"

Output:

TASK [Push acls to device] ************************************************************************************
Saturday 12 August 2023  01:53:47 +0100 (0:00:00.134)       0:00:00.134 *******
fatal: [10.83.13.214]: FAILED! => changed=false
  module_stderr: 'Invalid input (at token 6: ''us-cli'')'
  module_stdout: ''
  msg: |-
    MODULE FAILURE
    See stdout/stderr for the exact error

quick python test:

>>> import socket
>>> val = 8082
>>> socket.getservbyport(int(val))
'us-cli'
>>>

EOS does not have all the IANA port to name mappings so it is discouraged to always try to resolve port numbers!

Reference line of code where the bug is: https://github.com/ansible-collections/arista.eos/blob/a7c6c6a0a5caa9bea252ca93d4c3fffedc7e1813/plugins/module_utils/network/eos/config/acls/acls.py#L530C1-L531C65
@noredistribution noredistribution linked a pull request Aug 12, 2023 that will close this issue
Open
@rohitthakur2590 rohitthakur2590 added bug This issue/PR relates to a bug. has_pr This issue has an associated PR. labels Oct 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue/PR relates to a bug. has_pr This issue has an associated PR.
Projects
None yet
Milestone
No milestone
2 participants
@rohitthakur2590 @noredistribution