Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failure to handle exception in eos_acl module #478

Open
savithruml opened this issue Nov 6, 2023 · 0 comments · May be fixed by #479
Open

Failure to handle exception in eos_acl module #478

savithruml opened this issue Nov 6, 2023 · 0 comments · May be fixed by #479
Labels
acls acls resource module has_pr This issue has an associated PR.

Comments

@savithruml
Copy link

savithruml commented Nov 6, 2023
edited

SUMMARY

EOS ACL module doesn't handle exception when translating a port of type int to a service name. The mapping can be found here https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

ISSUE TYPE
  • Bug Report
COMPONENT NAME

arista.eos v6.1.2

ANSIBLE VERSION
ansible [core 2.15.5]
  python version = 3.9.13 (main, May 23 2022, 22:02:02) [GCC 7.5.0]
  jinja version = 3.1.2
  libyaml = True
COLLECTION VERSION
# /home/net/.ansible/collections/ansible_collections
Collection Version
---------- -------
arista.eos 6.1.2

# /home/net/test/lib/python3.9/site-packages/ansible_collections
Collection Version
---------- -------
arista.eos 6.1.2
OS / ENVIRONMENT

Affects all EOS versions

STEPS TO REPRODUCE

Define a test rule

# rules/test
acls:
- acls:
  - aces:
    - destination:
        host: 192.168.1.1
      grant: permit
      log: true
      protocol: tcp
      sequence: 10
      source:
        host: 192.168.2.1
        port_protocol:
          eq: '8082'
    name: ACL-TEST
  afi: ipv4

Playbook to push the rule

# ansible/acl_push.yml
- hosts: all
  gather_facts: false
  vars:
    ansible_connection: ansible.netcommon.network_cli
    ansible_network_os: arista.eos.eos
    ansible_become: true
    ansible_become_method: enable
    ansible_command_timeout: 180
  tasks:
  - name: Include vars
    include_vars:
      file: "../rules/test"
      name: "desired"
    tags:
    - always

  - name: Push ACL
    arista.eos.eos_acls:
      state: replaced
      config: "{{ desired.acls }}"
    tags:
    - always
EXPECTED RESULTS

On executing the playbook, this must create a rule as below,

IP Access List ACL-TEST
        10 permit tcp host 192.168.2.1 eq 8082 host 192.168.1.1 log
ACTUAL RESULTS
TASK [Push ACL] *********************************************************************************************************************************
fatal: [TEST-EOS-DEVICE]: FAILED! => changed=false
  module_stderr: port/proto not found
  module_stdout: ''
  msg: |-
    MODULE FAILURE
    See stdout/stderr for the exact error
ISSUE

The problem seems to be in https://github.com/ansible-collections/arista.eos/blob/main/plugins/module_utils/network/eos/config/acls/acls.py#L531. The code fails to handle the exception in the scenario that a socket lib fails to translate a port number to a service name for that service.

Below is an example for resolving port 8082 to a service name. As you can see port 8082 doesn't translate to a well defined service name. So we should handle this exception & continue using the port number instead of returning the exception to the user.

>>> import socket
>>> socket.getservbyport(8082)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OSError: port/proto not found
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
acls acls resource module has_pr This issue has an associated PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Handle exception when translating a port to its service name savithruml/arista.eos
2 participants
@savithruml @NilashishC