ACE object-group as protocol support added

[rulev]

SUMMARY

Adds support for specifying an object-group as a protocol.
The issue is mentioned here #187

ISSUE TYPE

• Feature Pull Request

COMPONENT NAME

cisco.asa.asa_acls

ADDITIONAL INFORMATION

Modern ASA allows to specify object-group as a protocol in ACE like this:

access-list my_acl extended permit object-group my_service_object_group host 1.2.3.4 host 5.6.7.8

Furthermore this is the recommended way of using service object groups.
Currently cisco.asa.asa_acls module accepts that, it is possible to supply ACL config like this and ACE will be created.

"config": {
                "acls": [
                    {
                        "aces": [
                            {
                                "destination": {
                                    "host": "5.6.7.8"
                                },
                                "grant": "permit",
                                "line": 1,
                                "protocol": "object-group dns-svcg",
                                "source": {
                                    "host": "1.2.3.4"
                                },
                            }
                        ],
                        "acl_type": "extended",
                        "name": "testing",
                    }
                ]
            }

However existing ACEs are parsed incorrectly:

"aces": [
                    {
                        "destination": {
                            "host": "1.2.3.4"
                        },
                        "grant": "permit",
                        "line": 1,
                        "source": {
                            "object_group": "dns-svcg"
                        }
                    }
                ],

And if the module is going to remove this ACE, it fails:

fatal: [ciscoasa-test]: FAILED! => {
    "changed": false,
    "module_stderr": "no access-list testing line 1 extended permit object-group dns-svcg host 1.2.3.4\r\nERROR: % Incomplete command\r\n\rciscoasa-test/act(config)# ",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"
}

This PR introduces support for specifying object-group as a protocol.

[softwarefactory-project-zuul]

Build failed.
https://ansible.softwarefactory-project.io/zuul/buildset/454ed3a1799b47f5aec847569c680685

✔️ ansible-galaxy-importer SUCCESS in 3m 42s
✔️ build-ansible-collection SUCCESS in 9m 39s
❌ ansible-test-network-integration-asa-python39 RETRY_LIMIT in 8m 37s (non-voting)
❌ ansible-test-network-integration-asa-python38-stable212 FAILURE in 5m 48s (non-voting)
❌ ansible-test-network-integration-asa-python38-stable214 FAILURE in 6m 30s (non-voting)
❌ ansible-test-network-integration-asa-python38-stable211 FAILURE in 5m 56s (non-voting)
❌ ansible-test-network-integration-asa-python38-stable29 FAILURE in 6m 54s (non-voting)
❌ ansible-test-network-integration-asa-libssh-python39 RETRY_LIMIT in 4m 21s
❌ ansible-test-network-integration-asa-libssh-python38-stable214 FAILURE in 7m 47s
❌ ansible-test-network-integration-asa-libssh-python38-stable212 FAILURE in 8m 09s
❌ ansible-test-network-integration-asa-libssh-python38-stable211 FAILURE in 7m 57s
❌ ansible-test-network-integration-asa-libssh-python38-stable29 FAILURE in 8m 38s (non-voting)
✔️ ansible-tox-linters SUCCESS in 12m 47s