Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

capirca_acl verbatim option is not working

See original GitHub issue

Description of Issue

The following salt command fails:

salt eqc\* capirca.get_term_config cisco bob v-term-1 verbatim='[["cisco", "permit ip 173.16.0.0 0.0.255.255 any"],["cisco", "permit ip 173.17.0.0 0.0.255.255 any"]]'

The problem is that the verbatim list is processed by _make_it_list(). It dies a painful death in the final return statement of the module: return list(set(prev_value + [value]))

I fixed it by adding another field_name check in _make_it_list() that would just return the list. capirca_acl-fixed.txt

The updated file is attached.

There is a dependency also for a couple of fixes in capirca/cisco.py for verbatim.

Could I also request that the following example be added to the documentation so others will be able to see how to use this option:

! show the rendered ACL with the verbatim option on the command line

salt eqc\* capirca.get_term_config cisco bob v-term-1 verbatim='[["cisco", "permit ip 173.16.0.0 0.0.255.255 any"],["cisco", "permit ip 173.17.0.0 0.0.255.255 any"]]'

Setup

it also fails using this pillar file:

# acl.sls
netacl:
  - Internet-ACL-In:
      terms:
        - term1:
            name: RFC 1918 and 3330  Filter non-public subnets
            verbatim:
              -
                - 'cisco'
                -  'deny   ip object-group RFC1918 any'
              -
                - 'cisco'
                -  'deny   ip object-group RFC3330 any'

Steps to Reproduce Issue

salt eqc\* capirca.get_term_config cisco bob v-term-1 verbatim='[["cisco", "permit ip 173.16.0.0 0.0.255.255 any"],["cisco", "permit ip 173.17.0.0 0.0.255.255 any"]]'

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/salt/metaproxy/proxy.py", line 397, in thread_return
    return_data = minion_instance.executors[fname](opts, data, func, args, kwargs)
  File "/usr/lib/python2.7/site-packages/salt/executors/direct_call.py", line 12, in execute
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/salt/modules/capirca_acl.py", line 891, in get_term_config
    revision_date_format=revision_date_format)
  File "/usr/lib/python2.7/site-packages/salt/modules/capirca_acl.py", line 1037, in get_filter_config
    revision_date_format=revision_date_format)
  File "/usr/lib/python2.7/site-packages/salt/modules/capirca_acl.py", line 1202, in get_policy_config
    merge_pillar=merge_pillar)
  File "/usr/lib/python2.7/site-packages/salt/modules/capirca_acl.py", line 560, in _get_policy_object
    **term_fields)
  File "/usr/lib/python2.7/site-packages/salt/modules/capirca_acl.py", line 506, in _get_term_object
    term_fields = _clean_term_opts(term_fields)
  File "/usr/lib/python2.7/site-packages/salt/modules/capirca_acl.py", line 380, in _clean_term_opts
    value = _make_it_list(clean_opts, field, value)
  File "/usr/lib/python2.7/site-packages/salt/modules/capirca_acl.py", line 316, in _make_it_list
    return list(set(prev_value + list(value)))
TypeError: unhashable type: 'list'

Versions Report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:8 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
kaibabbobcommented, Jan 8, 2020

oops

0reactions
kaibabbobcommented, Jun 1, 2022

This is still broken. Could you pls reopen the issue?

Here is the diff for the current version:

[root@skpkesmapp01 modules]# diff capirca_acl.py capirca_acl.py-dist-2022 317,318d316 < if field_name in (‘verbatim’): < return list(list(value))

or viewed inline:

        for port_start, port_end in portval:
            if not isinstance(port_start, int):
                port_start = _translate_port(port_start)
            if not isinstance(port_end, int):
                port_end = _translate_port(port_end)
            translated_portval.append((port_start, port_end))
        return list(set(prev_value + translated_portval))
    if field_name in ('verbatim'):
        return list(list(value))
    return list(set(prev_value + list(value)))

[root@skpkesmapp01 modules]# salt --versions Salt Version: Salt: 3004.1

Dependency Versions: cffi: 1.14.5 cherrypy: Not Installed dateutil: Not Installed docker-py: Not Installed gitdb: 4.0.2 gitpython: 3.1.14 Jinja2: 2.10.1 libgit2: 1.1.0 M2Crypto: 0.35.2 Mako: Not Installed msgpack: 0.6.2 msgpack-pure: Not Installed mysql-python: Not Installed pycparser: 2.17 pycrypto: 3.8.2 pycryptodome: 3.9.8 pygit2: 1.5.0 Python: 3.6.8 (default, Nov 16 2020, 16:55:22) python-gnupg: Not Installed PyYAML: 5.3.1 PyZMQ: 17.0.0 smmap: 3.0.1 timelib: Not Installed Tornado: 4.5.3 ZMQ: 4.1.4

Salt Extensions: SSEAPE: 6.4.0+3

System Versions: dist: centos 7 Core locale: UTF-8 machine: x86_64 release: 3.10.0-1160.62.1.el7.x86_64 system: Linux version: CentOS Linux 7 Core

Read more comments on GitHub >

github_iconTop Results From Across the Web

salt.states.netacl - Salt Project Documentation
Network ACL. Manage the firewall configuration on the network device managed through NAPALM. The firewall configuration is generated by Capirca.
Read more >
Multi-Platform ACL Generation and Testing - RVAsec
The --poldir option allows you to generate ACLs for an entire directory of source policies. Page 31. The following slides provide a brief...
Read more >
python/4902/capirca/tests/lib/iptables_test.py Example - Program Talk
Learn how to use api python/4902/capirca/tests/lib/iptables_test.py. ... characters) %(long_line)s All these cause problems if pasted verbatim to iptables.
Read more >
Homer - Wikitech - Wikimedia
Homer · Contents · Deployment · Usage · Style guides · Capirca (ACL generation) · Network configuration coverage · Common/known issues.
Read more >
How to use the capirca.lib.aclgenerator.WrapWords function in ...
_NOVERBOSE not in filter_options[4:]: target.IndentAppend(2, '/*') target.extend([self.INDENT * 2 + line for line in aclgenerator.WrapWords(header.comment, self ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

file.file_exists & file.directory_exists won't work

Next page

Field separators missing in mixed output