Skip to content

Add ACL manage module for Routing Policies#266

Draft
skaszlik wants to merge 3 commits into
CiscoDevNet:developfrom
skaszlik:new_modeule-ACL
Draft

Add ACL manage module for Routing Policies#266
skaszlik wants to merge 3 commits into
CiscoDevNet:developfrom
skaszlik:new_modeule-ACL

Conversation

@skaszlik
Copy link
Copy Markdown

@skaszlik skaszlik commented Apr 23, 2026
edited
Loading

New module to support Routing Policies - available in ND 4.1 and above.

Example playbook:

  - name: TEST4 - Create ACL with TCP port options
      cisco.nd.nd_acl:
        fabric: "{{ test_fabric }}"
        state: merged
        config:
          - name: "{{ ipv4_acl_tcp }}"
            type: ipv4
            entries:
              - sequence_number: 10
                action: permit
                protocol: tcp
                src: any
                dst: "{{ test_network_ipv4 }}"
                dst_port_action: equal_to
                dst_port: 80
              - sequence_number: 20
                action: permit
                protocol: tcp
                src: any
                dst: "{{ test_network_ipv4 }}"
                dst_port_action: equal_to
                dst_port: 443
              - sequence_number: 30
                action: permit
                protocol: tcp
                src: any
                dst: "{{ test_network_ipv4 }}"
                dst_port_action: port_range
                dst_port_range_start: 8080
                dst_port_range_end: 8090
              - sequence_number: 40
                action: permit
                protocol: tcp
                src: any
                dst: any
                src_port_action: greater_than
                src_port: 1024

Related Issue(s)

#240

Proposed Changes

New module cisco.nd.nd_acl

Test Notes

All test phases passed:
[OK] Merged state - create, merge, check mode
[OK] Replaced state - replace, check mode
[OK] Query state - all, specific, missing ACL
[OK] Deleted state - specific, bulk, check mode

Cisco Nexus Dashboard Version

ND4.2

Related ND API Resource Category

  • analyze
  • infa
  • [ x] manage
  • onemanage
  • other

Checklist

  • [ x] Latest commit is rebased from develop with merge conflicts resolved
  • New or updates to documentation has been made accordingly
  • Assigned the proper reviewers

skaszlik added 2 commits April 23, 2026 12:42
@skaszlik
Add nd_acl module and integration tests for managing Access Control L…
be0476f 
…ists (ACLs)

- Implemented the nd_acl module to manage ACLs on Cisco Nexus Dashboard, supporting create, update, delete, and query operations for both IPv4 and IPv6 ACLs.
- Added comprehensive integration tests for the nd_acl module, ensuring functionality for creating, merging, replacing, and deleting ACLs, along with idempotency checks.
- Included version checks to ensure compatibility with ND 4.1 or later.
@skaszlik
feat(acl): Implement ND Manage ACL endpoints and orchestrator
1ad7f33 
- Added new endpoints for managing Access Control Lists (ACLs) in the ND Manage API, including GET, POST, PUT, and DELETE operations.
- Introduced AclModel for ACL configuration, supporting serialization and validation.
- Created ManageAclOrchestrator to handle ACL operations, including state management and input validation.
- Updated integration tests to reflect changes in ACL management.
- Modified inventory configuration for testing with specific credentials and host details.
allenrobel
allenrobel requested changes May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@allenrobel allenrobel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work Sławomir! Just a few comments, please:

  1. Replace legacy annotations with modern equivalents
  2. Remove __metaclass__ = type where present
  3. Remove from __future__ import absolute_import, annotations, division, print_function and for files that need it, replace with from __future__ import annotations
  4. Add return type annotations to all methods that lack them

Comment thread plugins/module_utils/endpoints/v1/manage/manage_acl.py Outdated
Comment thread plugins/module_utils/endpoints/v1/manage/manage_acl.py Outdated

from __future__ import absolute_import, annotations, division, print_function

from typing import ClassVar, Literal, Optional
Copy link
Copy Markdown
Collaborator

@allenrobel allenrobel May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove Optional i.e.:

from typing import ClassVar, Literal

We should be using modern annotations throughout i.e.:

  • Dict -> dict
  • List -> list
  • Set -> set
  • Optional -> str | None (for example)
  • Union -> str | int (for example)

Please replace all legacy annotions (if any) with the above across all files commited in this PR.

Copy link
Copy Markdown
Author

@skaszlik skaszlik May 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Comment thread plugins/module_utils/endpoints/v1/manage/manage_acl.py Outdated
Item-level endpoints also require an acl_name path parameter.
"""

acl_name: Optional[str] = Field(default=None, description="ACL name")
Copy link
Copy Markdown
Collaborator

@allenrobel allenrobel May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be:

    acl_name: str | None = Field(default=None, description="ACL name")

Comment thread plugins/module_utils/endpoints/v1/manage/manage_acl.py Outdated

acl_name: Optional[str] = Field(default=None, description="ACL name")

def set_identifiers(self, identifier: IdentifierKey = None):
Copy link
Copy Markdown
Collaborator

@allenrobel allenrobel May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a method has no return value signal that with an annotation.

    def set_identifiers(self, identifier: IdentifierKey = None) -> None:

Comment applies to all methods.

Comment thread plugins/modules/nd_acl.py Outdated

from __future__ import absolute_import, division, print_function

__metaclass__ = type
Copy link
Copy Markdown
Collaborator

@allenrobel allenrobel May 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

__metaclass__ = type is no longer needed. Remove.

Same comment applies to all files in this PR where this is present.

@skaszlik skaszlik mentioned this pull request May 6, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@allenrobel allenrobel allenrobel requested changes

@akinross akinross Awaiting requested review from akinross akinross will be requested when the pull request is marked ready for review akinross is a code owner

@anvitha-jain anvitha-jain Awaiting requested review from anvitha-jain anvitha-jain will be requested when the pull request is marked ready for review anvitha-jain is a code owner

@gmicol gmicol Awaiting requested review from gmicol gmicol will be requested when the pull request is marked ready for review gmicol is a code owner

@lhercot lhercot Awaiting requested review from lhercot lhercot will be requested when the pull request is marked ready for review lhercot is a code owner

@mtarking mtarking Awaiting requested review from mtarking mtarking will be requested when the pull request is marked ready for review mtarking is a code owner

@mikewiebe mikewiebe Awaiting requested review from mikewiebe mikewiebe will be requested when the pull request is marked ready for review mikewiebe is a code owner

@sajagana sajagana Awaiting requested review from sajagana sajagana will be requested when the pull request is marked ready for review sajagana is a code owner

@samiib samiib Awaiting requested review from samiib samiib will be requested when the pull request is marked ready for review samiib is a code owner

@shrsr shrsr Awaiting requested review from shrsr shrsr will be requested when the pull request is marked ready for review shrsr is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@skaszlik @allenrobel