Changing an ACL ACE will miss a no <sequence number> command

[TheRealBecks]

SUMMARY

When deleting a port_protocol from an ACL ACE the no <sequence number> command is missing and an error-message will be provided as the to be changed/configured sequence number already exists.

ISSUE TYPE

• Bug Report

COMPONENT NAME

eos_acls

ANSIBLE VERSION

ansible [core 2.15.6]
  config file = /home/mbeckert/Entwicklung/Strato/lightning/lightning/ansible.cfg
  configured module search path = ['/home/mbeckert/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/mbeckert/.local/share/virtualenvs/lightning-vg2lOQBb/lib/python3.11/site-packages/ansible
  ansible collection location = /home/mbeckert/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/mbeckert/.local/share/virtualenvs/lightning-vg2lOQBb/bin/ansible
  python version = 3.11.6 (main, Nov 15 2023, 09:22:27) [GCC] (/home/mbeckert/.local/share/virtualenvs/lightning-vg2lOQBb/bin/python)
  jinja version = 3.1.2
  libyaml = True

COLLECTION VERSION

Collection        Version
----------------- -------
community.general 7.5.1

CONFIGURATION

CONFIG_FILE() = /home/mbeckert/Entwicklung/Strato/lightning/lightning/ansible.cfg
DEFAULT_FORKS(/home/mbeckert/Entwicklung/Strato/lightning/lightning/ansible.cfg) = 10
DEFAULT_HASH_BEHAVIOUR(/home/mbeckert/Entwicklung/Strato/lightning/lightning/ansible.cfg) = merge
DEFAULT_HOST_LIST(/home/mbeckert/Entwicklung/Strato/lightning/lightning/ansible.cfg) = ['/home/mbeckert/Entwicklung/Strato/lightning/lightning/inventory.yml']
DEFAULT_ROLES_PATH(/home/mbeckert/Entwicklung/Strato/lightning/lightning/ansible.cfg) = ['/home/mbeckert/Entwicklung/Strato/lightning/lightning/roles']
DEFAULT_VAULT_PASSWORD_FILE(/home/mbeckert/Entwicklung/Strato/lightning/lightning/ansible.cfg) = /home/mbeckert/Entwicklung/Strato/lightning/lightning/.vault_passphrase/open_vault.sh
EDITOR(env: EDITOR) = nano
PAGER(env: PAGER) = less

OS / ENVIRONMENT

Arista EOS 4.28.4M

STEPS TO REPRODUCE

Before task.yml:

---
- name: Network temp main
  block:
    - name: Network temp main block
      arista.eos.eos_acls:
        state: "replaced"
        config:
          - afi: ipv4
            acls:
              - name: test-acl
                  - sequence: 10
                    grant: permit
                    protocol: udp
                    source:
                      any: true
                    destination:
                      any: true
                      port_protocol:
                        eq: bfd

After task.yml:

---
- name: Network temp main
  block:
    - name: Network temp main block
      arista.eos.eos_acls:
        state: "replaced"
        config:
          - afi: ipv4
            acls:
              - name: test-acl
                  - sequence: 10
                    grant: permit
                    protocol: udp
                    source:
                      any: true
                    destination:
                      any: true

-> port_protocol has been deleted

EXPECTED RESULTS

On the second run the sequence number 10 will be deleted before a new 10 will be configured.

To be generated commands:

[
  'ip access-list test-acl2',
  'no 10',
  '10 permit udp any any'
]

ACTUAL RESULTS

On the second run on the configuration will fail on the device:

fatal: [sw-arista-test1.11.example.net]: FAILED! => {
    "changed": false,
    "module_stderr": "10 permit udp any any\r\n% Error: Duplicate sequence number\r\nsw-arista-test1(config-s-ansible_17-acl-test-acl2)#",
    "module_stdout": "",
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error"
}

--> Duplicate sequence number

Generated commands:

[
  'ip access-list test-acl2',
  '10 permit udp any any'
]

[TheRealBecks]

I already know what's wrong here and I have a potential fix that I can provide within the next few days.