Most NXOS versions convert aerleon wildcard syntax output to prefix syntax in config - diff/comparison broken

[fischa]

Problem

We saw the following issue when trying policies with NXOS (in various versions).

Aerleon output:

no ip access-list test-acl
ip access-list test-acl

 remark test-acl
 permit ip host 1.1.1.1 any
 permit ip 2.2.2.2 0.0.0.255 any
 permit ip 3.3.3.3 0.0.0.31 any

What NXOS config looks like (except for 9.2) tested with 9.3 and older:

# sh run | b "ip access-list test-acl"
ip access-list test-acl
  10 remark test-acl
  20 permit ip 1.1.1.1/32 any
  30 permit ip 2.2.2.2/24 any
  40 permit ip 3.3.3.3/27 any
...

The sequence number can easily be dropped out for comparison/diffing but the different syntax formats make a direct comparison impossible.

Possible solution

I did take a look at the _GetIpString() function in cisco.py

aerleon/aerleon/lib/cisco.py

Line 669 in 8ba9321

def _GetIpString(self, addr: Union[IPv6, IPv4, DSMNet]) -> str:

and the following changes produce the prefix/CIDR syntax:

 isinstance(addr, nacaddr.IPv4) or isinstance(addr, ipaddress.IPv4Network):
            addr = cast(self.IPV4_ADDRESS, addr)
            if addr.num_addresses > 1:
-                if self.platform == 'arista':
+                if self.platform in ('arista', 'cisconx'):
                    return addr.with_prefixlen
                return '%s %s' % (addr.network_address, addr.hostmask)
+           if addr.num_addresses == 1 and self.platform == 'cisconx':
+                return '%s' % (addr.with_prefixlen)
            return 'host %s' % (addr.network_address)

Would that be something you can integrate? If yes I'll create PR with these changes and see if I can make sense out of the tests for NXOS. If no please advise on what we can do as alternative.

[ankenyr]

Seems right to me, mind making a PR with some tests and sending it our way?