load_acl: automatically convert ACL to proper format

[supertylerc]

Somewhat related to #150.

I'd like to be able to use the same ACL file across multiple vendors. To that end, I think it would be helpful to have load_acl automatically (either optionally or by default) convert an ACL from the source format in the file to the destination format.

Otherwise, unless I am missing something (totally possible), I would need to maintain multiple ACL files that accomplish the same goal for each vendor in my network.

[mgmoerman]

Maybe ACLhound is something that you could use?

[jathanism]

@supertylerc Thanks for the request! This is a feature we've talked about in the past.

You're not missing anything. The ACL parser in its current form hasn't evolved much in the past few years and came from a world where each vendor policy was explicitly managed. The conversion features were added for migration between platforms (say from Cisco to Juniper).

Another thing to consider is that when converting between vendors, some semantics are either lost or complicated. For example, if converting from a Juniper (statement-based) to a Cisco (line-based) policy, you end up with a much larger amount of policy entries, which may not necessarily be desirable.

ACLhound or Capirca could probably better support this idea for now, but keeping in mind both of them expect that you're managing the ACL policy in a template language or DSL and "compile" out to supported vendors. Trigger's ACL parser allows you to manage policies in their native syntax and translate them around. I see these methods as inverses of each other.