trigger 2.0.0__tar.gz → 2.0.3__tar.gz

{trigger-2.0.0/trigger.egg-info → trigger-2.0.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: trigger
-Version: 2.0.0
+Version: 2.0.3
 Summary: Network automation toolkit for managing network devices
 Author-email: Jathan McCollum <jathan@gmail.com>
 License-Expression: BSD-3-Clause

trigger-2.0.3/pyproject.toml

@@ -0,0 +1,236 @@
+[build-system]
+requires = ["setuptools>=64", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "trigger"
+version = "2.0.3"
+description = "Network automation toolkit for managing network devices"
+readme = "README.md"
+license = "BSD-3-Clause"
+authors = [{name = "Jathan McCollum", email = "jathan@gmail.com"}]
+requires-python = ">=3.10,<3.12"
+classifiers = [
+    "Development Status :: 6 - Mature",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Framework :: Twisted",
+]
+dependencies = [
+    "IPy>=1.01",
+    "cryptography>=41.0.0",
+    "Twisted>=22.10.0",
+    "crochet>=2.0.0",
+    "pyasn1>=0.4.8",
+    "pyparsing>=3.1.0",
+    "pytz>=2023.3",
+    "SimpleParse>=2.2.0",
+    "textfsm>=1.1.0",
+    "redis>=5.0.0",
+    "PTable>=0.9.2",
+    "peewee>=3.17.0",
+    "service-identity>=23.1.0",
+    "bcrypt>=4.0.0",
+    "packaging>=21.0",
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=7.4.0",
+    "pytest-twisted>=1.14.0",
+    "ruff>=0.1.0",
+    "python-semantic-release>=9.0.0",
+]
+
+[project.scripts]
+acl = "trigger.bin.acl:main"
+acl_script = "trigger.bin.acl_script:main"
+aclconv = "trigger.bin.aclconv:main"
+check_access = "trigger.bin.check_access:main"
+check_syntax = "trigger.bin.check_syntax:main"
+fe = "trigger.bin.fe:main"
+find_access = "trigger.bin.find_access:main"
+gnng = "trigger.bin.gnng:main"
+gong = "trigger.bin.gong:main"
+load_acl = "trigger.bin.load_acl:main"
+load_config = "trigger.bin.load_config:main"
+netdev = "trigger.bin.netdev:main"
+optimizer = "trigger.bin.optimizer:main"
+run_cmds = "trigger.bin.run_cmds:main"
+
+[tool.setuptools]
+packages = ["trigger", "trigger.acl", "trigger.bin", "trigger.changemgmt",
+            "trigger.conf", "trigger.contrib", "trigger.netdevices",
+            "trigger.packages", "trigger.utils", "twisted.plugins"]
+include-package-data = true
+
+[tool.setuptools.package-data]
+twisted = ["plugins/trigger_xmlrpc.py"]
+
+# Automatically includes files tracked by git in source distributions
+# This includes: CHANGELOG, *.md, conf/, docs/, examples/, tests/
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+python_files = ["test_*.py"]
+addopts = "-v"
+
+[tool.ruff]
+line-length = 88
+target-version = "py310"
+exclude = ["trigger/packages", ".venv", "build", "dist"]
+
+[tool.ruff.lint]
+select = [
+    "B",      # flake8-bugbear - bug prevention
+    "COM",    # flake8-commas - trailing comma consistency
+    "D",      # pydocstyle - docstring formatting
+    "E",      # pycodestyle errors
+    "EM",     # flake8-errmsg - exception message hygiene
+    "ERA",    # eradicate - commented-out code removal
+    "F",      # pyflakes
+    "FURB",   # refurb - modern Python idioms
+    "I",      # isort - import sorting
+    "PERF",   # perflint - performance patterns
+    "PIE",    # flake8-pie - unnecessary constructs
+    "PLR",    # pylint-refactor
+    "PLW",    # pylint-warnings
+    "PT",     # flake8-pytest-style
+    "PTH",    # flake8-use-pathlib
+    "RET",    # flake8-return
+    "RSE",    # flake8-raise
+    "RUF",    # ruff-specific rules
+    "S",      # flake8-bandit - security
+    "SIM",    # flake8-simplify
+    "UP",     # pyupgrade - Python 3 modernization
+    "W",      # pycodestyle warnings
+]
+ignore = [
+    # --- Formatter conflicts ---
+    "COM812",   # trailing-comma-missing (handled by ruff formatter)
+
+    # --- Kept from v2.0.0 baseline ---
+    "E402",     # module-import-not-at-top-of-file
+    "E501",     # line-too-long (handled by formatter)
+    "E721",     # type-comparison (existing code style)
+    "E722",     # bare-except (intentional in many places)
+    "E741",     # ambiguous-variable-name (existing code style)
+    "F401",     # unused-import (may be used dynamically)
+    "F402",     # import-shadowed-by-loop-var
+    "F403",     # undefined-local-with-import-star
+    "F405",     # undefined-local-with-import-star-usage
+    "F523",     # string-dot-format-extra-positional-arguments
+    "F811",     # redefined-while-unused
+    "F821",     # undefined-name
+    "UP031",    # printf-string-formatting
+
+    # --- Bugbear exceptions ---
+    "B016",     # raise-literal (used intentionally in tests)
+    "B018",     # useless-expression (test assertions)
+
+    # --- Docstring exceptions (not enforcing coverage/style) ---
+    "D100",     # undocumented-public-module
+    "D101",     # undocumented-public-class
+    "D102",     # undocumented-public-method
+    "D103",     # undocumented-public-function
+    "D104",     # undocumented-public-package
+    "D105",     # undocumented-magic-method
+    "D107",     # undocumented-public-init
+    "D200",     # unnecessary-multiline-docstring
+    "D205",     # missing-blank-line-after-summary
+    "D401",     # non-imperative-mood
+    "D402",     # signature-in-docstring
+    "D404",     # docstring-starts-with-this
+
+    # --- Complexity (deep refactoring territory) ---
+    "PLR0911",  # too-many-return-statements
+    "PLR0912",  # too-many-branches
+    "PLR0913",  # too-many-arguments
+    "PLR0915",  # too-many-statements
+    "PLR2004",  # magic-value-comparison
+    "PLW0603",  # global-statement (parser pattern)
+
+    # --- Security false positives for network toolkit ---
+    "S101",     # assert (used in tests)
+    "S105",     # hardcoded-password-string (false positives)
+    "S110",     # try-except-pass
+    "S112",     # try-except-continue
+    "S314",     # suspicious-xml-element-tree-usage
+    "S603",     # subprocess-without-shell-equals-true
+    "S605",     # start-process-with-a-shell (fix manually)
+    "S606",     # start-process-with-no-shell
+    "S608",     # hardcoded-sql-expression
+
+    # --- Other ---
+    "RUF012",   # mutable-class-default (too many in device metadata)
+    "SLF001",   # private-member-access (common in Twisted patterns)
+]
+
+[tool.ruff.lint.pydocstyle]
+convention = "google"
+
+[tool.ruff.lint.per-file-ignores]
+"tests/**/*.py" = [
+    "ARG",   # unused arguments (test fixtures)
+    "D",     # docstrings not enforced in tests
+    "E402",  # module-level imports not at top
+    "E722",  # bare-except
+    "E731",  # lambda assignments
+    "F821",  # undefined names (test fixtures)
+    "PT009", # pytest-unittest-assertion (allow mixing in tests)
+    "PT027", # pytest-unittest-raises-assertion
+    "S",     # security checks not relevant in tests
+]
+"tests/acceptance/**/*.py" = [
+    "D",     # docstrings not enforced
+    "E402",  # module-level imports not at top
+    "E722",  # bare-except
+    "F821",  # undefined names
+    "S",     # security checks not relevant
+]
+"trigger/bin/**/*.py" = [
+    "S605",  # start-process-with-a-shell (CLI tools)
+    "S606",  # start-process-with-no-shell
+    "S607",  # start-process-with-partial-path
+]
+"configs/**/*.py" = [
+    "ERA001",  # commented-out code (serves as user documentation/examples)
+    "PTH",     # pathlib (settings values are strings by design)
+]
+"docs/conf.py" = [
+    "D",     # docstrings not enforced
+    "E402",  # module-level imports not at top
+    "F401",  # unused imports (used by Sphinx)
+]
+
+[tool.ruff.lint.isort]
+known-first-party = ["trigger"]
+
+[tool.ruff.format]
+quote-style = "double"
+indent-style = "space"
+skip-magic-trailing-comma = false
+line-ending = "auto"
+
+[tool.semantic_release]
+version_toml = ["pyproject.toml:project.version"]
+branch = "main"
+upload_to_pypi = true
+upload_to_release = true
+build_command = "pip install uv && uv build"
+major_on_zero = false
+tag_format = "v{version}"
+
+[tool.semantic_release.commit_parser_options]
+allowed_tags = ["feat", "fix", "perf", "refactor", "docs", "chore", "ci", "test", "build"]
+major_tags = ["BREAKING CHANGE"]
+minor_tags = ["feat"]
+patch_tags = ["fix", "perf"]
+
+[tool.semantic_release.changelog]
+changelog_file = "CHANGELOG.md"
+
+[tool.semantic_release.branches.main]
+match = "main"
+prerelease = false

{trigger-2.0.0 → trigger-2.0.3}/tests/test_acl.py

@@ -5,8 +5,10 @@ __maintainer__ = "Jathan McCollum"
 __copyright__ = "Copyright 2005-2011 AOL Inc.; 2013 Salesforce.com"
 __version__ = "2.0"
 
+import contextlib
 import unittest
 from io import StringIO
+from pathlib import Path
 
 from trigger import acl, exceptions
 
@@ -91,7 +93,7 @@ class CheckACLNames(unittest.TestCase):
         for name in ("", "x" * 25):
             try:
                 acl.ACL(name=name)
-            except exceptions.ACLNameError:
+            except exceptions.ACLNameError:  # noqa: PERF203
                 pass
             else:
                 self.fail('expected ACLNameError on "' + name + '"')
@@ -131,7 +133,7 @@ class CheckTerms(unittest.TestCase):
         for name in ("", "x" * 300):
             try:
                 acl.Term(name=name)
-            except exceptions.BadTermName:
+            except exceptions.BadTermName:  # noqa: PERF203
                 pass
             else:
                 self.fail('expected BadTermNameon "' + name + '"')
@@ -170,10 +172,10 @@ class CheckTerms(unittest.TestCase):
         ):
             try:
                 acl.Term(action=action)
-            except exceptions.ActionError:
+            except exceptions.ActionError:  # noqa: PERF203
                 pass
             else:
-                self.fail(f'expected ActionError on "{str(action)}"')
+                self.fail(f'expected ActionError on "{action!s}"')
 
     def testOkModifiers(self):
         """Test valid filter action modifiers"""
@@ -210,10 +212,10 @@ class CheckTerms(unittest.TestCase):
         ):
             try:
                 acl.Term(action=action)
-            except exceptions.ActionError:
+            except exceptions.ActionError:  # noqa: PERF203
                 pass
             else:
-                self.fail(f'expected ActionError on "{str(action)}"')
+                self.fail(f'expected ActionError on "{action!s}"')
 
     def testOkMatches(self):
         """Test valid match conditions"""
@@ -307,7 +309,7 @@ class CheckOutput(unittest.TestCase):
         self.t2.match["protocol"] = ["tcp"]
         self.t2.match["source-address"] = ["192.0.2.0/24"]
         # Python 3: range() returns a range object, convert to list for concatenation
-        self.t2.match["destination-port"] = list(range(135, 139)) + [445]
+        self.t2.match["destination-port"] = [*list(range(135, 139)), 445]
         self.t2.action = "reject"
         self.t2.modifiers["syslog"] = True
         self.a.terms.append(self.t2)
@@ -346,10 +348,8 @@ filter 100j {
     def testIOS(self):
         """Test conversion of ACLs and terms to IOS classic format"""
         self.a.name = 100
-        try:
+        with contextlib.suppress(KeyError):
             del self.t1.modifiers["count"]
-        except KeyError:
-            pass
         output = """\
 access-list 100 permit 99 any any
 access-list 100 deny tcp 192.0.2.0 0.0.0.255 any range 135 138 log
@@ -359,10 +359,8 @@ access-list 100 deny tcp 192.0.2.0 0.0.0.255 any eq 445 log"""
     def testIOSExtended(self):
         """Test conversion of ACLs and terms to IOS extended format"""
         self.a.name = "BLAHBLAH"
-        try:
+        with contextlib.suppress(KeyError):
             del self.t1.modifiers["count"]
-        except KeyError:
-            pass
         output = """\
 ip access-list extended BLAHBLAH
  permit 99 any any
@@ -373,10 +371,8 @@ ip access-list extended BLAHBLAH
     def testIOSXR(self):
         """Test conversion of ACLs and terms to IOS XR format"""
         self.a.name = "BLAHBLAH"
-        try:
+        with contextlib.suppress(KeyError):
             del self.t1.modifiers["count"]
-        except KeyError:
-            pass
         self.t1.name = self.t2.name = None
         output = """\
 ipv4 access-list BLAHBLAH
@@ -475,7 +471,7 @@ class CheckJunOSExamples(unittest.TestCase):
     def testJunOSExamples(self):
         """Test examples from JunOS documentation."""
         # Python 3: file() removed, use open()
-        with open(EXAMPLES_FILE) as f:
+        with Path(EXAMPLES_FILE).open() as f:
             examples = f.read().expandtabs().split("\n\n")
         # Skip the last two because they use the unimplemented "except"
         # feature in address matches.
@@ -602,10 +598,6 @@ filter 100 {
     }
 }"""
         self.assertRaises(exceptions.ParserSyntaxError, lambda: acl.parse(x))
-        ###y = ['access-list 100 permit tcp any any eq 80']
-        ###a = acl.parse(x)
-        ###a.comments = a.terms[0].comments = []
-        ###self.assertEqual(a.output_ios(), y)
 
     def testRanges(self):
         """Test JunOS ICMP and protocol ranges (regression)."""
@@ -702,7 +694,8 @@ class CheckMiscIOS(unittest.TestCase):
         t.match["icmp-type"] = types
         # Python 3: map() returns an iterator, convert to list for comparison
         self.assertEqual(
-            t.output_ios(), list(map(lambda x: "permit icmp any any %d" % x, types))
+            t.output_ios(),
+            list(map(lambda x: "permit icmp any any %d" % x, types)),
         )
 
     def testCounterSuppression(self):

{trigger-2.0.0 → trigger-2.0.3}/tests/test_acl_queue.py

@@ -8,6 +8,7 @@ Only tests SQLite for now.
 
 import os
 import tempfile
+from pathlib import Path
 
 from trigger.conf import settings
 
@@ -79,7 +80,10 @@ class TestAclQueue(unittest.TestCase):
     def test_03_insert_integrated_failure_acl(self):
         """Test insert devices w/ no ACL association"""
         self.assertRaises(
-            exceptions.TriggerError, self.q.insert, "bogus", self.device_list
+            exceptions.TriggerError,
+            self.q.insert,
+            "bogus",
+            self.device_list,
         )
 
     def test_04_list_integrated_success(self):
@@ -153,7 +157,7 @@ class TestAclQueue(unittest.TestCase):
 
     def test_ZZ_cleanup_db(self):
         """Cleanup the temp database file"""
-        self.assertTrue(os.remove(db_file) is None)
+        self.assertTrue(Path(db_file).unlink() is None)
 
     def tearDown(self):
         NetDevices._Singleton = None

{trigger-2.0.0 → trigger-2.0.3}/tests/test_except.py

@@ -1,8 +1,9 @@
 # a test for except processing
 import os
 import sys
+from pathlib import Path
 
-sys.path.append(os.path.realpath(os.path.join(os.path.dirname(__file__), "..")))
+sys.path.append(str(Path(__file__).parent / ".."))
 from trigger import acl
 
 PARSIT = """
@@ -33,4 +34,3 @@ y = acl.parse(PARSIT)
 print(y.terms[0].match)
 print("\n".join(acl.parse(PARSIT).output_junos()))
 # following should fail
-# print('\n'.join(acl.parse(PARSIT).output_ios()))

{trigger-2.0.0 → trigger-2.0.3}/tests/test_netdevices.py

@@ -129,8 +129,8 @@ class TestNetDevicesWithoutAcls(unittest.TestCase):
     def setUp(self):
         self.nd = NetDevices(with_acls=False)
         # Python 3: dict.keys() and dict.values() return views, convert to list for subscripting
-        self.nodename = list(self.nd.keys())[0]
-        self.device = list(self.nd.values())[0]
+        self.nodename = next(iter(self.nd.keys()))
+        self.device = next(iter(self.nd.values()))
 
     def test_aclsdb(self):
         """Test acls.db handling."""
@@ -173,12 +173,10 @@ class TestNetDeviceObject(unittest.TestCase):
     def test_allowable(self):
         """Test allowable() method"""
         # This is already tested in test_changemgmt.py, so this is a stub.
-        pass
 
     def test_next_ok(self):
         """Test next_ok() method"""
         # This is already tested in test_changemgmt.py, so this is a stub.
-        pass
 
     def test_identity(self):
         """Exercise NetDevice identity tests."""
@@ -207,7 +205,7 @@ class TestNetDeviceObject(unittest.TestCase):
 
     def test_dump(self):
         """Test the dump() method."""
-        with captured_output() as (out, err):
+        with captured_output() as (out, _err):
             self.device.dump()
         expected = NETDEVICE_DUMP_EXPECTED
         output = out.getvalue()
@@ -254,9 +252,9 @@ class TestVendorObject(unittest.TestCase):
     def test_membership(self):
         """Test membership w/ __eq__ and __contains__"""
         expected = "cisco"
-        self.assertTrue(expected in [self.vendor])
-        self.assertTrue(self.vendor in [self.vendor])
-        self.assertTrue(self.vendor in [expected])
+        self.assertTrue(expected == self.vendor)
+        self.assertTrue(self.vendor == self.vendor)
+        self.assertTrue(self.vendor == expected)
         self.assertFalse(self.vendor in ["juniper", "foundry"])
 
     def test_determine_vendor(self):

{trigger-2.0.0 → trigger-2.0.3}/tests/test_scripts.py

@@ -10,10 +10,11 @@ __version__ = "1.1"
 import os
 import subprocess
 import unittest
+from pathlib import Path
 
 ACLCONV = "aclconv"  # Now an entry point, not a script in bin/
 
-os.environ["PYTHONPATH"] = os.getcwd()
+os.environ["PYTHONPATH"] = str(Path.cwd())
 
 # TODO (jathan): Add tests for all the scripts!!
 
@@ -30,7 +31,7 @@ class Aclconv(unittest.TestCase):
             stderr=subprocess.PIPE,
             text=True,
         )
-        output, errors = proc.communicate("access-list 100 deny ip any any")
+        output, _errors = proc.communicate("access-list 100 deny ip any any")
         self.assertEqual(proc.returncode, 0)
         correct_output = """\
 firewall {

{trigger-2.0.0 → trigger-2.0.3}/tests/test_tacacsrc.py

@@ -9,6 +9,7 @@ __version__ = "2.0.1"
 import os
 import tempfile
 import unittest
+from pathlib import Path
 from unittest.mock import patch
 
 from trigger.conf import settings
@@ -89,7 +90,7 @@ class TacacsrcTest(unittest.TestCase):
     def _get_perms(self, filename):
         """Get octal permissions for a filename"""
         # We only want the lower 4 bits (negative index)
-        return oct(os.stat(filename).st_mode)[-4:]
+        return oct(Path(filename).stat().st_mode)[-4:]
 
     def testWrite(self):
         """Test writing .tacacsrc."""
@@ -110,26 +111,30 @@ class TacacsrcTest(unittest.TestCase):
         self.assertEqual(output, ALL_TACACSRC)
 
         # And then compare it against the manually parsed value using
-        # miniparser()
-        with open(settings.TACACSRC) as fd:
+        # miniparser()  # noqa: ERA001
+        with Path(settings.TACACSRC).open() as fd:
             lines = fd.readlines()
             self.assertEqual(output, miniparser(lines, t))
-        os.remove(file_name)
+        Path(file_name).unlink()
 
     def test_brokenpw(self):
         self.assertRaises(
-            ValueError, MockTacacsrc, tacacsrc_file="tests/data/brokenpw_tacacsrc"
+            ValueError,
+            MockTacacsrc,
+            tacacsrc_file="tests/data/brokenpw_tacacsrc",
         )
 
     def test_emptypw(self):
-        devnull = open(os.devnull, "w")
-        with patch("trigger.tacacsrc.prompt_credentials", side_effect=KeyError):
-            with patch("sys.stdout", devnull):
-                self.assertRaises(
-                    KeyError,
-                    MockTacacsrc,
-                    tacacsrc_file="tests/data/emptypw_tacacsrc",
-                )
+        with (
+            Path(os.devnull).open("w") as devnull,
+            patch("trigger.tacacsrc.prompt_credentials", side_effect=KeyError),
+            patch("sys.stdout", devnull),
+        ):
+            self.assertRaises(
+                KeyError,
+                MockTacacsrc,
+                tacacsrc_file="tests/data/emptypw_tacacsrc",
+            )
 
     def test_perms(self):
         """Test that permissions are being enforced."""
@@ -138,7 +143,7 @@ class TacacsrcTest(unittest.TestCase):
         # First make sure perms are set
         old_perms = self._get_perms(fname)
         self.assertEqual(old_perms, RIGHT_PERMS)
-        os.chmod(fname, 0o666)  # Make it world-writable
+        Path(fname).chmod(0o666)  # Make it world-writable
         new_perms = self._get_perms(fname)
         self.assertNotEqual(new_perms, RIGHT_PERMS)
 

{trigger-2.0.0 → trigger-2.0.3}/tests/test_templates.py

@@ -128,7 +128,9 @@ class CheckTemplates(unittest.TestCase):
         commands = ["show version"]
         commando = Commando(devices=[self.device.nodeName])
         data = commando.parse_template(
-            results=[big_cli_data], device=self.device, commands=commands
+            results=[big_cli_data],
+            device=self.device,
+            commands=commands,
         )
         self.assertTrue(len(data) > 0)
         self.assertTrue(isinstance(data, list))
@@ -143,7 +145,9 @@ class CheckTemplates(unittest.TestCase):
         commands = ["show run | in cisco"]
         commando = Commando(devices=[self.device.nodeName])
         data = commando.parse_template(
-            results=[no_template_data], device=self.device, commands=commands
+            results=[no_template_data],
+            device=self.device,
+            commands=commands,
         )
         self.assertTrue(len(data) > 0)
         self.assertTrue(isinstance(data, list))

{trigger-2.0.0 → trigger-2.0.3}/tests/test_twister2.py

@@ -13,8 +13,4 @@ __copyright__ = "Copyright 2005-2011 AOL Inc.; 2013 Salesforce.com.; 2016 Dropbo
 __version__ = "1.0"
 
 
-# from utils import captured_output
-
-# Now we can import from Trigger
-# from trigger.netdevices import NetDevices, NetDevice, Vendor
 # TODO: see http://twistedmatrix.com/trac/wiki/TwistedTrial

{trigger-2.0.0 → trigger-2.0.3}/trigger/acl/__init__.py

@@ -1,5 +1,4 @@
-"""
-Trigger's ACL parser.
+"""Trigger's ACL parser.
 
 This library contains various modules that allow for parsing, manipulation,
 and management of network access control lists (ACLs). It will parse a complete
@@ -18,7 +17,7 @@ import os
 
 from trigger.conf import settings
 
-__all__ = ["parser", "acl_exists"]
+__all__ = ["acl_exists", "parser"]
 
 # Parser
 from . import parser

{trigger-2.0.0 → trigger-2.0.3}/trigger/acl/autoacl.py

@@ -1,5 +1,4 @@
-"""
-This module controls when ACLs get auto-applied to network devices,
+"""This module controls when ACLs get auto-applied to network devices,
 in addition to what is specified in acls.db.
 
 This is primarily used by :class:`~trigger.acl.db.AclsDB` to populate the
@@ -44,11 +43,10 @@ try:
     from _autoacl_module import autoacl
 except ImportError:
     msg = f"Function autoacl() could not be found in {module_path}, using default!"
-    warnings.warn(msg, RuntimeWarning)
+    warnings.warn(msg, RuntimeWarning, stacklevel=2)
 
     def autoacl(dev, explicit_acls=None):
-        """
-        Given a NetDevice object, returns a set of **implicit** (auto) ACLs. We
+        """Given a NetDevice object, returns a set of **implicit** (auto) ACLs. We
         require a device object so that we don't have circular dependencies
         between netdevices and autoacl.