Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

panos_facts has typo when returning gather_subset "vsys" #532

Closed
chris-cheesman opened this issue Jan 25, 2024 · 2 comments · Fixed by #558
Closed

panos_facts has typo when returning gather_subset "vsys" #532

chris-cheesman opened this issue Jan 25, 2024 · 2 comments · Fixed by #558
Assignees
@horiagunica
Labels
bug Something isn't working released

Comments

@chris-cheesman
Copy link

Describe the bug

When using panos_facts to return vsys values from a device, there is a typo in the returned value ansible_net_virtual_systems - it is returned as ansible_net_virtual-systems

This means that any value under Virtual System Information cannot be used for subsequent tasks.

Expected behavior

I would expect a list of Security Zones to be returned.

The example below shows the same playbook but using a different return value (hostname) successfully:

TASK [../roles/palo_alto_manage : zones from config] **************************************************************************************************************************************************************************************************
ok: [BLU-PALOALTO] => {
    "vsys": {
        "ansible_facts": {
            "ansible_net_full_commit_required": false,
            "ansible_net_gather_subset": [
                "vsys",
                "system"
            ],
            "ansible_net_hostname": "BLU-PALOALTO",
            "ansible_net_model": "PA-VM",
            "ansible_net_multivsys": "off",
            "ansible_net_serial": "unknown",
            "ansible_net_uncommitted_changes": false,
            "ansible_net_uptime": "2 days, 16:58:46",
            "ansible_net_version": "8.1.15",
            "ansible_net_virtual-systems": [
                {
                    "vsys_currentsessions": "0",
                    "vsys_description": null,
                    "vsys_id": "1",
                    "vsys_iflist": [
                        "ethernet1/1",
                        "ethernet1/2",
                        "ethernet1/3",
                        "ethernet1/4"
                    ],
                    "vsys_maxsessions": "0",
                    "vsys_name": "vsys1",
                    "vsys_vrlist": [],
                    "vsys_zonelist": [
                        "TEST-ZONE-1",
                        "TEST-ZONE-2"
                    ]
                }
            ]
        },
        "changed": false,
        "failed": false
    }
}

TASK [../roles/palo_alto_manage : Extract security zones from vsys] ***********************************************************************************************************************************************************************************
ok: [BLU-PALOALTO]

TASK [../roles/palo_alto_manage : zones from vsys] ****************************************************************************************************************************************************************************************************
ok: [BLU-PALOALTO] => {
    "discovered_zones": "BLU-PALOALTO"

Current behavior

included: /playbooks/roles/palo_alto_manage/tasks/zones.yml for BLU-PALOALTO

TASK [../roles/palo_alto_manage : Gather existing security zones from device] *************************************************************************************************************************************************************************
ok: [BLU-PALOALTO]

TASK [../roles/palo_alto_manage : zones from config] **************************************************************************************************************************************************************************************************
ok: [BLU-PALOALTO] => {
    "vsys": {
        "ansible_facts": {
            "ansible_net_full_commit_required": false,
            "ansible_net_gather_subset": [
                "vsys",
                "system"
            ],
            "ansible_net_hostname": "BLU-PALOALTO",
            "ansible_net_model": "PA-VM",
            "ansible_net_multivsys": "off",
            "ansible_net_serial": "unknown",
            "ansible_net_uncommitted_changes": false,
            "ansible_net_uptime": "2 days, 16:54:21",
            "ansible_net_version": "8.1.15",
            "ansible_net_virtual-systems": [
                {
                    "vsys_currentsessions": "0",
                    "vsys_description": null,
                    "vsys_id": "1",
                    "vsys_iflist": [
                        "ethernet1/1",
                        "ethernet1/2",
                        "ethernet1/3",
                        "ethernet1/4"
                    ],
                    "vsys_maxsessions": "0",
                    "vsys_name": "vsys1",
                    "vsys_vrlist": [],
                    "vsys_zonelist": [
                        "TEST-ZONE-1",
                        "TEST-ZONE-2"
                    ]
                }
            ]
        },
        "changed": false,
        "failed": false
    }
}

TASK [../roles/palo_alto_manage : Extract security zones from vsys] ***********************************************************************************************************************************************************************************
fatal: [BLU-PALOALTO]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'ansible_net_virtual_systems'. 'dict object' has no attribute 'ansible_net_virtual_systems'\n\nThe error appears to be in '/playbooks/roles/palo_alto_manage/tasks/zones.yml': line 16, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Extract security zones from vsys\n  ^ here\n"}

Possible solution

Steps to reproduce

Run the following against a target device with one or more Security Zones defined:

- name: Gather existing security zones from device
  paloaltonetworks.panos.panos_facts:
    provider: '{{ palo_provider }}'
    gather_subset: vsys
  register: vsys

- name: Extract security zones from vsys
  ansible.builtin.set_fact:
    discovered_zones: '{{ vsys.ansible_facts.ansible_net_virtual_systems.vsys_zonelist }}'
    
- name: zones from vsys
  debug:
    var: discovered_zones

Screenshots

Context

I am creating a role to delete any Security Zones from a device and add new ones. I can add new Security Zones but cannot gather the information required to delete current zones on the target device(s)

Your Environment

  • Collection: paloaltonetworks.panos 2.18.0
  • Python: 3.9.18
  • Ansible: 2.15.7
  • PAN-OS Python Library & version (e.g. pandevice 0.14.0, pan-os-python 1.0.2):
@chris-cheesman chris-cheesman added the bug Something isn't working label Jan 25, 2024
@horiagunica horiagunica mentioned this issue Mar 26, 2024
Merged
4 tasks
@horiagunica
Copy link
Collaborator

Hello @chris-cheesman !

Thank you for pointing this out.

I've issued a PR which should fix the issues!

@horiagunica horiagunica self-assigned this Mar 27, 2024
@github-actions GitHub Actions
Copy link

🎉 This issue has been resolved in version 2.20.0 🎉

The release is available on Ansible Galaxy and GitHub release

Posted by semantic-release bot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@horiagunica horiagunica

Labels
bug Something isn't working released
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(panos_facts.py): Fixed virtual systems fact name PaloAltoNetworks/pan-os-ansible
2 participants
@horiagunica @chris-cheesman