Upgrade of ansible.netcommon to v5.0.0 appears to break authentication for check_point.mgmt

[bar0n36]

Since the upgrade of ansible.netcommon to v5, I now receive HTTP 415 errors when trying to call api_call_facts from within a custom module leveraging the default check_point.mgmt functionality.

Backdate to ansible.netcommon v4.1.0 within my EE fixes the issue.

Ansible Version = core 2.12.5.post0 check_point.mgmt version = 4.0.0

My apologies for the lack of detail and error message. If I get some time I will run the same test in my lab and capture the full output.

Error message: ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 415

[chkp-edenbr]

Hi @bar0n36 ,

Further detail is needed to understand the cause of the error, once you get a chance please add it. Also, breaking changes are specified in the release notes of the ansible.netcommon v5 collection ( https://github.com/ansible-collections/ansible.netcommon/blob/main/CHANGELOG.rst#v5-0-0 ), make sure dependent and necessary libraries are included in the appropriate version.

Regards, Eden

[bar0n36]

Thanks Eden. Those changes appear to break the Checkpoint code, rather than mine (all my stuff works, it only fails when going into the checkpoint code), hence I thought it was important to get something logged even though I haven't yet been able to gather the full suite of details and error messages. I am still intending to do so, but may not be until next week.

[tonk]

I can confirm the issue.

Situation 1 - Working

• Container RHEL8 UBI
• Ansible community 7.3.0
• ansible core 2.14.3
• ansible.netcommon 3.1.3 and 4.1.0
• ansible.utils 2.9.0
• Python 3.9.13
• check_point 4.0.0 and 3.2.0
• command:

/usr/local/bin/ansible all \
    -i inventory \
    -c ansible.netcommon.httpapi \
    -m check_point.mgmt.cp_mgmt_simple_gateway_facts \
     -a 'offset=0 limit=500 details_level=full'`

• Inventory

[cp]
checkpoint     ansible_host=192.168.10.10

[cp:vars]
ansible_httpapi_use_ssl = true
ansible_httpapi_validate_certs = false
ansible_network_os = check_point.mgmt.checkpoint
ansible_user     = administrator
ansible_password = password

This gives the expected JSON output.

Situation 2 - Not Working

When I upgrade the ansible.netcommon collection to version 5.0.0 I do get: ansible.module_utils.connection.ConnectionError: Server returned response without token info during connection authentication: 415

[saruter]

I can confirm that ansible_netcommon 5.0.0 breaks the Check Point Modules. After downgrading to ansible_netcommon 4.1.0. the Check Point Modules work again.

Error when using ansible_netcommon 5.0.0:

Server returned response without token info during connection authentication: 415

Downgrading ansible_netcommon from 5.0.0 to 4.1.0 via ansible-galaxy collection install ansible.netcommon:4.1.0 brings the Check Point Modules back to life.

Setup:

ansible --version
ansible [core 2.13.3]
  config file = /home/username/.ansible.cfg
  configured module search path = ['/home/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/username/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.14 (main, Jan  9 2023, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)]
  jinja version = 3.1.2
  libyaml = True

[Qalthos]

This is probably another manifestation of https://github.com/ansible-collections/ansible.netcommon/issues/524, which will be fixed in 5.0.1 soon.

If you still see this with a current source checkout of netcommon, please open an issue there with sanitized device interaction logs turned on so we can hopefully diagnose the issue in netcommon.

[tonk]

I have just run my playbook with the new netcommon version 5.1.0 collection and everything works now.

[chkp-edenbr]

Issue has been fixed in v5.1.0 Thanks