bigip_firewall_rule add rule to existing policy

[S-D55]

ISSUE TYPE

• Bug Report I am using *bigip_firewall_rule to add a new rule the existing policy, by default it get added as the last rule. Is there any way to specify the "placeAfter" placeBefore ** like in API call? I see that is not an option in the module.

in a policy with 100 + rules it's not possible to use the bigip_firewall_policy to re-add all the rules.

COMPONENT NAME

bigip_firewall_rule

ANSIBLE VERSION

ansible 2.8.2

PYTHON VERSION

python version = 3.7.4

BIGIP VERSION

12.2.4

CONFIGURATION

OS / ENVIRONMENT

SUMMARY

I am trying to basically to add new firewall rule in a specific order.

STEPS TO REPRODUCE

- name: ADD_FirewallRule
      bigip_firewall_rule:
        name: "{{item.name}}"
        parent_policy: "{{item.parent_policy}}"
        protocol: "{{item.protocol}}"
        action: accept-decisively
        status: enabled
        logging: no
        source:
          - address_list: "{{item.source.0.address_list}}"
        destination:
          - address_list: "{{item.destination.0.address_list}}"
          - port: "{{item.destination.1.port}}"
        provider: '{{provider}}'
      loop: "{{fw_rules}}"
      delegate_to: localhost

  - name: Create a basic policy with 
      bigip_firewall_policy:
        name: testpolicy
        state: present
        rules:
          - testMike
          - TACACS-ansibletest
        provider: '{{provider}}'
      delegate_to: localhost

EXPECTED RESULTS

I wanted to add the new rule below the testMike

ACTUAL RESULTS

instead it deleted all my other rules and left me with just those two rules in the policy. I had about 20 other rules before I ran the playbook.

[focrensh]

The design right now treats the list as the desired end-state. Currently you can use the bigip_firewall_rule module to add a rule to the end of a current policy by default.

    - name: Add a new policy rule to the end of policy
      bigip_firewall_rule:
        name: foo-rule
        parent_policy: foo
      delegate_to: localhost

Are you looking at specifically these 4 combinations that are possibly with Policy?

place-after last 
place-after first
place-before last
place-before first

[S-D55]

Thank you for replying.

kind of,

place-after [first | last | [rule name]] place-before [first | last | [rule name]]

In my case I am trying to add the rule before a specific deny rule.

[focrensh]

Do you have an expectation of how this would work idempotently (not adding the rule every time the playbooks is run)?

[KrithikaChidambaram]

Closing this now. Reopen if you still face the issue. Thanks!