panos_loadcfg does not accept provider dict

Nothing4You commented 3 years ago

Describe the bug

panos_loadcfg currently only accepts ip_address, password and username parameters directly instead of the provider parameter used in most other modules. As far as I can tell this is just a regular XML API call and should therefore support the provider configuration just fine, which would enable the user to provide an API key to the module instead of passing username and password.

Expected behavior

provider dict should be accepted like it is in most other modules, such as panos_type_cmd.

Current behavior

fatal: [host]: FAILED! => {"changed": false, "msg": "missing required arguments: ip_address, password"}

Possible solution

Implement support for the provider dict as alternative to username and password.

Steps to reproduce

- name: "load new config as candidate config"
  paloaltonetworks.panos.panos_loadcfg:
    provider: "{{ provider }}"
    file: "{{ pa_xml_staging_filename }}"
    commit: false

ansible-playbook playbook.yml

Context

I was trying to authenticate using just an API key instead of having to pass username + password to the module. This currently forces me from using just the API key for authentication.

Your Environment

Collection: 2.7.0
Python: 3.9
Ansible: 2.11.0
PAN-OS Python Library & version (e.g. pandevice 0.14.0, pan-os-python 1.0.2): pan-os-python 1.2.0

t11z commented 1 year ago

Is there any plan to update this? This module seems to be very old and unmaintained. Currently it's unsusable in environments where you are working with API keys instead of username/passwords or use specific ports.

t11z commented 1 year ago

Workaround:

Use the paloaltonetworks.panos.panos_op module.

Feed the config_file variable with the desired filename, and use this task:

- name: Load Config File
  paloaltonetworks.panos.panos_op:
    provider: '{{ provider }}'
    cmd: <load><config><from>{{ config_file }}</from></config></load>
    cmd_is_xml: true

PaloAltoNetworks / pan-os-ansible