search

PaloAltoNetworks / pan-os-ansible

Ansible collection for easy automation of Palo Alto Networks next generation firewalls and Panorama, in both physical and virtual form factors.
https://pan.dev/ansible/docs/panos
Apache License 2.0
204 stars 97 forks source link

state: merged doesn't merge deep enough. #548

Closed torch183 closed 7 months ago

torch183 commented 7 months ago

Describe the bug

I guess it's up for debate whether this qualifies as a bug report or a feature request, but when configuring an object that has attributes that are lists, the list contents are not merged, but replaced.

Expected behavior

If I run a task including panos_address_object with state: merged on an existing object that has a list of tags assigned to it, and I supply a new list of tags, I would expect the object to have both the new and the old tags.

Current behavior

Instead the old list of tags is replaced with the new list

Possible solution

Update the merged state to merge deeper/recursively

Steps to reproduce

Make the following tasks

- name: Create a host object
    panos_address_object:
      provider: "{{ provider }}"
      state: present
      name: host1
      value: 1.2.3.4
      tag:
      - tag1
      - tag2

- name: Update tags
    panos_address_object:
      provider: "{{ provider }}"
      state: merged
      name: host1
      tag:
      - tag3
      - tag4

Afterwards the object will only have tag3 and tag4 assigned

Context

As mentioned, I'd like to use Ansible to update tags on objects. I'd also like to be able to add/remove an address object to/from a security rule without having to explicitly extract and manipulate the list of sources/destinations, etc.

Your Environment

Ansible Automation Platform Controller 4.4.7

torch183 commented 7 months ago

For some reason, I'm not able to reproduce this now. Could be an error in my previous testing. Please ignore