search

PaloAltoNetworks / pango

pango is the underlying library for the Palo Alto Networks Terraform provider
https://github.com/PaloAltoNetworks/terraform-provider-panos
MIT License
58 stars 43 forks source link

Issue when setting prempt option for HA configuration #78

Open nshetty10 opened 3 years ago

nshetty10 commented 3 years ago

Describe the bug

Issue was found while debugging issue openconfig model HA "PLUG-8575". election-option/prempt is not set to default value false unless device priority is explicitly specified in the request

Expected behavior

config of device priority should not interfere with configuration of preempt field field.

Current behavior

Possible solution

Steps to reproduce

please use this json test@R320:~/octest/json-files$ cat ha.json { "ha-groups": { "ha-group": [ { "config": { "ha-config-sync": true, "ha-enabled": true, "ha-session-sync": true, "hello-interval": 8001, "id": 1 }, "control-link": { "backup": { "config": { "control-link-gateway": "60.1.1.1", "control-link-interface": "ha1-b", "control-link-ipv4": "60.1.1.3/24", "control-link-peer-ipv4": "60.1.1.4/24" } }, "config": { "control-link-gateway": "50.1.1.1", "control-link-interface": "ha1-a", "control-link-ipv4": "50.1.1.3/24", "control-link-peer-ipv4": "50.1.1.4/24" } }, "data-link": { "backup": { "config": { "data-link-gateway": "80.1.1.1", "data-link-interface": "ethernet1/6", "data-link-ipv4": "80.1.1.3/24" } }, "config": { "data-link-gateway": "70.1.1.1", "data-link-interface": "hsci", "data-link-ipv4": "70.1.1.3/24" } }, "id": 1, "interface-groups": { "interface-group": [ { "config": { "group-policy": "ANY", "id": "link-34", "monitored-interfaces": [ "ethernet1/3", "ethernet1/4" ] }, "id": "link-34" }, { "config": { "group-policy": "ANY", "id": "link-5", "monitored-interfaces": [ "ethernet1/5" ] }, "id": "link-5" }, { "config": { "group-policy": "ALL", "id": "link-6", "monitored-interfaces": [ "ethernet1/6" ] }, "id": "link-6" } ] } } ] } }

and this command gnmic --config ~/gnmicset.yaml set --update-path / --update-file ha.json

This is the code where logic is wrong. id someone selects preemptive field to be false and there is no device priority then the logic to set ans.ElectionOption will not be invoked.

if e.ElectionDevicePriority != "" || e.ElectionPreemptive || e.ElectionHeartBeatBackup { ans.ElectionOption = &electionOption{ DevicePriority: e.ElectionDevicePriority, Preemptive: util.YesNo(e.ElectionPreemptive), HeartBeatBackup: util.YesNo(e.ElectionHeartBeatBackup), } }

1. 2. 3. 4.

Screenshots

Context

Your Environment

welcome-to-palo-alto-networks[bot] commented 3 years ago

:tada: Thanks for opening your first issue here! Welcome to the community!

shinmog commented 3 years ago

It's a little hard to follow this repro but let me take a few guesses here.

  1. You have initially configured HA to have preemptive=true
  2. You later try to set preemptive=false, but you also don't want to have a priority

In this case, as long as you're doing an edit and not a set, PAN-OS will change the config to have default values for anything not specified. And in the case of the preemptive field, this will set it to preemptive=false.

So it seems like you're doing a set, and if that's the case, that's incorrect. You need to be doing an edit.