search

ansible-collections / cisco.asa

Ansible Security Collection for Cisco ASA
GNU General Public License v3.0
62 stars 46 forks source link

acls module returning "Unsupported parameters" error #180

Open moseley1983 opened 2 years ago

moseley1983 commented 2 years ago
SUMMARY

In AWX 17.1.0 when using the cisco.asa.asa_acls module I get error: TASK [ASA_ROLE : ACLTEST 2] **** fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (cisco.asa.asa_acls) module: provider Supported parameters include: config, running_config, state"}

COMPONENT NAME

cisco.asa.asa_acls

ANSIBLE VERSION

2.9.18


##### COLLECTION VERSION
<!--- Paste verbatim output from "ansible-galaxy collection list <namespace>.<collection>"  between the quotes
for example: ansible-galaxy collection list community.general
-->
```paste below

ansible-galaxy collection install cisco.asa
OS / ENVIRONMENT

Ubuntu 20.4, using AWX

STEPS TO REPRODUCE

- name: "ACL TEST 1"
  hosts: localhost
  connection: local       <--- have also tried "connection: network_cli"
#  gather_facts: false
  collections: 
    - cisco.asa

  tasks:
    - name: "CREATE NODE"
      import_role: 
        name: ASA_ROLE
        tasks_from: acl1.yml

- name: "ACLTEST 2"
  cisco.asa.asa_acls:
    config:
      acls:
        - name: purple_access_in
          acl_type: extended
          aces:
          - grant: permit
            line: 1
            protocol_options:
              tcp: true
            source:
              address: 192.0.4.0
              netmask: 255.255.255.0
              port_protocol:
                eq: telnet
            destination:
              address: 192.0.5.0
              netmask: 255.255.255.0
              port_protocol:
                eq: https
    state: merged
EXPECTED RESULTS

Expected for the module to work like it does when I use ansible engine with the same parameters

ACTUAL RESULTS
{
  "msg": "Unsupported parameters for (cisco.asa.asa_acls) module: provider Supported parameters include: config, running_config, state",
  "invocation": {
    "module_args": {
      "config": {
        "acls": [
          {
            "name": "purple_access_in",
            "acl_type": "extended",
            "aces": [
              {
                "grant": "permit",
                "line": 1,
                "protocol_options": {
                  "tcp": true
                },
                "source": {
                  "address": "192.0.4.0",
                  "netmask": "255.255.255.0",
                  "port_protocol": {
                    "eq": "telnet"
                  }
                },
                "destination": {
                  "address": "192.0.5.0",
                  "netmask": "255.255.255.0",
                  "port_protocol": {
                    "eq": "https"
                  }
                }
              }
            ]
          }
        ]
      },
      "state": "merged",
      "provider": {
        "host": null,
        "port": null,
        "username": null,
        "password": null,
        "ssh_keyfile": null,
        "authorize": false,
        "auth_pass": null,
        "timeout": null
      }
    }
  },
  "_ansible_no_log": false,
  "changed": false
}

I've also tried adding "provider" to the ansible role variables but still not working
moseley1983 commented 2 years ago

Is there an update for this please team?

justjais commented 2 years ago

@moseley1983 please excuse us for the delayed response, the entire team was involved in Ansiblefest which got concluded recently. I'll triage the issue and update you ASAP.

moseley1983 commented 2 years ago

That's great @justjais thanks for looking into this.

justjais commented 2 years ago

@moseley1983 I've verified the issue from my end and It seems that for you connection: local is being used to connect to the ASA instance as when I switch to ansible_connection: local from ansible_connection=network_cli I see the provider error popping up. It's expected as with connection: local, provider dict gets injected which isn’t part of newer RMs and hence the error.

Here are the inventory details with which I do not see the error:

[asa:vars]
ansible_ssh_host=asa_host
ansible_network_os=asa
ansible_user=admin
ansible_become=true
ansible_become_method=ansible.netcommon.enable
ansible_connection=ansible.netcommon.network_cli
ansible_become_pass=admin
ansible_python_interpreter=python

And, one with which I am able to reproduce the provider error:

[asa:vars]
ansible_ssh_host=asa_host
ansible_network_os=asa
ansible_user=admin
ansible_become=true
ansible_become_method=ansible.netcommon.enable
ansible_connection=local
ansible_become_pass=admin
ansible_python_interpreter=python

Also, you can verify the connection plugin if you run the play with verbose output by running the play with -vvvv. When local connection is used you can see the log as using connection plugin network_cli (was local) and with network_cli you'll just see log as using connection plugin network_cli w/o local.

justjais commented 1 year ago

@moseley1983 were you able to check back on this issue?

moseley1983 commented 1 year ago

Hi @justjais, thanks for getting back to me. I haven't got around to checking this yet. Please feel free to close the call. I won't be able to check this for a long time now. Thanks for all your help.