search

aruba / aoscx-ansible-collection

Ansible collections for AOS-CX switches 
48 stars 23 forks source link

Fault in aoscx_acl: suboptions do not work #84

Closed git4m closed 6 months ago

git4m commented 1 year ago

When executing module aoscx_acl from the collection, while using one or several sub-options which reference an object, the module fails with error code 400.

In the provided example playbook, all tasks work, except task "Add ACL task 2 (AOSCX)" (see playbook output)

Switch: 6300M Firmware: 10.10.1060

Playbook:

---
- name: ACL Configuration
  hosts: all
  gather_facts: false
  connection: arubanetworks.aoscx.aoscx

  tasks:
    - name: Add dummy object 1 (AOSCX)

      connection: ansible.netcommon.network_cli
      arubanetworks.aoscx.aoscx_config:
        lines:
          - object-group ip address obj_src
          - object-group ip address obj_dst
          - object-group port obj_port
        diff_against: running
        save_when: changed

    - name: Add dummy object 2 (AOSCX)
      connection: ansible.netcommon.network_cli
      arubanetworks.aoscx.aoscx_config:
        parents:
          - object-group ip address obj_src
        lines:
          - 10 10.0.0.0/24
          - 20 10.20.30.40
        diff_against: running
        save_when: changed

    - name: Add dummy object 3 (AOSCX)
      connection: ansible.netcommon.network_cli
      arubanetworks.aoscx.aoscx_config:
        parents:
          - object-group ip address obj_dst
        lines:
          - 10 10.10.0.0/24
          - 20 10.11.0.0/24
        diff_against: running
        save_when: changed

    - name: Add dummy object 4 (AOSCX)
      connection: ansible.netcommon.network_cli
      arubanetworks.aoscx.aoscx_config:
        parents:
          - object-group port obj_port
        lines:
          - 10 eq ssh
          - 20 eq https
        diff_against: running
        save_when: changed

    - name: Delete ACL (AOSCX)
      arubanetworks.aoscx.aoscx_acl:
        name: test_acl
        type: ipv4
        state: delete

    - name: Add ACL task 1 (AOSCX)
      arubanetworks.aoscx.aoscx_acl:
        name: test_acl
        type: ipv4
        state: create
        acl_entries:
          1:
            comment: "Aruba example deny the host"
            action: deny
            count: true
            src_ip: 158.10.12.57/32
            protocol: tcp

    - name: Add ACL task 2 (AOSCX)
      arubanetworks.aoscx.aoscx_acl:
        name: test_acl
        type: ipv4
        state: create
        acl_entries:
          200:
            protocol: tcp
            action: permit
            src_ip_group: "/system/acl_object_groups/obj_src,ipv4"
            dst_ip_group: "/system/acl_object_groups/obj_dst,ipv4"
            dst_l4_port_group: "/system/acl_object_groups/obj_port,l4port"

Playbook output:

PLAY [Initial Switch Configuration] *************************************************************************************************************************

TASK [Add dummy object 1 (AOSCX)] ***************************************************************************************************************************
ok: [aruba_6300m_10_10_1060]

TASK [Add dummy object 2 (AOSCX)] ***************************************************************************************************************************
changed: [aruba_6300m_10_10_1060]

TASK [Add dummy object 3 (AOSCX)] ***************************************************************************************************************************
changed: [aruba_6300m_10_10_1060]

TASK [Add dummy object 4 (AOSCX)] ***************************************************************************************************************************
ok: [aruba_6300m_10_10_1060]

TASK [Delete ACL (AOSCX)] ***********************************************************************************************************************************
changed: [aruba_6300m_10_10_1060]

TASK [Add ACL task 1 (AOSCX)] *******************************************************************************************************************************
changed: [aruba_6300m_10_10_1060]

TASK [Add ACL task 2 (AOSCX)] *******************************************************************************************************************************
fatal: [aruba_6300m_10_10_1060]: FAILED! => changed=false
  msg: '''GENERIC OPERATION ERROR: Invalid data\n: Code: 400'''

PLAY RECAP **************************************************************************************************************************************************
aruba_6300m_10_10_1060                  : ok=6    changed=4    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

ansible-collections

Collection                Version
------------------------- -------
ansible.netcommon         5.2.0
ansible.posix             1.5.4
ansible.utils             2.11.0
arubanetworks.aos_switch  1.7.0
arubanetworks.aoscx       4.3.0
community.general         7.4.0

python modules:

poetry show
ansible-compat            4.1.10   Ansible compatibility goodies
ansible-core              2.15.0   Radically simple IT automation
ansible-lint              6.17.0   Checks playbooks for practices and behavior that could potentially be improved
ansible-pylibssh          1.1.0    Python bindings for libssh client specific to Ansible use case
attrs                     23.1.0   Classes Without Boilerplate
bcrypt                    4.0.1    Modern password hashing for your software and your servers
black                     23.3.0   The uncompromising code formatter.
bracex                    2.4      Bash style brace expander.
certifi                   2023.5.7 Python package for providing Mozilla's CA Bundle.
cffi                      1.15.1   Foreign Function Interface for Python calling C code.
charset-normalizer        3.1.0    The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
click                     8.1.3    Composable command line interface toolkit
cryptography              40.0.2   cryptography is a package which provides cryptographic recipes and primitives to Python developers.
filelock                  3.12.4   A platform independent file lock.
hvac                      0.11.2   HashiCorp Vault API client
idna                      3.4      Internationalized Domain Names in Applications (IDNA)
importlib-resources       5.0.7    Read resources from Python packages
jinja2                    3.1.2    A very fast and expressive template engine.
jmespath                  0.10.0   JSON Matching Expressions
jsonschema                4.19.0   An implementation of JSON Schema validation for Python
jsonschema-specifications 2023.7.1 The JSON Schema meta-schemas and vocabularies, exposed as a Registry
jxmlease                  1.0.3    jxmlease converts between XML and intelligent Python data structures.
lxml                      4.9.2    Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
markdown-it-py            3.0.0    Python port of markdown-it. Markdown parsing, done right!
markupsafe                2.1.2    Safely add untrusted strings to HTML/XML markup.
mdurl                     0.1.2    Markdown URL utilities
mypy-extensions           1.0.0    Type system extensions for programs checked with the mypy type checker.
ncclient                  0.6.13   Python library for NETCONF clients
netaddr                   0.8.0    A network address manipulation library for Python
netifaces                 0.11.0   Portable network interface information.
packaging                 23.1     Core utilities for Python packages
paramiko                  3.1.0    SSH2 protocol library
pathspec                  0.11.1   Utility library for gitignore style pattern matching of file paths.
platformdirs              3.5.1    A small Python package for determining appropriate platform-specific dirs, e.g. a "user data dir".
ply                       3.11     Python Lex & Yacc
pyaoscx                   2.5.0    AOS-CX Python Modules
pyasn1                    0.5.0    Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
pycparser                 2.21     C parser in Python
pycryptodomex             3.18.0   Cryptographic library for Python
pycurl                    7.45.2   PycURL -- A Python Interface To The cURL library
pygments                  2.16.1   Pygments is a syntax highlighting package written in Python.
pynacl                    1.5.0    Python binding to the Networking and Cryptography (NaCl) library
pynetbox                  6.6.2    NetBox API client library
pyparsing                 3.0.9    pyparsing module - Classes and methods to define and execute parsing grammars
pyserial                  3.5      Python Serial Port Extension
pysmi                     0.3.4    SNMP SMI/MIB Parser
pysnmp                    4.4.12   SNMP library for Python
python-dotenv             0.19.2   Read key-value pairs from a .env file and set them as environment variables
pyyaml                    6.0      YAML parser and emitter for Python
referencing               0.30.2   JSON Referencing + Python
requests                  2.30.0   Python HTTP for Humans.
requests-toolbelt         1.0.0    A utility belt for advanced users of python-requests
resolvelib                1.0.1    Resolve abstract dependencies into concrete ones
rich                      13.5.2   Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
rpds-py                   0.10.3   Python bindings to Rust's persistent data structures (rpds)
ruamel-yaml               0.17.32  ruamel.yaml is a YAML parser/emitter that supports roundtrip preservation of comments, seq/map flow style, and map ke...
ruamel-yaml-clib          0.2.7    C version of reader, parser and emitter for ruamel.yaml derived from libyaml
scp                       0.14.5   scp module for paramiko
setuptools                63.4.3   Easily download, build, install, upgrade, and uninstall Python packages
six                       1.16.0   Python 2 and 3 compatibility utilities
subprocess-tee            0.4.1    subprocess-tee
thruk                     0.0.6    Library providing functions to create and end a sheduled downtime in Thruk
tomli                     2.0.1    A lil' TOML parser
transitions               0.9.0    A lightweight, object-oriented Python state machine implementation with many extensions.
typing-extensions         4.5.0    Backported and Experimental Type Hints for Python 3.7+
urllib3                   2.0.2    HTTP library with thread-safe connection pooling, file post, and more.
wcmatch                   8.5      Wildcard/glob file name matcher.
wheel                     0.40.0   A built-package format for Python
yamllint                  1.32.0   A linter for YAML files.
yamlordereddictloader     0.4.0    YAML loader and dump for PyYAML allowing to keep keys order.
git4m commented 6 months ago

i can confirm that it has been fixed in latest release

Collection                Version
------------------------- -------
arubanetworks.aoscx       4.4.0

and 

pyaoscx                   2.6.0     AOS-CX Python Modules

Thank you @tchiapuziowong!