cdot65
commented
4 months ago Hey @chrisgross-payroc, thanks for bringing this to my attention.
This issue is directly sourced from our dependency on the panos-upgrade-assurance library. I won't be in a position to update that library, would it be possible to ask that you open the issue with that project instead?
As a temporary workaround, you can disable this readiness check by using the pan-os-upgrade settings command and choosing to disable the readiness check
pan-os-upgrade settings
...
Would you like to customize readiness checks? [y/N]: y
...
Enable Check if any Dynamic Update job is scheduled to run within the specified time window? [Y/n]: n
Describe the bug Readiness checks fail if "Applications and Threats" dynamic updates is managed by Panorama template.
To Reproduce Steps to reproduce the behavior: Have a template commit settings to "Applications and Threats" dynamic updates schedule.
Expected behavior To validate settings and pass checks successfully to build forward.
Tested Steps Local override to set same values locally on "Recurrence", rest of the values kept from Template. When everything but "Recurrence" is set still to take from template, checks pass successfully. If you set the entire thing with "Recurrence" set from template, readiness checks fail.
Error Output
❌ FIREWALL-NAME-REDACTED: Error running readiness checks: Schedule threats has malformed configuration: OrderedDict([('@ptpl', 'TEMPLATE-NAME-REDACTED'), ('@src', 'tpl'), ('recurring', OrderedDict([('every-30-mins', OrderedDict([('@ptpl', 'TEMPLATE-NAME-REDACTED'), ('@src', 'tpl'), ('at', OrderedDict([('@ptpl', 'TEMPLATE-NAME-REDACTED'), ('@src', 'tpl'), ('#text', '2')])), ('action', OrderedDict([('@ptpl', 'TEMPLATE-NAME-REDACTED'), ('@src', 'tpl'), ('#text', 'download-and-install')]))])), ('new-app-threshold', OrderedDict([('@ptpl', 'TEMPLATE-NAME-REDACTED'), ('@src', 'tpl'), ('#text', '2')]))]))])