search

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0
85 stars 49 forks source link

fortios_router_route_map always shows changes. #355

Open dancarltonigt opened 1 week ago

dancarltonigt commented 1 week ago

The route map module, fortios_router_route_map, always shows changes, because it always grab the full route-map config with defaults, instead of just the explicitly set parameters .

This behaviour is shown in 2.1.7 and 2.3.8.

Variable:

# Route maps
firewall_route_maps:
- name : azure-prepend-rm
  rule:
  - {id: 2, action: deny, match_as_path: azr-path}

Playbook:

    # Configure BGP Route Maps
  - name: Configure Router Route Maps
    fortios_router_route_map:
      state: present
      vdom: '{{ vdom }}'
      access_token: '{{ token }}'
      router_route_map:
        name: '{{ item.name }}'
        comments: '{{ item.comments + " - " + default_comment if item.comments is defined else default_comment }}'
        rule: '{{ item.rule }}'
    with_items: '{{ firewall_route_maps}}'
    when: firewall_route_mapsis defined
    tags:
    - route_maps
    - routing

Debug output showing behaviour:

ansible_loop_var: item
diff:
   after:
     comments: Ansible Managed
     name: azure-prepend-rm
     rule:
     - action: deny
       id: 2
       match-as-path: azr-path
   before:
     comments: Ansible Managed
     name: azure-prepend-rm
     q_origin_key: azure-prepend-rm
     rule:
     - action: deny
       id: 2
       match-as-path: azr-path

      -----------
       **match-community: ''
       match-community-exact: disable
       match-extcommunity: ''
       match-extcommunity-exact: disable
       match-flags: 0
       match-interface: ''
       match-ip-address: ''
       match-ip-nexthop: ''
       match-ip6-address: ''**
       ....
      -----------

the items between ----------- are all default values that are not actually set.

MaxxLiu22 commented 1 week ago

Hi @dancarltonigt ,

Thank you for raising this issue. We are aware of a known issue with the diff check function when handling list-of-dict-type arguments. However, I did not observe the specific issue you mentioned about it always grabbing the full route-map config with defaults. Could you confirm if you are using the --check and --diff functions?

In my testing, when I modify an argument, it only reflects the intended change. Could you please provide more details or clarify your observations?

root@liang:~/ansible/fgt/github#355# ansible-playbook -i hosts fortios_router_route_map.yml --check --diff

PLAY [fortigates] *********************************************************************************************

TASK [Configure Router Route Maps] ****************************************************************************
--- before
+++ after
@@ -4,7 +4,7 @@
         {
             "action": "deny",
             "id": 2,
-            "match-as-path": "azr-path"
+            "match-as-path": "azr-path2"
         }
     ]
 }

changed: [fortigate03]

PLAY RECAP ****************************************************************************************************
fortigate03                : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Thanks, Maxx