search

nautobot / nautobot-ansible

Ansible Collection for managing Nautobot Data
https://nautobot-ansible.readthedocs.io/en/latest/
GNU General Public License v3.0
44 stars 31 forks source link

Plugin module unable to alter firewall application groups after creation #244

Open gneville-ot opened 1 year ago

gneville-ot commented 1 year ago
ISSUE TYPE
SOFTWARE VERSIONS
pynautobot

1.5.0

Ansible:

2.12.3

Nautobot:

1.5.20

Collection:

4.5.0

SUMMARY

After creating a firewall application group it is unable to make any changes to the application objects attached afterwards.

STEPS TO REPRODUCE

Create 2 application objects and obtain the UUIDs.

Use the plugin module to create a new application object group of which one of the application objects is a member, this step works and the application group is created, subsequent runs of the exact same task work and no updates are performed as expected.

- name: "SETUP FIREWALL APPLICATION OBJECT GROUP"
  networktocode.nautobot.plugin:
    url: "{{ nb_url }}"
    token: "{{ nb_token }}"
    validate_certs: "{{ nb_validate_certs }}"
    api_version: "{{ nb_api_version }}"
    plugin: "firewall"
    endpoint: "application-object-group"
    identifiers:
      name: "MY_APPLICATION_GROUP"
    attrs:
      description: "My Application Group"
      application_objects:
       - 43de24dd-4358-403f-a26e-253659ad2e48
      status: "active"
    state: "present"

Attempt to add or remove application objects from the group and it will error. For example here a new application object is being added:

- name: "SETUP FIREWALL APPLICATION OBJECT GROUP"
  networktocode.nautobot.plugin:
    url: "{{ nb_url }}"
    token: "{{ nb_token }}"
    validate_certs: "{{ nb_validate_certs }}"
    api_version: "{{ nb_api_version }}"
    plugin: "firewall"
    endpoint: "application-object-group"
    identifiers:
      name: "MY_APPLICATION_GROUP"
    attrs:
      description: "My Application Group"
      application_objects:
       - 43de24dd-4358-403f-a26e-253659ad2e48
       - 34bf520f-a171-4647-8298-59ac264023b9
      status: "active"
    state: "present"
EXPECTED RESULTS

The firewall application group can be updated to add or remove application objects as needed

ACTUAL RESULTS

Error returned.

For some odd reason a query is performed towards the 'application-object' endpoint but using the UUID of the application group, which is why it isn't found.

    pynautobot.core.query.RequestError: The requested url: https://<fqdn>/api/plugins/firewall/application-object/573eb9e5-68bb-4306-a469-d0d25290f891/ could not be found.

The same doesn't happen for 'address groups'.

pszulczewski commented 11 months ago

This is an issue in firewall plugin. It has invalid url field in application-object-group. Issue created. https://github.com/nautobot/nautobot-plugin-firewall-models/issues/181