Closed baldy2811 closed 1 week ago
@jmpettit can you take a look?
@baldy2811 can you run this script on your actual/intended snippets (the ones attached to the issue show identical to me)
from xmldiff import main
intended = """
<response>
<result>
<config detail-version="10.2.10" version="10.2.0" urldb="paloaltonetworks">
<devices>
<entry name="localhost.localdomain">
<network>
<interface>
<loopback>
<units>
<entry name="loopback.103">
<adjust-tcp-mss>
<enable>no</enable>
</adjust-tcp-mss>
<ip>
<entry name="172.22.1.1/32"/>
</ip>
<interface-management-profile>PING-AND-SSH</interface-management-profile>
<comment>Loopback for test SEA</comment>
</entry>
</units>
</loopback>
</interface>
</network>
</entry>
</devices>
</config>
</result>
</response>
"""
actual = """
<response>
<result>
<config detail-version="10.2.10" version="10.2.0" urldb="paloaltonetworks">
<devices>
<entry name="localhost.localdomain">
<network>
<interface>
<loopback>
<units>
<entry name="loopback.103">
<adjust-tcp-mss>
<enable>no</enable>
</adjust-tcp-mss>
<ip>
<entry name="172.22.1.1/32"/>
</ip>
<interface-management-profile>PING-AND-SSH</interface-management-profile>
<comment>Loopback for test SEA</comment>
</entry>
</units>
</loopback>
</interface>
</network>
</entry>
</devices>
</config>
</result>
</response>
"""
diff_options = {
"F": 0.1,
"fast_match": True,
}
missing = main.diff_texts(actual, intended, diff_options=diff_options)
extra = main.diff_texts(intended, actual, diff_options=diff_options)
print(missing)
print(extra)
@jmpettit thats exactly the point. Its identical but it shows non-compliant. Which python version are you on?
@jmpettit thats exactly the point. Its identical but it shows non-compliant. Which python version are you on?
ok interesting, under the hood this is using xmldiff - I assumed my _normalize_diff
function was causing issues here.
I ran that script from nautobot-server shell_plus
Python 3.11.9 in my dev instance, I was looking to see if extra/missing had something in them in your case, which is what causes the non-compliant
status. I'll finish setting up my dev instance and test a bit further with your exact config snippets.
@jmpettit i run the script you posted above and got the following output:
$ python test.py
[]
[]
@jmpettit i run the script you posted above and got the following output:
$ python test.py [] []
Thanks, could you also show the detail view by hitting the "test" link in your Configuration Compliance view, example: https://demo.nautobot.com/plugins/golden-config/config-compliance/0455fb5b-27dd-4823-8e1b-55e2f046b241/?tab=main
we are wondering if this is related to #800
It still non-compliant
Met with @jmpettit we see where the challenges arise from. We spoke about an approach, will get back to you with some more formalized thoughts over the next few days.
@baldy2811 can you run this via the ORM (nautobot-server shell_plus
) and then run compliance against the device again, thanks!
obj = ConfigCompliance.objects.get(device__name="SDWAN-HUB-LAB-01")
obj.delete()
@jmpettit
>>> obj = ConfigCompliance.objects.get(device__name="SDWAN-HUB-LAB-01")
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/opt/nautobot/.local/lib/python3.11/site-packages/django/db/models/manager.py", line 87, in manager_method
return getattr(self.get_queryset(), name)(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/nautobot/.local/lib/python3.11/site-packages/django/db/models/query.py", line 640, in get
raise self.model.MultipleObjectsReturned(
nautobot_golden_config.models.ConfigCompliance.MultipleObjectsReturned: get() returned more than one ConfigCompliance -- it returned 3!
>>> obj.delete()
Traceback (most recent call last):
File "<console>", line 1, in <module>
NameError: name 'obj' is not defined
i did this on all docker nodes and get everywhere the same error.
Crazy,
after deleting and re-adding the rules it seems working:
~Should be fixed in 2.1.2, let me know if there are any other issues~ nvm
fixed in 2.1.2
Environment
I use XML Format for Palo Alto compliance Checks. Current Config and intended config are the same but is shows non-complaint
Steps to Reproduce
Intendend config:
Actual Config:
Status is: Status - Non-Compliant
I can check with every parameter within XPath and everything is non-compliant. We try to use it with Palo Alto backup XML files.