search

puzzle / puzzle.opnsense

An Ansible Collection to configure an opnsense Firewall
https://puzzle.github.io/puzzle.opnsense/collections/puzzle/opnsense/index.html
GNU General Public License v3.0
19 stars 11 forks source link

Advanced options in firewall rules cause module to error out. #138

Open chris-sanders opened 2 weeks ago

chris-sanders commented 2 weeks ago

Describe the bug When using a firewall rule that use the advanced option "reply-to" the firewall module fails to parse existing rules and errors. Here is an example of the error:

"module_stdout": "Traceback (most recent call last):
  File \"/home/automation/.ansible/tmp/ansible-tmp-1720300045.0875905-92156-33209829035841/AnsiballZ_firewall_rules.py\", line 107, in <module>
    _ansiballz_main()
  File \"/home/automation/.ansible/tmp/ansible-tmp-1720300045.0875905-92156-33209829035841/AnsiballZ_firewall_rules.py\", line 99, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File \"/home/automation/.ansible/tmp/ansible-tmp-1720300045.0875905-92156-33209829035841/AnsiballZ_firewall_rules.py\", line 47, in invoke_module
    runpy.run_module(mod_name='ansible_collections.puzzle.opnsense.plugins.modules.firewall_rules', init_globals=dict(_module_fqn='ansible_collections.puzzle.opnsense.plugins.modules.firewall_rules', _modlib_path=modlib_path),
  File \"<frozen runpy>\", line 226, in run_module
  File \"<frozen runpy>\", line 98, in _run_module_code
  File \"<frozen runpy>\", line 88, in _run_code
  File \"/tmp/ansible_puzzle.opnsense.firewall_rules_payload_2z1lsdbu/ansible_puzzle.opnsense.firewall_rules_payload.zip/ansible_collections/puzzle/opnsense/plugins/modules/firewall_rules.py\", line 448, in <module>
  File \"/tmp/ansible_puzzle.opnsense.firewall_rules_payload_2z1lsdbu/ansible_puzzle.opnsense.firewall_rules_payload.zip/ansible_collections/puzzle/opnsense/plugins/modules/firewall_rules.py\", line 423, in main
  File \"/tmp/ansible_puzzle.opnsense.firewall_rules_payload_2z1lsdbu/ansible_puzzle.opnsense.firewall_rules_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_rules_utils.py\", line 537, in __init__
  File \"/tmp/ansible_puzzle.opnsense.firewall_rules_payload_2z1lsdbu/ansible_puzzle.opnsense.firewall_rules_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_rules_utils.py\", line 543, in _load_rules
  File \"/tmp/ansible_puzzle.opnsense.firewall_rules_payload_2z1lsdbu/ansible_puzzle.opnsense.firewall_rules_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_rules_utils.py\", line 543, in <listcomp>
  File \"/tmp/ansible_puzzle.opnsense.firewall_rules_payload_2z1lsdbu/ansible_puzzle.opnsense.firewall_rules_payload.zip/ansible_collections/puzzle/opnsense/plugins/module_utils/firewall_rules_utils.py\", line 505, in from_xml
TypeError: FirewallRule.__init__() got an unexpected keyword argument 'disablereplyto'
",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1

To Reproduce Steps to reproduce the behavior:

  1. Add a Firewall rule manually and under advanced settings set "reply-to" to "disable"
  2. Run the module and try to add any new rule

Expected behavior Unexpected fields should maybe just be a warning and proceed if they aren't yet supported. Ideally, all of the advanced fields would be added as known fields.

Desktop (please complete the following information):

Additional context I set reply-to back to default and was able to successfully run the module and add my new rule.

KiLLuuuhh commented 2 weeks ago

Hello @chris-sanders,

Thank you for taking the time to contribute to this project.

You're absolutely right about this.

We've already investigated the issue and have a few suspicions about the cause: It seems that FirewallRule does not take any arguments other than those defined in the class into account and needs to handle extra_attributes as seen in other modules: https://github.com/puzzle/puzzle.opnsense/issues/111.

We will fix this in the next release.