address_prefix in panos_bgp_policy_rule don't support default empty value
nguyh opened this issue · 1 comments
Describe the issue
panos_bgp_policy_rule address_prefix don't support blank value. I have a list of export rules and some of them don't required address_prefix statement and the execution fail because it expect as dict value defined . Since I just to define a task that can execute all variant to export/import bgp list
Since I use a with_items statement, I have try to supply a default empty value like this:
address_prefix: "{{ item.prefix_list | default([{}]) "
or
address_prefix: "{{ item.prefix_list | default([{'name':None}]) }}"
But none of these attempts works
Expected behavior
The function should skip the execution address_prefix statement when there no address defined or empty address or provide ways to define null value.
Current behavior
address_prefix expects a defined dict valid ip address and don't support empty dict which resulting to error.
"msg": "Address prefix dict requires "name": {}"
or
"msg": "Failed apply: rule-10 -> match -> address-prefix -> None None is an invalid ipv4/v6 address\n rule-10 -> match -> address-prefix is invalid"
Possible solution
address_prefix statement function should skip the execution when the dict is empty or not defined
Steps to reproduce
Vars file
export_rules:
- rule_name: 'rule-9'
used_by:
- '{{ peer_grp_1 }}'
prefix_list:
- name: '192.168.1.0/26'
exact: true
- name: '192.168.1.64/26'
exact: true
action_community_type: 'append'
action_community_argument: '100:10'
- rule_name: 'rule-10'
used_by:
- '{{ peer_grp_2 }}'
match_community_regex: '100:10$|20$'
Playbook snippet
- name: Create Policy Export Rules
panos_bgp_policy_rule:
provider: '{{ device }}'
vr_name: '{{ vr_name }}'
name: '{{ item.rule_name }}'
type: 'export'
enable: true
action: "{{ item.action | default('allow') }}"
address_prefix: "{{ item.prefix_list | default([{'name':None}]) }}"
used_by: '{{ item.used_by }}'
with_items: '{{ export_rules }}'
Screenshots
...
"address_prefix": [
{
"name": null
}
],
...
"msg": "Failed apply: rule-10 -> match -> address-prefix -> None None is an invalid ipv4/v6 address\n rule-10 -> match -> address-prefix is invalid"
Possible Workaround
1- Run fisrt parse task without the address_prefix statement
2- Run a second conditional task that use adddress_prefix statement and write address rule that has address prefix defined .
If there is another way to do this in ansible to use addresss_prefix statement conditionally into one single task.
Context
Cannot use ansible to push bgp export or import rules when rule don't contain prefix but just community
Your Environment
- Collection: 2.9.0
- Python: 3.9.1
- Ansible: 2.10.14
- pan-os-python = "^1.5.1"
- pandevice = "^0.14.0"
- pan-python = "^0.16.0"
After analyzing the source code, if I define default as empty list that seem to work, see below.
address_prefix: '{{ item.prefix_list | default([]) }}'