Issue of setting bgp append community in bgp export/import rule
nguyh opened this issue · 2 comments
Describe the bug
panos_bgp_policy_rule parameter action_community_type and action_community_argument is not working as intended.
Expected behavior
The community action should add to the bgp export or import rule.
Current behavior
I define the variable for action_community_type and action_community_argument and run the playbook and I got an rrror message saying that the community value need to be added which I did.
The expected behavior is the community type "append" and community argument "100:10" should be added to the BGP export rule .
Steps to reproduce
Variables:
export_rules:
- rule_name: 'rule-9'
used_by:
- '{{ peer_grp_1 }}'
prefix_list:
- name: '192.168.1.0/26'
exact: true
- name: '192.168.1.64/26'
exact: true
action_community_type: 'append'
action_community_argument: '100:10'
Playbook:
- name: Create Policy Export Rules
panos_bgp_policy_rule:
provider: '{{ device }}'
vr_name: '{{ vr_name }}'
name: '{{ item.rule_name }}'
type: 'export'
enable: true
action: "{{ item.action | default('allow') }}"
address_prefix: '{{ item.prefix_list }}'
action_community_type: "{{ item.action_community_type }}"
action_community_argument: "{{ item.action_community_argument }}"
used_by: '{{ item.used_by }}'
with_items: '{{ export_rules }}'
tags: bgp_export
Screenshots
Ansible playbook output
TASK [Create Policy Export Rules] ******
The full traceback is:
File "/tmp/ansible_panos_bgp_policy_rule_payload_tknsjnwr/ansible_panos_bgp_policy_rule_payload.zip/ansible_collections/paloaltonetworks/panos/plugins/module_utils/panos.py", line 486, in apply_state
obj.apply()
File "/home/user/proj/ansible-fw-auto/.venv/lib/python3.9/site-packages/panos/base.py", line 613, in apply
device.active().xapi.edit(
File "/home/user/proj/ansible-fw-auto/.venv/lib/python3.9/site-packages/panos/base.py", line 3682, in method
raise the_exception
failed: [testfw] (item={'rule_name': ' rule-9, 'used_by': ['BGP_GRP'], 'prefix_list': [{'name': '192.168.1.0/26', 'exact': True}, {'name': '192.168.1.64/26', 'exact': True}], 'action_community_type': 'append', 'action_community_argument': '100:10'}) => {
"ansible_loop_var": "item",
"changed": false,
"invocation": {
"module_args": {
"action": "allow",
...
"action_community_argument": "10:10",
"action_community_type": "append",
"action_dampening": null,
"action_extended_community_argument": null,
"action_extended_community_type": null,
"action_local_preference": null,
"action_med": null,
"action_nexthop": null,
"action_origin": null,
"action_weight": null,
"address_prefix": [
{
"exact": true,
"name": "192.168.1.0/26"
},
{
"exact": true,
"name": "192.168.1.64/26"
}
],
...
"msg": "Failed apply: rule-9 -> action -> allow -> update -> community -> append constraints failed : must also specify community value to be added\n rule-9 -> action -> allow -> update -> community -> append is invalid"
Context
Try automate the bgp and ipsec configuration using ansible
Your Environment
Collection: 2.9.0
Python: 3.9.1
Ansible: 2.10.14
pan-os-python = "^1.5.1"
pandevice = "^0.14.0"
pan-python = "^0.16.0"
Found similar issue found on PaloAltoNetworks/pan-os-python#231
Thank for the tips provide by @steve-krause , added vartype="member" on line 3587 and 3612. Test works. This bug is on panos-os-python and not no panos-os-ansible.
network: py
3578 params.append(
3579 VersionedParamPath(
3580 "action_community_argument",
3581 default=None,
3582 condition={
3583 "action": "allow",
3584 "action_community_type": ["remove-regex", "append", "overwrite"],
3585 },
3586 path="action/{action}/update/community/{action_community_type}",
3587 vartype="member",
3588 )
3589 )
...
3599 params.append(
3600 VersionedParamPath(
3601 "action_extended_community_argument",
3602 default=None,
3603 condition={
3604 "action": "allow",
3605 "action_extended_community_type": [
3606 "remove-regex",
3607 "append",
3608 "overwrite",
3609 ],
3610 },
3611 path="action/{action}/update/extended-community/{action_extended_community_type}",
3612 vartype="member",
3613 )