error with gathered_filter parameter in module

Question

error with gathered_filter parameter in module

jonchen8 opened this issue a year ago · 8 comments

Describe the bug

Getting a module failure using an option from "Operators - No Value" in gathered_filter parameter of a module.
The module in question is the nat_rule2 module.

Expected behavior

when setting state: 'gathered' and gathered_filter: 'destination_addresses is-not-none' (this also applies to the operator is-none)
I should be able to query all my nat policies that does not have its destination_addresses attribute as none.
This also applies to the other attributes of a nat policy

Current behavior

I am currently getting failures stating Improperly formatted logic string

Possible solution

Not for certain on this, but it appears it's not attempting the try operation as the exception is using the error message as it is appearing err_msg = "Improperly formatted logic string"

Steps to reproduce

ensure there are nat policies on the palo alto panorma with none in any of the address fields (and have a nat policy with the address field populated)
set up the following tasks in a playbook
panos_provider is a dictionary that contains the panorama host, username, and password
palo_device_group is a string to points to a particular device group on the panorama

    - name: 'Query panos nat policies'
      paloaltonetworks.panos.panos_nat_rule2:
        provider: "{{ panos_provider }}"
        device_group: "{{ palo_device_group }}"
        state: 'gathered'
        gathered_filter: 'destination_addresses is-not-none'
      register: _register_output

    - name: 'debug register'
      debug:
        msg: "{{ _register_output }}"

run the playbook
the first task would fail stating The error was: Exception: Improperly formatted logic string

Screenshots

using the is-none operator

using the is-not-none operator

Context

this is preventing us to validate our policies by filtering the ones that do not apply for our validation

Your Environment

Collection: paloaltonetworks.panos 2.17.2
Python: 3.8
Ansible: 2.9.27
PAN-OS Python Library & version (e.g. pandevice 0.14.0, pan-os-python 1.0.2): pan-os-python 1.11.0, pandevice 0.14.0

Answer 1 · 2023-07-26T18:06:54.000Z

🎉 Thanks for opening your first issue here! Welcome to the community!

Answer 2 · 2023-09-07T14:32:29.000Z

Hi @jonchen8, can you clarify the use case maybe? With NAT rules, there isn't really a None for the destination address field. This field is a list of strings, that is equal to either ["any"], or, if there are one or more objects selected for destination address, it will equal the list of those objects, such as ["object1", "object2"].

Therefore instead of doing gathered_filter: 'destination_addresses is-none' would you want gathered_filter: "destination_addresses contains any"?

Answer 3 · 2023-09-08T13:44:18.000Z

Hi @jonchen8, can you clarify the use case maybe? With NAT rules, there isn't really a None for the destination address field. This field is a list of strings, that is equal to either ["any"], or, if there are one or more objects selected for destination address, it will equal the list of those objects, such as ["object1", "object2"].

Therefore instead of doing gathered_filter: 'destination_addresses is-none' would you want gathered_filter: "destination_addresses contains any"?

Hi @jamesholland-uk - i can try to clarify the best i can. so that was probably a bad example, but even if there isn't a None for the destination field, shouldn't the filter still function as it states? returning results that are not actually None.

from the documentation here
is-not-none: True if the field is not python None
in a matter of opinion, the description sounds like the logic should be if value != None or something similar to that degree and if ["any"] != None should in theory return True

but overall, i believe the error (or bug) would still persist regardless with attributes that would have None in the field, such as the Source Translation or Destination Translation

the result below in the 1st screenshot is using gathered_filter: '*' to see what the return values are from the attributes
the 2nd screenshot shows a policy on the panorama with None in the field for Destination Translation.

below this is a screenshot of when trying to use gathered_filter: 'destination_translated_address is-not-none' and that results in the same error - from the above screenshots, we see there is a None value for that field.

hopefully this helps and had clarified the case - thank you!

Answer 4 · 2023-09-12T10:26:08.000Z

Understood, thanks for explaining @jonchen8. We'll take a look further into fixing this

Answer 5 · 2023-09-14T10:10:55.000Z

Can you test with the new version 2.17.6 just released please? Thanks

Answer 6 · 2023-09-15T15:47:17.000Z

Can you test with the new version 2.17.6 just released please? Thanks

yes, i will test this as soon as i can

Answer 7 · 2023-09-21T20:00:59.000Z

Can you test with the new version 2.17.6 just released please? Thanks

yes, i will test this as soon as i can

@jamesholland-uk

it appears the new version has addressed the issue, thank you so much!

Answer 8 · 2023-09-21T20:06:36.000Z

Excellent, thanks for confirming :)