error with gathered_filter parameter in module
jonchen8 opened this issue · 8 comments
Describe the bug
Getting a module failure using an option from "Operators - No Value" in gathered_filter parameter of a module.
The module in question is the nat_rule2 module.
Expected behavior
when setting state: 'gathered'
and gathered_filter: 'destination_addresses is-not-none'
(this also applies to the operator is-none
)
I should be able to query all my nat policies that does not have its destination_addresses
attribute as none.
This also applies to the other attributes of a nat policy
Current behavior
I am currently getting failures stating Improperly formatted logic string
Possible solution
Not for certain on this, but it appears it's not attempting the try operation as the exception is using the error message as it is appearing err_msg = "Improperly formatted logic string"
Steps to reproduce
-
ensure there are nat policies on the palo alto panorma with
none
in any of the address fields (and have a nat policy with the address field populated) -
set up the following tasks in a playbook
panos_provider is a dictionary that contains the panorama host, username, and password
palo_device_group is a string to points to a particular device group on the panorama
- name: 'Query panos nat policies'
paloaltonetworks.panos.panos_nat_rule2:
provider: "{{ panos_provider }}"
device_group: "{{ palo_device_group }}"
state: 'gathered'
gathered_filter: 'destination_addresses is-not-none'
register: _register_output
- name: 'debug register'
debug:
msg: "{{ _register_output }}"
-
run the playbook
-
the first task would fail stating
The error was: Exception: Improperly formatted logic string
Screenshots
using the is-not-none operator
Context
this is preventing us to validate our policies by filtering the ones that do not apply for our validation
Your Environment
- Collection: paloaltonetworks.panos 2.17.2
- Python: 3.8
- Ansible: 2.9.27
- PAN-OS Python Library & version (e.g. pandevice 0.14.0, pan-os-python 1.0.2): pan-os-python 1.11.0, pandevice 0.14.0
🎉 Thanks for opening your first issue here! Welcome to the community!
Hi @jonchen8, can you clarify the use case maybe? With NAT rules, there isn't really a None
for the destination address field. This field is a list of strings, that is equal to either ["any"]
, or, if there are one or more objects selected for destination address, it will equal the list of those objects, such as ["object1", "object2"]
.
Therefore instead of doing gathered_filter: 'destination_addresses is-none'
would you want gathered_filter: "destination_addresses contains any"
?
Hi @jonchen8, can you clarify the use case maybe? With NAT rules, there isn't really a
None
for the destination address field. This field is a list of strings, that is equal to either["any"]
, or, if there are one or more objects selected for destination address, it will equal the list of those objects, such as["object1", "object2"]
.Therefore instead of doing
gathered_filter: 'destination_addresses is-none'
would you wantgathered_filter: "destination_addresses contains any"
?
Hi @jamesholland-uk - i can try to clarify the best i can. so that was probably a bad example, but even if there isn't a None
for the destination field, shouldn't the filter still function as it states? returning results that are not actually None
.
from the documentation here
is-not-none: True if the field is not python None
in a matter of opinion, the description sounds like the logic should be if value != None
or something similar to that degree and if ["any"] != None
should in theory return True
but overall, i believe the error (or bug) would still persist regardless with attributes that would have None
in the field, such as the Source Translation
or Destination Translation
the result below in the 1st screenshot is using gathered_filter: '*'
to see what the return values are from the attributes
the 2nd screenshot shows a policy on the panorama with None
in the field for Destination Translation
.
below this is a screenshot of when trying to use gathered_filter: 'destination_translated_address is-not-none'
and that results in the same error - from the above screenshots, we see there is a None
value for that field.
hopefully this helps and had clarified the case - thank you!
Understood, thanks for explaining @jonchen8. We'll take a look further into fixing this
Can you test with the new version 2.17.6 just released please? Thanks
Can you test with the new version 2.17.6 just released please? Thanks
yes, i will test this as soon as i can
Excellent, thanks for confirming :)