panos_security_rule - not a valid reference
stefano-di-chio opened this issue · 5 comments
Describe the bug
using the module panos_security_rule. failed to apply config to attribute antivirus.
Expected behavior
update existing security rule in panorama using data saved in a variable list.
MSG:
Failed apply: Poly Lens VC devices -> profile-setting -> profiles -> virus '['Global Antivirus Profile']' is not a valid reference
Poly Lens VC devices -> profile-setting -> profiles -> virus is invalid
Current behavior
TASK [3.2.3 - edit rules source list] **********************************************************************************************************************************************************
Friday 15 September 2023 14:54:01 +0100 (0:00:00.035) 0:08:44.305 ******
fatal: [brlfwm03]: FAILED! => {
"changed": false
}
MSG:
Possible solution
no idea
Steps to reproduce
Context
trying to modify existing rule.
using this task:
- name: 3.2.3 - edit rules source list
paloaltonetworks.panos.panos_security_rule:
provider: '{{ device }}'
device_group: '{{ devgroups_outer_item }}'
rulebase: 'post-rulebase'
commit: false
action: '{{ sec_outer_item.action }}'
antivirus: '{{ sec_outer_item.antivirus | default(omit, true) }}'
application: '{{ sec_outer_item.application | default(omit, true) }}'
category: '{{ sec_outer_item.category | default(omit, true) }}'
data_filtering: '{{ sec_outer_item.data_filtering | default(omit, true) }}'
description: '{{ sec_outer_item.description | default(omit, true) }}'
destination_ip: '{{ sec_outer_item.destination_ip | default(omit, true) }}'
destination_zone: '{{ sec_outer_item.destination_zone | default(omit, true) }}'
disable_server_response_inspection: '{{ sec_outer_item.disable_server_response_inspection | default(omit, true) }}'
disabled: '{{ sec_outer_item.disabled | default(omit, true) }}'
file_blocking: '{{ sec_outer_item.file_blocking | default(omit, true) }}'
group_profile: '{{ sec_outer_item.group_profile | default(omit, true) }}'
group_tag: '{{ sec_outer_item.group_tag | default(omit, true) }}'
hip_profiles: '{{ sec_outer_item.hip_profiles | default(omit, true) }}'
icmp_unreachable: '{{ sec_outer_item.icmp_unreachable | default(omit, true) }}'
log_end: '{{ sec_outer_item.log_end | default(omit, true) }}'
log_setting: '{{ sec_outer_item.log_setting | default(omit, true) }}'
log_start: '{{ sec_outer_item.log_start | default(omit, true) }}'
negate_destination: '{{ sec_outer_item.negate_destination | default(omit, true) }}'
negate_source: '{{ sec_outer_item.negate_source | default(omit, true) }}'
negate_target: '{{ sec_outer_item.negate_target | default(omit, true) }}'
rule_name: '{{ sec_outer_item.rule_name | default(omit, true) }}'
rule_type: '{{ sec_outer_item.rule_type | default(omit, true) }}'
schedule: '{{ sec_outer_item.schedule | default(omit, true) }}'
service: '{{ sec_outer_item.service | default(omit, true) }}'
source_ip: '{{ sec_outer_item.source_ip | difference([rmname,rmname|upper,rmname|lower]) }}'
source_user: '{{ sec_outer_item.source_user | default(omit, true) }}'
source_zone: '{{ sec_outer_item.source_zone | default(omit, true) }}'
spyware: '{{ sec_outer_item.spyware | default(omit, true) }}'
tag_name: '{{ sec_outer_item.tag_name | default(omit, true) }}'
target: '{{ sec_outer_item.target | default(omit, true) }}'
uuid: '{{ sec_outer_item.uuid | default(omit, true) }}'
vulnerability: '{{ sec_outer_item.vulnerability | default(omit, true) }}'
wildfire_analysis: '{{ sec_outer_item.wildfire_analysis | default(omit, true) }}'
when:- sec_outer_item.source_ip|length > 1
- rmname in sec_outer_item.source_ip or
rmname|upper in sec_outer_item.source_ip or
rmname|lower in sec_outer_item.source_ip
Your Environment
- Python: 3.8.13
- Ansible: core 2.12.1
- PAN-OS Python Library & version : panos 10.1.6
🎉 Thanks for opening your first issue here! Welcome to the community!
Hi @stefano-di-chio, apologies, I was not accurate on the workaround. Try antivirus: '{{ sec_outer_item.antivirus[0] | default(omit, true) }}'
instead of antivirus: '{{ sec_outer_item.antivirus | default(omit, true) }}'
Please reopen this issue if problems persist