spotify/pyfg

pyFG does not handle "move" command under "config firewall policy" correctly?

Opened this issue · 0 comments

kkyick2 commented

Hello guys,

I recently tried to use pyFG to config Fortigate (5.4.x firmware). It is good for the "config" and "edit" cmd.
However, when I trying to use "move" cmd under "config firewall policy" to re-order a policy, It is found that the compare_config() method cannot return the changed config.
As a result the diff cannot be committed.

Below are the cmds that I would like to execute, to move the policy id 611 after id 999.
'move_policy.txt'

config firewall policy
move 611 after 999
end

This is the script that I modify from "https://github.com/spotify/pyfg/blob/master/examples/example5.py" to execute the above move_policy.txt to the 'vpn' vdom

#!/usr/bin/env python

# Gets router bgp config from the device, then do some changes to the BGP parameters, deletes a neighbor,
# creates a new one, modifies another and computes the difference
from pyFG import FortiOS
import logging

host = '1.1.1.1'
vdom = 'vpn'
cmdfile = 'move_policy.txt'
user = 'admin'
passwd = 'password'

if __name__ == '__main__':
    f = open(cmdfile, 'r')
    candidate = f.read()
    f.close()

    print "*** This is the candidate configs:"
    print candidate
    print "\n"

    d = FortiOS(hostname=host, vdom=vdom, username=user, password=passwd)
    d.open()
    d.load_config(config_text=candidate, in_candidate=True)

    print "*** This is the diff of the conigs: (compare_config(text=True))"
    print (d.compare_config(text=True))
    print "\n"

    print "*** This is how to reach the desired state: (compare_config())"
    config_changes = d.compare_config()
    print config_changes

    print "*** Result of applying the changes: (d.commit)"
    print d.commit(config_changes, force=True)

    d.close()

This is the output of the result,
the "move" cmd cannot be compared such that nothing can be committed.
The move 611 after 999 cmd cannot found in diff

*** This is the candidate configs:
config firewall policy
move 611 after 999
end


*** This is the diff of the configs: (compare_config(text=True))
+     config firewall policy
+     end


*** This is how to reach the desired state: (compare_config())

*** Result of applying the changes: (d.commit)
None

Process finished with exit code 0

Are are any suggestion to execute "move" command in firewall policy using PyFG?
thank you.