Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when using "request certificate show certificate-name" command with panos_op module #577

Open
maugli13 opened this issue Aug 15, 2024 · 0 comments
Open

Error when using "request certificate show certificate-name" command with panos_op module #577

maugli13 opened this issue Aug 15, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@maugli13
Copy link

maugli13 commented Aug 15, 2024
edited
Loading

Describe the bug

We're trying to get an uploaded certificate on the Palo Alto device using the panos_op module since there is no other specific module for this.
CLI command as well as XML-API has proper command for this:

CLI: admin@lgb-pafw01-1(active)> request certificate show certificate-name RootCA2023
XML: <request><certificate><show><certificate-name>RootCA2023</certificate-name></show></certificate></request>

Panos_op doesn't work any of those options

Expected behavior

Collect the output from the command given above using pano_op module

Current behavior

XML style command:

$ ansible-playbook  -i hosts.ini pafw11_facts.yaml -k --tags=catest --limit=lgb-pafw01-1-temp.int
SSH password: 

PLAY [Gather system info] ******************************************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************************************
ok: [lgb-pafw01-1-temp.int]

TASK [Show system info as XML command] *****************************************************************************************************************************************************************
fatal: [lgb-pafw01-1-temp.int]: FAILED! => {"changed": false, "msg": "Failed to run XML command : <request><certificate><show><certificate-name>RootCA2023</certificate-name></show></certificate></request> : Command succeeded with no output"}

PLAY RECAP *********************************************************************************************************************************************************************************************
lgb-pafw01-1-temp.int      : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

CLI style command:

$ ansible-playbook  -i hosts.ini pafw11_facts.yaml -k --tags=catest --limit=lgb-pafw01-1-temp.int
SSH password: 

PLAY [Gather system info] ******************************************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************************************
ok: [lgb-pafw01-1-temp.int]

TASK [Show system info as XML command] *****************************************************************************************************************************************************************
fatal: [lgb-pafw01-1-temp.int]: FAILED! => {"changed": false, "msg": "Failed to run command : request certificate show certificate-name \"RootCA2023\" : Command succeeded with no output"}

PLAY RECAP *********************************************************************************************************************************************************************************************
lgb-pafw01-1-temp.int      : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

Possible solution

I have noticed that CLI commands add unnecessary quotes.

Steps to reproduce

ansible core 2.15.12
paloaltonetworks.panos 2.20.0
panos: 11.1.2-h3 (PA-1410)
Preloaded certificate name RootCA2023

Play CLI version:

   - name: Show system info as XML command
      paloaltonetworks.panos.panos_op:
        provider: '{{ device }}'
        cmd: 'request certificate show certificate-name RootCA2023'
      register: cert
      tags: catest`

XML version:

   - name: Show system info as XML command
      paloaltonetworks.panos.panos_op:
        provider: '{{ device }}'
        cmd: '<request><certificate><show><certificate-name>RootCA2023</certificate-name></show></certificate></request>'
        cmd_is_xml: true
      register: cert
      tags: catest`

Screenshots

Context

Trying to verify if all firewalls has proper CA certificate upload within the other task

Your Environment

  • Collection: paloaltonetworks.panos 2.20.0
  • Python: 3.9.19
  • Ansible: 2.15.12
  • PAN-OS Python Library & version (e.g. pandevice 0.14.0, pan-os-python 1.0.2): pan-os-python 1.12.1, pan-python 0.17.0
@maugli13 maugli13 added the bug Something isn't working label Aug 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@maugli13