f5-ansible icon indicating copy to clipboard operation
f5-ansible copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

bigip_device_info returns incomplete data for ltm policy conditions that reference datagroups

Open tehsuk opened this issue 4 years ago • 2 comments

ISSUE TYPE
  • Bug Report
COMPONENT NAME

bigip_device_info

ANSIBLE VERSION
ansible 2.9.9
  config file = None
  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/user/.pyenv/versions/3.6.10/envs/ansible/lib/python3.6/site-packages/ansible
  executable location = /home/user/.pyenv/versions/ansible/bin/ansible
  python version = 3.6.10 (default, Jun 17 2020, 13:17:08) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
PYTHON VERSION
Python 3.6.10
BIGIP VERSION
14.1.2.7
CONFIGURATION

no changes from default

OS / ENVIRONMENT

CentOS

SUMMARY

bigip_device_info tasks with subset of ltm_policies do not return all properties of rule conditions that reference datagroups

STEPS TO REPRODUCE

create a policy containing a rule that has a condition referencing a datagroup. example:

modify ltm policy Drafts/policy_using_datagroup rules add { 
	test_datagroup { 
		actions add { 
			0 { 
				shutdown 
				connection 
			} 
		} 
		conditions add { 
			0 { 
				http-uri 
				path 
				starts-with 
				values { /uri-path } 
			} 
			1 { 
				tcp 
				address 
				not 
				matches 
				datagroup 
				policy_using_datagroup
			} 
		} 
	} 
}

register a variable for the ltm_policies device info subset & display its output

- name: Get existing policies
  bigip_device_info:
    gather_subset:
      - ltm_policies
    provider: "{{ provider }}"
  register: policies

- name: Show existing policies
  debug:
    msg: "{{ policies['results'][0]['ltm_policies'] }}"

the output of the above debug task will show the following for the condition of the policy rule:

"conditions": [
                            {
                                "case_insensitive": "yes",
                                "http_uri": "yes",
                                "request": "yes",
                                "values": [
                                    "/uri-path"
                                ]
                            },
                            {
                                "case_insensitive": "yes",
                                "request": "yes"
                            }
                        ],
EXPECTED RESULTS

the 2nd condition shown above should include more properties.

When I look at the output in the rest ui, i see the following additional properties (datagroup, matches, tcp, etc)

ACTUAL RESULTS

see above.

{
                                "case_insensitive": "yes",
                                "request": "yes"
                            }

tehsuk avatar Oct 06 '20 20:10 tehsuk

Tracking via FMFA-635

focrensh avatar Oct 07 '20 15:10 focrensh

Hello, there is same the kind of issue with Ansible 2.10.7 and collection f5networks.f5_modules 1.13.0. Some info are missing from policy rules actions.

Would it be possible to add forward and pool keys in policies rules actions ? In bigip_device_info.py, adding these 2 lines at lines 12599 and 12600 seems to do the job:

tmp['forward'] = action.pop('forward', None)
tmp['pool'] = action.pop('pool', None

And, by the way, can you tell me what is FMFA-635 refrence in focrensh's message above ? Is it an internal private ticket or a public one ?

Thanks !

pierre-claranet avatar Dec 30 '21 09:12 pierre-claranet

Hi, please try upgrading to the latest version, it should work. If not, please reach out, thanks!

KrithikaChidambaram avatar Dec 08 '22 18:12 KrithikaChidambaram