pan-os-ansible
pan-os-ansible copied to clipboard
PaloAltoNetworks
panos_loadcfg does not accept provider dict
Describe the bug
panos_loadcfg currently only accepts ip_address, password and username parameters directly instead of the provider parameter used in most other modules.
As far as I can tell this is just a regular XML API call and should therefore support the provider configuration just fine, which would enable the user to provide an API key to the module instead of passing username and password.
Expected behavior
provider dict should be accepted like it is in most other modules, such as panos_type_cmd.
Current behavior
fatal: [host]: FAILED! => {"changed": false, "msg": "missing required arguments: ip_address, password"}
Possible solution
Implement support for the provider dict as alternative to username and password.
Steps to reproduce
- name: "load new config as candidate config"
paloaltonetworks.panos.panos_loadcfg:
provider: "{{ provider }}"
file: "{{ pa_xml_staging_filename }}"
commit: false
-
ansible-playbook playbook.yml
Context
I was trying to authenticate using just an API key instead of having to pass username + password to the module. This currently forces me from using just the API key for authentication.
Your Environment
- Collection: 2.7.0
- Python: 3.9
- Ansible: 2.11.0
- PAN-OS Python Library & version (e.g. pandevice 0.14.0, pan-os-python 1.0.2): pan-os-python 1.2.0
Is there any plan to update this? This module seems to be very old and unmaintained. Currently it's unsusable in environments where you are working with API keys instead of username/passwords or use specific ports.
Workaround:
Use the paloaltonetworks.panos.panos_op module.
Feed the config_file variable with the desired filename, and use this task:
- name: Load Config File
paloaltonetworks.panos.panos_op:
provider: '{{ provider }}'
cmd: <load><config><from>{{ config_file }}</from></config></load>
cmd_is_xml: true