FTD_Configuration improper import

[Cisconate]

SUMMARY

FTD_Configuration appears to have incorrect/naked imports somewhere. It is importing the native fdm_swagger_client.py from the native directory instead of using the community.networks fdm_swagger_client.py Using Native community.network with FDM 6.6 fails configuration Using Galaxy community.network with FDM 6.6 fails configuration Implementing the fix from FTDAnsible manually to galaxy's version fdm_swagger_client.py fails, due to this bug.

ISSUE TYPE

• Bug Report

COMPONENT NAME

FTD_configuration

ANSIBLE VERSION

ansible 2.9.19
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Aug 18 2020, 08:33:21) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]

CONFIGURATION

OS / ENVIRONMENT

uanme-a = Linux localhost.localdomain 4.18.0-240.8.1.el8_3.x86_64 #1 SMP Fri Dec 4 12:24:03 EST 2020 x86_64 x86_64 x86_64 GNU/Linux

Ansible 2.9 native community.networks Galaxy community.networks

STEPS TO REPRODUCE

install galaxy community.networks, delete (or modify) galaxy fdm_swagger_client.py. Execute any playbook that requires data validation through fdm_swagger_client.py such as the below against Firepower Device Manager (FDM) 6.6+

---
- hosts: all
  connection: httpapi

  tasks:
  - name: Add FDM Network
    community.network.ftd_configuration:
      operation: addNetworkObject
      data:
        name: CiscoFtdNetwork2
        subType: HOST
        value: 192.168.194.59
        type: networkobject
        dnsResolution: IPV4_AND_IPV6

EXPECTED RESULTS

Expect successful object additions.

ACTUAL RESULTS

Fails due to invalid data: 'type'. When fix is applied to galaxy fdm_swagger_client.py still fails due to native import. The current release in Native does not account for Spec change from FDM 6.6+. Nor does the galaxy release. Implementing the fix to the Galaxy fdm_swagger_client.py does not work either due to this bug.

ansible-playbook 2.9.19
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 3.6.8 (default, Aug 18 2020, 08:33:21) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
Using /etc/ansible/ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3.6/site-packages/ansible/plugins/callback/default.py
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.

PLAYBOOK: test.yml ******************************************************************************************************************************************************************************************
Positional arguments: test.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/etc/ansible/hosts',)
forks: 5
1 plays in test.yml

PLAY [all] **************************************************************************************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************************************************************
task path: /etc/ansible/test.yml:2
<192.168.51.27> attempting to start connection
<192.168.51.27> using connection plugin httpapi
<192.168.51.27> local domain socket does not exist, starting it
<192.168.51.27> control socket path is /root/.ansible/pc/f6313a9942
<192.168.51.27> local domain socket listeners started successfully
<192.168.51.27> loaded API plugin ftd from path /usr/lib/python3.6/site-packages/ansible/plugins/httpapi/ftd.py for network_os ftd
<192.168.51.27>
<192.168.51.27> local domain socket path is /root/.ansible/pc/f6313a9942
<192.168.51.27> ESTABLISH LOCAL CONNECTION FOR USER: root
<192.168.51.27> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-15302np15f3nt `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262000.3261063-15309-111551892138797 `" && echo ansible-tmp-1616262000.3261063-15309-111551892138797="` echo /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262000.3261063-15309-111551892138797 `" ) && sleep 0'
<192.168.51.27> Attempting python interpreter discovery
<192.168.51.27> EXEC /bin/sh -c 'echo PLATFORM; uname; echo FOUND; command -v '"'"'/usr/bin/python'"'"'; command -v '"'"'python3.7'"'"'; command -v '"'"'python3.6'"'"'; command -v '"'"'python3.5'"'"'; command -v '"'"'python2.7'"'"'; command -v '"'"'python2.6'"'"'; command -v '"'"'/usr/libexec/platform-python'"'"'; command -v '"'"'/usr/bin/python3'"'"'; command -v '"'"'python'"'"'; echo ENDFOUND && sleep 0'
<192.168.51.27> EXEC /bin/sh -c '/usr/libexec/platform-python && sleep 0'
Using module file /usr/lib/python3.6/site-packages/ansible/modules/system/setup.py
<192.168.51.27> PUT /root/.ansible/tmp/ansible-local-15302np15f3nt/tmpy103oyhl TO /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262000.3261063-15309-111551892138797/AnsiballZ_setup.py
<192.168.51.27> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262000.3261063-15309-111551892138797/ /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262000.3261063-15309-111551892138797/AnsiballZ_setup.py && sleep 0'
<192.168.51.27> EXEC /bin/sh -c '/usr/libexec/platform-python /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262000.3261063-15309-111551892138797/AnsiballZ_setup.py && sleep 0'
<192.168.51.27> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262000.3261063-15309-111551892138797/ > /dev/null 2>&1 && sleep 0'
ok: [192.168.51.27]
META: ran handlers

TASK [Add FDM Network] **************************************************************************************************************************************************************************************
task path: /etc/ansible/test.yml:6
<192.168.51.27> attempting to start connection
<192.168.51.27> using connection plugin httpapi
<192.168.51.27> found existing local domain socket, using it!
<192.168.51.27> updating play_context for connection
<192.168.51.27>
<192.168.51.27> local domain socket path is /root/.ansible/pc/f6313a9942
<192.168.51.27> ESTABLISH LOCAL CONNECTION FOR USER: root
<192.168.51.27> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-local-15302np15f3nt `"&& mkdir "` echo /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262001.617236-15379-127692692746930 `" && echo ansible-tmp-1616262001.617236-15379-127692692746930="` echo /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262001.617236-15379-127692692746930 `" ) && sleep 0'
Using module file /usr/lib/python3.6/site-packages/ansible/modules/network/ftd/ftd_configuration.py
<192.168.51.27> PUT /root/.ansible/tmp/ansible-local-15302np15f3nt/tmpd_7w7e9l TO /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262001.617236-15379-127692692746930/AnsiballZ_ftd_configuration.py
<192.168.51.27> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262001.617236-15379-127692692746930/ /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262001.617236-15379-127692692746930/AnsiballZ_ftd_configuration.py && sleep 0'
<192.168.51.27> EXEC /bin/sh -c '/usr/libexec/platform-python /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262001.617236-15379-127692692746930/AnsiballZ_ftd_configuration.py && sleep 0'
<192.168.51.27> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-local-15302np15f3nt/ansible-tmp-1616262001.617236-15379-127692692746930/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
  File "/tmp/ansible_ftd_configuration_payload_rymqgyg_/ansible_ftd_configuration_payload.zip/ansible/modules/network/ftd/ftd_configuration.py", line 121, in main
  File "/tmp/ansible_ftd_configuration_payload_rymqgyg_/ansible_ftd_configuration_payload.zip/ansible/module_utils/network/ftd/configuration.py", line 227, in execute_operation
    return self.crud_operation(op_name, params)
  File "/tmp/ansible_ftd_configuration_payload_rymqgyg_/ansible_ftd_configuration_payload.zip/ansible/module_utils/network/ftd/configuration.py", line 245, in crud_operation
    resp = self.add_object(op_name, params)
  File "/tmp/ansible_ftd_configuration_payload_rymqgyg_/ansible_ftd_configuration_payload.zip/ansible/module_utils/network/ftd/configuration.py", line 296, in add_object
    return self.send_general_request(operation_name, params)
  File "/tmp/ansible_ftd_configuration_payload_rymqgyg_/ansible_ftd_configuration_payload.zip/ansible/module_utils/network/ftd/configuration.py", line 388, in send_general_request
    self.validate_params(operation_name, params)
  File "/tmp/ansible_ftd_configuration_payload_rymqgyg_/ansible_ftd_configuration_payload.zip/ansible/module_utils/network/ftd/configuration.py", line 430, in validate_params
    raise ValidationError(report)
fatal: [192.168.51.27]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "data": {
                "dnsResolution": "IPV4_AND_IPV6",
                "name": "CiscoFtdNetwork2",
                "subType": "HOST",
                "type": "networkobject",
                "value": "192.168.194.59"
            },
            "filters": null,
            "operation": "addNetworkObject",
            "path_params": null,
            "query_params": null,
            "register_as": null
        }
    },
    "msg": {
        "Invalid data provided": "'type'"
    }
}

PLAY RECAP **************************************************************************************************************************************************************************************************
192.168.51.27              : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

[Cisconate]

Ok it doesn't look like a naked import based on the tmp directory that is generated.... so my only assumption is that the tmp directory fdm_swagger_client.py must be copied from the native directory.......

[ansibullbot]

cc @annikulin click here for bot help

[gregorydulin]

It looks to me like FTDAnsible's ftd_configuration.py prefers the fdm_swagger_client from Ansible over it's own native fdm_swagger_client.

https://github.com/CiscoDevNet/FTDAnsible/blob/v0.3.1/library/ftd_configuration.py#L101-L106

In Ansible 3.0, I was able to work around this issue by copying FDMAnsible's fdm_swagger_client.py over the one in community.network.fdm.

#!/usr/bin/env bash

$ansible_venv="/usr/local/share/ansible-venv"
$ftdansible="/usr/local/share/FTDAnsible"

cp \
  "${ftdansible}/module_utils/fdm_swagger_client.py" \
  "${ansible_venv}"/lib/python3.6/site-packages/ansible_collections/community/network/plugins/module_utils/network/ftd/fdm_swagger_client.py"

This isn't a great long-term solution; just posting it in the hopes it'll help someone bridge the gap until a better solution in place.

I think the ideal solution would be for Cisco to turn their FTDAnsible repo into a collection, so we can install it with Ansible Galaxy, and use it with something like cisco.ftd_configuration if community.network.ftd_configuration isn't working for us.

[gregorydulin]

P.S. In fdm_swagger_client.py, I also had to replace

from ansible.module_utils.network.ftd.common import HTTPMethod

with

from ansible_collections.community.network.plugins.module_utils.network.ftd.common import HTTPMethod

[ansibullbot]

@Cisconate: Greetings! Thanks for taking the time to open this issue. In order for the community to handle your issue effectively, we need a bit more information.

Here are the items we could not find in your description:

• ansible version

Please set the description of this issue with an appropriate template from: https://github.com/ansible/ansible/tree/devel/.github/ISSUE_TEMPLATE

click here for bot help

[ansibullbot]

@Cisconate This issue is waiting for you to provide the requested data in the description. Please edit the description or the issue will be closed.

click here for bot help