miaow2
Config Compliance's status is Diff, but no diff is actually displayed.
NetBox version v4.1.3
Describe the bug
Although the Config Compliance has a Status of "Diff" (both "Rendered Config" and "Actual Config" are retrieved correctly, with actual differences), the Diff table below is empty:
To Reproduce Steps to reproduce the behavior:
- Go to 'ConfigDiffScript'
- Filter on a specific device (here a Huawei VRP S6730-H48X6C)
- Click on 'Run script'
- Then go to 'Config Compliances'
- See the above screenshot.
Am I misunderstanding something?
I think I had a similar issue. There is some text within the files that the diff parser doesn't like.
Hi @mathieumd, thanks for opening the issue
please, provide your rendered and actual config (without sensitive info), so I can check the plugin with your data
Here you are:
rendered
!Software Version V200R022C00SPC500
#
sysname EXAMPLE
#
dns resolve
dns server 10.0.0.10
dns server 10.0.0.11
dns domain example.com
#
#vlan batch
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
http server-source -i MEth0/0/1
#
clock timezone Brussels,Copenhagen,Madrid,Paris add 01:00:00
#
diffserv domain default
#
radius-server template default
#
pki realm default
certificate-check none
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
drop-profile default
#
#
#
aaa
authentication-scheme default
authentication-mode local
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-mode local
accounting-scheme default
accounting-mode none
local-aaa-user password policy administrator
password history record number 0
undo password alert original
password expire 0
domain default
authentication-scheme radius
accounting-scheme default
radius-server default
domain default_admin
authentication-scheme default
accounting-scheme default
local-user user privilege level 1
local-user user service-type terminal ssh http
local-user user3 privilege level 15
local-user user3 service-type terminal ssh http
ip address 10.0.0.5/24 255.255.255.0
#
interface XGigabitEthernet0/0/1
description EXAMPLE1
port link-type trunk
port trunk allow-pass vlan 1 to 100
#
[...]
#
interface NULL0
#
undo icmp name timestamp-request receive
#
ip route-static 0.0.0.0 0.0.0.0 10.0.0.8
#
snmp-agent
snmp-agent sys-info contact EXAMPLE
snmp-agent sys-info location EX1
snmp-agent sys-info version v3
snmp-agent group v3 ReadOnly privacy
snmp-agent usm-user v3 user5
snmp-agent usm-user v3 user5 group ReadOnly
undo snmp-agent protocol source-status all-interface
snmp-agent protocol source-interface MEth0/0/1
undo snmp-agent protocol source-status ipv6 all-interface
#
sftp server enable
stelnet server enable
ssh user user2
ssh user user2 authentication-type password
ssh user user2 service-type all
ssh user user
ssh user user authentication-type password
ssh user user service-type all
ssh user user3
ssh user user3 authentication-type password
ssh user user3 service-type all
ssh user user4
ssh user user4 authentication-type password
ssh user user4 service-type all
ssh server-source -i MEth0/0/1
ssh server cipher aes256_ctr aes128_ctr
ssh server hmac sha2_256
ssh server key-exchange dh_group16_sha512 dh_group15_sha512 dh_group14_sha256 dh_group_exchange_sha256
ssh client cipher aes256_ctr aes128_ctr
ssh client hmac sha2_256
ssh client key-exchange dh_group16_sha512 dh_group15_sha512 dh_group14_sha256 dh_group_exchange_sha256
ssh server dh-exchange min-len 2048
ssh server publickey rsa_sha2_512 rsa_sha2_256
#
user-interface con 0
authentication-mode aaa
idle-timeout 30 0
user-interface vty 0 4
authentication-mode aaa
idle-timeout 30 0
user-interface vty 16 20
#
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security-profile name default-mesh
ssid-profile name default
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-whitelist-profile name default
wids-profile name default
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
ap-group name default
provision-ap
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ops
#
remote-unit
#
return
actual
!Software Version V200R022C00SPC500
#
sysname EXAMPLE
#
dns resolve
dns server 10.0.0.10
dns server 10.0.0.11
dns domain example.com
#
vlan batch 1 2 3 4 5 6 7 8 9 10
vlan batch 11 12 13
#
authentication-profile name default_authen_profile
authentication-profile name dot1x_authen_profile
authentication-profile name dot1xmac_authen_profile
authentication-profile name mac_authen_profile
authentication-profile name multi_authen_profile
authentication-profile name portal_authen_profile
#
http server-source -i MEth0/0/1
#
clock timezone Brussels,Copenhagen,Madrid,Paris add 01:00:00
#
diffserv domain default
#
radius-server template default
#
pki realm default
certificate-check none
#
free-rule-template name default_free_rule
#
portal-access-profile name portal_access_profile
#
drop-profile default
#
vlan 1
description VLAN_1
name VLAN_1
vlan 2
[...]
vlan 13
description VLAN_13
name VLAN_13
#
aaa
authentication-scheme default
authentication-mode local
authentication-scheme radius
authentication-mode radius
authorization-scheme default
authorization-mode local
accounting-scheme default
accounting-mode none
local-aaa-user password policy administrator
password history record number 0
undo password alert original
password expire 0
domain default
authentication-scheme radius
accounting-scheme default
radius-server default
domain default_admin
authentication-scheme default
accounting-scheme default
local-user user password irreversible-cipher [...]
local-user user privilege level 1
local-user user service-type terminal ssh http
local-user user2 password irreversible-cipher [...]
local-user user2 privilege level 15
local-user user2 service-type terminal ssh http
local-user user3 password irreversible-cipher [...]
local-user user3 privilege level 15
local-user user3 service-type terminal ssh http
local-user user4 password irreversible-cipher [...]
local-user user4 privilege level 15
local-user user4 service-type terminal ssh http
#
ntp-service server disable
ntp-service ipv6 server disable
ntp-service unicast-server 10.0.0.2
ntp-service unicast-server 10.0.0.3
#
interface Vlanif1
#
interface MEth0/0/1
description => SwitchExample
ip address 10.0.0.5 255.255.255.0
#
interface XGigabitEthernet0/0/1
description EXAMPLE1
port link-type trunk
port trunk allow-pass vlan 1 to 100
#
[...]
#
interface NULL0
#
undo icmp name timestamp-request receive
#
ip route-static 0.0.0.0 0.0.0.0 10.0.0.8
#
snmp-agent
snmp-agent local-engineid 800007DB036413AB283B81
snmp-agent sys-info contact EXAMPLE
snmp-agent sys-info location EX1
snmp-agent sys-info version v3
snmp-agent group v3 ReadOnly privacy
snmp-agent usm-user v3 user5
snmp-agent usm-user v3 user5 group ReadOnly
snmp-agent usm-user v3 user5 authentication-mode sha cipher [...]
snmp-agent usm-user v3 user5 privacy-mode aes128 cipher [...]
undo snmp-agent protocol source-status all-interface
snmp-agent protocol source-interface MEth0/0/1
undo snmp-agent protocol source-status ipv6 all-interface
#
sftp server enable
stelnet server enable
ssh user user2
ssh user user2 authentication-type password
ssh user user2 service-type all
ssh user user
ssh user user authentication-type password
ssh user user service-type all
ssh user user3
ssh user user3 authentication-type password
ssh user user3 service-type all
ssh user user4
ssh user user4 authentication-type password
ssh user user4 service-type all
ssh server-source -i MEth0/0/1
ssh server cipher aes256_ctr aes128_ctr
ssh server hmac sha2_256
ssh server key-exchange dh_group16_sha512 dh_group15_sha512 dh_group14_sha256 dh_group_exchange_sha256
ssh client cipher aes256_ctr aes128_ctr
ssh client hmac sha2_256
ssh client key-exchange dh_group16_sha512 dh_group15_sha512 dh_group14_sha256 dh_group_exchange_sha256
ssh server dh-exchange min-len 2048
ssh server publickey rsa_sha2_512 rsa_sha2_256
#
user-interface con 0
authentication-mode aaa
idle-timeout 30 0
user-interface vty 0 4
authentication-mode aaa
idle-timeout 30 0
user-interface vty 16 20
#
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security-profile name default-mesh
ssid-profile name default
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-whitelist-profile name default
wids-profile name default
ap-system-profile name default
port-link-profile name default
wired-port-profile name default
ap-group name default
provision-ap
#
dot1x-access-profile name dot1x_access_profile
#
mac-access-profile name mac_access_profile
#
ops
#
remote-unit
#
return
diff
10c10,11
< #vlan batch
---
> vlan batch 1 2 3 4 5 6 7 8 9 10
> vlan batch 11 12 13
36c37,44
< #
---
> vlan 1
> description VLAN_1
> name VLAN_1
> vlan 2
> [...]
> vlan 13
> description VLAN_13
> name VLAN_13
49c57
< undo password alert original
---
> undo password alert original
57a66
> local-user user password irreversible-cipher [...]
59a69,72
> local-user user2 password irreversible-cipher [...]
> local-user user2 privilege level 15
> local-user user2 service-type terminal ssh http
> local-user user3 password irreversible-cipher [...]
62c75,88
< ip address 10.0.0.5/24 255.255.255.0
---
> local-user user4 password irreversible-cipher [...]
> local-user user4 privilege level 15
> local-user user4 service-type terminal ssh http
> #
> ntp-service server disable
> ntp-service ipv6 server disable
> ntp-service unicast-server 10.0.0.2
> ntp-service unicast-server 10.0.0.3
> #
> interface Vlanif1
> #
> interface MEth0/0/1
> description => SwitchExample
> ip address 10.0.0.5 255.255.255.0
77a104
> snmp-agent local-engineid 800007DB036413AB283B81
83a111,112
> snmp-agent usm-user v3 user5 authentication-mode sha cipher [...]
> snmp-agent usm-user v3 user5 privacy-mode aes128 cipher [...]
@mathieumd thanks for the data! I've tested with your data and I've got rendered diff.
It may be a problem with the sensitive data that you strip. Please send me the API response with your Config Compliance object; it will have a raw diff, so I can check its correctness.
Here it is:
{
"id": 1,
"url": "https://netbox.example.com/api/plugins/config-diff/config-compliances/1/",
"display": "EXAMPLE",
"device": {
"id": 7,
"url": "https://netbox.example.com/api/dcim/devices/7/",
"display_url": "https://netbox.example.com/dcim/devices/7/",
"display": "EXAMPLE",
"name": "EXAMPLE"
},
"status": {
"value": "diff",
"label": "Diff"
},
"error": "",
"diff": "--- \tEXAMPLE\n+++ \tEXAMPLE\n@@ -1,3 +1,4 @@\n+!Software Version V200R022C00SPC500\n #\n sysname EXAMPLE\n #\n@@ -6,8 +7,7 @@\n dns server 10.0.0.11\n dns domain example.com\n #\n-\n-\n+#vlan batch\n #\n authentication-profile name default_authen_profile\n authentication-profile name dot1x_authen_profile\n@@ -33,45 +33,7 @@\n #\n drop-profile default\n #\n-vlan 1\n- description VLAN_1\n- name VLAN_1\n-vlan 2\n-[...]\n-vlan 13\n- description VLAN_13\n- name VLAN_13\n+#\n #\n aaa\n authentication-scheme default\n@@ -84,7 +46,7 @@\n accounting-mode none\n local-aaa-user password policy administrator\n password history record number 0\n- undo password alert original\n+ undo password alert original \n password expire 0\n domain default\n authentication-scheme radius\n@@ -93,29 +55,11 @@\n domain default_admin\n authentication-scheme default\n accounting-scheme default\n- local-user user password irreversible-cipher $1c$mNK[...]\n local-user user privilege level 1\n local-user user service-type terminal ssh http\n- local-user user2 password irreversible-cipher $1c$a2K[...]\n- local-user user2 privilege level 15\n- local-user user2 service-type terminal ssh http\n- local-user user3 password irreversible-cipher $1c$KhV[...]\n local-user user3 privilege level 15\n local-user user3 service-type terminal ssh http\n- local-user user4 password irreversible-cipher $1c$hA%[...]\n- local-user user4 privilege level 15\n- local-user user4 service-type terminal ssh http\n-#\n-ntp-service server disable\n-ntp-service ipv6 server disable\n-ntp-service unicast-server 10.0.0.2\n-ntp-service unicast-server 10.0.0.3\n-#\n-interface Vlanif1\n-#\n-interface MEth0/0/1\n- description => SwitchExample\n- ip address 10.0.0.5 255.255.255.0\n+ ip address 10.0.0.5/24 255.255.255.0\n #\n interface XGigabitEthernet0/0/1\n description EXAMPLE1\n@@ -283,15 +227,12 @@\n ip route-static 0.0.0.0 0.0.0.0 10.0.0.8\n #\n snmp-agent\n-snmp-agent local-engineid 800007DB036413AB283B81\n snmp-agent sys-info contact EXAMPLE\n snmp-agent sys-info location EX1\n snmp-agent sys-info version v3\n snmp-agent group v3 ReadOnly privacy\n snmp-agent usm-user v3 user5\n snmp-agent usm-user v3 user5 group ReadOnly\n-snmp-agent usm-user v3 user5 authentication-mode sha cipher %^%#{[...]\n-snmp-agent usm-user v3 user5 privacy-mode aes128 cipher %^%#O[...]\n undo snmp-agent protocol source-status all-interface\n snmp-agent protocol source-interface MEth0/0/1\n undo snmp-agent protocol source-status ipv6 all-interface",
"rendered_config": "[...]",
"actual_config": "[...]",
"patch": "[...]",
"missing": "",
"extra": "",
"created": "2024-10-22T09:05:43.932322+02:00",
"last_updated": "2024-10-22T10:45:19.542663+02:00"
}
I still replaced sensitive values, though, of course. Maybe it's caused by irreversible-cipher and cipher containing all class of characters, including " (for example $1c$hA%)!]){F&$TN|z!RS(l6Z\\W>%)c3#!lyMm)iRjk\"B&|HI!VJ<A$), which would break JSON?
Running into the same issue with a very minor config:
Running:
#
sysname test-huawei-s5735
#
vlan batch 666 3000 3021
Intended:
#
sysname test-huawei-s5735
API response:
{
"id": 1,
"url": "https://localhost/api/plugins/config-diff/config-compliances/1/",
"display": "test-huawei-s5735",
"device": {
"id": 1,
"url": "https://localhost/api/dcim/devices/1/",
"display": "test-huawei-s5735",
"name": "test-huawei-s5735",
"description": ""
},
"status": {
"value": "diff",
"label": "Diff"
},
"error": "",
"diff": "--- \ttest-huawei-s5735\n+++ \ttest-huawei-s5735\n@@ -1,4 +1,2 @@\n #\n sysname test-huawei-s5735\n-#\n-vlan batch 666 3000 3021",
"rendered_config": "#\nsysname test-huawei-s5735",
"actual_config": "#\nsysname test-huawei-s5735\n#\nvlan batch 666 3000 3021\n",
"patch": "no vlan batch 666 3000 3021",
"missing": "",
"extra": "",
"created": "2025-06-20T14:49:17.353946+02:00",
"last_updated": "2025-06-20T15:02:48.614846+02:00"
}
Hi @SanderDelden, thanks for your data, I will check it
Could you please open the developer's console on the page with the diff? If there are any errors, please add them to that issue.
Hi @miaow2, thank you for your reply.
Here are the errors from the developers console:
Hi @SanderDelden I've checked with your data and its working, there are no errors in my web console
As I understand your console output, you are missing js files from plugin, try to run python manage.py collectstatic --noinput where you run netbox
Hi @mathieumd sorry for the delay, I've tested the data you provided me again, and on my local machine it's working, also with different symbols, please share with also screenshots of developers console on the page with diff
Now I can suggest two points:
- you can divide the diff into parts and find which part is not rendered and then break this part into other parts and find which row breaks rendering
- or send me via email (I hope my email is visible in my profile) full diff without stripping data, and I will do it myself first point
Thanks for you reply.
I cannot test now, because it looks like the plugin is not compatible with NetBox 4.3.3 (ImportError: cannot import name 'autotype_decorator' from 'netbox.graphql.filter_mixins').
Hi @mathieumd please update the plugin to 2.10.0 version, it supports NetBox 4.3
Firefox Console shows:
Uncaught SyntaxError: invalid escape sequence 1:3585:2517
Which corresponds to this part of the line defining jsonDiff:
const jsonDiff = `...eversible\u002Dcipher $1c$z1M\u003E+:w7\u0060S${e4c$\u0060VOo3\u003Cdf...
#-----------------------------------------------------------------^------------^
# 2504 2517
Decoded, it's:
...eversible-cipher $1c$z1M>+:w7`S${e4c$`VOo3<df...
#-------------------------------^-------^
So it looks like it's the backtick ` at char 2517 which is the problem. But isn't it weird that it's the second occurrence (2504 being the first) which caused this "invalid escape sequence"? Or maybe it's because it's prefixed by $?
I think the problem is with ${symbols, because ${...} sequence is being interpreted as a JavaScript template literal placeholder.
I'm not sure. I applied your patch #103, but it still says:
Uncaught SyntaxError: invalid escape sequence config-compliance:3740:2517
@mathieumd Error in console should be clickable, press it, and console shows you the sequence of symbols that causes he error. Send me a screenshot of this sequence
The 2517th character is the u in ${e4c$\u0060VOo3. So it looks like it's more $\ which cause problem, no?
@mathieumd problem is with ${ here
JS thinks that the template is defined with ${ (e4c$ is in another color), and then it breaks.
Could you let me know if you correctly applied the patch? because ${ should be replaced by \${
I'm sorry @miaow2 , looks like it was missing!
I applied it, restarted NetBox, and then... it works perfectly!
Thank you very much for your patience and trying hard to help!
Now, I can't wait for the release ;-)