nautobot-ansible icon indicating copy to clipboard operation
nautobot-ansible copied to clipboard

Published 20 hours ago verified publisher icon nautobot

Plugin module unable to alter firewall application groups after creation

Open gneville-ot opened this issue 1 year ago • 1 comments

ISSUE TYPE
  • Bug Report
SOFTWARE VERSIONS
pynautobot

1.5.0

Ansible:

2.12.3

Nautobot:

1.5.20

Collection:

4.5.0

SUMMARY

After creating a firewall application group it is unable to make any changes to the application objects attached afterwards.

STEPS TO REPRODUCE

Create 2 application objects and obtain the UUIDs.

Use the plugin module to create a new application object group of which one of the application objects is a member, this step works and the application group is created, subsequent runs of the exact same task work and no updates are performed as expected.

- name: "SETUP FIREWALL APPLICATION OBJECT GROUP"
  networktocode.nautobot.plugin:
    url: "{{ nb_url }}"
    token: "{{ nb_token }}"
    validate_certs: "{{ nb_validate_certs }}"
    api_version: "{{ nb_api_version }}"
    plugin: "firewall"
    endpoint: "application-object-group"
    identifiers:
      name: "MY_APPLICATION_GROUP"
    attrs:
      description: "My Application Group"
      application_objects:
       - 43de24dd-4358-403f-a26e-253659ad2e48
      status: "active"
    state: "present"

Attempt to add or remove application objects from the group and it will error. For example here a new application object is being added:

- name: "SETUP FIREWALL APPLICATION OBJECT GROUP"
  networktocode.nautobot.plugin:
    url: "{{ nb_url }}"
    token: "{{ nb_token }}"
    validate_certs: "{{ nb_validate_certs }}"
    api_version: "{{ nb_api_version }}"
    plugin: "firewall"
    endpoint: "application-object-group"
    identifiers:
      name: "MY_APPLICATION_GROUP"
    attrs:
      description: "My Application Group"
      application_objects:
       - 43de24dd-4358-403f-a26e-253659ad2e48
       - 34bf520f-a171-4647-8298-59ac264023b9
      status: "active"
    state: "present"
EXPECTED RESULTS

The firewall application group can be updated to add or remove application objects as needed

ACTUAL RESULTS

Error returned.

For some odd reason a query is performed towards the 'application-object' endpoint but using the UUID of the application group, which is why it isn't found.

    pynautobot.core.query.RequestError: The requested url: https://<fqdn>/api/plugins/firewall/application-object/573eb9e5-68bb-4306-a469-d0d25290f891/ could not be found.

The same doesn't happen for 'address groups'.

gneville-ot avatar Sep 01 '23 11:09 gneville-ot

This is an issue in firewall plugin. It has invalid url field in application-object-group. Issue created. https://github.com/nautobot/nautobot-plugin-firewall-models/issues/181

pszulczewski avatar Oct 13 '23 12:10 pszulczewski