Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Search option for device group, address group #537

Open
Cloud7Paradox opened this issue Feb 8, 2024 · 5 comments
Open

Search option for device group, address group #537

Cloud7Paradox opened this issue Feb 8, 2024 · 5 comments
Assignees
@horiagunica
Labels
question Further information is requested

Comments

@Cloud7Paradox
Copy link

Is there any way I can List down available device groups or check if specific device group is present or not, and if found how to perform the same search for checking address groups, if they exist or not?
@Cloud7Paradox Cloud7Paradox added the bug Something isn't working label Feb 8, 2024
@horiagunica horiagunica self-assigned this Mar 27, 2024
@horiagunica
Copy link
Collaborator

Hi @asgr8e !

You would have two main options:

  1. Use gathered filter:
    - name: Get device group info
      paloaltonetworks.panos.panos_device_group:
        provider: "{{ panorama_provider }}"
        name: 'test_device_group'
        state: 'gathered'
      register: device_group_info
  • This one works but it also errors out if the device group is not present.
  1. Use an OP command and parse the output:
    - name: show list of all device groups
      paloaltonetworks.panos.panos_op:
        provider: "{{ panorama_provider }}"
        cmd: "show devicegroups"
      register: devicegroup_status
    - name: Parse devicegroup list
      community.general.xml:
        xmlstring: "{{ devicegroup_status.stdout_xml}}"
        xpath: "/response/result/devicegroups/entry[@name='test_device_group']"
        content: attribute
      ignore_errors: true
      register: parsed_software_xml

    - name: Print parsed xml
      ansible.builtin.debug:
        var: parsed_software_xml
    
    - name: Assert that there is a device group with that name
      ansible.builtin.assert:
        that:
          - parsed_software_xml.failed == false
          - parsed_software_xml.matches | length > 0
        fail_msg: "Device group does not exist"
        success_msg: "Device group exists"

I hope that helps!

@horiagunica horiagunica added question Further information is requested and removed bug Something isn't working labels Mar 27, 2024
@horiagunica
Copy link
Collaborator

@asgr8e - did you manage to test out the above solution?

Unless we receive a reply soon - we will proceed to close the issue.

@Cloud7Paradox
Copy link
Author

fatal: [192.168.1.249]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"gathered_filter": null,
"name": "device_group_1",
"parent": null,
"provider": {
"api_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"ip_address": "192.168.1.249",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"serial_number": null,
"username": "admin"
},
"state": "gathered",
"tag": null
}
},
"msg": "Object 'device_group_1' not found"
}

PLAY RECAP ****************************************************************************************************************************************************************************************************
192.168.1.249 : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

First solution is giving this error

@Cloud7Paradox
Copy link
Author

w list of all device groups] *************************************************************************************************************************************************************************
task path: /home/controller/ansible-projects/dg.yml:15
<192.168.1.249> ESTABLISH LOCAL CONNECTION FOR USER: controller
<192.168.1.249> EXEC /bin/sh -c 'echo ~controller && sleep 0'
<192.168.1.249> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/controller/.ansible/tmp"&& mkdir "echo /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665" && echo ansible-tmp-1713503864.0710075-2434794-102110648948665="echo /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665" ) && sleep 0'
Using module file /home/controller/.ansible/collections/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_op.py
<192.168.1.249> PUT /home/controller/.ansible/tmp/ansible-local-2434695nlfmit_v/tmp6j2hlygb TO /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/AnsiballZ_panos_op.py
<192.168.1.249> EXEC /bin/sh -c 'chmod u+x /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/ /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/AnsiballZ_panos_op.py && sleep 0'
<192.168.1.249> EXEC /bin/sh -c '/usr/bin/python3 /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/AnsiballZ_panos_op.py && sleep 0'
<192.168.1.249> EXEC /bin/sh -c 'rm -f -r /home/controller/.ansible/tmp/ansible-tmp-1713503864.0710075-2434794-102110648948665/ > /dev/null 2>&1 && sleep 0'
ok: [192.168.1.249] => {
"changed": false,
"disconnected": false,
"invocation": {
"module_args": {
"api_key": null,
"cmd": "show devicegroups",
"cmd_is_xml": false,
"ignore_disconnect": null,
"ip_address": null,
"password": null,
"port": 443,
"provider": {
"api_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"ip_address": "192.168.1.249",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"serial_number": null,
"username": "admin"
},
"username": "admin",
"vsys": "vsys1"
}
},
"msg": "Done",
"stdout": "{"response": {"@status": "success", "result": {"devicegroups": {"entry": [{"@name": "Device_group_2", "shared-policy-md5sum": "cffb64a4d938e87724e498f2aab1430b"}, {"@name": "Device_group_1", "shared-policy-md5sum": "9107d510be07085d7903072e5f5822b9"}]}}}}",
"stdout_lines": [
"{"response": {"@status": "success", "result": {"devicegroups": {"entry": [{"@name": "Device_group_2", "shared-policy-md5sum": "cffb64a4d938e87724e498f2aab1430b"}, {"@name": "Device_group_1", "shared-policy-md5sum": "9107d510be07085d7903072e5f5822b9"}]}}}}"
],
"stdout_xml": "<response status="success"><entry name="Device_group_2">cffb64a4d938e87724e498f2aab1430b\n<entry name="Device_group_1">9107d510be07085d7903072e5f5822b9\n"
}

TASK [Parse devicegroup list] *********************************************************************************************************************************************************************************
task path: /home/controller/ansible-projects/dg.yml:20
<192.168.1.249> ESTABLISH LOCAL CONNECTION FOR USER: controller
<192.168.1.249> EXEC /bin/sh -c 'echo ~controller && sleep 0'
<192.168.1.249> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /home/controller/.ansible/tmp"&& mkdir "echo /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604" && echo ansible-tmp-1713503866.524177-2434820-254872599276604="echo /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604" ) && sleep 0'
Using module file /home/controller/.ansible/collections/ansible_collections/community/general/plugins/modules/xml.py
<192.168.1.249> PUT /home/controller/.ansible/tmp/ansible-local-2434695nlfmit_v/tmpmuaddzyq TO /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/AnsiballZ_xml.py
<192.168.1.249> EXEC /bin/sh -c 'chmod u+x /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/ /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/AnsiballZ_xml.py && sleep 0'
<192.168.1.249> EXEC /bin/sh -c '/usr/bin/python3 /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/AnsiballZ_xml.py && sleep 0'
<192.168.1.249> EXEC /bin/sh -c 'rm -f -r /home/controller/.ansible/tmp/ansible-tmp-1713503866.524177-2434820-254872599276604/ > /dev/null 2>&1 && sleep 0'
fatal: [192.168.1.249]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"add_children": null,
"attribute": null,
"backup": false,
"content": "attribute",
"count": false,
"input_type": "yaml",
"insertafter": false,
"insertbefore": false,
"namespaces": {},
"path": null,
"pretty_print": false,
"print_match": false,
"set_children": null,
"state": "present",
"strip_cdata_tags": false,
"value": null,
"xmlstring": "<response status="success"><entry name="Device_group_2">cffb64a4d938e87724e498f2aab1430b\n<entry name="Device_group_1">9107d510be07085d7903072e5f5822b9\n",
"xpath": "/response/result/devicegroups/entry[@name='device_group_1']"
}
},
"msg": "Xpath /response/result/devicegroups/entry[@name='device_group_1'] does not reference a node!"
}
...ignoring

TASK [Print parsed xml] ***************************************************************************************************************************************************************************************
task path: /home/controller/ansible-projects/dg.yml:28
ok: [192.168.1.249] => {
"parsed_software_xml": {
"changed": false,
"failed": true,
"msg": "Xpath /response/result/devicegroups/entry[@name='device_group_1'] does not reference a node!"
}
}

TASK [Assert that there is a device group with that name] *****************************************************************************************************************************************************
task path: /home/controller/ansible-projects/dg.yml:32
fatal: [192.168.1.249]: FAILED! => {
"assertion": "parsed_software_xml.failed == false",
"changed": false,
"evaluated_to": false,
"msg": "Device group does not exist"

second one gives this error

@Cloud7Paradox
Copy link
Author

Cloud7Paradox commented Apr 19, 2024
edited
Loading 

 tasks:
    - name: Get device group names
      paloaltonetworks.panos.panos_op:
        provider: '{{ device }}'
        cmd: "show devicegroups"
      register: devicegroups_output

    - name: Debug stdout field
      debug:
        var: devicegroups_output.stdout

    - name: Extract device group names using json_query
      set_fact:
        device_group_names: "{{ devicegroups_output.stdout | from_json | json_query('response.result.devicegroups.entry[*].\"@name\"') }}"

    - name: Display extracted device group names
      debug:
        var: device_group_names

    - name: Get device group info
      paloaltonetworks.panos.panos_device_group:
        provider: "{{ device }}"
        name: "{{ item }}"
        state: 'gathered'
      loop: "{{ device_group_names }}"
      register: device_group_info

This worked for me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@horiagunica horiagunica

Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Cloud7Paradox @horiagunica