Comments (7)
@busseax Thanks for raising the issue, I have raised a PR #41 to fix the issue, thus closing the issue.
from cisco.asa.
@justjais Sorry for the late reply but I just tested the same playbook with the latest Ansible version (2.9.10) and the latest version of both the cisco.asa and netcommon collection from Ansible Galaxy. The error is still the same: ValueError: 'any' is not in list
.
Let me know what other information you need to reproduce this behavior.
from cisco.asa.
@busseax Thank you for testing the asa acls resource and I believe you're seeing the similar issue what's raised under #56, currently any4/any6
for ipv/v6
is not supported under source and destination. I'll raise a PR to include the respective feature asap. I'll be updating the respective PR for tracking.
from cisco.asa.
@justjais Thanks for your feedback. I'm not using any4/any6 statements in my playbook. I just set any: true
for the destination which isn't working.
from cisco.asa.
@busseax ah that's strange then, as I have fixed the issue and have added the TC as well(ref: https://github.com/ansible-collections/cisco.asa/blob/main/tests/integration/targets/asa_acls/tests/cli/merged.yaml#L76) and for the ASA platform over which integration tests are running is passing. Can you plz check and verify if you're using the latest 1.0.0/1.0.1 ASA collections and also that your existing ASA config is not having any4/any6 in any of it's source/destination.
As the module gather facts first and then apply the play config, so execution will fail and give the said error if source/destination has any4/any6 pre-configured.
from cisco.asa.
@justjais
You were right, I the VPN appliance was configured with any4 values. However, I changed that to be just any
but that didn't help to resolve the issue.
My current ASA config is:
sh run access-list ansible_test access-list ansible_test remark HostA access-list ansible_test extended permit ip host 1.1.1.1 any access-list ansible_test remark HostB access-list ansible_test extended permit ip host 2.2.2.2 any access-list ansible_test remark HostC access-list ansible_test extended permit ip host 3.3.3.3 any
The playbook is still the same as in the bug report. However, I guess I now understand that when it's gathering the facts before applying the changes it's looking at the entire configuration, not just the parts I wanted to modify so there are indeed more places where we used any4
values.
The collections I use are ansible.netcommon 1.0.1-dev8
and cisco.asa 1.0.1-dev3
.
from cisco.asa.
@busseax Thanks for the update and yes, acl facts logic will gather the entire config and not just the config you want to update. I've started working on the implementation part of the issue, and I am hopeful that it should be done by max next week.
from cisco.asa.
Related Issues (20)
- [cisco.asa.asa_ogs] module execution fails on ASA configuration with port range of type <str> (in module coded as <int>) HOT 2
- [cisco.asa.asa_ogs] Incorrect service object groups created (2 instead of 1) HOT 3
- cisco.asa.asa_ogs - unable to create service-objects - invalid input error HOT 7
- [cisco.asa.asa_ogs] Sorting objects groups lead to problems HOT 9
- cisco.asa.asa_command module not working with backup command HOT 10
- ASAv lab not allowing show command abbreviation "sh access-list"
- acls module returning "Unsupported parameters" error HOT 6
- Collection CI related actions needed HOT 1
- asa_config module not switching context in loop HOT 6
- [cisco.asa.asa.acls] Error on ACL with object-group(service), object-group(network) and any HOT 8
- TypeError: 'NoneType' object is not subscriptable with asa_facts
- Show vpn-sessiondb summary returns show version output
- Consider using true/false for all booleans in docs
- cisco.asa 4.0.0 is not completable with ansible.netcommon version 5.0.0
- Not pulling sh running-config using the given cisco.asa module
- The collection bindep is hardcoding python version
- Permission escalating failed when execute command against Cisco firewall HOT 4
- Can't parse object groups if interface has a descrption
- Add Fallback to "terminal length 0" Command for Disabling Terminal Page Limit
- cisco.asa.asa_acls gathered facts
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cisco.asa.