Error when using "any" as source or destination in asa_acls playbook about cisco.asa HOT 7 CLOSED

@busseax Thanks for raising the issue, I have raised a PR #41 to fix the issue, thus closing the issue.

from cisco.asa.

@justjais Sorry for the late reply but I just tested the same playbook with the latest Ansible version (2.9.10) and the latest version of both the cisco.asa and netcommon collection from Ansible Galaxy. The error is still the same: ValueError: 'any' is not in list.

Let me know what other information you need to reproduce this behavior.

from cisco.asa.

@busseax Thank you for testing the asa acls resource and I believe you're seeing the similar issue what's raised under #56, currently any4/any6 for ipv/v6 is not supported under source and destination. I'll raise a PR to include the respective feature asap. I'll be updating the respective PR for tracking.

from cisco.asa.

@justjais Thanks for your feedback. I'm not using any4/any6 statements in my playbook. I just set any: true for the destination which isn't working.

from cisco.asa.

@busseax ah that's strange then, as I have fixed the issue and have added the TC as well(ref: https://github.com/ansible-collections/cisco.asa/blob/main/tests/integration/targets/asa_acls/tests/cli/merged.yaml#L76) and for the ASA platform over which integration tests are running is passing. Can you plz check and verify if you're using the latest 1.0.0/1.0.1 ASA collections and also that your existing ASA config is not having any4/any6 in any of it's source/destination.

As the module gather facts first and then apply the play config, so execution will fail and give the said error if source/destination has any4/any6 pre-configured.

from cisco.asa.

@justjais
You were right, I the VPN appliance was configured with any4 values. However, I changed that to be just any but that didn't help to resolve the issue.
My current ASA config is:
sh run access-list ansible_test access-list ansible_test remark HostA access-list ansible_test extended permit ip host 1.1.1.1 any access-list ansible_test remark HostB access-list ansible_test extended permit ip host 2.2.2.2 any access-list ansible_test remark HostC access-list ansible_test extended permit ip host 3.3.3.3 any

The playbook is still the same as in the bug report. However, I guess I now understand that when it's gathering the facts before applying the changes it's looking at the entire configuration, not just the parts I wanted to modify so there are indeed more places where we used any4 values.

The collections I use are ansible.netcommon 1.0.1-dev8 and cisco.asa 1.0.1-dev3.

from cisco.asa.

@busseax Thanks for the update and yes, acl facts logic will gather the entire config and not just the config you want to update. I've started working on the implementation part of the issue, and I am hopeful that it should be done by max next week.

from cisco.asa.