Comments (4)
hi @freddygfy, thank you for the issue,
note the state
is for the object router.prefix-list, not for the rule. you should not set state to absent
unless you really wang to delete the whole router.prefix-list object.
despite that you can delete a single rule in CLI, the rules in API design is not incrementally updated, this means each time you have to specify the whole rule set when you are creating/updating the router.prefix-list object.
here is your example , always remember to give the whole ruleset.
- hosts: fortigate01
connection: httpapi
collections:
- fortinet.fortios
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
prefix_list:
- name: "LOCAL_NETS"
vdom: "root"
state: 'present' # 'absent' is to delete the whole LOCAL_NETS rulesets, not a single rule, always set to 'present'
rule:
- id: "1"
action: "permit"
prefix: "10.10.10.0/24"
ge: ""
le: ""
removed: 'yes' # any value will be ok, because we only examine whether this field is defined
- id: "2"
action: "permit"
prefix: "10.10.255.10/32"
ge: ""
le: ""
#removed: 'no, must be commented out'
- name: "EXTERNAL_NETS"
vdom: "root"
state: 'present' # ditto
rule:
- id: "1"
action: "permit"
prefix: "0.0.0.0/0"
ge: ""
le: ""
tasks:
- name: Configure Prefix Lists
fortios_router_prefix_list:
vdom: "{{ item.vdom }}"
state: "{{ item.state }}"
router_prefix_list:
name: "{{ item.name }}"
rule: "{{ item.rule | rejectattr('removed', 'defined') | list }}"
with_items:
- "{{ prefix_list }}"
when: prefix_list is defined
for more filters, please see https://docs.ansible.com/ansible/latest/user_guide/complex_data_manipulation.html
thanks,
Link.
from ansible-galaxy-fortios-collection.
the rules in API design is not incrementally updated, this means each time you have to specify the whole rule set when you are creating/updating the router.prefix-list object.
Thank you for your clarification, this certainly explains why my method wasn't working.
The firewall I was working on is in prod now so I'm a bit hesitant to make changes but I have a couple more lined up for staging in the coming days. I will try your example play against them.
from ansible-galaxy-fortios-collection.
from ansible-galaxy-fortios-collection.
hi @freddygfy ,
hope you are doing fine.
I mark this issue closed, feel free to reopen it if the problem persists or any other support you need.
thanks,
Link
from ansible-galaxy-fortios-collection.
Related Issues (20)
- config system globals timezone not numeric in 7.4.2 HOT 3
- How to Create SDWAN Zone HOT 11
- Changing admin user password results in 403 PUT error. HOT 1
- network os fortinet.fortios.fortios is not supported HOT 1
- Is global scope security profile supported? HOT 1
- fortinet.fortios.fortios_monitor_fact filter questions HOT 4
- fortinet.fortios.fortios_monitor -selector upgrade.system.firmware possible issue? HOT 3
- Need help w/playbook to list all managed fortiap's per firewall. HOT 4
- updating policy based routing of fortigate is not working always has seq-num error HOT 2
- There must be at least 1 server certificate configured HOT 2
- Getting 404 error while trying to add IPv6 address group using fortios_firewall_addrgrp6 HOT 2
- Error in comparison/serialize HOT 4
- Question on usage - setting dhcp (v4) reservations HOT 3
- federated-upgrade 7.2.7>7.2.8 problem HOT 2
- fortios_system_global timezone not working with FortiOS 7.4.2 and higher HOT 3
- fortinet.fortios.fortios_firewall_addrgrp module question HOT 8
- fortigate firewall firmware upgrade using fortios_monitor module HOT 2
- check mode error since 2.3.5 HOT 2
- IPv4 Virtual Wire Pair Policy HOT 4
- List of check_mode supported modules HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-galaxy-fortios-collection.