fortios_router_prefix_list treats each rule as exclusive about ansible-galaxy-fortios-collection HOT 4 CLOSED

hi @freddygfy, thank you for the issue,

note the state is for the object router.prefix-list, not for the rule. you should not set state to absent unless you really wang to delete the whole router.prefix-list object.

despite that you can delete a single rule in CLI, the rules in API design is not incrementally updated, this means each time you have to specify the whole rule set when you are creating/updating the router.prefix-list object.

here is your example , always remember to give the whole ruleset.

- hosts: fortigate01
  connection: httpapi
  collections:
  - fortinet.fortios
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
   prefix_list:
   - name: "LOCAL_NETS"
     vdom: "root"
     state: 'present' # 'absent' is to delete the whole LOCAL_NETS rulesets, not a single rule, always set to 'present'
     rule:
      - id: "1"
        action: "permit"
        prefix: "10.10.10.0/24"
        ge: ""
        le: ""
        removed: 'yes' # any value will be ok, because we only examine whether this field is defined
      - id: "2"
        action: "permit"
        prefix: "10.10.255.10/32"
        ge: ""
        le: ""
        #removed: 'no, must be commented out'
   - name: "EXTERNAL_NETS"
     vdom: "root"
     state: 'present' # ditto
     rule:
      - id: "1"
        action: "permit"
        prefix: "0.0.0.0/0"
        ge: ""
        le: ""

  tasks:
    - name: Configure Prefix Lists
      fortios_router_prefix_list:
        vdom: "{{ item.vdom }}"
        state: "{{ item.state }}"
        router_prefix_list:
            name: "{{ item.name }}"
            rule: "{{ item.rule | rejectattr('removed', 'defined') | list }}"
      with_items:
            - "{{ prefix_list }}"
      when: prefix_list is defined

for more filters, please see https://docs.ansible.com/ansible/latest/user_guide/complex_data_manipulation.html

thanks,
Link.

from ansible-galaxy-fortios-collection.

the rules in API design is not incrementally updated, this means each time you have to specify the whole rule set when you are creating/updating the router.prefix-list object.

Thank you for your clarification, this certainly explains why my method wasn't working.

The firewall I was working on is in prod now so I'm a bit hesitant to make changes but I have a couple more lined up for staging in the coming days. I will try your example play against them.

from ansible-galaxy-fortios-collection.

from ansible-galaxy-fortios-collection.

hi @freddygfy ,

hope you are doing fine.

I mark this issue closed, feel free to reopen it if the problem persists or any other support you need.

thanks,
Link

from ansible-galaxy-fortios-collection.