Error when using "request certificate show certificate-name" command with panos_op module #577
Description
Describe the bug
We're trying to get an uploaded certificate on the Palo Alto device using the panos_op module since there is no other specific module for this.
CLI command as well as XML-API has proper command for this:
CLI: admin@lgb-pafw01-1(active)> request certificate show certificate-name RootCA2023
XML: <request><certificate><show><certificate-name>RootCA2023</certificate-name></show></certificate></request>
Panos_op doesn't work any of those options
Expected behavior
Collect the output from the command given above using pano_op module
Current behavior
XML style command:
$ ansible-playbook -i hosts.ini pafw11_facts.yaml -k --tags=catest --limit=lgb-pafw01-1-temp.int
SSH password:
PLAY [Gather system info] ******************************************************************************************************************************************************************************
TASK [Gathering Facts] *********************************************************************************************************************************************************************************
ok: [lgb-pafw01-1-temp.int]
TASK [Show system info as XML command] *****************************************************************************************************************************************************************
fatal: [lgb-pafw01-1-temp.int]: FAILED! => {"changed": false, "msg": "Failed to run XML command : <request><certificate><show><certificate-name>RootCA2023</certificate-name></show></certificate></request> : Command succeeded with no output"}
PLAY RECAP *********************************************************************************************************************************************************************************************
lgb-pafw01-1-temp.int : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
CLI style command:
$ ansible-playbook -i hosts.ini pafw11_facts.yaml -k --tags=catest --limit=lgb-pafw01-1-temp.int
SSH password:
PLAY [Gather system info] ******************************************************************************************************************************************************************************
TASK [Gathering Facts] *********************************************************************************************************************************************************************************
ok: [lgb-pafw01-1-temp.int]
TASK [Show system info as XML command] *****************************************************************************************************************************************************************
fatal: [lgb-pafw01-1-temp.int]: FAILED! => {"changed": false, "msg": "Failed to run command : request certificate show certificate-name \"RootCA2023\" : Command succeeded with no output"}
PLAY RECAP *********************************************************************************************************************************************************************************************
lgb-pafw01-1-temp.int : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Possible solution
I have noticed that CLI commands add unnecessary quotes.
Steps to reproduce
ansible core 2.15.12
paloaltonetworks.panos 2.20.0
panos: 11.1.2-h3 (PA-1410)
Preloaded certificate name RootCA2023
Play CLI version:
- name: Show system info as XML command
paloaltonetworks.panos.panos_op:
provider: '{{ device }}'
cmd: 'request certificate show certificate-name RootCA2023'
register: cert
tags: catest`
XML version:
- name: Show system info as XML command
paloaltonetworks.panos.panos_op:
provider: '{{ device }}'
cmd: '<request><certificate><show><certificate-name>RootCA2023</certificate-name></show></certificate></request>'
cmd_is_xml: true
register: cert
tags: catest`
Screenshots
Context
Trying to verify if all firewalls has proper CA certificate upload within the other task
Your Environment
- Collection: paloaltonetworks.panos 2.20.0
- Python: 3.9.19
- Ansible: 2.15.12
- PAN-OS Python Library & version (e.g. pandevice 0.14.0, pan-os-python 1.0.2): pan-os-python 1.12.1, pan-python 0.17.0