Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bigip_asm_policy_fetch doesn't find policy with special characters in name #87

Open
azw71 opened this issue Jan 8, 2025 · 1 comment
Open

bigip_asm_policy_fetch doesn't find policy with special characters in name #87

azw71 opened this issue Jan 8, 2025 · 1 comment
Labels
Backlog Added to JIRA board bug Something isn't working

Comments

@azw71
Copy link

azw71 commented Jan 8, 2025
edited
Loading

COMPONENT NAME

bigip_asm_policy_fetch

Environment

ANSIBLE VERSION
2.15.0
BIGIP VERSION
Sys::Version
Main Package
  Product     BIG-IP
  Version     16.1.5.1
  Build       0.13.7
  Edition     Engineering Hotfix
  Date        Mon Oct 21 19:24:11 PDT 2024

Hotfix List
ID1621249-2   ID1622609-1  ID1678649-2
CONFIGURATION
OS / ENVIRONMENT
Ansible Automation Platform 4.4.8 

ansible-playbook [core 2.15.0]
  config file = /runner/project/ansible.cfg
  configured module search path = ['/runner/project/library']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /runner/requirements_collections:/runner/project/collections:/home/runner/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.9.16 (main, May 29 2023, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True
SUMMARY

bigip_asm_policy_fetch doesn't find policy with special characters in name. We've fixed the issue by adding some quotes in
f5_bigip/plugins/modules/bigip_asm_policy_fetch.py line 438:

query = "?$filter=name+eq+'{0}'+and+partition+eq+'{1}'&$select=name,partition".format(
            self.want.name, self.want.partition
STEPS TO REPRODUCE

Use bigip_asm_policy_fetch and export a policy with '_' in name.

    bigip_asm_policy_fetch is used to export all WAF policies on system.

    - name: Export ASM policies XML
      connection: httpapi
      f5networks.f5_bigip.bigip_asm_policy_fetch:
        name: "{{ item.name }}"
        file: "{{ item.name }}.xml"
        dest: '{{ gitlab_project_dest }}'
        compact: true
      loop: "{{ bigip_asm_policies | community.general.json_query('asm_policies') }}"
      loop_control:
        label: '{{ item.name }}'
      register: bigip_asm_policies_xml
      run_once: true
      tags:
        - never
        - bigip-asm-export
EXPECTED RESULTS

Each policy should be delivered by the ansible call and exported to a local file.

ACTUAL RESULTS

The task ran for all ASM policies, but exported only exported a few. There's a problem with the
handling of special characters in the name.

TASK [bigip-asm-export : Export ASM policies XML] ******************************
task path: /runner/requirements_roles/bigip-asm-export/tasks/main.yml:89
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
Loading collection ansible.netcommon from /runner/requirements_collections/ansible_collections/ansible/netcommon
<internal-hidden-hostname> attempting to start connection
<internal-hidden-hostname> using connection plugin ansible.netcommon.httpapi
Found ansible-connection at path /usr/bin/ansible-connection
<internal-hidden-hostname> found existing local domain socket, using it!
<internal-hidden-hostname> ESTABLISH HTTP(S) CONNECTFOR USER: admin TO https://internal-hidden-hostname:443
<internal-hidden-hostname> updating play_context for connection
<internal-hidden-hostname> Loading collection ansible.builtin from 
<internal-hidden-hostname> local domain socket path is /home/runner/.ansible/pc/2f024624df
<internal-hidden-hostname> Using network group action f5networks.f5_bigip.bigip for f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: found f5networks.f5_bigip.bigip_asm_policy_fetch  at /runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: running f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: complete
changed: [internal-hidden-hostname] => (item=api-vrsf) => {
    "ansible_loop_var": "item",
    "changed": true,
    "compact": true,
    "dest": "/runner/project/deployment-i-2003600-gcp-dmz-0000_asm",
    "file": "api-vrsf.xml",
    "force": true,
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "base64": null,
            "binary": null,
            "compact": true,
            "dest": "/runner/project/deployment-i-2003600-gcp-dmz-0000_asm",
            "file": "api-vrsf.xml",
            "force": true,
            "inline": null,
            "name": "api-vrsf",
            "partition": "Common"
        }
    },
    "item": {
        "active": "no",
        "allowed_response_codes": [
            400,
            401,
            404,
            407,
            417,
            503
        ],
        "application_language": "utf-8",
        "apply": "no",
        "case_insensitive": "no",
        "csrf_protection_enabled": "no",
        "csrf_urls": [
            {
                "csrf_url": "*",
                "csrf_url_enforcement_action": "verify-csrf-token",
                "csrf_url_id": "l0Ckxe-7yHsXp8U5tTgbFQ",
                "csrf_url_method": "POST",
                "csrf_url_required_parameters": "ignore",
                "csrf_url_wildcard_order": 1
            }
        ],
        "custom_xff_headers": [],
        "description": "API Security Policy",
        "enforcement_mode": "blocking",
        "full_path": "/Common/api-vrsf",
        "has_parent": "no",
        "inspect_http_uploads": "yes",
        "learning_mode": "manual",
        "mask_credit_card_numbers_in_request": "yes",
        "maximum_cookie_header_length": "any",
        "maximum_http_header_length": "any",
        "name": "api-vrsf",
        "path_parameter_handling": "as-url",
        "place_signatures_in_staging": "yes",
        "policy_id": "iWag11-hJD6Nmxp3nccivg",
        "protocol_independent": "no",
        "signature_staging": "yes",
        "trigger_asm_irule_event": "disabled",
        "trust_xff": "no",
        "type": "security",
        "use_dynamic_session_id_in_url": "no",
        "virtual_servers": []
    },
    "mode": "0755",
    "name": "api-vrsf",
    "owner": "root",
    "size": 2140,
    "state": "directory",
    "uid": 0
}
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<internal-hidden-hostname> attempting to start connection
<internal-hidden-hostname> using connection plugin ansible.netcommon.httpapi
Found ansible-connection at path /usr/bin/ansible-connection
<internal-hidden-hostname> found existing local domain socket, using it!
<internal-hidden-hostname> updating play_context for connection
<internal-hidden-hostname> Loading collection ansible.builtin from 
<internal-hidden-hostname> local domain socket path is /home/runner/.ansible/pc/2f024624df
<internal-hidden-hostname> Using network group action f5networks.f5_bigip.bigip for f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: found f5networks.f5_bigip.bigip_asm_policy_fetch  at /runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: running f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: complete
changed: [internal-hidden-hostname] => (item=base-profile-comprehensive) => {
    "ansible_loop_var": "item",
    "changed": true,
    "compact": true,
    "dest": "/runner/project/deployment-i-2003600-gcp-dmz-0000_asm",
    "file": "base-profile-comprehensive.xml",
    "force": true,
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "base64": null,
            "binary": null,
            "compact": true,
            "dest": "/runner/project/deployment-i-2003600-gcp-dmz-0000_asm",
            "file": "base-profile-comprehensive.xml",
            "force": true,
            "inline": null,
            "name": "base-profile-comprehensive",
            "partition": "Common"
        }
    },
    "item": {
        "active": "no",
        "allowed_response_codes": [
            400,
            401,
            404,
            407,
            417,
            503
        ],
        "application_language": "utf-8",
        "apply": "no",
        "case_insensitive": "no",
        "csrf_protection_enabled": "no",
        "csrf_urls": [
            {
                "csrf_url": "*",
                "csrf_url_enforcement_action": "verify-csrf-token",
                "csrf_url_id": "l0Ckxe-7yHsXp8U5tTgbFQ",
                "csrf_url_method": "POST",
                "csrf_url_required_parameters": "ignore",
                "csrf_url_wildcard_order": 1
            }
        ],
        "custom_xff_headers": [],
        "description": "A clean empty profile with default configuration Bigip version 16.1.5 comprehensive",
        "enforcement_mode": "blocking",
        "full_path": "/Common/base-profile-comprehensive",
        "has_parent": "no",
        "inspect_http_uploads": "no",
        "learning_mode": "manual",
        "mask_credit_card_numbers_in_request": "yes",
        "maximum_cookie_header_length": 8192,
        "maximum_http_header_length": 8192,
        "name": "base-profile-comprehensive",
        "path_parameter_handling": "as-parameters",
        "place_signatures_in_staging": "yes",
        "policy_id": "WD5FEd2houXKfE7RmHcuHg",
        "protocol_independent": "no",
        "signature_staging": "yes",
        "trigger_asm_irule_event": "disabled",
        "trust_xff": "no",
        "type": "security",
        "use_dynamic_session_id_in_url": "no",
        "virtual_servers": []
    },
    "mode": "0755",
    "name": "base-profile-comprehensive",
    "owner": "root",
    "size": 2140,
    "state": "directory",
    "uid": 0
}
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<internal-hidden-hostname> attempting to start connection
<internal-hidden-hostname> using connection plugin ansible.netcommon.httpapi
Found ansible-connection at path /usr/bin/ansible-connection
<internal-hidden-hostname> found existing local domain socket, using it!
<internal-hidden-hostname> updating play_context for connection
<internal-hidden-hostname> Loading collection ansible.builtin from 
<internal-hidden-hostname> local domain socket path is /home/runner/.ansible/pc/2f024624df
<internal-hidden-hostname> Using network group action f5networks.f5_bigip.bigip for f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: found f5networks.f5_bigip.bigip_asm_policy_fetch  at /runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: running f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: complete
changed: [internal-hidden-hostname] => (item=base-profile-fundamental) => {
    "ansible_loop_var": "item",
    "changed": true,
    "compact": true,
    "dest": "/runner/project/deployment-i-2003600-gcp-dmz-0000_asm",
    "file": "base-profile-fundamental.xml",
    "force": true,
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "base64": null,
            "binary": null,
            "compact": true,
            "dest": "/runner/project/deployment-i-2003600-gcp-dmz-0000_asm",
            "file": "base-profile-fundamental.xml",
            "force": true,
            "inline": null,
            "name": "base-profile-fundamental",
            "partition": "Common"
        }
    },
    "item": {
        "active": "no",
        "allowed_response_codes": [
            400,
            401,
            404,
            407,
            417,
            503
        ],
        "application_language": "undefined",
        "apply": "no",
        "case_insensitive": "no",
        "csrf_protection_enabled": "no",
        "csrf_urls": [
            {
                "csrf_url": "*",
                "csrf_url_enforcement_action": "verify-csrf-token",
                "csrf_url_id": "l0Ckxe-7yHsXp8U5tTgbFQ",
                "csrf_url_method": "POST",
                "csrf_url_required_parameters": "ignore",
                "csrf_url_wildcard_order": 1
            }
        ],
        "custom_xff_headers": [],
        "description": "A clean empty profile with default configuration Bigip version 16.1.5",
        "enforcement_mode": "blocking",
        "full_path": "/Common/base-profile-fundamental",
        "has_parent": "no",
        "inspect_http_uploads": "no",
        "learning_mode": "manual",
        "mask_credit_card_numbers_in_request": "yes",
        "maximum_cookie_header_length": 8192,
        "maximum_http_header_length": 8192,
        "name": "base-profile-fundamental",
        "path_parameter_handling": "as-parameters",
        "place_signatures_in_staging": "yes",
        "policy_id": "T29cAHjqvAqyOKup1inZ2Q",
        "protocol_independent": "no",
        "signature_staging": "yes",
        "trigger_asm_irule_event": "disabled",
        "trust_xff": "no",
        "type": "security",
        "use_dynamic_session_id_in_url": "no",
        "virtual_servers": []
    },
    "mode": "0755",
    "name": "base-profile-fundamental",
    "owner": "root",
    "size": 2140,
    "state": "directory",
    "uid": 0
}
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<internal-hidden-hostname> attempting to start connection
<internal-hidden-hostname> using connection plugin ansible.netcommon.httpapi
Found ansible-connection at path /usr/bin/ansible-connection
<internal-hidden-hostname> found existing local domain socket, using it!
<internal-hidden-hostname> updating play_context for connection
<internal-hidden-hostname> Loading collection ansible.builtin from 
<internal-hidden-hostname> local domain socket path is /home/runner/.ansible/pc/2f024624df
<internal-hidden-hostname> Using network group action f5networks.f5_bigip.bigip for f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: found f5networks.f5_bigip.bigip_asm_policy_fetch  at /runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: running f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: complete
changed: [internal-hidden-hostname] => (item=base-profile-passive) => {
    "ansible_loop_var": "item",
    "changed": true,
    "compact": true,
    "dest": "/runner/project/deployment-i-2003600-gcp-dmz-0000_asm",
    "file": "base-profile-passive.xml",
    "force": true,
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "base64": null,
            "binary": null,
            "compact": true,
            "dest": "/runner/project/deployment-i-2003600-gcp-dmz-0000_asm",
            "file": "base-profile-passive.xml",
            "force": true,
            "inline": null,
            "name": "base-profile-passive",
            "partition": "Common"
        }
    },
    "item": {
        "active": "no",
        "allowed_response_codes": [
            400,
            401,
            404,
            407,
            417,
            503
        ],
        "application_language": "undefined",
        "apply": "no",
        "case_insensitive": "no",
        "csrf_protection_enabled": "no",
        "csrf_urls": [
            {
                "csrf_url": "*",
                "csrf_url_enforcement_action": "verify-csrf-token",
                "csrf_url_id": "l0Ckxe-7yHsXp8U5tTgbFQ",
                "csrf_url_method": "POST",
                "csrf_url_required_parameters": "ignore",
                "csrf_url_wildcard_order": 1
            }
        ],
        "custom_xff_headers": [],
        "description": "A clean empty profile with default configuration Bigip version 16.1.5 passive deployment policy",
        "enforcement_mode": "transparent",
        "full_path": "/Common/base-profile-passive",
        "has_parent": "no",
        "inspect_http_uploads": "no",
        "learning_mode": "manual",
        "mask_credit_card_numbers_in_request": "yes",
        "maximum_cookie_header_length": 8192,
        "maximum_http_header_length": 8192,
        "name": "base-profile-passive",
        "path_parameter_handling": "as-parameters",
        "place_signatures_in_staging": "yes",
        "policy_id": "RlUnoN1fISSm-LKS5uMxYg",
        "protocol_independent": "no",
        "signature_staging": "yes",
        "trigger_asm_irule_event": "disabled",
        "trust_xff": "no",
        "type": "security",
        "use_dynamic_session_id_in_url": "no",
        "virtual_servers": []
    },
    "mode": "0755",
    "name": "base-profile-passive",
    "owner": "root",
    "size": 2140,
    "state": "directory",
    "uid": 0
}
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<internal-hidden-hostname> attempting to start connection
<internal-hidden-hostname> using connection plugin ansible.netcommon.httpapi
Found ansible-connection at path /usr/bin/ansible-connection
<internal-hidden-hostname> found existing local domain socket, using it!
<internal-hidden-hostname> updating play_context for connection
<internal-hidden-hostname> Loading collection ansible.builtin from 
<internal-hidden-hostname> local domain socket path is /home/runner/.ansible/pc/2f024624df
<internal-hidden-hostname> Using network group action f5networks.f5_bigip.bigip for f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: found f5networks.f5_bigip.bigip_asm_policy_fetch  at /runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: running f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: complete
The full traceback is:
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 603, in main
    results = mm.exec_module()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 315, in exec_module
    self.export()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 326, in export
    return self.update()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 335, in update
    self.create()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 344, in create
    self.create_on_device()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 397, in create_on_device
    self._set_policy_link()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 455, in _set_policy_link
    raise F5ModuleError("The policy was not found")
failed: [internal-hidden-hostname] (item=sp_api-int.hidden-name.de) => {
    "ansible_loop_var": "item",
    "changed": false,
    "invocation": {
        "module_args": {
            "base64": null,
            "binary": null,
            "compact": true,
            "dest": "/runner/project/deployment-i-2003600-gcp-dmz-0000_asm",
            "file": "sp_api-int.hidden-name.de.xml",
            "force": true,
            "inline": null,
            "name": "sp_api-int.hidden-name.de",
            "partition": "Common"
        }
    },
    "item": {
        "active": "yes",
        "allowed_response_codes": [
            400,
            401,
            403,
            404,
            407,
            417,
            503
        ],
        "application_language": "utf-8",
        "apply": "no",
        "case_insensitive": "no",
        "csrf_protection_enabled": "no",
        "csrf_urls": [
            {
                "csrf_url": "*",
                "csrf_url_enforcement_action": "verify-csrf-token",
                "csrf_url_id": "l0Ckxe-7yHsXp8U5tTgbFQ",
                "csrf_url_method": "POST",
                "csrf_url_required_parameters": "ignore",
                "csrf_url_wildcard_order": 1
            }
        ],
        "custom_xff_headers": [
            "First-XFF"
        ],
        "description": "Rapid Deployment security policy",
        "enforcement_mode": "blocking",
        "full_path": "/Common/sp_api-int.hidden-name.de",
        "has_parent": "no",
        "inspect_http_uploads": "yes",
        "learning_mode": "manual",
        "mask_credit_card_numbers_in_request": "yes",
        "maximum_cookie_header_length": 8192,
        "maximum_http_header_length": 8192,
        "name": "sp_api-int.hidden-name.de",
        "path_parameter_handling": "as-parameters",
        "place_signatures_in_staging": "yes",
        "policy_id": "IJGQemy5XnKty7m8HPbOPQ",
        "protocol_independent": "no",
        "signature_staging": "no",
        "trigger_asm_irule_event": "disabled",
        "trust_xff": "yes",
        "type": "security",
        "use_dynamic_session_id_in_url": "no",
        "virtual_servers": [
            "/dzb/api-int.hidden-name.de-443/api-int.hidden-name.de-443"
        ]
    },
    "msg": "The policy was not found"
}
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<internal-hidden-hostname> attempting to start connection
<internal-hidden-hostname> using connection plugin ansible.netcommon.httpapi
Found ansible-connection at path /usr/bin/ansible-connection
<internal-hidden-hostname> found existing local domain socket, using it!
<internal-hidden-hostname> updating play_context for connection
<internal-hidden-hostname> Loading collection ansible.builtin from 
<internal-hidden-hostname> local domain socket path is /home/runner/.ansible/pc/2f024624df
<internal-hidden-hostname> Using network group action f5networks.f5_bigip.bigip for f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: found f5networks.f5_bigip.bigip_asm_policy_fetch  at /runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: running f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: complete
The full traceback is:
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 603, in main
    results = mm.exec_module()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 315, in exec_module
    self.export()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 326, in export
    return self.update()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 335, in update
    self.create()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 344, in create
    self.create_on_device()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 397, in create_on_device
    self._set_policy_link()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 455, in _set_policy_link
    raise F5ModuleError("The policy was not found")
failed: [internal-hidden-hostname] (item=sp_awtu1api.hidden-name.de) => {
    "ansible_loop_var": "item",
    "changed": false,
    "invocation": {
        "module_args": {
            "base64": null,
            "binary": null,
            "compact": true,
            "dest": "/runner/project/deployment-i-2003600-gcp-dmz-0000_asm",
            "file": "sp_awtu1api.hidden-name.de.xml",
            "force": true,
            "inline": null,
            "name": "sp_awtu1api.hidden-name.de",
            "partition": "Common"
        }
    },
    "item": {
        "active": "yes",
        "allowed_response_codes": [
            400,
            404,
            409,
            500
        ],
        "application_language": "utf-8",
        "apply": "no",
        "case_insensitive": "no",
        "csrf_protection_enabled": "no",
        "csrf_urls": [
            {
                "csrf_url": "*",
                "csrf_url_enforcement_action": "verify-csrf-token",
                "csrf_url_id": "l0Ckxe-7yHsXp8U5tTgbFQ",
                "csrf_url_method": "POST",
                "csrf_url_required_parameters": "ignore",
                "csrf_url_wildcard_order": 1
            }
        ],
        "custom_xff_headers": [
            "First-XFF"
        ],
        "description": "API Security Policy",
        "enforcement_mode": "blocking",
        "full_path": "/Common/sp_awtu1api.hidden-name.de",
        "has_parent": "no",
        "inspect_http_uploads": "yes",
        "learning_mode": "manual",
        "mask_credit_card_numbers_in_request": "yes",
        "maximum_cookie_header_length": "any",
        "maximum_http_header_length": "any",
        "name": "sp_awtu1api.hidden-name.de",
        "path_parameter_handling": "as-url",
        "place_signatures_in_staging": "yes",
        "policy_id": "8uurA12vgRD6bKidMj5BEA",
        "protocol_independent": "yes",
        "signature_staging": "yes",
        "trigger_asm_irule_event": "disabled",
        "trust_xff": "yes",
        "type": "security",
        "use_dynamic_session_id_in_url": "no",
        "virtual_servers": [
            "/dzb/awtu1api.hidden-name.de-443/awtu1api.hidden-name.de-443"
        ]
    },
    "msg": "The policy was not found"
}
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<internal-hidden-hostname> attempting to start connection
<internal-hidden-hostname> using connection plugin ansible.netcommon.httpapi
Found ansible-connection at path /usr/bin/ansible-connection
<internal-hidden-hostname> found existing local domain socket, using it!
<internal-hidden-hostname> updating play_context for connection
<internal-hidden-hostname> Loading collection ansible.builtin from 
<internal-hidden-hostname> local domain socket path is /home/runner/.ansible/pc/2f024624df
<internal-hidden-hostname> Using network group action f5networks.f5_bigip.bigip for f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: found f5networks.f5_bigip.bigip_asm_policy_fetch  at /runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: running f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: complete
The full traceback is:
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 603, in main
    results = mm.exec_module()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 315, in exec_module
    self.export()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 326, in export
    return self.update()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 335, in update
    self.create()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 344, in create
    self.create_on_device()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 397, in create_on_device
    self._set_policy_link()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 455, in _set_policy_link
    raise F5ModuleError("The policy was not found")
failed: [internal-hidden-hostname] (item=sp_awtu1api.hidden-name.de) => {
    "ansible_loop_var": "item",
    "changed": false,
    "invocation": {
        "module_args": {
            "base64": null,
            "binary": null,
            "compact": true,
            "dest": "/runner/project/deployment-i-2003600-gcp-dmz-0000_asm",
            "file": "sp_awtu1api.hidden-name.de.xml",
            "force": true,
            "inline": null,
            "name": "sp_awtu1api.hidden-name.de",
            "partition": "Common"
        }
    },
    "item": {
        "active": "yes",
        "allowed_response_codes": [
            400,
            401,
            403,
            404,
            407,
            417,
            500,
            503
        ],
        "application_language": "utf-8",
        "apply": "no",
        "case_insensitive": "no",
        "csrf_protection_enabled": "no",
        "csrf_urls": [
            {
                "csrf_url": "*",
                "csrf_url_enforcement_action": "verify-csrf-token",
                "csrf_url_id": "l0Ckxe-7yHsXp8U5tTgbFQ",
                "csrf_url_method": "POST",
                "csrf_url_required_parameters": "ignore",
                "csrf_url_wildcard_order": 1
            }
        ],
        "custom_xff_headers": [],
        "description": "Copied from /Common/sp_awtu1api.hidden-name.de",
        "enforcement_mode": "blocking",
        "full_path": "/Common/sp_awtu1api.hidden-name.de",
        "has_parent": "no",
        "inspect_http_uploads": "yes",
        "learning_mode": "manual",
        "mask_credit_card_numbers_in_request": "yes",
        "maximum_cookie_header_length": 2048,
        "maximum_http_header_length": 2048,
        "name": "sp_awtu1api.hidden-name.de",
        "path_parameter_handling": "as-parameters",
        "place_signatures_in_staging": "yes",
        "policy_id": "9dMuJkrBi1XWjK182jR9gA",
        "protocol_independent": "no",
        "signature_staging": "no",
        "trigger_asm_irule_event": "disabled",
        "trust_xff": "no",
        "type": "security",
        "use_dynamic_session_id_in_url": "no",
        "virtual_servers": []
    },
    "msg": "The policy was not found"
}
redirecting (type: connection) ansible.builtin.httpapi to ansible.netcommon.httpapi
<internal-hidden-hostname> attempting to start connection
<internal-hidden-hostname> using connection plugin ansible.netcommon.httpapi
Found ansible-connection at path /usr/bin/ansible-connection
<internal-hidden-hostname> found existing local domain socket, using it!
<internal-hidden-hostname> updating play_context for connection
<internal-hidden-hostname> Loading collection ansible.builtin from 
<internal-hidden-hostname> local domain socket path is /home/runner/.ansible/pc/2f024624df
<internal-hidden-hostname> Using network group action f5networks.f5_bigip.bigip for f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: enabled
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: found f5networks.f5_bigip.bigip_asm_policy_fetch  at /runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: running f5networks.f5_bigip.bigip_asm_policy_fetch
<{{ bigip_config_provider.server }}> ANSIBLE_NETWORK_IMPORT_MODULES: complete
The full traceback is:
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 603, in main
    results = mm.exec_module()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 315, in exec_module
    self.export()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 326, in export
    return self.update()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 335, in update
    self.create()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 344, in create
    self.create_on_device()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 397, in create_on_device
    self._set_policy_link()
  File "/runner/requirements_collections/ansible_collections/f5networks/f5_bigip/plugins/modules/bigip_asm_policy_fetch.py", line 455, in _set_policy_link
    raise F5ModuleError("The policy was not found")
failed: [internal-hidden-hostname] (item=sp_awtu1obs.hidden-name.de) => {
    "ansible_loop_var": "item",
    "changed": false,
    "invocation": {
        "module_args": {
            "base64": null,
            "binary": null,
            "compact": true,
            "dest": "/runner/project/deployment-i-2003600-gcp-dmz-0000_asm",
            "file": "sp_awtu1obs.hidden-name.de.xml",
            "force": true,
            "inline": null,
            "name": "sp_awtu1obs.hidden-name.de",
            "partition": "Common"
        }
    },
    "item": {
        "active": "yes",
        "allowed_response_codes": [
            400,
            401,
            403,
            404,
            407,
            417,
            500,
            503
        ],
        "application_language": "utf-8",
        "apply": "no",
        "case_insensitive": "no",
        "csrf_protection_enabled": "no",
        "csrf_urls": [
            {
                "csrf_url": "*",
                "csrf_url_enforcement_action": "verify-csrf-token",
                "csrf_url_id": "l0Ckxe-7yHsXp8U5tTgbFQ",
                "csrf_url_method": "POST",
                "csrf_url_required_parameters": "ignore",
                "csrf_url_wildcard_order": 1
            }
        ],
        "custom_xff_headers": [],
        "description": "Import von lb-extern. Auftrag INC000007947617. Kein EBP Template!\\nTemporäre Anpassung per PRB0054209",
        "enforcement_mode": "blocking",
        "full_path": "/Common/sp_awtu1obs.hidden-name.de",
        "has_parent": "no",
        "inspect_http_uploads": "yes",
        "learning_mode": "manual",
        "mask_credit_card_numbers_in_request": "yes",
        "maximum_cookie_header_length": 2048,
        "maximum_http_header_length": 2048,
        "name": "sp_awtu1obs.hidden-name.de",
        "path_parameter_handling": "as-parameters",
        "place_signatures_in_staging": "yes",
        "policy_id": "0g172yx-YCM49puL_ETTYw",
        "protocol_independent": "no",
        "signature_staging": "no",
        "trigger_asm_irule_event": "disabled",
        "trust_xff": "no",
        "type": "security",
        "use_dynamic_session_id_in_url": "no",
        "virtual_servers": []
    },
    "msg": "The policy was not found"
}
@azw71 azw71 added the bug Something isn't working label Jan 8, 2025
@pgouband
Copy link

pgouband commented Jan 8, 2025

Hi,

Thanks for reporting. Added to the backlog and internal tracking ID for this request is: INFRAANO-1756.

@pgouband pgouband added the Backlog Added to JIRA board label Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Backlog Added to JIRA board bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@azw71 @pgouband