Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipsec p2 encryption-algorithm-option and hash-algorithm-option update seems disfunctional #69

Closed
zerwes opened this issue May 15, 2024 · 10 comments
Closed

ipsec p2 encryption-algorithm-option and hash-algorithm-option update seems disfunctional #69

zerwes opened this issue May 15, 2024 · 10 comments
Assignees
@zerwes
Labels
bug Something isn't working enhancement New feature or request test required wip ... work in progress ...

Comments

@zerwes
Copy link
Collaborator

zerwes commented May 15, 2024
edited
Loading

while starting some test implementation for #67 the 2 options let some ipsec tests fail ...
... or just deprecate the old legacy stuff and implement #42
@zerwes zerwes added bug Something isn't working enhancement New feature or request test required labels May 15, 2024
@zerwes zerwes self-assigned this May 15, 2024
@zerwes
Copy link
Collaborator Author

zerwes commented May 15, 2024

wip ... fix-encalg-and-hashalg

@zerwes
Copy link
Collaborator Author

zerwes commented May 15, 2024

https://github.com/Rosa-Luxemburgstiftung-Berlin/ansible-opnsense/actions/runs/9090917733/job/24984556065#step:5:1881

@zerwes zerwes added the wip ... work in progress ... label May 27, 2024
zerwes added a commit that referenced this issue May 28, 2024
@zerwes
issue #69 hash-algorithm-option fixed
0da3f44
@zerwes
Copy link
Collaborator Author

zerwes commented May 28, 2024

task args
xpath: "/opnsense/ipsec/phase2[ikeid='1' and uniqid='eea1dcb2e051a']/hash-algorithm-option"
will fail!

but

[localhost] TASK: debug failing (debug)> task.args['xpath'] = "/opnsense/ipsec/phase2[ikeid=1 and uniqid=eea1dcb2e051a]/hash-algorithm-option"
[localhost] TASK: debug failing (debug)> redo

=> OK

@zerwes
Copy link
Collaborator Author

zerwes commented May 28, 2024

strange .. this works as expected

- name: test
  hosts: all
  gather_facts: false
  vars:
    ikeid: 1
    uniqid: eea1dcb2e051a
  tasks:
   - name: test del encryption-algorithm-option
      delegate_to: localhost
      community.general.xml:
        path: cfg/ipsec-test1-04-encalg.xml
        state: absent
        pretty_print: true
        xpath: "/opnsense/ipsec/phase2[ikeid='{{ ikeid }}' and uniqid='{{ uniqid }}']/encryption-algorithm-option"

but not in the test setup

@zerwes
Copy link
Collaborator Author

zerwes commented May 28, 2024
edited
Loading

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Couldn't delete xpath target: /opnsense/ipsec/phase2[ikeid='1' and uniqid='eea1dcb2e051a']/encryption-algorithm-option (module 'lxml.etree' has no attribute '_ElementStringResult')"}

@zerwes
Copy link
Collaborator Author

zerwes commented May 28, 2024

seems we just have 2 options

  1. error (see last comment)
  2. no action/match on delete/absent xpath request
    ok: [localhost] => {"actions": {"namespaces": {}, "state": "absent", "xpath": "/opnsense/ipsec/phase2[ikeid/text()='1' and uniqid/text='eea1dcb2e051a']/encryption-algorithm-option"}, "changed": false}

@zerwes
Copy link
Collaborator Author

zerwes commented May 28, 2024
edited
Loading

In 5.1.1 lxml removed _ElementStringResult()
... ❓
lxml/lxml@lxml-5.1.0...lxml-5.1.1

lxml/lxml@lxml-5.1.0...lxml-5.1.1#diff-50572a55550b6596b53b8b534c05abce39dc5cce6e8f969e1f11d4e5348330d8

currently I use:
lxml 5.2.1

@zerwes
Copy link
Collaborator Author

zerwes commented May 28, 2024

fck ... hours of debugging and testing for the a... ah... for nothing
all works as expected w/ lxml 5.1.0 ❗

@zerwes
Copy link
Collaborator Author

zerwes commented May 28, 2024

ansible-collections/community.general#8435

zerwes pushed a commit that referenced this issue May 28, 2024
issue #69 INTERIM hash-algorithm-option fixed
9ad7ba1
zerwes pushed a commit that referenced this issue May 28, 2024
issue #69 doc hash-algorithm-option fixed
f340c00
zerwes pushed a commit that referenced this issue May 28, 2024
issue #69 restore original encryption-algorithm-option reset causing …
55eceee 
…error
zerwes pushed a commit that referenced this issue May 28, 2024
issue #69 fix encryption-algorithm-option reset
6ea7435
zerwes pushed a commit that referenced this issue May 28, 2024
issue #69 - working with lxml <= 5.1.0
7561c24
zerwes pushed a commit that referenced this issue May 28, 2024
issue #69 - working with lxml <= 5.1.0
1d4c90d
zerwes pushed a commit that referenced this issue May 28, 2024
issue #69 - updated test for fix-encalg-and-hashalg
777fcc7
zerwes pushed a commit that referenced this issue May 28, 2024
issue #69 - cleanup fix-encalg-and-hashalg
fe451c2
zerwes pushed a commit that referenced this issue May 28, 2024
issue #69 - use lxml 5.1.0 for tests
b987b3d
zerwes pushed a commit that referenced this issue May 28, 2024
issue #69 - linted
4e301a9
zerwes pushed a commit that referenced this issue May 28, 2024
Revert "issue #69 - updated test for fix-encalg-and-hashalg"
0bf80b3 
This reverts commit 777fcc7.
@zerwes zerwes mentioned this issue May 28, 2024
Merged
zerwes added a commit that referenced this issue May 28, 2024
@zerwes
Fix encalg and hashalg update (#71)
1a3e5f6 
* encryption-algorithm-options fixed

* hash-algorithm-options fixed

* only delete hashalgopt if match is defined

* test files for encalg and hashalg

* issue #69 hash-algorithm-option fixed

* issue #69 INTERIM hash-algorithm-option fixed

* issue #69 doc hash-algorithm-option fixed

* issue #69 restore original encryption-algorithm-option reset causing error

* issue #69 fix encryption-algorithm-option reset

* typo

* issue #69 - working with lxml <= 5.1.0

* issue #69 - working with lxml <= 5.1.0

* issue #69 - updated test for fix-encalg-and-hashalg

* issue #69 - cleanup fix-encalg-and-hashalg

* issue #69 - use lxml 5.1.0 for tests

* issue #69 - linted

* Revert "issue #69 - updated test for fix-encalg-and-hashalg"

This reverts commit 777fcc7.

---------

Co-authored-by: Klaus Zerwes <[email protected]>
@zerwes
Copy link
Collaborator Author

zerwes commented May 28, 2024

#71

@zerwes zerwes closed this as completed May 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zerwes zerwes

Labels
bug Something isn't working enhancement New feature or request test required wip ... work in progress ...
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zerwes