cisco.ise.network_device - Unable to update NetworkDeviceGroupList

[tomoliveri]

Prerequisites

• [Yes] Have you tested the operation in the API directly?
• [Yes] Do you have the latest ISE Collection version?
• [Yes] Review the compatibility matrix before opening an issue.

Name of the module
cisco.ise.network_device

Describe the bug
I am only able to get an OK / Pass on this task if my NetworkDeviceGroupList exactly matches the output from network_device_info for this device.
I have created the network device groups I am trying to switch between

Expected behavior
Task should return 'Changed' if a NetworkDeviceGroupList item is changed or removed

Screenshots

Debug
TASK [Modify network device Groups] **********************************************************************************************************************************************************************************************
Attempt 1

Request
URL: https://10.x.x.x/ers/config/networkdevice/name/devicename
Method: GET
Headers:
User-Agent: python-cisco-ise/3.3_patch_1
Accept-Encoding: gzip, deflate
Accept: application/json
Connection: keep-alive
authorization: Basic authtoken=
Content-type: application/json;charset=utf-8
Params:
{}

Response
Status: 200 -
Headers:
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: JSESSIONIDSSO=2XXXX; Path=/; Secure; HttpOnly, APPSESSIONID=EDXXXXX; Path=/ers; Secure; HttpOnly
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-XSS-Protection: 1; mode=block
ETag: "ETAGXXXXXXX"
Date: Wed, 16 Apr 2025 00:49:48 GMT
Server:
Body:
{
"NetworkDevice": {
"id": "01xxxxxx",
"name": "devicename",
"description": "LAB - Device,
"modelName": "C9500-48Y4C",
"softwareVersion": "Unknown",
"authenticationSettings": {
"enableKeyWrap": false,
"dtlsRequired": false,
"keyEncryptionKey": "",
"messageAuthenticatorCodeKey": "",
"keyInputFormat": "ASCII",
"enableMultiSecret": "false"
},
"tacacsSettings": {
"sharedSecret": "testtesttest",
"connectModeOptions": "ON_LEGACY",
"previousSharedSecret": "testtesttest",
"previousSharedSecretExpiry": 0
},
"profileName": "Cisco",
"coaPort": 1700,
"link": {
"rel": "self",
"href": "https://10.x.x.x/ers/config/networkdevice/name/devicename",
"type": "application/json"
},
"NetworkDeviceIPList": [
{
"ipaddress": "10.x.x.x.x",
"mask": 32
}
],
"NetworkDeviceGroupList": [
"Location#All Locations",
"IPSEC#Is IPSEC Device#No",
"Device Type#All Device Types#Switch",
"Isolated#Isolated#is_Isolated",
"PTW#PTW#PTW_True",
"Locked Out Equipment#Locked Out Equipment#YYYYMMDDHHMMSSUU_USERID",
"WLC OS Type#WLC OS Type",
"Network Classification#Network Classification#OT Critical Services"
]
}
}
Attempt 1

Request
URL: https://10.x.x.x/ers/config/networkdevice/name/devicename
Method: PUT
Headers:
User-Agent: python-cisco-ise/3.3_patch_1
Accept-Encoding: gzip, deflate
Accept: application/json
Connection: keep-alive
authorization: Basic authtoken=
Content-type: application/json;charset=utf-8
Params:
{}
Body:
{
"NetworkDevice": {
"name": "devicename",
"NetworkDeviceGroupList": [
"Location#All Locations",
"IPSEC#Is IPSEC Device#No",
"Device Type#All Device Types#Switch",
"Isolated#Isolated#is_Isolated",
"PTW#PTW#PTW_True",
"Locked Out Equipment#Locked Out Equipment#YYYYMMDDHHMMSSUU_username",
"WLC OS Type#WLC OS Type",
"Network Classification#Network Classification#OT Critical Services"
]
}
}

Response
Status: 500 -
Headers:
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: JSESSIONIDSSO=REMOVE; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Secure; HttpOnly, JSESSIONIDSSO=78XXXX; Path=/; Secure; HttpOnly, APPSESSIONID=APPXXXXX; Path=/ers; Secure; HttpOnly
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;
X-XSS-Protection: 1; mode=block
Date: Wed, 16 Apr 2025 00:49:48 GMT
Server:
Body:
{
"ERSResponse": {
"operation": "PUT-update by name-networkdevice",
"messages": [
{
"title": "Operation update NETWORK_DEVICE failed. Look at the debug logs for more information",
"type": "ERROR",
"code": "CRUD operation exception"
}
],
"link": {
"rel": "related",
"href": "https://10.x.x.x/ers/config/networkdevice/name/devicename",
"type": "application/xml"
}
}
}
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: }
fatal: [AU-DEV-01]: FAILED! => {"changed": false, "msg": "An error occured when executing operation. The error was: [500] - Operation update NETWORK_DEVICE failed. Look at the debug logs for more information\n{\n "ERSResponse" : {\n "operation" : "PUT-update by name-networkdevice",\n "messages" : [ {\n "title" : "Operation update NETWORK_DEVICE failed. Look at the debug logs for more information",\n "type" : "ERROR",\n "code" : "CRUD operation exception"\n } ],\n "link" : {\n "rel" : "related",\n "href" : "https://10.x.x.x/ers/config/networkdevice/name/devicename\",\n "type" : "application/xml"\n }\n }\n}"}

Environment (please complete the following information):

• ISE version and patch: 3.3.0.430 Patch 4
• Ansible version: Core 2.16.14
• ISE collection version: 2.10.0
• OS version: RHEL 9.5

[tomoliveri]

The crux of this appears to be that the API expects a PUT rather than PATCH

Meaning we have to re-add all network device parameters to make a modification.