#Service-policy creation isn't working

Hello! I'm getting below error message when creating service policy
Error:
fatal: [localhost]: FAILED! => changed=false
invocation:
module_args:
additional_services: null
cert_filepath: null
feature_flags: null
force_ontap_version: null
hostname: test-nas
http_port: null
https: true
ipspace: null
key_filepath: null
known_services:
- cluster_core
- intercluster_core
- management_core
- management_autosupport
- management_bgp
- management_ems
- management_https
- management_http
- management_ssh
- management_portmap
- data_core
- data_nfs
- data_cifs
- data_flexcache
- data_iscsi
- data_s3_server
- data_dns_server
- data_fpolicy_client
- management_ntp_client
- management_dns_client
- management_ad_client
- management_ldap_client
- management_nis_client
- management_snmp_server
- management_rsh_server
- management_telnet_server
- management_ntp_server
- data_nvme_tcp
- backup_ndmp_control
name: test_policy
ontapi: null
password: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
scope: null
services:
- management_core
- management_autosupport
- management_ssh
- management_https
- management_portmap
- management_ems
state: present
use_rest: auto
username: admin
validate_certs: false
vserver: test-nas
msg: 'Error in create_service_policy: calling: network/ip/service-policies: got {''message'': ''Service policy cannot be created because SVM "test-nas" does not exist.'', ''code'': ''53281941'', ''target'': ''svm.name''}.'

Is there a vserver called test-nas on the host?

yes

ONTAP: 9.8P11
Collections: netapp.ontap 22.2.0
Playbook:

• name: Create service policy
  netapp.ontap.na_ontap_service_policy:
  state: present
  name: "{{ service_policy_name }}"
  services:
  - management_core
  - management_autosupport
  - management_ssh
  - management_https
  - management_portmap
  - management_ems
  vserver: "{{ cluster }}"
  <<: *login

vars:
username: admin
cluster: test-nas
hostname: test-nas

service_policy_name: test_policy

can you double check, that error message is coming directly from ONTAP it self telling us there is no SVM called test-nas on the host you've given

is test-nas a vserver or cluster name?
If its cluster name, vserver should be omitted to create service policy at cluster level

The service policy I'm creating is at cluster level

I tried having scope: cluster and it didn't work either

can you try without setting vserver

cluster is assumed is vserver is not set

It errored out saying it needs either ipspace or vserver listed.

There is svm on the cluster..i had to rename the svm name to something different before i posted the error message here.

yes ipspace is a required field if vserver is not set

there is no ipspace parameter in ontap 9.8

any error if used ipspace?

what should list for ipspace?

usually its Default
ipspace: Default

or network ipspace show command to get the test-nas cluster ipspace.

using ipspace default

worked

• name: Create service policy
  netapp.ontap.na_ontap_service_policy:
  state: present
  name: "{{ service_policy_name }}"
  services:
  - management_core
  - management_autosupport
  - management_ssh
  - management_https
  - management_portmap
  - management_ems
  ipspace: Default
  <<: *login

since allowed addresses doesn't support REST, I should be using restcli to get this configured correct?

• name: Add allowed addresses to management ssh service
  netapp.ontap.na_ontap_rest_cli:
  command: 'network/interface/service-policy'
  verb: PATCH
  params: {'policy': "{{ service_policy_name }}", 'service': 'management-ssh'}
  body: {'allowed-addresses': "{{ allowed_addresses }}"}
  <<: *login

does the playbook code look ok?

getting below error for the above playbook code

fatal: [localhost]: FAILED! => changed=false
msg: 'Error: {''message'': ''Invalid JSON input. Expecting "allowed-addresses" to be an array.'', ''code'': ''262254'', ''target'': ''allowed-addresses''}'

"{{ allowed_addresses }}"} should be a list, not a string. What do you have in the variable?

list of ip address

allowed_addresses: 10.10.10.0/24 (example ip address)

Can you try: body: {'allowed-addresses': ["{{ allowed_addresses }}"]}
You need to build the JSON.

ok let me try

I can add only one subnet but if i want to add more subnets then it errors out with below error
fatal: [localhost]: FAILED! => changed=false
msg: 'Error: {''message'': ''failed to set field "allowed-addresses[0]" to "10.10.10.0/24, 11.11.11.0./24"'', ''code'': ''2'', ''target'': ''allowed-addresses[0]''}'

allowed_addresses: 10.10.10.0/24, 11.11.11.0/24

You have an extra dot in the second address. Though the message indicates the first.

But I see the issue. Maybe:
"[{{ allowed_addresses }}]"

thats the typo when i sent this message out as i want to hide the actual addresses.

It's a JSON formatting issue

It sees 10.10.10.0/24, 11.11.11.0./24 as a single string, not a list of strings.

yes, any ideas on getting this work?

Start with
body: {'allowed-addresses': ["10.10.10.0/24", "11.11.11.0./24"]}
and once that works, switch to using variables

ok sure

It works fine with how its listed above but I need to use allowed addresses to be a variable entry as we have multiple subnets that needs to be applied based on geo location of the cluster

There is a to_json filter in Ansible. I have not used it, but this may be what you need here.

ok thanks @distant raptor

using to_json and from_json i was able to figure this out. Thank you for your help and feedback @distant raptor