panos_op sometimes not properly executing API command

[t11z]

Describe the bug

When using the panos_op module, in some cases the remote command is not being executed at all.

Expected behavior

When executing a task with the panos_op module, an operational command should be issued on the remote device. The API will respond with a "success" XML message and the command should be run.

Current behavior

The API responds with "success", but the command is still not executed.

changed: [my_firewall] => {
    "changed": true,
    "disconnected": false,
    "invocation": {
        "module_args": {
            "api_key": null,
            "cmd": "<set><session><teardown-upon-fwd-zonechange>yes</teardown-upon-fwd-zonechange></session></set>",
            "cmd_is_xml": true,
            "ignore_disconnect": null,
            "ip_address": null,
            "password": null,
            "port": 443,
            "provider": {
                "api_key": null,
                "ip_address": "my_firewall",
                "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
                "port": 443,
                "serial_number": null,
                "username": "my_user"
            },
            "username": "my_user",
            "vsys": "vsys1"
        }
    },
    "msg": "Done",
    "stdout": "{\"response\": {\"@status\": \"success\", \"result\": {\"member\": null}}}",
    "stdout_lines": [
        "{\"response\": {\"@status\": \"success\", \"result\": {\"member\": null}}}"
    ],
    "stdout_xml": "<response status=\"success\"><result>\n  <member />\n</result></response>"
}

> show session info | match Teardown
  Teardown session if forward zone changes:      False

Steps to reproduce

1. Run this playbook:

---
- name: Enable Teardown Upon Forward Zone Change
  hosts: all
  connection: local
  gather_facts: false

  tasks:
    - name: Enable Session Teardown upon forward zone change
      paloaltonetworks.panos.panos_op:
        provider: "{{ provider }}"
        cmd: "<set><session><teardown-upon-fwd-zonechange>yes</teardown-upon-fwd-zonechange></session></set>"
        cmd_is_xml: true

2. Go to the command line of the remote device and see, if "Teardown session if forward zone changes" is set to True:

> show session info | match Teardown
  Teardown session if forward zone changes:      False

Context

Interestingly, this command works, if it is issued on the CLI directly or being pushed to the remote device using panxapi.py from the pan-os-python library which the paloaltonetworks.panos Ansible Collection depends on.

Example call:

panxapi.py -o "<set><session><teardown-upon-fwd-zonechange>yes</teardown-upon-fwd
-zonechange></session></set>" -h my_firewall -l my_user:my_password

Your Environment

$ ansible --version
ansible [core 2.15.12]
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.20 (main, Sep  9 2024, 00:00:00) [GCC 11.5.0 20240719 (Red Hat 11.5.0-2)] (/usr/bin/python3)
  jinja version = 3.1.4
  libyaml = True

$ pip list
Package                   Version
------------------------- ---------
ansible                   8.7.0
ansible-compat            24.9.1
ansible-core              2.15.12
ansible-lint              6.22.2
attrs                     24.2.0
beautifulsoup4            4.12.3
black                     24.8.0
bracex                    2.5.post1
certifi                   2024.8.30
cffi                      1.17.1
charset-normalizer        3.3.2
click                     8.1.7
cryptography              41.0.7
filelock                  3.16.1
gpg                       1.15.1
idna                      3.10
importlib-resources       5.0.7
Jinja2                    3.1.4
jmespath                  1.0.1
jsonschema                4.23.0
jsonschema-specifications 2023.12.1
libcomps                  0.1.18
markdown-it-py            3.0.0
MarkupSafe                2.1.5
mdurl                     0.1.2
mypy-extensions           1.0.0
netaddr                   1.3.0
packaging                 24.1
pan-os-python             1.12.1
pan-python                0.17.0
panos-upgrade-assurance   1.0.1
pathspec                  0.12.1
pip                       21.3.1
platformdirs              4.3.6
pycparser                 2.22
Pygments                  2.18.0
pyOpenSSL                 23.3.0
PyYAML                    6.0.2
referencing               0.35.1
requests                  2.32.3
requests-toolbelt         1.0.0
resolvelib                1.0.1
rich                      13.9.2
rpds-py                   0.20.0
rpm                       4.16.1.3
ruamel.yaml               0.18.6
ruamel.yaml.clib          0.2.8
setuptools                53.0.0
soupsieve                 2.6
subprocess-tee            0.4.2
tomli                     2.0.2
typing_extensions         4.6.3
urllib3                   2.2.3
wcmatch                   10.0
xmltodict                 0.12.0
yamllint                  1.35.1

$ ansible-galaxy collection list

# /root/.ansible/collections/ansible_collections
Collection                    Version
----------------------------- -------
paloaltonetworks.panos        2.21.2 

# /usr/local/lib/python3.9/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    6.5.0  
ansible.netcommon             5.3.0  
ansible.posix                 1.5.4  
ansible.utils                 2.12.0 
ansible.windows               1.14.0 
arista.eos                    6.2.2  
awx.awx                       22.7.0 
azure.azcollection            1.19.0 
check_point.mgmt              5.1.1  
chocolatey.chocolatey         1.5.1  
cisco.aci                     2.8.0  
cisco.asa                     4.0.3  
cisco.dnac                    6.9.0  
cisco.intersight              1.0.27 
cisco.ios                     4.6.1  
cisco.iosxr                   5.0.3  
cisco.ise                     2.6.2  
cisco.meraki                  2.17.0 
cisco.mso                     2.5.0  
cisco.nso                     1.0.3  
cisco.nxos                    4.4.0  
cisco.ucs                     1.10.0 
cloud.common                  2.1.4  
cloudscale_ch.cloud           2.3.1  
community.aws                 6.4.0  
community.azure               2.0.0  
community.ciscosmb            1.0.7  
community.crypto              2.16.1 
community.digitalocean        1.24.0 
community.dns                 2.6.4  
community.docker              3.4.11 
community.fortios             1.0.0  
community.general             7.5.2  
community.google              1.0.0  
community.grafana             1.6.1  
community.hashi_vault         5.0.1  
community.hrobot              1.8.2  
community.libvirt             1.3.0  
community.mongodb             1.6.3  
community.mysql               3.8.0  
community.network             5.0.2  
community.okd                 2.3.0  
community.postgresql          2.4.3  
community.proxysql            1.5.1  
community.rabbitmq            1.2.3  
community.routeros            2.11.0 
community.sap                 1.0.0  
community.sap_libs            1.4.1  
community.skydive             1.0.0  
community.sops                1.6.7  
community.vmware              3.11.1 
community.windows             1.13.0 
community.zabbix              2.2.0  
containers.podman             1.11.0 
cyberark.conjur               1.2.2  
cyberark.pas                  1.0.23 
dellemc.enterprise_sonic      2.2.0  
dellemc.openmanage            7.6.1  
dellemc.powerflex             1.9.0  
dellemc.unity                 1.7.1  
f5networks.f5_modules         1.27.1 
fortinet.fortimanager         2.3.0  
fortinet.fortios              2.3.4  
frr.frr                       2.0.2  
gluster.gluster               1.0.2  
google.cloud                  1.3.0  
grafana.grafana               2.2.3  
hetzner.hcloud                1.16.0 
hpe.nimble                    1.1.4  
ibm.qradar                    2.1.0  
ibm.spectrum_virtualize       1.12.0 
ibm.storage_virtualize        2.1.0  
infinidat.infinibox           1.3.12 
infoblox.nios_modules         1.5.0  
inspur.ispim                  1.3.0  
inspur.sm                     2.3.0  
junipernetworks.junos         5.3.1  
kubernetes.core               2.4.0  
lowlydba.sqlserver            2.2.2  
microsoft.ad                  1.4.1  
netapp.aws                    21.7.1 
netapp.azure                  21.10.1
netapp.cloudmanager           21.22.1
netapp.elementsw              21.7.0 
netapp.ontap                  22.8.3 
netapp.storagegrid            21.11.1
netapp.um_info                21.8.1 
netapp_eseries.santricity     1.4.0  
netbox.netbox                 3.15.0 
ngine_io.cloudstack           2.3.0  
ngine_io.exoscale             1.1.0  
ngine_io.vultr                1.1.3  
openstack.cloud               2.2.0  
openvswitch.openvswitch       2.1.1  
ovirt.ovirt                   3.2.0  
purestorage.flasharray        1.24.0 
purestorage.flashblade        1.14.0 
purestorage.fusion            1.6.0  
sensu.sensu_go                1.14.0 
servicenow.servicenow         1.0.6  
splunk.es                     2.1.2  
t_systems_mms.icinga_director 1.33.1 
telekom_mms.icinga_director   1.35.0 
theforeman.foreman            3.15.0 
vmware.vmware_rest            2.3.1  
vultr.cloud                   1.11.0 
vyos.vyos                     4.1.0  
wti.remote                    1.0.5