search

fortinet-ansible-dev / ansible-galaxy-fortimanager-collection

GNU General Public License v3.0
16 stars 16 forks source link

Add devices to template group using fortinet.fortimanager.fmgr_templategroup #84

Closed cr0cdev closed 6 months ago

cr0cdev commented 7 months ago

Hello!

I can see that it is possible to create template groups using fmgr_templategroup module, but I do not see a parameter that allows us to add devices to that group. Currently we are using this API endpoint /pm/config/adom/{adom}/obj/cli/template-group/{template_group_name}/scope member to add device to the template group. How could we use the fmgr_templategroup module to do the same?

Thanks!

dux-fortinet commented 6 months ago

Hi @cr0cdev

Thanks for raising this issue. In the next version of FMG Ansible (coming within a week), you will be able to use "bypass_validation: true" to specify "scope member" in the fmgr_templategroup (see example playbook in the bottom)

fmgr_templategroup using the API /pm/config/adom/{adom}/obj/cli/template-group/. In the FNDN, this API doesn't have the parameter "scope member". (And API /pm/config/adom/{adom}/obj/cli/template-group/{template_group_name}/scope member is not documented in the FNDN) So "scope member" seems to be a hidden parameter of this API. If I use "get" method to information from this API, this API wouldn't return "scope member" data. Yet I can specify "scope member" and add the device successfully by using the following JSON request.

{
    "method": "set",
    "params": [
        {
            "url": "/pm/config/adom/root/obj/cli/template-group/test_group",
            "data": 
                {
                    "name": "test_group",
                    "description": "",
                    "member": ["test"],
                    "scope member": {"name": "FGVMMLTM00000000", "vdom":"root"}
                }

        }
    ],
    "id": "1"
}

Since this parameter is not documented in the FNDN, I can't directly add it in the fmgr_templategroup just in case they change the schema of the API.

Yet in the next version of Ansible FortiManager, you can add undocumented parameters by using bypass_validation: true. The following playbook is an example of how to add scope member. The new version of Ansible FortiManager will be released within a week.

- name: Github84
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Add scope member in templategroup
      fortinet.fortimanager.fmgr_templategroup:
        bypass_validation: true # use bypass_validation: true to allow submitting parameter "scope member"
        state: present
        adom: root
        templategroup:
          member: ["test"]
          name: test_group
          scope member: # use "scope member" rather than "scope_member"
            - name: "FGVMMLTM00000000"
              vdom: "root"

Thanks.

cr0cdev commented 6 months ago

Thanks Dux!