dvmdb_adom not working in fmgr_fact

[cr0cdev]

Hi!

Since the new update it seems that dvmdb_adom with ADOM defined under params is not working anymore when used in fmgr_fact. Task:

- name: Check if ADOM already exists on FortiManager
  block:
    - name: Check if ADOM already exists on FortiManager
      fortinet.fortimanager.fmgr_fact:
        facts:
          selector: "dvmdb_adom"
          params:
            adom: "{{ adom_name | lower }}"
      register: adom_check
      failed_when: adom_check.meta.response_code != 0 and 'Object does not exist' not in adom_check.meta.response_message
  rescue:
    - name: Create error message file
      file:
        path: error.txt
        mode: "0755"
        state: touch
    - name: Write error message to file
      lineinfile:
        path: error.txt
        line: "ADOM check failed! Please contact technical support! Error: {{ adom_check.meta.response_message }}"
    - name: Fail task after file creation
      fail:
        msg: "Check error file for the reason why task failed"

This is the error that we are getting regarding checking if adom exists:

fatal: [fortimanager01]: FAILED! => {
    "changed": false,
    "failed_when_result": "The conditional check 'adom_check.meta.response_code != 0 and 'Object does not exist' not in adom_check.meta.response_message' failed. The error was: error while evaluating conditional (adom_check.meta.response_code != 0 and 'Object does not exist' not in adom_check.meta.response_message): 'dict object' has no attribute 'meta'. 'dict object' has no attribute 'meta'",
    "invocation": {
        "module_args": {
            "access_token": null,
            "enable_log": false,
            "facts": {
                "extra_params": null,
                "fields": null,
                "filter": null,
                "option": null,
                "params": {
                    "adom": "test-adom"
                },
                "selector": "dvmdb_adom",
                "sortings": null
            },
            "forticloud_access_token": null,
            "rc_failed": null,
            "rc_succeeded": null,
            "workspace_locking_adom": null,
            "workspace_locking_timeout": 300
        }
    },
    "msg": "Please check the value of params: adom"
}

After downgrading Ansible to 2.16.7 and FortiManager collection to 2.5.0 the same task works fine. But if we try to list all adom's using dvmdb_adom then it works (as we do not define ADOM in params). Working task:

- name: Check if ADOM already exists on FortiManager
  block:
    - name: Check if ADOM already exists on FortiManager
      fortinet.fortimanager.fmgr_fact:
        facts:
          selector: "dvmdb_adom"
          params:
            adom: ""
      register: adom_check
      failed_when: adom_check.meta.response_code != 0 and 'Object does not exist' not in adom_check.meta.response_message
  rescue:
    - name: Create error message file
      file:
        path: error.txt
        mode: "0755"
        state: touch
    - name: Write error message to file
      lineinfile:
        path: error.txt
        line: "ADOM check failed! Please contact technical support! Error: {{ adom_check.meta.response_message }}"
    - name: Fail task after file creation
      fail:
        msg: "Check error file for the reason why task failed"

Thanks!

[dux-fortinet]

Hi @cr0cdev,

Thanks for pointing out this issue .I have identified the root cause; it is indeed a bug present in FMG Ansible v2.6.0. This specific issue occurs exclusively in the "fmgr_fact" module when using any of the "xxxx_adom" selectors. This problem will be fixed in the next release.

Here is a workaround playbook

  tasks:
    # - name: Check if ADOM already exists on FortiManager
    #   block:
    #     - name: Check if ADOM already exists on FortiManager
    #       fortinet.fortimanager.fmgr_fact:
    #         facts:
    #           selector: "dvmdb_adom"
    #           params:
    #             adom: "{{ adom_name | lower }}"
    #       register: adom_check
    #       failed_when: adom_check.meta.response_code != 0 and 'Object does not exist' not in adom_check.meta.response_message
    - name: Workaround
      block:
        - name: Check if ADOM already exists on FortiManager
          fortinet.fortimanager.fmgr_generic:
            method: "get"
            params:
              - url: "/dvmdb/adom/{{adom_name | lower}}"
          register: adom_check
          failed_when: adom_check.meta.response_code != 0 and 'Object does not exist' not in adom_check.meta.response_message
      rescue:
        - name: Create error message file
          file:
            path: error.txt
            mode: "0755"
            state: touch
        - name: Write error message to file
          lineinfile:
            path: error.txt
            line: "ADOM check failed! Please contact technical support! Error: {{ adom_check.meta.response_message }}"
        - name: Fail task after file creation
          fail:
            msg: "Check error file for the reason why task failed"

Please let me know if you need this fixed urgently. If so, our team can prioritize this project and release a new FMG Ansible version as early as this Friday. (Otherwise, the updated version is scheduled for release in late September.)

Thanks, Dux

[cr0cdev]

Hi Dux

If it is possible then I would greatly appreciate if you can release a fix before September. I would like to use less and less of fmgr_generic module in our code.

Thank!

[dux-fortinet]

Sure, I guarantee that the new version will be released before September. Sorry for this BUG.

[cr0cdev]

Sure, I guarantee that the new version will be released before September. Sorry for this BUG.

Bugs happen, no need to be sorry about them :smile:

[dux-fortinet]

This issue has been fixed in FortiManager Ansible 2.7.0