search

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0
84 stars 48 forks source link

server_cert param issue with fortios_firewall_ssl_ssh_profile module #231

Closed abringard closed 1 year ago

abringard commented 1 year ago

Hello Team!

I'm facing an issue with the fortios_firewall_ssl_ssh_profile module. When I'm passing server_cert param to the module, I got the following error: 

... "msg": "dictionary requested, could not parse JSON or key=value"

Without passing the param, it works fine.

Code of my playbook:

- hosts: fortigates
  connection: httpapi
  collections:
    - fortinet.fortios
  vars:
    vdom: "root"
    firewall_ssl_ssh_profile:
      - name: test_ingress_profile
      server_cert_mode: replace
      server_cert: "Fortinet SSL"
      https:
        ports: 443
        status: "deep-inspection"
      ftps:
        ports: 990
        status: "deep-inspection"
      imaps:
        ports: 993
        status: "deep-inspection"
      pop3s:
        ports: 995
        status: "deep-inspection"
      ssh:
        ports: 22
        status: "deep-inspection"
      ssl:
        inspect_all: "disable"
      smtps:
        ports: 587
        status: "deep-inspection"
  tasks:
    - name: Create firewall ssl/ssh profile
      fortios_firewall_ssl_ssh_profile:
        vdom: "{{ vdom }}"
        state: "present"
        access_token: "{{ access_token }}"
        firewall_ssl_ssh_profile: "{{ item }}"
      loop: "{{ firewall_ssl_ssh_profile }}"

Execution log with server_cert param:

failed: [fortigate00] (item={
    'name': 'test_ingress_profile', 
    'server_cert_mode': 'replace', 
    'server_cert': 'Fortinet SSL', 
    'https': {
        'ports': 443,
        'status': 'deep-inspection'
    }, 
    'ftps': {
        'ports': 990,
        'status': 'deep-inspection'
    }, 
    'imaps': {
        'ports': 993,
        'status': 'deep-inspection'
    }, 
    'pop3s': {
        'ports': 995,
        'status': 'deep-inspection'
    }, 
    'ssh': {
        'ports': 22, 
        'status': 'deep-inspection'
    }, 
    'ssl': {
        'inspect_all': 'disable'
    }, 
    'smtps': {
        'ports': 587, 
        'status': 'deep-inspection'
    }
}) => {
    "ansible_loop_var": "item", 
    "changed": false, 
    "item": {
        "ftps": {
            "ports": 990,
            "status": "deep-inspection"
        }, 
        "https": {
            "ports": 443, 
            "status": "deep-inspection"
        }, 
        "imaps": {
            "ports": 993,
            "status": "deep-inspection"
        }, 
        "name": "test_ingress_profile", 
        "pop3s": {
            "ports": 995,
            "status": "deep-inspection"
        }, 
        "server_cert": "Fortinet SSL",
        "server_cert_mode": "replace",
        "smtps": {
            "ports": 587,
            "status": "deep-inspection"
        }, 
        "ssh": {
            "ports": 22, 
            "status": "deep-inspection"
        }, 
        "ssl": {
            "inspect_all": "disable"
        }
    }, 
    "msg": "dictionary requested, could not parse JSON or key=value"
}

Execution log without server_cert param:

changed: [fortigate00] => (item={
    'name': 'test_ingress_profile',
    'server_cert_mode': 'replace', 
    'https': {
        'ports': 443, 
        'status': 'deep-inspection'
    }, 
    'ftps': {
        'ports': 990,
        'status': 'deep-inspection'
    }, 
    'imaps': {
        'ports': 993,
        'status': 'deep-inspection'
    }, 
    'pop3s': {
        'ports': 995,
        'status': 'deep-inspection'
    }, 
    'ssh': {
        'ports': 22,
        'status': 'deep-inspection'
    }, 
    'ssl': {
        'inspect_all': 'disable'
    }, 
    'smtps': {
        'ports': 587,
        'status': 'deep-inspection'
    }
})

I'm using versions:

Do you have an idea of what I'm doing wrong?

++ Aymeric

JieX19 commented 1 year ago

Hi @abringard,

server_cert accepts a list of names, for example:

server_cert:
    - 
       name: "cert_1"
       name: "cert_2"
       name: "cert_3"

Here's the doc for this module https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/gen/fortios_firewall_ssl_ssh_profile.html

abringard commented 1 year ago

Hi @JieX19 ,

Thanks for you answer!

My bad! I had the documentation opened in a tab since few months, and I didn't noticed I wad on the 2.1.7 version.

Now it works as expected.

Aymeric