search

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0
84 stars 48 forks source link

Creating API user failed with ansible #258

Closed faizan-syed closed 1 year ago

faizan-syed commented 1 year ago

Hi , My ansible playbook is failing when I am trying to create API admin user from the api profile while giving trusthost IP address. It worked fine without ipv4_trusthost but when I defined it as below it failed


  - name: Create An API User if not present
    debugger: on_failed
    fortios_system_api_user:
      vdom: "root"
      state: "present"
      system_api_user:
        name: "api_admin"
        accprofile: "api_profile"
        vdom:
          - name: "root"  
        trusthost:
          - 
            id: "112"
            ipv4_trusthost: "10.250.180.0 255.255.255.0"
            type: "ipv4-trusthost"

It failed with below error

fatal: [d2a-fw-01]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "access_token": null,
            "enable_log": false,
            "member_path": null,
            "member_state": null,
            "state": "present",
            "system_api_user": {
                "accprofile": "api_profile",
                "api_key": null,
                "comments": null,
                "cors_allow_origin": null,
                "name": "api_admin",
                "peer_auth": null,
                "peer_group": null,
                "schedule": null,
                "trusthost": [
                    {
                        "id": 112,
                        "ipv4-trusthost": "10.250.180.0 255.255.255.0",
                        "ipv6-trusthost": null,
                        "type": "ipv4-trusthost"
                    }
                ],
                "vdom": [
                    {
                        "name": "root"
                    }
                ]
            },
            "vdom": "root"
        }
    },
    "meta": {
        "build": 2030,
        "error": -5,
        "cli_error": "current vf=root:0\ncurrent vf=root:0\nTrusthost IP address can not be empty!\nobject check operator error, -651, discard the setting\nCommand fail. Return code -651\nCommand fail. Return code 1\n",
        "http_method": "POST",
        "http_status": 500,
        "name": "api-user",
        "path": "system",
        "revision": "0444168f0027d4cb9354b94d60036821",
        "revision_changed": false,
        "serial": "FGVM02TM22012120",
        "status": "error",
        "vdom": "root",
        "version": "v6.4.11"
    },
    "msg": "Error in repo"
}
[d2a-fw-01] TASK:.firewall : Create An API User if not present (debug)> User interrupted execution

@FTNT-HQCM @MaxxLiu22 https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_system_api_user_module.html

Need help in this ? why in the output ipv4_trusthost changed to ipv4-trusthost automatically ???

MaxxLiu22 commented 1 year ago

Hi @faizan-syed ,

Thank you for raising this issue, your script works well on my side, may I know which fortinet.fortios collection are you using? type ansible-galaxy collection list to get these information, I use 

ansible.netcommon             5.1.1  
ansible.utils                 2.10.3 
fortinet.fortios              2.3.0

ipv4trusthost changed to ipv4-trusthost is expected, in ansible we use "" but in API we use "-", there is a conversion to satisfy two platform's coding standard.

Thanks, Maxx

faizan-syed commented 1 year ago

Hi @MaxxLiu22 ,

I am using the below collection:-

"fortinet.fortios": "==2.1.6" "ansible.netcommon": "==3.0.1" "ansible.utils": "==2.8.0"

I am running the ansible roles from jenkins pipeline to configure the fortigate.If you see the above error output its showing as Trusthost IP address can not be empty in cli error , even I have defined the ipv4_trusthost and showing msg": "Error in repo" . I am unable to figure out why its coming like that , any suggestion would be really helpful

faizan-syed commented 1 year ago

The issue is resolved after I upgrade the fortinet.fortios to 2.3.0