Module vpn_ssl_setting error dictionary requested, could not parse JSON or key=value

[cardosocristian]

I'm trying to generate ansible to configure Fortigate's vpn_ssl service and I'm getting the error reported in the title of this issue.

Follow the playbook below:

- collections:
  - fortinet.fortios
  connection: httpapi
  hosts: 2600f
  vars:
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    vdom: root
  tasks:
  - name: VPN SSL configurações globais
    fortios_vpn_ssl_settings:
      state: present
      vdom: VPN
      vpn_ssl_settings:
        servercert: "empresa.net"
        idle_timeout: "300"
        algorithm: "high"
        ciphersuite: "TLS-AES-128-GCM-SHA256 TLS-AES-256-GCM-SHA384 TLS-CHACHA20-POLY1305-SHA256"
        auth_timeout: "43200"
        auth_session_check_source_ip: "enable"
        force_two_factor_auth: "enable"
        login_attempt_limit: "5"
        login_block_time: "60"
        login_timeout: "30"
        dtls_hello_timeout: "10"
        ssl_insert_empty_fragment: "enable"
        ssl-min-proto-ver: "tls1-2"
        ssl-max-proto-ver: "tls1-3"
        auto-tunnel-static-route: "enable"
        tunnel_ip_pools:
         - name: REDE-v4
        tunnel_ipv6_pools:
         - name: REDE-v6
        dns_server1: "10.10.10.11"
        dns_server2: "10.10.10.12"
        dns_suffix: "rede.local"
        default_portal: "tunnel-access"
        source_interface: "VPN-TO-EXT0"
        source_address:
         - name: "BRASIL-v4"
        source_address6:
         - name: "BRASIL-v6"
        authentication_rule:
         - id: 1
           groups:
            - name: "REDE"
           portal: "VPN-REDE"
           auth: "ldap"
           cipher: "high"
           client-cert: "disable"
        client_sigalgs: "all"
        dual_stack_mode: "enable"
        tunnel_addr_assigned_method: "first-available"
        dtls_min_proto_ver: "dtls1-0"
        dtls_max_proto_ver: "dtls1-2"
        status: "enable"
        port: 10443
        port_precedence: "enable"

When I run the playbook, the error already occurs locally in ansible. I performed syntax checking and also removed the mailing lists for testing, but the error is still displayed at the end of the execution attempt.

"msg": "dictionary requested, could not parse JSON or key=value"

# /home/ansible-fortinet/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
ansible.netcommon 5.1.1
ansible.utils     2.10.3
fortinet.fortios  2.3.0

[JieX19]

Hi @cardosocristian,

It's caused by the 'source_interface', which acceptes a list ob objects. here's the doc for this module https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/gen/fortios_vpn_ssl_settings.html.

source_interface:
   - name: port2

[cardosocristian]

Hi @JieX19 sorry I didn't see the list in the module, I skimmed the documentation and didn't see that this was also a list. I would like to ask one last question about the module, I noticed that the module does not have the "state" present and absent, is this on purpose?

[JieX19]

@cardosocristian Good question! Because vpn_ssl_setting is a global object and it's not allowed to be deleted or created.

[cardosocristian]

Thanks for the clarification and help @JieX19