Open dot-mike opened 9 months ago
Hi @dot-mike,
Did the ansible task execute successfully? The 'params' attribute you mentioned above actually accepts all the supported parameters in a specific selector, for example, 'disk_event_vpn', which accepts parameters including start, rows, session_id, serial_no, is_ha_member, filter and extra. The 'vdom' should not be here. There should be an error and the task should be failed as expected.
You can run the playbook by adding -vvvvv at the tail of the command, all the outputs will show on the screen, or you can write them to a file.
If you take a close look at the log, there should be an exception in the log, I just paste what I got in the log as following:
2023-10-23 11:38:49.047843: login with access token succeeded 2023-10-23 11:38:49.047852: pre login succeeded 2023-10-23 11:38:49.047874: Sending request: METHOD:GET URL:/api/v2/log/disk/event/vpn?access_token=xxxxxxxxxxxxxxxxxxx&filter=%7B%27tunneltype%27%3A%20%27ssl%27%7D&rows=1&vdom=user DATA: 2023-10-23 11:38:49.081006: Exception thrown from handling http: HTTP Error 403: Forbidden 2023-10-23 11:38:49.081118: using access token - no auth update needed: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx 2023-10-23 11:38:49.081128: response data: { "http_method":"GET", "status":"error", "http_status":403,
The same issue here. Although I specify vdom in a playbook, fortios_log_fact module always returns root vdom.
Steps to reproduce
Run the below task:
tasks:
- name: resource output
fortios_log_fact:
vdom: "testvdom"
selectors:
- selector: "memory_traffic_forward"
Module returns the below:
ok: [fortinet01] => {
"changed": false,
"invocation": {
"module_args": {
"access_token": null,
"enable_log": false,
"filters": null,
"formatters": null,
"params": null,
"selector": null,
"selectors": [
{
"filters": null,
"formatters": null,
"params": null,
"selector": "memory_traffic_forward",
"sorters": null
}
],
"sorters": null,
"vdom": "testvdom"
}
},
(...)
"meta": [
{
"rows": 400,
"serial": "XXXXX",
"session_id": 46,
"start": 1,
"status": "success",
"subcategory": "forward",
"total_lines": 292,
"vdom": "root",
"version": "v7.4.1"
}
Research
fortios_log_fact
, I think it misses passing vdom
parameter to the thrown API since there is no logic to pass vdom
.def fortios_log_fact(params, fos):
valid, result = validate_parameters(params, fos)
if not valid:
return True, False, result
selector = params["selector"]
url_params = dict()
if params["filters"] and len(params["filters"]):
filter_body = quote(params["filters"][0])
for filter_item in params["filters"][1:]:
filter_body = "%s&filter=%s" % (filter_body, quote(filter_item))
url_params["filter"] = filter_body
if params["sorters"] and len(params["sorters"]):
sorter_body = params["sorters"][0]
for sorter_item in params["sorters"][1:]:
sorter_body = "%s&sort=%s" % (sorter_body, sorter_item)
url_params["sort"] = sorter_body
if params["formatters"] and len(params["formatters"]):
formatter_body = params["formatters"][0]
for formatter_item in params["formatters"][1:]:
formatter_body = "%s|%s" % (formatter_body, formatter_item)
url_params["format"] = formatter_body
if params["params"]:
for selector_param_key, selector_param in params["params"].items():
url_params[selector_param_key] = selector_param
vdom
parameters specified in a playbook.
log_get: full_url='/api/v2/log/memory/traffic/forward'
log_get: parameters={}
def log_get(self, url, parameters=None):
slash_index = url.find('/')
full_url = self.log_url(url[: slash_index], url[slash_index + 1:])
import q; q(full_url) # <---debugging
q(parameters) # <---debugging
So, I think this is a module problem.
Module
fortios_log_fact
does not pass on the vdom parameter from https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/blob/bd71eceeb846b7c7c94894c2a7cbfc5f214b7389/plugins/modules/fortios_log_fact.py#L2686 to --> https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/blob/bd71eceeb846b7c7c94894c2a7cbfc5f214b7389/plugins/modules/fortios_log_fact.py#L2311For example, this fails:
Results in this log:
The following task below works (only because I pass vdom as part of params, which is not according to docs!)
Results in this log: