Changing admin user password results in 403 PUT error.

[TafkaMax]

After creating an initial user with a password, changing the password is not so trivial with Ansible anymore.

If you uncomment the #password key the you get:

fatal: [192.168.XX.XX]: FAILED! => {"changed": false, "meta": {"build": 1575, "http_method": "PUT", "http_status": 403, "mkey": "read-only-admin", "name": "admin", "path": "system", "revision": "7e14a6af171288c83b8c29a8e1d7e16b", "revision_changed": false, "serial": "REDACTED", "status": "error", "vdom": "root", "version": "v7.2.6"}, "msg": "Error in repo"}

- name: Register 'read-only-admin' user if not present in vdom 'root'.
  fortinet.fortios.fortios_system_admin:
    vdom: 'root'
    state: present
    system_admin:
      name: 'read-only-admin'
      accprofile: 'read-only-profile'
      comments: 'Read Only privileged admin user to save backup configuration.'
      #password: '{{ gw_ro_password }}'
      vdom:
        - name: 'root'
      force_password_change: disable

---

So changing a password with ansible after inital creation becomes quite bothersome.

More info: https://community.fortinet.com/t5/Support-Forum/Fortigate-API-works-for-everything-but-admin-password-change/td-p/80126

[alagoutte]

Duplicate of https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/issues/20 and https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/issues/126

You can look to system.change-password from fortios_monitor (with create an user with no password and after use this playbook for change/update the password)