Getting 404 error while trying to add IPv6 address group using fortios_firewall_addrgrp6

Hi!

I'm getting 404 error while trying to add a IPv6 address group, but IPv4 address group adding works fine. Object that should be in the IPv6 address group as a member exists on the firewall (even tried with "all" and "SSL.." which are default objects). Input data:

forti_ipv6_addrgroups:
  - vdom: "root"
    state: "present"
    member_path: "member:name"
    member_state: "present"
    name: "testtest"
    comment: "Testing6"
    members:
      - member_name: "test1"

Task:

- name: Create IPv6 address group
  fortinet.fortios.fortios_firewall_addrgrp6:
    vdom: "{{ item.0.vdom }}"
    state: "{{ item.0.state }}"
    member_path: "{{ item.0.member_path }}"
    member_state: "{{ item.0.member_state }}"
    firewall_addrgrp6:
      name: "{{ item.0.name }}"
      member:
        - name: "{{ item.1.member_name }}"
      comment: "{{ item.0.comment }}"
  when: forti_ipv6_addrgroups is defined
  loop: "{{ forti_ipv6_addrgroups | d([]) | subelements('members', skip_missing=True) }}"

Results:

failed: [] (item=[{'vdom': 'root', 'state': 'present', 'member_path': 'member:name', 'member_state': 'present', 'name': 'testtest', 'comment': 'Testing6', 'members': [{'member_name': 'test1'}]}, {'member_name': 'test1'}]) => {
    "ansible_loop_var": "item",
    "changed": false,
    "invocation": {
        "module_args": {
            "access_token": null,
            "enable_log": false,
            "firewall_addrgrp6": {
                "color": null,
                "comment": "Testing6",
                "exclude": null,
                "exclude_member": null,
                "fabric_object": null,
                "member": [
                    {
                        "name": "test1"
                    }
                ],
                "name": "testtest",
                "tagging": null,
                "uuid": null,
                "visibility": null
            },
            "member_path": "member:name",
            "member_state": "present",
            "state": "present",
            "vdom": "root"
        }
    },
    "item": [
        {
            "comment": "Testing6",
            "member_path": "member:name",
            "member_state": "present",
            "members": [
                {
                    "member_name": "test1"
                }
            ],
            "name": "testtest",
            "state": "present",
            "vdom": "root"
        },
        {
            "member_name": "test1"
        }
    ],
    "meta": [
        {
            "build": 1577,
            "http_method": "POST",
            "http_status": 404,
            "mkey": "testtest",
            "name": "addrgrp6",
            "object_path": "/firewall/addrgrp6/testtest/member/test1",
            "path": "firewall",
            "serial": "",
            "status": "error",
            "vdom": "root",
            "version": "v7.2.7"
        }
    ]
}

From log:

2024-02-28 23:31:39.092416: checking system_version
2024-02-28 23:31:39.092610: Sending request: METHOD:GET URL:/api/v2/cmdb/firewall/addrgrp6/testtest/member/test1?vdom=root&access_token= DATA:
2024-02-28 23:31:39.154900: Exception thrown from handling http: HTTP Error 404: Not Found
2024-02-28 23:31:39.155039: using access token - no auth update needed: 
2024-02-28 23:31:39.155056: response data: {
  "status":"error",
  "http_status":404,
  "vdom":"root",
  "path":"firewall",
  "name":"addrgrp6",
  "mkey":"testtest",
  "serial":"",
  "version":"v7.2.7",
  "build":1577,
  "http_...<truncated>
2024-02-28 23:31:39.155384: Sending request: METHOD:POST URL:/api/v2/cmdb/firewall/addrgrp6/testtest/member?vdom=root&access_token= DATA:{"name": "test1"}
2024-02-28 23:31:39.218692: Exception thrown from handling http: HTTP Error 404: Not Found
2024-02-28 23:31:39.218836: using access token - no auth update needed: 
2024-02-28 23:31:39.218851: response data: {
  "status":"error",
  "http_status":404,
  "vdom":"root",
  "path":"firewall",
  "name":"addrgrp6",
  "mkey":"testtest",
  "serial":"",
  "version":"v7.2.7",
  "build":1577,
  "http_...<truncated>

Hi @cr0cdev ,

Thank you for raising this question. Your script runs well on my setup. Error code 404 means there is no path to "/api/v2/cmdb/firewall/addrgrp6/testtest/member". Before using the member operation, we have to make sure the testtestaddrgrp6 object exists. If not, it's better to set state="present" and comment out the member operation first to create an addrgrp6 object. Let me know if that is not the situation you encountered.

changed: [fortigate03] => (item=[{'vdom': 'root', 'state': 'present', 'member_path': 'member:name', 'member_state': 'present', 'name': 'testtest', 'comment': 'Testing6', 'members': [{'member_name': 'all'}]}, {'member_name': 'all'}]) => {
    "ansible_loop_var": "item",
    "changed": true,
    "invocation": {
        "module_args": {
            "access_token": null,
            "enable_log": false,
            "firewall_addrgrp6": {
                "color": null,
                "comment": "Testing6",
                "exclude": null,
                "exclude_member": null,
                "fabric_object": null,
                "member": [
                    {
                        "name": "all"
                    }
                ],
                "name": "testtest",
                "tagging": null,
                "uuid": null,
                "visibility": null
            },
            "member_path": "member:name",
            "member_state": "present",
            "state": "present",
            "vdom": "root"
        }
    },
    "item": [
        {
            "comment": "Testing6",
            "member_path": "member:name",
            "member_state": "present",
            "members": [
                {
                    "member_name": "all"
                }
            ],
            "name": "testtest",
            "state": "present",
            "vdom": "root"
        },
        {
            "member_name": "all"
        }
    ],
    "meta": [
        {
            "build": 1577,
            "child_path": "member",
            "http_method": "POST",
            "http_status": 200,
            "mkey": "all",
            "name": "addrgrp6",
            "object_path": "/firewall/addrgrp6/testtest/member/all",
            "old_revision": "58e41ac3c936157895c034090c2599c3",
            "path": "firewall",
            "revision": "0a74f21e80fc9d5b3f56136751f3c514",
            "revision_changed": true,
            "serial": "FGVMULTM23001481",
            "status": "success",
            "vdom": "root",
            "version": "v7.2.7"
        }
    ]
}

Thanks, Maxx

fortinet-ansible-dev / ansible-galaxy-fortios-collection

Getting 404 error while trying to add IPv6 address group using fortios_firewall_addrgrp6 #300