Authenticating on FortiGates using API doesn't work with Ansible-core 2.17

[slefol]

Issue Type

Bug Report

Module Name

fortinet.fortios.fortios_monitor_fact

fortinet.fortios collection and Ansible version

$ ansible --version
ansible [core 2.17.0]
  config file = /home/ansible/ansible_network/ansible.cfg
  configured module search path = ['/home/slefol/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/slefol/ansible-venv/lib/python3.11/site-packages/ansible
  ansible collection location = /home/slefol/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/slefol/ansible-venv/bin/ansible
  python version = 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] (/home/slefol/ansible-venv/bin/python3)
  jinja version = 3.1.3
  libyaml = True

$ ansible-galaxy collection list fortinet.fortios
Collection       Version
---------------- -------
fortinet.fortios 2.3.6

OS / Environment

FortiOS 7.2

Summary

I am facing issues executing the related playbook, even though the same playbook runs well with an older version of Ansible.

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Requested entry (plugin_type: connection plugin: ansible_collections.ansible.netcommon.plugins.connection.httpapi setting: access_token ) was not defined in configuration.

i did uninstall ansible-core 2.17.0 and installed 2.16.7 and now it works as expected.

Actual results

TASK [fortios_monitor_fact] ******************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.module_utils.connection.ConnectionError: Requested entry (plugin_type: connection plugin: ansible_collections.ansible.netcommon.plugins.connection.httpapi setting: access_token ) was not defined in configuration.
fatal: [fw-it02]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/home/slefol/.ansible/tmp/ansible-local-118189j__ajxw/ansible-tmp-1718196953.5870504-11821-208061016700168/AnsiballZ_fortios_monitor_fact.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/home/slefol/.ansible/tmp/ansible-local-118189j__ajxw/ansible-tmp-1718196953.5870504-11821-208061016700168/AnsiballZ_fortios_monitor_fact.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/home/slefol/.ansible/tmp/ansible-local-118189j__ajxw/ansible-tmp-1718196953.5870504-11821-208061016700168/AnsiballZ_fortios_monitor_fact.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.fortinet.fortios.plugins.modules.fortios_monitor_fact', init_globals=dict(_module_fqn='ansible_collections.fortinet.fortios.plugins.modules.fortios_monitor_fact', _modlib_path=modlib_path),\n  File \"<frozen runpy>\", line 226, in run_module\n  File \"<frozen runpy>\", line 98, in _run_module_code\n  File \"<frozen runpy>\", line 88, in _run_code\n  File \"/tmp/ansible_fortios_monitor_fact_payload_wqx5m57c/ansible_fortios_monitor_fact_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_monitor_fact.py\", line 3228, in <module>\n  File \"/tmp/ansible_fortios_monitor_fact_payload_wqx5m57c/ansible_fortios_monitor_fact_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_monitor_fact.py\", line 3168, in main\n  File \"/tmp/ansible_fortios_monitor_fact_payload_wqx5m57c/ansible_fortios_monitor_fact_payload.zip/ansible/module_utils/connection.py\", line 199, in __rpc__\nansible.module_utils.connection.ConnectionError: Requested entry (plugin_type: connection plugin: ansible_collections.ansible.netcommon.plugins.connection.httpapi setting: access_token ) was not defined in configuration.\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Steps to reproduce

inventory :

[fortigates]
fortigate01 ansible_host=192.168.190.42 fortios_access_token=<your access token>

[fortigates:vars]
ansible_network_os=fortinet.fortios.fortios

playbbok :

---
- hosts: fortigates
  connection: httpapi
  collections:
  - fortinet.fortios
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: true
   ansible_httpapi_validate_certs: false
   ansible_httpapi_port: 443

  tasks:
    - fortios_monitor_fact:
        vdom: "{{ vdom }}"
        access_token: "{{ fortios_access_token }}"
        selector: 'system_status'

[slefol]

See also #316

[MaxxLiu22]

Hi @slefol ,

Thank you for bringing this issue to our attention. It appears that Ansible [core 2.17.0] has introduced a feature that checks for valid arguments, which unfortunately blocks some key arguments from being passed. We are actively working on improving this aspect. In the meantime, we kindly request you to downgrade to an older version of Ansible core as a temporary solution. We apologize for any inconvenience this may cause and appreciate your understanding.

Thanks, Maxx

[slefol]

Hi @MaxxLiu22 , are there any updates fot this issue ? Please keep me updated about the progress.

[MaxxLiu22]

Hi @slefol ,

We apologize for the wait. The next release is currently undergoing testing. If everything goes well, it should be available next week. Thank you for your patience.

Thanks, Maxx

[slefol]

@MaxxLiu22 , Thanks for your feedback

[MaxxLiu22]

Hi @slefol

We just released Ansible FOS 2.3.7. This issue should be fixed, so you could upgrade to it and give it a try at your convenience.

ansible-galaxy collection install fortinet.fortios:2.3.7

Thanks, Maxx

[hazenme]

I am not the OP, but fortinet.fortios:2.3.7 has fixed the issue for me with ansible-core 2.17.2

[slefol]

Hi, I confirm that it works as expected tested with ansible-core 2.17.0 and 2.17.2 Thanks a lot