fortios_configuration_fact local usernames under global configuration

[LummoxD]

Hello,

I'm trying to pull a list of locally configured admin usernames from a Fortigate Firewall for audit purposes. As to my understanding "user_local" selector must be used, but it also requires to specify a vdom, if not specified it uses "root". Since local admin users are configured under global configuration i am unable to reach it using this module.

Is there a way to pull a list of admin usernames which is under global configuration?

Playbook:

• name: Forti_user_report hosts: forti_test connection: httpapi gather_facts: no serial: 1 ignore_errors: yes

  tasks:

  • name: Retrieve local users from Fortigate fortinet.fortios.fortios_configuration_fact: vdom: "root" # Replace with your VDOM if different access_token: "**" selector: "user_local" register: fortigate_users

Result:

"meta": {
    "build": 1378,
    "http_method": "GET",
    "http_status": 200,
    "name": "local",
    "path": "user",
    "results": [
        {
            "auth-concurrent-override": "disable",
            "auth-concurrent-value": 0,
            "authtimeout": 0,
            "email-to": "",
            "fortitoken": "",
            "id": 16777217,
            "ldap-server": "",
            "name": "guest",
            "passwd": "ENC XXXX",
            "passwd-policy": "",
            "passwd-time": "0000-00-00 00:00:00",
            "ppk-identity": "",
            "ppk-secret": "",
            "q_origin_key": "guest",
            "radius-server": "",
            "sms-custom-server": "",
            "sms-phone": "",
            "sms-server": "fortiguard",
            "status": "enable",
            "tacacs+-server": "",
            "two-factor": "disable",
            "two-factor-authentication": "",
            "two-factor-notification": "",
            "type": "password",
            "username-sensitivity": "enable",
            "workstation": ""
        }
    ],
    "revision": "3c5444d999e0ca82c4fbab9b6458d4f6",
    "serial": "*********",
    "status": "success",
    "vdom": "root",
    "version": "v6.2.15"

if I change vdom to something else, I get admin usernames only in that vdom which in my case is empty.

I've also tried other selectors such as system_admin, with no luck

[LummoxD]

turns out problem was with an API user permissions, had to use super_admin username and password instead of token for the authentication and system_admin selector worked.