fortios_monitor_fact fails since 7.4.5

fredtj commented 1 month ago

fortinet.fortios:2.3.7

A previously working config backup is now failing after upgrading from 7.4.4 to 7.4.5:

- name: backup fortigate device configs
  hosts: '{{ target_host }}'
  collections:
    - fortinet.fortios
  connection: httpapi

  tasks:
  - name: get config
    fortios_monitor_fact:
      selector: system_config_backup
      params:
        scope: global
    register: backupinfo

  - name: save config
    copy:
      content: '{{ backupinfo.meta.raw }}'
      dest: '{{ backup_absolute_file }}'

Traceback (most recent call last):
  File "/root/.ansible/tmp/ansible-local-3858564dep9yx0i/ansible-tmp-1728310775.9699528-3859035-149195769712517/AnsiballZ_fortios_monitor_fact.py", line 107, in <module>
    _ansiballz_main()
  File "/root/.ansible/tmp/ansible-local-3858564dep9yx0i/ansible-tmp-1728310775.9699528-3859035-149195769712517/AnsiballZ_fortios_monitor_fact.py", line 99, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File "/root/.ansible/tmp/ansible-local-3858564dep9yx0i/ansible-tmp-1728310775.9699528-3859035-149195769712517/AnsiballZ_fortios_monitor_fact.py", line 47, in invoke_module
    runpy.run_module(mod_name='ansible_collections.fortinet.fortios.plugins.modules.fortios_monitor_fact', init_globals=dict(_module_fqn='ansible_collections.fortinet.fortios.plugins.modules.fortios_monitor_fact', _modlib_path=modlib_path),
  File "<frozen runpy>", line 226, in run_module
  File "<frozen runpy>", line 98, in _run_module_code
  File "<frozen runpy>", line 88, in _run_code
  File "/tmp/ansible_fortios_monitor_fact_payload_b90dh1vt/ansible_fortios_monitor_fact_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_monitor_fact.py", line 3277, in <module>
  File "/tmp/ansible_fortios_monitor_fact_payload_b90dh1vt/ansible_fortios_monitor_fact_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_monitor_fact.py", line 3228, in main
  File "/tmp/ansible_fortios_monitor_fact_payload_b90dh1vt/ansible_fortios_monitor_fact_payload.zip/ansible_collections/fortinet/fortios/plugins/modules/fortios_monitor_fact.py", line 2507, in fortios_monitor_fact
  File "/tmp/ansible_fortios_monitor_fact_payload_b90dh1vt/ansible_fortios_monitor_fact_payload.zip/ansible_collections/fortinet/fortios/plugins/module_utils/fortios/fortios.py", line 581, in monitor_get
  File "/tmp/ansible_fortios_monitor_fact_payload_b90dh1vt/ansible_fortios_monitor_fact_payload.zip/ansible/module_utils/connection.py", line 200, in __rpc__
ansible.module_utils.connection.ConnectionError: Expecting value: line 1 column 1 (char 0)

Let me know if you need further information, or if you have a workaround.

Regards

MaxxLiu22 commented 1 month ago

Hi @fredtj ,

Thank you for bringing this issue to our attention. In FOS 7.4.5, we introduced a new feature to disable token provision via the URL method to enhance authentication security, which may affect API users inherited from previous versions. If you are using token-based authentication, you may need to create a new API user to regenerate the token. For username/password authentication, you can enable the rest-api-key-url-query setting under global settings. I have also reported this to the Ansible team to ensure they incorporate this FOS change. Please let me know if the issue persists.

myfgt # config system global 

myfgt (global) # set rest-api-key-url-query enable 

myfgt (global) # show
config system global
    set hostname "myfgt"
    set rest-api-key-url-query enable
    set timezone "US/Pacific"
end

myfgt (global) # end

Thanks, Maxx

fredtj commented 1 month ago

Hey @MaxxLiu22,

Thanks for the pointers. Was using U/P and didn't want to enable the setting above, so I migrated to a token. Can confirm doing this has corrected the issue and config backups are working again.

Thank you!

fortinet-ansible-dev / ansible-galaxy-fortios-collection

fortios_monitor_fact fails since 7.4.5 #350