search

fortinet / fortigate-tutorial-gcp

6 stars 12 forks source link

PR: adjust day2 fortios authentication to optionally use username/password over token when a 4xx occurs on the API #10

Open obriensystems opened 4 months ago

obriensystems commented 4 months ago

before running make sure you have more than the default 5 VPC quota on your project as well day1 issue on fortios during plan

https://github.com/fortinet/fortigate-tutorial-gcp/blob/main/terraform/day1/versions.tf#L21

Plan: 10 to add, 0 to change, 0 to destroy.
╷
│ Error: Error create fortios client: Error using Token to login: 
│ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
│ <html><head>
│ <title>403 Forbidden</title>
│ </head><body>
│ <h1>Forbidden</h1>
│ <p>You don't have permission to access this resource.</p>
│ <p>Additionally, a 403 Forbidden
│ error was encountered while trying to use an ErrorDocument to handle the request.</p>
│ </body></html>
│ 
│ 
│   with provider["registry.terraform.io/fortinetdev/fortios"],
│   on versions.tf line 21, in provider "fortios":
│   21: provider "fortios" {
│ 
╵

fixing by using the username password option of the fortios provider instead of the token - and switching to the last VM I authenticated on - index 1



day1/versions.tf
provider "fortios" {
# TODO: automatically find which peer is primary at the moment of deployment
#       for now we just go to the first instance

  hostname  = data.terraform_remote_state.base.outputs.fgt-mgmt-eips[1]
  username  = "admin" 
  password  = "m...1"
  #token     = data.terraform_remote_state.base.outputs.api-key
  insecure  = "true"

michael@cloudshell:~/fortigate-terraform-olapp/fortigate-tutorial-gcp/terraform/day1 (fortigate-terraform-olapp)$ terraform plan -out tf.plan

Plan: 31 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + public_ip = (known after apply)

──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Saved the plan to: tf.plan

To perform exactly these actions, run the following command to apply:
    terraform apply "tf.plan"

1920
michael@cloudshell:~/fortigate-terraform-olapp/fortigate-tutorial-gcp/terraform/day1 (fortigate-terraform-olapp)$ terraform apply --parallelism=1 tf.plan
fortios_firewall_address.tier2: Creating...
fortios_firewall_address.tier2: Creation complete after 1s [id=gcp-tier2]
fortios_firewall_address.tier1: Creating...
fortios_firewall_address.tier1: Creation complete after 0s [id=gcp-tier1]
google_compute_network.tier2: Creating...
obriensystems commented 4 months ago

see https://registry.terraform.io/providers/fortinetdev/fortios/latest/docs

fmichaelobrien commented 4 months ago

however, I think this authentication issue occurred because I changed the default password from the instance id between day0 and day1 - so on me, retesting without the pw change