fortimanager_packages_firewall_policy: srcaddr variable type

[nie-kita]

Issue

FortiManager allows to define a list of source/destination addresses and/or interfaces. In such case, API delivers a list of strings. Currently, the provider is prepared to work with strings only.

Proposed solution

Define a TypeList for those parameters in question. For instance:

"srcaddr": &schema.Schema{
    Type: schema.TypeList,
    Elem: &schema.Schema{
        Type: schema.TypeString,
    },
    Optional: true,
    Computed: true,
}

[lix-fortinet]

Hi @nie-kita ,

Thank you for raising this issue. Team is working on this issue. And we will fix it in the next release. Before that, you could use the generic resource as alternatives: https://registry.terraform.io/providers/fortinetdev/fortimanager/latest/docs/resources/fortimanager_json_generic_api Like this:

resource "fortimanager_json_generic_api" "test1" {
  json_content = <<JSON
{
    "method": "add",
    "params": [
        {
            "url": "/pm/config/adom/root/pkg/default/firewall/policy",
            "data": {
                "srcintf": [
                    "port3",
                    "port4"
                ],
                "dstintf": [
                    "any"
                ],
                "srcaddr": [
                    "all"
                ],
                "dstaddr": [
                    "all"
                ],
                "action": "accept",
                "status": "enable",
                "schedule": [
                    "always"
                ],
                "service": [
                    "ALL"
                ],
                "name": "sss1"
            }
        }
    ]
}
JSON
}

Please let me know if you have any questions.

Thanks, Xing

[nie-kita]

Thank you for a quick response. For now I made changes to the provider code and use a local provider version. Waiting for the next release=)

Changing the datatype, please be aware, that the "Service" parameter also can contain multiple strings.

[lix-fortinet]

Hi @nie-kita ,

Thank you for your reminder. Please let me know if you have any other questions.

Thanks, Xing

[nie-kita]

hi guys, I was adding more fortimanager resources, and noticed, that the resource fortimanager_object_firewall_addrgrp with its "member" key has to contain a list of strings as well. so, I guess, we can consider this issue here as a general issue regarding list of strings requirement of Fortimanager API for all kinds of resources parameters.

[thenoob999]

Hello,

Do you know where the issues will be resolved ? In fact if we want to use terraform and fortimanager configurations, it is better to have List when it is possible like a python script or json request. For example srcintf and "dstintf" does not work today .

As nie-kita , there are others parameters which does not work too

Thanks for your help

Best Regards

[nvibert]

Experiencing the same challenge as describe above: I would like to create an address group made of multiple addresses but it's not possible today due to the way the resource is built today (exactly the same challenge as expressed by the "nie-kita" user above.

[IshentRas]

Experiencing the same challenge as describe above: I would like to create an address group made of multiple addresses but it's not possible today due to the way the resource is built today (exactly the same challenge as expressed by the "nie-kita" user above.

https://github.com/fortinetdev/terraform-provider-fortimanager/pull/5

[lix-fortinet]

Hi @nie-kita, @thenoob999, @nvibert, @IshentRas ,

V1.3.5 fixed this issue and has been released. Please upgrade to the latest version of FortiManager Terraform provider and try it again.

Please let me know if you have any questions.

Thanks, Xing

[IshentRas]

Thanks Xing. What are truly missing are Data sources the same way that fortios has got it. It will give us the capacity to query FMG around existing objects etc... Please make sure you guys add some Data sources in the next release (addr addr grp...)