search

fortinetdev / terraform-provider-fortimanager

Mozilla Public License 2.0
10 stars 9 forks source link

API for Manipulating "Static Route Templates" Not Public #56

Open Almujalled opened 2 months ago

Almujalled commented 2 months ago

Hi,

Similar to issue #52, it appears that the API for manipulating "Static Route Templates" under "Provisioning Templates" is not made public.

I have attempted to debug the FortiManager CLI while creating a template group through the GUI, but I was unable to identify the URL.

Could you please confirm if my observation is correct? If so, could you kindly point me to the correct URL to use fortimanager_json_generic_api to address this?

Thank you!

MaxxLiu22 commented 2 months ago

Hi @Almujalled ,

Thank you for bringing this issue to our attention. We appreciate your diligence. It appears that this API method has not yet been exposed. I have reported this to the API team along with your issue #52 . In the meantime, I have found a way to create a static router template and an IPv4 static route using fortimanager_json_generic_api.

resource "fortimanager_json_generic_api" "template" {
  json_content = <<JSON
{
    "method": "add",
    "params": [
        {
            "data": {
                "name": "static-3",
                "template setting": {
                    "stype": "_router_static",
                    "widgets": "_router_static"
                },
                "type": "template"
            },
            "url": "/pm/template/_router_static/adom/root"
        }
    ]
}
JSON
}

resource "fortimanager_json_generic_api" "ipv4" {
  depends_on = [fortimanager_json_generic_api.template]
  json_content = <<JSON
{
    "method": "post",
    "params": [
        {
            "data": [
                {
                    "action": "conf-static-router",
                    "seq": 1,
                    "value": {
                        "bfd": 0,
                        "blackhole": 0,
                        "device": [
                            "port2"
                        ],
                        "distance": 10,
                        "dst": "0.0.0.0/0.0.0.0",
                        "dynamic-gateway": 0,
                        "gateway": "0.0.0.0",
                        "internet-service": [
                            10354860
                        ],
                        "link-monitor-exempt": 0,
                        "preferred-source": "0.0.0.0",
                        "priority": 1,
                        "sdwan-zone": null,
                        "seq-num": 0,
                        "src": "0.0.0.0/0.0.0.0",
                        "status": 1,
                        "tag": 0,
                        "vrf": "unspecified",
                        "weight": 0
                    }
                }
            ],
            "method": "set",
            "option": "sync",
            "url": "/pm/config/adom/root/template/_router_static/static-3/action-list/"
        }
    ]
}
JSON
}

To identify the URLs that are not public on the FNDN website, we can either use the network monitor in our browser (by pressing F12) or run debug cmd in the CLI to observe how the GUI performs certain operations, you are welcome to ask us in GitHub forum as well browser moniter .

diagnose debug service main 255
diagnose debug enable
{ "client": "gui json:32659", "id": "d70b2b82-3491-465c-b978-83c19c0972a1", "keep_session_idle": 1, "method": "post", "params": [{ "data": [{ "action": "conf-static-router", "seq": 1, "value": { "bfd": 0, "blackhole": 0, "device": ["port2"], "distance": 10, "dst": "0.0.0.0\/0.0.0.0", "dynamic-gateway": 0, "gateway": "0.0.0.0", "internet-service": [10354860], "link-monitor-exempt": 0, "preferred-source": "0.0.0.0", "priority": 1, "sdwan-zone": null, "seq-num": 0, "src": "0.0.0.0\/0.0.0.0", "status": 1, "tag": 0, "vrf": "unspecified", "weight": 0}}], "method": "set", "option": "sync", "url": "\/pm\/config\/adom\/root\/template\/_router_static\/gui\/action-list\/"}], "session": 29262}

Thank you for your patience and understanding. Please feel free to reach out if you have any further questions or concerns. Thanks, Maxx

Almujalled commented 2 months ago

Hi @MaxxLiu22,

Thank you for the explanation.

That works for creating one "route" inside a static route template. How would you code it if you want to have multiple entries within a template? As far as I have tested, it seems that the API is expecting all of the entries to be sent within one request, thus eliminating the possibility of using a for_each?