search

fortinetdev / terraform-provider-fortios

Terraform Fortios provider
https://www.terraform.io/docs/providers/fortios/
Mozilla Public License 2.0
67 stars 49 forks source link

Error creating new custom ISDB entry #209

Open mabnz opened 2 years ago

mabnz commented 2 years ago

Hi,

Using the Terraform configuration below, a HTTP 500 is returned from FortiOS (7.0.4). 

locals {

  unified-isc = {
    10000 = {
      name       = "Nonsense-Card"
      reputation = 4
      comment    = "comment"

      entry      = [{
        id         = 0
        protocol   = 17
        port_range = [{
          id         = 0
          start_port = 443
          end_port   = 443
        }]

        dst = "host_Mike"
      }]

    }
  }
}

resource "fortios_firewall_internetservicecustom" "unified-isc" {
  for_each   = local.unified-isc
  name       = each.value.name
  reputation = each.value.reputation
  comment    = each.value.comment

  dynamic "entry" {
    for_each = each.value.entry
    iterator = e

    content {
      id                    = e.value.id
      protocol              = e.value.protocol
      dst {
        name = e.value.dst
      }

      dynamic "port_range" {
        for_each = e.value.port_range
        iterator = p

        content {
          id = p.value.id
          start_port = p.value.start_port
          end_port   = p.value.end_port
          }
      }
    }
  }
}

Error below.

│ Error: Error creating FirewallInternetServiceCustom resource: Internal Server Error - Internal error when processing the request (500) │ │ with fortios_firewall_internetservicecustom.unified-isc, │ on fortigate2.tf line 1, in resource "fortios_firewall_internetservicecustom" "unified-isc": │ 1: resource "fortios_firewall_internetservicecustom" "unified-isc" {

FortiOS debug:

[httpsd 13006 - 1643675297     info] fweb_debug_init[409] -- New POST request for "/api/v2/cmdb/firewall/internet-service-custom" from "192.168.60.126:49368"
[httpsd 13006 - 1643675297     info] fweb_debug_init[411] -- User-Agent: "Go-http-client/1.1"
[httpsd 13006 - 1643675297     info] fweb_debug_init[413] -- Handler "api_cmdb_v2-handler" assigned to request
[httpsd 13006 - 1643675297  warning] api_access_check_for_api_key[812] -- API Key request authorized for api from 192.168.60.126.
[httpsd 13006 - 1643675297     info] api_store_parameter[315] -- add API parameter 'access_token' (type=string)
[httpsd 13006 - 1643675297     info] api_store_parameter[315] -- add API parameter 'comment' (type=string)
[httpsd 13006 - 1643675297     info] api_store_parameter[315] -- add API parameter 'entry' (type=array)
[httpsd 13006 - 1643675297     info] api_store_parameter[315] -- add API parameter 'name' (type=string)
[httpsd 13006 - 1643675297     info] api_store_parameter[315] -- add API parameter 'reputation' (type=int)
[httpsd 13006 - 1643675297     info] api_cmdb_request_init_by_path[1679] -- new CMDB query (path='firewall',name='internet-service-custom')
[httpsd 13006 - 1643675297     info] handle_cli_req_v2[3123] -- new CMDB API request (vdom='root',user='api')
[httpsd 13006 - 1643675297     info] _api_cmdb_v2_config[1350] -- editing CLI object (append=1, auto_key=0, path=firewall, name=internet-service-custom, mkey=(null), flags=0)
[httpsd 13006 - 1643675297     info] api_set_cmdb_attr[1926] -- 'name'
[httpsd 13006 - 1643675297     info] api_set_cmdb_attr[1926] -- 'reputation'
[httpsd 13006 - 1643675297     info] api_set_cmdb_attr[1926] -- 'comment'
[httpsd 13006 - 1643675297     info] api_set_cmdb_attr[1926] -- 'protocol'
[httpsd 13006 - 1643675297     info] api_set_cmdb_attr[1926] -- 'start-port'
[httpsd 13006 - 1643675297     info] api_set_cmdb_attr[1926] -- 'end-port'
[httpsd 13006 - 1643675297     info] api_set_cmdb_attr[1926] -- 'name'
0: config firewall internet-service-custom
0: edit "Nonsense-Card"
0: set reputation 4
0: set comment "comment"
-56: end
[httpsd 13006 - 1643675297     info] cmdb_save_with_children[279] -- appended main node (nret=-56, is_new=1)
[httpsd 13006 - 1643675297    error] cmdb_save_with_children[284] -- saving failed for main node: 'internet-service-custom' (err=-56)
[httpsd 13006 - 1643675297    error] cmdb_commit_from_json[1695] -- error saving request object to CLI (-56)
lix-fortinet commented 2 years ago

Hi @mabnz,

Thank you for raising this issue. We are in contact with the related team to find a solution, a bug ticket has been created internally to track this issue, will get back to you once it's resolved. By the way, you could use resource fortios_system_autoscript as alternatives: https://registry.terraform.io/providers/fortinetdev/fortios/latest/docs/resources/fortios_system_autoscript

For instance:

resource "fortios_system_autoscript" "auto2" {
  interval    = 1
  name        = "myscript12"
  output_size = 10
  repeat      = 1
  script      = <<EOF
config firewall internet-service-custom
    edit "Nonsense-Card"
        set reputation 4
        set comment "comment"
        config entry
            edit 1
                set protocol 17
                config port-range
                    edit 1
                        set start-port 433
                        set end-port 433
                    next
                end
                set dst "host_Mike"
            next
        end
    next
end
EOF
  start       = "auto"
}

Please let me know if you have any questions.

Thanks, Xing