fortios_router_route_map module does not attach ACL or prefix-list to it

[l0renzor]

Issue Description

I cannot pass the match_ip_address attribute using the fortios_router_route_map.
The match_ip_address is not attached to the route-map resource. Other parameters like local_preference see working fine

- name: Configure route maps.
    fortios_router_route_map:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      https: "False"
      state: "present"
      router_route_map:
        comments: "<your_own_value>"
        name: "default_name_4"
        rule:
         -
            action: "permit"
            id:  "7"
            match_as_path: "<your_own_value> (source router.aspath-list.name)"
            match_community: "<your_own_value> (source router.community-list.name)"
            match_community_exact: "enable"
            match_flags: "11"
            match_interface: "<your_own_value> (source system.interface.name)"
            match_ip_address: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
            match_ip_nexthop: "<your_own_value> (source router.access-list.name router.prefix-list.name)"
            match_ip6_address: "<your_own_value> (source router.access-list6.name router.prefix-list6.name)"
            match_ip6_nexthop: "<your_own_value> (source router.access-list6.name router.prefix-list6.name)"
            match_metric: "17"
            match_origin: "none"
            match_route_type: "1"
            match_tag: "20"
            set_aggregator_as: "21"
            set_aggregator_ip: "<your_own_value>"
            set_aspath:

Steps to reproduce

route_map.yaml

---

- name: create BGP neighbor
  hosts: localhost
  vars_files:
   - vars.yaml

  tasks:
  - name: Configure route_map_in_pri
    fortios_router_route_map:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      https: "yes"
      ssl_verify: "no"
      state: "present"
      router_route_map:
        comments: ""
        name: "{{ provider}}-{{ item.cust_name }}-bgp-in-pri"
        rule:
          -
            action: "permit"
            id: "1"
            match_ip_address: "source router.prefix-list.aws-{{ item.cust_name }}-networks"
            set_local_preference:
    loop: "{{ variables }}"

vars.yaml

---
host: "device_ip"
username: ""
password: ""
vdom: ""
ssl_verify: "False"

provider: "aws"
variables:
   - { cust_name: test  }

run the play
ansible-playbook route_map.yaml

Actual and Expected result

The playbook ends with no errors, the route-map is created without the prefix-list attached.

the prefix-list has been configured manually

config router prefix-list
    edit "aws-test-networks"
        config rule
            edit 1
                set prefix 10.10.0.0 255.255.255.0
                unset ge
                unset le
            next
        end
    next
end

while the route-map does not contain the desired match_ip_address value

config router route-map
    edit "aws-test-bgp-in-pri"
        config rule
            edit 1
            next
        end
    next
end

[chillancezen]

hi @l0renzor ,

thanks for the issue.
I reproduced your issue with the following playbook:

#cat test.yml
- hosts: fortigates
  collections:
  - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
   router_prefix_list_one: 'prefix_lst_obj0'
   router_map_one: 'router_map_obj0'

  tasks:
  - name: Configure router prefix list
    fortios_router_prefix_list:
      vdom:  "{{ vdom }}"
      https: True
      state: present
      router_prefix_list:
        name: "{{ router_prefix_list_one }}"
        comments: 'router prefix list object created via ansible'
        rule:
           - action: 'permit'
             id: 1
             prefix: '22.33.44.55/32'
  - name: Configure router-map object
    fortios_router_route_map:
      vdom:  "{{ vdom }}"
      https: True
      state: present
      router_route_map:
        name: "{{ router_map_one }}"
        comments: 'router map object created via ansible'
        rule:
         - action: permit
           id: 1
           match_ip_address: "{{ router_prefix_list_one }}"
           match_metric: 1
           match_tag: 1
           set_metric: 2
           set_tag: 50
           set_weight: 100
           set_route_tag: 12
           set_local_preference: 44

from api server, I found the rule doesn't take effect at all:

0: config router route-map
0: edit "router_map_obj0"
0: config rule
0: edit 1
0: unset match-metric
0: unset match-tag
0: unset set-aspath
0: unset set-community
0: unset set-extcommunity-rt
0: unset set-extcommunity-soo
0: unset set-local-preference
0: unset set-metric
0: unset set-tag
0: unset set-weight
0: unset set-route-tag
0: end
0: end

so, the parameter is not filled right, I will take some to figure out the right parameters.

thanks,
Link

[chillancezen]

[httpsd 3502 - 1586702747     info] api_set_cmdb_attr[1624] -- 'name': 'router_map_obj0'
[httpsd 3502 - 1586702747     info] api_set_cmdb_attr[1624] -- 'comments': 'router map object created via ansible'
[httpsd 3502 - 1586702747     info] api_set_cmdb_attr[1624] -- 'id': '1'
[httpsd 3502 - 1586702747     info] api_set_cmdb_attr[1624] -- 'action': 'permit'
[httpsd 3502 - 1586702747     info] api_set_cmdb_attr[1624] -- 'match-ip-address': 'prefix_lst_obj0'
[httpsd 3502 - 1586702747     info] api_set_cmdb_attr[1624] -- 'match-metric': '1'
[httpsd 3502 - 1586702747     info] api_set_cmdb_attr[1624] -- 'match-tag': '1'
[httpsd 3502 - 1586702747     info] api_set_cmdb_attr[1624] -- 'set-local-preference': '44'
[httpsd 3502 - 1586702747     info] api_set_cmdb_attr[1624] -- 'set-metric': '2'
[httpsd 3502 - 1586702747     info] api_set_cmdb_attr[1624] -- 'set-tag': '50'
[httpsd 3502 - 1586702747     info] api_set_cmdb_attr[1624] -- 'set-weight': '100'
[httpsd 3502 - 1586702747     info] api_set_cmdb_attr[1624] -- 'set-route-tag': '12'
0: config router route-map
0: edit "router_map_obj0"
0: end
[httpsd 3502 - 1586702747     info] cmdb_save_with_children[269] -- appended main node (nret=0, is_new=0)
0: config router route-map
0: edit "router_map_obj0"
0: config rule
0: edit 1
0: set match-ip-address ''
0: unset match-metric
0: unset match-tag
0: unset set-local-preference
0: unset set-metric
0: unset set-tag
0: unset set-weight
0: unset set-route-tag
0: end
0: end

I found match-ip-address is resolved to null string here, it seems that it could not find the prefix-list object. though we created one:

FGVM04TM19006963 # show  router prefix-list
path=router, objname=prefix-list, tablename=(null), size=176
config router prefix-list
    edit "prefix_lst_obj0"
        set comments "router prefix list object created via ansible"
        config rule
            edit 1
                set prefix 22.33.44.55 255.255.255.255
                unset ge
                unset le
            next
        end
    next
end

thanks to Jie's help, we found this one, but no fix yet.
https://fndn.fortinet.net/index.php?/forums/topic/1995-fortios-rest-api-config-router-prefix-list-issuebug

I will continue to find a workaround.

[diLLec]

Hey @chillancezen - I've been running in the same issue here. I think that this is a bug in the API. Did you already create a case to the fortinet support?

[chillancezen]

depends on mantis #0667114

[JieX19]

Hi @l0renzor @diLLec,

The bug has been fixed in our latest version, can you please upgrade your device to Fortios v7.0.0 or later to make sure the module works as expected.

Also, please try our latest ansible galaxy collection ansible-galaxy collection install fortinet.fortios:2.1.2

Thanks!