fortios_router_route-map not passing 'match_ip_address'

[FredPocai]

This behavior was observed in fortios 6.2.5 with modules 1.0.10. Please let me know if this may have been resolved in a later release.

These match_ip_address statements correlate to the prefix-lists mentioned in a previous issue.

When executing the task, the "match-ip-address" value is not entered/passed as blank.

Example Vars:

route_map:
  - name: "PEER_IN"
    vdom: "data_vdom"
    rule: 
      - id: "1"
        action: "permit"
        match_ip_address: "EXTERNAL_NETS"
        state: "present"        
  - name: "PEER_OUT"
    vdom: "data_vdom"
    rule:
      - id: "1"
        action: "permit"
        match_ip_address: "LOCAL_NETS"
        state: "present"

Example Task:

- name: Configure Route Maps
  fortios_router_route_map:
    vdom: "{{ item[0].vdom }}"
    state: "{{ item[1].state }}"
    router_route_map:
      name: "{{ item[0].name }}"
      rule: 
        - id: "{{ item[1].id }}"
          action: "{{ item[1].action }}"
          match_ip_address: "{{ item[1].match_ip_address }}"
  with_subelements:
    - "{{ route_map }}"
    -  rule
  when: route_map is defined

ansible-playbook -vvvv (notice inmodule_args, "match-ip-address is hyphenated, but in item, match_ip_address is underscored. Not sure if this is expected):

ok: [demo_firewall] => (item=[{'name': 'PEER_IN', 'vdom': 'data_vdom'}, {'id': '1', 'action': 'permit', 'match_ip_address': 'EXTERNAL_NETS', 'state': 'present'}]) => changed=false 
  ansible_loop_var: item
  invocation:
    module_args:
      host: null
      https: true
      password: ''
      router_route_map:
        comments: null
        name: PEER_IN
        rule:
        - action: permit
          id: '1'
          match-ip-address: EXTERNAL_NETS
      ssl_verify: true
      state: present
      username: null
      vdom: data_vdom
  item:
  - name: PEER_IN
    vdom: data_vdom
  - action: permit
    id: '1'
    match_ip_address: EXTERNAL_NETS
    state: present
  meta:
    build: 1142
    http_method: PUT
    http_status: 200
    mkey: PEER_IN
    name: route-map
    path: router
    revision: e71cbf92a97143f6ca7518f6994166d9
    revision_changed: false
    serial: FG101FBLAHBLAHBL
    status: success
    vdom: data_vdom
    version: v6.2.5
......
ok: [demo_firewall] => (item=[{'name': 'PEER_OUT', 'vdom': 'data_vdom'}, {'id': '1', 'action': 'permit', 'match_ip_address': 'LOCAL_NETS', 'state': 'present'}]) => changed=false 
  ansible_loop_var: item
  invocation:
    module_args:
      host: null
      https: true
      password: ''
      router_route_map:
        comments: null
        name: PEER_OUT
        rule:
        - action: permit
          id: '1'
          match-ip-address: LOCAL_NETS
      ssl_verify: true
      state: present
      username: null
      vdom: data_vdom
  item:
  - name: PEER_OUT
    vdom: data_vdom
  - action: permit
    id: '1'
    match_ip_address: LOCAL_NETS
    state: present
  meta:
    build: 1142
    http_method: PUT
    http_status: 200
    mkey: PEER_OUT
    name: route-map
    path: router
    revision: e71cbf92a97143f6ca7518f6994166d9
    revision_changed: false
    serial: FG101FBLAHBLAHBL
    status: success
    vdom: data_vdom
    version: v6.2.5

Fortigate diag debug cli 8:

0: config vdom
0: edit data_vdom
0: config router route-map
0: edit "PEER_IN"
0: end
0: end
0: config vdom
0: edit data_vdom
0: config router route-map
0: edit "PEER_IN"
0: config rule
0: edit 1
0: set match-ip-address ''
0: unset match-metric
0: unset match-tag
0: unset set-local-preference
0: unset set-metric
0: unset set-tag
0: unset set-weight
0: unset set-route-tag
0: end
0: end
0: end
0: config vdom
0: edit data_vdom
0: config router route-map
0: edit "PEER_OUT"
0: end
0: end
0: config vdom
0: edit data_vdom
0: config router route-map
0: edit "PEER_OUT"
0: config rule
0: edit 1
0: set match-ip-address ''
0: unset match-metric
0: unset match-tag
0: unset set-local-preference
0: unset set-metric
0: unset set-tag
0: unset set-weight
0: unset set-route-tag
0: end
0: end
0: end

Fortigate finish state:

config router route-map
    edit "PEER_IN"
        config rule
            edit 1
            next
        end
    next
    edit "PEER_OUT"
        config rule
            edit 1
            next
        end
    next
end

Fortigate desired state:

config router route-map
    edit "PEER_IN"
        config rule
            edit 1
                set match-ip-address "EXTERNAL_NETS"
            next
        end
    next
    edit "PEER_OUT"
        config rule
            edit 1
                set match-ip-address "LOCAL_NETS"
            next
        end
    next
end

[chillancezen]

duplicate of #3
looks really like an API issue.
I will follow up on this issue and update you soon.

thanks,
Link

[chillancezen]

depends on mantis #0667114

[JieX19]

Hi @FredPocai
The bug has been fixed in our latest version, can you please upgrade your device to Fortios v7.0.0 or later to make sure the module works as expected.

Also, please try our latest ansible galaxy collection ansible-galaxy collection install fortinet.fortios:2.1.2

Thanks!