Hello, i am using fortios_system_admin, but some keys dosent work.... And some questions too :(

[charles-josiah]

Hi,
Hello, very nice work.... this will be some powerfull tool.

My fist question is, after i have add some admin user, like admin2 with super_admin profile. I cannot change any item from this user ? Like password, change description...
Own my tests, i can only add and remove user. Modify users is not supported ?

My second issue today :D
How i add a ssh_public_key1, ever time, i got thi error below:

"meta": {
    "build": 1723,
    "error": -651,
    "http_method": "POST",
    "http_status": 500,
    "name": "admin",
    "path": "system",
    "revision": "76b9c9ae90a50ed6ff965f2e432dcc62",
    "revision_changed": false,
    "serial": "xxxxxxxxxxx",
    "status": "error",
    "vdom": "root",
    "version": "v6.4.2"
},
"msg": "Error in repo"

And my playbook its very simple:

tasks:

• name: Configure admin users.
  fortios_system_admin:
  vdom: "{{ vdom }}"
  state: "present"
  system_admin:
  accprofile: "super_admin"
  accprofile_override: "enable"
  allow_remove_admin_session: "enable"
  comments: "Usuario ADMIN"
  force_password_change: "disable"
  guest_auth: "disable"
  name: "fgt_cloud_admin2"
  password: "<senha_maluca>"
  peer_auth: "disable"
  two_factor: "disable"
  ssh_public_key1: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC4CiMH/+/ZBkg7XNBr1jcmr1qypDpAeQU/6gG0cGR/K24QB/MOeyHZcHQkZXGcZoOJO27XPFF4WUzf5l1FrMUJbDn6lBtg+7yFt5iTSAnPJ63ZXHmcZN5Ie+g1bge+EonCChR2pzj4Eaho0BKTZkgViS6YBC82bLJhtW5u3ijlSigQfTyhWvxNz69R6YEBtTQdQGupE+HSbRho6LeGWvl+pu08b7DHS/VhCW0LVtFAjfyVCZvawVZcPJYp197+8NTtRjWQs/X45b039yJfCr6+Bb0q6d0WZZZpaGGZDhzI/VX+1mo+WrEhMskr2ngw9CTZ34LN7y6GDUCElXF9M8+WhMK6wp0nUiEpuhYZ2I7Duj2OLW2kfdZRs2Bu7pdLrdbwerGgnnH1dvDneXUE7KrmifnCGqXpEXa50nKAke5mQpg8IXk7eoWj3+wESawn9DxAcCR16yD9kDVVWstm8TyH5unaXpI4/8h92QYPNebVvUNF2+629T6yxZXo7B52Qx2E5m/U4OHjw/pii3EPtx6wKrEa0UVdYGBzP6lZa8bd5gPcsSuhg3hn8EtaiB5/lJCcbkdXu5OrhotxAsat5ZoNo0aL4Xj2fWXh+hjHTXEvn6a8GCWgXPp7WE/xU3iyHDzbPIGP5YrPL3u42PdFGQ=="

I wating for some help, or have some forum/reddit to make this questions ?

Bye, and have a nice day

[chillancezen]

eta:11.10.2020

[chillancezen]

hi @charles-josiah charles,

for your issue I:

creating an admin user with a password is allowed.
however, you are not allowed to modify the user's password through Ansible's restful API, in the future we are going to support it.

here is an example:

$cat fortios_system_admin.yml
- hosts: fortigate03
  connection: httpapi
  collections:
  - fortinet.fortios
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: no
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 80
  tasks:
   - name: Configure Firewall Schedule Recurring
     fortios_system_admin:
        vdom:  "{{ vdom }}"
        state: "present"
        system_admin:
            accprofile: "super_admin"
            accprofile_override: "enable"
            allow_remove_admin_session: "enable"
            comments: "Usuario ADMIN"
            force_password_change: "disable"
            guest_auth: "disable"
            name: "fgt_cloud_admin2"
#            password: "<senha_maluca>"
            peer_auth: "disable"
            two_factor: "disable"

this is the error message from API server side:

[httpsd 2017 - 1604941632     info] _api_cmdb_v2_config[1192] -- editing CLI object (append=0, auto_key=0, path=system, name=admin, mkey=fgt_cloud_admin2, flags=0)
[httpsd 2017 - 1604941632    error] _api_cmdb_v2_config[1203] -- Modification of the 'password' field of system.admin is forbidden.
[httpsd 2017 - 1604941632  warning] api_return_http_result[696] -- API error 403 raised

thanks,
Link.

[chillancezen]

for your issue II:

always quote your public key with single quote inside the double quotes:

ssh_public_key1: "'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC4CiMH/+/ZBkg7XNBr1jcmr1qypDpAeQU/6gG0cGR/K24QB/MOeyHZcHQkZXGcZoOJO27XPFF4WUzf5l1FrMUJbDn6lBtg+7yFt5iTSAnPJ63ZXHmcZN5Ie+g1bge+EonCChR2pzj4Eaho0BKTZkgViS6YBC82bLJhtW5u3ijlSigQfTyhWvxNz69R6YEBtTQdQGupE+HSbRho6LeGWvl+pu08b7DHS/VhCW0LVtFAjfyVCZvawVZcPJYp197+8NTtRjWQs/X45b039yJfCr6+Bb0q6d0WZZZpaGGZDhzI/VX+1mo+WrEhMskr2ngw9CTZ34LN7y6GDUCElXF9M8+WhMK6wp0nUiEpuhYZ2I7Duj2OLW2kfdZRs2Bu7pdLrdbwerGgnnH1dvDneXUE7KrmifnCGqXpEXa50nKAke5mQpg8IXk7eoWj3+wESawn9DxAcCR16yD9kDVVWstm8TyH5unaXpI4/8h92QYPNebVvUNF2+629T6yxZXo7B52Qx2E5m/U4OHjw/pii3EPtx6wKrEa0UVdYGBzP6lZa8bd5gPcsSuhg3hn8EtaiB5/lJCcbkdXu5OrhotxAsat5ZoNo0aL4Xj2fWXh+hjHTXEvn6a8GCWgXPp7WE/xU3iyHDzbPIGP5YrPL3u42PdFGQ=='"

I usually have this way to upload a public key:
put your public key in a file ./id_rsa.pub, then the playbook :

$cat fortios_system_admin.yml
- hosts: fortigate03
  connection: httpapi
  collections:
  - fortinet.fortios
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: no
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 80
   public_key_path: './id_rsa.pub'
   public_key: "{{ lookup( 'file', public_key_path) }}"

  tasks:
   - name: Configure Firewall Schedule Recurring
     fortios_system_admin:
        vdom:  "{{ vdom }}"
        state: "present"
        system_admin:
            accprofile: "super_admin"
            accprofile_override: "enable"
            allow_remove_admin_session: "enable"
            comments: "Usuario ADMIN"
            force_password_change: "disable"
            guest_auth: "disable"
            name: "fgt_cloud_admin2"
            peer_auth: "disable"
            two_factor: "disable"
            ssh_public_key1: "'{{ public_key }}'"

thanks,
Link

[chillancezen]

@charles-josiah hi charles,
hope you are doing fine, please find the solution in the last update.

I am marking this issue closed, you can reopen it if you need further support from us.
thanks,
Link