Terraform can login but throws a [Warning] Can not update device version

[michaelmeelis]

Fortigate version: v7.4.5
Terraform provider version: 1.19.1
Installation through the azure marketplace.

What happens:
The following code:

provider "fortios" {
  hostname = -redacted-
  token = -redacted-
  insecure = "true"
}

resource "fortios_firewall_address" "test" {
  name = "test"
  subnet = "21.2.234.5"
  sub_type = "subnet"
}

returns the following error:

╷
│ Error: [Warning] Can not update device version: 
│ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
│ <html><head>
│ <title>401 Unauthorized</title>
│ </head><body>
│ <h1>Unauthorized</h1>
│ <p>This server could not verify that you
│ are authorized to access the document
│ requested.  Either you supplied the wrong
│ credentials (e.g., bad password), or your
│ browser doesn't understand how to supply
│ the credentials required.</p>
│ <p>Additionally, a 401 Unauthorized
│ error was encountered while trying to use an ErrorDocument to handle the request.</p>
│ </body></html>
│ 
│ 
│   with fortios_firewall_address.test,
│   on provider.tf line 26, in resource "fortios_firewall_address" "test":
│   26: resource "fortios_firewall_address" "test" {

When I change the token to an invalid one it gives me a different error message:

╷
│ Error: Error create fortios client: connection error: 
│ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
│ <html><head>
│ <title>401 Unauthorized</title>
│ </head><body>
│ <h1>Unauthorized</h1>
│ <p>This server could not verify that you
│ are authorized to access the document
│ requested.  Either you supplied the wrong
│ credentials (e.g., bad password), or your
│ browser doesn't understand how to supply
│ the credentials required.</p>
│ <p>Additionally, a 401 Unauthorized
│ error was encountered while trying to use an ErrorDocument to handle the request.</p>
│ </body></html>
│ 
│ 
│   with provider["registry.terraform.io/fortinetdev/fortios"],
│   on provider.tf line 18, in provider "fortios":
│   18: provider "fortios" {

I have found that in the code on line fortios/client.go:278 that it tries to do a err = fc.UpdateDeviceVersion() which fails on a device version. I can't seem to find why this happens after digging into the code.

I have tried adding the address through postman and that succeeded with the token.

curl --location 'https://x.x.x.x/api/v2/cmdb/firewall/address'
--header 'host: acc.rtlnieuws.nl'
--header 'Content-Type: application/json'
--header 'Authorization: Bearer -redacted-'
--data '{'''name''':'''sdfgsadfgad''','''subnet''':'''1.1.1.1/32'''} '

Kind regards,
Michael Meelis

[MaxxLiu22]

Hi @michaelmeelis ,

Thank you for raising this issue. Starting from FOS 7.4.5, we introduced a new feature that disables token provision via the URL method by default to enhance authentication security. However, Terraform FOS has not yet incorporated this change. Could you kindly enable this new feature temporarily until Terraform adopts the update? and feel free to upgrade to our latest Terraform FOS 1.21.0. Please let me know if you continue to encounter any issues.

myfgt # config system global 

myfgt (global) # set rest-api-key-url-query enable 

myfgt (global) # show
config system global
    set hostname "myfgt"
    set rest-api-key-url-query enable
    set timezone "US/Pacific"
end

myfgt (global) # end

Thanks,
Maxx

[michaelmeelis]

Hi @MaxxLiu22,

We have tried this config and it works! We can now talk with terraform against our fortigate.
Thank you so much for the quick response.

Kind regards,
Michael Meelis

[MaxxLiu22]

Hi @rasanentimo,

I'm pleased to let you know that we've released Terraform FOS 1.21.1, which should address the issue you've encountered. Please feel free to upgrade at your convenience, and don’t hesitate to reach out if you have any further questions or need assistance.

Thank you,
Maxx