Fortigate Error: Python cb_create error.

BasharAziz · ‎11-07-2023

When I apply an ip address from python-nso on ios device it works fine:

def cb_create(self, tctx, root, service, proplist

root.ncs__devices.device['bng01'].config.ios__interface.Loopback['0'].ip.address.primary.address = '2.2.2.2'

admin@ncs# services var-vdom test re-deploy dry-run 
cli {
    local-node {
        data  devices {
                   device bng01 {
                       config {
                           interface {
                               Loopback 0 {
                                   ip {
                                       address {
                                           primary {
              -                                address 127.0.0.1;
              +                                address 2.2.2.2;
                                           }
                                       }
                                   }
                               }
                           }
                       }
                   }
               }
              
    }
}

"But with FortiGate, I get an error, while the user did exist in the admin_list."

admin@ncs# show running-config devices device fg01 config global system admin trusthost1
devices device fg01
 config
config global
config system admin
    edit user
     trusthost1 10.0.0.0 255.0.0.0
    exit
   !
  !
 !
!
admin@ncs#

@service.create

def cb_create(self, tctx, root, service, proplist

root.ncs__devices.device['fg01'].config.fortinet_fortios__global.system.admin.admin_list['user'].trusthost1.ip_mask.class_ip = '10.0.0.1'

Error: Python cb_create error. '{user} not in /ncs:devices/device{fg01}/config/fortinet-fortios:global/system/admin/admin-list'

BasharAziz · ‎11-07-2023

Solved with maapi:

        with ncs.maapi.single_write_trans('admin', 'admin') as t:
            root = ncs.maagic.get_root(t)
            device = root.devices.device['fg01']
            config = device.config
            admin_list = config.fortinet_fortios__global.system.admin.admin_list[service.vdom_admin]
            trusthost = admin_list.trusthost1
            trusthost.ip_mask.class_ip = '2.2.2.2'
            t.apply()