Description
This article describes how to make an API call using the Terraform with FortiManager/FortiAnalyzer-Cloud.
Scope
FortiManager/FortiAnalyzer-Cloud.
Solution
To review the steps of creating an API user for FortiManager/FortiAnlyzer-Cloud, follow this KB article: Technical Tip: Set up an API call to FortiManager or FortiAnalyzer Cloud.
The Terraform is using a file with an extension .tf.
After the file is created then use:
terraform init
terraform apply
An example file called test.tf is shown below:
terraform {
required_providers {
fortimanager = {
source = "fortinetdev/fortimanager"
version = "1.12.1"
}
}
}
# Configure the Provider for FortiManager
provider "fortimanager" {
hostname = "xxxx.fortimanager.forticloud.com"
username = "6BD4E324xxx"
password = "xxxxxx"
fmg_type = "forticloud"
insecure = "true"
scopetype = "adom"
adom = "root"
}
# Create a firewall vip object
resource "fortimanager_object_firewall_vip" "trname2" {
scopetype = "inherit"
adom = "root"
extintf = "any"
extip = "1.10.10.10-2.10.10.10"
mappedip = ["12.10.10.10-13.10.10.10"]
name = "viptest1"
}
Another option is to use variables for specific information for the provider part:
export "FORTIMANAGER_ACCESS_USERNAME"="admin"
export "FORTIMANAGER_ACCESS_PASSWORD"="admin"
Instead of username/password can be used the token as in this KB article: Technical Tip: Set up an API call to FortiManager or FortiAnalyzer Cloud
export "FORTIMANAGER_ACCESS_TOKEN"="xxxxxx"
The same in the provider section of the .tf file can be written in the following way:
fmg_cloud_token = "xxxxxx"
The object created can be reviewed From FortiManager-Cloud:
Troubleshooting:
In some cases, the Terraform can give an error about a locked file. It is then possible to overcome it with:
terraform apply -lock=false
To gather debug information use the following variables:
export TF_LOG="DEBUG"
export TF_LOG_PATH="terraform.txt"
For more debug information use:
export TF_LOG="TRACE"
