Following is how my inventory file looks like based on example provided on https://ftnt-ansible-docs.readthedocs.io/en/latest/fmgr_getting_started.html.

[fortimanager]
IP_ADDR_FM ansible_host= IP_ADDR_FM

[fortimanager:vars]
ansible_network_os=fortimanager
ansible_user=USERNAME
ansible_password=PASSWORD
ansible_become=no
ansible_become_method=disable
ansible_httpapi_use_ssl=true
ansible_httpapi_validate_certs=false
ansible_httpapi_timeout=300

Playbook -

• name: CONFIG FMGR FIREWALL OBJECTS
  hosts: fortimanager
  connection: httpapi
  gather_facts: False

  tasks:

  • name: ADD VERY BASIC IPV4 POLICY WITH NO NAT (WIDE OPEN)
    fmgr_fwpol_ipv4:
    mode: "add"
    adom: "ADOM_NAME"
    package_name: "default"
    name: "Basic_IPv4_Policy"
    comments: "Example"
    action: "accept"
    dstaddr: "all"
    srcaddr: "all"
    dstintf: "any"
    srcintf: "any"
    logtraffic: "utm"
    service: "ALL"
    schedule: "always"
    ignore_errors: yes
    ignore_unreachable: yes

The user is provisioned with "set rpc-permit read-write".

However on execution of playbook receive the following error

"msg": "no write permission",
"rc": -10147,
"unreachable": false 

Looks like the issue maybe with locking the ADOM before making config changes and then also to unlock the ADOM once the task is complete. The guide does not describe how to lock and unlock the ADOM for config changes on fortimanager.

having the same issue, what is your solution?

The module_utils/network/fortimanager/fortimanager.py and plugins/httpapi/fortimanager.py files were updated in this project to handle the issue. Standard Ansible plugins are not up-to-date so you will have to clone this repo and update the files.