fortinetdev · troy-f · Oct 27, 2022
diff --git a/fortios/client.go b/fortios/client.go
@@ -35,6 +35,10 @@ type Config struct {
 	CaCert     string
 	ClientCert string
 	ClientKey  string
+
+	PassAuth string
+	Username string
+	Passwd   string
 }
 
 // FortiClient contains the basic FortiOS SDK connection information to FortiOS
@@ -102,7 +106,7 @@ func bFortiManagerHostnameExist(c *Config) bool {
 func createFortiOSClient(fClient *FortiClient, c *Config) error {
 	config := &tls.Config{}
 
-	auth := auth.NewAuth(c.Hostname, c.Token, c.CABundle, c.CABundleContent, c.PeerAuth, c.CaCert, c.ClientCert, c.ClientKey, c.Vdom, c.HTTPProxy)
+	auth := auth.NewAuth(c.Hostname, c.Token, c.CABundle, c.CABundleContent, c.PeerAuth, c.CaCert, c.ClientCert, c.ClientKey, c.Vdom, c.HTTPProxy, c.PassAuth, c.Username, c.Passwd)
 
 	if auth.Hostname == "" {
 		_, err := auth.GetEnvHostname()
@@ -153,6 +157,25 @@ func createFortiOSClient(fClient *FortiClient, c *Config) error {
 		}
 	}
 
+	if auth.PassAuth == "" {
+		_, err := auth.GetEnvPassAuth()
+		if err != nil {
+			return fmt.Errorf("Error reading PassAuth")
+		}
+	}
+	if auth.Username == "" {
+		_, err := auth.GetEnvUsername()
+		if err != nil {
+			return fmt.Errorf("Error reading Username")
+		}
+	}
+	if auth.Passwd == "" {
+		_, err := auth.GetEnvPasswd()
+		if err != nil {
+			return fmt.Errorf("Error reading Passwd")
+		}
+	}
+
 	pool := x509.NewCertPool()
 
 	if auth.CABundle != "" {

diff --git a/fortios/provider.go b/fortios/provider.go
@@ -92,6 +92,27 @@ func Provider() *schema.Provider {
 				Description: "",
 			},
 
+			"passauth": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "disable",
+				Description: "Enable/disable password authentication, can be 'enable' or 'disable'",
+			},
+
+			"username": &schema.Schema{
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "",
+				Description: "FortiGate Username",
+			},
+
+			"passwd": &schema.Schema{
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "",
+				Description: "FortiGate Password",
+			},
+
 			"fmg_hostname": &schema.Schema{
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -1031,6 +1052,9 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 		CABundleContent: d.Get("cabundlecontent").(string),
 		Vdom:            d.Get("vdom").(string),
 		HTTPProxy:       d.Get("http_proxy").(string),
+		PassAuth:        d.Get("passauth").(string),
+		Username:        d.Get("username").(string),
+		Passwd:          d.Get("passwd").(string),
 		FMG_Hostname:    d.Get("fmg_hostname").(string),
 		FMG_CABundle:    d.Get("fmg_cabundlefile").(string),
 		FMG_Username:    d.Get("fmg_username").(string),

diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
@@ -148,6 +148,11 @@ The following arguments are supported:
 
 * `http_proxy` - (Optional) HTTP proxy address. You can also specify it by the environment variable `HTTPS_PROXY` or `HTTP_PROXY`. 
 
+* `passauth` - (Optional) Enables username/password based authentication. Disables usage of `token`
+
+* `username` - (Optional) Fortigate Username. Requires setting `passauth` to `enable`
+
+* `passwd` - (Optional) Fortigate Password. Requires setting `passauth` to `enable`
 
 
 ## Configuration for FortiManager