diff --git a/CHANGELOG.md b/CHANGELOG.md
index 38148e0..fcd1338 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,6 @@
## 0.1.11 (unreleased)
+- Add `catalystcenter_authentication_policy_server` resource and data source
- Add `catalystcenter_fabric_port_assignment` resource and data source
- Add `catalystcenter_wireless_ssid` resource and data source
- Add `catalystcenter_site` data source
diff --git a/docs/data-sources/authentication_policy_server.md b/docs/data-sources/authentication_policy_server.md
new file mode 100644
index 0000000..15a9f5b
--- /dev/null
+++ b/docs/data-sources/authentication_policy_server.md
@@ -0,0 +1,75 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "catalystcenter_authentication_policy_server Data Source - terraform-provider-catalystcenter"
+subcategory: "System Settings"
+description: |-
+ This data source can read the Authentication Policy Server.
+---
+
+# catalystcenter_authentication_policy_server (Data Source)
+
+This data source can read the Authentication Policy Server.
+
+## Example Usage
+
+```terraform
+data "catalystcenter_authentication_policy_server" "example" {
+ id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}
+```
+
+
+## Schema
+
+### Required
+
+- `id` (String) The id of the object
+
+### Read-Only
+
+- `accounting_port` (Number) Accounting port of RADIUS server
+- `authentication_port` (Number) Authentication port of RADIUS server
+- `cisco_ise_dtos` (Attributes List) Cisco ISE Server DTOs (see [below for nested schema](#nestedatt--cisco_ise_dtos))
+- `encryption_key` (String) Encryption key used to encrypt shared secret
+- `encryption_scheme` (String) Type of encryption scheme for additional security
+- `external_cisco_ise_ip_addr_dtos` (Attributes List) For future use (see [below for nested schema](#nestedatt--external_cisco_ise_ip_addr_dtos))
+- `ip_address` (String) IP address of authentication and policy server
+- `is_ise_enabled` (Boolean) Value true for Cisco ISE Server. Default value is false
+- `message_key` (String) Message key used to encrypt shared secret
+- `port` (Number) Port of TACACS server
+- `protocol` (String) Type of protocol for authentication and policy server. If already saved with RADIUS, can update to RADIUS_TACACS. If already saved with TACACS, can update to RADIUS_TACACS
+- `pxgrid_enabled` (Boolean) Value true for enable, false for disable. Default value is true
+- `retries` (Number) Number of communication retries between devices and authentication and policy server. The range is from 1 to 3
+- `role` (String) Role of authentication and policy server
+- `shared_secret` (String) Shared secret between devices and authentication and policy server
+- `timeout_seconds` (Number) Number of seconds before timing out between devices and authentication and policy server. The range is from 2 to 20
+- `use_dnac_cert_for_pxgrid` (Boolean) Value true to use DNAC certificate for Pxgrid. Default value is false
+
+
+### Nested Schema for `cisco_ise_dtos`
+
+Read-Only:
+
+- `description` (String) Description about the Cisco ISE server
+- `fqdn` (String) Fully-qualified domain name of the Cisco ISE server
+- `ip_address` (String) IP Address of the Cisco ISE Server
+- `password` (String) Password of the Cisco ISE server
+- `sshkey` (String) SSH key of the Cisco ISE server
+- `subscriber_name` (String) Subscriber name of the Cisco ISE server
+- `user_name` (String) User name of the Cisco ISE server
+
+
+
+### Nested Schema for `external_cisco_ise_ip_addr_dtos`
+
+Read-Only:
+
+- `external_cisco_ise_ip_addresses` (Attributes List) (see [below for nested schema](#nestedatt--external_cisco_ise_ip_addr_dtos--external_cisco_ise_ip_addresses))
+- `type` (String)
+
+
+### Nested Schema for `external_cisco_ise_ip_addr_dtos.external_cisco_ise_ip_addresses`
+
+Read-Only:
+
+- `external_ip_address` (String)
diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md
index 74f83c3..45a0ff8 100644
--- a/docs/guides/changelog.md
+++ b/docs/guides/changelog.md
@@ -9,6 +9,7 @@ description: |-
## 0.1.11 (unreleased)
+- Add `catalystcenter_authentication_policy_server` resource and data source
- Add `catalystcenter_fabric_port_assignment` resource and data source
- Add `catalystcenter_wireless_ssid` resource and data source
- Add `catalystcenter_site` data source
diff --git a/docs/resources/authentication_policy_server.md b/docs/resources/authentication_policy_server.md
new file mode 100644
index 0000000..7f5fc68
--- /dev/null
+++ b/docs/resources/authentication_policy_server.md
@@ -0,0 +1,108 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "catalystcenter_authentication_policy_server Resource - terraform-provider-catalystcenter"
+subcategory: "System Settings"
+description: |-
+ This resource can manage an Authentication Policy Server.
+---
+
+# catalystcenter_authentication_policy_server (Resource)
+
+This resource can manage an Authentication Policy Server.
+
+## Example Usage
+
+```terraform
+resource "catalystcenter_authentication_policy_server" "example" {
+ authentication_port = 1812
+ accounting_port = 1813
+ ip_address = "10.0.0.1"
+ pxgrid_enabled = true
+ use_dnac_cert_for_pxgrid = false
+ is_ise_enabled = false
+ port = 49
+ protocol = "RADIUS"
+ retries = 2
+ role = "secondary"
+ shared_secret = "Cisco123"
+ timeout_seconds = 2
+}
+```
+
+
+## Schema
+
+### Required
+
+- `accounting_port` (Number) Accounting port of RADIUS server
+ - Range: `1`-`65535`
+- `authentication_port` (Number) Authentication port of RADIUS server
+ - Range: `1`-`65535`
+- `ip_address` (String) IP address of authentication and policy server
+- `port` (Number) Port of TACACS server
+ - Range: `1`-`65535`
+- `protocol` (String) Type of protocol for authentication and policy server. If already saved with RADIUS, can update to RADIUS_TACACS. If already saved with TACACS, can update to RADIUS_TACACS
+ - Choices: `TACACS`, `RADIUS`, `RADIUS_TACACS`
+- `retries` (Number) Number of communication retries between devices and authentication and policy server. The range is from 1 to 3
+ - Range: `1`-`3`
+- `role` (String) Role of authentication and policy server
+ - Choices: `primary`, `secondary`
+- `shared_secret` (String) Shared secret between devices and authentication and policy server
+- `timeout_seconds` (Number) Number of seconds before timing out between devices and authentication and policy server. The range is from 2 to 20
+ - Range: `2`-`20`
+
+### Optional
+
+- `cisco_ise_dtos` (Attributes List) Cisco ISE Server DTOs (see [below for nested schema](#nestedatt--cisco_ise_dtos))
+- `encryption_key` (String) Encryption key used to encrypt shared secret
+- `encryption_scheme` (String) Type of encryption scheme for additional security
+ - Choices: `KEYWRAP`, `RADSEC`
+- `external_cisco_ise_ip_addr_dtos` (Attributes List) For future use (see [below for nested schema](#nestedatt--external_cisco_ise_ip_addr_dtos))
+- `is_ise_enabled` (Boolean) Value true for Cisco ISE Server. Default value is false
+- `message_key` (String) Message key used to encrypt shared secret
+- `pxgrid_enabled` (Boolean) Value true for enable, false for disable. Default value is true
+- `use_dnac_cert_for_pxgrid` (Boolean) Value true to use DNAC certificate for Pxgrid. Default value is false
+
+### Read-Only
+
+- `id` (String) The id of the object
+
+
+### Nested Schema for `cisco_ise_dtos`
+
+Required:
+
+- `fqdn` (String) Fully-qualified domain name of the Cisco ISE server
+- `ip_address` (String) IP Address of the Cisco ISE Server
+- `password` (String) Password of the Cisco ISE server
+- `subscriber_name` (String) Subscriber name of the Cisco ISE server
+- `user_name` (String) User name of the Cisco ISE server
+
+Optional:
+
+- `description` (String) Description about the Cisco ISE server
+- `sshkey` (String) SSH key of the Cisco ISE server
+
+
+
+### Nested Schema for `external_cisco_ise_ip_addr_dtos`
+
+Optional:
+
+- `external_cisco_ise_ip_addresses` (Attributes List) (see [below for nested schema](#nestedatt--external_cisco_ise_ip_addr_dtos--external_cisco_ise_ip_addresses))
+- `type` (String)
+
+
+### Nested Schema for `external_cisco_ise_ip_addr_dtos.external_cisco_ise_ip_addresses`
+
+Optional:
+
+- `external_ip_address` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import catalystcenter_authentication_policy_server.example ""
+```
diff --git a/examples/data-sources/catalystcenter_authentication_policy_server/data-source.tf b/examples/data-sources/catalystcenter_authentication_policy_server/data-source.tf
new file mode 100644
index 0000000..384488f
--- /dev/null
+++ b/examples/data-sources/catalystcenter_authentication_policy_server/data-source.tf
@@ -0,0 +1,3 @@
+data "catalystcenter_authentication_policy_server" "example" {
+ id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}
diff --git a/examples/resources/catalystcenter_authentication_policy_server/import.sh b/examples/resources/catalystcenter_authentication_policy_server/import.sh
new file mode 100644
index 0000000..5405d84
--- /dev/null
+++ b/examples/resources/catalystcenter_authentication_policy_server/import.sh
@@ -0,0 +1 @@
+terraform import catalystcenter_authentication_policy_server.example ""
diff --git a/examples/resources/catalystcenter_authentication_policy_server/resource.tf b/examples/resources/catalystcenter_authentication_policy_server/resource.tf
new file mode 100644
index 0000000..7e7742e
--- /dev/null
+++ b/examples/resources/catalystcenter_authentication_policy_server/resource.tf
@@ -0,0 +1,14 @@
+resource "catalystcenter_authentication_policy_server" "example" {
+ authentication_port = 1812
+ accounting_port = 1813
+ ip_address = "10.0.0.1"
+ pxgrid_enabled = true
+ use_dnac_cert_for_pxgrid = false
+ is_ise_enabled = false
+ port = 49
+ protocol = "RADIUS"
+ retries = 2
+ role = "secondary"
+ shared_secret = "Cisco123"
+ timeout_seconds = 2
+}
diff --git a/gen/definitions/authentication_policy_server.yaml b/gen/definitions/authentication_policy_server.yaml
new file mode 100644
index 0000000..17136a5
--- /dev/null
+++ b/gen/definitions/authentication_policy_server.yaml
@@ -0,0 +1,145 @@
+---
+name: Authentication Policy Server
+rest_endpoint: /dna/intent/api/v1/authentication-policy-servers
+get_from_all: true
+id_from_query_path: response
+id_from_query_path_attribute: instanceUuid
+skip_minimum_test: true
+doc_category: System Settings
+attributes:
+ - model_name: authenticationPort
+ type: Int64
+ mandatory: true
+ min_int: 1
+ max_int: 65535
+ description: Authentication port of RADIUS server
+ example: 1812
+ - model_name: accountingPort
+ type: Int64
+ mandatory: true
+ min_int: 1
+ max_int: 65535
+ description: Accounting port of RADIUS server
+ example: 1813
+ - model_name: ciscoIseDtos
+ type: List
+ description: Cisco ISE Server DTOs
+ exclude_test: true
+ attributes:
+ - model_name: description
+ type: String
+ description: Description about the Cisco ISE server
+ - model_name: fqdn
+ type: String
+ description: Fully-qualified domain name of the Cisco ISE server
+ mandatory: true
+ - model_name: password
+ type: String
+ description: Password of the Cisco ISE server
+ mandatory: true
+ - model_name: sshkey
+ type: String
+ description: SSH key of the Cisco ISE server
+ - model_name: ipAddress
+ type: String
+ description: IP Address of the Cisco ISE Server
+ mandatory: true
+ - model_name: subscriberName
+ type: String
+ description: Subscriber name of the Cisco ISE server
+ mandatory: true
+ - model_name: userName
+ type: String
+ description: User name of the Cisco ISE server
+ mandatory: true
+ - model_name: ipAddress
+ match_id: true
+ type: String
+ description: IP address of authentication and policy server
+ mandatory: true
+ example: 10.0.0.1
+ - model_name: pxgridEnabled
+ type: Bool
+ description: Value true for enable, false for disable. Default value is true
+ example: true
+ - model_name: useDnacCertForPxgrid
+ type: Bool
+ description: Value true to use DNAC certificate for Pxgrid. Default value is false
+ example: false
+ - model_name: isIseEnabled
+ type: Bool
+ description: Value true for Cisco ISE Server. Default value is false
+ example: false
+ - model_name: port
+ type: Int64
+ mandatory: true
+ min_int: 1
+ max_int: 65535
+ description: Port of TACACS server
+ example: 49
+ - model_name: protocol
+ type: String
+ enum_values:
+ - TACACS
+ - RADIUS
+ - RADIUS_TACACS
+ mandatory: true
+ description: Type of protocol for authentication and policy server. If already saved with RADIUS, can update to RADIUS_TACACS. If already saved with TACACS, can update to RADIUS_TACACS
+ example: RADIUS
+ - model_name: retries
+ type: Int64
+ min_int: 1
+ max_int: 3
+ mandatory: true
+ description: Number of communication retries between devices and authentication and policy server. The range is from 1 to 3
+ example: 2
+ - model_name: role
+ mandatory: true
+ type: String
+ enum_values:
+ - primary
+ - secondary
+ description: Role of authentication and policy server
+ example: secondary
+ - model_name: sharedSecret
+ type: String
+ write_only: true
+ mandatory: true
+ description: Shared secret between devices and authentication and policy server
+ example: Cisco123
+ - model_name: timeoutSeconds
+ type: Int64
+ min_int: 2
+ max_int: 20
+ mandatory: true
+ description: Number of seconds before timing out between devices and authentication and policy server. The range is from 2 to 20
+ example: 2
+ - model_name: encryptionScheme
+ type: String
+ enum_values:
+ - KEYWRAP
+ - RADSEC
+ description: Type of encryption scheme for additional security
+ exclude_test: true
+ - model_name: messageKey
+ type: String
+ write_only: true
+ description: Message key used to encrypt shared secret
+ exclude_test: true
+ - model_name: encryptionKey
+ type: String
+ write_only: true
+ description: Encryption key used to encrypt shared secret
+ exclude_test: true
+ - model_name: externalCiscoIseIpAddrDtos
+ type: List
+ description: For future use
+ exclude_test: true
+ attributes:
+ - model_name: externalCiscoIseIpAddresses
+ type: List
+ attributes:
+ - model_name: externalIpAddress
+ type: String
+ - model_name: type
+ type: String
diff --git a/internal/provider/data_source_catalystcenter_authentication_policy_server.go b/internal/provider/data_source_catalystcenter_authentication_policy_server.go
new file mode 100644
index 0000000..64e3956
--- /dev/null
+++ b/internal/provider/data_source_catalystcenter_authentication_policy_server.go
@@ -0,0 +1,226 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+// Section below is generated&owned by "gen/generator.go". //template:begin imports
+import (
+ "context"
+ "fmt"
+
+ "github.com/hashicorp/terraform-plugin-framework/datasource"
+ "github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+ "github.com/hashicorp/terraform-plugin-log/tflog"
+ cc "github.com/netascode/go-catalystcenter"
+)
+
+// End of section. //template:end imports
+
+// Section below is generated&owned by "gen/generator.go". //template:begin model
+
+// Ensure the implementation satisfies the expected interfaces.
+var (
+ _ datasource.DataSource = &AuthenticationPolicyServerDataSource{}
+ _ datasource.DataSourceWithConfigure = &AuthenticationPolicyServerDataSource{}
+)
+
+func NewAuthenticationPolicyServerDataSource() datasource.DataSource {
+ return &AuthenticationPolicyServerDataSource{}
+}
+
+type AuthenticationPolicyServerDataSource struct {
+ client *cc.Client
+}
+
+func (d *AuthenticationPolicyServerDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+ resp.TypeName = req.ProviderTypeName + "_authentication_policy_server"
+}
+
+func (d *AuthenticationPolicyServerDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+ resp.Schema = schema.Schema{
+ // This description is used by the documentation generator and the language server.
+ MarkdownDescription: "This data source can read the Authentication Policy Server.",
+
+ Attributes: map[string]schema.Attribute{
+ "id": schema.StringAttribute{
+ MarkdownDescription: "The id of the object",
+ Required: true,
+ },
+ "authentication_port": schema.Int64Attribute{
+ MarkdownDescription: "Authentication port of RADIUS server",
+ Computed: true,
+ },
+ "accounting_port": schema.Int64Attribute{
+ MarkdownDescription: "Accounting port of RADIUS server",
+ Computed: true,
+ },
+ "cisco_ise_dtos": schema.ListNestedAttribute{
+ MarkdownDescription: "Cisco ISE Server DTOs",
+ Computed: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "description": schema.StringAttribute{
+ MarkdownDescription: "Description about the Cisco ISE server",
+ Computed: true,
+ },
+ "fqdn": schema.StringAttribute{
+ MarkdownDescription: "Fully-qualified domain name of the Cisco ISE server",
+ Computed: true,
+ },
+ "password": schema.StringAttribute{
+ MarkdownDescription: "Password of the Cisco ISE server",
+ Computed: true,
+ },
+ "sshkey": schema.StringAttribute{
+ MarkdownDescription: "SSH key of the Cisco ISE server",
+ Computed: true,
+ },
+ "ip_address": schema.StringAttribute{
+ MarkdownDescription: "IP Address of the Cisco ISE Server",
+ Computed: true,
+ },
+ "subscriber_name": schema.StringAttribute{
+ MarkdownDescription: "Subscriber name of the Cisco ISE server",
+ Computed: true,
+ },
+ "user_name": schema.StringAttribute{
+ MarkdownDescription: "User name of the Cisco ISE server",
+ Computed: true,
+ },
+ },
+ },
+ },
+ "ip_address": schema.StringAttribute{
+ MarkdownDescription: "IP address of authentication and policy server",
+ Computed: true,
+ },
+ "pxgrid_enabled": schema.BoolAttribute{
+ MarkdownDescription: "Value true for enable, false for disable. Default value is true",
+ Computed: true,
+ },
+ "use_dnac_cert_for_pxgrid": schema.BoolAttribute{
+ MarkdownDescription: "Value true to use DNAC certificate for Pxgrid. Default value is false",
+ Computed: true,
+ },
+ "is_ise_enabled": schema.BoolAttribute{
+ MarkdownDescription: "Value true for Cisco ISE Server. Default value is false",
+ Computed: true,
+ },
+ "port": schema.Int64Attribute{
+ MarkdownDescription: "Port of TACACS server",
+ Computed: true,
+ },
+ "protocol": schema.StringAttribute{
+ MarkdownDescription: "Type of protocol for authentication and policy server. If already saved with RADIUS, can update to RADIUS_TACACS. If already saved with TACACS, can update to RADIUS_TACACS",
+ Computed: true,
+ },
+ "retries": schema.Int64Attribute{
+ MarkdownDescription: "Number of communication retries between devices and authentication and policy server. The range is from 1 to 3",
+ Computed: true,
+ },
+ "role": schema.StringAttribute{
+ MarkdownDescription: "Role of authentication and policy server",
+ Computed: true,
+ },
+ "shared_secret": schema.StringAttribute{
+ MarkdownDescription: "Shared secret between devices and authentication and policy server",
+ Computed: true,
+ },
+ "timeout_seconds": schema.Int64Attribute{
+ MarkdownDescription: "Number of seconds before timing out between devices and authentication and policy server. The range is from 2 to 20",
+ Computed: true,
+ },
+ "encryption_scheme": schema.StringAttribute{
+ MarkdownDescription: "Type of encryption scheme for additional security",
+ Computed: true,
+ },
+ "message_key": schema.StringAttribute{
+ MarkdownDescription: "Message key used to encrypt shared secret",
+ Computed: true,
+ },
+ "encryption_key": schema.StringAttribute{
+ MarkdownDescription: "Encryption key used to encrypt shared secret",
+ Computed: true,
+ },
+ "external_cisco_ise_ip_addr_dtos": schema.ListNestedAttribute{
+ MarkdownDescription: "For future use",
+ Computed: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "external_cisco_ise_ip_addresses": schema.ListNestedAttribute{
+ MarkdownDescription: "",
+ Computed: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "external_ip_address": schema.StringAttribute{
+ MarkdownDescription: "",
+ Computed: true,
+ },
+ },
+ },
+ },
+ "type": schema.StringAttribute{
+ MarkdownDescription: "",
+ Computed: true,
+ },
+ },
+ },
+ },
+ },
+ }
+}
+
+func (d *AuthenticationPolicyServerDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, _ *datasource.ConfigureResponse) {
+ if req.ProviderData == nil {
+ return
+ }
+
+ d.client = req.ProviderData.(*CcProviderData).Client
+}
+
+// End of section. //template:end model
+
+// Section below is generated&owned by "gen/generator.go". //template:begin read
+func (d *AuthenticationPolicyServerDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+ var config AuthenticationPolicyServer
+
+ // Read config
+ diags := req.Config.Get(ctx, &config)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", config.Id.String()))
+
+ params := ""
+ res, err := d.client.Get(config.getPath() + params)
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object, got error: %s", err))
+ return
+ }
+ res = res.Get("response.#(instanceUuid==\"" + config.Id.ValueString() + "\")")
+
+ config.fromBody(ctx, res)
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", config.Id.ValueString()))
+
+ diags = resp.State.Set(ctx, &config)
+ resp.Diagnostics.Append(diags...)
+}
+
+// End of section. //template:end read
diff --git a/internal/provider/data_source_catalystcenter_authentication_policy_server_test.go b/internal/provider/data_source_catalystcenter_authentication_policy_server_test.go
new file mode 100644
index 0000000..201b4b7
--- /dev/null
+++ b/internal/provider/data_source_catalystcenter_authentication_policy_server_test.go
@@ -0,0 +1,85 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+// Section below is generated&owned by "gen/generator.go". //template:begin imports
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+// End of section. //template:end imports
+
+// Section below is generated&owned by "gen/generator.go". //template:begin testAccDataSource
+func TestAccDataSourceCcAuthenticationPolicyServer(t *testing.T) {
+ var checks []resource.TestCheckFunc
+ checks = append(checks, resource.TestCheckResourceAttr("data.catalystcenter_authentication_policy_server.test", "authentication_port", "1812"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.catalystcenter_authentication_policy_server.test", "accounting_port", "1813"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.catalystcenter_authentication_policy_server.test", "ip_address", "10.0.0.1"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.catalystcenter_authentication_policy_server.test", "pxgrid_enabled", "true"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.catalystcenter_authentication_policy_server.test", "use_dnac_cert_for_pxgrid", "false"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.catalystcenter_authentication_policy_server.test", "is_ise_enabled", "false"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.catalystcenter_authentication_policy_server.test", "port", "49"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.catalystcenter_authentication_policy_server.test", "protocol", "RADIUS"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.catalystcenter_authentication_policy_server.test", "retries", "2"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.catalystcenter_authentication_policy_server.test", "role", "secondary"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.catalystcenter_authentication_policy_server.test", "timeout_seconds", "2"))
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccDataSourceCcAuthenticationPolicyServerConfig(),
+ Check: resource.ComposeTestCheckFunc(checks...),
+ },
+ },
+ })
+}
+
+// End of section. //template:end testAccDataSource
+
+// Section below is generated&owned by "gen/generator.go". //template:begin testPrerequisites
+// End of section. //template:end testPrerequisites
+
+// Section below is generated&owned by "gen/generator.go". //template:begin testAccDataSourceConfig
+func testAccDataSourceCcAuthenticationPolicyServerConfig() string {
+ config := `resource "catalystcenter_authentication_policy_server" "test" {` + "\n"
+ config += ` authentication_port = 1812` + "\n"
+ config += ` accounting_port = 1813` + "\n"
+ config += ` ip_address = "10.0.0.1"` + "\n"
+ config += ` pxgrid_enabled = true` + "\n"
+ config += ` use_dnac_cert_for_pxgrid = false` + "\n"
+ config += ` is_ise_enabled = false` + "\n"
+ config += ` port = 49` + "\n"
+ config += ` protocol = "RADIUS"` + "\n"
+ config += ` retries = 2` + "\n"
+ config += ` role = "secondary"` + "\n"
+ config += ` shared_secret = "Cisco123"` + "\n"
+ config += ` timeout_seconds = 2` + "\n"
+ config += `}` + "\n"
+
+ config += `
+ data "catalystcenter_authentication_policy_server" "test" {
+ id = catalystcenter_authentication_policy_server.test.id
+ }
+ `
+ return config
+}
+
+// End of section. //template:end testAccDataSourceConfig
diff --git a/internal/provider/model_catalystcenter_authentication_policy_server.go b/internal/provider/model_catalystcenter_authentication_policy_server.go
new file mode 100644
index 0000000..4c5e22d
--- /dev/null
+++ b/internal/provider/model_catalystcenter_authentication_policy_server.go
@@ -0,0 +1,565 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+// Section below is generated&owned by "gen/generator.go". //template:begin imports
+import (
+ "context"
+
+ "github.com/hashicorp/terraform-plugin-framework/types"
+ "github.com/tidwall/gjson"
+ "github.com/tidwall/sjson"
+)
+
+// End of section. //template:end imports
+
+// Section below is generated&owned by "gen/generator.go". //template:begin types
+type AuthenticationPolicyServer struct {
+ Id types.String `tfsdk:"id"`
+ AuthenticationPort types.Int64 `tfsdk:"authentication_port"`
+ AccountingPort types.Int64 `tfsdk:"accounting_port"`
+ CiscoIseDtos []AuthenticationPolicyServerCiscoIseDtos `tfsdk:"cisco_ise_dtos"`
+ IpAddress types.String `tfsdk:"ip_address"`
+ PxgridEnabled types.Bool `tfsdk:"pxgrid_enabled"`
+ UseDnacCertForPxgrid types.Bool `tfsdk:"use_dnac_cert_for_pxgrid"`
+ IsIseEnabled types.Bool `tfsdk:"is_ise_enabled"`
+ Port types.Int64 `tfsdk:"port"`
+ Protocol types.String `tfsdk:"protocol"`
+ Retries types.Int64 `tfsdk:"retries"`
+ Role types.String `tfsdk:"role"`
+ SharedSecret types.String `tfsdk:"shared_secret"`
+ TimeoutSeconds types.Int64 `tfsdk:"timeout_seconds"`
+ EncryptionScheme types.String `tfsdk:"encryption_scheme"`
+ MessageKey types.String `tfsdk:"message_key"`
+ EncryptionKey types.String `tfsdk:"encryption_key"`
+ ExternalCiscoIseIpAddrDtos []AuthenticationPolicyServerExternalCiscoIseIpAddrDtos `tfsdk:"external_cisco_ise_ip_addr_dtos"`
+}
+
+type AuthenticationPolicyServerCiscoIseDtos struct {
+ Description types.String `tfsdk:"description"`
+ Fqdn types.String `tfsdk:"fqdn"`
+ Password types.String `tfsdk:"password"`
+ Sshkey types.String `tfsdk:"sshkey"`
+ IpAddress types.String `tfsdk:"ip_address"`
+ SubscriberName types.String `tfsdk:"subscriber_name"`
+ UserName types.String `tfsdk:"user_name"`
+}
+
+type AuthenticationPolicyServerExternalCiscoIseIpAddrDtos struct {
+ ExternalCiscoIseIpAddresses []AuthenticationPolicyServerExternalCiscoIseIpAddrDtosExternalCiscoIseIpAddresses `tfsdk:"external_cisco_ise_ip_addresses"`
+ Type types.String `tfsdk:"type"`
+}
+
+type AuthenticationPolicyServerExternalCiscoIseIpAddrDtosExternalCiscoIseIpAddresses struct {
+ ExternalIpAddress types.String `tfsdk:"external_ip_address"`
+}
+
+// End of section. //template:end types
+
+// Section below is generated&owned by "gen/generator.go". //template:begin getPath
+func (data AuthenticationPolicyServer) getPath() string {
+ return "/dna/intent/api/v1/authentication-policy-servers"
+}
+
+// End of section. //template:end getPath
+
+// Section below is generated&owned by "gen/generator.go". //template:begin getPathDelete
+
+// End of section. //template:end getPathDelete
+
+// Section below is generated&owned by "gen/generator.go". //template:begin toBody
+func (data AuthenticationPolicyServer) toBody(ctx context.Context, state AuthenticationPolicyServer) string {
+ body := ""
+ put := false
+ if state.Id.ValueString() != "" {
+ put = true
+ }
+ _ = put
+ if !data.AuthenticationPort.IsNull() {
+ body, _ = sjson.Set(body, "authenticationPort", data.AuthenticationPort.ValueInt64())
+ }
+ if !data.AccountingPort.IsNull() {
+ body, _ = sjson.Set(body, "accountingPort", data.AccountingPort.ValueInt64())
+ }
+ if len(data.CiscoIseDtos) > 0 {
+ body, _ = sjson.Set(body, "ciscoIseDtos", []interface{}{})
+ for _, item := range data.CiscoIseDtos {
+ itemBody := ""
+ if !item.Description.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "description", item.Description.ValueString())
+ }
+ if !item.Fqdn.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "fqdn", item.Fqdn.ValueString())
+ }
+ if !item.Password.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "password", item.Password.ValueString())
+ }
+ if !item.Sshkey.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "sshkey", item.Sshkey.ValueString())
+ }
+ if !item.IpAddress.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "ipAddress", item.IpAddress.ValueString())
+ }
+ if !item.SubscriberName.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "subscriberName", item.SubscriberName.ValueString())
+ }
+ if !item.UserName.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "userName", item.UserName.ValueString())
+ }
+ body, _ = sjson.SetRaw(body, "ciscoIseDtos.-1", itemBody)
+ }
+ }
+ if !data.IpAddress.IsNull() {
+ body, _ = sjson.Set(body, "ipAddress", data.IpAddress.ValueString())
+ }
+ if !data.PxgridEnabled.IsNull() {
+ body, _ = sjson.Set(body, "pxgridEnabled", data.PxgridEnabled.ValueBool())
+ }
+ if !data.UseDnacCertForPxgrid.IsNull() {
+ body, _ = sjson.Set(body, "useDnacCertForPxgrid", data.UseDnacCertForPxgrid.ValueBool())
+ }
+ if !data.IsIseEnabled.IsNull() {
+ body, _ = sjson.Set(body, "isIseEnabled", data.IsIseEnabled.ValueBool())
+ }
+ if !data.Port.IsNull() {
+ body, _ = sjson.Set(body, "port", data.Port.ValueInt64())
+ }
+ if !data.Protocol.IsNull() {
+ body, _ = sjson.Set(body, "protocol", data.Protocol.ValueString())
+ }
+ if !data.Retries.IsNull() {
+ body, _ = sjson.Set(body, "retries", data.Retries.ValueInt64())
+ }
+ if !data.Role.IsNull() {
+ body, _ = sjson.Set(body, "role", data.Role.ValueString())
+ }
+ if !data.SharedSecret.IsNull() {
+ body, _ = sjson.Set(body, "sharedSecret", data.SharedSecret.ValueString())
+ }
+ if !data.TimeoutSeconds.IsNull() {
+ body, _ = sjson.Set(body, "timeoutSeconds", data.TimeoutSeconds.ValueInt64())
+ }
+ if !data.EncryptionScheme.IsNull() {
+ body, _ = sjson.Set(body, "encryptionScheme", data.EncryptionScheme.ValueString())
+ }
+ if !data.MessageKey.IsNull() {
+ body, _ = sjson.Set(body, "messageKey", data.MessageKey.ValueString())
+ }
+ if !data.EncryptionKey.IsNull() {
+ body, _ = sjson.Set(body, "encryptionKey", data.EncryptionKey.ValueString())
+ }
+ if len(data.ExternalCiscoIseIpAddrDtos) > 0 {
+ body, _ = sjson.Set(body, "externalCiscoIseIpAddrDtos", []interface{}{})
+ for _, item := range data.ExternalCiscoIseIpAddrDtos {
+ itemBody := ""
+ if len(item.ExternalCiscoIseIpAddresses) > 0 {
+ itemBody, _ = sjson.Set(itemBody, "externalCiscoIseIpAddresses", []interface{}{})
+ for _, childItem := range item.ExternalCiscoIseIpAddresses {
+ itemChildBody := ""
+ if !childItem.ExternalIpAddress.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "externalIpAddress", childItem.ExternalIpAddress.ValueString())
+ }
+ itemBody, _ = sjson.SetRaw(itemBody, "externalCiscoIseIpAddresses.-1", itemChildBody)
+ }
+ }
+ if !item.Type.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "type", item.Type.ValueString())
+ }
+ body, _ = sjson.SetRaw(body, "externalCiscoIseIpAddrDtos.-1", itemBody)
+ }
+ }
+ return body
+}
+
+// End of section. //template:end toBody
+
+// Section below is generated&owned by "gen/generator.go". //template:begin fromBody
+func (data *AuthenticationPolicyServer) fromBody(ctx context.Context, res gjson.Result) {
+ if value := res.Get("authenticationPort"); value.Exists() {
+ data.AuthenticationPort = types.Int64Value(value.Int())
+ } else {
+ data.AuthenticationPort = types.Int64Null()
+ }
+ if value := res.Get("accountingPort"); value.Exists() {
+ data.AccountingPort = types.Int64Value(value.Int())
+ } else {
+ data.AccountingPort = types.Int64Null()
+ }
+ if value := res.Get("ciscoIseDtos"); value.Exists() && len(value.Array()) > 0 {
+ data.CiscoIseDtos = make([]AuthenticationPolicyServerCiscoIseDtos, 0)
+ value.ForEach(func(k, v gjson.Result) bool {
+ item := AuthenticationPolicyServerCiscoIseDtos{}
+ if cValue := v.Get("description"); cValue.Exists() {
+ item.Description = types.StringValue(cValue.String())
+ } else {
+ item.Description = types.StringNull()
+ }
+ if cValue := v.Get("fqdn"); cValue.Exists() {
+ item.Fqdn = types.StringValue(cValue.String())
+ } else {
+ item.Fqdn = types.StringNull()
+ }
+ if cValue := v.Get("password"); cValue.Exists() {
+ item.Password = types.StringValue(cValue.String())
+ } else {
+ item.Password = types.StringNull()
+ }
+ if cValue := v.Get("sshkey"); cValue.Exists() {
+ item.Sshkey = types.StringValue(cValue.String())
+ } else {
+ item.Sshkey = types.StringNull()
+ }
+ if cValue := v.Get("ipAddress"); cValue.Exists() {
+ item.IpAddress = types.StringValue(cValue.String())
+ } else {
+ item.IpAddress = types.StringNull()
+ }
+ if cValue := v.Get("subscriberName"); cValue.Exists() {
+ item.SubscriberName = types.StringValue(cValue.String())
+ } else {
+ item.SubscriberName = types.StringNull()
+ }
+ if cValue := v.Get("userName"); cValue.Exists() {
+ item.UserName = types.StringValue(cValue.String())
+ } else {
+ item.UserName = types.StringNull()
+ }
+ data.CiscoIseDtos = append(data.CiscoIseDtos, item)
+ return true
+ })
+ }
+ if value := res.Get("ipAddress"); value.Exists() {
+ data.IpAddress = types.StringValue(value.String())
+ } else {
+ data.IpAddress = types.StringNull()
+ }
+ if value := res.Get("pxgridEnabled"); value.Exists() {
+ data.PxgridEnabled = types.BoolValue(value.Bool())
+ } else {
+ data.PxgridEnabled = types.BoolNull()
+ }
+ if value := res.Get("useDnacCertForPxgrid"); value.Exists() {
+ data.UseDnacCertForPxgrid = types.BoolValue(value.Bool())
+ } else {
+ data.UseDnacCertForPxgrid = types.BoolNull()
+ }
+ if value := res.Get("isIseEnabled"); value.Exists() {
+ data.IsIseEnabled = types.BoolValue(value.Bool())
+ } else {
+ data.IsIseEnabled = types.BoolNull()
+ }
+ if value := res.Get("port"); value.Exists() {
+ data.Port = types.Int64Value(value.Int())
+ } else {
+ data.Port = types.Int64Null()
+ }
+ if value := res.Get("protocol"); value.Exists() {
+ data.Protocol = types.StringValue(value.String())
+ } else {
+ data.Protocol = types.StringNull()
+ }
+ if value := res.Get("retries"); value.Exists() {
+ data.Retries = types.Int64Value(value.Int())
+ } else {
+ data.Retries = types.Int64Null()
+ }
+ if value := res.Get("role"); value.Exists() {
+ data.Role = types.StringValue(value.String())
+ } else {
+ data.Role = types.StringNull()
+ }
+ if value := res.Get("timeoutSeconds"); value.Exists() {
+ data.TimeoutSeconds = types.Int64Value(value.Int())
+ } else {
+ data.TimeoutSeconds = types.Int64Null()
+ }
+ if value := res.Get("encryptionScheme"); value.Exists() {
+ data.EncryptionScheme = types.StringValue(value.String())
+ } else {
+ data.EncryptionScheme = types.StringNull()
+ }
+ if value := res.Get("externalCiscoIseIpAddrDtos"); value.Exists() && len(value.Array()) > 0 {
+ data.ExternalCiscoIseIpAddrDtos = make([]AuthenticationPolicyServerExternalCiscoIseIpAddrDtos, 0)
+ value.ForEach(func(k, v gjson.Result) bool {
+ item := AuthenticationPolicyServerExternalCiscoIseIpAddrDtos{}
+ if cValue := v.Get("externalCiscoIseIpAddresses"); cValue.Exists() && len(cValue.Array()) > 0 {
+ item.ExternalCiscoIseIpAddresses = make([]AuthenticationPolicyServerExternalCiscoIseIpAddrDtosExternalCiscoIseIpAddresses, 0)
+ cValue.ForEach(func(ck, cv gjson.Result) bool {
+ cItem := AuthenticationPolicyServerExternalCiscoIseIpAddrDtosExternalCiscoIseIpAddresses{}
+ if ccValue := cv.Get("externalIpAddress"); ccValue.Exists() {
+ cItem.ExternalIpAddress = types.StringValue(ccValue.String())
+ } else {
+ cItem.ExternalIpAddress = types.StringNull()
+ }
+ item.ExternalCiscoIseIpAddresses = append(item.ExternalCiscoIseIpAddresses, cItem)
+ return true
+ })
+ }
+ if cValue := v.Get("type"); cValue.Exists() {
+ item.Type = types.StringValue(cValue.String())
+ } else {
+ item.Type = types.StringNull()
+ }
+ data.ExternalCiscoIseIpAddrDtos = append(data.ExternalCiscoIseIpAddrDtos, item)
+ return true
+ })
+ }
+}
+
+// End of section. //template:end fromBody
+
+// Section below is generated&owned by "gen/generator.go". //template:begin updateFromBody
+func (data *AuthenticationPolicyServer) updateFromBody(ctx context.Context, res gjson.Result) {
+ if value := res.Get("authenticationPort"); value.Exists() && !data.AuthenticationPort.IsNull() {
+ data.AuthenticationPort = types.Int64Value(value.Int())
+ } else {
+ data.AuthenticationPort = types.Int64Null()
+ }
+ if value := res.Get("accountingPort"); value.Exists() && !data.AccountingPort.IsNull() {
+ data.AccountingPort = types.Int64Value(value.Int())
+ } else {
+ data.AccountingPort = types.Int64Null()
+ }
+ for i := range data.CiscoIseDtos {
+ keys := [...]string{"description", "fqdn", "password", "sshkey", "ipAddress", "subscriberName", "userName"}
+ keyValues := [...]string{data.CiscoIseDtos[i].Description.ValueString(), data.CiscoIseDtos[i].Fqdn.ValueString(), data.CiscoIseDtos[i].Password.ValueString(), data.CiscoIseDtos[i].Sshkey.ValueString(), data.CiscoIseDtos[i].IpAddress.ValueString(), data.CiscoIseDtos[i].SubscriberName.ValueString(), data.CiscoIseDtos[i].UserName.ValueString()}
+
+ var r gjson.Result
+ res.Get("ciscoIseDtos").ForEach(
+ func(_, v gjson.Result) bool {
+ found := false
+ for ik := range keys {
+ if v.Get(keys[ik]).String() == keyValues[ik] {
+ found = true
+ continue
+ }
+ found = false
+ break
+ }
+ if found {
+ r = v
+ return false
+ }
+ return true
+ },
+ )
+ if value := r.Get("description"); value.Exists() && !data.CiscoIseDtos[i].Description.IsNull() {
+ data.CiscoIseDtos[i].Description = types.StringValue(value.String())
+ } else {
+ data.CiscoIseDtos[i].Description = types.StringNull()
+ }
+ if value := r.Get("fqdn"); value.Exists() && !data.CiscoIseDtos[i].Fqdn.IsNull() {
+ data.CiscoIseDtos[i].Fqdn = types.StringValue(value.String())
+ } else {
+ data.CiscoIseDtos[i].Fqdn = types.StringNull()
+ }
+ if value := r.Get("password"); value.Exists() && !data.CiscoIseDtos[i].Password.IsNull() {
+ data.CiscoIseDtos[i].Password = types.StringValue(value.String())
+ } else {
+ data.CiscoIseDtos[i].Password = types.StringNull()
+ }
+ if value := r.Get("sshkey"); value.Exists() && !data.CiscoIseDtos[i].Sshkey.IsNull() {
+ data.CiscoIseDtos[i].Sshkey = types.StringValue(value.String())
+ } else {
+ data.CiscoIseDtos[i].Sshkey = types.StringNull()
+ }
+ if value := r.Get("ipAddress"); value.Exists() && !data.CiscoIseDtos[i].IpAddress.IsNull() {
+ data.CiscoIseDtos[i].IpAddress = types.StringValue(value.String())
+ } else {
+ data.CiscoIseDtos[i].IpAddress = types.StringNull()
+ }
+ if value := r.Get("subscriberName"); value.Exists() && !data.CiscoIseDtos[i].SubscriberName.IsNull() {
+ data.CiscoIseDtos[i].SubscriberName = types.StringValue(value.String())
+ } else {
+ data.CiscoIseDtos[i].SubscriberName = types.StringNull()
+ }
+ if value := r.Get("userName"); value.Exists() && !data.CiscoIseDtos[i].UserName.IsNull() {
+ data.CiscoIseDtos[i].UserName = types.StringValue(value.String())
+ } else {
+ data.CiscoIseDtos[i].UserName = types.StringNull()
+ }
+ }
+ if value := res.Get("ipAddress"); value.Exists() && !data.IpAddress.IsNull() {
+ data.IpAddress = types.StringValue(value.String())
+ } else {
+ data.IpAddress = types.StringNull()
+ }
+ if value := res.Get("pxgridEnabled"); value.Exists() && !data.PxgridEnabled.IsNull() {
+ data.PxgridEnabled = types.BoolValue(value.Bool())
+ } else {
+ data.PxgridEnabled = types.BoolNull()
+ }
+ if value := res.Get("useDnacCertForPxgrid"); value.Exists() && !data.UseDnacCertForPxgrid.IsNull() {
+ data.UseDnacCertForPxgrid = types.BoolValue(value.Bool())
+ } else {
+ data.UseDnacCertForPxgrid = types.BoolNull()
+ }
+ if value := res.Get("isIseEnabled"); value.Exists() && !data.IsIseEnabled.IsNull() {
+ data.IsIseEnabled = types.BoolValue(value.Bool())
+ } else {
+ data.IsIseEnabled = types.BoolNull()
+ }
+ if value := res.Get("port"); value.Exists() && !data.Port.IsNull() {
+ data.Port = types.Int64Value(value.Int())
+ } else {
+ data.Port = types.Int64Null()
+ }
+ if value := res.Get("protocol"); value.Exists() && !data.Protocol.IsNull() {
+ data.Protocol = types.StringValue(value.String())
+ } else {
+ data.Protocol = types.StringNull()
+ }
+ if value := res.Get("retries"); value.Exists() && !data.Retries.IsNull() {
+ data.Retries = types.Int64Value(value.Int())
+ } else {
+ data.Retries = types.Int64Null()
+ }
+ if value := res.Get("role"); value.Exists() && !data.Role.IsNull() {
+ data.Role = types.StringValue(value.String())
+ } else {
+ data.Role = types.StringNull()
+ }
+ if value := res.Get("timeoutSeconds"); value.Exists() && !data.TimeoutSeconds.IsNull() {
+ data.TimeoutSeconds = types.Int64Value(value.Int())
+ } else {
+ data.TimeoutSeconds = types.Int64Null()
+ }
+ if value := res.Get("encryptionScheme"); value.Exists() && !data.EncryptionScheme.IsNull() {
+ data.EncryptionScheme = types.StringValue(value.String())
+ } else {
+ data.EncryptionScheme = types.StringNull()
+ }
+ for i := range data.ExternalCiscoIseIpAddrDtos {
+ keys := [...]string{"type"}
+ keyValues := [...]string{data.ExternalCiscoIseIpAddrDtos[i].Type.ValueString()}
+
+ var r gjson.Result
+ res.Get("externalCiscoIseIpAddrDtos").ForEach(
+ func(_, v gjson.Result) bool {
+ found := false
+ for ik := range keys {
+ if v.Get(keys[ik]).String() == keyValues[ik] {
+ found = true
+ continue
+ }
+ found = false
+ break
+ }
+ if found {
+ r = v
+ return false
+ }
+ return true
+ },
+ )
+ for ci := range data.ExternalCiscoIseIpAddrDtos[i].ExternalCiscoIseIpAddresses {
+ keys := [...]string{"externalIpAddress"}
+ keyValues := [...]string{data.ExternalCiscoIseIpAddrDtos[i].ExternalCiscoIseIpAddresses[ci].ExternalIpAddress.ValueString()}
+
+ var cr gjson.Result
+ r.Get("externalCiscoIseIpAddresses").ForEach(
+ func(_, v gjson.Result) bool {
+ found := false
+ for ik := range keys {
+ if v.Get(keys[ik]).String() == keyValues[ik] {
+ found = true
+ continue
+ }
+ found = false
+ break
+ }
+ if found {
+ cr = v
+ return false
+ }
+ return true
+ },
+ )
+ if value := cr.Get("externalIpAddress"); value.Exists() && !data.ExternalCiscoIseIpAddrDtos[i].ExternalCiscoIseIpAddresses[ci].ExternalIpAddress.IsNull() {
+ data.ExternalCiscoIseIpAddrDtos[i].ExternalCiscoIseIpAddresses[ci].ExternalIpAddress = types.StringValue(value.String())
+ } else {
+ data.ExternalCiscoIseIpAddrDtos[i].ExternalCiscoIseIpAddresses[ci].ExternalIpAddress = types.StringNull()
+ }
+ }
+ if value := r.Get("type"); value.Exists() && !data.ExternalCiscoIseIpAddrDtos[i].Type.IsNull() {
+ data.ExternalCiscoIseIpAddrDtos[i].Type = types.StringValue(value.String())
+ } else {
+ data.ExternalCiscoIseIpAddrDtos[i].Type = types.StringNull()
+ }
+ }
+}
+
+// End of section. //template:end updateFromBody
+
+// Section below is generated&owned by "gen/generator.go". //template:begin isNull
+func (data *AuthenticationPolicyServer) isNull(ctx context.Context, res gjson.Result) bool {
+ if !data.AuthenticationPort.IsNull() {
+ return false
+ }
+ if !data.AccountingPort.IsNull() {
+ return false
+ }
+ if len(data.CiscoIseDtos) > 0 {
+ return false
+ }
+ if !data.IpAddress.IsNull() {
+ return false
+ }
+ if !data.PxgridEnabled.IsNull() {
+ return false
+ }
+ if !data.UseDnacCertForPxgrid.IsNull() {
+ return false
+ }
+ if !data.IsIseEnabled.IsNull() {
+ return false
+ }
+ if !data.Port.IsNull() {
+ return false
+ }
+ if !data.Protocol.IsNull() {
+ return false
+ }
+ if !data.Retries.IsNull() {
+ return false
+ }
+ if !data.Role.IsNull() {
+ return false
+ }
+ if !data.SharedSecret.IsNull() {
+ return false
+ }
+ if !data.TimeoutSeconds.IsNull() {
+ return false
+ }
+ if !data.EncryptionScheme.IsNull() {
+ return false
+ }
+ if !data.MessageKey.IsNull() {
+ return false
+ }
+ if !data.EncryptionKey.IsNull() {
+ return false
+ }
+ if len(data.ExternalCiscoIseIpAddrDtos) > 0 {
+ return false
+ }
+ return true
+}
+
+// End of section. //template:end isNull
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
index 2b147ba..c46b3a7 100644
--- a/internal/provider/provider.go
+++ b/internal/provider/provider.go
@@ -243,6 +243,7 @@ func (p *CcProvider) Resources(ctx context.Context) []func() resource.Resource {
NewAssignCredentialsResource,
NewAssignTemplatesToTagResource,
NewAssociateSiteToNetworkProfileResource,
+ NewAuthenticationPolicyServerResource,
NewBuildingResource,
NewCredentialsCLIResource,
NewCredentialsHTTPSReadResource,
@@ -301,6 +302,7 @@ func (p *CcProvider) DataSources(ctx context.Context) []func() datasource.DataSo
NewAreaDataSource,
NewAssignCredentialsDataSource,
NewAssignTemplatesToTagDataSource,
+ NewAuthenticationPolicyServerDataSource,
NewBuildingDataSource,
NewCredentialsCLIDataSource,
NewCredentialsHTTPSReadDataSource,
diff --git a/internal/provider/resource_catalystcenter_authentication_policy_server.go b/internal/provider/resource_catalystcenter_authentication_policy_server.go
new file mode 100644
index 0000000..ae36d4e
--- /dev/null
+++ b/internal/provider/resource_catalystcenter_authentication_policy_server.go
@@ -0,0 +1,386 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+// Section below is generated&owned by "gen/generator.go". //template:begin imports
+import (
+ "context"
+ "fmt"
+ "net/url"
+ "strings"
+
+ "github.com/CiscoDevNet/terraform-provider-catalystcenter/internal/provider/helpers"
+ "github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+ "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+ "github.com/hashicorp/terraform-plugin-framework/path"
+ "github.com/hashicorp/terraform-plugin-framework/resource"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+ "github.com/hashicorp/terraform-plugin-framework/schema/validator"
+ "github.com/hashicorp/terraform-plugin-framework/types"
+ "github.com/hashicorp/terraform-plugin-log/tflog"
+ cc "github.com/netascode/go-catalystcenter"
+)
+
+// End of section. //template:end imports
+
+// Section below is generated&owned by "gen/generator.go". //template:begin model
+
+// Ensure provider defined types fully satisfy framework interfaces
+var _ resource.Resource = &AuthenticationPolicyServerResource{}
+var _ resource.ResourceWithImportState = &AuthenticationPolicyServerResource{}
+
+func NewAuthenticationPolicyServerResource() resource.Resource {
+ return &AuthenticationPolicyServerResource{}
+}
+
+type AuthenticationPolicyServerResource struct {
+ client *cc.Client
+}
+
+func (r *AuthenticationPolicyServerResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+ resp.TypeName = req.ProviderTypeName + "_authentication_policy_server"
+}
+
+func (r *AuthenticationPolicyServerResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+ resp.Schema = schema.Schema{
+ // This description is used by the documentation generator and the language server.
+ MarkdownDescription: helpers.NewAttributeDescription("This resource can manage an Authentication Policy Server.").String,
+
+ Attributes: map[string]schema.Attribute{
+ "id": schema.StringAttribute{
+ MarkdownDescription: "The id of the object",
+ Computed: true,
+ PlanModifiers: []planmodifier.String{
+ stringplanmodifier.UseStateForUnknown(),
+ },
+ },
+ "authentication_port": schema.Int64Attribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Authentication port of RADIUS server").AddIntegerRangeDescription(1, 65535).String,
+ Required: true,
+ Validators: []validator.Int64{
+ int64validator.Between(1, 65535),
+ },
+ },
+ "accounting_port": schema.Int64Attribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Accounting port of RADIUS server").AddIntegerRangeDescription(1, 65535).String,
+ Required: true,
+ Validators: []validator.Int64{
+ int64validator.Between(1, 65535),
+ },
+ },
+ "cisco_ise_dtos": schema.ListNestedAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Cisco ISE Server DTOs").String,
+ Optional: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "description": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Description about the Cisco ISE server").String,
+ Optional: true,
+ },
+ "fqdn": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Fully-qualified domain name of the Cisco ISE server").String,
+ Required: true,
+ },
+ "password": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Password of the Cisco ISE server").String,
+ Required: true,
+ },
+ "sshkey": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("SSH key of the Cisco ISE server").String,
+ Optional: true,
+ },
+ "ip_address": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("IP Address of the Cisco ISE Server").String,
+ Required: true,
+ },
+ "subscriber_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Subscriber name of the Cisco ISE server").String,
+ Required: true,
+ },
+ "user_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("User name of the Cisco ISE server").String,
+ Required: true,
+ },
+ },
+ },
+ },
+ "ip_address": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("IP address of authentication and policy server").String,
+ Required: true,
+ PlanModifiers: []planmodifier.String{
+ stringplanmodifier.RequiresReplace(),
+ },
+ },
+ "pxgrid_enabled": schema.BoolAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Value true for enable, false for disable. Default value is true").String,
+ Optional: true,
+ },
+ "use_dnac_cert_for_pxgrid": schema.BoolAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Value true to use DNAC certificate for Pxgrid. Default value is false").String,
+ Optional: true,
+ },
+ "is_ise_enabled": schema.BoolAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Value true for Cisco ISE Server. Default value is false").String,
+ Optional: true,
+ },
+ "port": schema.Int64Attribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Port of TACACS server").AddIntegerRangeDescription(1, 65535).String,
+ Required: true,
+ Validators: []validator.Int64{
+ int64validator.Between(1, 65535),
+ },
+ },
+ "protocol": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Type of protocol for authentication and policy server. If already saved with RADIUS, can update to RADIUS_TACACS. If already saved with TACACS, can update to RADIUS_TACACS").AddStringEnumDescription("TACACS", "RADIUS", "RADIUS_TACACS").String,
+ Required: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("TACACS", "RADIUS", "RADIUS_TACACS"),
+ },
+ },
+ "retries": schema.Int64Attribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Number of communication retries between devices and authentication and policy server. The range is from 1 to 3").AddIntegerRangeDescription(1, 3).String,
+ Required: true,
+ Validators: []validator.Int64{
+ int64validator.Between(1, 3),
+ },
+ },
+ "role": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Role of authentication and policy server").AddStringEnumDescription("primary", "secondary").String,
+ Required: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("primary", "secondary"),
+ },
+ },
+ "shared_secret": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Shared secret between devices and authentication and policy server").String,
+ Required: true,
+ },
+ "timeout_seconds": schema.Int64Attribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Number of seconds before timing out between devices and authentication and policy server. The range is from 2 to 20").AddIntegerRangeDescription(2, 20).String,
+ Required: true,
+ Validators: []validator.Int64{
+ int64validator.Between(2, 20),
+ },
+ },
+ "encryption_scheme": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Type of encryption scheme for additional security").AddStringEnumDescription("KEYWRAP", "RADSEC").String,
+ Optional: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("KEYWRAP", "RADSEC"),
+ },
+ },
+ "message_key": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Message key used to encrypt shared secret").String,
+ Optional: true,
+ },
+ "encryption_key": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Encryption key used to encrypt shared secret").String,
+ Optional: true,
+ },
+ "external_cisco_ise_ip_addr_dtos": schema.ListNestedAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("For future use").String,
+ Optional: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "external_cisco_ise_ip_addresses": schema.ListNestedAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("").String,
+ Optional: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "external_ip_address": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("").String,
+ Optional: true,
+ },
+ },
+ },
+ },
+ "type": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("").String,
+ Optional: true,
+ },
+ },
+ },
+ },
+ },
+ }
+}
+
+func (r *AuthenticationPolicyServerResource) Configure(_ context.Context, req resource.ConfigureRequest, _ *resource.ConfigureResponse) {
+ if req.ProviderData == nil {
+ return
+ }
+
+ r.client = req.ProviderData.(*CcProviderData).Client
+}
+
+// End of section. //template:end model
+
+// Section below is generated&owned by "gen/generator.go". //template:begin create
+func (r *AuthenticationPolicyServerResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+ var plan AuthenticationPolicyServer
+
+ // Read plan
+ diags := req.Plan.Get(ctx, &plan)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Create", plan.Id.ValueString()))
+
+ // Create object
+ body := plan.toBody(ctx, AuthenticationPolicyServer{})
+
+ params := ""
+ res, err := r.client.Post(plan.getPath()+params, body)
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (POST), got error: %s, %s", err, res.String()))
+ return
+ }
+ params = ""
+ res, err = r.client.Get(plan.getPath() + params)
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String()))
+ return
+ }
+ plan.Id = types.StringValue(res.Get("response.#(ipAddress==\"" + plan.IpAddress.ValueString() + "\").instanceUuid").String())
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Create finished successfully", plan.Id.ValueString()))
+
+ diags = resp.State.Set(ctx, &plan)
+ resp.Diagnostics.Append(diags...)
+}
+
+// End of section. //template:end create
+
+// Section below is generated&owned by "gen/generator.go". //template:begin read
+func (r *AuthenticationPolicyServerResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+ var state AuthenticationPolicyServer
+
+ // Read state
+ diags := req.State.Get(ctx, &state)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", state.Id.String()))
+
+ params := ""
+ res, err := r.client.Get(state.getPath() + params)
+ if err != nil && strings.Contains(err.Error(), "StatusCode 404") {
+ resp.State.RemoveResource(ctx)
+ return
+ } else if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String()))
+ return
+ }
+ res = res.Get("response.#(instanceUuid==\"" + state.Id.ValueString() + "\")")
+
+ // If every attribute is set to null we are dealing with an import operation and therefore reading all attributes
+ if state.isNull(ctx, res) {
+ state.fromBody(ctx, res)
+ } else {
+ state.updateFromBody(ctx, res)
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", state.Id.ValueString()))
+
+ diags = resp.State.Set(ctx, &state)
+ resp.Diagnostics.Append(diags...)
+}
+
+// End of section. //template:end read
+
+// Section below is generated&owned by "gen/generator.go". //template:begin update
+func (r *AuthenticationPolicyServerResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+ var plan, state AuthenticationPolicyServer
+
+ // Read plan
+ diags := req.Plan.Get(ctx, &plan)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+ // Read state
+ diags = req.State.Get(ctx, &state)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Update", plan.Id.ValueString()))
+
+ body := plan.toBody(ctx, state)
+ params := ""
+ res, err := r.client.Put(plan.getPath()+"/"+url.QueryEscape(plan.Id.ValueString())+params, body)
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String()))
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Update finished successfully", plan.Id.ValueString()))
+
+ diags = resp.State.Set(ctx, &plan)
+ resp.Diagnostics.Append(diags...)
+}
+
+// End of section. //template:end update
+
+// Section below is generated&owned by "gen/generator.go". //template:begin delete
+func (r *AuthenticationPolicyServerResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+ var state AuthenticationPolicyServer
+
+ // Read state
+ diags := req.State.Get(ctx, &state)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Delete", state.Id.ValueString()))
+ res, err := r.client.Delete(state.getPath() + "/" + url.QueryEscape(state.Id.ValueString()))
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to delete object (DELETE), got error: %s, %s", err, res.String()))
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Delete finished successfully", state.Id.ValueString()))
+
+ resp.State.RemoveResource(ctx)
+}
+
+// End of section. //template:end delete
+
+// Section below is generated&owned by "gen/generator.go". //template:begin import
+func (r *AuthenticationPolicyServerResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+ idParts := strings.Split(req.ID, ",")
+
+ if len(idParts) != 1 || idParts[0] == "" {
+ resp.Diagnostics.AddError(
+ "Unexpected Import Identifier",
+ fmt.Sprintf("Expected import identifier with format: . Got: %q", req.ID),
+ )
+ return
+ }
+ resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("id"), idParts[0])...)
+}
+
+// End of section. //template:end import
diff --git a/internal/provider/resource_catalystcenter_authentication_policy_server_test.go b/internal/provider/resource_catalystcenter_authentication_policy_server_test.go
new file mode 100644
index 0000000..c3d25b3
--- /dev/null
+++ b/internal/provider/resource_catalystcenter_authentication_policy_server_test.go
@@ -0,0 +1,103 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+// Section below is generated&owned by "gen/generator.go". //template:begin imports
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+// End of section. //template:end imports
+
+// Section below is generated&owned by "gen/generator.go". //template:begin testAcc
+func TestAccCcAuthenticationPolicyServer(t *testing.T) {
+ var checks []resource.TestCheckFunc
+ checks = append(checks, resource.TestCheckResourceAttr("catalystcenter_authentication_policy_server.test", "authentication_port", "1812"))
+ checks = append(checks, resource.TestCheckResourceAttr("catalystcenter_authentication_policy_server.test", "accounting_port", "1813"))
+ checks = append(checks, resource.TestCheckResourceAttr("catalystcenter_authentication_policy_server.test", "ip_address", "10.0.0.1"))
+ checks = append(checks, resource.TestCheckResourceAttr("catalystcenter_authentication_policy_server.test", "pxgrid_enabled", "true"))
+ checks = append(checks, resource.TestCheckResourceAttr("catalystcenter_authentication_policy_server.test", "use_dnac_cert_for_pxgrid", "false"))
+ checks = append(checks, resource.TestCheckResourceAttr("catalystcenter_authentication_policy_server.test", "is_ise_enabled", "false"))
+ checks = append(checks, resource.TestCheckResourceAttr("catalystcenter_authentication_policy_server.test", "port", "49"))
+ checks = append(checks, resource.TestCheckResourceAttr("catalystcenter_authentication_policy_server.test", "protocol", "RADIUS"))
+ checks = append(checks, resource.TestCheckResourceAttr("catalystcenter_authentication_policy_server.test", "retries", "2"))
+ checks = append(checks, resource.TestCheckResourceAttr("catalystcenter_authentication_policy_server.test", "role", "secondary"))
+ checks = append(checks, resource.TestCheckResourceAttr("catalystcenter_authentication_policy_server.test", "timeout_seconds", "2"))
+
+ var steps []resource.TestStep
+ steps = append(steps, resource.TestStep{
+ Config: testAccCcAuthenticationPolicyServerConfig_all(),
+ Check: resource.ComposeTestCheckFunc(checks...),
+ })
+ steps = append(steps, resource.TestStep{
+ ResourceName: "catalystcenter_authentication_policy_server.test",
+ ImportState: true,
+ })
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+ Steps: steps,
+ })
+}
+
+// End of section. //template:end testAcc
+
+// Section below is generated&owned by "gen/generator.go". //template:begin testPrerequisites
+// End of section. //template:end testPrerequisites
+
+// Section below is generated&owned by "gen/generator.go". //template:begin testAccConfigMinimal
+func testAccCcAuthenticationPolicyServerConfig_minimum() string {
+ config := `resource "catalystcenter_authentication_policy_server" "test" {` + "\n"
+ config += ` authentication_port = 1812` + "\n"
+ config += ` accounting_port = 1813` + "\n"
+ config += ` ip_address = "10.0.0.1"` + "\n"
+ config += ` port = 49` + "\n"
+ config += ` protocol = "RADIUS"` + "\n"
+ config += ` retries = 2` + "\n"
+ config += ` role = "secondary"` + "\n"
+ config += ` shared_secret = "Cisco123"` + "\n"
+ config += ` timeout_seconds = 2` + "\n"
+ config += `}` + "\n"
+ return config
+}
+
+// End of section. //template:end testAccConfigMinimal
+
+// Section below is generated&owned by "gen/generator.go". //template:begin testAccConfigAll
+func testAccCcAuthenticationPolicyServerConfig_all() string {
+ config := `resource "catalystcenter_authentication_policy_server" "test" {` + "\n"
+ config += ` authentication_port = 1812` + "\n"
+ config += ` accounting_port = 1813` + "\n"
+ config += ` ip_address = "10.0.0.1"` + "\n"
+ config += ` pxgrid_enabled = true` + "\n"
+ config += ` use_dnac_cert_for_pxgrid = false` + "\n"
+ config += ` is_ise_enabled = false` + "\n"
+ config += ` port = 49` + "\n"
+ config += ` protocol = "RADIUS"` + "\n"
+ config += ` retries = 2` + "\n"
+ config += ` role = "secondary"` + "\n"
+ config += ` shared_secret = "Cisco123"` + "\n"
+ config += ` timeout_seconds = 2` + "\n"
+ config += `}` + "\n"
+ return config
+}
+
+// End of section. //template:end testAccConfigAll
diff --git a/templates/guides/changelog.md.tmpl b/templates/guides/changelog.md.tmpl
index 74f83c3..45a0ff8 100644
--- a/templates/guides/changelog.md.tmpl
+++ b/templates/guides/changelog.md.tmpl
@@ -9,6 +9,7 @@ description: |-
## 0.1.11 (unreleased)
+- Add `catalystcenter_authentication_policy_server` resource and data source
- Add `catalystcenter_fabric_port_assignment` resource and data source
- Add `catalystcenter_wireless_ssid` resource and data source
- Add `catalystcenter_site` data source