Add sxp domain filter resource and remove default attributes from res…

…ources (#92)

.gitignore

@@ -33,3 +33,5 @@ website/vendor
 
 # Keep windows files with windows line endings
 *.winfile eol=crlf
+
+.envrc

CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.2.5 (unreleased)
+
+- Remove default_value from `systemDefined` attribute in `ise_endpoint_identity_group`
+- Remove `default` from `ise_device_admin_authorization_global_exception_rule` and `ise_network_access_authorization_global_exception_rule`
+- Remove default_value from `isReadOnly` and `readOnly` attributes in `ise_trustsec_security_group` and `ise_trustsec_security_group_acl`
+- Add `ise_sxp_domain_filter` resource and data_source
+
 ## 0.2.4
 
 - Fix managing `Default` network access and device administration resources

docs/data-sources/device_admin_authorization_global_exception_rule.md

@@ -38,7 +38,6 @@ data "ise_device_admin_authorization_global_exception_rule" "example" {
 - `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
 - `condition_operator` (String) Equality operator
 - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
-- `default` (Boolean) Indicates if this rule is the default one
 - `profile` (String) Device admin profiles control the initial login session of the device administrator
 - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
 - `state` (String) The state that the rule is in. A disabled rule cannot be matched.

docs/data-sources/network_access_authorization_global_exception_rule.md

@@ -37,7 +37,6 @@ data "ise_network_access_authorization_global_exception_rule" "example" {
 - `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
 - `condition_operator` (String) Equality operator
 - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
-- `default` (Boolean) Indicates if this rule is the default one
 - `profiles` (Set of String) The authorization profile(s)
 - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
 - `security_group` (String) Security group used in authorization policies

docs/data-sources/sxp_domain_filter.md

@@ -0,0 +1,35 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_sxp_domain_filter Data Source - terraform-provider-ise"
+subcategory: "TrustSec"
+description: |-
+  This data source can read the SXP Domain Filter.
+---
+
+# ise_sxp_domain_filter (Data Source)
+
+This data source can read the SXP Domain Filter.
+
+## Example Usage
+
+```terraform
+data "ise_sxp_domain_filter" "example" {
+  id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `id` (String) The id of the object
+- `name` (String) Resource name
+
+### Read-Only
+
+- `description` (String) Description
+- `domains` (String) List of SXP Domains, separated with comma
+- `sgt` (String) SGT name or ID. At least one of subnet or sgt or vn should be defined
+- `subnet` (String) Subnet for filter policy (hostname is not supported). At least one of subnet or sgt or vn should be defined
+- `vn` (String) Virtual Network. At least one of subnet or sgt or vn should be defined

docs/guides/changelog.md

@@ -7,6 +7,13 @@ description: |-
 
 # Changelog
 
+## 0.2.5 (unreleased)
+
+- Remove default_value from `systemDefined` attribute in `ise_endpoint_identity_group`
+- Remove `default` from `ise_device_admin_authorization_global_exception_rule` and `ise_network_access_authorization_global_exception_rule`
+- Remove default_value from `isReadOnly` and `readOnly` attributes in `ise_trustsec_security_group` and `ise_trustsec_security_group_acl`
+- Add `ise_sxp_domain_filter` resource and data_source
+
 ## 0.2.4
 
 - Fix managing `Default` network access and device administration resources

docs/resources/device_admin_authorization_global_exception_rule.md

@@ -15,7 +15,6 @@ This resource can manage a Device Admin Authorization Global Exception Rule.
 ```terraform
 resource "ise_device_admin_authorization_global_exception_rule" "example" {
   name                      = "Rule1"
-  default                   = false
   rank                      = 0
   state                     = "enabled"
   condition_type            = "ConditionAttributes"
@@ -50,7 +49,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "example" {
   - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
 - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
   - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
-- `default` (Boolean) Indicates if this rule is the default one
 - `profile` (String) Device admin profiles control the initial login session of the device administrator
 - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
 - `state` (String) The state that the rule is in. A disabled rule cannot be matched.

docs/resources/endpoint_identity_group.md

@@ -32,7 +32,6 @@ resource "ise_endpoint_identity_group" "example" {
 - `description` (String) Description
 - `parent_endpoint_identity_group_id` (String) Parent endpoint identity group ID
 - `system_defined` (Boolean) System defined endpoint identity group
-  - Default value: `false`
 
 ### Read-Only
 

docs/resources/network_access_authorization_global_exception_rule.md

@@ -15,7 +15,6 @@ This resource can manage a Network Access Authorization Global Exception Rule.
 ```terraform
 resource "ise_network_access_authorization_global_exception_rule" "example" {
   name                      = "Rule1"
-  default                   = false
   rank                      = 0
   state                     = "enabled"
   condition_type            = "ConditionAttributes"
@@ -49,7 +48,6 @@ resource "ise_network_access_authorization_global_exception_rule" "example" {
   - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
 - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
   - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
-- `default` (Boolean) Indicates if this rule is the default one
 - `profiles` (Set of String) The authorization profile(s)
 - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
 - `security_group` (String) Security group used in authorization policies

docs/resources/sxp_domain_filter.md

@@ -0,0 +1,48 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_sxp_domain_filter Resource - terraform-provider-ise"
+subcategory: "TrustSec"
+description: |-
+  This resource can manage a SXP Domain Filter.
+---
+
+# ise_sxp_domain_filter (Resource)
+
+This resource can manage a SXP Domain Filter.
+
+## Example Usage
+
+```terraform
+resource "ise_sxp_domain_filter" "example" {
+  subnet  = "1.0.0.0/24"
+  vn      = "VN1"
+  domains = "default"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `domains` (String) List of SXP Domains, separated with comma
+
+### Optional
+
+- `description` (String) Description
+- `name` (String) Resource name
+- `sgt` (String) SGT name or ID. At least one of subnet or sgt or vn should be defined
+- `subnet` (String) Subnet for filter policy (hostname is not supported). At least one of subnet or sgt or vn should be defined
+- `vn` (String) Virtual Network. At least one of subnet or sgt or vn should be defined
+
+### Read-Only
+
+- `id` (String) The id of the object
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import ise_sxp_domain_filter.example "76d24097-41c4-4558-a4d0-a8c07ac08470"
+```

docs/resources/trustsec_security_group.md

@@ -35,7 +35,6 @@ resource "ise_trustsec_security_group" "example" {
 
 - `description` (String) Description
 - `is_read_only` (Boolean) Read-only
-  - Default value: `false`
 - `propogate_to_apic` (Boolean) Propagate to APIC (ACI)
 
 ### Read-Only

docs/resources/trustsec_security_group_acl.md

@@ -37,7 +37,6 @@ resource "ise_trustsec_security_group_acl" "example" {
   - Choices: `IPV4`, `IPV6`, `IP_AGNOSTIC`
   - Default value: `IP_AGNOSTIC`
 - `read_only` (Boolean) Read-only
-  - Default value: `false`
 
 ### Read-Only
 

examples/data-sources/ise_sxp_domain_filter/data-source.tf

@@ -0,0 +1,3 @@
+data "ise_sxp_domain_filter" "example" {
+  id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}

examples/resources/ise_device_admin_authorization_global_exception_rule/resource.tf

@@ -1,6 +1,5 @@
 resource "ise_device_admin_authorization_global_exception_rule" "example" {
   name                      = "Rule1"
-  default                   = false
   rank                      = 0
   state                     = "enabled"
   condition_type            = "ConditionAttributes"

examples/resources/ise_network_access_authorization_global_exception_rule/resource.tf

@@ -1,6 +1,5 @@
 resource "ise_network_access_authorization_global_exception_rule" "example" {
   name                      = "Rule1"
-  default                   = false
   rank                      = 0
   state                     = "enabled"
   condition_type            = "ConditionAttributes"

examples/resources/ise_sxp_domain_filter/import.sh

@@ -0,0 +1 @@
+terraform import ise_sxp_domain_filter.example "76d24097-41c4-4558-a4d0-a8c07ac08470"

examples/resources/ise_sxp_domain_filter/resource.tf

@@ -0,0 +1,5 @@
+resource "ise_sxp_domain_filter" "example" {
+  subnet  = "1.0.0.0/24"
+  vn      = "VN1"
+  domains = "default"
+}

gen/definitions/device_admin_authorization_global_exception_rule.yaml

@@ -11,11 +11,6 @@ attributes:
     mandatory: true
     description: Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
     example: Rule1
-  - model_name: default
-    data_path: [rule]
-    type: Bool
-    description: Indicates if this rule is the default one
-    example: false
   - model_name: rank
     data_path: [rule]
     type: Int64

gen/definitions/device_admin_authorization_global_exception_rule_update_rank.yaml

@@ -31,7 +31,6 @@ attributes:
 test_prerequisites: |
   resource "ise_device_admin_authorization_global_exception_rule" "test" {
     name                      = "Rule1"
-    default                   = false
     rank                      = 0
     state                     = "enabled"
     condition_type            = "ConditionAttributes"

gen/definitions/endpoint_identity_group.yaml

@@ -18,7 +18,7 @@ attributes:
   - model_name: systemDefined
     data_path: [EndPointGroup]
     type: Bool
-    default_value: false
+    #default_value: false
     description: System defined endpoint identity group
     example: false
   - model_name: parentId

gen/definitions/network_access_authorization_global_exception_rule.yaml

@@ -11,11 +11,6 @@ attributes:
     mandatory: true
     description: Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
     example: Rule1
-  - model_name: default
-    data_path: [rule]
-    type: Bool
-    description: Indicates if this rule is the default one
-    example: false
   - model_name: rank
     data_path: [rule]
     type: Int64

gen/definitions/network_access_authorization_global_exception_rule_update_rank.yaml

@@ -31,7 +31,6 @@ attributes:
 test_prerequisites: |
   resource "ise_network_access_authorization_global_exception_rule" "test" {
     name                      = "Rule1"
-    default                   = false
     state                     = "enabled"
     condition_type            = "ConditionAttributes"
     condition_is_negate       = false

gen/definitions/sxp_domain_filter.yaml

@@ -0,0 +1,40 @@
+---
+name: SXP Domain Filter
+rest_endpoint: /ers/config/filterpolicy
+data_source_name_query: true
+skip_minimum_test: true
+doc_category: TrustSec
+attributes:
+  - model_name: name
+    data_path: [ERSFilterPolicy]
+    type: String
+    description: Resource name
+    exclude_test: true
+  - model_name: description
+    data_path: [ERSFilterPolicy]
+    type: String
+    description: Description
+    exclude_test: true
+  - model_name: subnet
+    data_path: [ERSFilterPolicy]
+    type: String
+    description: Subnet for filter policy (hostname is not supported). At least one of subnet or sgt or vn should be defined
+    example: 1.0.0.0/24
+  - model_name: sgt
+    data_path: [ERSFilterPolicy]
+    type: String
+    description: SGT name or ID. At least one of subnet or sgt or vn should be defined
+    write_only: true
+    exclude_test: true
+  - model_name: vn
+    data_path: [ERSFilterPolicy]
+    type: String
+    description: Virtual Network. At least one of subnet or sgt or vn should be defined
+    example: VN1
+    minimum_test_value: VN1
+  - model_name: domains
+    data_path: [ERSFilterPolicy]
+    type: String
+    mandatory: true
+    description: List of SXP Domains, separated with comma
+    example: default

gen/definitions/trustsec_security_group.yaml

@@ -33,7 +33,6 @@ attributes:
     write_only: true
     type: Bool
     description: Read-only
-    default_value: false
     example: false
   # - model_name: defaultSGACLs
   #   data_path: [Sgt]

gen/definitions/trustsec_security_group_acl.yaml

@@ -34,5 +34,4 @@ attributes:
     write_only: true
     type: Bool
     description: Read-only
-    default_value: false
     example: false