Add network access authentication rule update rank resource (#80)

CiscoDevNet · Oct 15, 2024 · 3a73db7 · 3a73db7
1 parent c577837
commit 3a73db7
Show file tree

Hide file tree

Showing 52 changed files with 1,300 additions and 709 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.2.3 (unreleased)
+
+- Add resource `network_access_authentication_rule_update_rank` for updating rank under network access authentication rule to bypass API limitation which restricts rank assignments to a strictly incremental sequence
+
 ## 0.2.2
 
 - Fix issue with `ise_repository` triggers in-place upgrade when no changes are made #59

diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md
@@ -7,6 +7,10 @@ description: |-
 
 # Changelog
 
+## 0.2.3 (unreleased)
+
+- Add resource `network_access_authentication_rule_update_rank` for updating rank under network access authentication rule to bypass API limitation which restricts rank assignments to a strictly incremental sequence
+
 ## 0.2.2
 
 - Fix issue with `ise_repository` triggers in-place upgrade when no changes are made #59

diff --git a/docs/resources/network_access_authentication_rule_update_rank.md b/docs/resources/network_access_authentication_rule_update_rank.md
@@ -0,0 +1,34 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_network_access_authentication_rule_update_rank Resource - terraform-provider-ise"
+subcategory: "Network Access"
+description: |-
+  This resource is used to update rank field in network access authentication rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authentication_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+---
+
+# ise_network_access_authentication_rule_update_rank (Resource)
+
+This resource is used to update rank field in network access authentication rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authentication_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+
+## Example Usage
+
+```terraform
+resource "ise_network_access_authentication_rule_update_rank" "example" {
+  auth_rule_id  = "9b3680da-0165-44f6-9cff-88e778d98020"
+  policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  rank          = 0
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `auth_rule_id` (String) Authentication rule ID
+- `policy_set_id` (String) Policy set ID
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+
+### Read-Only
+
+- `id` (String) The id of the object
diff --git a/examples/resources/ise_network_access_authentication_rule_update_rank/resource.tf b/examples/resources/ise_network_access_authentication_rule_update_rank/resource.tf
@@ -0,0 +1,5 @@
+resource "ise_network_access_authentication_rule_update_rank" "example" {
+  auth_rule_id  = "9b3680da-0165-44f6-9cff-88e778d98020"
+  policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  rank          = 0
+}
diff --git a/gen/definitions/network_access_authentication_rule.yaml b/gen/definitions/network_access_authentication_rule.yaml
@@ -1,5 +1,6 @@
 ---
 name: Network Access Authentication Rule
+# Manual update in Update function in resource file to read rank from existing object and send that in PUT request
 rest_endpoint: /api/v1/policy/network-access/policy-set/%v/authentication
 data_source_name_query: true
 id_path: response.rule.id

diff --git a/gen/definitions/network_access_authentication_rule_update_rank.yaml b/gen/definitions/network_access_authentication_rule_update_rank.yaml
@@ -0,0 +1,65 @@
+---
+name: Network Access Authentication Rule Update Rank
+# Manual update in Create function in resource file to add AuthRuleId to path
+# and populate attributes from existing resource using GET request in Create and Update functions
+res_description:
+  'This resource is used to update rank field in network access authentication rule. It serves as a workaround for the 
+  ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence.
+  By utilizing this resource and network_access_authentication_rule resource, you can bypass the APIs limitation.
+  Creation of this resource is performing PUT operation (Update) and it only tracks rank field.
+  When this resource is destroyed, no action is performed on ISE and resource is just removed from state.'
+rest_endpoint: /api/v1/policy/network-access/policy-set/%v/authentication
+put_create: true
+no_delete: true
+no_import: true
+no_data_source: true
+skip_minimum_test: true
+doc_category: Network Access
+attributes:
+  - tf_name: auth_rule_id
+    type: String
+    write_only: true
+    mandatory: true
+    id: true
+    description: Authentication rule ID
+    example: 9b3680da-0165-44f6-9cff-88e778d98020
+    test_value: ise_network_access_authentication_rule.test.id
+  - tf_name: policy_set_id
+    type: String
+    reference: true
+    description: Policy set ID
+    example: d82952cb-b901-4b09-b363-5ebf39bdbaf9
+    test_value: ise_network_access_policy_set.test.id
+  - model_name: rank
+    mandatory: true
+    data_path: [rule]
+    type: Int64
+    description: The rank (priority) in relation to other rules. Lower rank is higher priority.
+    example: 0
+test_prerequisites: |
+  resource "ise_network_access_policy_set" "test" {
+    name                      = "PolicySet1"
+    service_name              = "Default Network Access"
+    condition_type            = "ConditionAttributes"
+    condition_is_negate       = false
+    condition_attribute_name  = "Location"
+    condition_attribute_value = "All Locations"
+    condition_dictionary_name = "DEVICE"
+    condition_operator        = "equals"
+  }
+  resource "ise_network_access_authentication_rule" "test" {
+    policy_set_id             = ise_network_access_policy_set.test.id
+    name                      = "Rule1"
+    default                   = false
+    state                     = "enabled"
+    condition_type            = "ConditionAttributes"
+    condition_is_negate       = false
+    condition_attribute_name  = "Location"
+    condition_attribute_value = "All Locations"
+    condition_dictionary_name = "DEVICE"
+    condition_operator        = "equals"
+    identity_source_name      = "Internal Endpoints"
+    if_auth_fail              = "REJECT"
+    if_process_fail           = "DROP"
+    if_user_not_found         = "REJECT"
+  }
diff --git a/gen/templates/model.go b/gen/templates/model.go
diff --git a/internal/provider/model_ise_active_directory_add_groups.go b/internal/provider/model_ise_active_directory_add_groups.go
diff --git a/internal/provider/model_ise_active_directory_join_domain_with_all_nodes.go b/internal/provider/model_ise_active_directory_join_domain_with_all_nodes.go