Add network access authorization exception rule resource

CHANGELOG.md

@@ -10,6 +10,8 @@
 - Add `ise_device_admin_authorization_rule` resource and data source
 - Add `ise_device_admin_authorization_exception_rule` resource and data source
 - Add `ise_device_admin_authorization_global_exception_rule` resource and data source
+- BREAKING CHANGE: Rename `profile` attribute to `profiles` of `ise_network_access_authorization_rule` resource and data source
+- Add `ise_network_access_authorization_exception_rule` resource and data source
 
 ## 0.1.5
 

docs/data-sources/network_access_authorization_exception_rule.md

@@ -0,0 +1,78 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_network_access_authorization_exception_rule Data Source - terraform-provider-ise"
+subcategory: "Policy"
+description: |-
+  This data source can read the Network Access Authorization Exception Rule.
+---
+
+# ise_network_access_authorization_exception_rule (Data Source)
+
+This data source can read the Network Access Authorization Exception Rule.
+
+## Example Usage
+
+```terraform
+data "ise_network_access_authorization_exception_rule" "example" {
+  id            = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+  policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `policy_set_id` (String) Policy set ID
+
+### Optional
+
+- `id` (String) The id of the object
+- `name` (String) Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
+
+### Read-Only
+
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `default` (Boolean) Indicates if this rule is the default one
+- `profiles` (List of String) The authorization profile(s)
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `security_group` (String) Security group used in authorization policies
+- `state` (String) The state that the rule is in. A disabled rule cannot be matched.
+
+<a id="nestedatt--children"></a>
+### Nested Schema for `children`
+
+Read-Only:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children--children))
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+
+<a id="nestedatt--children--children"></a>
+### Nested Schema for `children.children`
+
+Read-Only:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator

docs/data-sources/network_access_authorization_rule.md

@@ -43,7 +43,7 @@ data "ise_network_access_authorization_rule" "example" {
 - `condition_operator` (String) Equality operator
 - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
 - `default` (Boolean) Indicates if this rule is the default one
-- `profile` (List of String) The authorization profile(s)
+- `profiles` (List of String) The authorization profile(s)
 - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
 - `security_group` (String) Security group used in authorization policies
 - `state` (String) The state that the rule is in. A disabled rule cannot be matched.

docs/guides/changelog.md

@@ -19,6 +19,8 @@ description: |-
 - Add `ise_device_admin_authorization_rule` resource and data source
 - Add `ise_device_admin_authorization_exception_rule` resource and data source
 - Add `ise_device_admin_authorization_global_exception_rule` resource and data source
+- BREAKING CHANGE: Rename `profile` attribute to `profiles` of `ise_network_access_authorization_rule` resource and data source
+- Add `ise_network_access_authorization_exception_rule` resource and data source
 
 ## 0.1.5
 

docs/resources/network_access_authorization_exception_rule.md

@@ -0,0 +1,110 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_network_access_authorization_exception_rule Resource - terraform-provider-ise"
+subcategory: "Policy"
+description: |-
+  This resource can manage a Network Access Authorization Exception Rule.
+---
+
+# ise_network_access_authorization_exception_rule (Resource)
+
+This resource can manage a Network Access Authorization Exception Rule.
+
+## Example Usage
+
+```terraform
+resource "ise_network_access_authorization_exception_rule" "example" {
+  policy_set_id             = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  name                      = "Rule1"
+  default                   = false
+  rank                      = 0
+  state                     = "enabled"
+  condition_type            = "ConditionAttributes"
+  condition_is_negate       = false
+  condition_attribute_name  = "Location"
+  condition_attribute_value = "All Locations"
+  condition_dictionary_name = "DEVICE"
+  condition_operator        = "equals"
+  profiles                  = ["PermitAccess"]
+  security_group            = "BYOD"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
+- `policy_set_id` (String) Policy set ID
+
+### Optional
+
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+  - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+- `default` (Boolean) Indicates if this rule is the default one
+- `profiles` (List of String) The authorization profile(s)
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `security_group` (String) Security group used in authorization policies
+- `state` (String) The state that the rule is in. A disabled rule cannot be matched.
+  - Choices: `disabled`, `enabled`, `monitor`
+
+### Read-Only
+
+- `id` (String) The id of the object
+
+<a id="nestedatt--children"></a>
+### Nested Schema for `children`
+
+Required:
+
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+
+Optional:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children--children))
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+  - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+
+<a id="nestedatt--children--children"></a>
+### Nested Schema for `children.children`
+
+Required:
+
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+
+Optional:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+  - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import ise_network_access_authorization_exception_rule.example "76d24097-41c4-4558-a4d0-a8c07ac08470"
+```

docs/resources/network_access_authorization_rule.md

@@ -25,7 +25,7 @@ resource "ise_network_access_authorization_rule" "example" {
   condition_attribute_value = "All Locations"
   condition_dictionary_name = "DEVICE"
   condition_operator        = "equals"
-  profile                   = ["PermitAccess"]
+  profiles                  = ["PermitAccess"]
   security_group            = "BYOD"
 }
 ```
@@ -52,7 +52,7 @@ resource "ise_network_access_authorization_rule" "example" {
 - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
   - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
 - `default` (Boolean) Indicates if this rule is the default one
-- `profile` (List of String) The authorization profile(s)
+- `profiles` (List of String) The authorization profile(s)
 - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
 - `security_group` (String) Security group used in authorization policies
 - `state` (String) The state that the rule is in. A disabled rule cannot be matched.

examples/data-sources/ise_network_access_authorization_exception_rule/data-source.tf

@@ -0,0 +1,4 @@
+data "ise_network_access_authorization_exception_rule" "example" {
+  id            = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+  policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+}

examples/resources/ise_network_access_authorization_exception_rule/import.sh

@@ -0,0 +1 @@
+terraform import ise_network_access_authorization_exception_rule.example "76d24097-41c4-4558-a4d0-a8c07ac08470"

examples/resources/ise_network_access_authorization_exception_rule/resource.tf

@@ -0,0 +1,15 @@
+resource "ise_network_access_authorization_exception_rule" "example" {
+  policy_set_id             = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  name                      = "Rule1"
+  default                   = false
+  rank                      = 0
+  state                     = "enabled"
+  condition_type            = "ConditionAttributes"
+  condition_is_negate       = false
+  condition_attribute_name  = "Location"
+  condition_attribute_value = "All Locations"
+  condition_dictionary_name = "DEVICE"
+  condition_operator        = "equals"
+  profiles                  = ["PermitAccess"]
+  security_group            = "BYOD"
+}

examples/resources/ise_network_access_authorization_rule/resource.tf

@@ -10,6 +10,6 @@ resource "ise_network_access_authorization_rule" "example" {
   condition_attribute_value = "All Locations"
   condition_dictionary_name = "DEVICE"
   condition_operator        = "equals"
-  profile                   = ["PermitAccess"]
+  profiles                  = ["PermitAccess"]
   security_group            = "BYOD"
 }