-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add remaining update rank resources (#83)
- Loading branch information
1 parent
fa93166
commit d5a93e4
Showing
87 changed files
with
5,520 additions
and
41 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,92 @@ | ||
| --- | ||
| subcategory: "Guides" | ||
| page_title: "Authentication Rules" | ||
| description: |- | ||
| Authentication Rules | ||
| --- | ||
|
|
||
| # Authentication Rules | ||
|
|
||
| This example demonstrates how the provider can be used to configure a network access authentication rules. The full example can be found here: [https://github.com/CiscoDevNet/terraform-provider-ise/tree/main/examples/basic/authentication_rules](https://github.com/CiscoDevNet/terraform-provider-ise/tree/main/examples/basic/authentication_rules) | ||
|
|
||
| First of all we need to add the necessary provider configuration to the Terraform configuration file: | ||
|
|
||
| ```hcl | ||
| terraform { | ||
| required_providers { | ||
| ise = { | ||
| source = "CiscoDevNet/ise" | ||
| } | ||
| } | ||
| } | ||
| provider "ise" { | ||
| username = "admin" | ||
| password = "password" | ||
| url = "https://10.1.1.1" | ||
| } | ||
| ``` | ||
|
|
||
| Next we add the configuration for a network access policy set, under which we will later configure authentication rules. | ||
|
|
||
| ```hcl | ||
| resource "ise_network_access_policy_set" "policy_set_1" { | ||
| name = "PolicySet1" | ||
| description = "My first policy set" | ||
| rank = 0 | ||
| service_name = "Default Network Access" | ||
| condition_type = "ConditionAttributes" | ||
| condition_attribute_name = "Location" | ||
| condition_attribute_value = "All Locations" | ||
| condition_dictionary_name = "DEVICE" | ||
| condition_operator = "equals" | ||
| } | ||
| ``` | ||
|
|
||
| Next we add the configuration for the authentication rules. We make use of `network_access_authentication_rule` and `network_access_authentication_rule_update_rank` resources. The first resource manages all fields except for the rank, while the second resource specifically updates the rank field. This is a workaround for the ISE API/Backend limitation that enforces strictly incremental rank assignments. By using both resources, you can bypass this limitation. The network_access_authentication_rule_update_rank resource performs a PUT operation to update the rank and only tracks that field. When destroyed, it is simply removed from the state without affecting the ISE configuration. This ensures the correct sequence of resource configuration. | ||
|
|
||
| ```hcl | ||
| locals { | ||
| rules = [ | ||
| { name = "rule_0" }, | ||
| { name = "rule_1" }, | ||
| { name = "rule_2" }, | ||
| { name = "rule_3" }, | ||
| { name = "rule_4" }, | ||
| { name = "rule_5" } | ||
| ] | ||
| } | ||
| locals { | ||
| rules_with_ranks = [ | ||
| for idx, rule in local.rules : merge(rule, { | ||
| rank = idx | ||
| }) | ||
| ] | ||
| } | ||
| resource "ise_network_access_authentication_rule" "auth_rule" { | ||
| for_each = { for rule in local.rules_with_ranks : rule.name => rule } | ||
| policy_set_id = ise_network_access_policy_set.policy_set_1.id | ||
| name = each.value.name | ||
| default = false | ||
| state = "enabled" | ||
| condition_type = "ConditionAttributes" | ||
| condition_is_negate = false | ||
| condition_attribute_name = "Location" | ||
| condition_attribute_value = "All Locations" | ||
| condition_dictionary_name = "DEVICE" | ||
| condition_operator = "equals" | ||
| identity_source_name = "Internal Endpoints" | ||
| if_auth_fail = "REJECT" | ||
| if_process_fail = "DROP" | ||
| if_user_not_found = "REJECT" | ||
| } | ||
| resource "ise_network_access_authentication_rule_update_rank" "example_with_rank" { | ||
| for_each = { for rule in local.rules_with_ranks : rule.name => rule } | ||
| policy_set_id = ise_network_access_policy_set.policy_set_1.id | ||
| rule_id = ise_network_access_authentication_rule.auth_rule[each.value.name].id | ||
| rank = each.value.rank | ||
| } | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34 changes: 34 additions & 0 deletions
34
docs/resources/device_admin_authentication_rule_update_rank.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "ise_device_admin_authentication_rule_update_rank Resource - terraform-provider-ise" | ||
| subcategory: "Device Administration" | ||
| description: |- | ||
| This resource is used to update rank field in device admin authentication rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authentication_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
| --- | ||
|
|
||
| # ise_device_admin_authentication_rule_update_rank (Resource) | ||
|
|
||
| This resource is used to update rank field in device admin authentication rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authentication_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ```terraform | ||
| resource "ise_device_admin_authentication_rule_update_rank" "example" { | ||
| rule_id = "9b3680da-0165-44f6-9cff-88e778d98020" | ||
| policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9" | ||
| rank = 0 | ||
| } | ||
| ``` | ||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `policy_set_id` (String) Policy set ID | ||
| - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority. | ||
| - `rule_id` (String) Authentication rule ID | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `id` (String) The id of the object |
34 changes: 34 additions & 0 deletions
34
docs/resources/device_admin_authorization_exception_rule_update_rank.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "ise_device_admin_authorization_exception_rule_update_rank Resource - terraform-provider-ise" | ||
| subcategory: "Device Administration" | ||
| description: |- | ||
| This resource is used to update rank field in device admin Authorization exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authorization_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
| --- | ||
|
|
||
| # ise_device_admin_authorization_exception_rule_update_rank (Resource) | ||
|
|
||
| This resource is used to update rank field in device admin Authorization exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authorization_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ```terraform | ||
| resource "ise_device_admin_authorization_exception_rule_update_rank" "example" { | ||
| rule_id = "9b3680da-0165-44f6-9cff-88e778d98020" | ||
| policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9" | ||
| rank = 0 | ||
| } | ||
| ``` | ||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `policy_set_id` (String) Policy set ID | ||
| - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority. | ||
| - `rule_id` (String) Authorization exception rule ID | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `id` (String) The id of the object |
32 changes: 32 additions & 0 deletions
32
docs/resources/device_admin_authorization_global_exception_rule_update_rank.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "ise_device_admin_authorization_global_exception_rule_update_rank Resource - terraform-provider-ise" | ||
| subcategory: "Device Administration" | ||
| description: |- | ||
| This resource is used to update rank field in device admin authorization global exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authorization_global_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
| --- | ||
|
|
||
| # ise_device_admin_authorization_global_exception_rule_update_rank (Resource) | ||
|
|
||
| This resource is used to update rank field in device admin authorization global exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authorization_global_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ```terraform | ||
| resource "ise_device_admin_authorization_global_exception_rule_update_rank" "example" { | ||
| rule_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9" | ||
| rank = 0 | ||
| } | ||
| ``` | ||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority. | ||
| - `rule_id` (String) Authorization global exception rule ID | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `id` (String) The id of the object |
34 changes: 34 additions & 0 deletions
34
docs/resources/device_admin_authorization_rule_update_rank.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "ise_device_admin_authorization_rule_update_rank Resource - terraform-provider-ise" | ||
| subcategory: "Device Administration" | ||
| description: |- | ||
| This resource is used to update rank field in device admin authorization rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authorization_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
| --- | ||
|
|
||
| # ise_device_admin_authorization_rule_update_rank (Resource) | ||
|
|
||
| This resource is used to update rank field in device admin authorization rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authorization_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ```terraform | ||
| resource "ise_device_admin_authorization_rule_update_rank" "example" { | ||
| rule_id = "9b3680da-0165-44f6-9cff-88e778d98020" | ||
| policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9" | ||
| rank = 0 | ||
| } | ||
| ``` | ||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `policy_set_id` (String) Policy set ID | ||
| - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority. | ||
| - `rule_id` (String) Authorization rule ID | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `id` (String) The id of the object |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "ise_device_admin_policy_set_update_rank Resource - terraform-provider-ise" | ||
| subcategory: "Device Administration" | ||
| description: |- | ||
| This resource is used to update rank field in device admin policy set. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_policy_set resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
| --- | ||
|
|
||
| # ise_device_admin_policy_set_update_rank (Resource) | ||
|
|
||
| This resource is used to update rank field in device admin policy set. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_policy_set resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ```terraform | ||
| resource "ise_device_admin_policy_set_update_rank" "example" { | ||
| policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9" | ||
| rank = 0 | ||
| } | ||
| ``` | ||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `policy_set_id` (String) Policy set ID | ||
| - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority. | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `id` (String) The id of the object |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34 changes: 34 additions & 0 deletions
34
docs/resources/network_access_authorization_exception_rule_update_rank.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "ise_network_access_authorization_exception_rule_update_rank Resource - terraform-provider-ise" | ||
| subcategory: "Network Access" | ||
| description: |- | ||
| This resource is used to update rank field in network access authorization exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authorization_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
| --- | ||
|
|
||
| # ise_network_access_authorization_exception_rule_update_rank (Resource) | ||
|
|
||
| This resource is used to update rank field in network access authorization exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authorization_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ```terraform | ||
| resource "ise_network_access_authorization_exception_rule_update_rank" "example" { | ||
| rule_id = "9b3680da-0165-44f6-9cff-88e778d98020" | ||
| policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9" | ||
| rank = 0 | ||
| } | ||
| ``` | ||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `policy_set_id` (String) Policy set ID | ||
| - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority. | ||
| - `rule_id` (String) Authorization exception rule ID | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `id` (String) The id of the object |
32 changes: 32 additions & 0 deletions
32
docs/resources/network_access_authorization_global_exception_rule_update_rank.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "ise_network_access_authorization_global_exception_rule_update_rank Resource - terraform-provider-ise" | ||
| subcategory: "Network Access" | ||
| description: |- | ||
| This resource is used to update rank field in network access authorization global exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authorization_global_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
| --- | ||
|
|
||
| # ise_network_access_authorization_global_exception_rule_update_rank (Resource) | ||
|
|
||
| This resource is used to update rank field in network access authorization global exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authorization_global_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ```terraform | ||
| resource "ise_network_access_authorization_global_exception_rule_update_rank" "example" { | ||
| rule_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9" | ||
| rank = 0 | ||
| } | ||
| ``` | ||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority. | ||
| - `rule_id` (String) Authorization global exception rule ID | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `id` (String) The id of the object |
34 changes: 34 additions & 0 deletions
34
docs/resources/network_access_authorization_rule_update_rank.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| --- | ||
| # generated by https://github.com/hashicorp/terraform-plugin-docs | ||
| page_title: "ise_network_access_authorization_rule_update_rank Resource - terraform-provider-ise" | ||
| subcategory: "Network Access" | ||
| description: |- | ||
| This resource is used to update rank field in network access authorization rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authorization_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
| --- | ||
|
|
||
| # ise_network_access_authorization_rule_update_rank (Resource) | ||
|
|
||
| This resource is used to update rank field in network access authorization rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authorization_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state. | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ```terraform | ||
| resource "ise_network_access_authorization_rule_update_rank" "example" { | ||
| rule_id = "9b3680da-0165-44f6-9cff-88e778d98020" | ||
| policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9" | ||
| rank = 0 | ||
| } | ||
| ``` | ||
|
|
||
| <!-- schema generated by tfplugindocs --> | ||
| ## Schema | ||
|
|
||
| ### Required | ||
|
|
||
| - `policy_set_id` (String) Policy set ID | ||
| - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority. | ||
| - `rule_id` (String) Authorization rule ID | ||
|
|
||
| ### Read-Only | ||
|
|
||
| - `id` (String) The id of the object |
Oops, something went wrong.