diff --git a/CHANGELOG.md b/CHANGELOG.md
index a2c7da7..403c1cc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@
- Add `ise_device_admin_authorization_global_exception_rule` resource and data source
- BREAKING CHANGE: Rename `profile` attribute to `profiles` of `ise_network_access_authorization_rule` resource and data source
- Add `ise_network_access_authorization_exception_rule` resource and data source
+- Add `ise_network_access_authorization_global_exception_rule` resource and data source
## 0.1.5
diff --git a/docs/data-sources/network_access_authorization_global_exception_rule.md b/docs/data-sources/network_access_authorization_global_exception_rule.md
new file mode 100644
index 0000000..2aabe5c
--- /dev/null
+++ b/docs/data-sources/network_access_authorization_global_exception_rule.md
@@ -0,0 +1,73 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_network_access_authorization_global_exception_rule Data Source - terraform-provider-ise"
+subcategory: "Policy"
+description: |-
+ This data source can read the Network Access Authorization Global Exception Rule.
+---
+
+# ise_network_access_authorization_global_exception_rule (Data Source)
+
+This data source can read the Network Access Authorization Global Exception Rule.
+
+## Example Usage
+
+```terraform
+data "ise_network_access_authorization_global_exception_rule" "example" {
+ id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}
+```
+
+
+## Schema
+
+### Optional
+
+- `id` (String) The id of the object
+- `name` (String) Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
+
+### Read-Only
+
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `default` (Boolean) Indicates if this rule is the default one
+- `profiles` (List of String) The authorization profile(s)
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `security_group` (String) Security group used in authorization policies
+- `state` (String) The state that the rule is in. A disabled rule cannot be matched.
+
+
+### Nested Schema for `children`
+
+Read-Only:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children--children))
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+
+
+### Nested Schema for `children.children`
+
+Read-Only:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md
index e12d48a..4ce4493 100644
--- a/docs/guides/changelog.md
+++ b/docs/guides/changelog.md
@@ -21,6 +21,7 @@ description: |-
- Add `ise_device_admin_authorization_global_exception_rule` resource and data source
- BREAKING CHANGE: Rename `profile` attribute to `profiles` of `ise_network_access_authorization_rule` resource and data source
- Add `ise_network_access_authorization_exception_rule` resource and data source
+- Add `ise_network_access_authorization_global_exception_rule` resource and data source
## 0.1.5
diff --git a/docs/resources/network_access_authorization_global_exception_rule.md b/docs/resources/network_access_authorization_global_exception_rule.md
new file mode 100644
index 0000000..6d4ad57
--- /dev/null
+++ b/docs/resources/network_access_authorization_global_exception_rule.md
@@ -0,0 +1,108 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_network_access_authorization_global_exception_rule Resource - terraform-provider-ise"
+subcategory: "Policy"
+description: |-
+ This resource can manage a Network Access Authorization Global Exception Rule.
+---
+
+# ise_network_access_authorization_global_exception_rule (Resource)
+
+This resource can manage a Network Access Authorization Global Exception Rule.
+
+## Example Usage
+
+```terraform
+resource "ise_network_access_authorization_global_exception_rule" "example" {
+ name = "Rule1"
+ default = false
+ rank = 0
+ state = "enabled"
+ condition_type = "ConditionAttributes"
+ condition_is_negate = false
+ condition_attribute_name = "Location"
+ condition_attribute_value = "All Locations"
+ condition_dictionary_name = "DEVICE"
+ condition_operator = "equals"
+ profiles = ["PermitAccess"]
+ security_group = "BYOD"
+}
+```
+
+
+## Schema
+
+### Required
+
+- `name` (String) Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
+
+### Optional
+
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+ - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+ - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+- `default` (Boolean) Indicates if this rule is the default one
+- `profiles` (List of String) The authorization profile(s)
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `security_group` (String) Security group used in authorization policies
+- `state` (String) The state that the rule is in. A disabled rule cannot be matched.
+ - Choices: `disabled`, `enabled`, `monitor`
+
+### Read-Only
+
+- `id` (String) The id of the object
+
+
+### Nested Schema for `children`
+
+Required:
+
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+ - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+
+Optional:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children--children))
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+ - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+
+
+### Nested Schema for `children.children`
+
+Required:
+
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+ - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+
+Optional:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+ - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import ise_network_access_authorization_global_exception_rule.example "76d24097-41c4-4558-a4d0-a8c07ac08470"
+```
diff --git a/examples/data-sources/ise_network_access_authorization_global_exception_rule/data-source.tf b/examples/data-sources/ise_network_access_authorization_global_exception_rule/data-source.tf
new file mode 100644
index 0000000..8f1fc3b
--- /dev/null
+++ b/examples/data-sources/ise_network_access_authorization_global_exception_rule/data-source.tf
@@ -0,0 +1,3 @@
+data "ise_network_access_authorization_global_exception_rule" "example" {
+ id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}
diff --git a/examples/resources/ise_network_access_authorization_global_exception_rule/import.sh b/examples/resources/ise_network_access_authorization_global_exception_rule/import.sh
new file mode 100644
index 0000000..5cead4f
--- /dev/null
+++ b/examples/resources/ise_network_access_authorization_global_exception_rule/import.sh
@@ -0,0 +1 @@
+terraform import ise_network_access_authorization_global_exception_rule.example "76d24097-41c4-4558-a4d0-a8c07ac08470"
diff --git a/examples/resources/ise_network_access_authorization_global_exception_rule/resource.tf b/examples/resources/ise_network_access_authorization_global_exception_rule/resource.tf
new file mode 100644
index 0000000..75cbe54
--- /dev/null
+++ b/examples/resources/ise_network_access_authorization_global_exception_rule/resource.tf
@@ -0,0 +1,14 @@
+resource "ise_network_access_authorization_global_exception_rule" "example" {
+ name = "Rule1"
+ default = false
+ rank = 0
+ state = "enabled"
+ condition_type = "ConditionAttributes"
+ condition_is_negate = false
+ condition_attribute_name = "Location"
+ condition_attribute_value = "All Locations"
+ condition_dictionary_name = "DEVICE"
+ condition_operator = "equals"
+ profiles = ["PermitAccess"]
+ security_group = "BYOD"
+}
diff --git a/gen/definitions/network_access_authorization_global_exception_rule.yaml b/gen/definitions/network_access_authorization_global_exception_rule.yaml
new file mode 100644
index 0000000..f709297
--- /dev/null
+++ b/gen/definitions/network_access_authorization_global_exception_rule.yaml
@@ -0,0 +1,263 @@
+---
+name: Network Access Authorization Global Exception Rule
+rest_endpoint: /api/v1/policy/network-access/policy-set/global-exception
+data_source_name_query: true
+id_path: response.rule.id
+doc_category: Policy
+attributes:
+ - model_name: name
+ data_path: [rule]
+ type: String
+ mandatory: true
+ description: Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
+ example: Rule1
+ - model_name: default
+ data_path: [rule]
+ type: Bool
+ description: Indicates if this rule is the default one
+ example: false
+ - model_name: rank
+ data_path: [rule]
+ type: Int64
+ description: The rank (priority) in relation to other rules. Lower rank is higher priority.
+ example: 0
+ - model_name: state
+ data_path: [rule]
+ type: String
+ enum_values: [disabled, enabled, monitor]
+ description: The state that the rule is in. A disabled rule cannot be matched.
+ example: enabled
+ - model_name: conditionType
+ data_path: [rule, condition]
+ type: String
+ enum_values:
+ [
+ ConditionAndBlock,
+ ConditionAttributes,
+ ConditionOrBlock,
+ ConditionReference,
+ ]
+ description: Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+ example: ConditionAttributes
+ minimum_test_value: '"ConditionReference"'
+ - model_name: id
+ data_path: [rule, condition]
+ tf_name: condition_id
+ type: String
+ description: UUID for condition
+ example: 12345678-f0e7-456b-a2d1-876543320123
+ exclude_test: true
+ minimum_test_value: ise_network_access_condition.test.id
+ - model_name: isNegate
+ data_path: [rule, condition]
+ tf_name: condition_is_negate
+ type: Bool
+ description: Indicates whereas this condition is in negate mode
+ example: false
+ - model_name: attributeName
+ data_path: [rule, condition]
+ tf_name: condition_attribute_name
+ type: String
+ description: Dictionary attribute name
+ example: Location
+ - model_name: attributeValue
+ data_path: [rule, condition]
+ tf_name: condition_attribute_value
+ type: String
+ description: Attribute value for condition. Value type is specified in dictionary object.
+ example: All Locations
+ - model_name: dictionaryName
+ data_path: [rule, condition]
+ tf_name: condition_dictionary_name
+ type: String
+ description: Dictionary name
+ example: DEVICE
+ - model_name: dictionaryValue
+ data_path: [rule, condition]
+ tf_name: condition_dictionary_value
+ type: String
+ description: Dictionary value
+ example: abc
+ exclude_test: true
+ - model_name: operator
+ data_path: [rule, condition]
+ tf_name: condition_operator
+ type: String
+ enum_values:
+ [
+ contains,
+ endsWith,
+ equals,
+ greaterOrEquals,
+ greaterThan,
+ in,
+ ipEquals,
+ ipGreaterThan,
+ ipLessThan,
+ ipNotEquals,
+ lessOrEquals,
+ lessThan,
+ matches,
+ notContains,
+ notEndsWith,
+ notEquals,
+ notIn,
+ notStartsWith,
+ startsWith,
+ ]
+ description: Equality operator
+ example: equals
+ - model_name: children
+ type: List
+ description: List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`.
+ exclude_test: true
+ data_path: [rule, condition]
+ attributes:
+ - model_name: conditionType
+ mandatory: true
+ type: String
+ enum_values:
+ [
+ ConditionAndBlock,
+ ConditionAttributes,
+ ConditionOrBlock,
+ ConditionReference,
+ ]
+ description: Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+ example: ConditionAttributes
+ - model_name: id
+ type: String
+ description: UUID for condition
+ example: 12345678-f0e7-456b-a2d1-876543320123
+ - model_name: isNegate
+ type: Bool
+ description: Indicates whereas this condition is in negate mode
+ example: false
+ - model_name: attributeName
+ type: String
+ description: Dictionary attribute name
+ example: Location
+ - model_name: attributeValue
+ type: String
+ description: Attribute value for condition. Value type is specified in dictionary object.
+ example: All Locations
+ - model_name: dictionaryName
+ type: String
+ description: Dictionary name
+ example: DEVICE
+ - model_name: dictionaryValue
+ type: String
+ description: Dictionary value
+ example: abc
+ - model_name: operator
+ type: String
+ enum_values:
+ [
+ contains,
+ endsWith,
+ equals,
+ greaterOrEquals,
+ greaterThan,
+ in,
+ ipEquals,
+ ipGreaterThan,
+ ipLessThan,
+ ipNotEquals,
+ lessOrEquals,
+ lessThan,
+ matches,
+ notContains,
+ notEndsWith,
+ notEquals,
+ notIn,
+ notStartsWith,
+ startsWith,
+ ]
+ description: Equality operator
+ example: equals
+ - model_name: children
+ type: List
+ description: List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`.
+ attributes:
+ - model_name: conditionType
+ mandatory: true
+ type: String
+ enum_values:
+ [
+ ConditionAndBlock,
+ ConditionAttributes,
+ ConditionOrBlock,
+ ConditionReference,
+ ]
+ description: Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+ example: ConditionAttributes
+ - model_name: id
+ type: String
+ description: UUID for condition
+ example: 12345678-f0e7-456b-a2d1-876543320123
+ - model_name: isNegate
+ type: Bool
+ description: Indicates whereas this condition is in negate mode
+ example: false
+ - model_name: attributeName
+ type: String
+ description: Dictionary attribute name
+ example: Location
+ - model_name: attributeValue
+ type: String
+ description: Attribute value for condition. Value type is specified in dictionary object.
+ example: All Locations
+ - model_name: dictionaryName
+ type: String
+ description: Dictionary name
+ example: DEVICE
+ - model_name: dictionaryValue
+ type: String
+ description: Dictionary value
+ example: abc
+ - model_name: operator
+ type: String
+ enum_values:
+ [
+ contains,
+ endsWith,
+ equals,
+ greaterOrEquals,
+ greaterThan,
+ in,
+ ipEquals,
+ ipGreaterThan,
+ ipLessThan,
+ ipNotEquals,
+ lessOrEquals,
+ lessThan,
+ matches,
+ notContains,
+ notEndsWith,
+ notEquals,
+ notIn,
+ notStartsWith,
+ startsWith,
+ ]
+ description: Equality operator
+ example: equals
+ - model_name: profile
+ tf_name: profiles
+ type: StringList
+ description: The authorization profile(s)
+ example: PermitAccess
+ minimum_test_value: '["PermitAccess"]'
+ - model_name: securityGroup
+ type: String
+ description: Security group used in authorization policies
+ example: BYOD
+
+test_prerequisites: |
+ resource "ise_network_access_condition" "test" {
+ name = "Cond1"
+ condition_type = "LibraryConditionAttributes"
+ attribute_name = "NAS-Port-Type"
+ attribute_value = "Wireless - IEEE 802.11"
+ dictionary_name = "Radius"
+ operator = "equals"
+ }
diff --git a/internal/provider/data_source_ise_network_access_authorization_global_exception_rule.go b/internal/provider/data_source_ise_network_access_authorization_global_exception_rule.go
new file mode 100644
index 0000000..3090b3e
--- /dev/null
+++ b/internal/provider/data_source_ise_network_access_authorization_global_exception_rule.go
@@ -0,0 +1,284 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by "gen/generator.go"; DO NOT EDIT.
+
+package provider
+
+//template:begin imports
+import (
+ "context"
+ "fmt"
+
+ "github.com/hashicorp/terraform-plugin-framework-validators/datasourcevalidator"
+ "github.com/hashicorp/terraform-plugin-framework/datasource"
+ "github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+ "github.com/hashicorp/terraform-plugin-framework/path"
+ "github.com/hashicorp/terraform-plugin-framework/types"
+ "github.com/hashicorp/terraform-plugin-log/tflog"
+ "github.com/netascode/go-ise"
+ "github.com/tidwall/gjson"
+)
+
+//template:end imports
+
+//template:begin model
+
+// Ensure the implementation satisfies the expected interfaces.
+var (
+ _ datasource.DataSource = &NetworkAccessAuthorizationGlobalExceptionRuleDataSource{}
+ _ datasource.DataSourceWithConfigure = &NetworkAccessAuthorizationGlobalExceptionRuleDataSource{}
+)
+
+func NewNetworkAccessAuthorizationGlobalExceptionRuleDataSource() datasource.DataSource {
+ return &NetworkAccessAuthorizationGlobalExceptionRuleDataSource{}
+}
+
+type NetworkAccessAuthorizationGlobalExceptionRuleDataSource struct {
+ client *ise.Client
+}
+
+func (d *NetworkAccessAuthorizationGlobalExceptionRuleDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+ resp.TypeName = req.ProviderTypeName + "_network_access_authorization_global_exception_rule"
+}
+
+func (d *NetworkAccessAuthorizationGlobalExceptionRuleDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+ resp.Schema = schema.Schema{
+ // This description is used by the documentation generator and the language server.
+ MarkdownDescription: "This data source can read the Network Access Authorization Global Exception Rule.",
+
+ Attributes: map[string]schema.Attribute{
+ "id": schema.StringAttribute{
+ MarkdownDescription: "The id of the object",
+ Optional: true,
+ Computed: true,
+ },
+ "name": schema.StringAttribute{
+ MarkdownDescription: "Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]",
+ Optional: true,
+ Computed: true,
+ },
+ "default": schema.BoolAttribute{
+ MarkdownDescription: "Indicates if this rule is the default one",
+ Computed: true,
+ },
+ "rank": schema.Int64Attribute{
+ MarkdownDescription: "The rank (priority) in relation to other rules. Lower rank is higher priority.",
+ Computed: true,
+ },
+ "state": schema.StringAttribute{
+ MarkdownDescription: "The state that the rule is in. A disabled rule cannot be matched.",
+ Computed: true,
+ },
+ "condition_type": schema.StringAttribute{
+ MarkdownDescription: "Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.",
+ Computed: true,
+ },
+ "condition_id": schema.StringAttribute{
+ MarkdownDescription: "UUID for condition",
+ Computed: true,
+ },
+ "condition_is_negate": schema.BoolAttribute{
+ MarkdownDescription: "Indicates whereas this condition is in negate mode",
+ Computed: true,
+ },
+ "condition_attribute_name": schema.StringAttribute{
+ MarkdownDescription: "Dictionary attribute name",
+ Computed: true,
+ },
+ "condition_attribute_value": schema.StringAttribute{
+ MarkdownDescription: "Attribute value for condition. Value type is specified in dictionary object.",
+ Computed: true,
+ },
+ "condition_dictionary_name": schema.StringAttribute{
+ MarkdownDescription: "Dictionary name",
+ Computed: true,
+ },
+ "condition_dictionary_value": schema.StringAttribute{
+ MarkdownDescription: "Dictionary value",
+ Computed: true,
+ },
+ "condition_operator": schema.StringAttribute{
+ MarkdownDescription: "Equality operator",
+ Computed: true,
+ },
+ "children": schema.ListNestedAttribute{
+ MarkdownDescription: "List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`.",
+ Computed: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "condition_type": schema.StringAttribute{
+ MarkdownDescription: "Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.",
+ Computed: true,
+ },
+ "id": schema.StringAttribute{
+ MarkdownDescription: "UUID for condition",
+ Computed: true,
+ },
+ "is_negate": schema.BoolAttribute{
+ MarkdownDescription: "Indicates whereas this condition is in negate mode",
+ Computed: true,
+ },
+ "attribute_name": schema.StringAttribute{
+ MarkdownDescription: "Dictionary attribute name",
+ Computed: true,
+ },
+ "attribute_value": schema.StringAttribute{
+ MarkdownDescription: "Attribute value for condition. Value type is specified in dictionary object.",
+ Computed: true,
+ },
+ "dictionary_name": schema.StringAttribute{
+ MarkdownDescription: "Dictionary name",
+ Computed: true,
+ },
+ "dictionary_value": schema.StringAttribute{
+ MarkdownDescription: "Dictionary value",
+ Computed: true,
+ },
+ "operator": schema.StringAttribute{
+ MarkdownDescription: "Equality operator",
+ Computed: true,
+ },
+ "children": schema.ListNestedAttribute{
+ MarkdownDescription: "List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`.",
+ Computed: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "condition_type": schema.StringAttribute{
+ MarkdownDescription: "Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.",
+ Computed: true,
+ },
+ "id": schema.StringAttribute{
+ MarkdownDescription: "UUID for condition",
+ Computed: true,
+ },
+ "is_negate": schema.BoolAttribute{
+ MarkdownDescription: "Indicates whereas this condition is in negate mode",
+ Computed: true,
+ },
+ "attribute_name": schema.StringAttribute{
+ MarkdownDescription: "Dictionary attribute name",
+ Computed: true,
+ },
+ "attribute_value": schema.StringAttribute{
+ MarkdownDescription: "Attribute value for condition. Value type is specified in dictionary object.",
+ Computed: true,
+ },
+ "dictionary_name": schema.StringAttribute{
+ MarkdownDescription: "Dictionary name",
+ Computed: true,
+ },
+ "dictionary_value": schema.StringAttribute{
+ MarkdownDescription: "Dictionary value",
+ Computed: true,
+ },
+ "operator": schema.StringAttribute{
+ MarkdownDescription: "Equality operator",
+ Computed: true,
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "profiles": schema.ListAttribute{
+ MarkdownDescription: "The authorization profile(s)",
+ ElementType: types.StringType,
+ Computed: true,
+ },
+ "security_group": schema.StringAttribute{
+ MarkdownDescription: "Security group used in authorization policies",
+ Computed: true,
+ },
+ },
+ }
+}
+func (d *NetworkAccessAuthorizationGlobalExceptionRuleDataSource) ConfigValidators(ctx context.Context) []datasource.ConfigValidator {
+ return []datasource.ConfigValidator{
+ datasourcevalidator.ExactlyOneOf(
+ path.MatchRoot("id"),
+ path.MatchRoot("name"),
+ ),
+ }
+}
+
+func (d *NetworkAccessAuthorizationGlobalExceptionRuleDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, _ *datasource.ConfigureResponse) {
+ if req.ProviderData == nil {
+ return
+ }
+
+ d.client = req.ProviderData.(*IseProviderData).Client
+}
+
+//template:end model
+
+//template:begin read
+func (d *NetworkAccessAuthorizationGlobalExceptionRuleDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+ var config NetworkAccessAuthorizationGlobalExceptionRule
+
+ // Read config
+ diags := req.Config.Get(ctx, &config)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", config.Id.String()))
+ if config.Id.IsNull() && !config.Name.IsNull() {
+ for page := 1; ; page++ {
+ res, err := d.client.Get(config.getPath())
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve objects, got error: %s", err))
+ return
+ }
+ if value := res.Get("response"); len(value.Array()) > 0 {
+ value.ForEach(func(k, v gjson.Result) bool {
+ if config.Name.ValueString() == v.Get("name").String() {
+ config.Id = types.StringValue(v.Get("id").String())
+ tflog.Debug(ctx, fmt.Sprintf("%s: Found object with name '%v', id: %v", config.Id.String(), config.Name.ValueString(), config.Id.String()))
+ return false
+ }
+ return true
+ })
+ }
+ if !config.Id.IsNull() || !res.Get("SearchResult.nextPage").Exists() {
+ break
+ }
+ }
+
+ if config.Id.IsNull() {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to find object with name: %s", config.Name.ValueString()))
+ return
+ }
+ }
+
+ res, err := d.client.Get(config.getPath() + "/" + config.Id.ValueString())
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object, got error: %s", err))
+ return
+ }
+
+ config.fromBody(ctx, res)
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", config.Id.ValueString()))
+
+ diags = resp.State.Set(ctx, &config)
+ resp.Diagnostics.Append(diags...)
+}
+
+//template:end read
diff --git a/internal/provider/data_source_ise_network_access_authorization_global_exception_rule_test.go b/internal/provider/data_source_ise_network_access_authorization_global_exception_rule_test.go
new file mode 100644
index 0000000..06cb2b8
--- /dev/null
+++ b/internal/provider/data_source_ise_network_access_authorization_global_exception_rule_test.go
@@ -0,0 +1,100 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by "gen/generator.go"; DO NOT EDIT.
+
+package provider
+
+//template:begin imports
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+//template:end imports
+
+//template:begin testAccDataSource
+func TestAccDataSourceIseNetworkAccessAuthorizationGlobalExceptionRule(t *testing.T) {
+ var checks []resource.TestCheckFunc
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "name", "Rule1"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "default", "false"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "rank", "0"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "state", "enabled"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "condition_type", "ConditionAttributes"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "condition_is_negate", "false"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "condition_attribute_name", "Location"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "condition_attribute_value", "All Locations"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "condition_dictionary_name", "DEVICE"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "condition_operator", "equals"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "profiles.0", "PermitAccess"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "security_group", "BYOD"))
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccDataSourceIseNetworkAccessAuthorizationGlobalExceptionRulePrerequisitesConfig + testAccDataSourceIseNetworkAccessAuthorizationGlobalExceptionRuleConfig(),
+ Check: resource.ComposeTestCheckFunc(checks...),
+ },
+ },
+ })
+}
+
+//template:end testAccDataSource
+
+//template:begin testPrerequisites
+const testAccDataSourceIseNetworkAccessAuthorizationGlobalExceptionRulePrerequisitesConfig = `
+resource "ise_network_access_condition" "test" {
+ name = "Cond1"
+ condition_type = "LibraryConditionAttributes"
+ attribute_name = "NAS-Port-Type"
+ attribute_value = "Wireless - IEEE 802.11"
+ dictionary_name = "Radius"
+ operator = "equals"
+}
+
+`
+
+//template:end testPrerequisites
+
+//template:begin testAccDataSourceConfig
+func testAccDataSourceIseNetworkAccessAuthorizationGlobalExceptionRuleConfig() string {
+ config := `resource "ise_network_access_authorization_global_exception_rule" "test" {` + "\n"
+ config += ` name = "Rule1"` + "\n"
+ config += ` default = false` + "\n"
+ config += ` rank = 0` + "\n"
+ config += ` state = "enabled"` + "\n"
+ config += ` condition_type = "ConditionAttributes"` + "\n"
+ config += ` condition_is_negate = false` + "\n"
+ config += ` condition_attribute_name = "Location"` + "\n"
+ config += ` condition_attribute_value = "All Locations"` + "\n"
+ config += ` condition_dictionary_name = "DEVICE"` + "\n"
+ config += ` condition_operator = "equals"` + "\n"
+ config += ` profiles = ["PermitAccess"]` + "\n"
+ config += ` security_group = "BYOD"` + "\n"
+ config += `}` + "\n"
+
+ config += `
+ data "ise_network_access_authorization_global_exception_rule" "test" {
+ id = ise_network_access_authorization_global_exception_rule.test.id
+ }
+ `
+ return config
+}
+
+//template:end testAccDataSourceConfig
diff --git a/internal/provider/model_ise_network_access_authorization_global_exception_rule.go b/internal/provider/model_ise_network_access_authorization_global_exception_rule.go
new file mode 100644
index 0000000..0ef2a41
--- /dev/null
+++ b/internal/provider/model_ise_network_access_authorization_global_exception_rule.go
@@ -0,0 +1,575 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by "gen/generator.go"; DO NOT EDIT.
+
+package provider
+
+//template:begin imports
+import (
+ "context"
+ "strconv"
+
+ "github.com/CiscoDevNet/terraform-provider-ise/internal/provider/helpers"
+ "github.com/hashicorp/terraform-plugin-framework/types"
+ "github.com/tidwall/gjson"
+ "github.com/tidwall/sjson"
+)
+
+//template:end imports
+
+//template:begin types
+type NetworkAccessAuthorizationGlobalExceptionRule struct {
+ Id types.String `tfsdk:"id"`
+ Name types.String `tfsdk:"name"`
+ Default types.Bool `tfsdk:"default"`
+ Rank types.Int64 `tfsdk:"rank"`
+ State types.String `tfsdk:"state"`
+ ConditionType types.String `tfsdk:"condition_type"`
+ ConditionId types.String `tfsdk:"condition_id"`
+ ConditionIsNegate types.Bool `tfsdk:"condition_is_negate"`
+ ConditionAttributeName types.String `tfsdk:"condition_attribute_name"`
+ ConditionAttributeValue types.String `tfsdk:"condition_attribute_value"`
+ ConditionDictionaryName types.String `tfsdk:"condition_dictionary_name"`
+ ConditionDictionaryValue types.String `tfsdk:"condition_dictionary_value"`
+ ConditionOperator types.String `tfsdk:"condition_operator"`
+ Children []NetworkAccessAuthorizationGlobalExceptionRuleChildren `tfsdk:"children"`
+ Profiles types.List `tfsdk:"profiles"`
+ SecurityGroup types.String `tfsdk:"security_group"`
+}
+
+type NetworkAccessAuthorizationGlobalExceptionRuleChildren struct {
+ ConditionType types.String `tfsdk:"condition_type"`
+ Id types.String `tfsdk:"id"`
+ IsNegate types.Bool `tfsdk:"is_negate"`
+ AttributeName types.String `tfsdk:"attribute_name"`
+ AttributeValue types.String `tfsdk:"attribute_value"`
+ DictionaryName types.String `tfsdk:"dictionary_name"`
+ DictionaryValue types.String `tfsdk:"dictionary_value"`
+ Operator types.String `tfsdk:"operator"`
+ Children []NetworkAccessAuthorizationGlobalExceptionRuleChildrenChildren `tfsdk:"children"`
+}
+
+type NetworkAccessAuthorizationGlobalExceptionRuleChildrenChildren struct {
+ ConditionType types.String `tfsdk:"condition_type"`
+ Id types.String `tfsdk:"id"`
+ IsNegate types.Bool `tfsdk:"is_negate"`
+ AttributeName types.String `tfsdk:"attribute_name"`
+ AttributeValue types.String `tfsdk:"attribute_value"`
+ DictionaryName types.String `tfsdk:"dictionary_name"`
+ DictionaryValue types.String `tfsdk:"dictionary_value"`
+ Operator types.String `tfsdk:"operator"`
+}
+
+//template:end types
+
+//template:begin getPath
+func (data NetworkAccessAuthorizationGlobalExceptionRule) getPath() string {
+ return "/api/v1/policy/network-access/policy-set/global-exception"
+}
+
+//template:end getPath
+
+//template:begin toBody
+func (data NetworkAccessAuthorizationGlobalExceptionRule) toBody(ctx context.Context, state NetworkAccessAuthorizationGlobalExceptionRule) string {
+ body := ""
+ if !data.Name.IsNull() {
+ body, _ = sjson.Set(body, "rule.name", data.Name.ValueString())
+ }
+ if !data.Default.IsNull() {
+ body, _ = sjson.Set(body, "rule.default", data.Default.ValueBool())
+ }
+ if !data.Rank.IsNull() {
+ body, _ = sjson.Set(body, "rule.rank", data.Rank.ValueInt64())
+ }
+ if !data.State.IsNull() {
+ body, _ = sjson.Set(body, "rule.state", data.State.ValueString())
+ }
+ if !data.ConditionType.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.conditionType", data.ConditionType.ValueString())
+ }
+ if !data.ConditionId.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.id", data.ConditionId.ValueString())
+ }
+ if !data.ConditionIsNegate.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.isNegate", data.ConditionIsNegate.ValueBool())
+ }
+ if !data.ConditionAttributeName.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.attributeName", data.ConditionAttributeName.ValueString())
+ }
+ if !data.ConditionAttributeValue.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.attributeValue", data.ConditionAttributeValue.ValueString())
+ }
+ if !data.ConditionDictionaryName.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.dictionaryName", data.ConditionDictionaryName.ValueString())
+ }
+ if !data.ConditionDictionaryValue.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.dictionaryValue", data.ConditionDictionaryValue.ValueString())
+ }
+ if !data.ConditionOperator.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.operator", data.ConditionOperator.ValueString())
+ }
+ if len(data.Children) > 0 {
+ body, _ = sjson.Set(body, "rule.condition.children", []interface{}{})
+ for _, item := range data.Children {
+ itemBody := ""
+ if !item.ConditionType.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "conditionType", item.ConditionType.ValueString())
+ }
+ if !item.Id.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "id", item.Id.ValueString())
+ }
+ if !item.IsNegate.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "isNegate", item.IsNegate.ValueBool())
+ }
+ if !item.AttributeName.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "attributeName", item.AttributeName.ValueString())
+ }
+ if !item.AttributeValue.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "attributeValue", item.AttributeValue.ValueString())
+ }
+ if !item.DictionaryName.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "dictionaryName", item.DictionaryName.ValueString())
+ }
+ if !item.DictionaryValue.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "dictionaryValue", item.DictionaryValue.ValueString())
+ }
+ if !item.Operator.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "operator", item.Operator.ValueString())
+ }
+ if len(item.Children) > 0 {
+ itemBody, _ = sjson.Set(itemBody, "children", []interface{}{})
+ for _, childItem := range item.Children {
+ itemChildBody := ""
+ if !childItem.ConditionType.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "conditionType", childItem.ConditionType.ValueString())
+ }
+ if !childItem.Id.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "id", childItem.Id.ValueString())
+ }
+ if !childItem.IsNegate.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "isNegate", childItem.IsNegate.ValueBool())
+ }
+ if !childItem.AttributeName.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "attributeName", childItem.AttributeName.ValueString())
+ }
+ if !childItem.AttributeValue.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "attributeValue", childItem.AttributeValue.ValueString())
+ }
+ if !childItem.DictionaryName.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "dictionaryName", childItem.DictionaryName.ValueString())
+ }
+ if !childItem.DictionaryValue.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "dictionaryValue", childItem.DictionaryValue.ValueString())
+ }
+ if !childItem.Operator.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "operator", childItem.Operator.ValueString())
+ }
+ itemBody, _ = sjson.SetRaw(itemBody, "children.-1", itemChildBody)
+ }
+ }
+ body, _ = sjson.SetRaw(body, "rule.condition.children.-1", itemBody)
+ }
+ }
+ if !data.Profiles.IsNull() {
+ var values []string
+ data.Profiles.ElementsAs(ctx, &values, false)
+ body, _ = sjson.Set(body, "profile", values)
+ }
+ if !data.SecurityGroup.IsNull() {
+ body, _ = sjson.Set(body, "securityGroup", data.SecurityGroup.ValueString())
+ }
+ return body
+}
+
+//template:end toBody
+
+//template:begin fromBody
+func (data *NetworkAccessAuthorizationGlobalExceptionRule) fromBody(ctx context.Context, res gjson.Result) {
+ if value := res.Get("response.rule.name"); value.Exists() {
+ data.Name = types.StringValue(value.String())
+ } else {
+ data.Name = types.StringNull()
+ }
+ if value := res.Get("response.rule.default"); value.Exists() {
+ data.Default = types.BoolValue(value.Bool())
+ } else {
+ data.Default = types.BoolNull()
+ }
+ if value := res.Get("response.rule.rank"); value.Exists() {
+ data.Rank = types.Int64Value(value.Int())
+ } else {
+ data.Rank = types.Int64Null()
+ }
+ if value := res.Get("response.rule.state"); value.Exists() {
+ data.State = types.StringValue(value.String())
+ } else {
+ data.State = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.conditionType"); value.Exists() {
+ data.ConditionType = types.StringValue(value.String())
+ } else {
+ data.ConditionType = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.id"); value.Exists() {
+ data.ConditionId = types.StringValue(value.String())
+ } else {
+ data.ConditionId = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.isNegate"); value.Exists() {
+ data.ConditionIsNegate = types.BoolValue(value.Bool())
+ } else {
+ data.ConditionIsNegate = types.BoolNull()
+ }
+ if value := res.Get("response.rule.condition.attributeName"); value.Exists() {
+ data.ConditionAttributeName = types.StringValue(value.String())
+ } else {
+ data.ConditionAttributeName = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.attributeValue"); value.Exists() {
+ data.ConditionAttributeValue = types.StringValue(value.String())
+ } else {
+ data.ConditionAttributeValue = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.dictionaryName"); value.Exists() {
+ data.ConditionDictionaryName = types.StringValue(value.String())
+ } else {
+ data.ConditionDictionaryName = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.dictionaryValue"); value.Exists() {
+ data.ConditionDictionaryValue = types.StringValue(value.String())
+ } else {
+ data.ConditionDictionaryValue = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.operator"); value.Exists() {
+ data.ConditionOperator = types.StringValue(value.String())
+ } else {
+ data.ConditionOperator = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.children"); value.Exists() {
+ data.Children = make([]NetworkAccessAuthorizationGlobalExceptionRuleChildren, 0)
+ value.ForEach(func(k, v gjson.Result) bool {
+ item := NetworkAccessAuthorizationGlobalExceptionRuleChildren{}
+ if cValue := v.Get("conditionType"); cValue.Exists() {
+ item.ConditionType = types.StringValue(cValue.String())
+ } else {
+ item.ConditionType = types.StringNull()
+ }
+ if cValue := v.Get("id"); cValue.Exists() {
+ item.Id = types.StringValue(cValue.String())
+ } else {
+ item.Id = types.StringNull()
+ }
+ if cValue := v.Get("isNegate"); cValue.Exists() {
+ item.IsNegate = types.BoolValue(cValue.Bool())
+ } else {
+ item.IsNegate = types.BoolNull()
+ }
+ if cValue := v.Get("attributeName"); cValue.Exists() {
+ item.AttributeName = types.StringValue(cValue.String())
+ } else {
+ item.AttributeName = types.StringNull()
+ }
+ if cValue := v.Get("attributeValue"); cValue.Exists() {
+ item.AttributeValue = types.StringValue(cValue.String())
+ } else {
+ item.AttributeValue = types.StringNull()
+ }
+ if cValue := v.Get("dictionaryName"); cValue.Exists() {
+ item.DictionaryName = types.StringValue(cValue.String())
+ } else {
+ item.DictionaryName = types.StringNull()
+ }
+ if cValue := v.Get("dictionaryValue"); cValue.Exists() {
+ item.DictionaryValue = types.StringValue(cValue.String())
+ } else {
+ item.DictionaryValue = types.StringNull()
+ }
+ if cValue := v.Get("operator"); cValue.Exists() {
+ item.Operator = types.StringValue(cValue.String())
+ } else {
+ item.Operator = types.StringNull()
+ }
+ if cValue := v.Get("children"); cValue.Exists() {
+ item.Children = make([]NetworkAccessAuthorizationGlobalExceptionRuleChildrenChildren, 0)
+ cValue.ForEach(func(ck, cv gjson.Result) bool {
+ cItem := NetworkAccessAuthorizationGlobalExceptionRuleChildrenChildren{}
+ if ccValue := cv.Get("conditionType"); ccValue.Exists() {
+ cItem.ConditionType = types.StringValue(ccValue.String())
+ } else {
+ cItem.ConditionType = types.StringNull()
+ }
+ if ccValue := cv.Get("id"); ccValue.Exists() {
+ cItem.Id = types.StringValue(ccValue.String())
+ } else {
+ cItem.Id = types.StringNull()
+ }
+ if ccValue := cv.Get("isNegate"); ccValue.Exists() {
+ cItem.IsNegate = types.BoolValue(ccValue.Bool())
+ } else {
+ cItem.IsNegate = types.BoolNull()
+ }
+ if ccValue := cv.Get("attributeName"); ccValue.Exists() {
+ cItem.AttributeName = types.StringValue(ccValue.String())
+ } else {
+ cItem.AttributeName = types.StringNull()
+ }
+ if ccValue := cv.Get("attributeValue"); ccValue.Exists() {
+ cItem.AttributeValue = types.StringValue(ccValue.String())
+ } else {
+ cItem.AttributeValue = types.StringNull()
+ }
+ if ccValue := cv.Get("dictionaryName"); ccValue.Exists() {
+ cItem.DictionaryName = types.StringValue(ccValue.String())
+ } else {
+ cItem.DictionaryName = types.StringNull()
+ }
+ if ccValue := cv.Get("dictionaryValue"); ccValue.Exists() {
+ cItem.DictionaryValue = types.StringValue(ccValue.String())
+ } else {
+ cItem.DictionaryValue = types.StringNull()
+ }
+ if ccValue := cv.Get("operator"); ccValue.Exists() {
+ cItem.Operator = types.StringValue(ccValue.String())
+ } else {
+ cItem.Operator = types.StringNull()
+ }
+ item.Children = append(item.Children, cItem)
+ return true
+ })
+ }
+ data.Children = append(data.Children, item)
+ return true
+ })
+ }
+ if value := res.Get("response.profile"); value.Exists() {
+ data.Profiles = helpers.GetStringList(value.Array())
+ } else {
+ data.Profiles = types.ListNull(types.StringType)
+ }
+ if value := res.Get("response.securityGroup"); value.Exists() {
+ data.SecurityGroup = types.StringValue(value.String())
+ } else {
+ data.SecurityGroup = types.StringNull()
+ }
+}
+
+//template:end fromBody
+
+//template:begin updateFromBody
+func (data *NetworkAccessAuthorizationGlobalExceptionRule) updateFromBody(ctx context.Context, res gjson.Result) {
+ if value := res.Get("response.rule.name"); value.Exists() && !data.Name.IsNull() {
+ data.Name = types.StringValue(value.String())
+ } else {
+ data.Name = types.StringNull()
+ }
+ if value := res.Get("response.rule.default"); value.Exists() && !data.Default.IsNull() {
+ data.Default = types.BoolValue(value.Bool())
+ } else {
+ data.Default = types.BoolNull()
+ }
+ if value := res.Get("response.rule.rank"); value.Exists() && !data.Rank.IsNull() {
+ data.Rank = types.Int64Value(value.Int())
+ } else {
+ data.Rank = types.Int64Null()
+ }
+ if value := res.Get("response.rule.state"); value.Exists() && !data.State.IsNull() {
+ data.State = types.StringValue(value.String())
+ } else {
+ data.State = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.conditionType"); value.Exists() && !data.ConditionType.IsNull() {
+ data.ConditionType = types.StringValue(value.String())
+ } else {
+ data.ConditionType = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.id"); value.Exists() && !data.ConditionId.IsNull() {
+ data.ConditionId = types.StringValue(value.String())
+ } else {
+ data.ConditionId = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.isNegate"); value.Exists() && !data.ConditionIsNegate.IsNull() {
+ data.ConditionIsNegate = types.BoolValue(value.Bool())
+ } else {
+ data.ConditionIsNegate = types.BoolNull()
+ }
+ if value := res.Get("response.rule.condition.attributeName"); value.Exists() && !data.ConditionAttributeName.IsNull() {
+ data.ConditionAttributeName = types.StringValue(value.String())
+ } else {
+ data.ConditionAttributeName = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.attributeValue"); value.Exists() && !data.ConditionAttributeValue.IsNull() {
+ data.ConditionAttributeValue = types.StringValue(value.String())
+ } else {
+ data.ConditionAttributeValue = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.dictionaryName"); value.Exists() && !data.ConditionDictionaryName.IsNull() {
+ data.ConditionDictionaryName = types.StringValue(value.String())
+ } else {
+ data.ConditionDictionaryName = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.dictionaryValue"); value.Exists() && !data.ConditionDictionaryValue.IsNull() {
+ data.ConditionDictionaryValue = types.StringValue(value.String())
+ } else {
+ data.ConditionDictionaryValue = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.operator"); value.Exists() && !data.ConditionOperator.IsNull() {
+ data.ConditionOperator = types.StringValue(value.String())
+ } else {
+ data.ConditionOperator = types.StringNull()
+ }
+ for i := range data.Children {
+ keys := [...]string{"conditionType", "id", "isNegate", "attributeName", "attributeValue", "dictionaryName", "dictionaryValue", "operator"}
+ keyValues := [...]string{data.Children[i].ConditionType.ValueString(), data.Children[i].Id.ValueString(), strconv.FormatBool(data.Children[i].IsNegate.ValueBool()), data.Children[i].AttributeName.ValueString(), data.Children[i].AttributeValue.ValueString(), data.Children[i].DictionaryName.ValueString(), data.Children[i].DictionaryValue.ValueString(), data.Children[i].Operator.ValueString()}
+
+ var r gjson.Result
+ res.Get("response.rule.condition.children").ForEach(
+ func(_, v gjson.Result) bool {
+ found := false
+ for ik := range keys {
+ if v.Get(keys[ik]).String() == keyValues[ik] {
+ found = true
+ continue
+ }
+ found = false
+ break
+ }
+ if found {
+ r = v
+ return false
+ }
+ return true
+ },
+ )
+ if value := r.Get("conditionType"); value.Exists() && !data.Children[i].ConditionType.IsNull() {
+ data.Children[i].ConditionType = types.StringValue(value.String())
+ } else {
+ data.Children[i].ConditionType = types.StringNull()
+ }
+ if value := r.Get("id"); value.Exists() && !data.Children[i].Id.IsNull() {
+ data.Children[i].Id = types.StringValue(value.String())
+ } else {
+ data.Children[i].Id = types.StringNull()
+ }
+ if value := r.Get("isNegate"); value.Exists() && !data.Children[i].IsNegate.IsNull() {
+ data.Children[i].IsNegate = types.BoolValue(value.Bool())
+ } else {
+ data.Children[i].IsNegate = types.BoolNull()
+ }
+ if value := r.Get("attributeName"); value.Exists() && !data.Children[i].AttributeName.IsNull() {
+ data.Children[i].AttributeName = types.StringValue(value.String())
+ } else {
+ data.Children[i].AttributeName = types.StringNull()
+ }
+ if value := r.Get("attributeValue"); value.Exists() && !data.Children[i].AttributeValue.IsNull() {
+ data.Children[i].AttributeValue = types.StringValue(value.String())
+ } else {
+ data.Children[i].AttributeValue = types.StringNull()
+ }
+ if value := r.Get("dictionaryName"); value.Exists() && !data.Children[i].DictionaryName.IsNull() {
+ data.Children[i].DictionaryName = types.StringValue(value.String())
+ } else {
+ data.Children[i].DictionaryName = types.StringNull()
+ }
+ if value := r.Get("dictionaryValue"); value.Exists() && !data.Children[i].DictionaryValue.IsNull() {
+ data.Children[i].DictionaryValue = types.StringValue(value.String())
+ } else {
+ data.Children[i].DictionaryValue = types.StringNull()
+ }
+ if value := r.Get("operator"); value.Exists() && !data.Children[i].Operator.IsNull() {
+ data.Children[i].Operator = types.StringValue(value.String())
+ } else {
+ data.Children[i].Operator = types.StringNull()
+ }
+ for ci := range data.Children[i].Children {
+ keys := [...]string{"conditionType", "id", "isNegate", "attributeName", "attributeValue", "dictionaryName", "dictionaryValue", "operator"}
+ keyValues := [...]string{data.Children[i].Children[ci].ConditionType.ValueString(), data.Children[i].Children[ci].Id.ValueString(), strconv.FormatBool(data.Children[i].Children[ci].IsNegate.ValueBool()), data.Children[i].Children[ci].AttributeName.ValueString(), data.Children[i].Children[ci].AttributeValue.ValueString(), data.Children[i].Children[ci].DictionaryName.ValueString(), data.Children[i].Children[ci].DictionaryValue.ValueString(), data.Children[i].Children[ci].Operator.ValueString()}
+
+ var cr gjson.Result
+ r.Get("children").ForEach(
+ func(_, v gjson.Result) bool {
+ found := false
+ for ik := range keys {
+ if v.Get(keys[ik]).String() == keyValues[ik] {
+ found = true
+ continue
+ }
+ found = false
+ break
+ }
+ if found {
+ cr = v
+ return false
+ }
+ return true
+ },
+ )
+ if value := cr.Get("conditionType"); value.Exists() && !data.Children[i].Children[ci].ConditionType.IsNull() {
+ data.Children[i].Children[ci].ConditionType = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].ConditionType = types.StringNull()
+ }
+ if value := cr.Get("id"); value.Exists() && !data.Children[i].Children[ci].Id.IsNull() {
+ data.Children[i].Children[ci].Id = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].Id = types.StringNull()
+ }
+ if value := cr.Get("isNegate"); value.Exists() && !data.Children[i].Children[ci].IsNegate.IsNull() {
+ data.Children[i].Children[ci].IsNegate = types.BoolValue(value.Bool())
+ } else {
+ data.Children[i].Children[ci].IsNegate = types.BoolNull()
+ }
+ if value := cr.Get("attributeName"); value.Exists() && !data.Children[i].Children[ci].AttributeName.IsNull() {
+ data.Children[i].Children[ci].AttributeName = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].AttributeName = types.StringNull()
+ }
+ if value := cr.Get("attributeValue"); value.Exists() && !data.Children[i].Children[ci].AttributeValue.IsNull() {
+ data.Children[i].Children[ci].AttributeValue = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].AttributeValue = types.StringNull()
+ }
+ if value := cr.Get("dictionaryName"); value.Exists() && !data.Children[i].Children[ci].DictionaryName.IsNull() {
+ data.Children[i].Children[ci].DictionaryName = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].DictionaryName = types.StringNull()
+ }
+ if value := cr.Get("dictionaryValue"); value.Exists() && !data.Children[i].Children[ci].DictionaryValue.IsNull() {
+ data.Children[i].Children[ci].DictionaryValue = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].DictionaryValue = types.StringNull()
+ }
+ if value := cr.Get("operator"); value.Exists() && !data.Children[i].Children[ci].Operator.IsNull() {
+ data.Children[i].Children[ci].Operator = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].Operator = types.StringNull()
+ }
+ }
+ }
+ if value := res.Get("response.profile"); value.Exists() && !data.Profiles.IsNull() {
+ data.Profiles = helpers.GetStringList(value.Array())
+ } else {
+ data.Profiles = types.ListNull(types.StringType)
+ }
+ if value := res.Get("response.securityGroup"); value.Exists() && !data.SecurityGroup.IsNull() {
+ data.SecurityGroup = types.StringValue(value.String())
+ } else {
+ data.SecurityGroup = types.StringNull()
+ }
+}
+
+//template:end updateFromBody
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
index 9d3b2ab..5c9944f 100644
--- a/internal/provider/provider.go
+++ b/internal/provider/provider.go
@@ -258,6 +258,7 @@ func (p *IseProvider) Resources(ctx context.Context) []func() resource.Resource
NewLicenseTierStateResource,
NewNetworkAccessAuthenticationRuleResource,
NewNetworkAccessAuthorizationExceptionRuleResource,
+ NewNetworkAccessAuthorizationGlobalExceptionRuleResource,
NewNetworkAccessAuthorizationRuleResource,
NewNetworkAccessConditionResource,
NewNetworkAccessDictionaryResource,
@@ -295,6 +296,7 @@ func (p *IseProvider) DataSources(ctx context.Context) []func() datasource.DataS
NewLicenseTierStateDataSource,
NewNetworkAccessAuthenticationRuleDataSource,
NewNetworkAccessAuthorizationExceptionRuleDataSource,
+ NewNetworkAccessAuthorizationGlobalExceptionRuleDataSource,
NewNetworkAccessAuthorizationRuleDataSource,
NewNetworkAccessConditionDataSource,
NewNetworkAccessDictionaryDataSource,
diff --git a/internal/provider/resource_ise_network_access_authorization_global_exception_rule.go b/internal/provider/resource_ise_network_access_authorization_global_exception_rule.go
new file mode 100644
index 0000000..b459c06
--- /dev/null
+++ b/internal/provider/resource_ise_network_access_authorization_global_exception_rule.go
@@ -0,0 +1,373 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by "gen/generator.go"; DO NOT EDIT.
+
+package provider
+
+//template:begin imports
+import (
+ "context"
+ "fmt"
+ "strings"
+
+ "github.com/CiscoDevNet/terraform-provider-ise/internal/provider/helpers"
+ "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+ "github.com/hashicorp/terraform-plugin-framework/path"
+ "github.com/hashicorp/terraform-plugin-framework/resource"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+ "github.com/hashicorp/terraform-plugin-framework/schema/validator"
+ "github.com/hashicorp/terraform-plugin-framework/types"
+ "github.com/hashicorp/terraform-plugin-log/tflog"
+ "github.com/netascode/go-ise"
+)
+
+//template:end imports
+
+//template:begin model
+
+// Ensure provider defined types fully satisfy framework interfaces
+var _ resource.Resource = &NetworkAccessAuthorizationGlobalExceptionRuleResource{}
+var _ resource.ResourceWithImportState = &NetworkAccessAuthorizationGlobalExceptionRuleResource{}
+
+func NewNetworkAccessAuthorizationGlobalExceptionRuleResource() resource.Resource {
+ return &NetworkAccessAuthorizationGlobalExceptionRuleResource{}
+}
+
+type NetworkAccessAuthorizationGlobalExceptionRuleResource struct {
+ client *ise.Client
+}
+
+func (r *NetworkAccessAuthorizationGlobalExceptionRuleResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+ resp.TypeName = req.ProviderTypeName + "_network_access_authorization_global_exception_rule"
+}
+
+func (r *NetworkAccessAuthorizationGlobalExceptionRuleResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+ resp.Schema = schema.Schema{
+ // This description is used by the documentation generator and the language server.
+ MarkdownDescription: helpers.NewAttributeDescription("This resource can manage a Network Access Authorization Global Exception Rule.").String,
+
+ Attributes: map[string]schema.Attribute{
+ "id": schema.StringAttribute{
+ MarkdownDescription: "The id of the object",
+ Computed: true,
+ PlanModifiers: []planmodifier.String{
+ stringplanmodifier.UseStateForUnknown(),
+ },
+ },
+ "name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]").String,
+ Required: true,
+ },
+ "default": schema.BoolAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates if this rule is the default one").String,
+ Optional: true,
+ },
+ "rank": schema.Int64Attribute{
+ MarkdownDescription: helpers.NewAttributeDescription("The rank (priority) in relation to other rules. Lower rank is higher priority.").String,
+ Optional: true,
+ },
+ "state": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("The state that the rule is in. A disabled rule cannot be matched.").AddStringEnumDescription("disabled", "enabled", "monitor").String,
+ Optional: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("disabled", "enabled", "monitor"),
+ },
+ },
+ "condition_type": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.").AddStringEnumDescription("ConditionAndBlock", "ConditionAttributes", "ConditionOrBlock", "ConditionReference").String,
+ Optional: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("ConditionAndBlock", "ConditionAttributes", "ConditionOrBlock", "ConditionReference"),
+ },
+ },
+ "condition_id": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("UUID for condition").String,
+ Optional: true,
+ },
+ "condition_is_negate": schema.BoolAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates whereas this condition is in negate mode").String,
+ Optional: true,
+ },
+ "condition_attribute_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary attribute name").String,
+ Optional: true,
+ },
+ "condition_attribute_value": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Attribute value for condition. Value type is specified in dictionary object.").String,
+ Optional: true,
+ },
+ "condition_dictionary_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary name").String,
+ Optional: true,
+ },
+ "condition_dictionary_value": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary value").String,
+ Optional: true,
+ },
+ "condition_operator": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Equality operator").AddStringEnumDescription("contains", "endsWith", "equals", "greaterOrEquals", "greaterThan", "in", "ipEquals", "ipGreaterThan", "ipLessThan", "ipNotEquals", "lessOrEquals", "lessThan", "matches", "notContains", "notEndsWith", "notEquals", "notIn", "notStartsWith", "startsWith").String,
+ Optional: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("contains", "endsWith", "equals", "greaterOrEquals", "greaterThan", "in", "ipEquals", "ipGreaterThan", "ipLessThan", "ipNotEquals", "lessOrEquals", "lessThan", "matches", "notContains", "notEndsWith", "notEquals", "notIn", "notStartsWith", "startsWith"),
+ },
+ },
+ "children": schema.ListNestedAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`.").String,
+ Optional: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "condition_type": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.").AddStringEnumDescription("ConditionAndBlock", "ConditionAttributes", "ConditionOrBlock", "ConditionReference").String,
+ Required: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("ConditionAndBlock", "ConditionAttributes", "ConditionOrBlock", "ConditionReference"),
+ },
+ },
+ "id": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("UUID for condition").String,
+ Optional: true,
+ },
+ "is_negate": schema.BoolAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates whereas this condition is in negate mode").String,
+ Optional: true,
+ },
+ "attribute_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary attribute name").String,
+ Optional: true,
+ },
+ "attribute_value": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Attribute value for condition. Value type is specified in dictionary object.").String,
+ Optional: true,
+ },
+ "dictionary_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary name").String,
+ Optional: true,
+ },
+ "dictionary_value": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary value").String,
+ Optional: true,
+ },
+ "operator": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Equality operator").AddStringEnumDescription("contains", "endsWith", "equals", "greaterOrEquals", "greaterThan", "in", "ipEquals", "ipGreaterThan", "ipLessThan", "ipNotEquals", "lessOrEquals", "lessThan", "matches", "notContains", "notEndsWith", "notEquals", "notIn", "notStartsWith", "startsWith").String,
+ Optional: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("contains", "endsWith", "equals", "greaterOrEquals", "greaterThan", "in", "ipEquals", "ipGreaterThan", "ipLessThan", "ipNotEquals", "lessOrEquals", "lessThan", "matches", "notContains", "notEndsWith", "notEquals", "notIn", "notStartsWith", "startsWith"),
+ },
+ },
+ "children": schema.ListNestedAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`.").String,
+ Optional: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "condition_type": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.").AddStringEnumDescription("ConditionAndBlock", "ConditionAttributes", "ConditionOrBlock", "ConditionReference").String,
+ Required: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("ConditionAndBlock", "ConditionAttributes", "ConditionOrBlock", "ConditionReference"),
+ },
+ },
+ "id": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("UUID for condition").String,
+ Optional: true,
+ },
+ "is_negate": schema.BoolAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates whereas this condition is in negate mode").String,
+ Optional: true,
+ },
+ "attribute_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary attribute name").String,
+ Optional: true,
+ },
+ "attribute_value": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Attribute value for condition. Value type is specified in dictionary object.").String,
+ Optional: true,
+ },
+ "dictionary_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary name").String,
+ Optional: true,
+ },
+ "dictionary_value": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary value").String,
+ Optional: true,
+ },
+ "operator": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Equality operator").AddStringEnumDescription("contains", "endsWith", "equals", "greaterOrEquals", "greaterThan", "in", "ipEquals", "ipGreaterThan", "ipLessThan", "ipNotEquals", "lessOrEquals", "lessThan", "matches", "notContains", "notEndsWith", "notEquals", "notIn", "notStartsWith", "startsWith").String,
+ Optional: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("contains", "endsWith", "equals", "greaterOrEquals", "greaterThan", "in", "ipEquals", "ipGreaterThan", "ipLessThan", "ipNotEquals", "lessOrEquals", "lessThan", "matches", "notContains", "notEndsWith", "notEquals", "notIn", "notStartsWith", "startsWith"),
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "profiles": schema.ListAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("The authorization profile(s)").String,
+ ElementType: types.StringType,
+ Optional: true,
+ },
+ "security_group": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Security group used in authorization policies").String,
+ Optional: true,
+ },
+ },
+ }
+}
+
+func (r *NetworkAccessAuthorizationGlobalExceptionRuleResource) Configure(_ context.Context, req resource.ConfigureRequest, _ *resource.ConfigureResponse) {
+ if req.ProviderData == nil {
+ return
+ }
+
+ r.client = req.ProviderData.(*IseProviderData).Client
+}
+
+//template:end model
+
+//template:begin create
+func (r *NetworkAccessAuthorizationGlobalExceptionRuleResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+ var plan NetworkAccessAuthorizationGlobalExceptionRule
+
+ // Read plan
+ diags := req.Plan.Get(ctx, &plan)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Create", plan.Id.ValueString()))
+
+ // Create object
+ body := plan.toBody(ctx, NetworkAccessAuthorizationGlobalExceptionRule{})
+ res, _, err := r.client.Post(plan.getPath(), body)
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (POST), got error: %s, %s", err, res.String()))
+ return
+ }
+ plan.Id = types.StringValue(res.Get("response.rule.id").String())
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Create finished successfully", plan.Id.ValueString()))
+
+ diags = resp.State.Set(ctx, &plan)
+ resp.Diagnostics.Append(diags...)
+}
+
+//template:end create
+
+//template:begin read
+func (r *NetworkAccessAuthorizationGlobalExceptionRuleResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+ var state NetworkAccessAuthorizationGlobalExceptionRule
+
+ // Read state
+ diags := req.State.Get(ctx, &state)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", state.Id.String()))
+
+ res, err := r.client.Get(state.getPath() + "/" + state.Id.ValueString())
+ if err != nil && strings.Contains(err.Error(), "StatusCode 404") {
+ resp.State.RemoveResource(ctx)
+ return
+ } else if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String()))
+ return
+ }
+
+ state.updateFromBody(ctx, res)
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", state.Id.ValueString()))
+
+ diags = resp.State.Set(ctx, &state)
+ resp.Diagnostics.Append(diags...)
+}
+
+//template:end read
+
+//template:begin update
+func (r *NetworkAccessAuthorizationGlobalExceptionRuleResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+ var plan, state NetworkAccessAuthorizationGlobalExceptionRule
+
+ // Read plan
+ diags := req.Plan.Get(ctx, &plan)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+ // Read state
+ diags = req.State.Get(ctx, &state)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Update", plan.Id.ValueString()))
+
+ body := plan.toBody(ctx, state)
+
+ res, err := r.client.Put(plan.getPath()+"/"+plan.Id.ValueString(), body)
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String()))
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Update finished successfully", plan.Id.ValueString()))
+
+ diags = resp.State.Set(ctx, &plan)
+ resp.Diagnostics.Append(diags...)
+}
+
+//template:end update
+
+//template:begin delete
+func (r *NetworkAccessAuthorizationGlobalExceptionRuleResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+ var state NetworkAccessAuthorizationGlobalExceptionRule
+
+ // Read state
+ diags := req.State.Get(ctx, &state)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Delete", state.Id.ValueString()))
+ res, err := r.client.Delete(state.getPath() + "/" + state.Id.ValueString())
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to delete object (DELETE), got error: %s, %s", err, res.String()))
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Delete finished successfully", state.Id.ValueString()))
+
+ resp.State.RemoveResource(ctx)
+}
+
+//template:end delete
+
+//template:begin import
+func (r *NetworkAccessAuthorizationGlobalExceptionRuleResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+ resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp)
+}
+
+//template:end import
diff --git a/internal/provider/resource_ise_network_access_authorization_global_exception_rule_test.go b/internal/provider/resource_ise_network_access_authorization_global_exception_rule_test.go
new file mode 100644
index 0000000..5f52c07
--- /dev/null
+++ b/internal/provider/resource_ise_network_access_authorization_global_exception_rule_test.go
@@ -0,0 +1,119 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by "gen/generator.go"; DO NOT EDIT.
+
+package provider
+
+//template:begin imports
+import (
+ "os"
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+//template:end imports
+
+//template:begin testAcc
+func TestAccIseNetworkAccessAuthorizationGlobalExceptionRule(t *testing.T) {
+ var checks []resource.TestCheckFunc
+ checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "name", "Rule1"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "default", "false"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "rank", "0"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "state", "enabled"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "condition_type", "ConditionAttributes"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "condition_is_negate", "false"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "condition_attribute_name", "Location"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "condition_attribute_value", "All Locations"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "condition_dictionary_name", "DEVICE"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "condition_operator", "equals"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "profiles.0", "PermitAccess"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "security_group", "BYOD"))
+
+ var steps []resource.TestStep
+ if os.Getenv("SKIP_MINIMUM_TEST") == "" {
+ steps = append(steps, resource.TestStep{
+ Config: testAccIseNetworkAccessAuthorizationGlobalExceptionRulePrerequisitesConfig + testAccIseNetworkAccessAuthorizationGlobalExceptionRuleConfig_minimum(),
+ })
+ }
+ steps = append(steps, resource.TestStep{
+ Config: testAccIseNetworkAccessAuthorizationGlobalExceptionRulePrerequisitesConfig + testAccIseNetworkAccessAuthorizationGlobalExceptionRuleConfig_all(),
+ Check: resource.ComposeTestCheckFunc(checks...),
+ })
+ steps = append(steps, resource.TestStep{
+ ResourceName: "ise_network_access_authorization_global_exception_rule.test",
+ ImportState: true,
+ })
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+ Steps: steps,
+ })
+}
+
+//template:end testAcc
+
+//template:begin testPrerequisites
+const testAccIseNetworkAccessAuthorizationGlobalExceptionRulePrerequisitesConfig = `
+resource "ise_network_access_condition" "test" {
+ name = "Cond1"
+ condition_type = "LibraryConditionAttributes"
+ attribute_name = "NAS-Port-Type"
+ attribute_value = "Wireless - IEEE 802.11"
+ dictionary_name = "Radius"
+ operator = "equals"
+}
+
+`
+
+//template:end testPrerequisites
+
+//template:begin testAccConfigMinimal
+func testAccIseNetworkAccessAuthorizationGlobalExceptionRuleConfig_minimum() string {
+ config := `resource "ise_network_access_authorization_global_exception_rule" "test" {` + "\n"
+ config += ` name = "Rule1"` + "\n"
+ config += ` condition_type = "ConditionReference"` + "\n"
+ config += ` condition_id = ise_network_access_condition.test.id` + "\n"
+ config += ` profiles = ["PermitAccess"]` + "\n"
+ config += `}` + "\n"
+ return config
+}
+
+//template:end testAccConfigMinimal
+
+//template:begin testAccConfigAll
+func testAccIseNetworkAccessAuthorizationGlobalExceptionRuleConfig_all() string {
+ config := `resource "ise_network_access_authorization_global_exception_rule" "test" {` + "\n"
+ config += ` name = "Rule1"` + "\n"
+ config += ` default = false` + "\n"
+ config += ` rank = 0` + "\n"
+ config += ` state = "enabled"` + "\n"
+ config += ` condition_type = "ConditionAttributes"` + "\n"
+ config += ` condition_is_negate = false` + "\n"
+ config += ` condition_attribute_name = "Location"` + "\n"
+ config += ` condition_attribute_value = "All Locations"` + "\n"
+ config += ` condition_dictionary_name = "DEVICE"` + "\n"
+ config += ` condition_operator = "equals"` + "\n"
+ config += ` profiles = ["PermitAccess"]` + "\n"
+ config += ` security_group = "BYOD"` + "\n"
+ config += `}` + "\n"
+ return config
+}
+
+//template:end testAccConfigAll
diff --git a/templates/guides/changelog.md.tmpl b/templates/guides/changelog.md.tmpl
index e12d48a..4ce4493 100644
--- a/templates/guides/changelog.md.tmpl
+++ b/templates/guides/changelog.md.tmpl
@@ -21,6 +21,7 @@ description: |-
- Add `ise_device_admin_authorization_global_exception_rule` resource and data source
- BREAKING CHANGE: Rename `profile` attribute to `profiles` of `ise_network_access_authorization_rule` resource and data source
- Add `ise_network_access_authorization_exception_rule` resource and data source
+- Add `ise_network_access_authorization_global_exception_rule` resource and data source
## 0.1.5