Add device admin authentication rule resource

CHANGELOG.md

@@ -6,6 +6,7 @@
 - Add `ise_device_admin_condition` resource and data source
 - Add `ise_device_admin_policy_set` resource and data source
 - Add `ise_device_admin_time_and_date_condition` resource and data source
+- Add `ise_device_admin_authentication_rule` resource and data source
 
 ## 0.1.5
 

docs/data-sources/device_admin_authentication_rule.md

@@ -0,0 +1,80 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_device_admin_authentication_rule Data Source - terraform-provider-ise"
+subcategory: "Policy"
+description: |-
+  This data source can read the Device Admin Authentication Rule.
+---
+
+# ise_device_admin_authentication_rule (Data Source)
+
+This data source can read the Device Admin Authentication Rule.
+
+## Example Usage
+
+```terraform
+data "ise_device_admin_authentication_rule" "example" {
+  id            = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+  policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `policy_set_id` (String) Policy set ID
+
+### Optional
+
+- `id` (String) The id of the object
+- `name` (String) Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
+
+### Read-Only
+
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `default` (Boolean) Indicates if this rule is the default one
+- `identity_source_name` (String) Identity source name from the identity stores
+- `if_auth_fail` (String) Action to perform when authentication fails such as Bad credentials, disabled user and so on
+- `if_process_fail` (String) Action to perform when ISE is unable to access the identity database
+- `if_user_not_found` (String) Action to perform when user is not found in any of identity stores
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `state` (String) The state that the rule is in. A disabled rule cannot be matched.
+
+<a id="nestedatt--children"></a>
+### Nested Schema for `children`
+
+Read-Only:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children--children))
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+
+<a id="nestedatt--children--children"></a>
+### Nested Schema for `children.children`
+
+Read-Only:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator

docs/guides/changelog.md

@@ -15,6 +15,7 @@ description: |-
 - Add `ise_device_admin_condition` resource and data source
 - Add `ise_device_admin_policy_set` resource and data source
 - Add `ise_device_admin_time_and_date_condition` resource and data source
+- Add `ise_device_admin_authentication_rule` resource and data source
 
 ## 0.1.5
 

docs/resources/device_admin_authentication_rule.md

@@ -0,0 +1,117 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_device_admin_authentication_rule Resource - terraform-provider-ise"
+subcategory: "Policy"
+description: |-
+  This resource can manage a Device Admin Authentication Rule.
+---
+
+# ise_device_admin_authentication_rule (Resource)
+
+This resource can manage a Device Admin Authentication Rule.
+
+## Example Usage
+
+```terraform
+resource "ise_device_admin_authentication_rule" "example" {
+  policy_set_id             = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  name                      = "Rule1"
+  default                   = false
+  rank                      = 0
+  state                     = "enabled"
+  condition_type            = "ConditionAttributes"
+  condition_is_negate       = false
+  condition_attribute_name  = "Location"
+  condition_attribute_value = "All Locations"
+  condition_dictionary_name = "DEVICE"
+  condition_operator        = "equals"
+  identity_source_name      = "Internal Endpoints"
+  if_auth_fail              = "REJECT"
+  if_process_fail           = "DROP"
+  if_user_not_found         = "REJECT"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `if_auth_fail` (String) Action to perform when authentication fails such as Bad credentials, disabled user and so on
+  - Choices: `REJECT`, `DROP`, `CONTINUE`
+- `if_process_fail` (String) Action to perform when ISE is unable to access the identity database
+  - Choices: `REJECT`, `DROP`, `CONTINUE`
+- `if_user_not_found` (String) Action to perform when user is not found in any of identity stores
+  - Choices: `REJECT`, `DROP`, `CONTINUE`
+- `name` (String) Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
+- `policy_set_id` (String) Policy set ID
+
+### Optional
+
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+  - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+- `default` (Boolean) Indicates if this rule is the default one
+- `identity_source_name` (String) Identity source name from the identity stores
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `state` (String) The state that the rule is in. A disabled rule cannot be matched.
+  - Choices: `disabled`, `enabled`, `monitor`
+
+### Read-Only
+
+- `id` (String) The id of the object
+
+<a id="nestedatt--children"></a>
+### Nested Schema for `children`
+
+Required:
+
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+
+Optional:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children--children))
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+  - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+
+<a id="nestedatt--children--children"></a>
+### Nested Schema for `children.children`
+
+Required:
+
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+
+Optional:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+  - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import ise_device_admin_authentication_rule.example "76d24097-41c4-4558-a4d0-a8c07ac08470"
+```

docs/resources/device_admin_policy_set.md

@@ -18,7 +18,7 @@ resource "ise_device_admin_policy_set" "example" {
   description               = "My description"
   is_proxy                  = false
   rank                      = 0
-  service_name              = "Default Network Access"
+  service_name              = "Default Device Admin"
   state                     = "enabled"
   condition_type            = "ConditionAttributes"
   condition_is_negate       = false

examples/data-sources/ise_device_admin_authentication_rule/data-source.tf

@@ -0,0 +1,4 @@
+data "ise_device_admin_authentication_rule" "example" {
+  id            = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+  policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+}

examples/resources/ise_device_admin_authentication_rule/import.sh

@@ -0,0 +1 @@
+terraform import ise_device_admin_authentication_rule.example "76d24097-41c4-4558-a4d0-a8c07ac08470"

examples/resources/ise_device_admin_authentication_rule/resource.tf

@@ -0,0 +1,17 @@
+resource "ise_device_admin_authentication_rule" "example" {
+  policy_set_id             = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  name                      = "Rule1"
+  default                   = false
+  rank                      = 0
+  state                     = "enabled"
+  condition_type            = "ConditionAttributes"
+  condition_is_negate       = false
+  condition_attribute_name  = "Location"
+  condition_attribute_value = "All Locations"
+  condition_dictionary_name = "DEVICE"
+  condition_operator        = "equals"
+  identity_source_name      = "Internal Endpoints"
+  if_auth_fail              = "REJECT"
+  if_process_fail           = "DROP"
+  if_user_not_found         = "REJECT"
+}

examples/resources/ise_device_admin_policy_set/resource.tf

@@ -3,7 +3,7 @@ resource "ise_device_admin_policy_set" "example" {
   description               = "My description"
   is_proxy                  = false
   rank                      = 0
-  service_name              = "Default Network Access"
+  service_name              = "Default Device Admin"
   state                     = "enabled"
   condition_type            = "ConditionAttributes"
   condition_is_negate       = false