diff --git a/CHANGELOG.md b/CHANGELOG.md
index da1f6c3..723c0d5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@
- Add `ise_device_admin_condition` resource and data source
- Add `ise_device_admin_policy_set` resource and data source
- Add `ise_device_admin_time_and_date_condition` resource and data source
+- Add `ise_device_admin_authentication_rule` resource and data source
## 0.1.5
diff --git a/docs/data-sources/device_admin_authentication_rule.md b/docs/data-sources/device_admin_authentication_rule.md
new file mode 100644
index 0000000..7c476e0
--- /dev/null
+++ b/docs/data-sources/device_admin_authentication_rule.md
@@ -0,0 +1,80 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_device_admin_authentication_rule Data Source - terraform-provider-ise"
+subcategory: "Policy"
+description: |-
+ This data source can read the Device Admin Authentication Rule.
+---
+
+# ise_device_admin_authentication_rule (Data Source)
+
+This data source can read the Device Admin Authentication Rule.
+
+## Example Usage
+
+```terraform
+data "ise_device_admin_authentication_rule" "example" {
+ id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+ policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+}
+```
+
+
+## Schema
+
+### Required
+
+- `policy_set_id` (String) Policy set ID
+
+### Optional
+
+- `id` (String) The id of the object
+- `name` (String) Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
+
+### Read-Only
+
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `default` (Boolean) Indicates if this rule is the default one
+- `identity_source_name` (String) Identity source name from the identity stores
+- `if_auth_fail` (String) Action to perform when authentication fails such as Bad credentials, disabled user and so on
+- `if_process_fail` (String) Action to perform when ISE is unable to access the identity database
+- `if_user_not_found` (String) Action to perform when user is not found in any of identity stores
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `state` (String) The state that the rule is in. A disabled rule cannot be matched.
+
+
+### Nested Schema for `children`
+
+Read-Only:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children--children))
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+
+
+### Nested Schema for `children.children`
+
+Read-Only:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md
index 510f58f..f68ee80 100644
--- a/docs/guides/changelog.md
+++ b/docs/guides/changelog.md
@@ -15,6 +15,7 @@ description: |-
- Add `ise_device_admin_condition` resource and data source
- Add `ise_device_admin_policy_set` resource and data source
- Add `ise_device_admin_time_and_date_condition` resource and data source
+- Add `ise_device_admin_authentication_rule` resource and data source
## 0.1.5
diff --git a/docs/resources/device_admin_authentication_rule.md b/docs/resources/device_admin_authentication_rule.md
new file mode 100644
index 0000000..088ef32
--- /dev/null
+++ b/docs/resources/device_admin_authentication_rule.md
@@ -0,0 +1,117 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_device_admin_authentication_rule Resource - terraform-provider-ise"
+subcategory: "Policy"
+description: |-
+ This resource can manage a Device Admin Authentication Rule.
+---
+
+# ise_device_admin_authentication_rule (Resource)
+
+This resource can manage a Device Admin Authentication Rule.
+
+## Example Usage
+
+```terraform
+resource "ise_device_admin_authentication_rule" "example" {
+ policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+ name = "Rule1"
+ default = false
+ rank = 0
+ state = "enabled"
+ condition_type = "ConditionAttributes"
+ condition_is_negate = false
+ condition_attribute_name = "Location"
+ condition_attribute_value = "All Locations"
+ condition_dictionary_name = "DEVICE"
+ condition_operator = "equals"
+ identity_source_name = "Internal Endpoints"
+ if_auth_fail = "REJECT"
+ if_process_fail = "DROP"
+ if_user_not_found = "REJECT"
+}
+```
+
+
+## Schema
+
+### Required
+
+- `if_auth_fail` (String) Action to perform when authentication fails such as Bad credentials, disabled user and so on
+ - Choices: `REJECT`, `DROP`, `CONTINUE`
+- `if_process_fail` (String) Action to perform when ISE is unable to access the identity database
+ - Choices: `REJECT`, `DROP`, `CONTINUE`
+- `if_user_not_found` (String) Action to perform when user is not found in any of identity stores
+ - Choices: `REJECT`, `DROP`, `CONTINUE`
+- `name` (String) Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
+- `policy_set_id` (String) Policy set ID
+
+### Optional
+
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+ - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+ - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+- `default` (Boolean) Indicates if this rule is the default one
+- `identity_source_name` (String) Identity source name from the identity stores
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `state` (String) The state that the rule is in. A disabled rule cannot be matched.
+ - Choices: `disabled`, `enabled`, `monitor`
+
+### Read-Only
+
+- `id` (String) The id of the object
+
+
+### Nested Schema for `children`
+
+Required:
+
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+ - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+
+Optional:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children--children))
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+ - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+
+
+### Nested Schema for `children.children`
+
+Required:
+
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+ - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+
+Optional:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+ - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import ise_device_admin_authentication_rule.example "76d24097-41c4-4558-a4d0-a8c07ac08470"
+```
diff --git a/docs/resources/device_admin_policy_set.md b/docs/resources/device_admin_policy_set.md
index 4a1bb1f..7799d03 100644
--- a/docs/resources/device_admin_policy_set.md
+++ b/docs/resources/device_admin_policy_set.md
@@ -18,7 +18,7 @@ resource "ise_device_admin_policy_set" "example" {
description = "My description"
is_proxy = false
rank = 0
- service_name = "Default Network Access"
+ service_name = "Default Device Admin"
state = "enabled"
condition_type = "ConditionAttributes"
condition_is_negate = false
diff --git a/examples/data-sources/ise_device_admin_authentication_rule/data-source.tf b/examples/data-sources/ise_device_admin_authentication_rule/data-source.tf
new file mode 100644
index 0000000..d492ad9
--- /dev/null
+++ b/examples/data-sources/ise_device_admin_authentication_rule/data-source.tf
@@ -0,0 +1,4 @@
+data "ise_device_admin_authentication_rule" "example" {
+ id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+ policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+}
diff --git a/examples/resources/ise_device_admin_authentication_rule/import.sh b/examples/resources/ise_device_admin_authentication_rule/import.sh
new file mode 100644
index 0000000..510746a
--- /dev/null
+++ b/examples/resources/ise_device_admin_authentication_rule/import.sh
@@ -0,0 +1 @@
+terraform import ise_device_admin_authentication_rule.example "76d24097-41c4-4558-a4d0-a8c07ac08470"
diff --git a/examples/resources/ise_device_admin_authentication_rule/resource.tf b/examples/resources/ise_device_admin_authentication_rule/resource.tf
new file mode 100644
index 0000000..233fa8d
--- /dev/null
+++ b/examples/resources/ise_device_admin_authentication_rule/resource.tf
@@ -0,0 +1,17 @@
+resource "ise_device_admin_authentication_rule" "example" {
+ policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+ name = "Rule1"
+ default = false
+ rank = 0
+ state = "enabled"
+ condition_type = "ConditionAttributes"
+ condition_is_negate = false
+ condition_attribute_name = "Location"
+ condition_attribute_value = "All Locations"
+ condition_dictionary_name = "DEVICE"
+ condition_operator = "equals"
+ identity_source_name = "Internal Endpoints"
+ if_auth_fail = "REJECT"
+ if_process_fail = "DROP"
+ if_user_not_found = "REJECT"
+}
diff --git a/examples/resources/ise_device_admin_policy_set/resource.tf b/examples/resources/ise_device_admin_policy_set/resource.tf
index 73627e3..0fc7460 100644
--- a/examples/resources/ise_device_admin_policy_set/resource.tf
+++ b/examples/resources/ise_device_admin_policy_set/resource.tf
@@ -3,7 +3,7 @@ resource "ise_device_admin_policy_set" "example" {
description = "My description"
is_proxy = false
rank = 0
- service_name = "Default Network Access"
+ service_name = "Default Device Admin"
state = "enabled"
condition_type = "ConditionAttributes"
condition_is_negate = false
diff --git a/gen/definitions/device_admin_authentication_rule.yaml b/gen/definitions/device_admin_authentication_rule.yaml
new file mode 100644
index 0000000..06fb72e
--- /dev/null
+++ b/gen/definitions/device_admin_authentication_rule.yaml
@@ -0,0 +1,291 @@
+---
+name: Device Admin Authentication Rule
+rest_endpoint: /api/v1/policy/device-admin/policy-set/%v/authentication
+data_source_name_query: true
+id_path: response.rule.id
+doc_category: Policy
+attributes:
+ - tf_name: policy_set_id
+ type: String
+ reference: true
+ description: Policy set ID
+ example: d82952cb-b901-4b09-b363-5ebf39bdbaf9
+ test_value: ise_device_admin_policy_set.test.id
+ - model_name: name
+ data_path: [rule]
+ type: String
+ mandatory: true
+ description: Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
+ example: Rule1
+ - model_name: default
+ data_path: [rule]
+ type: Bool
+ description: Indicates if this rule is the default one
+ example: false
+ - model_name: rank
+ data_path: [rule]
+ type: Int64
+ description: The rank (priority) in relation to other rules. Lower rank is higher priority.
+ example: 0
+ - model_name: state
+ data_path: [rule]
+ type: String
+ enum_values: [disabled, enabled, monitor]
+ description: The state that the rule is in. A disabled rule cannot be matched.
+ example: enabled
+ - model_name: conditionType
+ data_path: [rule, condition]
+ type: String
+ enum_values:
+ [
+ ConditionAndBlock,
+ ConditionAttributes,
+ ConditionOrBlock,
+ ConditionReference,
+ ]
+ description: Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+ example: ConditionAttributes
+ minimum_test_value: '"ConditionReference"'
+ - model_name: id
+ data_path: [rule, condition]
+ tf_name: condition_id
+ type: String
+ description: UUID for condition
+ example: 12345678-f0e7-456b-a2d1-876543320123
+ exclude_test: true
+ minimum_test_value: ise_device_admin_condition.test.id
+ - model_name: isNegate
+ data_path: [rule, condition]
+ tf_name: condition_is_negate
+ type: Bool
+ description: Indicates whereas this condition is in negate mode
+ example: false
+ - model_name: attributeName
+ data_path: [rule, condition]
+ tf_name: condition_attribute_name
+ type: String
+ description: Dictionary attribute name
+ example: Location
+ - model_name: attributeValue
+ data_path: [rule, condition]
+ tf_name: condition_attribute_value
+ type: String
+ description: Attribute value for condition. Value type is specified in dictionary object.
+ example: All Locations
+ - model_name: dictionaryName
+ data_path: [rule, condition]
+ tf_name: condition_dictionary_name
+ type: String
+ description: Dictionary name
+ example: DEVICE
+ - model_name: dictionaryValue
+ data_path: [rule, condition]
+ tf_name: condition_dictionary_value
+ type: String
+ description: Dictionary value
+ example: abc
+ exclude_test: true
+ - model_name: operator
+ data_path: [rule, condition]
+ tf_name: condition_operator
+ type: String
+ enum_values:
+ [
+ contains,
+ endsWith,
+ equals,
+ greaterOrEquals,
+ greaterThan,
+ in,
+ ipEquals,
+ ipGreaterThan,
+ ipLessThan,
+ ipNotEquals,
+ lessOrEquals,
+ lessThan,
+ matches,
+ notContains,
+ notEndsWith,
+ notEquals,
+ notIn,
+ notStartsWith,
+ startsWith,
+ ]
+ description: Equality operator
+ example: equals
+ - model_name: children
+ type: List
+ description: List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`.
+ exclude_test: true
+ data_path: [rule, condition]
+ attributes:
+ - model_name: conditionType
+ mandatory: true
+ type: String
+ enum_values:
+ [
+ ConditionAndBlock,
+ ConditionAttributes,
+ ConditionOrBlock,
+ ConditionReference,
+ ]
+ description: Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+ example: ConditionAttributes
+ - model_name: id
+ type: String
+ description: UUID for condition
+ example: 12345678-f0e7-456b-a2d1-876543320123
+ - model_name: isNegate
+ type: Bool
+ description: Indicates whereas this condition is in negate mode
+ example: false
+ - model_name: attributeName
+ type: String
+ description: Dictionary attribute name
+ example: Location
+ - model_name: attributeValue
+ type: String
+ description: Attribute value for condition. Value type is specified in dictionary object.
+ example: All Locations
+ - model_name: dictionaryName
+ type: String
+ description: Dictionary name
+ example: DEVICE
+ - model_name: dictionaryValue
+ type: String
+ description: Dictionary value
+ example: abc
+ - model_name: operator
+ type: String
+ enum_values:
+ [
+ contains,
+ endsWith,
+ equals,
+ greaterOrEquals,
+ greaterThan,
+ in,
+ ipEquals,
+ ipGreaterThan,
+ ipLessThan,
+ ipNotEquals,
+ lessOrEquals,
+ lessThan,
+ matches,
+ notContains,
+ notEndsWith,
+ notEquals,
+ notIn,
+ notStartsWith,
+ startsWith,
+ ]
+ description: Equality operator
+ example: equals
+ - model_name: children
+ type: List
+ description: List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`.
+ attributes:
+ - model_name: conditionType
+ mandatory: true
+ type: String
+ enum_values:
+ [
+ ConditionAndBlock,
+ ConditionAttributes,
+ ConditionOrBlock,
+ ConditionReference,
+ ]
+ description: Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+ example: ConditionAttributes
+ - model_name: id
+ type: String
+ description: UUID for condition
+ example: 12345678-f0e7-456b-a2d1-876543320123
+ - model_name: isNegate
+ type: Bool
+ description: Indicates whereas this condition is in negate mode
+ example: false
+ - model_name: attributeName
+ type: String
+ description: Dictionary attribute name
+ example: Location
+ - model_name: attributeValue
+ type: String
+ description: Attribute value for condition. Value type is specified in dictionary object.
+ example: All Locations
+ - model_name: dictionaryName
+ type: String
+ description: Dictionary name
+ example: DEVICE
+ - model_name: dictionaryValue
+ type: String
+ description: Dictionary value
+ example: abc
+ - model_name: operator
+ type: String
+ enum_values:
+ [
+ contains,
+ endsWith,
+ equals,
+ greaterOrEquals,
+ greaterThan,
+ in,
+ ipEquals,
+ ipGreaterThan,
+ ipLessThan,
+ ipNotEquals,
+ lessOrEquals,
+ lessThan,
+ matches,
+ notContains,
+ notEndsWith,
+ notEquals,
+ notIn,
+ notStartsWith,
+ startsWith,
+ ]
+ description: Equality operator
+ example: equals
+ - model_name: identitySourceName
+ type: String
+ description: Identity source name from the identity stores
+ example: Internal Endpoints
+ - model_name: ifAuthFail
+ type: String
+ enum_values: [REJECT, DROP, CONTINUE]
+ mandatory: true
+ description: Action to perform when authentication fails such as Bad credentials, disabled user and so on
+ example: REJECT
+ - model_name: ifProcessFail
+ type: String
+ enum_values: [REJECT, DROP, CONTINUE]
+ mandatory: true
+ description: Action to perform when ISE is unable to access the identity database
+ example: DROP
+ - model_name: ifUserNotFound
+ type: String
+ enum_values: [REJECT, DROP, CONTINUE]
+ mandatory: true
+ description: Action to perform when user is not found in any of identity stores
+ example: REJECT
+
+test_prerequisites: |
+ resource "ise_device_admin_policy_set" "test" {
+ name = "PolicySet1"
+ service_name = "Default Device Admin"
+ condition_type = "ConditionAttributes"
+ condition_is_negate = false
+ condition_attribute_name = "Location"
+ condition_attribute_value = "All Locations"
+ condition_dictionary_name = "DEVICE"
+ condition_operator = "equals"
+ }
+ resource "ise_device_admin_condition" "test" {
+ name = "Cond1"
+ condition_type = "LibraryConditionAttributes"
+ attribute_name = "User"
+ attribute_value = "User1"
+ dictionary_name = "TACACS"
+ operator = "equals"
+ }
diff --git a/gen/definitions/device_admin_policy_set.yaml b/gen/definitions/device_admin_policy_set.yaml
index 1777a20..a2f6aaa 100644
--- a/gen/definitions/device_admin_policy_set.yaml
+++ b/gen/definitions/device_admin_policy_set.yaml
@@ -26,7 +26,7 @@ attributes:
type: String
mandatory: true
description: Policy set service identifier. 'Allowed Protocols' or 'Server Sequence'.
- example: Default Network Access
+ example: Default Device Admin
- model_name: state
type: String
enum_values: [disabled, enabled, monitor]
diff --git a/internal/provider/data_source_ise_device_admin_authentication_rule.go b/internal/provider/data_source_ise_device_admin_authentication_rule.go
new file mode 100644
index 0000000..6596c25
--- /dev/null
+++ b/internal/provider/data_source_ise_device_admin_authentication_rule.go
@@ -0,0 +1,295 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by "gen/generator.go"; DO NOT EDIT.
+
+package provider
+
+//template:begin imports
+import (
+ "context"
+ "fmt"
+
+ "github.com/hashicorp/terraform-plugin-framework-validators/datasourcevalidator"
+ "github.com/hashicorp/terraform-plugin-framework/datasource"
+ "github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+ "github.com/hashicorp/terraform-plugin-framework/path"
+ "github.com/hashicorp/terraform-plugin-framework/types"
+ "github.com/hashicorp/terraform-plugin-log/tflog"
+ "github.com/netascode/go-ise"
+ "github.com/tidwall/gjson"
+)
+
+//template:end imports
+
+//template:begin model
+
+// Ensure the implementation satisfies the expected interfaces.
+var (
+ _ datasource.DataSource = &DeviceAdminAuthenticationRuleDataSource{}
+ _ datasource.DataSourceWithConfigure = &DeviceAdminAuthenticationRuleDataSource{}
+)
+
+func NewDeviceAdminAuthenticationRuleDataSource() datasource.DataSource {
+ return &DeviceAdminAuthenticationRuleDataSource{}
+}
+
+type DeviceAdminAuthenticationRuleDataSource struct {
+ client *ise.Client
+}
+
+func (d *DeviceAdminAuthenticationRuleDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+ resp.TypeName = req.ProviderTypeName + "_device_admin_authentication_rule"
+}
+
+func (d *DeviceAdminAuthenticationRuleDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+ resp.Schema = schema.Schema{
+ // This description is used by the documentation generator and the language server.
+ MarkdownDescription: "This data source can read the Device Admin Authentication Rule.",
+
+ Attributes: map[string]schema.Attribute{
+ "id": schema.StringAttribute{
+ MarkdownDescription: "The id of the object",
+ Optional: true,
+ Computed: true,
+ },
+ "policy_set_id": schema.StringAttribute{
+ MarkdownDescription: "Policy set ID",
+ Required: true,
+ },
+ "name": schema.StringAttribute{
+ MarkdownDescription: "Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]",
+ Optional: true,
+ Computed: true,
+ },
+ "default": schema.BoolAttribute{
+ MarkdownDescription: "Indicates if this rule is the default one",
+ Computed: true,
+ },
+ "rank": schema.Int64Attribute{
+ MarkdownDescription: "The rank (priority) in relation to other rules. Lower rank is higher priority.",
+ Computed: true,
+ },
+ "state": schema.StringAttribute{
+ MarkdownDescription: "The state that the rule is in. A disabled rule cannot be matched.",
+ Computed: true,
+ },
+ "condition_type": schema.StringAttribute{
+ MarkdownDescription: "Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.",
+ Computed: true,
+ },
+ "condition_id": schema.StringAttribute{
+ MarkdownDescription: "UUID for condition",
+ Computed: true,
+ },
+ "condition_is_negate": schema.BoolAttribute{
+ MarkdownDescription: "Indicates whereas this condition is in negate mode",
+ Computed: true,
+ },
+ "condition_attribute_name": schema.StringAttribute{
+ MarkdownDescription: "Dictionary attribute name",
+ Computed: true,
+ },
+ "condition_attribute_value": schema.StringAttribute{
+ MarkdownDescription: "Attribute value for condition. Value type is specified in dictionary object.",
+ Computed: true,
+ },
+ "condition_dictionary_name": schema.StringAttribute{
+ MarkdownDescription: "Dictionary name",
+ Computed: true,
+ },
+ "condition_dictionary_value": schema.StringAttribute{
+ MarkdownDescription: "Dictionary value",
+ Computed: true,
+ },
+ "condition_operator": schema.StringAttribute{
+ MarkdownDescription: "Equality operator",
+ Computed: true,
+ },
+ "children": schema.ListNestedAttribute{
+ MarkdownDescription: "List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`.",
+ Computed: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "condition_type": schema.StringAttribute{
+ MarkdownDescription: "Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.",
+ Computed: true,
+ },
+ "id": schema.StringAttribute{
+ MarkdownDescription: "UUID for condition",
+ Computed: true,
+ },
+ "is_negate": schema.BoolAttribute{
+ MarkdownDescription: "Indicates whereas this condition is in negate mode",
+ Computed: true,
+ },
+ "attribute_name": schema.StringAttribute{
+ MarkdownDescription: "Dictionary attribute name",
+ Computed: true,
+ },
+ "attribute_value": schema.StringAttribute{
+ MarkdownDescription: "Attribute value for condition. Value type is specified in dictionary object.",
+ Computed: true,
+ },
+ "dictionary_name": schema.StringAttribute{
+ MarkdownDescription: "Dictionary name",
+ Computed: true,
+ },
+ "dictionary_value": schema.StringAttribute{
+ MarkdownDescription: "Dictionary value",
+ Computed: true,
+ },
+ "operator": schema.StringAttribute{
+ MarkdownDescription: "Equality operator",
+ Computed: true,
+ },
+ "children": schema.ListNestedAttribute{
+ MarkdownDescription: "List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`.",
+ Computed: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "condition_type": schema.StringAttribute{
+ MarkdownDescription: "Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.",
+ Computed: true,
+ },
+ "id": schema.StringAttribute{
+ MarkdownDescription: "UUID for condition",
+ Computed: true,
+ },
+ "is_negate": schema.BoolAttribute{
+ MarkdownDescription: "Indicates whereas this condition is in negate mode",
+ Computed: true,
+ },
+ "attribute_name": schema.StringAttribute{
+ MarkdownDescription: "Dictionary attribute name",
+ Computed: true,
+ },
+ "attribute_value": schema.StringAttribute{
+ MarkdownDescription: "Attribute value for condition. Value type is specified in dictionary object.",
+ Computed: true,
+ },
+ "dictionary_name": schema.StringAttribute{
+ MarkdownDescription: "Dictionary name",
+ Computed: true,
+ },
+ "dictionary_value": schema.StringAttribute{
+ MarkdownDescription: "Dictionary value",
+ Computed: true,
+ },
+ "operator": schema.StringAttribute{
+ MarkdownDescription: "Equality operator",
+ Computed: true,
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "identity_source_name": schema.StringAttribute{
+ MarkdownDescription: "Identity source name from the identity stores",
+ Computed: true,
+ },
+ "if_auth_fail": schema.StringAttribute{
+ MarkdownDescription: "Action to perform when authentication fails such as Bad credentials, disabled user and so on",
+ Computed: true,
+ },
+ "if_process_fail": schema.StringAttribute{
+ MarkdownDescription: "Action to perform when ISE is unable to access the identity database",
+ Computed: true,
+ },
+ "if_user_not_found": schema.StringAttribute{
+ MarkdownDescription: "Action to perform when user is not found in any of identity stores",
+ Computed: true,
+ },
+ },
+ }
+}
+func (d *DeviceAdminAuthenticationRuleDataSource) ConfigValidators(ctx context.Context) []datasource.ConfigValidator {
+ return []datasource.ConfigValidator{
+ datasourcevalidator.ExactlyOneOf(
+ path.MatchRoot("id"),
+ path.MatchRoot("name"),
+ ),
+ }
+}
+
+func (d *DeviceAdminAuthenticationRuleDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, _ *datasource.ConfigureResponse) {
+ if req.ProviderData == nil {
+ return
+ }
+
+ d.client = req.ProviderData.(*IseProviderData).Client
+}
+
+//template:end model
+
+//template:begin read
+func (d *DeviceAdminAuthenticationRuleDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+ var config DeviceAdminAuthenticationRule
+
+ // Read config
+ diags := req.Config.Get(ctx, &config)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", config.Id.String()))
+ if config.Id.IsNull() && !config.Name.IsNull() {
+ for page := 1; ; page++ {
+ res, err := d.client.Get(config.getPath())
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve objects, got error: %s", err))
+ return
+ }
+ if value := res.Get("response"); len(value.Array()) > 0 {
+ value.ForEach(func(k, v gjson.Result) bool {
+ if config.Name.ValueString() == v.Get("name").String() {
+ config.Id = types.StringValue(v.Get("id").String())
+ tflog.Debug(ctx, fmt.Sprintf("%s: Found object with name '%v', id: %v", config.Id.String(), config.Name.ValueString(), config.Id.String()))
+ return false
+ }
+ return true
+ })
+ }
+ if !config.Id.IsNull() || !res.Get("SearchResult.nextPage").Exists() {
+ break
+ }
+ }
+
+ if config.Id.IsNull() {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to find object with name: %s", config.Name.ValueString()))
+ return
+ }
+ }
+
+ res, err := d.client.Get(config.getPath() + "/" + config.Id.ValueString())
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object, got error: %s", err))
+ return
+ }
+
+ config.fromBody(ctx, res)
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", config.Id.ValueString()))
+
+ diags = resp.State.Set(ctx, &config)
+ resp.Diagnostics.Append(diags...)
+}
+
+//template:end read
diff --git a/internal/provider/data_source_ise_device_admin_authentication_rule_test.go b/internal/provider/data_source_ise_device_admin_authentication_rule_test.go
new file mode 100644
index 0000000..af8db7d
--- /dev/null
+++ b/internal/provider/data_source_ise_device_admin_authentication_rule_test.go
@@ -0,0 +1,116 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by "gen/generator.go"; DO NOT EDIT.
+
+package provider
+
+//template:begin imports
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+//template:end imports
+
+//template:begin testAccDataSource
+func TestAccDataSourceIseDeviceAdminAuthenticationRule(t *testing.T) {
+ var checks []resource.TestCheckFunc
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "name", "Rule1"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "default", "false"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "rank", "0"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "state", "enabled"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "condition_type", "ConditionAttributes"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "condition_is_negate", "false"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "condition_attribute_name", "Location"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "condition_attribute_value", "All Locations"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "condition_dictionary_name", "DEVICE"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "condition_operator", "equals"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "identity_source_name", "Internal Endpoints"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "if_auth_fail", "REJECT"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "if_process_fail", "DROP"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authentication_rule.test", "if_user_not_found", "REJECT"))
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccDataSourceIseDeviceAdminAuthenticationRulePrerequisitesConfig + testAccDataSourceIseDeviceAdminAuthenticationRuleConfig(),
+ Check: resource.ComposeTestCheckFunc(checks...),
+ },
+ },
+ })
+}
+
+//template:end testAccDataSource
+
+//template:begin testPrerequisites
+const testAccDataSourceIseDeviceAdminAuthenticationRulePrerequisitesConfig = `
+resource "ise_device_admin_policy_set" "test" {
+ name = "PolicySet1"
+ service_name = "Default Device Admin"
+ condition_type = "ConditionAttributes"
+ condition_is_negate = false
+ condition_attribute_name = "Location"
+ condition_attribute_value = "All Locations"
+ condition_dictionary_name = "DEVICE"
+ condition_operator = "equals"
+}
+resource "ise_device_admin_condition" "test" {
+ name = "Cond1"
+ condition_type = "LibraryConditionAttributes"
+ attribute_name = "User"
+ attribute_value = "User1"
+ dictionary_name = "TACACS"
+ operator = "equals"
+}
+
+`
+
+//template:end testPrerequisites
+
+//template:begin testAccDataSourceConfig
+func testAccDataSourceIseDeviceAdminAuthenticationRuleConfig() string {
+ config := `resource "ise_device_admin_authentication_rule" "test" {` + "\n"
+ config += ` policy_set_id = ise_device_admin_policy_set.test.id` + "\n"
+ config += ` name = "Rule1"` + "\n"
+ config += ` default = false` + "\n"
+ config += ` rank = 0` + "\n"
+ config += ` state = "enabled"` + "\n"
+ config += ` condition_type = "ConditionAttributes"` + "\n"
+ config += ` condition_is_negate = false` + "\n"
+ config += ` condition_attribute_name = "Location"` + "\n"
+ config += ` condition_attribute_value = "All Locations"` + "\n"
+ config += ` condition_dictionary_name = "DEVICE"` + "\n"
+ config += ` condition_operator = "equals"` + "\n"
+ config += ` identity_source_name = "Internal Endpoints"` + "\n"
+ config += ` if_auth_fail = "REJECT"` + "\n"
+ config += ` if_process_fail = "DROP"` + "\n"
+ config += ` if_user_not_found = "REJECT"` + "\n"
+ config += `}` + "\n"
+
+ config += `
+ data "ise_device_admin_authentication_rule" "test" {
+ id = ise_device_admin_authentication_rule.test.id
+ policy_set_id = ise_device_admin_policy_set.test.id
+ }
+ `
+ return config
+}
+
+//template:end testAccDataSourceConfig
diff --git a/internal/provider/data_source_ise_device_admin_policy_set_test.go b/internal/provider/data_source_ise_device_admin_policy_set_test.go
index 2cc6ae1..270effa 100644
--- a/internal/provider/data_source_ise_device_admin_policy_set_test.go
+++ b/internal/provider/data_source_ise_device_admin_policy_set_test.go
@@ -35,7 +35,7 @@ func TestAccDataSourceIseDeviceAdminPolicySet(t *testing.T) {
checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_policy_set.test", "description", "My description"))
checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_policy_set.test", "is_proxy", "false"))
checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_policy_set.test", "rank", "0"))
- checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_policy_set.test", "service_name", "Default Network Access"))
+ checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_policy_set.test", "service_name", "Default Device Admin"))
checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_policy_set.test", "state", "enabled"))
checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_policy_set.test", "condition_type", "ConditionAttributes"))
checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_policy_set.test", "condition_is_negate", "false"))
@@ -79,7 +79,7 @@ func testAccDataSourceIseDeviceAdminPolicySetConfig() string {
config += ` description = "My description"` + "\n"
config += ` is_proxy = false` + "\n"
config += ` rank = 0` + "\n"
- config += ` service_name = "Default Network Access"` + "\n"
+ config += ` service_name = "Default Device Admin"` + "\n"
config += ` state = "enabled"` + "\n"
config += ` condition_type = "ConditionAttributes"` + "\n"
config += ` condition_is_negate = false` + "\n"
diff --git a/internal/provider/model_ise_device_admin_authentication_rule.go b/internal/provider/model_ise_device_admin_authentication_rule.go
new file mode 100644
index 0000000..82c70f3
--- /dev/null
+++ b/internal/provider/model_ise_device_admin_authentication_rule.go
@@ -0,0 +1,602 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by "gen/generator.go"; DO NOT EDIT.
+
+package provider
+
+//template:begin imports
+import (
+ "context"
+ "fmt"
+ "strconv"
+
+ "github.com/hashicorp/terraform-plugin-framework/types"
+ "github.com/tidwall/gjson"
+ "github.com/tidwall/sjson"
+)
+
+//template:end imports
+
+//template:begin types
+type DeviceAdminAuthenticationRule struct {
+ Id types.String `tfsdk:"id"`
+ PolicySetId types.String `tfsdk:"policy_set_id"`
+ Name types.String `tfsdk:"name"`
+ Default types.Bool `tfsdk:"default"`
+ Rank types.Int64 `tfsdk:"rank"`
+ State types.String `tfsdk:"state"`
+ ConditionType types.String `tfsdk:"condition_type"`
+ ConditionId types.String `tfsdk:"condition_id"`
+ ConditionIsNegate types.Bool `tfsdk:"condition_is_negate"`
+ ConditionAttributeName types.String `tfsdk:"condition_attribute_name"`
+ ConditionAttributeValue types.String `tfsdk:"condition_attribute_value"`
+ ConditionDictionaryName types.String `tfsdk:"condition_dictionary_name"`
+ ConditionDictionaryValue types.String `tfsdk:"condition_dictionary_value"`
+ ConditionOperator types.String `tfsdk:"condition_operator"`
+ Children []DeviceAdminAuthenticationRuleChildren `tfsdk:"children"`
+ IdentitySourceName types.String `tfsdk:"identity_source_name"`
+ IfAuthFail types.String `tfsdk:"if_auth_fail"`
+ IfProcessFail types.String `tfsdk:"if_process_fail"`
+ IfUserNotFound types.String `tfsdk:"if_user_not_found"`
+}
+
+type DeviceAdminAuthenticationRuleChildren struct {
+ ConditionType types.String `tfsdk:"condition_type"`
+ Id types.String `tfsdk:"id"`
+ IsNegate types.Bool `tfsdk:"is_negate"`
+ AttributeName types.String `tfsdk:"attribute_name"`
+ AttributeValue types.String `tfsdk:"attribute_value"`
+ DictionaryName types.String `tfsdk:"dictionary_name"`
+ DictionaryValue types.String `tfsdk:"dictionary_value"`
+ Operator types.String `tfsdk:"operator"`
+ Children []DeviceAdminAuthenticationRuleChildrenChildren `tfsdk:"children"`
+}
+
+type DeviceAdminAuthenticationRuleChildrenChildren struct {
+ ConditionType types.String `tfsdk:"condition_type"`
+ Id types.String `tfsdk:"id"`
+ IsNegate types.Bool `tfsdk:"is_negate"`
+ AttributeName types.String `tfsdk:"attribute_name"`
+ AttributeValue types.String `tfsdk:"attribute_value"`
+ DictionaryName types.String `tfsdk:"dictionary_name"`
+ DictionaryValue types.String `tfsdk:"dictionary_value"`
+ Operator types.String `tfsdk:"operator"`
+}
+
+//template:end types
+
+//template:begin getPath
+func (data DeviceAdminAuthenticationRule) getPath() string {
+ return fmt.Sprintf("/api/v1/policy/device-admin/policy-set/%v/authentication", data.PolicySetId.ValueString())
+}
+
+//template:end getPath
+
+//template:begin toBody
+func (data DeviceAdminAuthenticationRule) toBody(ctx context.Context, state DeviceAdminAuthenticationRule) string {
+ body := ""
+ if !data.Name.IsNull() {
+ body, _ = sjson.Set(body, "rule.name", data.Name.ValueString())
+ }
+ if !data.Default.IsNull() {
+ body, _ = sjson.Set(body, "rule.default", data.Default.ValueBool())
+ }
+ if !data.Rank.IsNull() {
+ body, _ = sjson.Set(body, "rule.rank", data.Rank.ValueInt64())
+ }
+ if !data.State.IsNull() {
+ body, _ = sjson.Set(body, "rule.state", data.State.ValueString())
+ }
+ if !data.ConditionType.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.conditionType", data.ConditionType.ValueString())
+ }
+ if !data.ConditionId.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.id", data.ConditionId.ValueString())
+ }
+ if !data.ConditionIsNegate.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.isNegate", data.ConditionIsNegate.ValueBool())
+ }
+ if !data.ConditionAttributeName.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.attributeName", data.ConditionAttributeName.ValueString())
+ }
+ if !data.ConditionAttributeValue.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.attributeValue", data.ConditionAttributeValue.ValueString())
+ }
+ if !data.ConditionDictionaryName.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.dictionaryName", data.ConditionDictionaryName.ValueString())
+ }
+ if !data.ConditionDictionaryValue.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.dictionaryValue", data.ConditionDictionaryValue.ValueString())
+ }
+ if !data.ConditionOperator.IsNull() {
+ body, _ = sjson.Set(body, "rule.condition.operator", data.ConditionOperator.ValueString())
+ }
+ if len(data.Children) > 0 {
+ body, _ = sjson.Set(body, "rule.condition.children", []interface{}{})
+ for _, item := range data.Children {
+ itemBody := ""
+ if !item.ConditionType.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "conditionType", item.ConditionType.ValueString())
+ }
+ if !item.Id.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "id", item.Id.ValueString())
+ }
+ if !item.IsNegate.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "isNegate", item.IsNegate.ValueBool())
+ }
+ if !item.AttributeName.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "attributeName", item.AttributeName.ValueString())
+ }
+ if !item.AttributeValue.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "attributeValue", item.AttributeValue.ValueString())
+ }
+ if !item.DictionaryName.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "dictionaryName", item.DictionaryName.ValueString())
+ }
+ if !item.DictionaryValue.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "dictionaryValue", item.DictionaryValue.ValueString())
+ }
+ if !item.Operator.IsNull() {
+ itemBody, _ = sjson.Set(itemBody, "operator", item.Operator.ValueString())
+ }
+ if len(item.Children) > 0 {
+ itemBody, _ = sjson.Set(itemBody, "children", []interface{}{})
+ for _, childItem := range item.Children {
+ itemChildBody := ""
+ if !childItem.ConditionType.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "conditionType", childItem.ConditionType.ValueString())
+ }
+ if !childItem.Id.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "id", childItem.Id.ValueString())
+ }
+ if !childItem.IsNegate.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "isNegate", childItem.IsNegate.ValueBool())
+ }
+ if !childItem.AttributeName.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "attributeName", childItem.AttributeName.ValueString())
+ }
+ if !childItem.AttributeValue.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "attributeValue", childItem.AttributeValue.ValueString())
+ }
+ if !childItem.DictionaryName.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "dictionaryName", childItem.DictionaryName.ValueString())
+ }
+ if !childItem.DictionaryValue.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "dictionaryValue", childItem.DictionaryValue.ValueString())
+ }
+ if !childItem.Operator.IsNull() {
+ itemChildBody, _ = sjson.Set(itemChildBody, "operator", childItem.Operator.ValueString())
+ }
+ itemBody, _ = sjson.SetRaw(itemBody, "children.-1", itemChildBody)
+ }
+ }
+ body, _ = sjson.SetRaw(body, "rule.condition.children.-1", itemBody)
+ }
+ }
+ if !data.IdentitySourceName.IsNull() {
+ body, _ = sjson.Set(body, "identitySourceName", data.IdentitySourceName.ValueString())
+ }
+ if !data.IfAuthFail.IsNull() {
+ body, _ = sjson.Set(body, "ifAuthFail", data.IfAuthFail.ValueString())
+ }
+ if !data.IfProcessFail.IsNull() {
+ body, _ = sjson.Set(body, "ifProcessFail", data.IfProcessFail.ValueString())
+ }
+ if !data.IfUserNotFound.IsNull() {
+ body, _ = sjson.Set(body, "ifUserNotFound", data.IfUserNotFound.ValueString())
+ }
+ return body
+}
+
+//template:end toBody
+
+//template:begin fromBody
+func (data *DeviceAdminAuthenticationRule) fromBody(ctx context.Context, res gjson.Result) {
+ if value := res.Get("response.rule.name"); value.Exists() {
+ data.Name = types.StringValue(value.String())
+ } else {
+ data.Name = types.StringNull()
+ }
+ if value := res.Get("response.rule.default"); value.Exists() {
+ data.Default = types.BoolValue(value.Bool())
+ } else {
+ data.Default = types.BoolNull()
+ }
+ if value := res.Get("response.rule.rank"); value.Exists() {
+ data.Rank = types.Int64Value(value.Int())
+ } else {
+ data.Rank = types.Int64Null()
+ }
+ if value := res.Get("response.rule.state"); value.Exists() {
+ data.State = types.StringValue(value.String())
+ } else {
+ data.State = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.conditionType"); value.Exists() {
+ data.ConditionType = types.StringValue(value.String())
+ } else {
+ data.ConditionType = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.id"); value.Exists() {
+ data.ConditionId = types.StringValue(value.String())
+ } else {
+ data.ConditionId = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.isNegate"); value.Exists() {
+ data.ConditionIsNegate = types.BoolValue(value.Bool())
+ } else {
+ data.ConditionIsNegate = types.BoolNull()
+ }
+ if value := res.Get("response.rule.condition.attributeName"); value.Exists() {
+ data.ConditionAttributeName = types.StringValue(value.String())
+ } else {
+ data.ConditionAttributeName = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.attributeValue"); value.Exists() {
+ data.ConditionAttributeValue = types.StringValue(value.String())
+ } else {
+ data.ConditionAttributeValue = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.dictionaryName"); value.Exists() {
+ data.ConditionDictionaryName = types.StringValue(value.String())
+ } else {
+ data.ConditionDictionaryName = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.dictionaryValue"); value.Exists() {
+ data.ConditionDictionaryValue = types.StringValue(value.String())
+ } else {
+ data.ConditionDictionaryValue = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.operator"); value.Exists() {
+ data.ConditionOperator = types.StringValue(value.String())
+ } else {
+ data.ConditionOperator = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.children"); value.Exists() {
+ data.Children = make([]DeviceAdminAuthenticationRuleChildren, 0)
+ value.ForEach(func(k, v gjson.Result) bool {
+ item := DeviceAdminAuthenticationRuleChildren{}
+ if cValue := v.Get("conditionType"); cValue.Exists() {
+ item.ConditionType = types.StringValue(cValue.String())
+ } else {
+ item.ConditionType = types.StringNull()
+ }
+ if cValue := v.Get("id"); cValue.Exists() {
+ item.Id = types.StringValue(cValue.String())
+ } else {
+ item.Id = types.StringNull()
+ }
+ if cValue := v.Get("isNegate"); cValue.Exists() {
+ item.IsNegate = types.BoolValue(cValue.Bool())
+ } else {
+ item.IsNegate = types.BoolNull()
+ }
+ if cValue := v.Get("attributeName"); cValue.Exists() {
+ item.AttributeName = types.StringValue(cValue.String())
+ } else {
+ item.AttributeName = types.StringNull()
+ }
+ if cValue := v.Get("attributeValue"); cValue.Exists() {
+ item.AttributeValue = types.StringValue(cValue.String())
+ } else {
+ item.AttributeValue = types.StringNull()
+ }
+ if cValue := v.Get("dictionaryName"); cValue.Exists() {
+ item.DictionaryName = types.StringValue(cValue.String())
+ } else {
+ item.DictionaryName = types.StringNull()
+ }
+ if cValue := v.Get("dictionaryValue"); cValue.Exists() {
+ item.DictionaryValue = types.StringValue(cValue.String())
+ } else {
+ item.DictionaryValue = types.StringNull()
+ }
+ if cValue := v.Get("operator"); cValue.Exists() {
+ item.Operator = types.StringValue(cValue.String())
+ } else {
+ item.Operator = types.StringNull()
+ }
+ if cValue := v.Get("children"); cValue.Exists() {
+ item.Children = make([]DeviceAdminAuthenticationRuleChildrenChildren, 0)
+ cValue.ForEach(func(ck, cv gjson.Result) bool {
+ cItem := DeviceAdminAuthenticationRuleChildrenChildren{}
+ if ccValue := cv.Get("conditionType"); ccValue.Exists() {
+ cItem.ConditionType = types.StringValue(ccValue.String())
+ } else {
+ cItem.ConditionType = types.StringNull()
+ }
+ if ccValue := cv.Get("id"); ccValue.Exists() {
+ cItem.Id = types.StringValue(ccValue.String())
+ } else {
+ cItem.Id = types.StringNull()
+ }
+ if ccValue := cv.Get("isNegate"); ccValue.Exists() {
+ cItem.IsNegate = types.BoolValue(ccValue.Bool())
+ } else {
+ cItem.IsNegate = types.BoolNull()
+ }
+ if ccValue := cv.Get("attributeName"); ccValue.Exists() {
+ cItem.AttributeName = types.StringValue(ccValue.String())
+ } else {
+ cItem.AttributeName = types.StringNull()
+ }
+ if ccValue := cv.Get("attributeValue"); ccValue.Exists() {
+ cItem.AttributeValue = types.StringValue(ccValue.String())
+ } else {
+ cItem.AttributeValue = types.StringNull()
+ }
+ if ccValue := cv.Get("dictionaryName"); ccValue.Exists() {
+ cItem.DictionaryName = types.StringValue(ccValue.String())
+ } else {
+ cItem.DictionaryName = types.StringNull()
+ }
+ if ccValue := cv.Get("dictionaryValue"); ccValue.Exists() {
+ cItem.DictionaryValue = types.StringValue(ccValue.String())
+ } else {
+ cItem.DictionaryValue = types.StringNull()
+ }
+ if ccValue := cv.Get("operator"); ccValue.Exists() {
+ cItem.Operator = types.StringValue(ccValue.String())
+ } else {
+ cItem.Operator = types.StringNull()
+ }
+ item.Children = append(item.Children, cItem)
+ return true
+ })
+ }
+ data.Children = append(data.Children, item)
+ return true
+ })
+ }
+ if value := res.Get("response.identitySourceName"); value.Exists() {
+ data.IdentitySourceName = types.StringValue(value.String())
+ } else {
+ data.IdentitySourceName = types.StringNull()
+ }
+ if value := res.Get("response.ifAuthFail"); value.Exists() {
+ data.IfAuthFail = types.StringValue(value.String())
+ } else {
+ data.IfAuthFail = types.StringNull()
+ }
+ if value := res.Get("response.ifProcessFail"); value.Exists() {
+ data.IfProcessFail = types.StringValue(value.String())
+ } else {
+ data.IfProcessFail = types.StringNull()
+ }
+ if value := res.Get("response.ifUserNotFound"); value.Exists() {
+ data.IfUserNotFound = types.StringValue(value.String())
+ } else {
+ data.IfUserNotFound = types.StringNull()
+ }
+}
+
+//template:end fromBody
+
+//template:begin updateFromBody
+func (data *DeviceAdminAuthenticationRule) updateFromBody(ctx context.Context, res gjson.Result) {
+ if value := res.Get("response.rule.name"); value.Exists() && !data.Name.IsNull() {
+ data.Name = types.StringValue(value.String())
+ } else {
+ data.Name = types.StringNull()
+ }
+ if value := res.Get("response.rule.default"); value.Exists() && !data.Default.IsNull() {
+ data.Default = types.BoolValue(value.Bool())
+ } else {
+ data.Default = types.BoolNull()
+ }
+ if value := res.Get("response.rule.rank"); value.Exists() && !data.Rank.IsNull() {
+ data.Rank = types.Int64Value(value.Int())
+ } else {
+ data.Rank = types.Int64Null()
+ }
+ if value := res.Get("response.rule.state"); value.Exists() && !data.State.IsNull() {
+ data.State = types.StringValue(value.String())
+ } else {
+ data.State = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.conditionType"); value.Exists() && !data.ConditionType.IsNull() {
+ data.ConditionType = types.StringValue(value.String())
+ } else {
+ data.ConditionType = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.id"); value.Exists() && !data.ConditionId.IsNull() {
+ data.ConditionId = types.StringValue(value.String())
+ } else {
+ data.ConditionId = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.isNegate"); value.Exists() && !data.ConditionIsNegate.IsNull() {
+ data.ConditionIsNegate = types.BoolValue(value.Bool())
+ } else {
+ data.ConditionIsNegate = types.BoolNull()
+ }
+ if value := res.Get("response.rule.condition.attributeName"); value.Exists() && !data.ConditionAttributeName.IsNull() {
+ data.ConditionAttributeName = types.StringValue(value.String())
+ } else {
+ data.ConditionAttributeName = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.attributeValue"); value.Exists() && !data.ConditionAttributeValue.IsNull() {
+ data.ConditionAttributeValue = types.StringValue(value.String())
+ } else {
+ data.ConditionAttributeValue = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.dictionaryName"); value.Exists() && !data.ConditionDictionaryName.IsNull() {
+ data.ConditionDictionaryName = types.StringValue(value.String())
+ } else {
+ data.ConditionDictionaryName = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.dictionaryValue"); value.Exists() && !data.ConditionDictionaryValue.IsNull() {
+ data.ConditionDictionaryValue = types.StringValue(value.String())
+ } else {
+ data.ConditionDictionaryValue = types.StringNull()
+ }
+ if value := res.Get("response.rule.condition.operator"); value.Exists() && !data.ConditionOperator.IsNull() {
+ data.ConditionOperator = types.StringValue(value.String())
+ } else {
+ data.ConditionOperator = types.StringNull()
+ }
+ for i := range data.Children {
+ keys := [...]string{"conditionType", "id", "isNegate", "attributeName", "attributeValue", "dictionaryName", "dictionaryValue", "operator"}
+ keyValues := [...]string{data.Children[i].ConditionType.ValueString(), data.Children[i].Id.ValueString(), strconv.FormatBool(data.Children[i].IsNegate.ValueBool()), data.Children[i].AttributeName.ValueString(), data.Children[i].AttributeValue.ValueString(), data.Children[i].DictionaryName.ValueString(), data.Children[i].DictionaryValue.ValueString(), data.Children[i].Operator.ValueString()}
+
+ var r gjson.Result
+ res.Get("response.rule.condition.children").ForEach(
+ func(_, v gjson.Result) bool {
+ found := false
+ for ik := range keys {
+ if v.Get(keys[ik]).String() == keyValues[ik] {
+ found = true
+ continue
+ }
+ found = false
+ break
+ }
+ if found {
+ r = v
+ return false
+ }
+ return true
+ },
+ )
+ if value := r.Get("conditionType"); value.Exists() && !data.Children[i].ConditionType.IsNull() {
+ data.Children[i].ConditionType = types.StringValue(value.String())
+ } else {
+ data.Children[i].ConditionType = types.StringNull()
+ }
+ if value := r.Get("id"); value.Exists() && !data.Children[i].Id.IsNull() {
+ data.Children[i].Id = types.StringValue(value.String())
+ } else {
+ data.Children[i].Id = types.StringNull()
+ }
+ if value := r.Get("isNegate"); value.Exists() && !data.Children[i].IsNegate.IsNull() {
+ data.Children[i].IsNegate = types.BoolValue(value.Bool())
+ } else {
+ data.Children[i].IsNegate = types.BoolNull()
+ }
+ if value := r.Get("attributeName"); value.Exists() && !data.Children[i].AttributeName.IsNull() {
+ data.Children[i].AttributeName = types.StringValue(value.String())
+ } else {
+ data.Children[i].AttributeName = types.StringNull()
+ }
+ if value := r.Get("attributeValue"); value.Exists() && !data.Children[i].AttributeValue.IsNull() {
+ data.Children[i].AttributeValue = types.StringValue(value.String())
+ } else {
+ data.Children[i].AttributeValue = types.StringNull()
+ }
+ if value := r.Get("dictionaryName"); value.Exists() && !data.Children[i].DictionaryName.IsNull() {
+ data.Children[i].DictionaryName = types.StringValue(value.String())
+ } else {
+ data.Children[i].DictionaryName = types.StringNull()
+ }
+ if value := r.Get("dictionaryValue"); value.Exists() && !data.Children[i].DictionaryValue.IsNull() {
+ data.Children[i].DictionaryValue = types.StringValue(value.String())
+ } else {
+ data.Children[i].DictionaryValue = types.StringNull()
+ }
+ if value := r.Get("operator"); value.Exists() && !data.Children[i].Operator.IsNull() {
+ data.Children[i].Operator = types.StringValue(value.String())
+ } else {
+ data.Children[i].Operator = types.StringNull()
+ }
+ for ci := range data.Children[i].Children {
+ keys := [...]string{"conditionType", "id", "isNegate", "attributeName", "attributeValue", "dictionaryName", "dictionaryValue", "operator"}
+ keyValues := [...]string{data.Children[i].Children[ci].ConditionType.ValueString(), data.Children[i].Children[ci].Id.ValueString(), strconv.FormatBool(data.Children[i].Children[ci].IsNegate.ValueBool()), data.Children[i].Children[ci].AttributeName.ValueString(), data.Children[i].Children[ci].AttributeValue.ValueString(), data.Children[i].Children[ci].DictionaryName.ValueString(), data.Children[i].Children[ci].DictionaryValue.ValueString(), data.Children[i].Children[ci].Operator.ValueString()}
+
+ var cr gjson.Result
+ r.Get("children").ForEach(
+ func(_, v gjson.Result) bool {
+ found := false
+ for ik := range keys {
+ if v.Get(keys[ik]).String() == keyValues[ik] {
+ found = true
+ continue
+ }
+ found = false
+ break
+ }
+ if found {
+ cr = v
+ return false
+ }
+ return true
+ },
+ )
+ if value := cr.Get("conditionType"); value.Exists() && !data.Children[i].Children[ci].ConditionType.IsNull() {
+ data.Children[i].Children[ci].ConditionType = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].ConditionType = types.StringNull()
+ }
+ if value := cr.Get("id"); value.Exists() && !data.Children[i].Children[ci].Id.IsNull() {
+ data.Children[i].Children[ci].Id = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].Id = types.StringNull()
+ }
+ if value := cr.Get("isNegate"); value.Exists() && !data.Children[i].Children[ci].IsNegate.IsNull() {
+ data.Children[i].Children[ci].IsNegate = types.BoolValue(value.Bool())
+ } else {
+ data.Children[i].Children[ci].IsNegate = types.BoolNull()
+ }
+ if value := cr.Get("attributeName"); value.Exists() && !data.Children[i].Children[ci].AttributeName.IsNull() {
+ data.Children[i].Children[ci].AttributeName = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].AttributeName = types.StringNull()
+ }
+ if value := cr.Get("attributeValue"); value.Exists() && !data.Children[i].Children[ci].AttributeValue.IsNull() {
+ data.Children[i].Children[ci].AttributeValue = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].AttributeValue = types.StringNull()
+ }
+ if value := cr.Get("dictionaryName"); value.Exists() && !data.Children[i].Children[ci].DictionaryName.IsNull() {
+ data.Children[i].Children[ci].DictionaryName = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].DictionaryName = types.StringNull()
+ }
+ if value := cr.Get("dictionaryValue"); value.Exists() && !data.Children[i].Children[ci].DictionaryValue.IsNull() {
+ data.Children[i].Children[ci].DictionaryValue = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].DictionaryValue = types.StringNull()
+ }
+ if value := cr.Get("operator"); value.Exists() && !data.Children[i].Children[ci].Operator.IsNull() {
+ data.Children[i].Children[ci].Operator = types.StringValue(value.String())
+ } else {
+ data.Children[i].Children[ci].Operator = types.StringNull()
+ }
+ }
+ }
+ if value := res.Get("response.identitySourceName"); value.Exists() && !data.IdentitySourceName.IsNull() {
+ data.IdentitySourceName = types.StringValue(value.String())
+ } else {
+ data.IdentitySourceName = types.StringNull()
+ }
+ if value := res.Get("response.ifAuthFail"); value.Exists() && !data.IfAuthFail.IsNull() {
+ data.IfAuthFail = types.StringValue(value.String())
+ } else {
+ data.IfAuthFail = types.StringNull()
+ }
+ if value := res.Get("response.ifProcessFail"); value.Exists() && !data.IfProcessFail.IsNull() {
+ data.IfProcessFail = types.StringValue(value.String())
+ } else {
+ data.IfProcessFail = types.StringNull()
+ }
+ if value := res.Get("response.ifUserNotFound"); value.Exists() && !data.IfUserNotFound.IsNull() {
+ data.IfUserNotFound = types.StringValue(value.String())
+ } else {
+ data.IfUserNotFound = types.StringNull()
+ }
+}
+
+//template:end updateFromBody
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
index cf7761b..31c4222 100644
--- a/internal/provider/provider.go
+++ b/internal/provider/provider.go
@@ -245,6 +245,7 @@ func (p *IseProvider) Resources(ctx context.Context) []func() resource.Resource
NewAllowedProtocolsResource,
NewAuthorizationProfileResource,
NewCertificateAuthenticationProfileResource,
+ NewDeviceAdminAuthenticationRuleResource,
NewDeviceAdminConditionResource,
NewDeviceAdminPolicySetResource,
NewDeviceAdminTimeAndDateConditionResource,
@@ -277,6 +278,7 @@ func (p *IseProvider) DataSources(ctx context.Context) []func() datasource.DataS
NewAllowedProtocolsDataSource,
NewAuthorizationProfileDataSource,
NewCertificateAuthenticationProfileDataSource,
+ NewDeviceAdminAuthenticationRuleDataSource,
NewDeviceAdminConditionDataSource,
NewDeviceAdminPolicySetDataSource,
NewDeviceAdminTimeAndDateConditionDataSource,
diff --git a/internal/provider/resource_ise_device_admin_authentication_rule.go b/internal/provider/resource_ise_device_admin_authentication_rule.go
new file mode 100644
index 0000000..806a078
--- /dev/null
+++ b/internal/provider/resource_ise_device_admin_authentication_rule.go
@@ -0,0 +1,396 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by "gen/generator.go"; DO NOT EDIT.
+
+package provider
+
+//template:begin imports
+import (
+ "context"
+ "fmt"
+ "strings"
+
+ "github.com/CiscoDevNet/terraform-provider-ise/internal/provider/helpers"
+ "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+ "github.com/hashicorp/terraform-plugin-framework/path"
+ "github.com/hashicorp/terraform-plugin-framework/resource"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+ "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+ "github.com/hashicorp/terraform-plugin-framework/schema/validator"
+ "github.com/hashicorp/terraform-plugin-framework/types"
+ "github.com/hashicorp/terraform-plugin-log/tflog"
+ "github.com/netascode/go-ise"
+)
+
+//template:end imports
+
+//template:begin model
+
+// Ensure provider defined types fully satisfy framework interfaces
+var _ resource.Resource = &DeviceAdminAuthenticationRuleResource{}
+var _ resource.ResourceWithImportState = &DeviceAdminAuthenticationRuleResource{}
+
+func NewDeviceAdminAuthenticationRuleResource() resource.Resource {
+ return &DeviceAdminAuthenticationRuleResource{}
+}
+
+type DeviceAdminAuthenticationRuleResource struct {
+ client *ise.Client
+}
+
+func (r *DeviceAdminAuthenticationRuleResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+ resp.TypeName = req.ProviderTypeName + "_device_admin_authentication_rule"
+}
+
+func (r *DeviceAdminAuthenticationRuleResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+ resp.Schema = schema.Schema{
+ // This description is used by the documentation generator and the language server.
+ MarkdownDescription: helpers.NewAttributeDescription("This resource can manage a Device Admin Authentication Rule.").String,
+
+ Attributes: map[string]schema.Attribute{
+ "id": schema.StringAttribute{
+ MarkdownDescription: "The id of the object",
+ Computed: true,
+ PlanModifiers: []planmodifier.String{
+ stringplanmodifier.UseStateForUnknown(),
+ },
+ },
+ "policy_set_id": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Policy set ID").String,
+ Required: true,
+ PlanModifiers: []planmodifier.String{
+ stringplanmodifier.RequiresReplace(),
+ },
+ },
+ "name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]").String,
+ Required: true,
+ },
+ "default": schema.BoolAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates if this rule is the default one").String,
+ Optional: true,
+ },
+ "rank": schema.Int64Attribute{
+ MarkdownDescription: helpers.NewAttributeDescription("The rank (priority) in relation to other rules. Lower rank is higher priority.").String,
+ Optional: true,
+ },
+ "state": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("The state that the rule is in. A disabled rule cannot be matched.").AddStringEnumDescription("disabled", "enabled", "monitor").String,
+ Optional: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("disabled", "enabled", "monitor"),
+ },
+ },
+ "condition_type": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.").AddStringEnumDescription("ConditionAndBlock", "ConditionAttributes", "ConditionOrBlock", "ConditionReference").String,
+ Optional: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("ConditionAndBlock", "ConditionAttributes", "ConditionOrBlock", "ConditionReference"),
+ },
+ },
+ "condition_id": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("UUID for condition").String,
+ Optional: true,
+ },
+ "condition_is_negate": schema.BoolAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates whereas this condition is in negate mode").String,
+ Optional: true,
+ },
+ "condition_attribute_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary attribute name").String,
+ Optional: true,
+ },
+ "condition_attribute_value": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Attribute value for condition. Value type is specified in dictionary object.").String,
+ Optional: true,
+ },
+ "condition_dictionary_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary name").String,
+ Optional: true,
+ },
+ "condition_dictionary_value": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary value").String,
+ Optional: true,
+ },
+ "condition_operator": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Equality operator").AddStringEnumDescription("contains", "endsWith", "equals", "greaterOrEquals", "greaterThan", "in", "ipEquals", "ipGreaterThan", "ipLessThan", "ipNotEquals", "lessOrEquals", "lessThan", "matches", "notContains", "notEndsWith", "notEquals", "notIn", "notStartsWith", "startsWith").String,
+ Optional: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("contains", "endsWith", "equals", "greaterOrEquals", "greaterThan", "in", "ipEquals", "ipGreaterThan", "ipLessThan", "ipNotEquals", "lessOrEquals", "lessThan", "matches", "notContains", "notEndsWith", "notEquals", "notIn", "notStartsWith", "startsWith"),
+ },
+ },
+ "children": schema.ListNestedAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`.").String,
+ Optional: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "condition_type": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.").AddStringEnumDescription("ConditionAndBlock", "ConditionAttributes", "ConditionOrBlock", "ConditionReference").String,
+ Required: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("ConditionAndBlock", "ConditionAttributes", "ConditionOrBlock", "ConditionReference"),
+ },
+ },
+ "id": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("UUID for condition").String,
+ Optional: true,
+ },
+ "is_negate": schema.BoolAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates whereas this condition is in negate mode").String,
+ Optional: true,
+ },
+ "attribute_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary attribute name").String,
+ Optional: true,
+ },
+ "attribute_value": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Attribute value for condition. Value type is specified in dictionary object.").String,
+ Optional: true,
+ },
+ "dictionary_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary name").String,
+ Optional: true,
+ },
+ "dictionary_value": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary value").String,
+ Optional: true,
+ },
+ "operator": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Equality operator").AddStringEnumDescription("contains", "endsWith", "equals", "greaterOrEquals", "greaterThan", "in", "ipEquals", "ipGreaterThan", "ipLessThan", "ipNotEquals", "lessOrEquals", "lessThan", "matches", "notContains", "notEndsWith", "notEquals", "notIn", "notStartsWith", "startsWith").String,
+ Optional: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("contains", "endsWith", "equals", "greaterOrEquals", "greaterThan", "in", "ipEquals", "ipGreaterThan", "ipLessThan", "ipNotEquals", "lessOrEquals", "lessThan", "matches", "notContains", "notEndsWith", "notEquals", "notIn", "notStartsWith", "startsWith"),
+ },
+ },
+ "children": schema.ListNestedAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`.").String,
+ Optional: true,
+ NestedObject: schema.NestedAttributeObject{
+ Attributes: map[string]schema.Attribute{
+ "condition_type": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.").AddStringEnumDescription("ConditionAndBlock", "ConditionAttributes", "ConditionOrBlock", "ConditionReference").String,
+ Required: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("ConditionAndBlock", "ConditionAttributes", "ConditionOrBlock", "ConditionReference"),
+ },
+ },
+ "id": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("UUID for condition").String,
+ Optional: true,
+ },
+ "is_negate": schema.BoolAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Indicates whereas this condition is in negate mode").String,
+ Optional: true,
+ },
+ "attribute_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary attribute name").String,
+ Optional: true,
+ },
+ "attribute_value": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Attribute value for condition. Value type is specified in dictionary object.").String,
+ Optional: true,
+ },
+ "dictionary_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary name").String,
+ Optional: true,
+ },
+ "dictionary_value": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Dictionary value").String,
+ Optional: true,
+ },
+ "operator": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Equality operator").AddStringEnumDescription("contains", "endsWith", "equals", "greaterOrEquals", "greaterThan", "in", "ipEquals", "ipGreaterThan", "ipLessThan", "ipNotEquals", "lessOrEquals", "lessThan", "matches", "notContains", "notEndsWith", "notEquals", "notIn", "notStartsWith", "startsWith").String,
+ Optional: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("contains", "endsWith", "equals", "greaterOrEquals", "greaterThan", "in", "ipEquals", "ipGreaterThan", "ipLessThan", "ipNotEquals", "lessOrEquals", "lessThan", "matches", "notContains", "notEndsWith", "notEquals", "notIn", "notStartsWith", "startsWith"),
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "identity_source_name": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Identity source name from the identity stores").String,
+ Optional: true,
+ },
+ "if_auth_fail": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Action to perform when authentication fails such as Bad credentials, disabled user and so on").AddStringEnumDescription("REJECT", "DROP", "CONTINUE").String,
+ Required: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("REJECT", "DROP", "CONTINUE"),
+ },
+ },
+ "if_process_fail": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Action to perform when ISE is unable to access the identity database").AddStringEnumDescription("REJECT", "DROP", "CONTINUE").String,
+ Required: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("REJECT", "DROP", "CONTINUE"),
+ },
+ },
+ "if_user_not_found": schema.StringAttribute{
+ MarkdownDescription: helpers.NewAttributeDescription("Action to perform when user is not found in any of identity stores").AddStringEnumDescription("REJECT", "DROP", "CONTINUE").String,
+ Required: true,
+ Validators: []validator.String{
+ stringvalidator.OneOf("REJECT", "DROP", "CONTINUE"),
+ },
+ },
+ },
+ }
+}
+
+func (r *DeviceAdminAuthenticationRuleResource) Configure(_ context.Context, req resource.ConfigureRequest, _ *resource.ConfigureResponse) {
+ if req.ProviderData == nil {
+ return
+ }
+
+ r.client = req.ProviderData.(*IseProviderData).Client
+}
+
+//template:end model
+
+//template:begin create
+func (r *DeviceAdminAuthenticationRuleResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+ var plan DeviceAdminAuthenticationRule
+
+ // Read plan
+ diags := req.Plan.Get(ctx, &plan)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Create", plan.Id.ValueString()))
+
+ // Create object
+ body := plan.toBody(ctx, DeviceAdminAuthenticationRule{})
+ res, _, err := r.client.Post(plan.getPath(), body)
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (POST), got error: %s, %s", err, res.String()))
+ return
+ }
+ plan.Id = types.StringValue(res.Get("response.rule.id").String())
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Create finished successfully", plan.Id.ValueString()))
+
+ diags = resp.State.Set(ctx, &plan)
+ resp.Diagnostics.Append(diags...)
+}
+
+//template:end create
+
+//template:begin read
+func (r *DeviceAdminAuthenticationRuleResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+ var state DeviceAdminAuthenticationRule
+
+ // Read state
+ diags := req.State.Get(ctx, &state)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", state.Id.String()))
+
+ res, err := r.client.Get(state.getPath() + "/" + state.Id.ValueString())
+ if err != nil && strings.Contains(err.Error(), "StatusCode 404") {
+ resp.State.RemoveResource(ctx)
+ return
+ } else if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String()))
+ return
+ }
+
+ state.updateFromBody(ctx, res)
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", state.Id.ValueString()))
+
+ diags = resp.State.Set(ctx, &state)
+ resp.Diagnostics.Append(diags...)
+}
+
+//template:end read
+
+//template:begin update
+func (r *DeviceAdminAuthenticationRuleResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+ var plan, state DeviceAdminAuthenticationRule
+
+ // Read plan
+ diags := req.Plan.Get(ctx, &plan)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+ // Read state
+ diags = req.State.Get(ctx, &state)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Update", plan.Id.ValueString()))
+
+ body := plan.toBody(ctx, state)
+
+ res, err := r.client.Put(plan.getPath()+"/"+plan.Id.ValueString(), body)
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String()))
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Update finished successfully", plan.Id.ValueString()))
+
+ diags = resp.State.Set(ctx, &plan)
+ resp.Diagnostics.Append(diags...)
+}
+
+//template:end update
+
+//template:begin delete
+func (r *DeviceAdminAuthenticationRuleResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+ var state DeviceAdminAuthenticationRule
+
+ // Read state
+ diags := req.State.Get(ctx, &state)
+ resp.Diagnostics.Append(diags...)
+ if resp.Diagnostics.HasError() {
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Delete", state.Id.ValueString()))
+ res, err := r.client.Delete(state.getPath() + "/" + state.Id.ValueString())
+ if err != nil {
+ resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to delete object (DELETE), got error: %s, %s", err, res.String()))
+ return
+ }
+
+ tflog.Debug(ctx, fmt.Sprintf("%s: Delete finished successfully", state.Id.ValueString()))
+
+ resp.State.RemoveResource(ctx)
+}
+
+//template:end delete
+
+//template:begin import
+func (r *DeviceAdminAuthenticationRuleResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+ resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp)
+}
+
+//template:end import
diff --git a/internal/provider/resource_ise_device_admin_authentication_rule_test.go b/internal/provider/resource_ise_device_admin_authentication_rule_test.go
new file mode 100644
index 0000000..4b2469d
--- /dev/null
+++ b/internal/provider/resource_ise_device_admin_authentication_rule_test.go
@@ -0,0 +1,133 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+// Code generated by "gen/generator.go"; DO NOT EDIT.
+
+package provider
+
+//template:begin imports
+import (
+ "os"
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+//template:end imports
+
+//template:begin testAcc
+func TestAccIseDeviceAdminAuthenticationRule(t *testing.T) {
+ var checks []resource.TestCheckFunc
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "name", "Rule1"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "default", "false"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "rank", "0"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "state", "enabled"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "condition_type", "ConditionAttributes"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "condition_is_negate", "false"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "condition_attribute_name", "Location"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "condition_attribute_value", "All Locations"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "condition_dictionary_name", "DEVICE"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "condition_operator", "equals"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "identity_source_name", "Internal Endpoints"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "if_auth_fail", "REJECT"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "if_process_fail", "DROP"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authentication_rule.test", "if_user_not_found", "REJECT"))
+
+ var steps []resource.TestStep
+ if os.Getenv("SKIP_MINIMUM_TEST") == "" {
+ steps = append(steps, resource.TestStep{
+ Config: testAccIseDeviceAdminAuthenticationRulePrerequisitesConfig + testAccIseDeviceAdminAuthenticationRuleConfig_minimum(),
+ })
+ }
+ steps = append(steps, resource.TestStep{
+ Config: testAccIseDeviceAdminAuthenticationRulePrerequisitesConfig + testAccIseDeviceAdminAuthenticationRuleConfig_all(),
+ Check: resource.ComposeTestCheckFunc(checks...),
+ })
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+ Steps: steps,
+ })
+}
+
+//template:end testAcc
+
+//template:begin testPrerequisites
+const testAccIseDeviceAdminAuthenticationRulePrerequisitesConfig = `
+resource "ise_device_admin_policy_set" "test" {
+ name = "PolicySet1"
+ service_name = "Default Device Admin"
+ condition_type = "ConditionAttributes"
+ condition_is_negate = false
+ condition_attribute_name = "Location"
+ condition_attribute_value = "All Locations"
+ condition_dictionary_name = "DEVICE"
+ condition_operator = "equals"
+}
+resource "ise_device_admin_condition" "test" {
+ name = "Cond1"
+ condition_type = "LibraryConditionAttributes"
+ attribute_name = "User"
+ attribute_value = "User1"
+ dictionary_name = "TACACS"
+ operator = "equals"
+}
+
+`
+
+//template:end testPrerequisites
+
+//template:begin testAccConfigMinimal
+func testAccIseDeviceAdminAuthenticationRuleConfig_minimum() string {
+ config := `resource "ise_device_admin_authentication_rule" "test" {` + "\n"
+ config += ` policy_set_id = ise_device_admin_policy_set.test.id` + "\n"
+ config += ` name = "Rule1"` + "\n"
+ config += ` condition_type = "ConditionReference"` + "\n"
+ config += ` condition_id = ise_device_admin_condition.test.id` + "\n"
+ config += ` if_auth_fail = "REJECT"` + "\n"
+ config += ` if_process_fail = "DROP"` + "\n"
+ config += ` if_user_not_found = "REJECT"` + "\n"
+ config += `}` + "\n"
+ return config
+}
+
+//template:end testAccConfigMinimal
+
+//template:begin testAccConfigAll
+func testAccIseDeviceAdminAuthenticationRuleConfig_all() string {
+ config := `resource "ise_device_admin_authentication_rule" "test" {` + "\n"
+ config += ` policy_set_id = ise_device_admin_policy_set.test.id` + "\n"
+ config += ` name = "Rule1"` + "\n"
+ config += ` default = false` + "\n"
+ config += ` rank = 0` + "\n"
+ config += ` state = "enabled"` + "\n"
+ config += ` condition_type = "ConditionAttributes"` + "\n"
+ config += ` condition_is_negate = false` + "\n"
+ config += ` condition_attribute_name = "Location"` + "\n"
+ config += ` condition_attribute_value = "All Locations"` + "\n"
+ config += ` condition_dictionary_name = "DEVICE"` + "\n"
+ config += ` condition_operator = "equals"` + "\n"
+ config += ` identity_source_name = "Internal Endpoints"` + "\n"
+ config += ` if_auth_fail = "REJECT"` + "\n"
+ config += ` if_process_fail = "DROP"` + "\n"
+ config += ` if_user_not_found = "REJECT"` + "\n"
+ config += `}` + "\n"
+ return config
+}
+
+//template:end testAccConfigAll
diff --git a/internal/provider/resource_ise_device_admin_policy_set_test.go b/internal/provider/resource_ise_device_admin_policy_set_test.go
index 308f327..c2b5276 100644
--- a/internal/provider/resource_ise_device_admin_policy_set_test.go
+++ b/internal/provider/resource_ise_device_admin_policy_set_test.go
@@ -36,7 +36,7 @@ func TestAccIseDeviceAdminPolicySet(t *testing.T) {
checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_policy_set.test", "description", "My description"))
checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_policy_set.test", "is_proxy", "false"))
checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_policy_set.test", "rank", "0"))
- checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_policy_set.test", "service_name", "Default Network Access"))
+ checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_policy_set.test", "service_name", "Default Device Admin"))
checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_policy_set.test", "state", "enabled"))
checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_policy_set.test", "condition_type", "ConditionAttributes"))
checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_policy_set.test", "condition_is_negate", "false"))
@@ -88,7 +88,7 @@ resource "ise_device_admin_condition" "test" {
func testAccIseDeviceAdminPolicySetConfig_minimum() string {
config := `resource "ise_device_admin_policy_set" "test" {` + "\n"
config += ` name = "PolicySet1"` + "\n"
- config += ` service_name = "Default Network Access"` + "\n"
+ config += ` service_name = "Default Device Admin"` + "\n"
config += ` condition_type = "ConditionReference"` + "\n"
config += ` condition_id = ise_device_admin_condition.test.id` + "\n"
config += `}` + "\n"
@@ -104,7 +104,7 @@ func testAccIseDeviceAdminPolicySetConfig_all() string {
config += ` description = "My description"` + "\n"
config += ` is_proxy = false` + "\n"
config += ` rank = 0` + "\n"
- config += ` service_name = "Default Network Access"` + "\n"
+ config += ` service_name = "Default Device Admin"` + "\n"
config += ` state = "enabled"` + "\n"
config += ` condition_type = "ConditionAttributes"` + "\n"
config += ` condition_is_negate = false` + "\n"
diff --git a/templates/guides/changelog.md.tmpl b/templates/guides/changelog.md.tmpl
index 510f58f..f68ee80 100644
--- a/templates/guides/changelog.md.tmpl
+++ b/templates/guides/changelog.md.tmpl
@@ -15,6 +15,7 @@ description: |-
- Add `ise_device_admin_condition` resource and data source
- Add `ise_device_admin_policy_set` resource and data source
- Add `ise_device_admin_time_and_date_condition` resource and data source
+- Add `ise_device_admin_authentication_rule` resource and data source
## 0.1.5