CiscoDevNet · danischm · Oct 19, 2024 · Oct 16, 2024 · Oct 16, 2024 · Oct 16, 2024
diff --git a/docs/guides/authentication_rules.md b/docs/guides/authentication_rules.md
@@ -0,0 +1,92 @@
+---
+subcategory: "Guides"
+page_title: "Authentication Rules"
+description: |-
+    Authentication Rules
+---
+
+# Authentication Rules
+
+This example demonstrates how the provider can be used to configure a network access authentication rules. The full example can be found here: [https://github.com/CiscoDevNet/terraform-provider-ise/tree/main/examples/basic/authentication_rules](https://github.com/CiscoDevNet/terraform-provider-ise/tree/main/examples/basic/authentication_rules)
+
+First of all we need to add the necessary provider configuration to the Terraform configuration file:
+
+```hcl
+terraform {
+  required_providers {
+    ise = {
+      source = "CiscoDevNet/ise"
+    }
+  }
+}
+
+provider "ise" {
+  username = "admin"
+  password = "password"
+  url      = "https://10.1.1.1"
+}
+```
+
+Next we add the configuration for a network access policy set, under which we will later configure authentication rules.
+
+```hcl
+resource "ise_network_access_policy_set" "policy_set_1" {
+  name                      = "PolicySet1"
+  description               = "My first policy set"
+  rank                      = 0
+  service_name              = "Default Network Access"
+  condition_type            = "ConditionAttributes"
+  condition_attribute_name  = "Location"
+  condition_attribute_value = "All Locations"
+  condition_dictionary_name = "DEVICE"
+  condition_operator        = "equals"
+}
+```
+
+Next we add the configuration for the authentication rules. We make use of `network_access_authentication_rule` and `network_access_authentication_rule_update_rank` resources. The first resource manages all fields except for the rank, while the second resource specifically updates the rank field. This is a workaround for the ISE API/Backend limitation that enforces strictly incremental rank assignments. By using both resources, you can bypass this limitation. The network_access_authentication_rule_update_rank resource performs a PUT operation to update the rank and only tracks that field. When destroyed, it is simply removed from the state without affecting the ISE configuration. This ensures the correct sequence of resource configuration.
+
+```hcl
+locals {
+  rules = [
+    { name = "rule_0" },
+    { name = "rule_1" },
+    { name = "rule_2" },
+    { name = "rule_3" },
+    { name = "rule_4" },
+    { name = "rule_5" }
+  ]
+}
+
+locals {
+  rules_with_ranks = [
+    for idx, rule in local.rules : merge(rule, {
+      rank = idx
+    })
+  ]
+}
+
+resource "ise_network_access_authentication_rule" "auth_rule" {
+  for_each                  = { for rule in local.rules_with_ranks : rule.name => rule }
+  policy_set_id             = ise_network_access_policy_set.policy_set_1.id
+  name                      = each.value.name
+  default                   = false
+  state                     = "enabled"
+  condition_type            = "ConditionAttributes"
+  condition_is_negate       = false
+  condition_attribute_name  = "Location"
+  condition_attribute_value = "All Locations"
+  condition_dictionary_name = "DEVICE"
+  condition_operator        = "equals"
+  identity_source_name      = "Internal Endpoints"
+  if_auth_fail              = "REJECT"
+  if_process_fail           = "DROP"
+  if_user_not_found         = "REJECT"
+}
+
+resource "ise_network_access_authentication_rule_update_rank" "example_with_rank" {
+  for_each      = { for rule in local.rules_with_ranks : rule.name => rule }
+  policy_set_id = ise_network_access_policy_set.policy_set_1.id
+  rule_id       = ise_network_access_authentication_rule.auth_rule[each.value.name].id
+  rank          = each.value.rank
+}
+```
diff --git a/docs/index.md b/docs/index.md
@@ -24,6 +24,7 @@ All resources and data sources have been tested with the following releases.
 The following guides with examples exist to demonstrate the use of the provider:
 
 - [Getting Started](https://registry.terraform.io/providers/CiscoDevNet/ise/latest/docs/guides/getting_started)
+- [Authentication Rules](https://registry.terraform.io/providers/CiscoDevNet/ise/latest/docs/guides/authentication_rules)
 
 ## Example Usage
 

diff --git a/docs/resources/device_admin_authentication_rule_update_rank.md b/docs/resources/device_admin_authentication_rule_update_rank.md
@@ -0,0 +1,34 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_device_admin_authentication_rule_update_rank Resource - terraform-provider-ise"
+subcategory: "Device Administration"
+description: |-
+  This resource is used to update rank field in device admin authentication rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authentication_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+---
+
+# ise_device_admin_authentication_rule_update_rank (Resource)
+
+This resource is used to update rank field in device admin authentication rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authentication_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+
+## Example Usage
+
+```terraform
+resource "ise_device_admin_authentication_rule_update_rank" "example" {
+  rule_id       = "9b3680da-0165-44f6-9cff-88e778d98020"
+  policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  rank          = 0
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `policy_set_id` (String) Policy set ID
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `rule_id` (String) Authentication rule ID
+
+### Read-Only
+
+- `id` (String) The id of the object
diff --git a/docs/resources/device_admin_authorization_exception_rule_update_rank.md b/docs/resources/device_admin_authorization_exception_rule_update_rank.md
@@ -0,0 +1,34 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_device_admin_authorization_exception_rule_update_rank Resource - terraform-provider-ise"
+subcategory: "Device Administration"
+description: |-
+  This resource is used to update rank field in device admin Authorization exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authorization_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+---
+
+# ise_device_admin_authorization_exception_rule_update_rank (Resource)
+
+This resource is used to update rank field in device admin Authorization exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authorization_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+
+## Example Usage
+
+```terraform
+resource "ise_device_admin_authorization_exception_rule_update_rank" "example" {
+  rule_id       = "9b3680da-0165-44f6-9cff-88e778d98020"
+  policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  rank          = 0
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `policy_set_id` (String) Policy set ID
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `rule_id` (String) Authorization exception rule ID
+
+### Read-Only
+
+- `id` (String) The id of the object
diff --git a/docs/resources/device_admin_authorization_global_exception_rule_update_rank.md b/docs/resources/device_admin_authorization_global_exception_rule_update_rank.md
@@ -0,0 +1,32 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_device_admin_authorization_global_exception_rule_update_rank Resource - terraform-provider-ise"
+subcategory: "Device Administration"
+description: |-
+  This resource is used to update rank field in device admin authorization global exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authorization_global_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+---
+
+# ise_device_admin_authorization_global_exception_rule_update_rank (Resource)
+
+This resource is used to update rank field in device admin authorization global exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authorization_global_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+
+## Example Usage
+
+```terraform
+resource "ise_device_admin_authorization_global_exception_rule_update_rank" "example" {
+  rule_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  rank    = 0
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `rule_id` (String) Authorization global exception rule ID
+
+### Read-Only
+
+- `id` (String) The id of the object
diff --git a/docs/resources/device_admin_authorization_rule_update_rank.md b/docs/resources/device_admin_authorization_rule_update_rank.md
@@ -0,0 +1,34 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_device_admin_authorization_rule_update_rank Resource - terraform-provider-ise"
+subcategory: "Device Administration"
+description: |-
+  This resource is used to update rank field in device admin authorization rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authorization_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+---
+
+# ise_device_admin_authorization_rule_update_rank (Resource)
+
+This resource is used to update rank field in device admin authorization rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_authorization_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+
+## Example Usage
+
+```terraform
+resource "ise_device_admin_authorization_rule_update_rank" "example" {
+  rule_id       = "9b3680da-0165-44f6-9cff-88e778d98020"
+  policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  rank          = 0
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `policy_set_id` (String) Policy set ID
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `rule_id` (String) Authorization rule ID
+
+### Read-Only
+
+- `id` (String) The id of the object
diff --git a/docs/resources/device_admin_policy_set_update_rank.md b/docs/resources/device_admin_policy_set_update_rank.md
@@ -0,0 +1,32 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_device_admin_policy_set_update_rank Resource - terraform-provider-ise"
+subcategory: "Device Administration"
+description: |-
+  This resource is used to update rank field in device admin policy set. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_policy_set resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+---
+
+# ise_device_admin_policy_set_update_rank (Resource)
+
+This resource is used to update rank field in device admin policy set. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and device_admin_policy_set resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+
+## Example Usage
+
+```terraform
+resource "ise_device_admin_policy_set_update_rank" "example" {
+  policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  rank          = 0
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `policy_set_id` (String) Policy set ID
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+
+### Read-Only
+
+- `id` (String) The id of the object
diff --git a/docs/resources/network_access_authentication_rule_update_rank.md b/docs/resources/network_access_authentication_rule_update_rank.md
@@ -14,7 +14,7 @@ This resource is used to update rank field in network access authentication rule
 
 ```terraform
 resource "ise_network_access_authentication_rule_update_rank" "example" {
-  auth_rule_id  = "9b3680da-0165-44f6-9cff-88e778d98020"
+  rule_id       = "9b3680da-0165-44f6-9cff-88e778d98020"
   policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
   rank          = 0
 }
@@ -25,9 +25,9 @@ resource "ise_network_access_authentication_rule_update_rank" "example" {
 
 ### Required
 
-- `auth_rule_id` (String) Authentication rule ID
 - `policy_set_id` (String) Policy set ID
 - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `rule_id` (String) Authentication rule ID
 
 ### Read-Only
 

diff --git a/docs/resources/network_access_authorization_exception_rule_update_rank.md b/docs/resources/network_access_authorization_exception_rule_update_rank.md
@@ -0,0 +1,34 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_network_access_authorization_exception_rule_update_rank Resource - terraform-provider-ise"
+subcategory: "Network Access"
+description: |-
+  This resource is used to update rank field in network access authorization exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authorization_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+---
+
+# ise_network_access_authorization_exception_rule_update_rank (Resource)
+
+This resource is used to update rank field in network access authorization exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authorization_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+
+## Example Usage
+
+```terraform
+resource "ise_network_access_authorization_exception_rule_update_rank" "example" {
+  rule_id       = "9b3680da-0165-44f6-9cff-88e778d98020"
+  policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  rank          = 0
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `policy_set_id` (String) Policy set ID
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `rule_id` (String) Authorization exception rule ID
+
+### Read-Only
+
+- `id` (String) The id of the object
diff --git a/docs/resources/network_access_authorization_global_exception_rule_update_rank.md b/docs/resources/network_access_authorization_global_exception_rule_update_rank.md
@@ -0,0 +1,32 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_network_access_authorization_global_exception_rule_update_rank Resource - terraform-provider-ise"
+subcategory: "Network Access"
+description: |-
+  This resource is used to update rank field in network access authorization global exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authorization_global_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+---
+
+# ise_network_access_authorization_global_exception_rule_update_rank (Resource)
+
+This resource is used to update rank field in network access authorization global exception rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authorization_global_exception_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+
+## Example Usage
+
+```terraform
+resource "ise_network_access_authorization_global_exception_rule_update_rank" "example" {
+  rule_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  rank    = 0
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `rule_id` (String) Authorization global exception rule ID
+
+### Read-Only
+
+- `id` (String) The id of the object
diff --git a/docs/resources/network_access_authorization_rule_update_rank.md b/docs/resources/network_access_authorization_rule_update_rank.md
@@ -0,0 +1,34 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_network_access_authorization_rule_update_rank Resource - terraform-provider-ise"
+subcategory: "Network Access"
+description: |-
+  This resource is used to update rank field in network access authorization rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authorization_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+---
+
+# ise_network_access_authorization_rule_update_rank (Resource)
+
+This resource is used to update rank field in network access authorization rule. It serves as a workaround for the ISE API/Backend limitation which restricts rank assignments to a strictly incremental sequence. By utilizing this resource and network_access_authorization_rule resource, you can bypass the APIs limitation. Creation of this resource is performing PUT operation (Update) and it only tracks rank field. When this resource is destroyed, no action is performed on ISE and resource is just removed from state.
+
+## Example Usage
+
+```terraform
+resource "ise_network_access_authorization_rule_update_rank" "example" {
+  rule_id       = "9b3680da-0165-44f6-9cff-88e778d98020"
+  policy_set_id = "d82952cb-b901-4b09-b363-5ebf39bdbaf9"
+  rank          = 0
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `policy_set_id` (String) Policy set ID
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `rule_id` (String) Authorization rule ID
+
+### Read-Only
+
+- `id` (String) The id of the object