diff --git a/.gitignore b/.gitignore index fd3ad8e..74459a8 100644 --- a/.gitignore +++ b/.gitignore @@ -33,3 +33,5 @@ website/vendor # Keep windows files with windows line endings *.winfile eol=crlf + +.envrc \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a6a332..5426cb8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.2.5 (unreleased) + +- Remove default_value from `systemDefined` attribute in `ise_endpoint_identity_group` +- Remove `default` from `ise_device_admin_authorization_global_exception_rule` and `ise_network_access_authorization_global_exception_rule` +- Remove default_value from `isReadOnly` and `readOnly` attributes in `ise_trustsec_security_group` and `ise_trustsec_security_group_acl` +- Add `ise_sxp_domain_filter` resource and data_source + ## 0.2.4 - Fix managing `Default` network access and device administration resources diff --git a/docs/data-sources/device_admin_authorization_global_exception_rule.md b/docs/data-sources/device_admin_authorization_global_exception_rule.md index d5f86ef..2e73748 100644 --- a/docs/data-sources/device_admin_authorization_global_exception_rule.md +++ b/docs/data-sources/device_admin_authorization_global_exception_rule.md @@ -38,7 +38,6 @@ data "ise_device_admin_authorization_global_exception_rule" "example" { - `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode - `condition_operator` (String) Equality operator - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. -- `default` (Boolean) Indicates if this rule is the default one - `profile` (String) Device admin profiles control the initial login session of the device administrator - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority. - `state` (String) The state that the rule is in. A disabled rule cannot be matched. diff --git a/docs/data-sources/network_access_authorization_global_exception_rule.md b/docs/data-sources/network_access_authorization_global_exception_rule.md index 61ffbf9..9f7b03f 100644 --- a/docs/data-sources/network_access_authorization_global_exception_rule.md +++ b/docs/data-sources/network_access_authorization_global_exception_rule.md @@ -37,7 +37,6 @@ data "ise_network_access_authorization_global_exception_rule" "example" { - `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode - `condition_operator` (String) Equality operator - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. -- `default` (Boolean) Indicates if this rule is the default one - `profiles` (Set of String) The authorization profile(s) - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority. - `security_group` (String) Security group used in authorization policies diff --git a/docs/data-sources/sxp_domain_filter.md b/docs/data-sources/sxp_domain_filter.md new file mode 100644 index 0000000..b602530 --- /dev/null +++ b/docs/data-sources/sxp_domain_filter.md @@ -0,0 +1,35 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "ise_sxp_domain_filter Data Source - terraform-provider-ise" +subcategory: "TrustSec" +description: |- + This data source can read the SXP Domain Filter. +--- + +# ise_sxp_domain_filter (Data Source) + +This data source can read the SXP Domain Filter. + +## Example Usage + +```terraform +data "ise_sxp_domain_filter" "example" { + id = "76d24097-41c4-4558-a4d0-a8c07ac08470" +} +``` + + +## Schema + +### Optional + +- `id` (String) The id of the object +- `name` (String) Resource name + +### Read-Only + +- `description` (String) Description +- `domains` (String) List of SXP Domains, separated with comma +- `sgt` (String) SGT name or ID. At least one of subnet or sgt or vn should be defined +- `subnet` (String) Subnet for filter policy (hostname is not supported). At least one of subnet or sgt or vn should be defined +- `vn` (String) Virtual Network. At least one of subnet or sgt or vn should be defined diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md index 62f4111..d32be8c 100644 --- a/docs/guides/changelog.md +++ b/docs/guides/changelog.md @@ -7,6 +7,13 @@ description: |- # Changelog +## 0.2.5 (unreleased) + +- Remove default_value from `systemDefined` attribute in `ise_endpoint_identity_group` +- Remove `default` from `ise_device_admin_authorization_global_exception_rule` and `ise_network_access_authorization_global_exception_rule` +- Remove default_value from `isReadOnly` and `readOnly` attributes in `ise_trustsec_security_group` and `ise_trustsec_security_group_acl` +- Add `ise_sxp_domain_filter` resource and data_source + ## 0.2.4 - Fix managing `Default` network access and device administration resources diff --git a/docs/resources/device_admin_authorization_global_exception_rule.md b/docs/resources/device_admin_authorization_global_exception_rule.md index 6a30f2b..c260dfa 100644 --- a/docs/resources/device_admin_authorization_global_exception_rule.md +++ b/docs/resources/device_admin_authorization_global_exception_rule.md @@ -15,7 +15,6 @@ This resource can manage a Device Admin Authorization Global Exception Rule. ```terraform resource "ise_device_admin_authorization_global_exception_rule" "example" { name = "Rule1" - default = false rank = 0 state = "enabled" condition_type = "ConditionAttributes" @@ -50,7 +49,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "example" { - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith` - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference` -- `default` (Boolean) Indicates if this rule is the default one - `profile` (String) Device admin profiles control the initial login session of the device administrator - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority. - `state` (String) The state that the rule is in. A disabled rule cannot be matched. diff --git a/docs/resources/endpoint_identity_group.md b/docs/resources/endpoint_identity_group.md index cd55ff3..ebf375b 100644 --- a/docs/resources/endpoint_identity_group.md +++ b/docs/resources/endpoint_identity_group.md @@ -32,7 +32,6 @@ resource "ise_endpoint_identity_group" "example" { - `description` (String) Description - `parent_endpoint_identity_group_id` (String) Parent endpoint identity group ID - `system_defined` (Boolean) System defined endpoint identity group - - Default value: `false` ### Read-Only diff --git a/docs/resources/network_access_authorization_global_exception_rule.md b/docs/resources/network_access_authorization_global_exception_rule.md index 1c5a542..b418abb 100644 --- a/docs/resources/network_access_authorization_global_exception_rule.md +++ b/docs/resources/network_access_authorization_global_exception_rule.md @@ -15,7 +15,6 @@ This resource can manage a Network Access Authorization Global Exception Rule. ```terraform resource "ise_network_access_authorization_global_exception_rule" "example" { name = "Rule1" - default = false rank = 0 state = "enabled" condition_type = "ConditionAttributes" @@ -49,7 +48,6 @@ resource "ise_network_access_authorization_global_exception_rule" "example" { - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith` - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute. - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference` -- `default` (Boolean) Indicates if this rule is the default one - `profiles` (Set of String) The authorization profile(s) - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority. - `security_group` (String) Security group used in authorization policies diff --git a/docs/resources/sxp_domain_filter.md b/docs/resources/sxp_domain_filter.md new file mode 100644 index 0000000..5a67aa1 --- /dev/null +++ b/docs/resources/sxp_domain_filter.md @@ -0,0 +1,48 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "ise_sxp_domain_filter Resource - terraform-provider-ise" +subcategory: "TrustSec" +description: |- + This resource can manage a SXP Domain Filter. +--- + +# ise_sxp_domain_filter (Resource) + +This resource can manage a SXP Domain Filter. + +## Example Usage + +```terraform +resource "ise_sxp_domain_filter" "example" { + subnet = "1.0.0.0/24" + vn = "VN1" + domains = "default" +} +``` + + +## Schema + +### Required + +- `domains` (String) List of SXP Domains, separated with comma + +### Optional + +- `description` (String) Description +- `name` (String) Resource name +- `sgt` (String) SGT name or ID. At least one of subnet or sgt or vn should be defined +- `subnet` (String) Subnet for filter policy (hostname is not supported). At least one of subnet or sgt or vn should be defined +- `vn` (String) Virtual Network. At least one of subnet or sgt or vn should be defined + +### Read-Only + +- `id` (String) The id of the object + +## Import + +Import is supported using the following syntax: + +```shell +terraform import ise_sxp_domain_filter.example "76d24097-41c4-4558-a4d0-a8c07ac08470" +``` diff --git a/docs/resources/trustsec_security_group.md b/docs/resources/trustsec_security_group.md index 2228dc6..fa6d8d6 100644 --- a/docs/resources/trustsec_security_group.md +++ b/docs/resources/trustsec_security_group.md @@ -35,7 +35,6 @@ resource "ise_trustsec_security_group" "example" { - `description` (String) Description - `is_read_only` (Boolean) Read-only - - Default value: `false` - `propogate_to_apic` (Boolean) Propagate to APIC (ACI) ### Read-Only diff --git a/docs/resources/trustsec_security_group_acl.md b/docs/resources/trustsec_security_group_acl.md index 926c344..921feda 100644 --- a/docs/resources/trustsec_security_group_acl.md +++ b/docs/resources/trustsec_security_group_acl.md @@ -37,7 +37,6 @@ resource "ise_trustsec_security_group_acl" "example" { - Choices: `IPV4`, `IPV6`, `IP_AGNOSTIC` - Default value: `IP_AGNOSTIC` - `read_only` (Boolean) Read-only - - Default value: `false` ### Read-Only diff --git a/examples/data-sources/ise_sxp_domain_filter/data-source.tf b/examples/data-sources/ise_sxp_domain_filter/data-source.tf new file mode 100644 index 0000000..de39448 --- /dev/null +++ b/examples/data-sources/ise_sxp_domain_filter/data-source.tf @@ -0,0 +1,3 @@ +data "ise_sxp_domain_filter" "example" { + id = "76d24097-41c4-4558-a4d0-a8c07ac08470" +} diff --git a/examples/resources/ise_device_admin_authorization_global_exception_rule/resource.tf b/examples/resources/ise_device_admin_authorization_global_exception_rule/resource.tf index 674768e..87b7f50 100644 --- a/examples/resources/ise_device_admin_authorization_global_exception_rule/resource.tf +++ b/examples/resources/ise_device_admin_authorization_global_exception_rule/resource.tf @@ -1,6 +1,5 @@ resource "ise_device_admin_authorization_global_exception_rule" "example" { name = "Rule1" - default = false rank = 0 state = "enabled" condition_type = "ConditionAttributes" diff --git a/examples/resources/ise_network_access_authorization_global_exception_rule/resource.tf b/examples/resources/ise_network_access_authorization_global_exception_rule/resource.tf index 75cbe54..7ceb539 100644 --- a/examples/resources/ise_network_access_authorization_global_exception_rule/resource.tf +++ b/examples/resources/ise_network_access_authorization_global_exception_rule/resource.tf @@ -1,6 +1,5 @@ resource "ise_network_access_authorization_global_exception_rule" "example" { name = "Rule1" - default = false rank = 0 state = "enabled" condition_type = "ConditionAttributes" diff --git a/examples/resources/ise_sxp_domain_filter/import.sh b/examples/resources/ise_sxp_domain_filter/import.sh new file mode 100644 index 0000000..71b6984 --- /dev/null +++ b/examples/resources/ise_sxp_domain_filter/import.sh @@ -0,0 +1 @@ +terraform import ise_sxp_domain_filter.example "76d24097-41c4-4558-a4d0-a8c07ac08470" diff --git a/examples/resources/ise_sxp_domain_filter/resource.tf b/examples/resources/ise_sxp_domain_filter/resource.tf new file mode 100644 index 0000000..b84305c --- /dev/null +++ b/examples/resources/ise_sxp_domain_filter/resource.tf @@ -0,0 +1,5 @@ +resource "ise_sxp_domain_filter" "example" { + subnet = "1.0.0.0/24" + vn = "VN1" + domains = "default" +} diff --git a/gen/definitions/device_admin_authorization_global_exception_rule.yaml b/gen/definitions/device_admin_authorization_global_exception_rule.yaml index ce6ca26..8483212 100644 --- a/gen/definitions/device_admin_authorization_global_exception_rule.yaml +++ b/gen/definitions/device_admin_authorization_global_exception_rule.yaml @@ -11,11 +11,6 @@ attributes: mandatory: true description: Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses] example: Rule1 - - model_name: default - data_path: [rule] - type: Bool - description: Indicates if this rule is the default one - example: false - model_name: rank data_path: [rule] type: Int64 diff --git a/gen/definitions/device_admin_authorization_global_exception_rule_update_rank.yaml b/gen/definitions/device_admin_authorization_global_exception_rule_update_rank.yaml index 6f4af4d..c904ab7 100644 --- a/gen/definitions/device_admin_authorization_global_exception_rule_update_rank.yaml +++ b/gen/definitions/device_admin_authorization_global_exception_rule_update_rank.yaml @@ -31,7 +31,6 @@ attributes: test_prerequisites: | resource "ise_device_admin_authorization_global_exception_rule" "test" { name = "Rule1" - default = false rank = 0 state = "enabled" condition_type = "ConditionAttributes" diff --git a/gen/definitions/endpoint_identity_group.yaml b/gen/definitions/endpoint_identity_group.yaml index 582388c..02b8a78 100644 --- a/gen/definitions/endpoint_identity_group.yaml +++ b/gen/definitions/endpoint_identity_group.yaml @@ -18,7 +18,7 @@ attributes: - model_name: systemDefined data_path: [EndPointGroup] type: Bool - default_value: false + #default_value: false description: System defined endpoint identity group example: false - model_name: parentId diff --git a/gen/definitions/network_access_authorization_global_exception_rule.yaml b/gen/definitions/network_access_authorization_global_exception_rule.yaml index 84422ed..36c6582 100644 --- a/gen/definitions/network_access_authorization_global_exception_rule.yaml +++ b/gen/definitions/network_access_authorization_global_exception_rule.yaml @@ -11,11 +11,6 @@ attributes: mandatory: true description: Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses] example: Rule1 - - model_name: default - data_path: [rule] - type: Bool - description: Indicates if this rule is the default one - example: false - model_name: rank data_path: [rule] type: Int64 diff --git a/gen/definitions/network_access_authorization_global_exception_rule_update_rank.yaml b/gen/definitions/network_access_authorization_global_exception_rule_update_rank.yaml index 3c87171..f0c65c4 100644 --- a/gen/definitions/network_access_authorization_global_exception_rule_update_rank.yaml +++ b/gen/definitions/network_access_authorization_global_exception_rule_update_rank.yaml @@ -31,7 +31,6 @@ attributes: test_prerequisites: | resource "ise_network_access_authorization_global_exception_rule" "test" { name = "Rule1" - default = false state = "enabled" condition_type = "ConditionAttributes" condition_is_negate = false diff --git a/gen/definitions/sxp_domain_filter.yaml b/gen/definitions/sxp_domain_filter.yaml new file mode 100644 index 0000000..13c41bc --- /dev/null +++ b/gen/definitions/sxp_domain_filter.yaml @@ -0,0 +1,40 @@ +--- +name: SXP Domain Filter +rest_endpoint: /ers/config/filterpolicy +data_source_name_query: true +skip_minimum_test: true +doc_category: TrustSec +attributes: + - model_name: name + data_path: [ERSFilterPolicy] + type: String + description: Resource name + exclude_test: true + - model_name: description + data_path: [ERSFilterPolicy] + type: String + description: Description + exclude_test: true + - model_name: subnet + data_path: [ERSFilterPolicy] + type: String + description: Subnet for filter policy (hostname is not supported). At least one of subnet or sgt or vn should be defined + example: 1.0.0.0/24 + - model_name: sgt + data_path: [ERSFilterPolicy] + type: String + description: SGT name or ID. At least one of subnet or sgt or vn should be defined + write_only: true + exclude_test: true + - model_name: vn + data_path: [ERSFilterPolicy] + type: String + description: Virtual Network. At least one of subnet or sgt or vn should be defined + example: VN1 + minimum_test_value: VN1 + - model_name: domains + data_path: [ERSFilterPolicy] + type: String + mandatory: true + description: List of SXP Domains, separated with comma + example: default \ No newline at end of file diff --git a/gen/definitions/trustsec_security_group.yaml b/gen/definitions/trustsec_security_group.yaml index 49a2ddf..d5b7ba0 100644 --- a/gen/definitions/trustsec_security_group.yaml +++ b/gen/definitions/trustsec_security_group.yaml @@ -33,7 +33,6 @@ attributes: write_only: true type: Bool description: Read-only - default_value: false example: false # - model_name: defaultSGACLs # data_path: [Sgt] diff --git a/gen/definitions/trustsec_security_group_acl.yaml b/gen/definitions/trustsec_security_group_acl.yaml index ffd69c3..2a41788 100644 --- a/gen/definitions/trustsec_security_group_acl.yaml +++ b/gen/definitions/trustsec_security_group_acl.yaml @@ -34,5 +34,4 @@ attributes: write_only: true type: Bool description: Read-only - default_value: false example: false diff --git a/internal/provider/data_source_ise_device_admin_authorization_global_exception_rule.go b/internal/provider/data_source_ise_device_admin_authorization_global_exception_rule.go index cd8de2c..e3e049c 100644 --- a/internal/provider/data_source_ise_device_admin_authorization_global_exception_rule.go +++ b/internal/provider/data_source_ise_device_admin_authorization_global_exception_rule.go @@ -76,10 +76,6 @@ func (d *DeviceAdminAuthorizationGlobalExceptionRuleDataSource) Schema(ctx conte Optional: true, Computed: true, }, - "default": schema.BoolAttribute{ - MarkdownDescription: "Indicates if this rule is the default one", - Computed: true, - }, "rank": schema.Int64Attribute{ MarkdownDescription: "The rank (priority) in relation to other rules. Lower rank is higher priority.", Computed: true, diff --git a/internal/provider/data_source_ise_device_admin_authorization_global_exception_rule_test.go b/internal/provider/data_source_ise_device_admin_authorization_global_exception_rule_test.go index 02ddbbe..830cda7 100644 --- a/internal/provider/data_source_ise_device_admin_authorization_global_exception_rule_test.go +++ b/internal/provider/data_source_ise_device_admin_authorization_global_exception_rule_test.go @@ -32,7 +32,6 @@ import ( func TestAccDataSourceIseDeviceAdminAuthorizationGlobalExceptionRule(t *testing.T) { var checks []resource.TestCheckFunc checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authorization_global_exception_rule.test", "name", "Rule1")) - checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authorization_global_exception_rule.test", "default", "false")) checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authorization_global_exception_rule.test", "rank", "0")) checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authorization_global_exception_rule.test", "state", "enabled")) checks = append(checks, resource.TestCheckResourceAttr("data.ise_device_admin_authorization_global_exception_rule.test", "condition_type", "ConditionAttributes")) @@ -75,7 +74,6 @@ resource "ise_device_admin_condition" "test" { func testAccDataSourceIseDeviceAdminAuthorizationGlobalExceptionRuleConfig() string { config := `resource "ise_device_admin_authorization_global_exception_rule" "test" {` + "\n" config += ` name = "Rule1"` + "\n" - config += ` default = false` + "\n" config += ` rank = 0` + "\n" config += ` state = "enabled"` + "\n" config += ` condition_type = "ConditionAttributes"` + "\n" diff --git a/internal/provider/data_source_ise_network_access_authorization_global_exception_rule.go b/internal/provider/data_source_ise_network_access_authorization_global_exception_rule.go index fb9fc15..c88a3a9 100644 --- a/internal/provider/data_source_ise_network_access_authorization_global_exception_rule.go +++ b/internal/provider/data_source_ise_network_access_authorization_global_exception_rule.go @@ -76,10 +76,6 @@ func (d *NetworkAccessAuthorizationGlobalExceptionRuleDataSource) Schema(ctx con Optional: true, Computed: true, }, - "default": schema.BoolAttribute{ - MarkdownDescription: "Indicates if this rule is the default one", - Computed: true, - }, "rank": schema.Int64Attribute{ MarkdownDescription: "The rank (priority) in relation to other rules. Lower rank is higher priority.", Computed: true, diff --git a/internal/provider/data_source_ise_network_access_authorization_global_exception_rule_test.go b/internal/provider/data_source_ise_network_access_authorization_global_exception_rule_test.go index 8deaa02..7716480 100644 --- a/internal/provider/data_source_ise_network_access_authorization_global_exception_rule_test.go +++ b/internal/provider/data_source_ise_network_access_authorization_global_exception_rule_test.go @@ -32,7 +32,6 @@ import ( func TestAccDataSourceIseNetworkAccessAuthorizationGlobalExceptionRule(t *testing.T) { var checks []resource.TestCheckFunc checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "name", "Rule1")) - checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "default", "false")) checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "rank", "0")) checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "state", "enabled")) checks = append(checks, resource.TestCheckResourceAttr("data.ise_network_access_authorization_global_exception_rule.test", "condition_type", "ConditionAttributes")) @@ -75,7 +74,6 @@ resource "ise_network_access_condition" "test" { func testAccDataSourceIseNetworkAccessAuthorizationGlobalExceptionRuleConfig() string { config := `resource "ise_network_access_authorization_global_exception_rule" "test" {` + "\n" config += ` name = "Rule1"` + "\n" - config += ` default = false` + "\n" config += ` rank = 0` + "\n" config += ` state = "enabled"` + "\n" config += ` condition_type = "ConditionAttributes"` + "\n" diff --git a/internal/provider/data_source_ise_sxp_domain_filter.go b/internal/provider/data_source_ise_sxp_domain_filter.go new file mode 100644 index 0000000..1bf71a3 --- /dev/null +++ b/internal/provider/data_source_ise_sxp_domain_filter.go @@ -0,0 +1,182 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +//template:begin imports +import ( + "context" + "fmt" + "net/url" + + "github.com/hashicorp/terraform-plugin-framework-validators/datasourcevalidator" + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/netascode/go-ise" + "github.com/tidwall/gjson" +) + +//template:end imports + +//template:begin header + +// Ensure the implementation satisfies the expected interfaces. +var ( + _ datasource.DataSource = &SXPDomainFilterDataSource{} + _ datasource.DataSourceWithConfigure = &SXPDomainFilterDataSource{} +) + +func NewSXPDomainFilterDataSource() datasource.DataSource { + return &SXPDomainFilterDataSource{} +} + +type SXPDomainFilterDataSource struct { + client *ise.Client +} + +func (d *SXPDomainFilterDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_sxp_domain_filter" +} + +//template:end header + +//template:begin model +func (d *SXPDomainFilterDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) { + resp.Schema = schema.Schema{ + // This description is used by the documentation generator and the language server. + MarkdownDescription: "This data source can read the SXP Domain Filter.", + + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: "The id of the object", + Optional: true, + Computed: true, + }, + "name": schema.StringAttribute{ + MarkdownDescription: "Resource name", + Optional: true, + Computed: true, + }, + "description": schema.StringAttribute{ + MarkdownDescription: "Description", + Computed: true, + }, + "subnet": schema.StringAttribute{ + MarkdownDescription: "Subnet for filter policy (hostname is not supported). At least one of subnet or sgt or vn should be defined", + Computed: true, + }, + "sgt": schema.StringAttribute{ + MarkdownDescription: "SGT name or ID. At least one of subnet or sgt or vn should be defined", + Computed: true, + }, + "vn": schema.StringAttribute{ + MarkdownDescription: "Virtual Network. At least one of subnet or sgt or vn should be defined", + Computed: true, + }, + "domains": schema.StringAttribute{ + MarkdownDescription: "List of SXP Domains, separated with comma", + Computed: true, + }, + }, + } +} + +//template:end model + +//template:begin configValidators +func (d *SXPDomainFilterDataSource) ConfigValidators(ctx context.Context) []datasource.ConfigValidator { + return []datasource.ConfigValidator{ + datasourcevalidator.ExactlyOneOf( + path.MatchRoot("id"), + path.MatchRoot("name"), + ), + } +} + +//template:end configValidators + +//template:end configure +func (d *SXPDomainFilterDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, _ *datasource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + d.client = req.ProviderData.(*IseProviderData).Client +} + +//template:end configure + +//template:begin read +func (d *SXPDomainFilterDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { + var config SXPDomainFilter + + // Read config + diags := req.Config.Get(ctx, &config) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", config.Id.ValueString())) + if config.Id.IsNull() && !config.Name.IsNull() { + for page := 1; ; page++ { + res, err := d.client.Get(fmt.Sprintf("%s?size=100&page=%v", config.getPath(), page)) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve objects, got error: %s", err)) + return + } + if value := res.Get("SearchResult.resources"); len(value.Array()) > 0 { + value.ForEach(func(k, v gjson.Result) bool { + if config.Name.ValueString() == v.Get("name").String() { + config.Id = types.StringValue(v.Get("id").String()) + tflog.Debug(ctx, fmt.Sprintf("%s: Found object with name '%v', id: %v", config.Id.String(), config.Name.ValueString(), config.Id.String())) + return false + } + return true + }) + } + if !config.Id.IsNull() || !res.Get("SearchResult.nextPage").Exists() { + break + } + } + + if config.Id.IsNull() { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to find object with name: %s", config.Name.ValueString())) + return + } + } + + res, err := d.client.Get(config.getPath() + "/" + url.QueryEscape(config.Id.ValueString())) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object, got error: %s", err)) + return + } + + config.fromBody(ctx, res) + + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", config.Id.ValueString())) + + diags = resp.State.Set(ctx, &config) + resp.Diagnostics.Append(diags...) +} + +//template:end read diff --git a/internal/provider/data_source_ise_sxp_domain_filter_test.go b/internal/provider/data_source_ise_sxp_domain_filter_test.go new file mode 100644 index 0000000..6a4d596 --- /dev/null +++ b/internal/provider/data_source_ise_sxp_domain_filter_test.go @@ -0,0 +1,70 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +//template:begin imports +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" +) + +//template:end imports + +//template:begin testAccDataSource +func TestAccDataSourceIseSXPDomainFilter(t *testing.T) { + var checks []resource.TestCheckFunc + checks = append(checks, resource.TestCheckResourceAttr("data.ise_sxp_domain_filter.test", "subnet", "1.0.0.0/24")) + checks = append(checks, resource.TestCheckResourceAttr("data.ise_sxp_domain_filter.test", "vn", "VN1")) + checks = append(checks, resource.TestCheckResourceAttr("data.ise_sxp_domain_filter.test", "domains", "default")) + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceIseSXPDomainFilterConfig(), + Check: resource.ComposeTestCheckFunc(checks...), + }, + }, + }) +} + +//template:end testAccDataSource + +//template:begin testPrerequisites +//template:end testPrerequisites + +//template:begin testAccDataSourceConfig +func testAccDataSourceIseSXPDomainFilterConfig() string { + config := `resource "ise_sxp_domain_filter" "test" {` + "\n" + config += ` subnet = "1.0.0.0/24"` + "\n" + config += ` vn = "VN1"` + "\n" + config += ` domains = "default"` + "\n" + config += `}` + "\n" + + config += ` + data "ise_sxp_domain_filter" "test" { + id = ise_sxp_domain_filter.test.id + } + ` + return config +} + +//template:end testAccDataSourceConfig diff --git a/internal/provider/model_ise_device_admin_authorization_global_exception_rule.go b/internal/provider/model_ise_device_admin_authorization_global_exception_rule.go index 0db162f..aa50a0a 100644 --- a/internal/provider/model_ise_device_admin_authorization_global_exception_rule.go +++ b/internal/provider/model_ise_device_admin_authorization_global_exception_rule.go @@ -36,7 +36,6 @@ import ( type DeviceAdminAuthorizationGlobalExceptionRule struct { Id types.String `tfsdk:"id"` Name types.String `tfsdk:"name"` - Default types.Bool `tfsdk:"default"` Rank types.Int64 `tfsdk:"rank"` State types.String `tfsdk:"state"` ConditionType types.String `tfsdk:"condition_type"` @@ -94,9 +93,6 @@ func (data DeviceAdminAuthorizationGlobalExceptionRule) toBody(ctx context.Conte if !data.Name.IsNull() { body, _ = sjson.Set(body, "rule.name", data.Name.ValueString()) } - if !data.Default.IsNull() { - body, _ = sjson.Set(body, "rule.default", data.Default.ValueBool()) - } if !data.Rank.IsNull() { body, _ = sjson.Set(body, "rule.rank", data.Rank.ValueInt64()) } @@ -209,11 +205,6 @@ func (data *DeviceAdminAuthorizationGlobalExceptionRule) fromBody(ctx context.Co } else { data.Name = types.StringNull() } - if value := res.Get("response.rule.default"); value.Exists() && value.Type != gjson.Null { - data.Default = types.BoolValue(value.Bool()) - } else { - data.Default = types.BoolNull() - } if value := res.Get("response.rule.rank"); value.Exists() && value.Type != gjson.Null { data.Rank = types.Int64Value(value.Int()) } else { @@ -381,11 +372,6 @@ func (data *DeviceAdminAuthorizationGlobalExceptionRule) updateFromBody(ctx cont } else { data.Name = types.StringNull() } - if value := res.Get("response.rule.default"); value.Exists() && !data.Default.IsNull() { - data.Default = types.BoolValue(value.Bool()) - } else { - data.Default = types.BoolNull() - } if value := res.Get("response.rule.rank"); value.Exists() && !data.Rank.IsNull() { data.Rank = types.Int64Value(value.Int()) } else { @@ -583,9 +569,6 @@ func (data *DeviceAdminAuthorizationGlobalExceptionRule) isNull(ctx context.Cont if !data.Name.IsNull() { return false } - if !data.Default.IsNull() { - return false - } if !data.Rank.IsNull() { return false } diff --git a/internal/provider/model_ise_endpoint_identity_group.go b/internal/provider/model_ise_endpoint_identity_group.go index 8518086..c46dfcc 100644 --- a/internal/provider/model_ise_endpoint_identity_group.go +++ b/internal/provider/model_ise_endpoint_identity_group.go @@ -87,7 +87,7 @@ func (data *EndpointIdentityGroup) fromBody(ctx context.Context, res gjson.Resul if value := res.Get("EndPointGroup.systemDefined"); value.Exists() && value.Type != gjson.Null { data.SystemDefined = types.BoolValue(value.Bool()) } else { - data.SystemDefined = types.BoolValue(false) + data.SystemDefined = types.BoolNull() } if value := res.Get("EndPointGroup.parentId"); value.Exists() && value.Type != gjson.Null { data.ParentEndpointIdentityGroupId = types.StringValue(value.String()) @@ -112,7 +112,7 @@ func (data *EndpointIdentityGroup) updateFromBody(ctx context.Context, res gjson } if value := res.Get("EndPointGroup.systemDefined"); value.Exists() && !data.SystemDefined.IsNull() { data.SystemDefined = types.BoolValue(value.Bool()) - } else if data.SystemDefined.ValueBool() != false { + } else { data.SystemDefined = types.BoolNull() } if value := res.Get("EndPointGroup.parentId"); value.Exists() && !data.ParentEndpointIdentityGroupId.IsNull() { diff --git a/internal/provider/model_ise_network_access_authorization_global_exception_rule.go b/internal/provider/model_ise_network_access_authorization_global_exception_rule.go index d511478..5791aba 100644 --- a/internal/provider/model_ise_network_access_authorization_global_exception_rule.go +++ b/internal/provider/model_ise_network_access_authorization_global_exception_rule.go @@ -36,7 +36,6 @@ import ( type NetworkAccessAuthorizationGlobalExceptionRule struct { Id types.String `tfsdk:"id"` Name types.String `tfsdk:"name"` - Default types.Bool `tfsdk:"default"` Rank types.Int64 `tfsdk:"rank"` State types.String `tfsdk:"state"` ConditionType types.String `tfsdk:"condition_type"` @@ -94,9 +93,6 @@ func (data NetworkAccessAuthorizationGlobalExceptionRule) toBody(ctx context.Con if !data.Name.IsNull() { body, _ = sjson.Set(body, "rule.name", data.Name.ValueString()) } - if !data.Default.IsNull() { - body, _ = sjson.Set(body, "rule.default", data.Default.ValueBool()) - } if !data.Rank.IsNull() { body, _ = sjson.Set(body, "rule.rank", data.Rank.ValueInt64()) } @@ -209,11 +205,6 @@ func (data *NetworkAccessAuthorizationGlobalExceptionRule) fromBody(ctx context. } else { data.Name = types.StringNull() } - if value := res.Get("response.rule.default"); value.Exists() && value.Type != gjson.Null { - data.Default = types.BoolValue(value.Bool()) - } else { - data.Default = types.BoolNull() - } if value := res.Get("response.rule.rank"); value.Exists() && value.Type != gjson.Null { data.Rank = types.Int64Value(value.Int()) } else { @@ -381,11 +372,6 @@ func (data *NetworkAccessAuthorizationGlobalExceptionRule) updateFromBody(ctx co } else { data.Name = types.StringNull() } - if value := res.Get("response.rule.default"); value.Exists() && !data.Default.IsNull() { - data.Default = types.BoolValue(value.Bool()) - } else { - data.Default = types.BoolNull() - } if value := res.Get("response.rule.rank"); value.Exists() && !data.Rank.IsNull() { data.Rank = types.Int64Value(value.Int()) } else { @@ -583,9 +569,6 @@ func (data *NetworkAccessAuthorizationGlobalExceptionRule) isNull(ctx context.Co if !data.Name.IsNull() { return false } - if !data.Default.IsNull() { - return false - } if !data.Rank.IsNull() { return false } diff --git a/internal/provider/model_ise_sxp_domain_filter.go b/internal/provider/model_ise_sxp_domain_filter.go new file mode 100644 index 0000000..5f0bae3 --- /dev/null +++ b/internal/provider/model_ise_sxp_domain_filter.go @@ -0,0 +1,168 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +//template:begin imports +import ( + "context" + + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/tidwall/gjson" + "github.com/tidwall/sjson" +) + +//template:end imports + +//template:begin types +type SXPDomainFilter struct { + Id types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Description types.String `tfsdk:"description"` + Subnet types.String `tfsdk:"subnet"` + Sgt types.String `tfsdk:"sgt"` + Vn types.String `tfsdk:"vn"` + Domains types.String `tfsdk:"domains"` +} + +//template:end types + +//template:begin getPath +func (data SXPDomainFilter) getPath() string { + return "/ers/config/filterpolicy" +} + +//template:end getPath + +//template:begin getPathDelete + +//template:end getPathDelete + +//template:begin toBody +func (data SXPDomainFilter) toBody(ctx context.Context, state SXPDomainFilter) string { + body := "" + if !data.Name.IsNull() { + body, _ = sjson.Set(body, "ERSFilterPolicy.name", data.Name.ValueString()) + } + if !data.Description.IsNull() { + body, _ = sjson.Set(body, "ERSFilterPolicy.description", data.Description.ValueString()) + } + if !data.Subnet.IsNull() { + body, _ = sjson.Set(body, "ERSFilterPolicy.subnet", data.Subnet.ValueString()) + } + if !data.Sgt.IsNull() { + body, _ = sjson.Set(body, "ERSFilterPolicy.sgt", data.Sgt.ValueString()) + } + if !data.Vn.IsNull() { + body, _ = sjson.Set(body, "ERSFilterPolicy.vn", data.Vn.ValueString()) + } + if !data.Domains.IsNull() { + body, _ = sjson.Set(body, "ERSFilterPolicy.domains", data.Domains.ValueString()) + } + return body +} + +//template:end toBody + +//template:begin fromBody +func (data *SXPDomainFilter) fromBody(ctx context.Context, res gjson.Result) { + if value := res.Get("ERSFilterPolicy.name"); value.Exists() && value.Type != gjson.Null { + data.Name = types.StringValue(value.String()) + } else { + data.Name = types.StringNull() + } + if value := res.Get("ERSFilterPolicy.description"); value.Exists() && value.Type != gjson.Null { + data.Description = types.StringValue(value.String()) + } else { + data.Description = types.StringNull() + } + if value := res.Get("ERSFilterPolicy.subnet"); value.Exists() && value.Type != gjson.Null { + data.Subnet = types.StringValue(value.String()) + } else { + data.Subnet = types.StringNull() + } + if value := res.Get("ERSFilterPolicy.vn"); value.Exists() && value.Type != gjson.Null { + data.Vn = types.StringValue(value.String()) + } else { + data.Vn = types.StringNull() + } + if value := res.Get("ERSFilterPolicy.domains"); value.Exists() && value.Type != gjson.Null { + data.Domains = types.StringValue(value.String()) + } else { + data.Domains = types.StringNull() + } +} + +//template:end fromBody + +//template:begin updateFromBody +func (data *SXPDomainFilter) updateFromBody(ctx context.Context, res gjson.Result) { + if value := res.Get("ERSFilterPolicy.name"); value.Exists() && !data.Name.IsNull() { + data.Name = types.StringValue(value.String()) + } else { + data.Name = types.StringNull() + } + if value := res.Get("ERSFilterPolicy.description"); value.Exists() && !data.Description.IsNull() { + data.Description = types.StringValue(value.String()) + } else { + data.Description = types.StringNull() + } + if value := res.Get("ERSFilterPolicy.subnet"); value.Exists() && !data.Subnet.IsNull() { + data.Subnet = types.StringValue(value.String()) + } else { + data.Subnet = types.StringNull() + } + if value := res.Get("ERSFilterPolicy.vn"); value.Exists() && !data.Vn.IsNull() { + data.Vn = types.StringValue(value.String()) + } else { + data.Vn = types.StringNull() + } + if value := res.Get("ERSFilterPolicy.domains"); value.Exists() && !data.Domains.IsNull() { + data.Domains = types.StringValue(value.String()) + } else { + data.Domains = types.StringNull() + } +} + +//template:end updateFromBody + +//template:begin isNull +func (data *SXPDomainFilter) isNull(ctx context.Context, res gjson.Result) bool { + if !data.Name.IsNull() { + return false + } + if !data.Description.IsNull() { + return false + } + if !data.Subnet.IsNull() { + return false + } + if !data.Sgt.IsNull() { + return false + } + if !data.Vn.IsNull() { + return false + } + if !data.Domains.IsNull() { + return false + } + return true +} + +//template:end isNull diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 2fdf8a6..94f03c4 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -283,6 +283,7 @@ func (p *IseProvider) Resources(ctx context.Context) []func() resource.Resource NewNetworkDeviceResource, NewNetworkDeviceGroupResource, NewRepositoryResource, + NewSXPDomainFilterResource, NewTACACSCommandSetResource, NewTACACSProfileResource, NewTrustSecEgressMatrixCellResource, @@ -326,6 +327,7 @@ func (p *IseProvider) DataSources(ctx context.Context) []func() datasource.DataS NewNetworkDeviceDataSource, NewNetworkDeviceGroupDataSource, NewRepositoryDataSource, + NewSXPDomainFilterDataSource, NewTACACSCommandSetDataSource, NewTACACSProfileDataSource, NewTrustSecEgressMatrixCellDataSource, diff --git a/internal/provider/resource_ise_device_admin_authorization_global_exception_rule.go b/internal/provider/resource_ise_device_admin_authorization_global_exception_rule.go index 0fb3139..7f01a25 100644 --- a/internal/provider/resource_ise_device_admin_authorization_global_exception_rule.go +++ b/internal/provider/resource_ise_device_admin_authorization_global_exception_rule.go @@ -80,10 +80,6 @@ func (r *DeviceAdminAuthorizationGlobalExceptionRuleResource) Schema(ctx context MarkdownDescription: helpers.NewAttributeDescription("Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]").String, Required: true, }, - "default": schema.BoolAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("Indicates if this rule is the default one").String, - Optional: true, - }, "rank": schema.Int64Attribute{ MarkdownDescription: helpers.NewAttributeDescription("The rank (priority) in relation to other rules. Lower rank is higher priority.").String, Optional: true, diff --git a/internal/provider/resource_ise_device_admin_authorization_global_exception_rule_test.go b/internal/provider/resource_ise_device_admin_authorization_global_exception_rule_test.go index 6a6d96c..3657146 100644 --- a/internal/provider/resource_ise_device_admin_authorization_global_exception_rule_test.go +++ b/internal/provider/resource_ise_device_admin_authorization_global_exception_rule_test.go @@ -33,7 +33,6 @@ import ( func TestAccIseDeviceAdminAuthorizationGlobalExceptionRule(t *testing.T) { var checks []resource.TestCheckFunc checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authorization_global_exception_rule.test", "name", "Rule1")) - checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authorization_global_exception_rule.test", "default", "false")) checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authorization_global_exception_rule.test", "rank", "0")) checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authorization_global_exception_rule.test", "state", "enabled")) checks = append(checks, resource.TestCheckResourceAttr("ise_device_admin_authorization_global_exception_rule.test", "condition_type", "ConditionAttributes")) @@ -100,7 +99,6 @@ func testAccIseDeviceAdminAuthorizationGlobalExceptionRuleConfig_minimum() strin func testAccIseDeviceAdminAuthorizationGlobalExceptionRuleConfig_all() string { config := `resource "ise_device_admin_authorization_global_exception_rule" "test" {` + "\n" config += ` name = "Rule1"` + "\n" - config += ` default = false` + "\n" config += ` rank = 0` + "\n" config += ` state = "enabled"` + "\n" config += ` condition_type = "ConditionAttributes"` + "\n" diff --git a/internal/provider/resource_ise_device_admin_authorization_global_exception_rule_update_rank_test.go b/internal/provider/resource_ise_device_admin_authorization_global_exception_rule_update_rank_test.go index 24ae9ec..fa1a807 100644 --- a/internal/provider/resource_ise_device_admin_authorization_global_exception_rule_update_rank_test.go +++ b/internal/provider/resource_ise_device_admin_authorization_global_exception_rule_update_rank_test.go @@ -52,7 +52,6 @@ func TestAccIseDeviceAdminAuthorizationGlobalExceptionRuleUpdateRank(t *testing. const testAccIseDeviceAdminAuthorizationGlobalExceptionRuleUpdateRankPrerequisitesConfig = ` resource "ise_device_admin_authorization_global_exception_rule" "test" { name = "Rule1" - default = false rank = 0 state = "enabled" condition_type = "ConditionAttributes" diff --git a/internal/provider/resource_ise_endpoint_identity_group.go b/internal/provider/resource_ise_endpoint_identity_group.go index 60bf638..c92ea34 100644 --- a/internal/provider/resource_ise_endpoint_identity_group.go +++ b/internal/provider/resource_ise_endpoint_identity_group.go @@ -30,7 +30,6 @@ import ( "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" - "github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" "github.com/hashicorp/terraform-plugin-framework/types" @@ -83,10 +82,8 @@ func (r *EndpointIdentityGroupResource) Schema(ctx context.Context, req resource Optional: true, }, "system_defined": schema.BoolAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("System defined endpoint identity group").AddDefaultValueDescription("false").String, + MarkdownDescription: helpers.NewAttributeDescription("System defined endpoint identity group").String, Optional: true, - Computed: true, - Default: booldefault.StaticBool(false), }, "parent_endpoint_identity_group_id": schema.StringAttribute{ MarkdownDescription: helpers.NewAttributeDescription("Parent endpoint identity group ID").String, diff --git a/internal/provider/resource_ise_network_access_authorization_global_exception_rule.go b/internal/provider/resource_ise_network_access_authorization_global_exception_rule.go index 01c881f..d9cb2cf 100644 --- a/internal/provider/resource_ise_network_access_authorization_global_exception_rule.go +++ b/internal/provider/resource_ise_network_access_authorization_global_exception_rule.go @@ -80,10 +80,6 @@ func (r *NetworkAccessAuthorizationGlobalExceptionRuleResource) Schema(ctx conte MarkdownDescription: helpers.NewAttributeDescription("Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]").String, Required: true, }, - "default": schema.BoolAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("Indicates if this rule is the default one").String, - Optional: true, - }, "rank": schema.Int64Attribute{ MarkdownDescription: helpers.NewAttributeDescription("The rank (priority) in relation to other rules. Lower rank is higher priority.").String, Optional: true, diff --git a/internal/provider/resource_ise_network_access_authorization_global_exception_rule_test.go b/internal/provider/resource_ise_network_access_authorization_global_exception_rule_test.go index fc7265a..e8d763e 100644 --- a/internal/provider/resource_ise_network_access_authorization_global_exception_rule_test.go +++ b/internal/provider/resource_ise_network_access_authorization_global_exception_rule_test.go @@ -33,7 +33,6 @@ import ( func TestAccIseNetworkAccessAuthorizationGlobalExceptionRule(t *testing.T) { var checks []resource.TestCheckFunc checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "name", "Rule1")) - checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "default", "false")) checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "rank", "0")) checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "state", "enabled")) checks = append(checks, resource.TestCheckResourceAttr("ise_network_access_authorization_global_exception_rule.test", "condition_type", "ConditionAttributes")) @@ -100,7 +99,6 @@ func testAccIseNetworkAccessAuthorizationGlobalExceptionRuleConfig_minimum() str func testAccIseNetworkAccessAuthorizationGlobalExceptionRuleConfig_all() string { config := `resource "ise_network_access_authorization_global_exception_rule" "test" {` + "\n" config += ` name = "Rule1"` + "\n" - config += ` default = false` + "\n" config += ` rank = 0` + "\n" config += ` state = "enabled"` + "\n" config += ` condition_type = "ConditionAttributes"` + "\n" diff --git a/internal/provider/resource_ise_network_access_authorization_global_exception_rule_update_rank_test.go b/internal/provider/resource_ise_network_access_authorization_global_exception_rule_update_rank_test.go index e7a744e..de16b57 100644 --- a/internal/provider/resource_ise_network_access_authorization_global_exception_rule_update_rank_test.go +++ b/internal/provider/resource_ise_network_access_authorization_global_exception_rule_update_rank_test.go @@ -52,7 +52,6 @@ func TestAccIseNetworkAccessAuthorizationGlobalExceptionRuleUpdateRank(t *testin const testAccIseNetworkAccessAuthorizationGlobalExceptionRuleUpdateRankPrerequisitesConfig = ` resource "ise_network_access_authorization_global_exception_rule" "test" { name = "Rule1" - default = false state = "enabled" condition_type = "ConditionAttributes" condition_is_negate = false diff --git a/internal/provider/resource_ise_sxp_domain_filter.go b/internal/provider/resource_ise_sxp_domain_filter.go new file mode 100644 index 0000000..0dac65b --- /dev/null +++ b/internal/provider/resource_ise_sxp_domain_filter.go @@ -0,0 +1,248 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +//template:begin imports +import ( + "context" + "fmt" + "net/url" + "strings" + + "github.com/CiscoDevNet/terraform-provider-ise/internal/provider/helpers" + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/netascode/go-ise" +) + +//template:end imports + +//template:begin header + +// Ensure provider defined types fully satisfy framework interfaces +var _ resource.Resource = &SXPDomainFilterResource{} +var _ resource.ResourceWithImportState = &SXPDomainFilterResource{} + +func NewSXPDomainFilterResource() resource.Resource { + return &SXPDomainFilterResource{} +} + +type SXPDomainFilterResource struct { + client *ise.Client +} + +func (r *SXPDomainFilterResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_sxp_domain_filter" +} + +//template:end header + +//template:begin model +func (r *SXPDomainFilterResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + // This description is used by the documentation generator and the language server. + MarkdownDescription: helpers.NewAttributeDescription("This resource can manage a SXP Domain Filter.").String, + + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: "The id of the object", + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "name": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Resource name").String, + Optional: true, + }, + "description": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Description").String, + Optional: true, + }, + "subnet": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Subnet for filter policy (hostname is not supported). At least one of subnet or sgt or vn should be defined").String, + Optional: true, + }, + "sgt": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("SGT name or ID. At least one of subnet or sgt or vn should be defined").String, + Optional: true, + }, + "vn": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Virtual Network. At least one of subnet or sgt or vn should be defined").String, + Optional: true, + }, + "domains": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("List of SXP Domains, separated with comma").String, + Required: true, + }, + }, + } +} + +//template:end model + +//template:begin configure +func (r *SXPDomainFilterResource) Configure(_ context.Context, req resource.ConfigureRequest, _ *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + r.client = req.ProviderData.(*IseProviderData).Client +} + +//template:end configure + +//template:begin create +func (r *SXPDomainFilterResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var plan SXPDomainFilter + + // Read plan + diags := req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Create", plan.Id.ValueString())) + + // Create object + body := plan.toBody(ctx, SXPDomainFilter{}) + res, location, err := r.client.Post(plan.getPath(), body) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (POST), got error: %s, %s", err, res.String())) + return + } + locationElements := strings.Split(location, "/") + plan.Id = types.StringValue(locationElements[len(locationElements)-1]) + + tflog.Debug(ctx, fmt.Sprintf("%s: Create finished successfully", plan.Id.ValueString())) + + diags = resp.State.Set(ctx, &plan) + resp.Diagnostics.Append(diags...) +} + +//template:end create + +//template:begin read +func (r *SXPDomainFilterResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var state SXPDomainFilter + + // Read state + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", state.Id.String())) + res, err := r.client.Get(state.getPath() + "/" + url.QueryEscape(state.Id.ValueString())) + if err != nil && strings.Contains(err.Error(), "StatusCode 404") { + resp.State.RemoveResource(ctx) + return + } else if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String())) + return + } + + // If every attribute is set to null we are dealing with an import operation and therefore reading all attributes + if state.isNull(ctx, res) { + state.fromBody(ctx, res) + } else { + state.updateFromBody(ctx, res) + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", state.Id.ValueString())) + + diags = resp.State.Set(ctx, &state) + resp.Diagnostics.Append(diags...) +} + +//template:end read + +//template:begin update +func (r *SXPDomainFilterResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var plan, state SXPDomainFilter + + // Read plan + diags := req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + // Read state + diags = req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Update", plan.Id.ValueString())) + body := plan.toBody(ctx, state) + + res, err := r.client.Put(plan.getPath()+"/"+url.QueryEscape(plan.Id.ValueString()), body) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String())) + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Update finished successfully", plan.Id.ValueString())) + + diags = resp.State.Set(ctx, &plan) + resp.Diagnostics.Append(diags...) +} + +//template:end update + +//template:begin delete +func (r *SXPDomainFilterResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var state SXPDomainFilter + + // Read state + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Delete", state.Id.ValueString())) + res, err := r.client.Delete(state.getPath() + "/" + url.QueryEscape(state.Id.ValueString())) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to delete object (DELETE), got error: %s, %s", err, res.String())) + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Delete finished successfully", state.Id.ValueString())) + + resp.State.RemoveResource(ctx) +} + +//template:end delete + +//template:begin import +func (r *SXPDomainFilterResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) +} + +//template:end import diff --git a/internal/provider/resource_ise_sxp_domain_filter_test.go b/internal/provider/resource_ise_sxp_domain_filter_test.go new file mode 100644 index 0000000..85879d7 --- /dev/null +++ b/internal/provider/resource_ise_sxp_domain_filter_test.go @@ -0,0 +1,81 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +//template:begin imports +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" +) + +//template:end imports + +//template:begin testAcc +func TestAccIseSXPDomainFilter(t *testing.T) { + var checks []resource.TestCheckFunc + checks = append(checks, resource.TestCheckResourceAttr("ise_sxp_domain_filter.test", "subnet", "1.0.0.0/24")) + checks = append(checks, resource.TestCheckResourceAttr("ise_sxp_domain_filter.test", "vn", "VN1")) + checks = append(checks, resource.TestCheckResourceAttr("ise_sxp_domain_filter.test", "domains", "default")) + + var steps []resource.TestStep + steps = append(steps, resource.TestStep{ + Config: testAccIseSXPDomainFilterConfig_all(), + Check: resource.ComposeTestCheckFunc(checks...), + }) + steps = append(steps, resource.TestStep{ + ResourceName: "ise_sxp_domain_filter.test", + ImportState: true, + }) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: steps, + }) +} + +//template:end testAcc + +//template:begin testPrerequisites +//template:end testPrerequisites + +//template:begin testAccConfigMinimal +func testAccIseSXPDomainFilterConfig_minimum() string { + config := `resource "ise_sxp_domain_filter" "test" {` + "\n" + config += ` vn = VN1` + "\n" + config += ` domains = "default"` + "\n" + config += `}` + "\n" + return config +} + +//template:end testAccConfigMinimal + +//template:begin testAccConfigAll +func testAccIseSXPDomainFilterConfig_all() string { + config := `resource "ise_sxp_domain_filter" "test" {` + "\n" + config += ` subnet = "1.0.0.0/24"` + "\n" + config += ` vn = "VN1"` + "\n" + config += ` domains = "default"` + "\n" + config += `}` + "\n" + return config +} + +//template:end testAccConfigAll diff --git a/internal/provider/resource_ise_trustsec_security_group.go b/internal/provider/resource_ise_trustsec_security_group.go index 64731b0..4d58d62 100644 --- a/internal/provider/resource_ise_trustsec_security_group.go +++ b/internal/provider/resource_ise_trustsec_security_group.go @@ -31,7 +31,6 @@ import ( "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" - "github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" "github.com/hashicorp/terraform-plugin-framework/schema/validator" @@ -96,10 +95,8 @@ func (r *TrustSecSecurityGroupResource) Schema(ctx context.Context, req resource Optional: true, }, "is_read_only": schema.BoolAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("Read-only").AddDefaultValueDescription("false").String, + MarkdownDescription: helpers.NewAttributeDescription("Read-only").String, Optional: true, - Computed: true, - Default: booldefault.StaticBool(false), }, }, } diff --git a/internal/provider/resource_ise_trustsec_security_group_acl.go b/internal/provider/resource_ise_trustsec_security_group_acl.go index d5f20bf..1729221 100644 --- a/internal/provider/resource_ise_trustsec_security_group_acl.go +++ b/internal/provider/resource_ise_trustsec_security_group_acl.go @@ -31,7 +31,6 @@ import ( "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" - "github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" @@ -99,10 +98,8 @@ func (r *TrustSecSecurityGroupACLResource) Schema(ctx context.Context, req resou Default: stringdefault.StaticString("IP_AGNOSTIC"), }, "read_only": schema.BoolAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("Read-only").AddDefaultValueDescription("false").String, + MarkdownDescription: helpers.NewAttributeDescription("Read-only").String, Optional: true, - Computed: true, - Default: booldefault.StaticBool(false), }, }, } diff --git a/templates/guides/changelog.md.tmpl b/templates/guides/changelog.md.tmpl index 62f4111..d32be8c 100644 --- a/templates/guides/changelog.md.tmpl +++ b/templates/guides/changelog.md.tmpl @@ -7,6 +7,13 @@ description: |- # Changelog +## 0.2.5 (unreleased) + +- Remove default_value from `systemDefined` attribute in `ise_endpoint_identity_group` +- Remove `default` from `ise_device_admin_authorization_global_exception_rule` and `ise_network_access_authorization_global_exception_rule` +- Remove default_value from `isReadOnly` and `readOnly` attributes in `ise_trustsec_security_group` and `ise_trustsec_security_group_acl` +- Add `ise_sxp_domain_filter` resource and data_source + ## 0.2.4 - Fix managing `Default` network access and device administration resources