Add aaa authorization attributes

CiscoDevNet · Dec 18, 2023 · 00a7840 · 00a7840
1 parent 986dd39
commit 00a7840
Show file tree

Hide file tree

Showing 12 changed files with 970 additions and 44 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@
 - Add `community_list_expanded` resource and data source
 - Add `authentication`, `mab` and `dot1x` attributes to `iosxe_interface_ethernet` resource and data source
 - Add `authorization_exec` and `transport_input` attributes to `iosxe_line` resource and data source
+- Add `a2`, `a3` and `a4` attributes to `iosxe_aaa_authorization` resource and data source
 
 ## 0.5.1
 

diff --git a/docs/data-sources/aaa_authorization.md b/docs/data-sources/aaa_authorization.md
@@ -38,7 +38,23 @@ Read-Only:
 - `a1_group` (String) Use Server-group
 - `a1_if_authenticated` (Boolean) Succeed if user has authenticated.
 - `a1_local` (Boolean) Use local database
+- `a1_radius` (Boolean) Use radius
+- `a1_tacacs` (Boolean) Use TACACS+
+- `a2_group` (String) Use Server-group
+- `a2_if_authenticated` (Boolean) Succeed if user has authenticated.
 - `a2_local` (Boolean)
+- `a2_radius` (Boolean) Use Radius
+- `a2_tacacs` (Boolean) Use TACACS+
+- `a3_group` (String) Use Server-group
+- `a3_if_authenticated` (Boolean) Succeed if user has authenticated.
+- `a3_local` (Boolean)
+- `a3_radius` (Boolean) Use Radius
+- `a3_tacacs` (Boolean) Use TACACS+
+- `a4_group` (String) Use Server-group
+- `a4_if_authenticated` (Boolean) Succeed if user has authenticated.
+- `a4_local` (Boolean)
+- `a4_radius` (Boolean) Use radius
+- `a4_tacacs` (Boolean) Use TACACS+
 - `name` (String)
 
 
@@ -48,4 +64,11 @@ Read-Only:
 Read-Only:
 
 - `a1_group` (String) Use Server-group
+- `a1_local` (Boolean) Use local username authentication.
+- `a2_group` (String) Use Server-group
+- `a2_local` (Boolean)
+- `a3_group` (String) Use Server-group
+- `a3_local` (Boolean)
+- `a4_group` (String) Use Server-group
+- `a4_local` (Boolean)
 - `id` (String)
diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md
@@ -21,6 +21,7 @@ description: |-
 - Add `community_list_expanded` resource and data source
 - Add `authentication`, `mab` and `dot1x` attributes to `iosxe_interface_ethernet` resource and data source
 - Add `authorization_exec` and `transport_input` attributes to `iosxe_line` resource and data source
+- Add `a2`, `a3` and `a4` attributes to `iosxe_aaa_authorization` resource and data source
 
 ## 0.5.1
 

diff --git a/docs/resources/aaa_authorization.md b/docs/resources/aaa_authorization.md
@@ -16,10 +16,20 @@ This resource can manage the AAA Authorization configuration.
 resource "iosxe_aaa_authorization" "example" {
   execs = [
     {
-      name                = "TEST"
-      a1_local            = false
-      a1_group            = "GROUP1"
-      a1_if_authenticated = true
+      name     = "EXEC1"
+      a1_group = "GROUP1"
+      a2_group = "GROUP2"
+      a3_group = "GROUP3"
+      a4_local = true
+    }
+  ]
+  networks = [
+    {
+      id       = "NET1"
+      a1_group = "RGROUP1"
+      a2_group = "RGROUP2"
+      a3_group = "RGROUP3"
+      a4_local = true
     }
   ]
 }
@@ -52,7 +62,23 @@ Optional:
 - `a1_group` (String) Use Server-group
 - `a1_if_authenticated` (Boolean) Succeed if user has authenticated.
 - `a1_local` (Boolean) Use local database
+- `a1_radius` (Boolean) Use radius
+- `a1_tacacs` (Boolean) Use TACACS+
+- `a2_group` (String) Use Server-group
+- `a2_if_authenticated` (Boolean) Succeed if user has authenticated.
 - `a2_local` (Boolean)
+- `a2_radius` (Boolean) Use Radius
+- `a2_tacacs` (Boolean) Use TACACS+
+- `a3_group` (String) Use Server-group
+- `a3_if_authenticated` (Boolean) Succeed if user has authenticated.
+- `a3_local` (Boolean)
+- `a3_radius` (Boolean) Use Radius
+- `a3_tacacs` (Boolean) Use TACACS+
+- `a4_group` (String) Use Server-group
+- `a4_if_authenticated` (Boolean) Succeed if user has authenticated.
+- `a4_local` (Boolean)
+- `a4_radius` (Boolean) Use radius
+- `a4_tacacs` (Boolean) Use TACACS+
 
 
 <a id="nestedatt--networks"></a>
@@ -65,6 +91,13 @@ Required:
 Optional:
 
 - `a1_group` (String) Use Server-group
+- `a1_local` (Boolean) Use local username authentication.
+- `a2_group` (String) Use Server-group
+- `a2_local` (Boolean)
+- `a3_group` (String) Use Server-group
+- `a3_local` (Boolean)
+- `a4_group` (String) Use Server-group
+- `a4_local` (Boolean)
 
 ## Import
 

diff --git a/examples/resources/iosxe_aaa_authorization/resource.tf b/examples/resources/iosxe_aaa_authorization/resource.tf
@@ -1,10 +1,20 @@
 resource "iosxe_aaa_authorization" "example" {
   execs = [
     {
-      name                = "TEST"
-      a1_local            = false
-      a1_group            = "GROUP1"
-      a1_if_authenticated = true
+      name     = "EXEC1"
+      a1_group = "GROUP1"
+      a2_group = "GROUP2"
+      a3_group = "GROUP3"
+      a4_local = true
+    }
+  ]
+  networks = [
+    {
+      id       = "NET1"
+      a1_group = "RGROUP1"
+      a2_group = "RGROUP2"
+      a3_group = "RGROUP3"
+      a4_local = true
     }
   ]
 }
diff --git a/gen/definitions/aaa_authorization.yaml b/gen/definitions/aaa_authorization.yaml
@@ -10,33 +10,143 @@ attributes:
     attributes:
       - yang_name: name
         id: true
-        example: TEST
+        example: EXEC1
       - yang_name: a1/auth-exec-choice/local/local
         xpath: a1/local
         tf_name: a1_local
         example: false
+        exclude_test: true
       - yang_name: a1/auth-exec-choice/group/group
         xpath: a1/group
         tf_name: a1_group
         example: GROUP1
+      - yang_name: a1/auth-exec-choice/radius/radius
+        xpath: a1/radius
+        tf_name: a1_radius
+        example: true
+        exclude_test: true
+      - yang_name: a1/auth-exec-choice/tacacs/tacacs
+        xpath: a1/tacacs
+        tf_name: a1_tacacs
+        example: true
+        exclude_test: true
+      - yang_name: a1/auth-exec-choice/if-authenticated/if-authenticated
+        xpath: a1/if-authenticated
+        tf_name: a1_if_authenticated
+        example: true
+        exclude_test: true
       - yang_name: a2/auth-exec-choice/local/local
         xpath: a2/local
         tf_name: a2_local
         example: false
         exclude_test: true
-      - yang_name: a1/auth-exec-choice/if-authenticated/if-authenticated
-        xpath: a1/if-authenticated
-        tf_name: a1_if_authenticated
+      - yang_name: a2/auth-exec-choice/group/group
+        xpath: a2/group
+        tf_name: a2_group
+        example: GROUP2
+      - yang_name: a2/auth-exec-choice/radius/radius
+        xpath: a2/radius
+        tf_name: a2_radius
+        example: true
+        exclude_test: true
+      - yang_name: a2/auth-exec-choice/tacacs/tacacs
+        xpath: a2/tacacs
+        tf_name: a2_tacacs
+        example: true
+        exclude_test: true
+      - yang_name: a2/auth-exec-choice/if-authenticated/if-authenticated
+        xpath: a2/if-authenticated
+        tf_name: a2_if_authenticated
+        example: true
+        exclude_test: true
+      - yang_name: a3/auth-exec-choice/local/local
+        xpath: a3/local
+        tf_name: a3_local
+        example: false
+        exclude_test: true
+      - yang_name: a3/auth-exec-choice/group/group
+        xpath: a3/group
+        tf_name: a3_group
+        example: GROUP3
+      - yang_name: a3/auth-exec-choice/radius/radius
+        xpath: a3/radius
+        tf_name: a3_radius
+        example: true
+        exclude_test: true
+      - yang_name: a3/auth-exec-choice/tacacs/tacacs
+        xpath: a3/tacacs
+        tf_name: a3_tacacs
         example: true
+        exclude_test: true
+      - yang_name: a3/auth-exec-choice/if-authenticated/if-authenticated
+        xpath: a3/if-authenticated
+        tf_name: a3_if_authenticated
+        example: true
+        exclude_test: true
+      - yang_name: a4/auth-exec-choice/local/local
+        xpath: a4/local
+        tf_name: a4_local
+        example: true
+      - yang_name: a4/auth-exec-choice/group/group
+        xpath: a4/group
+        tf_name: a4_group
+        example: GROUP4
+        exclude_test: true
+      - yang_name: a4/auth-exec-choice/radius/radius
+        xpath: a4/radius
+        tf_name: a4_radius
+        example: true
+        exclude_test: true
+      - yang_name: a4/auth-exec-choice/tacacs/tacacs
+        xpath: a4/tacacs
+        tf_name: a4_tacacs
+        example: true
+        exclude_test: true
+      - yang_name: a4/auth-exec-choice/if-authenticated/if-authenticated
+        xpath: a4/if-authenticated
+        tf_name: a4_if_authenticated
+        example: true
+        exclude_test: true
   - yang_name: network
     tf_name: networks
     type: List
-    exclude_test: true
     attributes:
       - yang_name: id
         id: true
-        example: TEST11
+        example: NET1
+      - yang_name: a1/auth-choice/local/local
+        xpath: a1/local
+        tf_name: a1_local
+        example: true
+        exclude_test: true
       - yang_name: a1/auth-choice/group/group
         xpath: a1/group
         tf_name: a1_group
-        example: Radius-GROUP
+        example: RGROUP1
+      - yang_name: a2/auth-choice/local/local
+        xpath: a2/local
+        tf_name: a2_local
+        example: true
+        exclude_test: true
+      - yang_name: a2/auth-choice/group/group
+        xpath: a2/group
+        tf_name: a2_group
+        example: RGROUP2
+      - yang_name: a3/auth-choice/local/local
+        xpath: a3/local
+        tf_name: a3_local
+        example: true
+        exclude_test: true
+      - yang_name: a3/auth-choice/group/group
+        xpath: a3/group
+        tf_name: a3_group
+        example: RGROUP3
+      - yang_name: a4/auth-choice/local/local
+        xpath: a4/local
+        tf_name: a4_local
+        example: true
+      - yang_name: a4/auth-choice/group/group
+        xpath: a4/group
+        tf_name: a4_group
+        example: RGROUP4
+        exclude_test: true