Add service template and vlan access map resources and data sources (#46

)

CHANGELOG.md

@@ -60,6 +60,10 @@
 - BREAKING CHANGE: Rename `summary_address` attribute to `summary_addresses` of `iosxe_ospf` resource and data source
 - Add `ipv4_unicast_networks_mask` and `ipv4_unicast_networks` attribute to `iosxe_bgp_address_family_ipv4` and `iosxe_bgp_address_family_ipv4_vrf` resources and data sources
 - Add `ipv6_unicast_networks` attribute to `iosxe_bgp_address_family_ipv6` and `iosxe_bgp_address_family_ipv6_vrf` resources and data sources
+- Add `iosxe_service_template` resource and data source
+- Add `iosxe_vlan_access_map` resource and data source
+- Add `service_policy_subscriber` attribute to `iosxe_template` resources and data sources
+
 
 ## 0.3.3
 

docs/data-sources/aaa.md

@@ -39,6 +39,7 @@ data "iosxe_aaa" "example" {
 
 Read-Only:
 
+- `ip_radius_source_interface_loopback` (Number) Loopback interface
 - `name` (String) Radius Server-group name with max string length 32
 - `server_names` (Attributes List) Name of radius server (see [below for nested schema](#nestedatt--group_server_radius--server_names))
 

docs/data-sources/aaa_authorization.md

@@ -35,8 +35,10 @@ data "iosxe_aaa_authorization" "example" {
 
 Read-Only:
 
+- `a1_group` (String) Use Server-group
 - `a1_if_authenticated` (Boolean) Succeed if user has authenticated.
 - `a1_local` (Boolean) Use local database
+- `a2_local` (Boolean)
 - `name` (String)
 
 

docs/data-sources/interface_tunnel.md

@@ -31,6 +31,7 @@ data "iosxe_interface_tunnel" "example" {
 
 ### Read-Only
 
+- `arp_timeout` (Number) Set ARP cache timeout
 - `bfd_echo` (Boolean) Use echo adjunct as bfd detection mechanism
 - `bfd_enable` (Boolean) Enable BFD under the interface
 - `bfd_interval` (Number)

docs/data-sources/service_template.md

@@ -0,0 +1,79 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "iosxe_service_template Data Source - terraform-provider-iosxe"
+subcategory: "System"
+description: |-
+  This data source can read the Service Template configuration.
+---
+
+# iosxe_service_template (Data Source)
+
+This data source can read the Service Template configuration.
+
+## Example Usage
+
+```terraform
+data "iosxe_service_template" "example" {
+  word = "DEFAULT_LINKSEC_POLICY_MUST_SECURE"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `word` (String) Specify a template name (maximum 48 characters)
+
+### Optional
+
+- `device` (String) A device name from the provider configuration.
+
+### Read-Only
+
+- `absolute_timer` (Number) Enter a value between 1 and 1073741823
+- `access_group` (Attributes List) Access list to be applied (see [below for nested schema](#nestedatt--access_group))
+- `description` (String) Enter a description
+- `dns_acl_preauth` (String) pre-authentication
+- `id` (String) The path of the retrieved object.
+- `inactivity_timer_probe` (Boolean) ARP probe
+- `inactivity_timer_value` (Number) Enter a value between 1 and 65535
+- `interface_template` (Attributes List) Interface template to be applied (see [below for nested schema](#nestedatt--interface_template))
+- `linksec_policy` (String) Set the link security policy
+- `mdns_service_policy` (String) mdns policy to be applied
+- `redirect_append_client_mac` (String) Append client Mac Address in redirect URL
+- `redirect_append_switch_mac` (String) Append switch Mac Address in redirect URL
+- `redirect_url_match_acl_name` (String) Specify the access list name
+- `redirect_url_match_action` (String)
+- `redirect_url_url_name` (String) Specify a valid URL
+- `service_policy_qos_input` (String) Configure input Qos policy
+- `service_policy_qos_output` (String) Configure output Qos policy
+- `sgt` (Number) SGT tag
+- `tag_config` (Attributes List) tag name (see [below for nested schema](#nestedatt--tag_config))
+- `tunnel_capwap_name` (String) tunnel profile name
+- `vlan` (Number) Vlan to be applied
+- `vnid` (String) Vnid to be applied
+- `voice_vlan` (Boolean) Critical voice vlan
+
+<a id="nestedatt--access_group"></a>
+### Nested Schema for `access_group`
+
+Read-Only:
+
+- `name` (String) Specify the access list name
+
+
+<a id="nestedatt--interface_template"></a>
+### Nested Schema for `interface_template`
+
+Read-Only:
+
+- `name` (String) Enter name of interface template
+
+
+<a id="nestedatt--tag_config"></a>
+### Nested Schema for `tag_config`
+
+Read-Only:
+
+- `name` (String) Specify the Tag name

docs/data-sources/template.md

@@ -52,6 +52,7 @@ data "iosxe_template" "example" {
 - `dot1x_max_reauth_req` (Number) Max No. of Reauthentication Attempts
 - `dot1x_max_req` (Number) Max No. of Retries
 - `dot1x_pae` (String) Set 802.1x interface pae type
+- `dot1x_timeout_tx_period` (Number) Timeout for supplicant retries
 - `id` (String) The path of the retrieved object.
 - `ip_access_group` (Attributes List) Access control list for IP packets (see [below for nested schema](#nestedatt--ip_access_group))
 - `ip_dhcp_snooping_limit_rate` (Number) DHCP snooping rate limit
@@ -61,6 +62,7 @@ data "iosxe_template" "example" {
 - `mab_eap` (Boolean) Use EAP authentication for MAC Auth Bypass
 - `service_policy_input` (String) policy-map name
 - `service_policy_output` (String) policy-map name
+- `service_policy_subscriber` (String) Apply a subscriber control policy to the interface
 - `source_template` (String) Get config from a template
 - `spanning_tree_bpduguard_enable` (Boolean) Enable BPDU guard for this interface
 - `spanning_tree_portfast` (Boolean) Portfast options for the interface

docs/data-sources/vlan_access_map.md

@@ -0,0 +1,39 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "iosxe_vlan_access_map Data Source - terraform-provider-iosxe"
+subcategory: "Switching"
+description: |-
+  This data source can read the VLAN Access Map configuration.
+---
+
+# iosxe_vlan_access_map (Data Source)
+
+This data source can read the VLAN Access Map configuration.
+
+## Example Usage
+
+```terraform
+data "iosxe_vlan_access_map" "example" {
+  name  = "accessmap1"
+  value = 1000
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Vlan access map tag
+- `value` (Number) Sequence to insert to/delete from existing vlan access-map entry
+
+### Optional
+
+- `device` (String) A device name from the provider configuration.
+
+### Read-Only
+
+- `action` (String) Take the action
+- `id` (String) The path of the retrieved object.
+- `match_ip_address` (List of String)
+- `match_ipv6_address` (List of String) Match IPv6 address to access control.

docs/guides/changelog.md

@@ -69,6 +69,10 @@ description: |-
 - BREAKING CHANGE: Rename `summary_address` attribute to `summary_addresses` of `iosxe_ospf` resource and data source
 - Add `ipv4_unicast_networks_mask` and `ipv4_unicast_networks` attribute to `iosxe_bgp_address_family_ipv4` and `iosxe_bgp_address_family_ipv4_vrf` resources and data sources
 - Add `ipv6_unicast_networks` attribute to `iosxe_bgp_address_family_ipv6` and `iosxe_bgp_address_family_ipv6_vrf` resources and data sources
+- Add `iosxe_service_template` resource and data source
+- Add `iosxe_vlan_access_map` resource and data source
+- Add `service_policy_subscriber` attribute to `iosxe_template` resources and data sources
+
 
 ## 0.3.3
 

docs/resources/aaa.md

@@ -32,6 +32,7 @@ resource "iosxe_aaa" "example" {
           name = "TESTRADIUS"
         }
       ]
+      ip_radius_source_interface_loopback = 0
     }
   ]
   group_tacacsplus = [
@@ -74,6 +75,8 @@ Required:
 
 Optional:
 
+- `ip_radius_source_interface_loopback` (Number) Loopback interface
+  - Range: `0`-`2147483647`
 - `server_names` (Attributes List) Name of radius server (see [below for nested schema](#nestedatt--group_server_radius--server_names))
 
 <a id="nestedatt--group_server_radius--server_names"></a>

docs/resources/aaa_authorization.md

@@ -18,6 +18,7 @@ resource "iosxe_aaa_authorization" "example" {
     {
       name                = "TEST"
       a1_local            = false
+      a1_group            = "false"
       a1_if_authenticated = true
     }
   ]
@@ -48,8 +49,10 @@ Required:
 
 Optional:
 
+- `a1_group` (String) Use Server-group
 - `a1_if_authenticated` (Boolean) Succeed if user has authenticated.
 - `a1_local` (Boolean) Use local database
+- `a2_local` (Boolean)
 
 
 <a id="nestedatt--networks"></a>

docs/resources/interface_tunnel.md

@@ -39,6 +39,7 @@ resource "iosxe_interface_tunnel" "example" {
   ]
   tunnel_destination_ipv4        = "2.2.2.2"
   crypto_ipsec_df_bit            = "clear"
+  arp_timeout                    = 300
   ipv4_address                   = "10.1.1.1"
   ipv4_address_mask              = "255.255.255.0"
   ip_dhcp_relay_source_interface = "Loopback100"
@@ -65,6 +66,8 @@ resource "iosxe_interface_tunnel" "example" {
 
 ### Optional
 
+- `arp_timeout` (Number) Set ARP cache timeout
+  - Range: `0`-`2147483`
 - `bfd_echo` (Boolean) Use echo adjunct as bfd detection mechanism
 - `bfd_enable` (Boolean) Enable BFD under the interface
 - `bfd_interval` (Number) - Range: `50`-`9999`

docs/resources/service_template.md

@@ -0,0 +1,125 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "iosxe_service_template Resource - terraform-provider-iosxe"
+subcategory: "System"
+description: |-
+  This resource can manage the Service Template configuration.
+---
+
+# iosxe_service_template (Resource)
+
+This resource can manage the Service Template configuration.
+
+## Example Usage
+
+```terraform
+resource "iosxe_service_template" "example" {
+  word = "DEFAULT_LINKSEC_POLICY_MUST_SECURE"
+  access_group = [
+    {
+      name = "ag1"
+    }
+  ]
+  inactivity_timer_value = 25
+  inactivity_timer_probe = false
+  vlan                   = 27
+  voice_vlan             = false
+  linksec_policy         = "must-secure"
+  sgt                    = 57
+  absolute_timer         = 45
+  description            = "service_template_desc"
+  interface_template = [
+    {
+      name = "template1"
+    }
+  ]
+  tunnel_capwap_name          = "tunnel_name"
+  vnid                        = "vnid_1"
+  redirect_append_client_mac  = "00:01:00:01:00:01"
+  redirect_append_switch_mac  = "00:01:00:01:00:02"
+  redirect_url_url_name       = "valid_url"
+  redirect_url_match_acl_name = "acl_name"
+  redirect_url_match_action   = "redirect-on-no-match"
+  dns_acl_preauth             = "dns_acl_name"
+  service_policy_qos_input    = "input_qos"
+  service_policy_qos_output   = "output_qos"
+  tag_config = [
+    {
+      name = "tag_name"
+    }
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `word` (String) Specify a template name (maximum 48 characters)
+
+### Optional
+
+- `absolute_timer` (Number) Enter a value between 1 and 1073741823
+  - Range: `1`-`1073741823`
+- `access_group` (Attributes List) Access list to be applied (see [below for nested schema](#nestedatt--access_group))
+- `description` (String) Enter a description
+- `device` (String) A device name from the provider configuration.
+- `dns_acl_preauth` (String) pre-authentication
+- `inactivity_timer_probe` (Boolean) ARP probe
+- `inactivity_timer_value` (Number) Enter a value between 1 and 65535
+  - Range: `1`-`65535`
+- `interface_template` (Attributes List) Interface template to be applied (see [below for nested schema](#nestedatt--interface_template))
+- `linksec_policy` (String) Set the link security policy
+  - Choices: `must-not-secure`, `must-secure`, `should-secure`
+- `mdns_service_policy` (String) mdns policy to be applied
+- `redirect_append_client_mac` (String) Append client Mac Address in redirect URL
+- `redirect_append_switch_mac` (String) Append switch Mac Address in redirect URL
+- `redirect_url_match_acl_name` (String) Specify the access list name
+- `redirect_url_match_action` (String) - Choices: `one-time-redirect`, `redirect-on-no-match`
+- `redirect_url_url_name` (String) Specify a valid URL
+- `service_policy_qos_input` (String) Configure input Qos policy
+- `service_policy_qos_output` (String) Configure output Qos policy
+- `sgt` (Number) SGT tag
+  - Range: `2`-`65519`
+- `tag_config` (Attributes List) tag name (see [below for nested schema](#nestedatt--tag_config))
+- `tunnel_capwap_name` (String) tunnel profile name
+- `vlan` (Number) Vlan to be applied
+  - Range: `1`-`4094`
+- `vnid` (String) Vnid to be applied
+- `voice_vlan` (Boolean) Critical voice vlan
+
+### Read-Only
+
+- `id` (String) The path of the object.
+
+<a id="nestedatt--access_group"></a>
+### Nested Schema for `access_group`
+
+Required:
+
+- `name` (String) Specify the access list name
+
+
+<a id="nestedatt--interface_template"></a>
+### Nested Schema for `interface_template`
+
+Required:
+
+- `name` (String) Enter name of interface template
+
+
+<a id="nestedatt--tag_config"></a>
+### Nested Schema for `tag_config`
+
+Required:
+
+- `name` (String) Specify the Tag name
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import iosxe_service_template.example "Cisco-IOS-XE-native:native/Cisco-IOS-XE-switch:service-template=DEFAULT_LINKSEC_POLICY_MUST_SECURE"
+```