Add authentication and dot1x attributes

CHANGELOG.md

@@ -10,6 +10,7 @@
 - Add `ip_bgp_community_new_format` attribute to `iosxe_system` resource and data source
 - Add `community_list_standard` resource and data source
 - Add `community_list_expanded` resource and data source
+- Add `authentication`, `mab` and `dot1x` attributes to `iosxe_interface_ethernet` resource and data source
 
 ## 0.5.1
 

docs/data-sources/interface_ethernet.md

@@ -34,6 +34,25 @@ data "iosxe_interface_ethernet" "example" {
 ### Read-Only
 
 - `arp_timeout` (Number) Set ARP cache timeout
+- `authentication_host_mode` (String) Set the Host mode for authentication on this interface
+- `authentication_order_dot1x` (Boolean) Authentication method dot1x allowed
+- `authentication_order_dot1x_mab` (Boolean) Authentication method mab allowed
+- `authentication_order_dot1x_webauth` (Boolean) Authentication method webauth allowed
+- `authentication_order_mab` (Boolean) Authentication method mab allowed
+- `authentication_order_mab_dot1x` (Boolean) Authentication method dot1x allowed
+- `authentication_order_mab_webauth` (Boolean) Authentication method webauth allowed
+- `authentication_order_webauth` (Boolean) Authentication method webauth allowed
+- `authentication_periodic` (Boolean) Enable or Disable Reauthentication for this port
+- `authentication_port_control` (String) set the port-control value
+- `authentication_priority_dot1x` (Boolean) Authentication method dot1x allowed
+- `authentication_priority_dot1x_mab` (Boolean) Authentication method mab allowed
+- `authentication_priority_dot1x_webauth` (Boolean) Authentication method webauth allowed
+- `authentication_priority_mab` (Boolean) Authentication method mab allowed
+- `authentication_priority_mab_dot1x` (Boolean) Authentication method dot1x allowed
+- `authentication_priority_mab_webauth` (Boolean) Authentication method webauth allowed
+- `authentication_priority_webauth` (Boolean) Authentication method webauth allowed
+- `authentication_timer_reauthenticate` (Number) Enter a value between 1 and 1073741823
+- `authentication_timer_reauthenticate_server` (Boolean) Obtain re-authentication timeout value from the server
 - `auto_qos_classify` (Boolean) Configure classification for untrusted devices
 - `auto_qos_classify_police` (Boolean) Configure QoS policing for untrusted devices
 - `auto_qos_trust` (Boolean) Trust the DSCP/CoS marking
@@ -56,6 +75,17 @@ data "iosxe_interface_ethernet" "example" {
 - `channel_group_mode` (String) Etherchannel Mode of the interface
 - `channel_group_number` (Number)
 - `description` (String) Interface specific description
+- `dot1x_max_reauth_req` (Number) Max No. of Reauthentication Attempts
+- `dot1x_max_req` (Number) Max No. of Retries
+- `dot1x_pae` (String) Set 802.1x interface pae type
+- `dot1x_timeout_auth_period` (Number) Timeout for authenticator reply
+- `dot1x_timeout_held_period` (Number) Timeout for authentication retries
+- `dot1x_timeout_quiet_period` (Number) QuietPeriod in Seconds
+- `dot1x_timeout_ratelimit_period` (Number) Ratelimit Period in seconds
+- `dot1x_timeout_server_timeout` (Number) Timeout for Radius Retries
+- `dot1x_timeout_start_period` (Number) Timeout for EAPOL-start retries
+- `dot1x_timeout_supp_timeout` (Number) Timeout for supplicant reply
+- `dot1x_timeout_tx_period` (Number) Timeout for supplicant retries
 - `encapsulation_dot1q_vlan_id` (Number)
 - `helper_addresses` (Attributes List) Specify a destination address for UDP broadcasts (see [below for nested schema](#nestedatt--helper_addresses))
 - `id` (String) The path of the retrieved object.
@@ -79,6 +109,8 @@ data "iosxe_interface_ethernet" "example" {
 - `ipv6_link_local_addresses` (Attributes List) (see [below for nested schema](#nestedatt--ipv6_link_local_addresses))
 - `ipv6_mtu` (Number) Set IPv6 Maximum Transmission Unit
 - `ipv6_nd_ra_suppress_all` (Boolean) Suppress all IPv6 RA
+- `mab` (Boolean) MAC Authentication Bypass Interface Config Commands
+- `mab_eap` (Boolean) Use EAP authentication for MAC Auth Bypass
 - `media_type` (String) Media type
 - `shutdown` (Boolean) Shutdown the selected interface
 - `source_template` (Attributes List) (see [below for nested schema](#nestedatt--source_template))

docs/guides/changelog.md

@@ -19,6 +19,7 @@ description: |-
 - Add `ip_bgp_community_new_format` attribute to `iosxe_system` resource and data source
 - Add `community_list_standard` resource and data source
 - Add `community_list_expanded` resource and data source
+- Add `authentication`, `mab` and `dot1x` attributes to `iosxe_interface_ethernet` resource and data source
 
 ## 0.5.1
 

docs/resources/interface_ethernet.md

@@ -75,6 +75,28 @@ resource "iosxe_interface_ethernet" "example" {
 
 - `arp_timeout` (Number) Set ARP cache timeout
   - Range: `0`-`2147483`
+- `authentication_host_mode` (String) Set the Host mode for authentication on this interface
+  - Choices: `multi-auth`, `multi-domain`, `multi-host`, `single-host`
+- `authentication_order_dot1x` (Boolean) Authentication method dot1x allowed
+- `authentication_order_dot1x_mab` (Boolean) Authentication method mab allowed
+- `authentication_order_dot1x_webauth` (Boolean) Authentication method webauth allowed
+- `authentication_order_mab` (Boolean) Authentication method mab allowed
+- `authentication_order_mab_dot1x` (Boolean) Authentication method dot1x allowed
+- `authentication_order_mab_webauth` (Boolean) Authentication method webauth allowed
+- `authentication_order_webauth` (Boolean) Authentication method webauth allowed
+- `authentication_periodic` (Boolean) Enable or Disable Reauthentication for this port
+- `authentication_port_control` (String) set the port-control value
+  - Choices: `auto`, `force-authorized`, `force-unauthorized`
+- `authentication_priority_dot1x` (Boolean) Authentication method dot1x allowed
+- `authentication_priority_dot1x_mab` (Boolean) Authentication method mab allowed
+- `authentication_priority_dot1x_webauth` (Boolean) Authentication method webauth allowed
+- `authentication_priority_mab` (Boolean) Authentication method mab allowed
+- `authentication_priority_mab_dot1x` (Boolean) Authentication method dot1x allowed
+- `authentication_priority_mab_webauth` (Boolean) Authentication method webauth allowed
+- `authentication_priority_webauth` (Boolean) Authentication method webauth allowed
+- `authentication_timer_reauthenticate` (Number) Enter a value between 1 and 1073741823
+  - Range: `1`-`1073741823`
+- `authentication_timer_reauthenticate_server` (Boolean) Obtain re-authentication timeout value from the server
 - `auto_qos_classify` (Boolean) Configure classification for untrusted devices
 - `auto_qos_classify_police` (Boolean) Configure QoS policing for untrusted devices
 - `auto_qos_trust` (Boolean) Trust the DSCP/CoS marking
@@ -101,6 +123,28 @@ resource "iosxe_interface_ethernet" "example" {
 - `channel_group_number` (Number) - Range: `1`-`512`
 - `description` (String) Interface specific description
 - `device` (String) A device name from the provider configuration.
+- `dot1x_max_reauth_req` (Number) Max No. of Reauthentication Attempts
+  - Range: `1`-`10`
+- `dot1x_max_req` (Number) Max No. of Retries
+  - Range: `1`-`10`
+- `dot1x_pae` (String) Set 802.1x interface pae type
+  - Choices: `authenticator`, `both`, `supplicant`
+- `dot1x_timeout_auth_period` (Number) Timeout for authenticator reply
+  - Range: `1`-`65535`
+- `dot1x_timeout_held_period` (Number) Timeout for authentication retries
+  - Range: `1`-`65535`
+- `dot1x_timeout_quiet_period` (Number) QuietPeriod in Seconds
+  - Range: `1`-`65535`
+- `dot1x_timeout_ratelimit_period` (Number) Ratelimit Period in seconds
+  - Range: `1`-`65535`
+- `dot1x_timeout_server_timeout` (Number) Timeout for Radius Retries
+  - Range: `1`-`65535`
+- `dot1x_timeout_start_period` (Number) Timeout for EAPOL-start retries
+  - Range: `1`-`65535`
+- `dot1x_timeout_supp_timeout` (Number) Timeout for supplicant reply
+  - Range: `1`-`65535`
+- `dot1x_timeout_tx_period` (Number) Timeout for supplicant retries
+  - Range: `1`-`65535`
 - `encapsulation_dot1q_vlan_id` (Number) - Range: `1`-`4094`
 - `helper_addresses` (Attributes List) Specify a destination address for UDP broadcasts (see [below for nested schema](#nestedatt--helper_addresses))
 - `ip_access_group_in` (String)
@@ -125,6 +169,8 @@ resource "iosxe_interface_ethernet" "example" {
 - `ipv6_mtu` (Number) Set IPv6 Maximum Transmission Unit
   - Range: `1280`-`9976`
 - `ipv6_nd_ra_suppress_all` (Boolean) Suppress all IPv6 RA
+- `mab` (Boolean) MAC Authentication Bypass Interface Config Commands
+- `mab_eap` (Boolean) Use EAP authentication for MAC Auth Bypass
 - `media_type` (String) Media type
   - Choices: `auto-select`, `rj45`, `sfp`
 - `shutdown` (Boolean) Shutdown the selected interface

gen/definitions/interface_ethernet.yaml

@@ -278,6 +278,134 @@ attributes:
     tf_name: speed_100000
     example: true
     exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/host-mode
+    example: multi-auth
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/order-config/method/dot1x-config/dot1x-config
+    xpath: Cisco-IOS-XE-sanet:authentication/order-config/dot1x-config
+    tf_name: authentication_order_dot1x
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/order-config/method/dot1x-config/dot1x-config/mab
+    xpath: Cisco-IOS-XE-sanet:authentication/order-config/dot1x-config/mab
+    tf_name: authentication_order_dot1x_mab
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/order-config/method/dot1x-config/dot1x-config/webauth
+    xpath: Cisco-IOS-XE-sanet:authentication/order-config/dot1x-config/webauth
+    tf_name: authentication_order_dot1x_webauth
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/order-config/method/mab-config/mab-config
+    xpath: Cisco-IOS-XE-sanet:authentication/order-config/mab-config
+    tf_name: authentication_order_mab
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/order-config/method/mab-config/mab-config/dot1x
+    xpath: Cisco-IOS-XE-sanet:authentication/order-config/mab-config/dot1x
+    tf_name: authentication_order_mab_dot1x
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/order-config/method/mab-config/mab-config/webauth
+    xpath: Cisco-IOS-XE-sanet:authentication/order-config/mab-config/webauth
+    tf_name: authentication_order_mab_webauth
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/order-config/method/webauth-config/webauth-config
+    xpath: Cisco-IOS-XE-sanet:authentication/order-config/webauth-config
+    tf_name: authentication_order_webauth
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/priority-config/method/dot1x-config/dot1x-config
+    xpath: Cisco-IOS-XE-sanet:authentication/priority-config/dot1x-config
+    tf_name: authentication_priority_dot1x
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/priority-config/method/dot1x-config/dot1x-config/mab
+    xpath: Cisco-IOS-XE-sanet:authentication/priority-config/dot1x-config/mab
+    tf_name: authentication_priority_dot1x_mab
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/priority-config/method/dot1x-config/dot1x-config/webauth
+    xpath: Cisco-IOS-XE-sanet:authentication/priority-config/dot1x-config/webauth
+    tf_name: authentication_priority_dot1x_webauth
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/priority-config/method/mab-config/mab-config
+    xpath: Cisco-IOS-XE-sanet:authentication/priority-config/mab-config
+    tf_name: authentication_priority_mab
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/priority-config/method/mab-config/mab-config/dot1x
+    xpath: Cisco-IOS-XE-sanet:authentication/priority-config/mab-config/dot1x
+    tf_name: authentication_priority_mab_dot1x
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/priority-config/method/mab-config/mab-config/webauth
+    xpath: Cisco-IOS-XE-sanet:authentication/priority-config/mab-config/webauth
+    tf_name: authentication_priority_mab_webauth
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/priority-config/method/webauth-config/webauth-config
+    xpath: Cisco-IOS-XE-sanet:authentication/priority-config/webauth-config
+    tf_name: authentication_priority_webauth
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/port-control
+    example: auto
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/periodic
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/timer/reauthenticate/timer-val/value-config/value-config
+    xpath: Cisco-IOS-XE-sanet:authentication/timer/reauthenticate/value-config
+    tf_name: authentication_timer_reauthenticate
+    example: 10
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/timer/reauthenticate/timer-val/server-config/server-config
+    xpath: Cisco-IOS-XE-sanet:authentication/timer/reauthenticate/server-config
+    tf_name: authentication_timer_reauthenticate_server
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:mab
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:mab/eap
+    example: true
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-dot1x:dot1x/pae
+    example: authenticator
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-dot1x:dot1x/timeout/auth-period
+    example: 10
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-dot1x:dot1x/timeout/held-period
+    example: 10
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-dot1x:dot1x/timeout/quiet-period
+    example: 10
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-dot1x:dot1x/timeout/ratelimit-period
+    example: 10
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-dot1x:dot1x/timeout/server-timeout
+    example: 10
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-dot1x:dot1x/timeout/start-period
+    example: 10
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-dot1x:dot1x/timeout/supp-timeout
+    example: 10
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-dot1x:dot1x/timeout/tx-period
+    example: 10
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-dot1x:dot1x/max-req
+    example: 3
+    exclude_test: true
+  - yang_name: Cisco-IOS-XE-dot1x:dot1x/max-reauth-req
+    example: 3
+    exclude_test: true
 
 test_prerequisites:
   - path: Cisco-IOS-XE-native:native/vrf/definition=VRF1

gen/load_models.go

@@ -94,6 +94,7 @@ var models = []string{
 	"https://raw.githubusercontent.com/YangModels/yang/main/vendor/cisco/xe/1791/Cisco-IOS-XE-mdns-gateway.yang",
 	"https://raw.githubusercontent.com/YangModels/yang/main/vendor/cisco/xe/1791/Cisco-IOS-XE-udld.yang",
 	"https://raw.githubusercontent.com/YangModels/yang/main/vendor/cisco/xe/1791/Cisco-IOS-XE-switch.yang",
+	"https://raw.githubusercontent.com/YangModels/yang/main/vendor/cisco/xe/1791/Cisco-IOS-XE-sanet.yang",
 }
 
 const (