Skip to content

Commit

Permalink
Fix condition for default rules and policy sets
Browse files Browse the repository at this point in the history
  • Loading branch information
@danischm
danischm committed Feb 15, 2024
1 parent 9f1e8f5 commit 3491895
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 42 deletions.
42 changes: 21 additions & 21 deletions ise_device_admin.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,14 +160,14 @@ data "ise_device_admin_condition" "device_admin_condition" {
locals {
device_admin_policy_sets = [
for ps in try(local.ise.device_administration.policy_sets, []) : {
condition_type = try(ps.condition.type, local.defaults.ise.device_administration.policy_sets.condition.type, null)
condition_is_negate = try(ps.condition.is_negate, local.defaults.ise.device_administration.policy_sets.condition.is_negate, null)
condition_attribute_name = try(ps.condition.attribute_name, local.defaults.ise.device_administration.policy_sets.condition.attribute_name, null)
condition_attribute_value = try(ps.condition.attribute_value, local.defaults.ise.device_administration.policy_sets.condition.attribute_value, null)
condition_dictionary_name = try(ps.condition.dictionary_name, local.defaults.ise.device_administration.policy_sets.condition.dictionary_name, null)
condition_dictionary_value = try(ps.condition.dictionary_value, local.defaults.ise.device_administration.policy_sets.condition.dictionary_value, null)
condition_type = ps.name == "Default" ? null : try(ps.condition.type, local.defaults.ise.device_administration.policy_sets.condition.type, null)
condition_is_negate = ps.name == "Default" ? null : try(ps.condition.is_negate, local.defaults.ise.device_administration.policy_sets.condition.is_negate, null)
condition_attribute_name = ps.name == "Default" ? null : try(ps.condition.attribute_name, local.defaults.ise.device_administration.policy_sets.condition.attribute_name, null)
condition_attribute_value = ps.name == "Default" ? null : try(ps.condition.attribute_value, local.defaults.ise.device_administration.policy_sets.condition.attribute_value, null)
condition_dictionary_name = ps.name == "Default" ? null : try(ps.condition.dictionary_name, local.defaults.ise.device_administration.policy_sets.condition.dictionary_name, null)
condition_dictionary_value = ps.name == "Default" ? null : try(ps.condition.dictionary_value, local.defaults.ise.device_administration.policy_sets.condition.dictionary_value, null)
condition_id = contains(local.known_conditions_device_admin, try(ps.condition.name, "")) ? ise_device_admin_condition.device_admin_condition[ps.condition.name].id : try(data.ise_device_admin_condition.device_admin_condition[ps.condition.name].id, null)
condition_operator = try(ps.condition.operator, local.defaults.ise.device_administration.policy_sets.condition.operator, null)
condition_operator = ps.name == "Default" ? null : try(ps.condition.operator, local.defaults.ise.device_administration.policy_sets.condition.operator, null)
description = try(ps.description, local.defaults.ise.device_administration.policy_sets.description, null)
is_proxy = try(ps.is_proxy, local.defaults.ise.device_administration.policy_sets.is_proxy)
name = ps.name
Expand Down Expand Up @@ -671,14 +671,14 @@ locals {
rank = try(rule.rank, local.defaults.ise.device_administration.policy_sets.authentication_rules.rank, null)
default = rule.name == "Default" ? true : null
state = try(rule.state, local.defaults.ise.device_administration.policy_sets.authentication_rules.state, null)
condition_type = try(rule.condition.type, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.type, null)
condition_type = rule.name == "Default" ? null : try(rule.condition.type, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.type, null)
condition_id = contains(local.known_conditions_device_admin, try(rule.condition.name, "")) ? ise_device_admin_condition.device_admin_condition[rule.condition.name].id : try(data.ise_device_admin_condition.device_admin_condition[rule.condition.name].id, null)
condition_is_negate = try(rule.condition.is_negate, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.is_negate, null)
condition_attribute_name = try(rule.condition.attribute_name, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.attribute_name, null)
condition_attribute_value = try(rule.condition.attribute_value, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.attribute_value, null)
condition_dictionary_name = try(rule.condition.dictionary_name, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.dictionary_name, null)
condition_dictionary_value = try(rule.condition.dictionary_value, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.dictionary_value, null)
condition_operator = try(rule.condition.operator, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.operator, null)
condition_is_negate = rule.name == "Default" ? null : try(rule.condition.is_negate, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.is_negate, null)
condition_attribute_name = rule.name == "Default" ? null : try(rule.condition.attribute_name, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.attribute_name, null)
condition_attribute_value = rule.name == "Default" ? null : try(rule.condition.attribute_value, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.attribute_value, null)
condition_dictionary_name = rule.name == "Default" ? null : try(rule.condition.dictionary_name, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.dictionary_name, null)
condition_dictionary_value = rule.name == "Default" ? null : try(rule.condition.dictionary_value, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.dictionary_value, null)
condition_operator = rule.name == "Default" ? null : try(rule.condition.operator, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.operator, null)
identity_source_name = try(rule.identity_source_name, local.defaults.ise.device_administration.policy_sets.authentication_rules.identity_source_name, null)
if_auth_fail = try(rule.if_auth_fail, local.defaults.ise.device_administration.policy_sets.authentication_rules.if_auth_fail, null)
if_process_fail = try(rule.if_process_fail, local.defaults.ise.device_administration.policy_sets.authentication_rules.if_process_fail, null)
Expand Down Expand Up @@ -1210,14 +1210,14 @@ locals {
rank = try(rule.rank, local.defaults.ise.device_administration.policy_sets.authorization_rules.rank, null)
default = rule.name == "Default" ? true : null
state = try(rule.state, local.defaults.ise.device_administration.policy_sets.authorization_rules.state, null)
condition_type = try(rule.condition.type, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.type, null)
condition_type = rule.name == "Default" ? null : try(rule.condition.type, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.type, null)
condition_id = contains(local.known_conditions_device_admin, try(rule.condition.name, "")) ? ise_device_admin_condition.device_admin_condition[rule.condition.name].id : try(data.ise_device_admin_condition.device_admin_condition[rule.condition.name].id, null)
condition_is_negate = try(rule.condition.is_negate, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.is_negate, null)
condition_attribute_name = try(rule.condition.attribute_name, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.attribute_name, null)
condition_attribute_value = try(rule.condition.attribute_value, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.attribute_value, null)
condition_dictionary_name = try(rule.condition.dictionary_name, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.dictionary_name, null)
condition_dictionary_value = try(rule.condition.dictionary_value, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.dictionary_value, null)
condition_operator = try(rule.condition.operator, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.operator, null)
condition_is_negate = rule.name == "Default" ? null : try(rule.condition.is_negate, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.is_negate, null)
condition_attribute_name = rule.name == "Default" ? null : try(rule.condition.attribute_name, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.attribute_name, null)
condition_attribute_value = rule.name == "Default" ? null : try(rule.condition.attribute_value, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.attribute_value, null)
condition_dictionary_name = rule.name == "Default" ? null : try(rule.condition.dictionary_name, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.dictionary_name, null)
condition_dictionary_value = rule.name == "Default" ? null : try(rule.condition.dictionary_value, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.dictionary_value, null)
condition_operator = rule.name == "Default" ? null : try(rule.condition.operator, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.operator, null)
profile = try(rule.profile, local.defaults.ise.device_administration.policy_sets.authorization_rules.profile, null)
command_sets = try(rule.command_sets, local.defaults.ise.device_administration.policy_sets.authorization_rules.command_sets, null)
children = try([for i in rule.condition.children : {
Expand Down
Loading

0 comments on commit 3491895

Please sign in to comment.