From 9f1e8f541d06233ebf17ea627c1ba46249bb2f50 Mon Sep 17 00:00:00 2001 From: danischm Date: Thu, 15 Feb 2024 15:46:18 +0100 Subject: [PATCH] Allow updating default policy sets and rules --- CHANGELOG.md | 1 + README.md | 2 +- ise_device_admin.tf | 67 +++++++++++++++---------------------------- ise_network_access.tf | 67 +++++++++++++++---------------------------- versions.tf | 2 +- 5 files changed, 49 insertions(+), 90 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f504a7f..7c14dce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - Added `ise_identity_source_sequence` support - BREAKING CHANGE: Split `attribute_name` to `dictionary_name` and `attribute_name` - BREAKING CHANGE: Removed `manage_*` variables +- Allow updating default policy sets and rules ## 0.1.0 diff --git a/README.md b/README.md index 12e0f12..7cbe42e 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ module "ise" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | -| [ise](#requirement\_ise) | >= 0.1.12 | +| [ise](#requirement\_ise) | >= 0.1.13 | | [local](#requirement\_local) | >= 2.3.0 | | [time](#requirement\_time) | >= 0.10.0 | | [utils](#requirement\_utils) | >= 0.2.5 | diff --git a/ise_device_admin.tf b/ise_device_admin.tf index c17b8a5..d55985a 100644 --- a/ise_device_admin.tf +++ b/ise_device_admin.tf @@ -173,6 +173,7 @@ locals { name = ps.name service_name = try(ps.service_name, local.defaults.ise.device_administration.policy_sets.service_name) state = try(ps.state, local.defaults.ise.device_administration.policy_sets.state) + default = ps.name == "Default" ? true : null rank = try(ps.rank, local.defaults.ise.device_administration.policy_sets.rank, null) children = try([for i in ps.condition.children : { attribute_name = try(i.attribute_name, local.defaults.ise.device_administration.policy_sets.condition.attribute_name, null) @@ -213,6 +214,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_0" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -234,6 +236,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_1" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -255,6 +258,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_2" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -276,6 +280,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_3" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -297,6 +302,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_4" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -318,6 +324,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_5" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -339,6 +346,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_6" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -360,6 +368,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_7" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -381,6 +390,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_8" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -402,6 +412,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_9" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -423,6 +434,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_10" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -444,6 +456,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_11" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -465,6 +478,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_12" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -486,6 +500,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_13" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -507,6 +522,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_14" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -528,6 +544,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_15" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -549,6 +566,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_16" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -570,6 +588,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_17" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -591,6 +610,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_18" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -612,6 +632,7 @@ resource "ise_device_admin_policy_set" "device_admin_policy_set_19" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -648,7 +669,7 @@ locals { policy_set_id = local.device_admin_policy_set_ids[ps.name] name = rule.name rank = try(rule.rank, local.defaults.ise.device_administration.policy_sets.authentication_rules.rank, null) - default = try(rule.default, local.defaults.ise.device_administration.policy_sets.authentication_rules.default, null) + default = rule.name == "Default" ? true : null state = try(rule.state, local.defaults.ise.device_administration.policy_sets.authentication_rules.state, null) condition_type = try(rule.condition.type, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.type, null) condition_id = contains(local.known_conditions_device_admin, try(rule.condition.name, "")) ? ise_device_admin_condition.device_admin_condition[rule.condition.name].id : try(data.ise_device_admin_condition.device_admin_condition[rule.condition.name].id, null) @@ -1187,7 +1208,7 @@ locals { policy_set_id = local.device_admin_policy_set_ids[ps.name] name = rule.name rank = try(rule.rank, local.defaults.ise.device_administration.policy_sets.authorization_rules.rank, null) - default = try(rule.default, local.defaults.ise.device_administration.policy_sets.authorization_rules.default, null) + default = rule.name == "Default" ? true : null state = try(rule.state, local.defaults.ise.device_administration.policy_sets.authorization_rules.state, null) condition_type = try(rule.condition.type, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.type, null) condition_id = contains(local.known_conditions_device_admin, try(rule.condition.name, "")) ? ise_device_admin_condition.device_admin_condition[rule.condition.name].id : try(data.ise_device_admin_condition.device_admin_condition[rule.condition.name].id, null) @@ -1672,7 +1693,6 @@ locals { policy_set_id = local.device_admin_policy_set_ids[ps.name] name = rule.name rank = try(rule.rank, local.defaults.ise.device_administration.policy_sets.authorization_exception_rules.rank, null) - default = try(rule.default, local.defaults.ise.device_administration.policy_sets.authorization_exception_rules.default, null) state = try(rule.state, local.defaults.ise.device_administration.policy_sets.authorization_exception_rules.state, null) condition_type = try(rule.condition.type, local.defaults.ise.device_administration.policy_sets.authorization_exception_rules.condition.type, null) condition_id = contains(local.known_conditions_device_admin, try(rule.condition.name, "")) ? ise_device_admin_condition.device_admin_condition[rule.condition.name].id : try(data.ise_device_admin_condition.device_admin_condition[rule.condition.name].id, null) @@ -1715,7 +1735,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1737,7 +1756,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1759,7 +1777,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1781,7 +1798,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1803,7 +1819,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1825,7 +1840,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1847,7 +1861,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1869,7 +1882,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1891,7 +1903,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1913,7 +1924,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1935,7 +1945,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1957,7 +1966,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1979,7 +1987,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2001,7 +2008,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2023,7 +2029,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2045,7 +2050,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2067,7 +2071,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2089,7 +2092,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2111,7 +2113,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2133,7 +2134,6 @@ resource "ise_device_admin_authorization_exception_rule" "device_admin_authoriza policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2154,7 +2154,6 @@ locals { for rule in try(local.ise.device_administration.authorization_global_exception_rules, []) : { name = rule.name rank = try(rule.rank, local.defaults.ise.device_administration.authorization_global_exception_rules.rank, null) - default = try(rule.default, local.defaults.ise.device_administration.authorization_global_exception_rules.default, null) state = try(rule.state, local.defaults.ise.device_administration.authorization_global_exception_rules.state, null) condition_type = try(rule.condition.type, local.defaults.ise.device_administration.authorization_global_exception_rules.condition.type, null) condition_id = contains(local.known_conditions_device_admin, try(rule.condition.name, "")) ? ise_device_admin_condition.device_admin_condition[rule.condition.name].id : try(data.ise_device_admin_condition.device_admin_condition[rule.condition.name].id, null) @@ -2195,7 +2194,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2216,7 +2214,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2237,7 +2234,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2258,7 +2254,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2279,7 +2274,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2300,7 +2294,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2321,7 +2314,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2342,7 +2334,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2363,7 +2354,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2384,7 +2374,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2405,7 +2394,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2426,7 +2414,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2447,7 +2434,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2468,7 +2454,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2489,7 +2474,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2510,7 +2494,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2531,7 +2514,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2552,7 +2534,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2573,7 +2554,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2594,7 +2574,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "device_admin_au name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id diff --git a/ise_network_access.tf b/ise_network_access.tf index d587210..cf779e2 100644 --- a/ise_network_access.tf +++ b/ise_network_access.tf @@ -286,6 +286,7 @@ locals { name = ps.name service_name = try(ps.service_name, local.defaults.ise.network_access.policy_sets.service_name) state = try(ps.state, local.defaults.ise.network_access.policy_sets.state) + default = ps.name == "Default" ? true : null rank = try(ps.rank, local.defaults.ise.network_access.policy_sets.rank, null) children = try([for i in ps.condition.children : { attribute_name = try(i.attribute_name, local.defaults.ise.network_access.policy_sets.condition.attribute_name, null), @@ -326,6 +327,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_0" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -347,6 +349,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_1" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -368,6 +371,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_2" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -389,6 +393,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_3" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -410,6 +415,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_4" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -431,6 +437,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_5" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -452,6 +459,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_6" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -473,6 +481,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_7" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -494,6 +503,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_8" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -515,6 +525,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_9" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -536,6 +547,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_10" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -557,6 +569,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_11" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -578,6 +591,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_12" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -599,6 +613,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_13" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -620,6 +635,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_14" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -641,6 +657,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_15" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -662,6 +679,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_16" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -683,6 +701,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_17" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -704,6 +723,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_18" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -725,6 +745,7 @@ resource "ise_network_access_policy_set" "network_access_policy_set_19" { name = each.value.name service_name = each.value.service_name state = each.value.state + default = each.value.default rank = each.value.rank children = each.value.children @@ -762,7 +783,7 @@ locals { policy_set_id = local.network_access_policy_set_ids[ps.name] name = rule.name rank = try(rule.rank, local.defaults.ise.network_access.policy_sets.authentication_rules.rank, null) - default = try(rule.default, local.defaults.ise.network_access.policy_sets.authentication_rules.default, null) + default = rule.name == "Default" ? true : null state = try(rule.state, local.defaults.ise.network_access.policy_sets.authentication_rules.state, null) condition_type = try(rule.condition.type, local.defaults.ise.network_access.policy_sets.authentication_rules.condition.type, null) condition_id = contains(local.known_conditions_network_access, try(rule.condition.name, "")) ? ise_network_access_condition.network_access_condition[rule.condition.name].id : try(data.ise_network_access_condition.network_access_condition[rule.condition.name].id, null) @@ -1289,7 +1310,7 @@ locals { policy_set_id = local.network_access_policy_set_ids[ps.name] name = rule.name rank = try(rule.rank, local.defaults.ise.network_access.policy_sets.authorization_rules.rank, null) - default = try(rule.default, local.defaults.ise.network_access.policy_sets.authorization_rules.default, null) + default = rule.name == "Default" ? true : null state = try(rule.state, local.defaults.ise.network_access.policy_sets.authorization_rules.state, null) condition_type = try(rule.condition.type, local.defaults.ise.network_access.policy_sets.authorization_rules.condition.type, null) condition_id = contains(local.known_conditions_network_access, try(rule.condition.name, "")) ? ise_network_access_condition.network_access_condition[rule.condition.name].id : try(data.ise_network_access_condition.network_access_condition[rule.condition.name].id, null) @@ -1774,7 +1795,6 @@ locals { policy_set_id = local.network_access_policy_set_ids[ps.name] name = rule.name rank = try(rule.rank, local.defaults.ise.network_access.policy_sets.authorization_exception_rules.rank, null) - default = try(rule.default, local.defaults.ise.network_access.policy_sets.authorization_exception_rules.default, null) state = try(rule.state, local.defaults.ise.network_access.policy_sets.authorization_exception_rules.state, null) condition_type = try(rule.condition.type, local.defaults.ise.network_access.policy_sets.authorization_exception_rules.condition.type, null) condition_id = contains(local.known_conditions_network_access, try(rule.condition.name, "")) ? ise_network_access_condition.network_access_condition[rule.condition.name].id : try(data.ise_network_access_condition.network_access_condition[rule.condition.name].id, null) @@ -1817,7 +1837,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1839,7 +1858,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1861,7 +1879,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1883,7 +1900,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1905,7 +1921,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1927,7 +1942,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1949,7 +1963,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1971,7 +1984,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -1993,7 +2005,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2015,7 +2026,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2037,7 +2047,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2059,7 +2068,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2081,7 +2089,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2103,7 +2110,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2125,7 +2131,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2147,7 +2152,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2169,7 +2173,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2191,7 +2194,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2213,7 +2215,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2235,7 +2236,6 @@ resource "ise_network_access_authorization_exception_rule" "network_access_autho policy_set_id = each.value.policy_set_id name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2256,7 +2256,6 @@ locals { for rule in try(local.ise.network_access.authorization_global_exception_rules, []) : { name = rule.name rank = try(rule.rank, local.defaults.ise.network_access.authorization_global_exception_rules.rank, null) - default = try(rule.default, local.defaults.ise.network_access.authorization_global_exception_rules.default, null) state = try(rule.state, local.defaults.ise.network_access.authorization_global_exception_rules.state, null) condition_type = try(rule.condition.type, local.defaults.ise.network_access.authorization_global_exception_rules.condition.type, null) condition_id = contains(local.known_conditions_network_access, try(rule.condition.name, "")) ? ise_network_access_condition.network_access_condition[rule.condition.name].id : try(data.ise_network_access_condition.network_access_condition[rule.condition.name].id, null) @@ -2297,7 +2296,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2318,7 +2316,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2339,7 +2336,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2360,7 +2356,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2381,7 +2376,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2402,7 +2396,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2423,7 +2416,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2444,7 +2436,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2465,7 +2456,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2486,7 +2476,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2507,7 +2496,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2528,7 +2516,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2549,7 +2536,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2570,7 +2556,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2591,7 +2576,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2612,7 +2596,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2633,7 +2616,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2654,7 +2636,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2675,7 +2656,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id @@ -2696,7 +2676,6 @@ resource "ise_network_access_authorization_global_exception_rule" "network_acces name = each.value.name rank = each.value.rank - default = each.value.default state = each.value.state condition_type = each.value.condition_type condition_id = each.value.condition_id diff --git a/versions.tf b/versions.tf index 017fbae..2a76522 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { ise = { source = "CiscoDevNet/ise" - version = ">= 0.1.12" + version = ">= 0.1.13" } utils = { source = "netascode/utils"