diff --git a/ise_identity_management.tf b/ise_identity_management.tf index e716d0f..fe65a50 100644 --- a/ise_identity_management.tf +++ b/ise_identity_management.tf @@ -69,13 +69,13 @@ resource "ise_endpoint" "endpoint" { description = try(each.value.description, local.defaults.ise.identity_management.endpoints.description, null) static_profile_assignment = try(each.value.static_profile_assignment, local.defaults.ise.identity_management.endpoints.static_profile_assignment, null) static_group_assignment = try(each.value.static_group_assignment, local.defaults.ise.identity_management.endpoints.static_group_assignment, null) - group_id = try(ise_endpoint_identity_group.endpoint_identity_group[each.value.endpoint_identity_group].id, data.ise_endpoint_identity_group.endpoint_identity_group[each.value.endpoint_identity_group].id, null) + group_id = try(each.value.static_group_assignment, false) ? try(ise_endpoint_identity_group.endpoint_identity_group[each.value.endpoint_identity_group].id, data.ise_endpoint_identity_group.endpoint_identity_group[each.value.endpoint_identity_group].id, null) : null static_profile_assignment_defined = try(each.value.static_profile_assignment_defined, local.defaults.ise.identity_management.endpoints.static_profile_assignment_defined, null) static_group_assignment_defined = try(each.value.static_group_assignment_defined, local.defaults.ise.identity_management.endpoints.static_group_assignment_defined, null) identity_store = try(each.value.identity_store, local.defaults.ise.identity_management.endpoints.identity_store, null) identity_store_id = try(each.value.identity_store_id, local.defaults.ise.identity_management.endpoints.identity_store_id, null) portal_user = try(each.value.portal_user, local.defaults.ise.identity_management.endpoints.portal_user, null) - profile_id = try(each.value.profile_id, local.defaults.ise.identity_management.endpoints.profile_id, null) + profile_id = try(each.value.static_profile_assignment, false) ? try(each.value.profile_id, local.defaults.ise.identity_management.endpoints.profile_id, null) : null custom_attributes = try(each.value.custom_attributes, local.defaults.ise.identity_management.endpoints.custom_attributes, null) mdm_compliance_status = try(each.value.mdm_attributes.compliance_status, local.defaults.ise.identity_management.endpoints.mdm_attributes.compliance_status, null) mdm_encrypted = try(each.value.mdm_attributes.encrypted, local.defaults.ise.identity_management.endpoints.mdm_attributes.encrypted, null)