Closed grg1bbs closed 6 months ago
First draft of ise_active_directory_join_point
resource and data source added in v0.1.11 release.
Added mentioned resources and data source in v0.1.12 release.
@grg1bbs here you have sample code to test that:
resource "ise_active_directory_join_point" "example" {
name = "dcloud.cisco.com"
description = "My AD join point"
domain = "dcloud.cisco.com"
ad_scopes_names = "Default_Scope"
}
resource "ise_active_directory_join_domain_with_all_nodes" "example" {
additional_data = [
{
name = "username"
value = "administrator"
},
{
name = "password"
value = "C1sco12345"
}
]
join_point_id = ise_active_directory_join_point.example.id
}
data "ise_active_directory_groups_by_domain" "helpdesk" {
join_point_id = ise_active_directory_join_point.example.id
domain = "dcloud.cisco.com"
filter = "*Helpdesk"
}
data "ise_active_directory_groups_by_domain" "users" {
join_point_id = ise_active_directory_join_point.example.id
domain = "dcloud.cisco.com"
filter = "Users"
}
resource "ise_active_directory_add_groups" "example" {
join_point_id = ise_active_directory_join_point.example.id
name = ise_active_directory_join_point.example.name
description = ise_active_directory_join_point.example.description
domain = ise_active_directory_join_point.example.domain
ad_scopes_names = ise_active_directory_join_point.example.ad_scopes_names
enable_domain_allowed_list = ise_active_directory_join_point.example.enable_domain_allowed_list
groups = [
{
"name" : data.ise_active_directory_groups_by_domain.users.groups[0].name
"sid" : data.ise_active_directory_groups_by_domain.users.groups[0].sid
"type" : data.ise_active_directory_groups_by_domain.users.groups[0].type
},
{
"name" : data.ise_active_directory_groups_by_domain.helpdesk.groups[0].name
"sid" : data.ise_active_directory_groups_by_domain.helpdesk.groups[0].sid
"type" : data.ise_active_directory_groups_by_domain.helpdesk.groups[0].type
}
]
}
Provider resources are not available for ISE Active Directory operations. At a minimum, resources and data sources are needed for the following operations:
The relevant APIs for these operations can be found here: https://developer.cisco.com/docs/identity-services-engine/latest/#!activedirectory