Closed grg1bbs closed 7 months ago
Hey @grg1bbs I've checked your issue and I was not able to replicate that. For me changing IP to FQDN worked. Terraform created allowed_protocols object and I can see this MAB_EAP_TLS in GUI of my ISE
Debug logs:
2024-01-11T18:10:51.621+0100 [DEBUG] provider.terraform-provider-ise_v0.1.8: 2024/01/11 18:10:51 [DEBUG] HTTP Request: POST, https://ise02.lab01.local/ers/config/allowedprotocols, {{"AllowedProtocols":{"name":"MAB_EAP-TLS","description":"","processHostLookup":true,"allowPapAscii":false,"allowChap":false,"allowMsChapV1":false,"allowMsChapV2":false,"allowEapMd5":false,"allowLeap":false,"allowEapTls":true,"allowEapTtls":false,"allowEapFast":false,"allowPeap":false,"allowTeap":false,"allowPreferredEapProtocol":false,"eapTlsLBit":false,"allowWeakCiphersForEap":false,"requireMessageAuth":false,"eapTls":{"allowEapTlsAuthOfExpiredCerts":false,"eapTlsEnableStatelessSessionResume":true,"eapTlsSessionTicketTtl":5,"eapTlsSessionTicketTtlUnits":"HOURS","eapTlsSessionTicketPrecentage":10}}}}
I used exact config you provided and I have same ISE version 3.2 with patch 4.
Terraform output you provided was captured when you were using FQDN as url ?
Interesting. After changing my MacOS & Ubuntu TF code back to using the FQDN after verifying with the IP address, the apply works fine. I also spun up my fedora instance and used the same code for the first time using the FQDN, and the configuration applied. I can't replicate this issue anymore, so I'm closing this issue.
When using the ISE FQDN in the url value for the provider block, the TF apply appears to complete, but the configuration is not actually applied to the ISE instance. If the url value is changed to the IP address of the ISE instance, the configuration is applied to ISE correctly.
Terraform version = 1.6.6 Platforms tested = MacOS Sonoma & Ubuntu 22.04.3 LTS ISE version = 3.2 patch 4
Terraform output:
ISE config screenshot
Terraform code example: I'm using a single flat TF file for basic testing