search

CiscoDevNet / terraform-provider-ise

Terraform Cisco ISE Provider
https://registry.terraform.io/providers/CiscoDevNet/ise/latest
Mozilla Public License 2.0
4 stars 1 forks source link

Import on ise_network_access_policy_set resource does not import anything to state except the id attribute #28

Closed grg1bbs closed 7 months ago

grg1bbs commented 7 months ago

Terraform version = 1.6.6 ISE version = 3.2 p4 Provider version = 0.1.9

In testing Policy Set creation, it was unclear what the exact structure needs to look like for multiple nested children conditions. To check this, I manually created a basic Policy Set via the GUI, then used the 'terraform import ise_network_access_policy_set. ' command to import the object into state. Upon import, the 'terraform state show ' output shows only the id value.

Example output:

❯ tf state show ise_network_access_policy_set.ps_wired_mm
# ise_network_access_policy_set.ps_wired_mm:
resource "ise_network_access_policy_set" "ps_wired_mm" {
    id = "0a38ed78-0d1f-4d77-8456-6668c59d0949"
}

Example tfstate object:

    {
      "mode": "managed",
      "type": "ise_network_access_policy_set",
      "name": "ps_wired_mm",
      "provider": "provider[\"registry.terraform.io/ciscodevnet/ise\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "children": null,
            "condition_attribute_name": null,
            "condition_attribute_value": null,
            "condition_dictionary_name": null,
            "condition_dictionary_value": null,
            "condition_id": null,
            "condition_is_negate": null,
            "condition_operator": null,
            "condition_type": null,
            "description": null,
            "id": "0a38ed78-0d1f-4d77-8456-6668c59d0949",
            "is_proxy": null,
            "name": null,
            "rank": null,
            "service_name": null,
            "state": null
          },
          "sensitive_attributes": []
        }
      ]
    },

Expected behaviour: The state should import all of the attributes and values that were configured in ISE for this object. This same behaviour should be seen from all supported import actions.

Example Policy Set configuration from the GUI:

Screenshot 2024-01-16 at 2 12 15 pm

Example output from GET API call for the same Policy Set ID

{
    "version": "1.0.0",
    "response": {
        "default": false,
        "id": "0a38ed78-0d1f-4d77-8456-6668c59d0949",
        "name": "Wired MM",
        "description": "Wired Monitor Mode",
        "hitCounts": 0,
        "rank": 0,
        "state": "enabled",
        "condition": {
            "link": null,
            "conditionType": "ConditionAndBlock",
            "isNegate": false,
            "children": [
                {
                    "link": null,
                    "conditionType": "ConditionAttributes",
                    "isNegate": false,
                    "dictionaryName": "Radius",
                    "attributeName": "NAS-Port-Type",
                    "operator": "equals",
                    "dictionaryValue": null,
                    "attributeValue": "Ethernet"
                },
                {
                    "link": null,
                    "conditionType": "ConditionAttributes",
                    "isNegate": false,
                    "dictionaryName": "DEVICE",
                    "attributeName": "Deployment Stage",
                    "operator": "equals",
                    "dictionaryValue": null,
                    "attributeValue": "Deployment Stage#Monitor Mode"
                }
            ]
        },
        "serviceName": "MAB_EAP-TLS",
        "isProxy": false,
        "link": {
            "rel": "self",
            "href": "https://ise32-3.ise.trappedunderise.com/api/v1/policy/network-access/policy-set/0a38ed78-0d1f-4d77-8456-6668c59d0949",
            "type": "application/json"
        }
    }
}
danischm commented 7 months ago

Fixed in v0.1.10 release.