search

CiscoDevNet / terraform-provider-ise

Terraform Cisco ISE Provider
https://registry.terraform.io/providers/CiscoDevNet/ise/latest
Mozilla Public License 2.0
4 stars 1 forks source link

Unable to get id for Default AuthZ Policy using data source 'ise_network_access_authorization_rule' #32

Closed grg1bbs closed 7 months ago

grg1bbs commented 7 months ago

ISE version = 3.2 p4 Terraform version = 1.6.6 Provider version = 0.1.10

Issue description Need a way to retrieve rule ID for Default AuthZ Policy in order to update the AuthZ Profile assigned to it. Documentation lists 'policy_set_id' as the only required attribute, but upon apply it throws an error for Missing Attribute Configuration. If I add the 'name' attribute, it throws a Client Error.

Example TF code

data "ise_network_access_authorization_rule" "mm_authz_rules" {
  policy_set_id = ise_network_access_policy_set.ps_wired_mm.id
}

Resulting error

tf apply --auto-approve
╷
│ Error: Missing Attribute Configuration
│ 
│   with data.ise_network_access_authorization_rule.mm_authz_rules,
│   on policyset_mm.tf line 192, in data "ise_network_access_authorization_rule" "mm_authz_rules":
│  192: data "ise_network_access_authorization_rule" "mm_authz_rules" {
│ 
│ Exactly one of these attributes must be configured: [id,name]

Example code with name = "Default"

data "ise_network_access_authorization_rule" "mm_authz_rules" {
  policy_set_id = ise_network_access_policy_set.ps_wired_mm.id
  name = "Default"

Resulting error

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: Client Error
│ 
│   with data.ise_network_access_authorization_rule.mm_authz_rules,
│   on policyset_mm.tf line 192, in data "ise_network_access_authorization_rule" "mm_authz_rules":
│  192: data "ise_network_access_authorization_rule" "mm_authz_rules" {
│ 
│ Failed to find object with name: Default

Example GET API call output {{baseUrl}}/network-access/policy-set/:policyId/authorization

{
    "version": "1.0.0",
    "response": [
        {
            "rule": {
                "default": false,
                "id": "509d333a-68f0-4d20-80d9-ab4c24101b39",
                "name": "AD User",
                "hitCounts": 0,
                "rank": 0,
                "state": "enabled",
                "condition": {
                    "link": null,
                    "conditionType": "ConditionAndBlock",
                    "isNegate": false,
                    "children": [
                        {
                            "link": null,
                            "conditionType": "ConditionAttributes",
                            "isNegate": false,
                            "dictionaryName": "Network Access",
                            "attributeName": "EapAuthentication",
                            "operator": "equals",
                            "dictionaryValue": null,
                            "attributeValue": "EAP-TLS"
                        },
                        {
                            "link": null,
                            "conditionType": "ConditionAttributes",
                            "isNegate": false,
                            "dictionaryName": "ISELAB_AD",
                            "attributeName": "ExternalGroups",
                            "operator": "equals",
                            "dictionaryValue": null,
                            "attributeValue": "trappedunderise.com/Users/Domain Users"
                        }
                    ]
                }
            },
            "profile": [
                "MM-AuthZ-AD-User"
            ],
            "securityGroup": null,
            "link": {
                "rel": "self",
                "href": "https://ise32-3.ise.trappedunderise.com/api/v1/policy/network-access/policy-set/0a38ed78-0d1f-4d77-8456-6668c59d0949/authorization/509d333a-68f0-4d20-80d9-ab4c24101b39",
                "type": "application/json"
            }
        },
        {
            "rule": {
                "default": false,
                "id": "22beb084-1fd9-41bf-9ec6-abc1e86f219e",
                "name": "AD Computer",
                "hitCounts": 0,
                "rank": 1,
                "state": "enabled",
                "condition": {
                    "link": null,
                    "conditionType": "ConditionAndBlock",
                    "isNegate": false,
                    "children": [
                        {
                            "link": null,
                            "conditionType": "ConditionAttributes",
                            "isNegate": false,
                            "dictionaryName": "Network Access",
                            "attributeName": "EapAuthentication",
                            "operator": "equals",
                            "dictionaryValue": null,
                            "attributeValue": "EAP-TLS"
                        },
                        {
                            "link": null,
                            "conditionType": "ConditionAttributes",
                            "isNegate": false,
                            "dictionaryName": "ISELAB_AD",
                            "attributeName": "ExternalGroups",
                            "operator": "equals",
                            "dictionaryValue": null,
                            "attributeValue": "trappedunderise.com/Users/Domain Computers"
                        }
                    ]
                }
            },
            "profile": [
                "MM-AuthZ-AD-Computer"
            ],
            "securityGroup": null,
            "link": {
                "rel": "self",
                "href": "https://ise32-3.ise.trappedunderise.com/api/v1/policy/network-access/policy-set/0a38ed78-0d1f-4d77-8456-6668c59d0949/authorization/22beb084-1fd9-41bf-9ec6-abc1e86f219e",
                "type": "application/json"
            }
        },
        {
            "rule": {
                "default": true,
                "id": "f3597ed1-e3ed-4373-af4b-69bc788fd2d1",
                "name": "Default",
                "hitCounts": 0,
                "rank": 2,
                "state": "enabled",
                "condition": null
            },
            "profile": [
                "DenyAccess"
            ],
            "securityGroup": null,
            "link": {
                "rel": "self",
                "href": "https://ise32-3.ise.trappedunderise.com/api/v1/policy/network-access/policy-set/0a38ed78-0d1f-4d77-8456-6668c59d0949/authorization/f3597ed1-e3ed-4373-af4b-69bc788fd2d1",
                "type": "application/json"
            }
        }
    ]
}
}
danischm commented 7 months ago

https://github.com/CiscoDevNet/terraform-provider-ise/commit/5a9b0b4f1c77b23af8d500033e76f9e395b2d5b5

danischm commented 7 months ago

Should be fixed in v0.1.11 release.