Resource 'ciscoise_network_access_policy_set' does not support nested children blocks

[KubaMazurkiewicz]

Prerequisites

• [x] Have you tested the operation in the API directly?
• [x] Do you have the latest Terraform provider version?
• [x] Review the compatibility matrix before opening an issue.

Describe the bug network_access_policy_set doesn't support nested children conditions

I want to create following policy_set:

resource "ciscoise_network_access_policy_set" "test" {
  provider = ciscoise
  parameters {

    condition {

      condition_type = "ConditionAndBlock"
      is_negate      = "false"

      children {
        condition_type = "ConditionOrBlock"
        is_negate      = "false"

        children {
          condition_type  = "ConditionAttributes"
          is_negate       = "false"
          dictionary_name = "Cisco"
          attribute_name  = "cisco-nas-port"
          operator        = "equals"
          attribute_value = "833"
        }

        children {
          condition_type  = "ConditionAttributes"
          is_negate       = "false"
          dictionary_name = "Radius"
          attribute_name  = "Called-Station-ID"
          operator        = "contains"
          attribute_value = "eduroam"
        }
      }

      children {
        condition_type = "ConditionAndBlock"
        is_negate      = "false"

        children {
          condition_type  = "ConditionAttributes"
          is_negate       = "false"
          dictionary_name = "Radius"
          attribute_name  = "User-Name"
          operator        = "notEndsWith"
          attribute_value = "@cisco.com"
        }

        children {
          condition_type  = "ConditionAttributes"
          is_negate       = "false"
          dictionary_name = "Radius"
          attribute_name  = "User-Name"
          operator        = "contains"
          attribute_value = "@"
        }

        children {
          condition_type  = "ConditionAttributes"
          is_negate       = "false"
          dictionary_name = "Radius"
          attribute_name  = "NAS-Port-Type"
          operator        = "equals"
          attribute_value = "Wireless - IEEE 802.11"
        }
      }
    }

    default     = "false"
    description = "Test01"
    is_proxy    = "false"

    name         = "Test01"
    rank         = 0
    service_name = "Default Network Access"
    state        = "enabled"
  }
} 

In API directly it works with following curl command:

curl -X POST "https://10.48.190.181:443/api/v1/policy/network-access/policy-set" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"default\":false,\"name\":\"Test01\",\"description\":\"Test01\",\"hitCounts\":0,\"rank\":0,\"state\":\"enabled\",\"condition\":{\"link\":null,\"conditionType\":\"ConditionAndBlock\",\"isNegate\":false,\"children\":[{\"link\":null,\"conditionType\":\"ConditionOrBlock\",\"isNegate\":false,\"children\":[{\"link\":null,\"conditionType\":\"ConditionAttributes\",\"isNegate\":false,\"dictionaryName\":\"Cisco\",\"attributeName\":\"cisco-nas-port\",\"operator\":\"equals\",\"dictionaryValue\":null,\"attributeValue\":\"833\"},{\"link\":null,\"conditionType\":\"ConditionAttributes\",\"isNegate\":false,\"dictionaryName\":\"Radius\",\"attributeName\":\"Called-Station-ID\",\"operator\":\"contains\",\"dictionaryValue\":null,\"attributeValue\":\"eduroam\"}]},{\"link\":null,\"conditionType\":\"ConditionAndBlock\",\"isNegate\":false,\"children\":[{\"link\":null,\"conditionType\":\"ConditionAttributes\",\"isNegate\":false,\"dictionaryName\":\"Radius\",\"attributeName\":\"User-Name\",\"operator\":\"notEndsWith\",\"dictionaryValue\":null,\"attributeValue\":\"@cisco.com\"},{\"link\":null,\"conditionType\":\"ConditionAttributes\",\"isNegate\":false,\"dictionaryName\":\"Radius\",\"attributeName\":\"User-Name\",\"operator\":\"contains\",\"dictionaryValue\":null,\"attributeValue\":\"@\"},{\"link\":null,\"conditionType\":\"ConditionAttributes\",\"isNegate\":false,\"dictionaryName\":\"Radius\",\"attributeName\":\"NAS-Port-Type\",\"operator\":\"equals\",\"dictionaryValue\":null,\"attributeValue\":\"Wireless - IEEE 802.11\"}]}]},\"serviceName\":\"Default Network Access\",\"isProxy\":false}"

I'm getting 201 response.

But when I try to do the same with TF im receiving errors for multiple unsupported arguments:

TF_CODE

{
      "default": false,
      "name": "Test01",
      "description": "Test01",
      "hitCounts": 0,
      "rank": 0,
      "state": "enabled",
      "condition": {
         "link": null,
         "conditionType": "ConditionAndBlock",
         "isNegate": false,
         "children": [
            {
               "link": null,
               "conditionType": "ConditionOrBlock",
               "isNegate": false,
               "children": [
                  {
                     "link": null,
                     "conditionType": "ConditionAttributes",
                     "isNegate": false,
                     "dictionaryName": "Cisco",
                     "attributeName": "cisco-nas-port",
                     "operator": "equals",
                     "dictionaryValue": null,
                     "attributeValue": "833"
                  },
                  {
                     "link": null,
                     "conditionType": "ConditionAttributes",
                     "isNegate": false,
                     "dictionaryName": "Radius",
                     "attributeName": "Called-Station-ID",
                     "operator": "contains",
                     "dictionaryValue": null,
                     "attributeValue": "eduroam"
                  }
               ]
            },
            {
               "link": null,
               "conditionType": "ConditionAndBlock",
               "isNegate": false,
               "children": [
                  {
                     "link": null,
                     "conditionType": "ConditionAttributes",
                     "isNegate": false,
                     "dictionaryName": "Radius",
                     "attributeName": "User-Name",
                     "operator": "notEndsWith",
                     "dictionaryValue": null,
                     "attributeValue": "@cisco.com"
                  },
                  {
                     "link": null,
                     "conditionType": "ConditionAttributes",
                     "isNegate": false,
                     "dictionaryName": "Radius",
                     "attributeName": "User-Name",
                     "operator": "contains",
                     "dictionaryValue": null,
                     "attributeValue": "@"
                  },
                  {
                     "link": null,
                     "conditionType": "ConditionAttributes",
                     "isNegate": false,
                     "dictionaryName": "Radius",
                     "attributeName": "NAS-Port-Type",
                     "operator": "equals",
                     "dictionaryValue": null,
                     "attributeValue": "Wireless - IEEE 802.11"
                  }
               ]
            }
         ]
      },
      "serviceName": "Default Network Access",
      "isProxy": false,
     }
}

tf-ise-provider-issues % terraform plan
╷
│ Error: Unsupported block type
│
│   on main.tf line 14, in resource "ciscoise_network_access_policy_set" "test":
│   14:         children {
│
│ Blocks of type "children" are not expected here.
╵
╷
│ Error: Unsupported block type
│
│   on main.tf line 23, in resource "ciscoise_network_access_policy_set" "test":
│   23:         children {
│
│ Blocks of type "children" are not expected here.
╵
╷
│ Error: Unsupported block type
│
│   on main.tf line 37, in resource "ciscoise_network_access_policy_set" "test":
│   37:         children {
│
│ Blocks of type "children" are not expected here.
╵
╷
│ Error: Unsupported block type
│
│   on main.tf line 46, in resource "ciscoise_network_access_policy_set" "test":
│   46:         children {
│
│ Blocks of type "children" are not expected here.
╵
╷
│ Error: Unsupported block type
│
│   on main.tf line 55, in resource "ciscoise_network_access_policy_set" "test":
│   55:         children {
│
│ Blocks of type "children" are not expected here.

Environment (please complete the following information):

• ISE version and patch: 3.1.0.518-Patch7
• Terraform version: v1.5.3
• ISE provider version: v0.6.21-beta
• OS version: MacOS 13.4

[fmunozmiranda]

@KubaMazurkiewicz , The 'children' parameter was included to avoid address errors when trying to set, thanks for collaborating with your PR, try again with the new version to verify functionality.