Resource "network_access_authentication_rules" does not support nested children blocks

[AgnieszkaChudy]

Prerequisites

• [X] Have you tested the operation in the API directly?
• [X] Do you have the latest Terraform provider version?
• [X] Review the compatibility matrix before opening an issue.

Describe the bug network_access_authentication_rules doesn't support nested children conditions

I want to create following network_access_authentication_rule:

resource "ciscoise_network_access_authentication_rules" "DOT1x_wireless_EMM" {
  provider = ciscoise
  parameters {

    identity_source_name = "SIKT_Mobile"
    if_auth_fail         = "REJECT"
    if_user_not_found    = "CONTINUE"
    if_process_fail      = "DROP"

    rule {

      default = false
      rank    = 1
      state   = "enabled"
      name    = "DOT1x_wireless_EMM"
      condition {
        condition_type = "ConditionAndBlock"
        is_negate      = false

        children {
          condition_type = "ConditionOrBlock"
          is_negate      = "false"

          children {
            condition_type  = "ConditionAttributes"
            is_negate       = false
            dictionary_name = "CERTIFICATE"
            attribute_name  = "Subject - Common Name"
            operator        = "startsWith"
            attribute_value = "rpsm"
          }
          children {
            condition_type  = "ConditionAttributes"
            is_negate       = false
            dictionary_name = "CERTIFICATE"
            attribute_name  = "Subject - Common Name"
            operator        = "startsWith"
            attribute_value = "mobile"
          }

          children {
            condition_type  = "ConditionAttributes"
            is_negate       = false
            dictionary_name = "CERTIFICATE"
            attribute_name  = "Subject - Common Name"
            operator        = "startsWith"
            attribute_value = "uinet"
          }
        }
      }
      children {
        condition_type = "ConditionReference"
        is_negate      = false
        id             = "6c0f9060-4dd5-4245-ab5a-673f8ea4d656"
      }
    }
  }
}   

But when I do terraform plan I am receiving errors for multiple unsupported arguments:

terraform plan     

│ Error: Unsupported block type
│ 
│   on main.tf line 24, in resource "ciscoise_network_access_authentication_rules" "DOT1x_wireless_EMM":
│   24:           children {
│ 
│ Blocks of type "children" are not expected here.
╵
╷
│ Error: Unsupported block type
│ 
│   on main.tf line 32, in resource "ciscoise_network_access_authentication_rules" "DOT1x_wireless_EMM":
│   32:           children {
│ 
│ Blocks of type "children" are not expected here.
╵
╷
│ Error: Unsupported block type
│ 
│   on main.tf line 41, in resource "ciscoise_network_access_authentication_rules" "DOT1x_wireless_EMM":
│   41:           children {
│ 
│ Blocks of type "children" are not expected here.
╵
╷
│ Error: Unsupported block type
│ 
│   on main.tf line 51, in resource "ciscoise_network_access_authentication_rules" "DOT1x_wireless_EMM":
│   51:       children {
│ 
│ Blocks of type "children" are not expected here.

In API directly it works with following curl command:

curl -X POST "https://10.48.190.181:443/api/v1/policy/network-access/policy-set/7db169ea-7a9c-49b4-8f7e-1bb8d73f0a4e/authentication" -H "accept: application/json" -H "Content-Type: application/json" -d " { \"rule\": { \"default\": false, \"name\": \"example\", \"hitCounts\": 0, \"rank\": 0, \"state\": \"enabled\", \"condition\": { \"link\": null, \"conditionType\": \"ConditionAndBlock\", \"isNegate\": false, \"children\": [ { \"link\": null, \"conditionType\": \"ConditionOrBlock\", \"isNegate\": false, \"children\": [ { \"link\": null, \"conditionType\": \"ConditionAttributes\", \"isNegate\": false, \"dictionaryName\": \"CERTIFICATE\", \"attributeName\": \"Subject - Common Name\", \"operator\": \"startsWith\", \"dictionaryValue\": null, \"attributeValue\": \"rpsm\" }, { \"link\": null, \"conditionType\": \"ConditionAttributes\", \"isNegate\": false, \"dictionaryName\": \"CERTIFICATE\", \"attributeName\": \"Subject - Common Name\", \"operator\": \"startsWith\", \"dictionaryValue\": null, \"attributeValue\": \"mobile\" }, { \"link\": null, \"conditionType\": \"ConditionAttributes\", \"isNegate\": false, \"dictionaryName\": \"CERTIFICATE\", \"attributeName\": \"Subject - Common Name\", \"operator\": \"startsWith\", \"dictionaryValue\": null, \"attributeValue\": \"uinet\" } ] }, { \"link\": null, \"conditionType\": \"ConditionReference\", \"isNegate\": false, \"name\": \"Wireless_802.1X\", \"id\": \"092ef5c4-66f3-4165-99a2-d8ead5ff5033\", \"description\": \"A condition to match 802.1X based authentication requests from wireless LAN controllers, according to the corresponding 802.1x attributes defined in the device profile.\" } ] } }, \"identitySourceName\": \"Internal Users\", \"ifAuthFail\": \"REJECT\", \"ifUserNotFound\": \"REJECT\", \"ifProcessFail\": \"DROP\", \"link\": { \"rel\": \"self\", \"href\": \"https://10.48.190.181/api/v1/policy/network-access/policy-set/7db169ea-7a9c-49b4-8f7e-1bb8d73f0a4e/authentication/f6311af0-2164-4149-8001-7e56bb86198c\", \"type\": \"application/json\" } }, { \"rule\": { \"default\": true, \"id\": \"2f3779da-93cd-4cc2-a06f-4b31cd677d73\", \"name\": \"Default\", \"hitCounts\": 0, \"rank\": 1, \"state\": \"enabled\", \"condition\": null }, \"identitySourceName\": \"All_User_ID_Stores\", \"ifAuthFail\": \"REJECT\", \"ifUserNotFound\": \"REJECT\", \"ifProcessFail\": \"DROP\", \"link\": { \"rel\": \"self\", \"href\": \"https://10.48.190.181/api/v1/policy/network-access/policy-set/7db169ea-7a9c-49b4-8f7e-1bb8d73f0a4e/authentication/2f3779da-93cd-4cc2-a06f-4b31cd677d73\", \"type\": \"application/json\" } }"

I'm getting 201 response.

Environment (please complete the following information):

• ISE version and patch: ISE version and patch: 3.1.0.518 patch 7
• Terraform version: v1.5.3
• ISE provider version: 0.6.22-beta
• OS version: MacOS 13.5 darwin_arm64

Additional context Add any other context about the problem here.

[fmunozmiranda]

Hi @AgnieszkaChudy could you please retry it with last version of ISE provider and update us if bug still there?

[fmunozmiranda]

If we don´t get answer, this issue will be closed in next 24 hours.