Closed netsecprogrammer closed 2 years ago
fmunozmiranda
commented
2 years ago Hi @netsecprogrammer sorry for delay, could you pass the follow information:
debug = "true" in provider config)Thanks.
netsecprogrammer
commented
2 years ago This output is from running terraform with debug = true.
Picture of the Policy
Retrieving the policy with terraform: `data.ciscoise_network_access_policy_set.allpolicysets: Reading... data.ciscoise_network_access_policy_set.allpolicysets: Read complete after 0s [id=1659903775]
Changes to Outputs: ciscoise_network_access_policy_set_allpolicysets = [ { condition = [ { attribute_name = "" attribute_value = "" children = [ { condition_type = "ConditionAttributes" is_negate = "false" link = [] }, { condition_type = "ConditionAttributes" is_negate = "false" link = [] }, ] condition_type = "ConditionAndBlock" dates_range = [] dates_range_exception = [] description = "" dictionary_name = "" dictionary_value = "" hours_range = [] hours_range_exception = [] id = "" is_negate = "false" link = [] name = "" operator = "" week_days = [] week_days_exception = [] }, ] default = "false" description = "" hit_counts = 0 id = "38a9b565-c481-4b1d-bdfe-f346adf6d2bf" is_proxy = "false" link = [ { href = "https://ise/api/v1/policy/network-access/policy-set/38a9b565-c481-4b1d-bdfe-f346adf6d2bf" rel = "self" type = "application/json" }, ] name = "mypolicyset_test" rank = 0 service_name = "Wired-EAP" state = "enabled" }, ]`
Retrieving the policy with the API:
{ "version": "1.0.0", "response": [ { "default": false, "id": "38a9b565-c481-4b1d-bdfe-f346adf6d2bf", "name": "mypolicyset_test", "description": null, "hitCounts": 0, "rank": 0, "state": "enabled", "condition": { "link": null, "conditionType": "ConditionAndBlock", "isNegate": false, "children": [ { "link": null, "conditionType": "ConditionAttributes", "isNegate": false, "dictionaryName": "Airespace", "attributeName": "Aire-Data-Bandwidth-Average-UpStream-Contract", "operator": "equals", "dictionaryValue": null, "attributeValue": "123" }, { "link": null, "conditionType": "ConditionAttributes", "isNegate": false, "dictionaryName": "Airespace", "attributeName": "Aire-Data-Bandwidth-Burst-UpStream-Contract", "operator": "equals", "dictionaryValue": null, "attributeValue": "345" } ] }, "serviceName": "Wired-EAP", "isProxy": false, "link": { "rel": "self", "href": "https://ise/api/v1/policy/network-access/policy-set/38a9b565-c481-4b1d-bdfe-f346adf6d2bf", "type": "application/json" } } ] }
As can be seen from the outputs, the terraform provider does not pull back a policy correctly when the policy contains multiple more than one condition.
fmunozmiranda
commented
2 years ago New versions of ciscoise-go-sdk and terraform-provider-ciscoise have been released, could you try and let me know if it works for you?
Thanks.
netsecprogrammer
commented
2 years ago @fmunozmiranda Hello, I was able to test this and it now works for my use case. Apologies this took so long for me to confirm. I was also curious whether you'll support multiple nested conditions in the future. I don't personally have any at this time. All of my conditions are configured like (A & B & C & D etc) for my rules, but it is possible to do something like ((A & B) & (C || D))
Prerequisites
[] Have you tested the operation in the API directly?
Yes, The API returns the correct results. The same call from the terraform provider does not return the expected results.
[] Do you have the latest Terraform provider version? Yes. mac:terraform-ise-staging saustin$ terraform version Terraform v1.2.5 on darwin_amd64
provider registry.terraform.io/ciscoise/ciscoise v0.6.3-beta
Describe the bug Policies in ISE can be compromised of one or multiple conditions. (As an example: Mac OUI = 00:01:02 AND Authentication_Method = MAB). When Terraform pulls back the policy set with multiple conditions, the conditions are empty. The correct number of empty place holder conditions are there, but the content in the conditions is blank. See the below terraform output for a policy with two conditions: {
Expected behavior This is the output from the API for pulling the same policy. Notice the conditions are populated correctly.: { "default": false, "id": "38a9b565-c481-4b1d-bdfe-f346adf6d2bf", "name": "mypolicyset_test", "description": null, "hitCounts": 0, "rank": 0, "state": "enabled", "condition": { "link": null, "conditionType": "ConditionAndBlock", "isNegate": false, "children": [ { "link": null, "conditionType": "ConditionAttributes", "isNegate": false, "dictionaryName": "Airespace", "attributeName": "Aire-Data-Bandwidth-Average-UpStream-Contract", "operator": "equals", "dictionaryValue": null, "attributeValue": "123" }, { "link": null, "conditionType": "ConditionAttributes", "isNegate": false, "dictionaryName": "Airespace", "attributeName": "Aire-Data-Bandwidth-Burst-UpStream-Contract", "operator": "equals", "dictionaryValue": null, "attributeValue": "345" } ] }, "serviceName": "Wired-EAP", "isProxy": false, "link": { "rel": "self", "href": "https://ise/api/v1/policy/network-access/policy-set/38a9b565-c481-4b1d-bdfe-f346adf6d2bf", "type": "application/json" }
Screenshots Please provide an screenshot of the successful API call with cuRL, Postman, etc.
Environment (please complete the following information):
Additional context