search

CiscoISE / terraform-provider-ciscoise

Terraform Provider for Cisco ISE
https://registry.terraform.io/providers/CiscoISE/ciscoise/latest/docs
MIT License
9 stars 4 forks source link

ciscoise_system_certificate_import resource does not support the correct arguments #57

Closed aussietexan closed 1 year ago

aussietexan commented 1 year ago

Using the latest terraform provider (0.6.8-beta)

Executing the system certificate import as per the OpenAPI documentation works correctly: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi

The documentation and implementation for the 'ciscoise_system_certificate_import' resource is incorrect. https://registry.terraform.io/providers/CiscoISE/ciscoise/latest/docs/resources/system_certificate_import

The Example Usage section for the resource references: resource "ciscoise_backup_restore"

This applies to a configuration backup/restore operation and is a completely different operation from the intended import of a system certificate in ISE.

I attempted to use this resource to import a system certificate using the same parameters defined for the 'certs/system-certificate/import' OpenAPI call, but terraform returns multiple errors for 'Unsupported argument'

Expected behavior System certificate is imported successfully

Sample error (snipped for brevity) │ Error: Unsupported argument │ │ on main.tf line 97, in resource "ciscoise_system_certificate_import" "admin-cert-ise31-2": │ 97: portalGroupTag = "Default Portal certificate Group" │ │ An argument named "portalGroupTag" is not expected here. ╵ ╷ │ Error: Unsupported argument │ │ on main.tf line 98, in resource "ciscoise_system_certificate_import" "admin-cert-ise31-2": │ 98: allowReplacementOfPortalGroupTag = "true" │ │ An argument named "allowReplacementOfPortalGroupTag" is not expected here. ╵ ╷ │ Error: Unsupported argument │ │ on main.tf line 99, in resource "ciscoise_system_certificate_import" "admin-cert-ise31-2": │ 99: allowWildCardcertificates = "true" │ │ An argument named "allowWildCardcertificates" is not expected here. ╵ ╷ │ Error: Unsupported argument │ │ on main.tf line 100, in resource "ciscoise_system_certificate_import" "admin-cert-ise31-2": │ 100: validatecertificateExtensions = "false" │

Environment (please complete the following information):

OpenAPI example { "allowExtendedValidity": true, "allowOutOfDateCert": false, "allowPortalTagTransferForSameSubject": true, "allowReplacementOfCertificates": true, "allowReplacementOfPortalGroupTag": true, "allowRoleTransferForSameSubject": true, "allowSHA1Certificates": false, "data": "", "privateKeyData": "", "admin": true, "allowWildCardCertificates": true, "eap": false, "ims": false, "name": "Wildcard Admin cert", "password": "", "portal": false, "portalGroupTag": "Default Portal Certificate Group", "pxgrid": false, "radius": false, "saml": false, "validateCertificateExtensions": false }

200 Response { "response": { "status": "Success", "message": "System certificate was added successfully", "id": "6c067a98-c33c-4215-853a-73f7959d5e4e" }, "version": "1.0.1" }

fmunozmiranda commented 1 year ago

HI @aussietexan , please try this, here is a valid tf file for this resource, in tf we follow snake_case convention:

resource "ciscoise_system_certificate" "example" {
    provider = ciscoise
    parameters {
      admin = "false"
      allow_portal_tag_transfer_for_same_subject = "false"
      allow_replacement_of_portal_group_tag = "false"
      allow_role_transfer_for_same_subject = "false"
      description = "string"
      eap = "false"
      expiration_ttl_period = 1
      expiration_ttl_units = "string"
      host_name = "string"
      id = "string"
      ims = "false"
      name = "string"
      portal = "false"
      portal_group_tag = "string"
      pxgrid = "false"
      radius = "false"
      renew_self_signed_certificate = "false"
      saml = "false"
    }
}

Module documentation is wrong, I will update it

aussietexan commented 1 year ago

Thanks @fmunozmiranda. Just a small update, the 'description' key does not apply to this resource. I confirmed the system certificate import using the following parameters:

  parameters {
    name                                       = "TUI Wildcard Admin cert"
    password                                   = "<redacted>"
    data                                       = file("TUI_Wildcard_Admin.pem")
    private_key_data                           = file("TUI_Wildcard_Admin.pvk")
    allow_out_of_date_cert                     = "false"
    allow_replacement_of_certificates          = "true"
    allow_sha1_certificates                    = "false"
    allow_extended_validity                    = "true"
    allow_role_transfer_for_same_subject       = "true"
    allow_portal_tag_transfer_for_same_subject = "true"
    admin                                      = "false"
    eap                                        = "false"
    radius                                     = "false"
    pxgrid                                     = "false"
    ims                                        = "false"
    saml                                       = "false"
    portal                                     = "false"
    portal_group_tag                           = "Default Portal certificate Group"
    allow_replacement_of_portal_group_tag      = "true"
    allow_wild_card_certificates               = "true"
    validate_certificate_extensions            = "false"
  }

Please feel free to close this issue

fmunozmiranda commented 1 year ago

Happy to help You ando thanks for infomation,