Closed aussietexan closed 1 year ago
Hi @fmunozmiranda. I tried creating the above Policy Set after updating to the 0.6.11-beta using the following code block and it still throws a 400 error.
TF Code
resource "ciscoise_network_access_policy_set" "wired-mm-test" {
provider = ciscoise.ise31-2
depends_on = [
ciscoise_network_device_group.ndg_mm
]
parameters {
default = "false"
name = "Wired_MM_TEST"
description = "Wired Monitor Mode TEST"
rank = 0
is_proxy = "false"
service_name = "MAB_EAP-TLS"
state = "enabled"
condition {
condition_type = "andBlock"
is_negate = "false"
children {
condition_type = "ConditionAttrs"
is_negate = "false"
dictionary_name = "Radius"
attribute_name = "NAS-Port-Type"
operator = "equals"
attribute_value = "Ethernet"
}
children {
condition_type = "ConditionAttrs"
is_negate = "false"
dictionary_name = "DEVICE"
attribute_name = "Deployment Stage"
operator = "equals"
attribute_value = "Deployment Stage#Monitor Mode"
}
}
}
}
If the code format/syntax I am using is not correct, can you suggest what my TF resource block should look like to create the same same policy set as per this API request body that returns a 201 Created response?
API Body
{
"default": false,
"name": "Wired_MM",
"description": null,
"rank": 0,
"state": "enabled",
"condition": {
"link": null,
"conditionType": "ConditionAndBlock",
"isNegate": false,
"children": [
{
"link": null,
"conditionType": "ConditionAttributes",
"isNegate": false,
"dictionaryName": "Radius",
"attributeName": "NAS-Port-Type",
"operator": "equals",
"dictionaryValue": null,
"attributeValue": "Ethernet"
},
{
"link": null,
"conditionType": "ConditionAttributes",
"isNegate": false,
"dictionaryName": "DEVICE",
"attributeName": "Deployment Stage",
"operator": "equals",
"dictionaryValue": null,
"attributeValue": "Deployment Stage#Monitor Mode"
}
]
},
"serviceName": "MAB_EAP-TLS",
"isProxy": false
}
Hey @aussietexan, I think the problem is in your condition_type values it seems that accepted values are:
ConditionAttributes
ConditionAndBlock
ConditionOrBlock
Could you tested with those changes?
Hi @fmunozmiranda , I tested using those values and the resource worked. Please update the documentation as per Issue #68
I will update documentation in next realese, thanks for report it @aussietexan .
Environment: ISE version and patch: ISE 3.1 patch 4 Terraform version: 1.3.1 ISE provider version: 0.6.10-beta OS version: MacOS 12.6
Describe the bug When using the 'ciscoise_network_access_policy_set' resource to create a Policy Set with a nested AND block, the following 400 error is returned.
As there is no example of this type of configuration, I'm not sure if this is a bug in the TF resource or if my example code is written incorrectly.
Error
TF code example
API GET response for the same Policy Set configured from the GUI