search

jeremmfr / terraform-provider-junos

Terraform provider for Junos devices
https://registry.terraform.io/providers/jeremmfr/junos
MIT License
61 stars 21 forks source link

Add support for user-identification of services #189

Closed edpio19 closed 3 years ago

edpio19 commented 3 years ago

Would it be possible to start supporting some configuration settings for services user-identification? I would like to be able to do something like this:

set services user-identification device-information authentication-source network-access-controller
set services user-identification device-information end-user-profile profile-name TestProfile domain-name clearpass
set services user-identification device-information end-user-profile profile-name TestProfile attribute device-identity string device1
set services user-identification device-information end-user-profile profile-name TestProfile attribute device-identity string "barcode scanner"

set services user-identification identity-management authentication-entry-timeout 1440
set services user-identification identity-management connection connect-method https
set services user-identification identity-management connection port 443
set services user-identification identity-management connection primary address 192.168.10.2
set services user-identification identity-management connection primary client-id iduser
set services user-identification identity-management connection primary client-secret "secret"
set services user-identification identity-management connection token-api oauth_token/oauth
set services user-identification identity-management connection query-api user_query/v2
set services user-identification identity-management batch-query items-per-batch 200
set services user-identification identity-management batch-query query-interval 60
set services user-identification identity-management ip-query no-ip-query
set services user-identification identity-management filter include-ip address-book global
set services user-identification identity-management filter include-ip address-set "all_clients"

Thank you for considering this and all your hard work on this provider!

jeremmfr commented 3 years ago

Yes, I will take care of adding this.

edpio19 commented 3 years ago

Would it be possible to also take into consideration the link between the security policies and the end user identification profile? After a closer look, I also would like to be able to do something like this:

set security policies global policy mypolicy match source-end-user-profile WindowsUsers

Thank you for your answer!

jeremmfr commented 3 years ago

Would it be possible to also take into consideration the link between the security policies and the end user identification profile? After a closer look, I also would like to be able to do something like this:

set security policies global policy mypolicy match source-end-user-profile WindowsUsers

Thank you for your answer!

Yes, I saw that it was necessary. I’ve even already integrated it, my PR is soon ready.