search

netascode / terraform-ise-nac-ise

Terraform Cisco ISE Network-as-Code Module
https://registry.terraform.io/modules/netascode/nac-ise/ise
Apache License 2.0
3 stars 1 forks source link
cisco iac ise nac network-as-code terraform terraform-module

readme

Terraform Network-as-Code Cisco ISE Module

A Terraform module to configure Cisco ISE.

Usage

This module supports an inventory driven approach, where a complete ISE configuration or parts of it are either modeled in one or more YAML files or natively using Terraform variables.

Examples

Configuring a Network Access Condition using YAML:

network_access_condition.yaml

---
ise:
  network_access:
    policy_elements:
      conditions:
        - name: CertificateNotExpired
          type: LibraryConditionAttributes
          is_negate: false
          dictionary_name: CERTIFICATE
          attribute_name: Is Expired
          operator: equals
          attribute_value: "False"

main.tf

module "ise" {
  source  = "netascode/nac-ise/ise"
  version = ">= 0.1.0"

  yaml_files = ["network_access_condition.yaml"]
}

Requirements

Name Version
terraform >= 1.3.0
ise >= 0.2.4
local >= 2.3.0
time >= 0.10.0
utils >= 0.2.5

Inputs

Name Description Type Default Required
model As an alternative to YAML files, a native Terraform data structure can be provided as well. map(any) {} no
write_default_values_file Write all default values to a YAML file. Value is a path pointing to the file to be created. string "" no
yaml_directories List of paths to YAML directories. list(string) [] no
yaml_files List of paths to YAML files. list(string) [] no

Outputs

Name Description
default_values All default values.
model Full model.

Resources

Name Type
ise_active_directory_add_groups.active_directory_groups resource
ise_active_directory_join_domain_with_all_nodes.active_directory_join_domain_with_all_nodes resource
ise_active_directory_join_point.active_directory_join_point resource
ise_allowed_protocols.allowed_protocols resource
ise_allowed_protocols_tacacs.allowed_protocols_tacacs resource
ise_authorization_profile.authorization_profile resource
ise_certificate_authentication_profile.certificate_authentication_profile resource
ise_device_admin_authentication_rule.default_device_admin_authentication_rule resource
ise_device_admin_authentication_rule.device_admin_authentication_rule resource
ise_device_admin_authentication_rule_update_rank.device_admin_authentication_rule_update_rank resource
ise_device_admin_authorization_exception_rule.device_admin_authorization_exception_rule resource
ise_device_admin_authorization_exception_rule_update_rank.device_admin_authorization_exception_rule_update_rank resource
ise_device_admin_authorization_global_exception_rule.device_admin_authorization_global_exception_rule resource
ise_device_admin_authorization_global_exception_rule_update_rank.device_admin_authorization_global_exception_rule_update_rank resource
ise_device_admin_authorization_rule.default_device_admin_authorization_rule resource
ise_device_admin_authorization_rule.device_admin_authorization_rule resource
ise_device_admin_authorization_rule_update_rank.device_admin_authorization_rule_update_rank resource
ise_device_admin_condition.device_admin_condition resource
ise_device_admin_policy_set.default_device_admin_policy_set resource
ise_device_admin_policy_set.device_admin_policy_set resource
ise_device_admin_policy_set_update_rank.device_admin_policy_set_update_rank resource
ise_device_admin_time_and_date_condition.device_admin_time_and_date_condition resource
ise_downloadable_acl.downloadable_acl resource
ise_endpoint.endpoint resource
ise_endpoint_identity_group.endpoint_identity_group_0 resource
ise_endpoint_identity_group.endpoint_identity_group_1 resource
ise_endpoint_identity_group.endpoint_identity_group_2 resource
ise_endpoint_identity_group.endpoint_identity_group_3 resource
ise_endpoint_identity_group.endpoint_identity_group_4 resource
ise_endpoint_identity_group.endpoint_identity_group_5 resource
ise_identity_source_sequence.identity_source_sequences resource
ise_internal_user.internal_user resource
ise_license_tier_state.license_tier_state resource
ise_network_access_authentication_rule.default_network_access_authentication_rule resource
ise_network_access_authentication_rule.network_access_authentication_rule resource
ise_network_access_authentication_rule_update_rank.network_access_authentication_rule_update_rank resource
ise_network_access_authorization_exception_rule.network_access_authorization_exception_rule resource
ise_network_access_authorization_exception_rule_update_rank.network_access_authorization_exception_rule_update_rank resource
ise_network_access_authorization_global_exception_rule.network_access_authorization_global_exception_rule resource
ise_network_access_authorization_global_exception_rule_update_rank.network_access_authorization_global_exception_rule_update_rank resource
ise_network_access_authorization_rule.default_network_access_authorization_rule resource
ise_network_access_authorization_rule.network_access_authorization_rule resource
ise_network_access_authorization_rule_update_rank.network_access_authorization_rule_update_rank resource
ise_network_access_condition.network_access_condition resource
ise_network_access_dictionary.network_access_dictionary resource
ise_network_access_policy_set.default_network_access_policy_set resource
ise_network_access_policy_set.network_access_policy_set resource
ise_network_access_policy_set_update_rank.network_access_policy_set_update_rank resource
ise_network_access_time_and_date_condition.network_access_time_and_date_condition resource
ise_network_device.network_device resource
ise_network_device_group.network_device_group_0 resource
ise_network_device_group.network_device_group_1 resource
ise_network_device_group.network_device_group_2 resource
ise_network_device_group.network_device_group_3 resource
ise_network_device_group.network_device_group_4 resource
ise_network_device_group.network_device_group_5 resource
ise_repository.repository resource
ise_tacacs_command_set.tacacs_command_set resource
ise_tacacs_profile.tacacs_profile resource
ise_trustsec_egress_matrix_cell.trustsec_egress_matrix_cell resource
ise_trustsec_ip_to_sgt_mapping.trustsec_ip_to_sgt_mapping resource
ise_trustsec_ip_to_sgt_mapping_group.trustsec_ip_to_sgt_mapping_group resource
ise_trustsec_security_group.trustsec_security_group resource
ise_trustsec_security_group_acl.trustsec_security_group_acl resource
ise_user_identity_group.user_identity_group_0 resource
ise_user_identity_group.user_identity_group_1 resource
ise_user_identity_group.user_identity_group_2 resource
ise_user_identity_group.user_identity_group_3 resource
ise_user_identity_group.user_identity_group_4 resource
ise_user_identity_group.user_identity_group_5 resource
local_sensitive_file.defaults resource
time_sleep.device_admin_policy_object_wait resource
time_sleep.network_device_group_wait resource
time_sleep.sgt_wait resource
ise_active_directory_groups_by_domain.all_groups data source
ise_device_admin_condition.device_admin_condition data source
ise_device_admin_condition.device_admin_condition_circular data source
ise_endpoint_identity_group.endpoint_identity_group data source
ise_network_access_condition.network_access_condition data source
ise_network_access_condition.network_access_condition_circular data source
ise_trustsec_security_group.trustsec_security_group data source
ise_trustsec_security_group_acl.trustsec_security_group_acl data source
ise_user_identity_group.user_identity_group data source
utils_yaml_merge.defaults data source
utils_yaml_merge.model data source

Modules

No modules.