Add sxp domain filter resource and remove default attributes from resources (#92)

Author: kuba-mazurkiewicz

.gitignore

@@ -33,3 +33,5 @@ website/vendor
 
 # Keep windows files with windows line endings
 *.winfile eol=crlf
+
+.envrc

CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.2.5 (unreleased)
+
+- Remove default_value from `systemDefined` attribute in `ise_endpoint_identity_group`
+- Remove `default` from `ise_device_admin_authorization_global_exception_rule` and `ise_network_access_authorization_global_exception_rule`
+- Remove default_value from `isReadOnly` and `readOnly` attributes in `ise_trustsec_security_group` and `ise_trustsec_security_group_acl`
+- Add `ise_sxp_domain_filter` resource and data_source
+
 ## 0.2.4
 
 - Fix managing `Default` network access and device administration resources

docs/data-sources/device_admin_authorization_global_exception_rule.md

@@ -38,7 +38,6 @@ data "ise_device_admin_authorization_global_exception_rule" "example" {
 - `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
 - `condition_operator` (String) Equality operator
 - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
-- `default` (Boolean) Indicates if this rule is the default one
 - `profile` (String) Device admin profiles control the initial login session of the device administrator
 - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
 - `state` (String) The state that the rule is in. A disabled rule cannot be matched.

docs/data-sources/network_access_authorization_global_exception_rule.md

@@ -37,7 +37,6 @@ data "ise_network_access_authorization_global_exception_rule" "example" {
 - `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
 - `condition_operator` (String) Equality operator
 - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
-- `default` (Boolean) Indicates if this rule is the default one
 - `profiles` (Set of String) The authorization profile(s)
 - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
 - `security_group` (String) Security group used in authorization policies

docs/data-sources/sxp_domain_filter.md

@@ -0,0 +1,35 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_sxp_domain_filter Data Source - terraform-provider-ise"
+subcategory: "TrustSec"
+description: |-
+  This data source can read the SXP Domain Filter.
+---
+
+# ise_sxp_domain_filter (Data Source)
+
+This data source can read the SXP Domain Filter.
+
+## Example Usage
+
+```terraform
+data "ise_sxp_domain_filter" "example" {
+  id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `id` (String) The id of the object
+- `name` (String) Resource name
+
+### Read-Only
+
+- `description` (String) Description
+- `domains` (String) List of SXP Domains, separated with comma
+- `sgt` (String) SGT name or ID. At least one of subnet or sgt or vn should be defined
+- `subnet` (String) Subnet for filter policy (hostname is not supported). At least one of subnet or sgt or vn should be defined
+- `vn` (String) Virtual Network. At least one of subnet or sgt or vn should be defined

docs/guides/changelog.md

@@ -7,6 +7,13 @@ description: |-
 
 # Changelog
 
+## 0.2.5 (unreleased)
+
+- Remove default_value from `systemDefined` attribute in `ise_endpoint_identity_group`
+- Remove `default` from `ise_device_admin_authorization_global_exception_rule` and `ise_network_access_authorization_global_exception_rule`
+- Remove default_value from `isReadOnly` and `readOnly` attributes in `ise_trustsec_security_group` and `ise_trustsec_security_group_acl`
+- Add `ise_sxp_domain_filter` resource and data_source
+
 ## 0.2.4
 
 - Fix managing `Default` network access and device administration resources

docs/resources/device_admin_authorization_global_exception_rule.md

@@ -15,7 +15,6 @@ This resource can manage a Device Admin Authorization Global Exception Rule.
 ```terraform
 resource "ise_device_admin_authorization_global_exception_rule" "example" {
   name                      = "Rule1"
-  default                   = false
   rank                      = 0
   state                     = "enabled"
   condition_type            = "ConditionAttributes"
@@ -50,7 +49,6 @@ resource "ise_device_admin_authorization_global_exception_rule" "example" {
   - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
 - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
   - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
-- `default` (Boolean) Indicates if this rule is the default one
 - `profile` (String) Device admin profiles control the initial login session of the device administrator
 - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
 - `state` (String) The state that the rule is in. A disabled rule cannot be matched.

docs/resources/endpoint_identity_group.md

@@ -32,7 +32,6 @@ resource "ise_endpoint_identity_group" "example" {
 - `description` (String) Description
 - `parent_endpoint_identity_group_id` (String) Parent endpoint identity group ID
 - `system_defined` (Boolean) System defined endpoint identity group
-  - Default value: `false`
 
 ### Read-Only
 

docs/resources/network_access_authorization_global_exception_rule.md

@@ -15,7 +15,6 @@ This resource can manage a Network Access Authorization Global Exception Rule.
 ```terraform
 resource "ise_network_access_authorization_global_exception_rule" "example" {
   name                      = "Rule1"
-  default                   = false
   rank                      = 0
   state                     = "enabled"
   condition_type            = "ConditionAttributes"
@@ -49,7 +48,6 @@ resource "ise_network_access_authorization_global_exception_rule" "example" {
   - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
 - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
   - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
-- `default` (Boolean) Indicates if this rule is the default one
 - `profiles` (Set of String) The authorization profile(s)
 - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
 - `security_group` (String) Security group used in authorization policies

docs/resources/sxp_domain_filter.md

@@ -0,0 +1,48 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_sxp_domain_filter Resource - terraform-provider-ise"
+subcategory: "TrustSec"
+description: |-
+  This resource can manage a SXP Domain Filter.
+---
+
+# ise_sxp_domain_filter (Resource)
+
+This resource can manage a SXP Domain Filter.
+
+## Example Usage
+
+```terraform
+resource "ise_sxp_domain_filter" "example" {
+  subnet  = "1.0.0.0/24"
+  vn      = "VN1"
+  domains = "default"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `domains` (String) List of SXP Domains, separated with comma
+
+### Optional
+
+- `description` (String) Description
+- `name` (String) Resource name
+- `sgt` (String) SGT name or ID. At least one of subnet or sgt or vn should be defined
+- `subnet` (String) Subnet for filter policy (hostname is not supported). At least one of subnet or sgt or vn should be defined
+- `vn` (String) Virtual Network. At least one of subnet or sgt or vn should be defined
+
+### Read-Only
+
+- `id` (String) The id of the object
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import ise_sxp_domain_filter.example "76d24097-41c4-4558-a4d0-a8c07ac08470"
+```