Add network access authorization global exception rule resource

Author: danischm

CHANGELOG.md

@@ -12,6 +12,7 @@
 - Add `ise_device_admin_authorization_global_exception_rule` resource and data source
 - BREAKING CHANGE: Rename `profile` attribute to `profiles` of `ise_network_access_authorization_rule` resource and data source
 - Add `ise_network_access_authorization_exception_rule` resource and data source
+- Add `ise_network_access_authorization_global_exception_rule` resource and data source
 
 ## 0.1.5
 

docs/data-sources/network_access_authorization_global_exception_rule.md

@@ -0,0 +1,73 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_network_access_authorization_global_exception_rule Data Source - terraform-provider-ise"
+subcategory: "Policy"
+description: |-
+  This data source can read the Network Access Authorization Global Exception Rule.
+---
+
+# ise_network_access_authorization_global_exception_rule (Data Source)
+
+This data source can read the Network Access Authorization Global Exception Rule.
+
+## Example Usage
+
+```terraform
+data "ise_network_access_authorization_global_exception_rule" "example" {
+  id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `id` (String) The id of the object
+- `name` (String) Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
+
+### Read-Only
+
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `default` (Boolean) Indicates if this rule is the default one
+- `profiles` (List of String) The authorization profile(s)
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `security_group` (String) Security group used in authorization policies
+- `state` (String) The state that the rule is in. A disabled rule cannot be matched.
+
+<a id="nestedatt--children"></a>
+### Nested Schema for `children`
+
+Read-Only:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children--children))
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+
+<a id="nestedatt--children--children"></a>
+### Nested Schema for `children.children`
+
+Read-Only:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator

docs/guides/changelog.md

@@ -21,6 +21,7 @@ description: |-
 - Add `ise_device_admin_authorization_global_exception_rule` resource and data source
 - BREAKING CHANGE: Rename `profile` attribute to `profiles` of `ise_network_access_authorization_rule` resource and data source
 - Add `ise_network_access_authorization_exception_rule` resource and data source
+- Add `ise_network_access_authorization_global_exception_rule` resource and data source
 
 ## 0.1.5
 

docs/resources/network_access_authorization_global_exception_rule.md

@@ -0,0 +1,108 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_network_access_authorization_global_exception_rule Resource - terraform-provider-ise"
+subcategory: "Policy"
+description: |-
+  This resource can manage a Network Access Authorization Global Exception Rule.
+---
+
+# ise_network_access_authorization_global_exception_rule (Resource)
+
+This resource can manage a Network Access Authorization Global Exception Rule.
+
+## Example Usage
+
+```terraform
+resource "ise_network_access_authorization_global_exception_rule" "example" {
+  name                      = "Rule1"
+  default                   = false
+  rank                      = 0
+  state                     = "enabled"
+  condition_type            = "ConditionAttributes"
+  condition_is_negate       = false
+  condition_attribute_name  = "Location"
+  condition_attribute_value = "All Locations"
+  condition_dictionary_name = "DEVICE"
+  condition_operator        = "equals"
+  profiles                  = ["PermitAccess"]
+  security_group            = "BYOD"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
+
+### Optional
+
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+  - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+- `default` (Boolean) Indicates if this rule is the default one
+- `profiles` (List of String) The authorization profile(s)
+- `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
+- `security_group` (String) Security group used in authorization policies
+- `state` (String) The state that the rule is in. A disabled rule cannot be matched.
+  - Choices: `disabled`, `enabled`, `monitor`
+
+### Read-Only
+
+- `id` (String) The id of the object
+
+<a id="nestedatt--children"></a>
+### Nested Schema for `children`
+
+Required:
+
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+
+Optional:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children--children))
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+  - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+
+<a id="nestedatt--children--children"></a>
+### Nested Schema for `children.children`
+
+Required:
+
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+
+Optional:
+
+- `attribute_name` (String) Dictionary attribute name
+- `attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `dictionary_name` (String) Dictionary name
+- `dictionary_value` (String) Dictionary value
+- `id` (String) UUID for condition
+- `is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `operator` (String) Equality operator
+  - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import ise_network_access_authorization_global_exception_rule.example "76d24097-41c4-4558-a4d0-a8c07ac08470"
+```

examples/data-sources/ise_network_access_authorization_global_exception_rule/data-source.tf

@@ -0,0 +1,3 @@
+data "ise_network_access_authorization_global_exception_rule" "example" {
+  id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}

examples/resources/ise_network_access_authorization_global_exception_rule/import.sh

@@ -0,0 +1 @@
+terraform import ise_network_access_authorization_global_exception_rule.example "76d24097-41c4-4558-a4d0-a8c07ac08470"

examples/resources/ise_network_access_authorization_global_exception_rule/resource.tf

@@ -0,0 +1,14 @@
+resource "ise_network_access_authorization_global_exception_rule" "example" {
+  name                      = "Rule1"
+  default                   = false
+  rank                      = 0
+  state                     = "enabled"
+  condition_type            = "ConditionAttributes"
+  condition_is_negate       = false
+  condition_attribute_name  = "Location"
+  condition_attribute_value = "All Locations"
+  condition_dictionary_name = "DEVICE"
+  condition_operator        = "equals"
+  profiles                  = ["PermitAccess"]
+  security_group            = "BYOD"
+}