Allow updating default policy sets and rules

Author: danischm

CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.1.13 (unreleased)
+
+- Add `default` attribute to `ise_network_access_policy_set` resource
+- Add `default` attribute to `ise_device_admin_policy_set` resource
+- Allow updating default policy sets and rules
+
 ## 0.1.12
 
 - Ignore error messages when attempting to delete default policy sets or rules

docs/data-sources/device_admin_policy_set.md

@@ -37,6 +37,7 @@ data "ise_device_admin_policy_set" "example" {
 - `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
 - `condition_operator` (String) Equality operator
 - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `default` (Boolean) Indicates if this policy set is the default one
 - `description` (String) The description of the policy set
 - `is_proxy` (Boolean) Flag which indicates if the policy set service is of type 'Proxy Sequence' or 'Allowed Protocols'
 - `rank` (Number) The rank (priority) in relation to other policy sets. Lower rank is higher priority.

docs/data-sources/network_access_policy_set.md

@@ -37,6 +37,7 @@ data "ise_network_access_policy_set" "example" {
 - `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
 - `condition_operator` (String) Equality operator
 - `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+- `default` (Boolean) Indicates if this policy set is the default one
 - `description` (String) The description of the policy set
 - `is_proxy` (Boolean) Flag which indicates if the policy set service is of type 'Proxy Sequence' or 'Allowed Protocols'
 - `rank` (Number) The rank (priority) in relation to other policy sets. Lower rank is higher priority.

docs/guides/changelog.md

@@ -7,6 +7,12 @@ description: |-
 
 # Changelog
 
+## 0.1.13 (unreleased)
+
+- Add `default` attribute to `ise_network_access_policy_set` resource
+- Add `default` attribute to `ise_device_admin_policy_set` resource
+- Allow updating default policy sets and rules
+
 ## 0.1.12
 
 - Ignore error messages when attempting to delete default policy sets or rules

docs/resources/device_admin_policy_set.md

@@ -34,8 +34,6 @@ resource "ise_device_admin_policy_set" "example" {
 
 ### Required
 
-- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
-  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
 - `name` (String) Given name for the policy set, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
 - `service_name` (String) Policy set service identifier. 'Allowed Protocols' or 'Server Sequence'.
 
@@ -50,6 +48,9 @@ resource "ise_device_admin_policy_set" "example" {
 - `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
 - `condition_operator` (String) Equality operator
   - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+- `default` (Boolean) Indicates if this policy set is the default one
 - `description` (String) The description of the policy set
 - `is_proxy` (Boolean) Flag which indicates if the policy set service is of type 'Proxy Sequence' or 'Allowed Protocols'
 - `rank` (Number) The rank (priority) in relation to other policy sets. Lower rank is higher priority.

docs/resources/network_access_policy_set.md

@@ -34,8 +34,6 @@ resource "ise_network_access_policy_set" "example" {
 
 ### Required
 
-- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
-  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
 - `name` (String) Given name for the policy set, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
 - `service_name` (String) Policy set service identifier. 'Allowed Protocols' or 'Server Sequence'.
 
@@ -50,6 +48,9 @@ resource "ise_network_access_policy_set" "example" {
 - `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
 - `condition_operator` (String) Equality operator
   - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+- `default` (Boolean) Indicates if this policy set is the default one
 - `description` (String) The description of the policy set
 - `is_proxy` (Boolean) Flag which indicates if the policy set service is of type 'Proxy Sequence' or 'Allowed Protocols'
 - `rank` (Number) The rank (priority) in relation to other policy sets. Lower rank is higher priority.

gen/definitions/device_admin_policy_set.yaml

@@ -13,6 +13,7 @@ attributes:
     example: PolicySet1
   - model_name: description
     type: String
+    computed: true
     description: The description of the policy set
     example: My description
   - model_name: isProxy
@@ -21,6 +22,7 @@ attributes:
     example: false
   - model_name: rank
     type: Int64
+    computed: true
     description: The rank (priority) in relation to other policy sets. Lower rank is higher priority.
     example: 0
   - model_name: serviceName
@@ -33,9 +35,13 @@ attributes:
     enum_values: [disabled, enabled, monitor]
     description: The state that the policy set is in. A disabled policy set cannot be matched.
     example: enabled
+  - model_name: default
+    type: Bool
+    description: Indicates if this policy set is the default one
+    example: false
+    exclude_test: true
   - model_name: conditionType
     data_path: [condition]
-    mandatory: true
     type: String
     enum_values:
       [

gen/definitions/network_access_policy_set.yaml

@@ -13,6 +13,7 @@ attributes:
     example: PolicySet1
   - model_name: description
     type: String
+    computed: true
     description: The description of the policy set
     example: My description
   - model_name: isProxy
@@ -21,6 +22,7 @@ attributes:
     example: false
   - model_name: rank
     type: Int64
+    computed: true
     description: The rank (priority) in relation to other policy sets. Lower rank is higher priority.
     example: 0
   - model_name: serviceName
@@ -33,9 +35,13 @@ attributes:
     enum_values: [disabled, enabled, monitor]
     description: The state that the policy set is in. A disabled policy set cannot be matched.
     example: enabled
+  - model_name: default
+    type: Bool
+    description: Indicates if this policy set is the default one
+    example: false
+    exclude_test: true
   - model_name: conditionType
     data_path: [condition]
-    mandatory: true
     type: String
     enum_values:
       [

gen/generator.go

@@ -135,6 +135,7 @@ type YamlConfigAttribute struct {
 	Reference        bool                  `yaml:"reference"`
 	DataSourceQuery  bool                  `yaml:"data_source_query"`
 	Mandatory        bool                  `yaml:"mandatory"`
+	Computed         bool                  `yaml:"computed"`
 	WriteOnly        bool                  `yaml:"write_only"`
 	WriteChangesOnly bool                  `yaml:"write_changes_only"`
 	ExcludeTest      bool                  `yaml:"exclude_test"`

gen/schema/schema.yaml

@@ -39,6 +39,7 @@ attribute:
   reference: bool(required=False) # Set to true if the attribute is a reference being used in the path (URL) of the REST endpoint
   data_source_query: bool(required=False) # Set to true if the attribute is an alternative query parameter for the data source
   mandatory: bool(required=False) # Set to true if the attribute is mandatory
+  computed: bool(required=False) # Set to true if the attribute is computed
   write_only: bool(required=False) # Set to true if the attribute is write-only, meaning we cannot read the value
   write_changes_only: bool(required=False) # Set to true if the attribute should only be written (included in PUT payload) if it has changed
   exclude_test: bool(required=False) # Exclude attribute from example (documentation) and acceptance test
@@ -55,7 +56,6 @@ attribute:
   string_patterns: list(str(), required=False) # List of regular expressions that the string must match, only relevant if type is "String"
   string_min_length: int(required=False) # Minimum length of a string, only relevant if type is "String"
   string_max_length: int(required=False) # Maximum length of a string, only relevant if type is "String"
-  requires_replace: bool(required=False) # Set to true if the attribute requires a replace operation
   default_value: any(str(), int(), bool(), required=False) # Default value for the attribute
   value: any(str(), int(), bool(), required=False) # Hardcoded value for the attribute
   test_value: str(required=False) # Value used for acceptance test