Add authentication policy server resource and data source (#120)

Author: kuba-mazurkiewicz

CHANGELOG.md

@@ -5,6 +5,7 @@
 - Add `catalystcenter_site` data source
 - Add `catalystcenter_fabric_port_assignment` resource and data source
 - BREAKING CHANGE: Replace `catalystcenter_peer_transit_network` with `catalystcenter_transit_network` resource and data source to use `/dna/intent/api/v1/sda/transitNetworks` API endpoint, this resource now only works with Catalyst Center version 2.3.7.6+
+- Add `catalystcenter_authentication_policy_server` resource and data source
 
 ## 0.1.10
 

docs/data-sources/authentication_policy_server.md

@@ -0,0 +1,75 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "catalystcenter_authentication_policy_server Data Source - terraform-provider-catalystcenter"
+subcategory: "System Settings"
+description: |-
+  This data source can read the Authentication Policy Server.
+---
+
+# catalystcenter_authentication_policy_server (Data Source)
+
+This data source can read the Authentication Policy Server.
+
+## Example Usage
+
+```terraform
+data "catalystcenter_authentication_policy_server" "example" {
+  id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) The id of the object
+
+### Read-Only
+
+- `accounting_port` (Number) Accounting port of RADIUS server
+- `authentication_port` (Number) Authentication port of RADIUS server
+- `cisco_ise_dtos` (Attributes List) Cisco ISE Server DTOs (see [below for nested schema](#nestedatt--cisco_ise_dtos))
+- `encryption_key` (String) Encryption key used to encrypt shared secret
+- `encryption_scheme` (String) Type of encryption scheme for additional security
+- `external_cisco_ise_ip_addr_dtos` (Attributes List) For future use (see [below for nested schema](#nestedatt--external_cisco_ise_ip_addr_dtos))
+- `ip_address` (String) IP address of authentication and policy server
+- `is_ise_enabled` (Boolean) Value true for Cisco ISE Server. Default value is false
+- `message_key` (String) Message key used to encrypt shared secret
+- `port` (Number) Port of TACACS server
+- `protocol` (String) Type of protocol for authentication and policy server. If already saved with RADIUS, can update to RADIUS_TACACS. If already saved with TACACS, can update to RADIUS_TACACS
+- `pxgrid_enabled` (Boolean) Value true for enable, false for disable. Default value is true
+- `retries` (Number) Number of communication retries between devices and authentication and policy server. The range is from 1 to 3
+- `role` (String) Role of authentication and policy server
+- `shared_secret` (String) Shared secret between devices and authentication and policy server
+- `timeout_seconds` (Number) Number of seconds before timing out between devices and authentication and policy server. The range is from 2 to 20
+- `use_dnac_cert_for_pxgrid` (Boolean) Value true to use DNAC certificate for Pxgrid. Default value is false
+
+<a id="nestedatt--cisco_ise_dtos"></a>
+### Nested Schema for `cisco_ise_dtos`
+
+Read-Only:
+
+- `description` (String) Description about the Cisco ISE server
+- `fqdn` (String) Fully-qualified domain name of the Cisco ISE server
+- `ip_address` (String) IP Address of the Cisco ISE Server
+- `password` (String) Password of the Cisco ISE server
+- `sshkey` (String) SSH key of the Cisco ISE server
+- `subscriber_name` (String) Subscriber name of the Cisco ISE server
+- `user_name` (String) User name of the Cisco ISE server
+
+
+<a id="nestedatt--external_cisco_ise_ip_addr_dtos"></a>
+### Nested Schema for `external_cisco_ise_ip_addr_dtos`
+
+Read-Only:
+
+- `external_cisco_ise_ip_addresses` (Attributes List) (see [below for nested schema](#nestedatt--external_cisco_ise_ip_addr_dtos--external_cisco_ise_ip_addresses))
+- `type` (String)
+
+<a id="nestedatt--external_cisco_ise_ip_addr_dtos--external_cisco_ise_ip_addresses"></a>
+### Nested Schema for `external_cisco_ise_ip_addr_dtos.external_cisco_ise_ip_addresses`
+
+Read-Only:
+
+- `external_ip_address` (String)

docs/guides/changelog.md

@@ -14,6 +14,7 @@ description: |-
 - Add `catalystcenter_site` data source
 - Add `catalystcenter_fabric_port_assignment` resource and data source
 - BREAKING CHANGE: Replace `catalystcenter_peer_transit_network` with `catalystcenter_transit_network` resource and data source to use `/dna/intent/api/v1/sda/transitNetworks` API endpoint, this resource now only works with Catalyst Center version 2.3.7.6+
+- Add `catalystcenter_authentication_policy_server` resource and data source
 
 ## 0.1.10
 

docs/resources/authentication_policy_server.md

@@ -0,0 +1,108 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "catalystcenter_authentication_policy_server Resource - terraform-provider-catalystcenter"
+subcategory: "System Settings"
+description: |-
+  This resource can manage an Authentication Policy Server.
+---
+
+# catalystcenter_authentication_policy_server (Resource)
+
+This resource can manage an Authentication Policy Server.
+
+## Example Usage
+
+```terraform
+resource "catalystcenter_authentication_policy_server" "example" {
+  authentication_port      = 1812
+  accounting_port          = 1813
+  ip_address               = "10.0.0.1"
+  pxgrid_enabled           = true
+  use_dnac_cert_for_pxgrid = false
+  is_ise_enabled           = false
+  port                     = 49
+  protocol                 = "RADIUS"
+  retries                  = 2
+  role                     = "secondary"
+  shared_secret            = "Cisco123"
+  timeout_seconds          = 2
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `accounting_port` (Number) Accounting port of RADIUS server
+  - Range: `1`-`65535`
+- `authentication_port` (Number) Authentication port of RADIUS server
+  - Range: `1`-`65535`
+- `ip_address` (String) IP address of authentication and policy server
+- `port` (Number) Port of TACACS server
+  - Range: `1`-`65535`
+- `protocol` (String) Type of protocol for authentication and policy server. If already saved with RADIUS, can update to RADIUS_TACACS. If already saved with TACACS, can update to RADIUS_TACACS
+  - Choices: `TACACS`, `RADIUS`, `RADIUS_TACACS`
+- `retries` (Number) Number of communication retries between devices and authentication and policy server. The range is from 1 to 3
+  - Range: `1`-`3`
+- `role` (String) Role of authentication and policy server
+  - Choices: `primary`, `secondary`
+- `shared_secret` (String) Shared secret between devices and authentication and policy server
+- `timeout_seconds` (Number) Number of seconds before timing out between devices and authentication and policy server. The range is from 2 to 20
+  - Range: `2`-`20`
+
+### Optional
+
+- `cisco_ise_dtos` (Attributes List) Cisco ISE Server DTOs (see [below for nested schema](#nestedatt--cisco_ise_dtos))
+- `encryption_key` (String) Encryption key used to encrypt shared secret
+- `encryption_scheme` (String) Type of encryption scheme for additional security
+  - Choices: `KEYWRAP`, `RADSEC`
+- `external_cisco_ise_ip_addr_dtos` (Attributes List) For future use (see [below for nested schema](#nestedatt--external_cisco_ise_ip_addr_dtos))
+- `is_ise_enabled` (Boolean) Value true for Cisco ISE Server. Default value is false
+- `message_key` (String) Message key used to encrypt shared secret
+- `pxgrid_enabled` (Boolean) Value true for enable, false for disable. Default value is true
+- `use_dnac_cert_for_pxgrid` (Boolean) Value true to use DNAC certificate for Pxgrid. Default value is false
+
+### Read-Only
+
+- `id` (String) The id of the object
+
+<a id="nestedatt--cisco_ise_dtos"></a>
+### Nested Schema for `cisco_ise_dtos`
+
+Required:
+
+- `fqdn` (String) Fully-qualified domain name of the Cisco ISE server
+- `ip_address` (String) IP Address of the Cisco ISE Server
+- `password` (String) Password of the Cisco ISE server
+- `subscriber_name` (String) Subscriber name of the Cisco ISE server
+- `user_name` (String) User name of the Cisco ISE server
+
+Optional:
+
+- `description` (String) Description about the Cisco ISE server
+- `sshkey` (String) SSH key of the Cisco ISE server
+
+
+<a id="nestedatt--external_cisco_ise_ip_addr_dtos"></a>
+### Nested Schema for `external_cisco_ise_ip_addr_dtos`
+
+Optional:
+
+- `external_cisco_ise_ip_addresses` (Attributes List) (see [below for nested schema](#nestedatt--external_cisco_ise_ip_addr_dtos--external_cisco_ise_ip_addresses))
+- `type` (String)
+
+<a id="nestedatt--external_cisco_ise_ip_addr_dtos--external_cisco_ise_ip_addresses"></a>
+### Nested Schema for `external_cisco_ise_ip_addr_dtos.external_cisco_ise_ip_addresses`
+
+Optional:
+
+- `external_ip_address` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import catalystcenter_authentication_policy_server.example "<id>"
+```

examples/data-sources/catalystcenter_authentication_policy_server/data-source.tf

@@ -0,0 +1,3 @@
+data "catalystcenter_authentication_policy_server" "example" {
+  id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}

examples/resources/catalystcenter_authentication_policy_server/import.sh

@@ -0,0 +1 @@
+terraform import catalystcenter_authentication_policy_server.example "<id>"

examples/resources/catalystcenter_authentication_policy_server/resource.tf

@@ -0,0 +1,14 @@
+resource "catalystcenter_authentication_policy_server" "example" {
+  authentication_port      = 1812
+  accounting_port          = 1813
+  ip_address               = "10.0.0.1"
+  pxgrid_enabled           = true
+  use_dnac_cert_for_pxgrid = false
+  is_ise_enabled           = false
+  port                     = 49
+  protocol                 = "RADIUS"
+  retries                  = 2
+  role                     = "secondary"
+  shared_secret            = "Cisco123"
+  timeout_seconds          = 2
+}

gen/definitions/authentication_policy_server.yaml

@@ -0,0 +1,145 @@
+---
+name: Authentication Policy Server
+rest_endpoint: /dna/intent/api/v1/authentication-policy-servers
+get_from_all: true
+id_from_query_path: response
+id_from_query_path_attribute: instanceUuid
+skip_minimum_test: true
+doc_category: System Settings
+attributes:
+  - model_name: authenticationPort
+    type: Int64
+    mandatory: true
+    min_int: 1
+    max_int: 65535
+    description: Authentication port of RADIUS server
+    example: 1812
+  - model_name: accountingPort
+    type: Int64
+    mandatory: true
+    min_int: 1
+    max_int: 65535
+    description: Accounting port of RADIUS server
+    example: 1813
+  - model_name: ciscoIseDtos
+    type: List
+    description: Cisco ISE Server DTOs
+    exclude_test: true
+    attributes:
+      - model_name: description
+        type: String
+        description: Description about the Cisco ISE server
+      - model_name: fqdn
+        type: String
+        description: Fully-qualified domain name of the Cisco ISE server
+        mandatory: true
+      - model_name: password
+        type: String
+        description: Password of the Cisco ISE server
+        mandatory: true
+      - model_name: sshkey
+        type: String
+        description: SSH key of the Cisco ISE server
+      - model_name: ipAddress
+        type: String
+        description: IP Address of the Cisco ISE Server
+        mandatory: true
+      - model_name: subscriberName
+        type: String
+        description: Subscriber name of the Cisco ISE server
+        mandatory: true
+      - model_name: userName
+        type: String
+        description: User name of the Cisco ISE server
+        mandatory: true
+  - model_name: ipAddress
+    match_id: true
+    type: String
+    description: IP address of authentication and policy server
+    mandatory: true
+    example: 10.0.0.1
+  - model_name: pxgridEnabled
+    type: Bool
+    description: Value true for enable, false for disable. Default value is true
+    example: true
+  - model_name: useDnacCertForPxgrid
+    type: Bool
+    description: Value true to use DNAC certificate for Pxgrid. Default value is false
+    example: false
+  - model_name: isIseEnabled
+    type: Bool
+    description: Value true for Cisco ISE Server. Default value is false
+    example: false
+  - model_name: port
+    type: Int64
+    mandatory: true
+    min_int: 1
+    max_int: 65535
+    description: Port of TACACS server
+    example: 49
+  - model_name: protocol
+    type: String
+    enum_values:
+      - TACACS
+      - RADIUS
+      - RADIUS_TACACS
+    mandatory: true
+    description: Type of protocol for authentication and policy server. If already saved with RADIUS, can update to RADIUS_TACACS. If already saved with TACACS, can update to RADIUS_TACACS
+    example: RADIUS
+  - model_name: retries
+    type: Int64
+    min_int: 1
+    max_int: 3
+    mandatory: true
+    description: Number of communication retries between devices and authentication and policy server. The range is from 1 to 3
+    example: 2
+  - model_name: role
+    mandatory: true
+    type: String
+    enum_values:
+      - primary
+      - secondary
+    description: Role of authentication and policy server
+    example: secondary
+  - model_name: sharedSecret
+    type: String
+    write_only: true
+    mandatory: true
+    description: Shared secret between devices and authentication and policy server
+    example: Cisco123
+  - model_name: timeoutSeconds
+    type: Int64
+    min_int: 2
+    max_int: 20
+    mandatory: true
+    description: Number of seconds before timing out between devices and authentication and policy server. The range is from 2 to 20
+    example: 2
+  - model_name: encryptionScheme
+    type: String
+    enum_values:
+      - KEYWRAP
+      - RADSEC
+    description: Type of encryption scheme for additional security
+    exclude_test: true
+  - model_name: messageKey
+    type: String
+    write_only: true
+    description: Message key used to encrypt shared secret
+    exclude_test: true
+  - model_name: encryptionKey
+    type: String
+    write_only: true
+    description: Encryption key used to encrypt shared secret
+    exclude_test: true
+  - model_name: externalCiscoIseIpAddrDtos
+    type: List
+    description: For future use
+    exclude_test: true
+    attributes:
+      - model_name: externalCiscoIseIpAddresses
+        type: List
+        attributes:
+          - model_name: externalIpAddress
+            type: String
+      - model_name: type
+        type: String