Add trustsec resources and data sources (#5)

docs/data-sources/authorization_profile.md

@@ -30,6 +30,7 @@ data "ise_authorization_profile" "example" {
 - `access_type` (String) Access type
 - `acl` (String) ACL
 - `advanced_attributes` (Attributes List) List of advanced attributes (see [below for nested schema](#nestedatt--advanced_attributes))
+- `agentless_posture` (Boolean) Agentless Posture.
 - `airespace_acl` (String) Airespace ACL
 - `airespace_ipv6_acl` (String) Airespace IPv6 ACL
 - `asa_vpn` (String) ASA VPN

docs/data-sources/internal_user.md

@@ -29,11 +29,15 @@ data "ise_internal_user" "example" {
 
 - `account_name_alias` (String) The Account Name Alias will be used to send email notifications about password expiration. This field is only supported from ISE 3.2.
 - `change_password` (Boolean) Requires the user to change the password
+- `custom_attributes` (String) Key value map
 - `description` (String) Description
 - `email` (String) Email address
 - `enable_password` (String) This field is added in ISE 2.0 to support TACACS+
 - `enabled` (Boolean) Whether the user is enabled/disabled
+- `expiry_date` (String) Password expiry date. It's format is = 'YYYY-MM-DD'
+- `expiry_date_enabled` (Boolean) Enable a password expiry date
 - `first_name` (String) First name of the internal user
+- `identity_groups` (String) Comma separated list of identity group IDs.
 - `last_name` (String) Last name of the internal user
 - `name` (String) The name of the internal user
 - `password` (String) The password of the internal user

docs/data-sources/network_access_authentication_rule.md

@@ -29,6 +29,7 @@ data "ise_network_access_authentication_rule" "example" {
 
 ### Read-Only
 
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
 - `condition_attribute_name` (String) Dictionary attribute name
 - `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
 - `condition_dictionary_name` (String) Dictionary name
@@ -45,3 +46,17 @@ data "ise_network_access_authentication_rule" "example" {
 - `name` (String) Rule name, [Valid characters are alphanumerics, underscore, hyphen, space, period, parentheses]
 - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
 - `state` (String) The state that the rule is in. A disabled rule cannot be matched.
+
+<a id="nestedatt--children"></a>
+### Nested Schema for `children`
+
+Read-Only:
+
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.

docs/data-sources/network_access_authorization_rule.md

@@ -29,6 +29,7 @@ data "ise_network_access_authorization_rule" "example" {
 
 ### Read-Only
 
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
 - `condition_attribute_name` (String) Dictionary attribute name
 - `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
 - `condition_dictionary_name` (String) Dictionary name
@@ -43,3 +44,17 @@ data "ise_network_access_authorization_rule" "example" {
 - `rank` (Number) The rank (priority) in relation to other rules. Lower rank is higher priority.
 - `security_group` (String) Security group used in authorization policies
 - `state` (String) The state that the rule is in. A disabled rule cannot be matched.
+
+<a id="nestedatt--children"></a>
+### Nested Schema for `children`
+
+Read-Only:
+
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.

docs/data-sources/trustsec_egress_matrix_cell.md

@@ -0,0 +1,35 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_trustsec_egress_matrix_cell Data Source - terraform-provider-ise"
+subcategory: "TrustSec"
+description: |-
+  This data source can read the TrustSec Egress Matrix Cell.
+---
+
+# ise_trustsec_egress_matrix_cell (Data Source)
+
+This data source can read the TrustSec Egress Matrix Cell.
+
+## Example Usage
+
+```terraform
+data "ise_trustsec_egress_matrix_cell" "example" {
+  id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) The id of the object
+
+### Read-Only
+
+- `default_rule` (String) Can be used only if sgacls not specified.
+- `description` (String) Description
+- `destination_sgt_id` (String) Destination Trustsec Security Group ID
+- `matrix_cell_status` (String) Matrix Cell Status
+- `sgacls` (List of String) List of TrustSec Security Groups ACLs
+- `source_sgt_id` (String) Source Trustsec Security Group ID

docs/data-sources/trustsec_security_group_acl.md

@@ -0,0 +1,34 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_trustsec_security_group_acl Data Source - terraform-provider-ise"
+subcategory: "TrustSec"
+description: |-
+  This data source can read the TrustSec Security Group ACL.
+---
+
+# ise_trustsec_security_group_acl (Data Source)
+
+This data source can read the TrustSec Security Group ACL.
+
+## Example Usage
+
+```terraform
+data "ise_trustsec_security_group_acl" "example" {
+  id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) The id of the object
+
+### Read-Only
+
+- `acl_content` (String) Content of ACL
+- `description` (String) Description
+- `ip_version` (String) IP Version
+- `name` (String) The name of the security group ACL
+- `read_only` (Boolean) Read-only

docs/resources/authorization_profile.md

@@ -23,6 +23,7 @@ resource "ise_authorization_profile" "example" {
   web_redirection_portal_name                           = "Sponsored Guest Portal (default)"
   web_redirection_static_ip_host_name_fqdn              = "1.2.3.4"
   web_redirection_display_certificates_renewal_messages = true
+  agentless_posture                                     = false
   access_type                                           = "ACCESS_ACCEPT"
   profile_name                                          = "Cisco"
   airespace_acl                                         = "ACL1"
@@ -69,6 +70,7 @@ resource "ise_authorization_profile" "example" {
   - Default value: `ACCESS_ACCEPT`
 - `acl` (String) ACL
 - `advanced_attributes` (Attributes List) List of advanced attributes (see [below for nested schema](#nestedatt--advanced_attributes))
+- `agentless_posture` (Boolean) Agentless Posture.
 - `airespace_acl` (String) Airespace ACL
 - `airespace_ipv6_acl` (String) Airespace IPv6 ACL
 - `asa_vpn` (String) ASA VPN

docs/resources/internal_user.md

@@ -25,6 +25,7 @@ resource "ise_internal_user" "example" {
   first_name             = "John"
   last_name              = "Doe"
   password_id_store      = "Internal Users"
+  expiry_date_enabled    = false
   description            = "My first Terraform user"
 }
 ```
@@ -42,11 +43,16 @@ resource "ise_internal_user" "example" {
 - `account_name_alias` (String) The Account Name Alias will be used to send email notifications about password expiration. This field is only supported from ISE 3.2.
 - `change_password` (Boolean) Requires the user to change the password
   - Default value: `true`
+- `custom_attributes` (String) Key value map
 - `description` (String) Description
 - `email` (String) Email address
 - `enable_password` (String) This field is added in ISE 2.0 to support TACACS+
 - `enabled` (Boolean) Whether the user is enabled/disabled
+- `expiry_date` (String) Password expiry date. It's format is = 'YYYY-MM-DD'
+- `expiry_date_enabled` (Boolean) Enable a password expiry date
+  - Default value: `false`
 - `first_name` (String) First name of the internal user
+- `identity_groups` (String) Comma separated list of identity group IDs.
 - `last_name` (String) Last name of the internal user
 - `password_id_store` (String) The ID store where the internal user's password is kept
   - Default value: `Internal Users`

docs/resources/network_access_authentication_rule.md

@@ -48,6 +48,7 @@ resource "ise_network_access_authentication_rule" "example" {
 
 ### Optional
 
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
 - `condition_attribute_name` (String) Dictionary attribute name
 - `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
 - `condition_dictionary_name` (String) Dictionary name
@@ -68,6 +69,25 @@ resource "ise_network_access_authentication_rule" "example" {
 
 - `id` (String) The id of the object
 
+<a id="nestedatt--children"></a>
+### Nested Schema for `children`
+
+Required:
+
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+
+Optional:
+
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+  - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+
 ## Import
 
 Import is supported using the following syntax:

docs/resources/network_access_authorization_rule.md

@@ -40,6 +40,7 @@ resource "ise_network_access_authorization_rule" "example" {
 
 ### Optional
 
+- `children` (Attributes List) List of child conditions. `condition_type` must be one of `ConditionAndBlock`, `ConditionOrBlock`, `ConditionAttributes` or `ConditionReference`. (see [below for nested schema](#nestedatt--children))
 - `condition_attribute_name` (String) Dictionary attribute name
 - `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
 - `condition_dictionary_name` (String) Dictionary name
@@ -61,6 +62,25 @@ resource "ise_network_access_authorization_rule" "example" {
 
 - `id` (String) The id of the object
 
+<a id="nestedatt--children"></a>
+### Nested Schema for `children`
+
+Required:
+
+- `condition_type` (String) Indicates whether the record is the condition itself or a logical aggregation. Logical aggreation indicates that additional conditions are present under the children attribute.
+  - Choices: `ConditionAndBlock`, `ConditionAttributes`, `ConditionOrBlock`, `ConditionReference`
+
+Optional:
+
+- `condition_attribute_name` (String) Dictionary attribute name
+- `condition_attribute_value` (String) Attribute value for condition. Value type is specified in dictionary object.
+- `condition_dictionary_name` (String) Dictionary name
+- `condition_dictionary_value` (String) Dictionary value
+- `condition_id` (String) UUID for condition
+- `condition_is_negate` (Boolean) Indicates whereas this condition is in negate mode
+- `condition_operator` (String) Equality operator
+  - Choices: `contains`, `endsWith`, `equals`, `greaterOrEquals`, `greaterThan`, `in`, `ipEquals`, `ipGreaterThan`, `ipLessThan`, `ipNotEquals`, `lessOrEquals`, `lessThan`, `matches`, `notContains`, `notEndsWith`, `notEquals`, `notIn`, `notStartsWith`, `startsWith`
+
 ## Import
 
 Import is supported using the following syntax:

docs/resources/trustsec_egress_matrix_cell.md

@@ -0,0 +1,54 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_trustsec_egress_matrix_cell Resource - terraform-provider-ise"
+subcategory: "TrustSec"
+description: |-
+  This resource can manage a TrustSec Egress Matrix Cell.
+---
+
+# ise_trustsec_egress_matrix_cell (Resource)
+
+This resource can manage a TrustSec Egress Matrix Cell.
+
+## Example Usage
+
+```terraform
+resource "ise_trustsec_egress_matrix_cell" "example" {
+  description        = "EgressMatrixCell Description"
+  matrix_cell_status = "ENABLED"
+  sgacls             = ["26b76b10-66e6-11ee-9cc1-9eb2a3ecc82a,9d64dcd0-6384-11ee-9cc1-9eb2a3ecc82a"]
+  source_sgt_id      = "93c66ed0-8c01-11e6-996c-525400b48521"
+  destination_sgt_id = "93e1bf00-8c01-11e6-996c-525400b48521"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `destination_sgt_id` (String) Destination Trustsec Security Group ID
+- `sgacls` (List of String) List of TrustSec Security Groups ACLs
+- `source_sgt_id` (String) Source Trustsec Security Group ID
+
+### Optional
+
+- `default_rule` (String) Can be used only if sgacls not specified.
+  - Choices: `NONE`, `DENY_IP`, `PERMIT_IP`
+  - Default value: `NONE`
+- `description` (String) Description
+- `matrix_cell_status` (String) Matrix Cell Status
+  - Choices: `DISABLED`, `ENABLED`, `MONITOR`
+  - Default value: `DISABLED`
+
+### Read-Only
+
+- `id` (String) The id of the object
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import ise_trustsec_egress_matrix_cell.example "76d24097-41c4-4558-a4d0-a8c07ac08470"
+```

docs/resources/trustsec_security_group_acl.md

@@ -0,0 +1,52 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ise_trustsec_security_group_acl Resource - terraform-provider-ise"
+subcategory: "TrustSec"
+description: |-
+  This resource can manage a TrustSec Security Group ACL.
+---
+
+# ise_trustsec_security_group_acl (Resource)
+
+This resource can manage a TrustSec Security Group ACL.
+
+## Example Usage
+
+```terraform
+resource "ise_trustsec_security_group_acl" "example" {
+  name        = "ACL1"
+  description = "SG ACL 1"
+  acl_content = "Permit IP"
+  ip_version  = "IPV4"
+  read_only   = false
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `acl_content` (String) Content of ACL
+- `name` (String) The name of the security group ACL
+
+### Optional
+
+- `description` (String) Description
+- `ip_version` (String) IP Version
+  - Choices: `IPV4`, `IPV6`, `IP_AGNOSTIC`
+  - Default value: `IPV4`
+- `read_only` (Boolean) Read-only
+  - Default value: `false`
+
+### Read-Only
+
+- `id` (String) The id of the object
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import ise_trustsec_security_group_acl.example "76d24097-41c4-4558-a4d0-a8c07ac08470"
+```

examples/data-sources/ise_trustsec_egress_matrix_cell/data-source.tf

@@ -0,0 +1,3 @@
+data "ise_trustsec_egress_matrix_cell" "example" {
+  id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}

examples/data-sources/ise_trustsec_security_group_acl/data-source.tf

@@ -0,0 +1,3 @@
+data "ise_trustsec_security_group_acl" "example" {
+  id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}

examples/resources/ise_authorization_profile/resource.tf

@@ -8,6 +8,7 @@ resource "ise_authorization_profile" "example" {
   web_redirection_portal_name                           = "Sponsored Guest Portal (default)"
   web_redirection_static_ip_host_name_fqdn              = "1.2.3.4"
   web_redirection_display_certificates_renewal_messages = true
+  agentless_posture                                     = false
   access_type                                           = "ACCESS_ACCEPT"
   profile_name                                          = "Cisco"
   airespace_acl                                         = "ACL1"

examples/resources/ise_internal_user/resource.tf

@@ -10,5 +10,6 @@ resource "ise_internal_user" "example" {
   first_name             = "John"
   last_name              = "Doe"
   password_id_store      = "Internal Users"
+  expiry_date_enabled    = false
   description            = "My first Terraform user"
 }

examples/resources/ise_trustsec_egress_matrix_cell/import.sh

@@ -0,0 +1 @@
+terraform import ise_trustsec_egress_matrix_cell.example "76d24097-41c4-4558-a4d0-a8c07ac08470"

examples/resources/ise_trustsec_egress_matrix_cell/resource.tf

@@ -0,0 +1,7 @@
+resource "ise_trustsec_egress_matrix_cell" "example" {
+  description        = "EgressMatrixCell Description"
+  matrix_cell_status = "ENABLED"
+  sgacls             = ["26b76b10-66e6-11ee-9cc1-9eb2a3ecc82a,9d64dcd0-6384-11ee-9cc1-9eb2a3ecc82a"]
+  source_sgt_id      = "93c66ed0-8c01-11e6-996c-525400b48521"
+  destination_sgt_id = "93e1bf00-8c01-11e6-996c-525400b48521"
+}

examples/resources/ise_trustsec_security_group_acl/import.sh

@@ -0,0 +1 @@
+terraform import ise_trustsec_security_group_acl.example "76d24097-41c4-4558-a4d0-a8c07ac08470"