netascode
diff --git a/‎ise_device_admin.tf‎
Lines changed: 21 additions & 21 deletions b/‎ise_device_admin.tf‎
Lines changed: 21 additions & 21 deletions
@@ -160,14 +160,14 @@ data "ise_device_admin_condition" "device_admin_condition" {
 locals {
   device_admin_policy_sets = [
     for ps in try(local.ise.device_administration.policy_sets, []) : {
-      condition_type             = try(ps.condition.type, local.defaults.ise.device_administration.policy_sets.condition.type, null)
-      condition_is_negate        = try(ps.condition.is_negate, local.defaults.ise.device_administration.policy_sets.condition.is_negate, null)
-      condition_attribute_name   = try(ps.condition.attribute_name, local.defaults.ise.device_administration.policy_sets.condition.attribute_name, null)
-      condition_attribute_value  = try(ps.condition.attribute_value, local.defaults.ise.device_administration.policy_sets.condition.attribute_value, null)
-      condition_dictionary_name  = try(ps.condition.dictionary_name, local.defaults.ise.device_administration.policy_sets.condition.dictionary_name, null)
-      condition_dictionary_value = try(ps.condition.dictionary_value, local.defaults.ise.device_administration.policy_sets.condition.dictionary_value, null)
+      condition_type             = ps.name == "Default" ? null : try(ps.condition.type, local.defaults.ise.device_administration.policy_sets.condition.type, null)
+      condition_is_negate        = ps.name == "Default" ? null : try(ps.condition.is_negate, local.defaults.ise.device_administration.policy_sets.condition.is_negate, null)
+      condition_attribute_name   = ps.name == "Default" ? null : try(ps.condition.attribute_name, local.defaults.ise.device_administration.policy_sets.condition.attribute_name, null)
+      condition_attribute_value  = ps.name == "Default" ? null : try(ps.condition.attribute_value, local.defaults.ise.device_administration.policy_sets.condition.attribute_value, null)
+      condition_dictionary_name  = ps.name == "Default" ? null : try(ps.condition.dictionary_name, local.defaults.ise.device_administration.policy_sets.condition.dictionary_name, null)
+      condition_dictionary_value = ps.name == "Default" ? null : try(ps.condition.dictionary_value, local.defaults.ise.device_administration.policy_sets.condition.dictionary_value, null)
       condition_id               = contains(local.known_conditions_device_admin, try(ps.condition.name, "")) ? ise_device_admin_condition.device_admin_condition[ps.condition.name].id : try(data.ise_device_admin_condition.device_admin_condition[ps.condition.name].id, null)
-      condition_operator         = try(ps.condition.operator, local.defaults.ise.device_administration.policy_sets.condition.operator, null)
+      condition_operator         = ps.name == "Default" ? null : try(ps.condition.operator, local.defaults.ise.device_administration.policy_sets.condition.operator, null)
       description                = try(ps.description, local.defaults.ise.device_administration.policy_sets.description, null)
       is_proxy                   = try(ps.is_proxy, local.defaults.ise.device_administration.policy_sets.is_proxy)
       name                       = ps.name
@@ -671,14 +671,14 @@ locals {
         rank                       = try(rule.rank, local.defaults.ise.device_administration.policy_sets.authentication_rules.rank, null)
         default                    = rule.name == "Default" ? true : null
         state                      = try(rule.state, local.defaults.ise.device_administration.policy_sets.authentication_rules.state, null)
-        condition_type             = try(rule.condition.type, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.type, null)
+        condition_type             = rule.name == "Default" ? null : try(rule.condition.type, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.type, null)
         condition_id               = contains(local.known_conditions_device_admin, try(rule.condition.name, "")) ? ise_device_admin_condition.device_admin_condition[rule.condition.name].id : try(data.ise_device_admin_condition.device_admin_condition[rule.condition.name].id, null)
-        condition_is_negate        = try(rule.condition.is_negate, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.is_negate, null)
-        condition_attribute_name   = try(rule.condition.attribute_name, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.attribute_name, null)
-        condition_attribute_value  = try(rule.condition.attribute_value, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.attribute_value, null)
-        condition_dictionary_name  = try(rule.condition.dictionary_name, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.dictionary_name, null)
-        condition_dictionary_value = try(rule.condition.dictionary_value, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.dictionary_value, null)
-        condition_operator         = try(rule.condition.operator, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.operator, null)
+        condition_is_negate        = rule.name == "Default" ? null : try(rule.condition.is_negate, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.is_negate, null)
+        condition_attribute_name   = rule.name == "Default" ? null : try(rule.condition.attribute_name, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.attribute_name, null)
+        condition_attribute_value  = rule.name == "Default" ? null : try(rule.condition.attribute_value, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.attribute_value, null)
+        condition_dictionary_name  = rule.name == "Default" ? null : try(rule.condition.dictionary_name, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.dictionary_name, null)
+        condition_dictionary_value = rule.name == "Default" ? null : try(rule.condition.dictionary_value, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.dictionary_value, null)
+        condition_operator         = rule.name == "Default" ? null : try(rule.condition.operator, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.operator, null)
         identity_source_name       = try(rule.identity_source_name, local.defaults.ise.device_administration.policy_sets.authentication_rules.identity_source_name, null)
         if_auth_fail               = try(rule.if_auth_fail, local.defaults.ise.device_administration.policy_sets.authentication_rules.if_auth_fail, null)
         if_process_fail            = try(rule.if_process_fail, local.defaults.ise.device_administration.policy_sets.authentication_rules.if_process_fail, null)
@@ -1210,14 +1210,14 @@ locals {
         rank                       = try(rule.rank, local.defaults.ise.device_administration.policy_sets.authorization_rules.rank, null)
         default                    = rule.name == "Default" ? true : null
         state                      = try(rule.state, local.defaults.ise.device_administration.policy_sets.authorization_rules.state, null)
-        condition_type             = try(rule.condition.type, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.type, null)
+        condition_type             = rule.name == "Default" ? null : try(rule.condition.type, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.type, null)
         condition_id               = contains(local.known_conditions_device_admin, try(rule.condition.name, "")) ? ise_device_admin_condition.device_admin_condition[rule.condition.name].id : try(data.ise_device_admin_condition.device_admin_condition[rule.condition.name].id, null)
-        condition_is_negate        = try(rule.condition.is_negate, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.is_negate, null)
-        condition_attribute_name   = try(rule.condition.attribute_name, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.attribute_name, null)
-        condition_attribute_value  = try(rule.condition.attribute_value, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.attribute_value, null)
-        condition_dictionary_name  = try(rule.condition.dictionary_name, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.dictionary_name, null)
-        condition_dictionary_value = try(rule.condition.dictionary_value, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.dictionary_value, null)
-        condition_operator         = try(rule.condition.operator, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.operator, null)
+        condition_is_negate        = rule.name == "Default" ? null : try(rule.condition.is_negate, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.is_negate, null)
+        condition_attribute_name   = rule.name == "Default" ? null : try(rule.condition.attribute_name, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.attribute_name, null)
+        condition_attribute_value  = rule.name == "Default" ? null : try(rule.condition.attribute_value, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.attribute_value, null)
+        condition_dictionary_name  = rule.name == "Default" ? null : try(rule.condition.dictionary_name, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.dictionary_name, null)
+        condition_dictionary_value = rule.name == "Default" ? null : try(rule.condition.dictionary_value, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.dictionary_value, null)
+        condition_operator         = rule.name == "Default" ? null : try(rule.condition.operator, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.operator, null)
         profile                    = try(rule.profile, local.defaults.ise.device_administration.policy_sets.authorization_rules.profile, null)
         command_sets               = try(rule.command_sets, local.defaults.ise.device_administration.policy_sets.authorization_rules.command_sets, null)
         children = try([for i in rule.condition.children : {