From 5b89f1f2ab0264ad0151dcc8b452423a76ed978e Mon Sep 17 00:00:00 2001 From: Kuba Mazurkiewicz <132581633+kuba-mazurkiewicz@users.noreply.github.com> Date: Mon, 18 Nov 2024 11:44:56 +0100 Subject: [PATCH] Minor fixes for brownfield import (#20) --- CHANGELOG.md | 6 +++++ defaults/defaults.yaml | 6 +++++ ise_device_admin.tf | 10 +++---- ise_identity_management.tf | 53 ++++++++++++++++++++++++-------------- ise_network_access.tf | 13 ++++++---- ise_network_resources.tf | 10 +++---- 6 files changed, 63 insertions(+), 35 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 35b58fc..acc6e35 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.1.3 (unreleased) + +- Fix update-in-place during import in `ise_user_identity_group`, `ise_endpoint_identity_group` and `network_device_group` +- Fix update-in-place during `ise_device_admin_condition`, `ise_device_admin_time_and_date_condition` and `ise_device_admin_policy_set` +- Fix update-in-place during `ise_network_access_condition`, `ise_network_access_time_and_date_condition` and `ise_network_access_policy_set` + ## 0.1.2 - Add `parent_group` attribute to `user_identity_group` diff --git a/defaults/defaults.yaml b/defaults/defaults.yaml index bed353b..3cf3dc6 100644 --- a/defaults/defaults.yaml +++ b/defaults/defaults.yaml @@ -4,6 +4,8 @@ defaults: licenses: status: ENABLED network_resources: + network_device_groups: + description: "" network_devices: profile_name: Cisco ips: @@ -29,8 +31,12 @@ defaults: send_configuration_to_device_using: DISABLE_ALL include_when_deploying_sgt_updates: false identity_management: + endpoint_identity_groups: + system_defined: false + description: "" user_identity_groups: parent_group: NAC Group:NAC:IdentityGroups:User Identity Groups + description: "" internal_users: enabled: true change_password: true diff --git a/ise_device_admin.tf b/ise_device_admin.tf index 89dd4df..d0811e7 100644 --- a/ise_device_admin.tf +++ b/ise_device_admin.tf @@ -26,7 +26,7 @@ resource "ise_device_admin_condition" "device_admin_condition" { operator = try(each.value.operator, local.defaults.ise.device_administration.policy_elements.conditions.operator, null) description = try(each.value.description, local.defaults.ise.device_administration.policy_elements.conditions.description, null) name = each.key - children = [for c in try(each.value.children, []) : { + children = length(try(each.value.children, [])) == 0 ? null : [for c in try(each.value.children, []) : { attribute_name = try(c.attribute_name, local.defaults.ise.device_administration.policy_elements.conditions.attribute_name, null) attribute_value = try(c.attribute_value, local.defaults.ise.device_administration.policy_elements.conditions.attribute_value, null) dictionary_name = try(c.dictionary_name, local.defaults.ise.device_administration.policy_elements.conditions.dictionary_name, null) @@ -36,7 +36,7 @@ resource "ise_device_admin_condition" "device_admin_condition" { operator = try(c.operator, local.defaults.ise.device_administration.policy_elements.conditions.operator, null) name = try(c.name, null) id = try(c.type, local.defaults.ise.device_administration.policy_elements.conditions.type, null) == "ConditionReference" ? data.ise_device_admin_condition.device_admin_condition_circular[c.name].id : null - children = [for c2 in try(c.children, []) : { + children = length(try(c.children, [])) == 0 ? null : [for c2 in try(c.children, []) : { attribute_name = try(c2.attribute_name, local.defaults.ise.device_administration.policy_elements.conditions.attribute_name, null) attribute_value = try(c2.attribute_value, local.defaults.ise.device_administration.policy_elements.conditions.attribute_value, null) dictionary_name = try(c2.dictionary_name, local.defaults.ise.device_administration.policy_elements.conditions.dictionary_name, null) @@ -173,7 +173,7 @@ locals { name = ps.name service_name = try(ps.service_name, local.defaults.ise.device_administration.policy_sets.service_name) state = try(ps.state, local.defaults.ise.device_administration.policy_sets.state) - default = ps.name == "Default" ? true : null + default = ps.name == "Default" ? true : false rank = try(ps.rank, local.defaults.ise.device_administration.policy_sets.rank, null) children = try([for i in ps.condition.children : { attribute_name = try(i.attribute_name, local.defaults.ise.device_administration.policy_sets.condition.attribute_name, null) @@ -259,7 +259,7 @@ locals { policy_set_id = local.device_admin_policy_set_ids[ps.name] name = rule.name rank = try(rule.rank, local.defaults.ise.device_administration.policy_sets.authentication_rules.rank, null) - default = rule.name == "Default" ? true : null + default = rule.name == "Default" ? true : false state = try(rule.state, local.defaults.ise.device_administration.policy_sets.authentication_rules.state, null) condition_type = rule.name == "Default" ? null : try(rule.condition.type, local.defaults.ise.device_administration.policy_sets.authentication_rules.condition.type, null) condition_id = contains(local.known_conditions_device_admin, try(rule.condition.name, "")) ? ise_device_admin_condition.device_admin_condition[rule.condition.name].id : try(data.ise_device_admin_condition.device_admin_condition[rule.condition.name].id, null) @@ -370,7 +370,7 @@ locals { policy_set_id = local.device_admin_policy_set_ids[ps.name] name = rule.name rank = try(rule.rank, local.defaults.ise.device_administration.policy_sets.authorization_rules.rank, null) - default = rule.name == "Default" ? true : null + default = rule.name == "Default" ? true : false state = try(rule.state, local.defaults.ise.device_administration.policy_sets.authorization_rules.state, null) condition_type = rule.name == "Default" ? null : try(rule.condition.type, local.defaults.ise.device_administration.policy_sets.authorization_rules.condition.type, null) condition_id = contains(local.known_conditions_device_admin, try(rule.condition.name, "")) ? ise_device_admin_condition.device_admin_condition[rule.condition.name].id : try(data.ise_device_admin_condition.device_admin_condition[rule.condition.name].id, null) diff --git a/ise_identity_management.tf b/ise_identity_management.tf index c045155..0501ca2 100644 --- a/ise_identity_management.tf +++ b/ise_identity_management.tf @@ -18,7 +18,7 @@ locals { user_identity_groups_children = flatten([for p in try(local.ise.identity_management.user_identity_groups, []) : [ for c in try(p.children, []) : { name = try(c.name, null) - description = try(c.description, local.defaults.ise.identity_management.user_identity_groups.children.description, null) + description = try(c.description, local.defaults.ise.identity_management.user_identity_groups.description, null) parent = "${local.defaults.ise.identity_management.user_identity_groups.parent_group}:${p.name}" } ]]) @@ -39,7 +39,7 @@ locals { for c in try(p.children, []) : [ for c2 in try(c.children, []) : { name = try(c2.name, null) - description = try(c2.description, local.defaults.ise.identity_management.user_identity_groups.children.description, null) + description = try(c2.description, local.defaults.ise.identity_management.user_identity_groups.description, null) parent = "${local.defaults.ise.identity_management.user_identity_groups.parent_group}:${p.name}:${c.name}" } ] @@ -62,7 +62,7 @@ locals { for c2 in try(c.children, []) : [ for c3 in try(c2.children, []) : { name = try(c3.name, null) - description = try(c3.description, local.defaults.ise.identity_management.user_identity_groups.children.description, null) + description = try(c3.description, local.defaults.ise.identity_management.user_identity_groups.description, null) parent = "${local.defaults.ise.identity_management.user_identity_groups.parent_group}:${p.name}:${c.name}:${c2.name}" } ] @@ -87,7 +87,7 @@ locals { for c3 in try(c2.children, []) : [ for c4 in try(c3.children, []) : { name = try(c4.name, null) - description = try(c4.description, local.defaults.ise.identity_management.user_identity_groups.children.description, null) + description = try(c4.description, local.defaults.ise.identity_management.user_identity_groups.description, null) parent = "${local.defaults.ise.identity_management.user_identity_groups.parent_group}:${p.name}:${c.name}:${c2.name}:${c3.name}" } ] @@ -114,7 +114,7 @@ locals { for c4 in try(c3.children, []) : [ for c5 in try(c4.children, []) : { name = try(c5.name, null) - description = try(c5.description, local.defaults.ise.identity_management.user_identity_groups.children.description, null) + description = try(c5.description, local.defaults.ise.identity_management.user_identity_groups.description, null) parent = "${local.defaults.ise.identity_management.user_identity_groups.parent_group}:${p.name}:${c.name}:${c2.name}:${c3.name}:${c4.name}" } ] @@ -180,14 +180,17 @@ resource "ise_endpoint_identity_group" "endpoint_identity_group_0" { name = each.key parent_endpoint_identity_group_id = try(data.ise_endpoint_identity_group.endpoint_identity_group[each.value.parent_group].id, null) description = try(each.value.description, local.defaults.ise.identity_management.endpoint_identity_groups.description, null) + system_defined = try(each.value.system_defined, local.defaults.ise.identity_management.endpoint_identity_groups.system_defined, null) } locals { endpoint_identity_groups_children = flatten([for p in try(local.ise.identity_management.endpoint_identity_groups, []) : [ for c in try(p.children, []) : { - name = try(c.name, null) - description = try(c.description, local.defaults.ise.identity_management.user_identity_groups.children.description, null) - parent = try(p.name, null) + name = try(c.name, null) + description = try(c.description, local.defaults.ise.identity_management.endpoint_identity_groups.description, null) + system_defined = try(c.system_defined, local.defaults.ise.identity_management.endpoint_identity_groups.system_defined, null) + + parent = try(p.name, null) } ]]) } @@ -198,6 +201,7 @@ resource "ise_endpoint_identity_group" "endpoint_identity_group_1" { name = each.key parent_endpoint_identity_group_id = try(ise_endpoint_identity_group.endpoint_identity_group_0[each.value.parent].id, null) description = each.value.description + system_defined = each.value.system_defined depends_on = [ise_endpoint_identity_group.endpoint_identity_group_0] } @@ -206,9 +210,10 @@ locals { endpoint_identity_groups_children_children = flatten([for p in try(local.ise.identity_management.endpoint_identity_groups, []) : [ for c in try(p.children, []) : [ for c2 in try(c.children, []) : { - name = try(c2.name, null) - description = try(c2.description, local.defaults.ise.identity_management.endpoint_identity_groups.children.description, null) - parent = try(c.name, null) + name = try(c2.name, null) + description = try(c2.description, local.defaults.ise.identity_management.endpoint_identity_groups.description, null) + system_defined = try(c2.system_defined, local.defaults.ise.identity_management.endpoint_identity_groups.system_defined, null) + parent = try(c.name, null) } ] ]]) @@ -220,6 +225,7 @@ resource "ise_endpoint_identity_group" "endpoint_identity_group_2" { name = each.key parent_endpoint_identity_group_id = try(ise_endpoint_identity_group.endpoint_identity_group_1[each.value.parent].id, null) description = each.value.description + system_defined = each.value.system_defined depends_on = [ise_endpoint_identity_group.endpoint_identity_group_1] } @@ -229,9 +235,10 @@ locals { for c in try(p.children, []) : [ for c2 in try(c.children, []) : [ for c3 in try(c2.children, []) : { - name = try(c3.name, null) - description = try(c3.description, local.defaults.ise.identity_management.endpoint_identity_groups.children.description, null) - parent = try(c2.name, null) + name = try(c3.name, null) + description = try(c3.description, local.defaults.ise.identity_management.endpoint_identity_groups.description, null) + system_defined = try(c3.system_defined, local.defaults.ise.identity_management.endpoint_identity_groups.system_defined, null) + parent = try(c2.name, null) } ] ] @@ -244,6 +251,7 @@ resource "ise_endpoint_identity_group" "endpoint_identity_group_3" { name = each.key parent_endpoint_identity_group_id = try(ise_endpoint_identity_group.endpoint_identity_group_2[each.value.parent].id, null) description = each.value.description + system_defined = each.value.system_defined depends_on = [ise_endpoint_identity_group.endpoint_identity_group_2] } @@ -254,9 +262,10 @@ locals { for c2 in try(c.children, []) : [ for c3 in try(c2.children, []) : [ for c4 in try(c3.children, []) : { - name = try(c4.name, null) - description = try(c4.description, local.defaults.ise.identity_management.user_identity_groups.children.description, null) - parent = try(c3.name, null) + name = try(c4.name, null) + description = try(c4.description, local.defaults.ise.identity_management.endpoint_identity_groups.description, null) + system_defined = try(c4.system_defined, local.defaults.ise.identity_management.endpoint_identity_groups.system_defined, null) + parent = try(c3.name, null) } ] ] @@ -270,6 +279,7 @@ resource "ise_endpoint_identity_group" "endpoint_identity_group_4" { name = each.key parent_endpoint_identity_group_id = try(ise_endpoint_identity_group.endpoint_identity_group_3[each.value.parent].id, null) description = each.value.description + system_defined = each.value.system_defined depends_on = [ise_endpoint_identity_group.endpoint_identity_group_3] } @@ -281,9 +291,11 @@ locals { for c3 in try(c2.children, []) : [ for c4 in try(c3.children, []) : [ for c5 in try(c4.children, []) : { - name = try(c5.name, null) - description = try(c5.description, local.defaults.ise.identity_management.user_identity_groups.children.description, null) - parent = try(c4.name, null) + name = try(c5.name, null) + description = try(c5.description, local.defaults.ise.identity_management.endpoint_identity_groups.description, null) + parent = try(c4.name, null) + system_defined = try(c5.system_defined, local.defaults.ise.identity_management.endpoint_identity_groups.system_defined, null) + } ] ] @@ -298,6 +310,7 @@ resource "ise_endpoint_identity_group" "endpoint_identity_group_5" { name = each.key parent_endpoint_identity_group_id = try(ise_endpoint_identity_group.endpoint_identity_group_4[each.value.parent].id, null) description = each.value.description + system_defined = each.value.system_defined depends_on = [ise_endpoint_identity_group.endpoint_identity_group_4] } diff --git a/ise_network_access.tf b/ise_network_access.tf index 7616ad5..220a514 100644 --- a/ise_network_access.tf +++ b/ise_network_access.tf @@ -156,7 +156,8 @@ resource "ise_network_access_condition" "network_access_condition" { operator = try(each.value.operator, local.defaults.ise.network_access.policy_elements.conditions.operator, null) description = try(each.value.description, local.defaults.ise.network_access.policy_elements.conditions.description, null) name = each.key - children = [for c in try(each.value.children, []) : { + children = length(try(each.value.children, [])) == 0 ? null : [for c in try(each.value.children, []) : { + description = try(c.description, local.defaults.ise.network_access.policy_elements.conditions.description, null) attribute_name = try(c.attribute_name, local.defaults.ise.network_access.policy_elements.conditions.attribute_name, null) attribute_value = try(c.attribute_value, local.defaults.ise.network_access.policy_elements.conditions.attribute_value, null) dictionary_name = try(c.dictionary_name, local.defaults.ise.network_access.policy_elements.conditions.dictionary_name, null) @@ -166,7 +167,8 @@ resource "ise_network_access_condition" "network_access_condition" { operator = try(c.operator, local.defaults.ise.network_access.policy_elements.conditions.operator, null) name = try(c.name, null) id = try(c.type, local.defaults.ise.network_access.policy_elements.conditions.type, null) == "ConditionReference" ? data.ise_network_access_condition.network_access_condition_circular[c.name].id : null - children = [for c2 in try(c.children, []) : { + children = length(try(c.children, [])) == 0 ? null : [for c2 in try(c.children, []) : { + description = try(c2.description, local.defaults.ise.network_access.policy_elements.conditions.description, null) attribute_name = try(c2.attribute_name, local.defaults.ise.network_access.policy_elements.conditions.attribute_name, null) attribute_value = try(c2.attribute_value, local.defaults.ise.network_access.policy_elements.conditions.attribute_value, null) dictionary_name = try(c2.dictionary_name, local.defaults.ise.network_access.policy_elements.conditions.dictionary_name, null) @@ -205,6 +207,7 @@ resource "ise_network_access_time_and_date_condition" "network_access_time_and_d name = each.key description = try(each.value.description, local.defaults.ise.network_access.policy_elements.time_date_conditions.description, null) + is_negate = try(each.value.is_negate, local.defaults.ise.network_access.policy_elements.time_date_conditions.is_negate, null) week_days = try(each.value.week_days, local.defaults.ise.network_access.policy_elements.time_date_conditions.week_days, null) week_days_exception = try(each.value.week_days_exception, local.defaults.ise.network_access.policy_elements.time_date_conditions.week_days_exception, null) start_date = try(each.value.start_date, local.defaults.ise.network_access.policy_elements.time_date_conditions.start_date, null) @@ -286,7 +289,7 @@ locals { name = ps.name service_name = try(ps.service_name, local.defaults.ise.network_access.policy_sets.service_name) state = try(ps.state, local.defaults.ise.network_access.policy_sets.state) - default = ps.name == "Default" ? true : null + default = ps.name == "Default" ? true : false rank = try(ps.rank, local.defaults.ise.network_access.policy_sets.rank, null) children = try([for i in ps.condition.children : { attribute_name = try(i.attribute_name, local.defaults.ise.network_access.policy_sets.condition.attribute_name, null), @@ -371,7 +374,7 @@ locals { policy_set_id = local.network_access_policy_set_ids[ps.name] name = rule.name rank = try(rule.rank, local.defaults.ise.network_access.policy_sets.authentication_rules.rank, null) - default = rule.name == "Default" ? true : null + default = rule.name == "Default" ? true : false state = try(rule.state, local.defaults.ise.network_access.policy_sets.authentication_rules.state, null) condition_type = rule.name == "Default" ? null : try(rule.condition.type, local.defaults.ise.network_access.policy_sets.authentication_rules.condition.type, null) condition_id = contains(local.known_conditions_network_access, try(rule.condition.name, "")) ? ise_network_access_condition.network_access_condition[rule.condition.name].id : try(data.ise_network_access_condition.network_access_condition[rule.condition.name].id, null) @@ -470,7 +473,7 @@ locals { policy_set_id = local.network_access_policy_set_ids[ps.name] name = rule.name rank = try(rule.rank, local.defaults.ise.network_access.policy_sets.authorization_rules.rank, null) - default = rule.name == "Default" ? true : null + default = rule.name == "Default" ? true : false state = try(rule.state, local.defaults.ise.network_access.policy_sets.authorization_rules.state, null) condition_type = rule.name == "Default" ? null : try(rule.condition.type, local.defaults.ise.network_access.policy_sets.authorization_rules.condition.type, null) condition_id = contains(local.known_conditions_network_access, try(rule.condition.name, "")) ? ise_network_access_condition.network_access_condition[rule.condition.name].id : try(data.ise_network_access_condition.network_access_condition[rule.condition.name].id, null) diff --git a/ise_network_resources.tf b/ise_network_resources.tf index f77d003..f8caafe 100644 --- a/ise_network_resources.tf +++ b/ise_network_resources.tf @@ -18,7 +18,7 @@ locals { network_device_groups_children = flatten([for p in try(local.ise.network_resources.network_device_groups, []) : [ for c in try(p.children, []) : { name = try(split("#", p.path)[0] == "All Device Types", false) ? "Device Type#${p.path}#${p.name}#${c.name}" : (try(split("#", p.path)[0] == "All Locations", false) ? "Location#${p.path}#${p.name}#${c.name}" : (try(split("#", p.path)[0] == "Is IPSEC Device", false) ? "IPSEC#${p.path}" : (try(p.path, null) == null ? "${p.name}#${p.name}#${c.name}" : "${split("#", p.path)[0]}#${p.path}#${p.name}#${c.name}"))) - description = try(c.description, local.defaults.ise.network_resources.network_device_groups.children.description, null) + description = try(c.description, local.defaults.ise.network_resources.network_device_groups.description, null) root_group = try(split("#", p.path)[0] == "All Device Types", false) ? "Device Type" : (try(split("#", p.path)[0] == "All Locations", false) ? "Location" : (try(split("#", p.path)[0] == "Is IPSEC Device", false) ? "IPSEC" : try(split("#", p.path)[0], p.name))) } ]]) @@ -39,7 +39,7 @@ locals { for c in try(p.children, []) : [ for c2 in try(c.children, []) : { name = try(split("#", p.path)[0] == "All Device Types", false) ? "Device Type#${p.path}#${p.name}#${c.name}#${c2.name}" : (try(split("#", p.path)[0] == "All Locations", false) ? "Location#${p.path}#${p.name}#${c.name}#${c2.name}" : (try(split("#", p.path)[0] == "Is IPSEC Device", false) ? "IPSEC#${p.path}" : (try(p.path, null) == null ? "${p.name}#${p.name}#${c.name}#${c2.name}" : "${split("#", p.path)[0]}#${p.path}#${p.name}#${c.name}#${c2.name}"))) - description = try(c2.description, local.defaults.ise.network_resources.network_device_groups.children.description, null) + description = try(c2.description, local.defaults.ise.network_resources.network_device_groups.description, null) root_group = try(split("#", p.path)[0] == "All Device Types", false) ? "Device Type" : (try(split("#", p.path)[0] == "All Locations", false) ? "Location" : (try(split("#", p.path)[0] == "Is IPSEC Device", false) ? "IPSEC" : try(split("#", p.path)[0], p.name))) } ] @@ -62,7 +62,7 @@ locals { for c2 in try(c.children, []) : [ for c3 in try(c2.children, []) : { name = try(split("#", p.path)[0] == "All Device Types", false) ? "Device Type#${p.path}#${p.name}#${c.name}#${c2.name}#${c3.name}" : (try(split("#", p.path)[0] == "All Locations", false) ? "Location#${p.path}#${p.name}#${c.name}#${c2.name}#${c3.name}" : (try(split("#", p.path)[0] == "Is IPSEC Device", false) ? "IPSEC#${p.path}" : (try(p.path, null) == null ? "${p.name}#${p.name}#${c.name}#${c2.name}#${c3.name}" : "${split("#", p.path)[0]}#${p.path}#${p.name}#${c.name}#${c2.name}#${c3.name}"))) - description = try(c.description, local.defaults.ise.network_resources.network_device_groups.children.description, null) + description = try(c.description, local.defaults.ise.network_resources.network_device_groups.description, null) root_group = try(split("#", p.path)[0] == "All Device Types", false) ? "Device Type" : (try(split("#", p.path)[0] == "All Locations", false) ? "Location" : (try(split("#", p.path)[0] == "Is IPSEC Device", false) ? "IPSEC" : try(split("#", p.path)[0], p.name))) } ] @@ -87,7 +87,7 @@ locals { for c3 in try(c2.children, []) : [ for c4 in try(c3.children, []) : { name = try(split("#", p.path)[0] == "All Device Types", false) ? "Device Type#${p.path}#${p.name}#${c.name}#${c2.name}#${c3.name}#${c4.name}" : (try(split("#", p.path)[0] == "All Locations", false) ? "Location#${p.path}#${p.name}#${c.name}#${c2.name}#${c3.name}#${c4.name}" : (try(split("#", p.path)[0] == "Is IPSEC Device", false) ? "IPSEC#${p.path}" : (try(p.path, null) == null ? "${p.name}#${p.name}#${c.name}#${c2.name}#${c3.name}#${c4.name}" : "${split("#", p.path)[0]}#${p.path}#${p.name}#${c.name}#${c2.name}#${c3.name}#${c4.name}"))) - description = try(c.description, local.defaults.ise.network_resources.network_device_groups.children.description, null) + description = try(c.description, local.defaults.ise.network_resources.network_device_groups.description, null) root_group = try(split("#", p.path)[0] == "All Device Types", false) ? "Device Type" : (try(split("#", p.path)[0] == "All Locations", false) ? "Location" : (try(split("#", p.path)[0] == "Is IPSEC Device", false) ? "IPSEC" : try(split("#", p.path)[0], p.name))) } ] @@ -114,7 +114,7 @@ locals { for c4 in try(c3.children, []) : [ for c5 in try(c4.children, []) : { name = try(split("#", p.path)[0] == "All Device Types", false) ? "Device Type#${p.path}#${p.name}#${c.name}#${c2.name}#${c3.name}#${c4.name}#${c5.name}" : (try(split("#", p.path)[0] == "All Locations", false) ? "Location#${p.path}#${p.name}#${c.name}#${c2.name}#${c3.name}#${c4.name}#${c5.name}" : (try(split("#", p.path)[0] == "Is IPSEC Device", false) ? "IPSEC#${p.path}" : (try(p.path, null) == null ? "${p.name}#${p.name}#${c.name}#${c2.name}#${c3.name}#${c4.name}#${c5.name}" : "${split("#", p.path)[0]}#${p.path}#${p.name}#${c.name}#${c2.name}#${c3.name}#${c4.name}#${c5.name}"))) - description = try(c.description, local.defaults.ise.network_resources.network_device_groups.children.description, null) + description = try(c.description, local.defaults.ise.network_resources.network_device_groups.description, null) root_group = try(split("#", p.path)[0] == "All Device Types", false) ? "Device Type" : (try(split("#", p.path)[0] == "All Locations", false) ? "Location" : (try(split("#", p.path)[0] == "Is IPSEC Device", false) ? "IPSEC" : try(split("#", p.path)[0], p.name))) } ]