Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to insert ise_network_access_authorization_rule in between existing rules #73

Open
rc-networks opened this issue Jul 31, 2024 · 3 comments
Open

Unable to insert ise_network_access_authorization_rule in between existing rules #73

rc-networks opened this issue Jul 31, 2024 · 3 comments

Comments

@rc-networks
Copy link

ISE version = 3.2
Terraform version = 1.8.3
Provider version = 0.2.1

Issue description

Unable to insert new rules in between existing rules without renumbering the ranks of all the existing rules after the new inserted rule.

For example we have number existing rules:

resource "ise_network_access_authorization_rule" "example" {
  policy_set_id             = ise_network_access_policy_set.example.id
  name                      = "Rule1"
  default                   = false
  rank                      = 0
<omitted for brevity>...
}

<omitted for brevity>...

resource "ise_network_access_authorization_rule" "example2" {
  policy_set_id             = ise_network_access_policy_set.example.id
  name                      = "Rule3"
  default                   = false
  rank                      = 2
<omitted for brevity>...
}

The rules are read from Top to Bottom just like the tradition ACLs
Now we want to insert a new rule at the top of the list and tested to number the ranks with 10s or 100s of space in between.
like the traditional acl:
10 permit foo bar
20 permit foo bar
etc.,

Expected behaviour

When we insert a rule in between it would automatically renumber all the preceding rules

Actual behavior

│ 
│ Failed to configure object (PUT), got error: HTTP Request failed: StatusCode 400, Message: , {
│   "code" : "400",
│   "message" : "Failed to handle API request - Network Access Authorization Rule : Invalid Rank for rule.: Rule3. Rank=200. Must be in range between 0 and 2"
│ }

It would be great if anyone can point us to the right way of inserting rules in between the existing ones
@kuba-mazurkiewicz
Copy link
Collaborator

hey @rc-networks, unfortunately this is an API limitation, that allows you to add rules with rank starting from 0 for first rule, then 0..1 for second rule, 0..2 for third rule and so on. The only solution which works is to create rules first without rank and then reorder them with rank.

@rc-networks
Copy link
Author

Hi @kuba-mazurkiewicz

Thanks for letting me know.
Will there be any work around for this?
or we need to create our own api client to insert and automatically renumber the rules as described?

@kuba-mazurkiewicz
Copy link
Collaborator

hey @rc-networks, we are working on solution in provider to fix this. So far only solution which works is to create rule without rank and then assign rank using for example local provisioner and reorder rules

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kuba-mazurkiewicz @rc-networks