Resource iosxe_aaa_authentication/authorization/accounting should match iosxe logic consistency

Question

Resource iosxe_aaa_authentication/authorization/accounting should match iosxe logic consistency

sthoneder opened this issue a year ago · 5 comments

When configuring IOS-XE you can use

default or named group for login/dot1x authentication.
default or named group for exec/network authorization
default or named group for exec/network/identity accounting

therefore the resources should not be limited or different

iosxe_aaa_authentication only allows dot1x_default (no named list), it should match 'logins'
iosxe_aaa_authorization only allows the first entry (a1_group) to be a group, but it should be also able to have a second
iosxe_aaa_accounting should have a list structure for identity like it has for networks/execs.

switch(config)#aaa authentication login ?
WORD Named authentication list (max 255 characters, longer will be rejected).
default The default authentication list.

switch(config)#aaa authentication dot1x ?
WORD Named authentication list (max 255 characters, longer will be rejected).
default The default authentication list.

This issue is logged in order to harmonize the terraform resources. Above is just a brief example, there are more auth/authz/accounting methods as well.

danischm commented 9 months ago

00a7840

Answer 1 · 2023-12-18T14:18:56.000Z

Missing authorization attributes added in 0.5.2 release.

Answer 2 · 2023-12-18T17:45:52.000Z

thanks. :)

Answer 3 · 2024-01-04T09:20:49.000Z

a20c8d9
f0cc9e2

Answer 4 · 2024-01-04T13:11:11.000Z

Added remaining parts in 0.5.3 release.