Resource iosxe_aaa_authentication/authorization/accounting should match iosxe logic consistency
sthoneder opened this issue · 5 comments
sthoneder commented
When configuring IOS-XE you can use
- default or named group for login/dot1x authentication.
- default or named group for exec/network authorization
- default or named group for exec/network/identity accounting
therefore the resources should not be limited or different
- iosxe_aaa_authentication only allows dot1x_default (no named list), it should match 'logins'
- iosxe_aaa_authorization only allows the first entry (a1_group) to be a group, but it should be also able to have a second
- iosxe_aaa_accounting should have a list structure for identity like it has for networks/execs.
switch(config)#aaa authentication login ?
WORD Named authentication list (max 255 characters, longer will be rejected).
default The default authentication list.
switch(config)#aaa authentication dot1x ?
WORD Named authentication list (max 255 characters, longer will be rejected).
default The default authentication list.
This issue is logged in order to harmonize the terraform resources. Above is just a brief example, there are more auth/authz/accounting methods as well.
danischm commented
Missing authorization attributes added in 0.5.2 release.
sthoneder commented
thanks. :)
danischm commented
Added remaining parts in 0.5.3 release.