Changelog

Tested versions: link

• Fix Certificate Authentication Profile defaults and add proper support for username_from: UPN mode with Active Directory
• BREAKING CHANGE: Active Directory groups field now requires object format with name field instead of string format
• Add support for adding AD groups using name and SID without domain join and lookup
• Fix issue where *_eap_tls_auth_of_expired_certs attributes in allowed protocols were incorrectly set to false instead of null when parent EAP-TLS method is disabled, causing ISE API validation errors (PEAP, EAP-FAST, TEAP)
• Add support for optional Active Directory join operation with join_domain flag, allowing creation of join points and addition of groups without executing join
• Add support for automatic TrustSec policy push (SGTs, SGACLs, and egress matrix) to network devices with configurable push_mode (AUTO/DISABLED)
• Add support for shell profile av-pairs under authorization profiles

Tested versions: link

• Fix issue with Cisco AV pairs not working properly within an authorization profile
• Fix issue with incorrect merging of authorization rules

Tested versions: link

• Change to nac-test and nac-validate
• Use Terraform functions to merge YAML content instead of data sources
• Fix issue with idempotency when assigning device to DNAC network device group

Tested versions: link

• Fix issue with unordered policy sets, authentication rules, authorization rules, authorization global exception rules, and authorization exception rules under network access and device administration
• BREAKING CHANGE: Rename trustsec_download_enviroment_data_every_x_seconds attribute to trustsec_download_environment_data_every_x_seconds in Network Device data model
• Fix issue with incorrect generated ranks in multiple policies link
• Fix update-in-place during import of user identity group, endpoint identity group, network device group, device admin condition, device admin time and data condition, device admin policy set, network access condition, network access time and date condition and network access policy set

Tested versions: link

• Add parent_group attribute to user_identity_group
• Support new *_update_rank resources to allow changing the rank of policy sets or rules without impacting existing configurations
• Support active directory configurations without groups
• Added support for managing endpoints
• Added support for default user identity groups assignment under internal users
• Fix incorrect description attribute of network_device_groups configuration
• BREAKING CHANGE: endpoint_identity_groups and user_identity_groups now support nested children in favor of parent references

Tested versions: link

• Fix issue with error due to missing settings for allowed_protocols and EAP-TLS stateless session resume
• Add support for active directory configuration
• Added ise_identity_source_sequence support
• BREAKING CHANGE: Split attribute_name to dictionary_name and attribute_name
• BREAKING CHANGE: Removed manage_* Terraform module variables
• Allow updating default policy sets and rules

Tested versions: link

• Initial release