more aaa features added and tested

CHANGELOG.md

@@ -1,6 +1,9 @@
 ## 0.10.0 (unreleased)
 
 - Add `flooding_suppression_address_resolution_disable` attribute to `iosxe_evpn` resource and data source
+- Add `deadtime` attribute to aaa group server radius in `iosxe_aaa` resource and data source
+- Add `key_encryption`, `automate_tester_ignore_auth_port`, and `automate_tester_idle_time` attributes to `iosxe_radius` resource and data source
+- Add `authentication_mac_move_permit` and `authentication_mac_move_deny_uncontrolled` attributes to `iosxe_system` resource and data source
 - Add `iosxe_evpn_ethernet_segment` resource and data source for managing L2VPN EVPN Ethernet Segment configuration
 - Add `evpn_ethernet_segments` attribute to `iosxe_interface_ethernet` and `iosxe_interface_port_channel` resources and data sources
 

docs/data-sources/aaa.md

@@ -42,6 +42,7 @@ data "iosxe_aaa" "example" {
 
 Read-Only:
 
+- `deadtime` (Number) Specify time in minutes to ignore an unresponsive server
 - `ip_radius_source_interface_five_gigabit_ethernet` (String) Five GigabitEthernet
 - `ip_radius_source_interface_forty_gigabit_ethernet` (String) Forty GigabitEthernet
 - `ip_radius_source_interface_gigabit_ethernet` (String) GigabitEthernet IEEE 802.3z

docs/data-sources/radius.md

@@ -33,12 +33,15 @@ data "iosxe_radius" "example" {
 
 - `accounting_port` (Number) UDP port for RADIUS accounting server (default is 1813)
 - `authentication_port` (Number) UDP port for RADIUS authentication server (default is 1812)
+- `automate_tester_idle_time` (Number) Minutes of idle-time after which server state should be verified.
 - `automate_tester_ignore_acct_port` (Boolean) Do not test accounting ports of the servers.
+- `automate_tester_ignore_auth_port` (Boolean) Do not test authentication port of the servers.
 - `automate_tester_probe_on_config` (Boolean) Send a packet to verify the server status
 - `automate_tester_username` (String)
 - `id` (String) The path of the retrieved object.
 - `ipv4_address` (String) IPv4 address or Hostname for radius server
 - `key` (String, Sensitive)
+- `key_encryption` (String)
 - `pac_key` (String, Sensitive) The UNENCRYPTED (cleartext) server key
 - `pac_key_encryption` (String) 0 - Specifies an UNENCRYPTED key will follow 6 - Specifies an ENCRYPTED key will follow 7 - Specifies HIDDEN key will follow
 - `retransmit` (Number) Number of retries to active server (overrides default)

docs/data-sources/system.md

@@ -33,6 +33,8 @@ data "iosxe_system" "example" {
 - `archive_path` (String) path for backups
 - `archive_time_period` (Number) Period of time in minutes to automatically archive the running-config
 - `archive_write_memory` (Boolean) Enable automatic backup generation during write memory
+- `authentication_mac_move_deny_uncontrolled` (Boolean) Deny MAC move to uncontrolled port
+- `authentication_mac_move_permit` (Boolean) PERMIT MAC moves (clears existing session)
 - `boot_system_bootfiles` (Attributes List) (see [below for nested schema](#nestedatt--boot_system_bootfiles))
 - `boot_system_flash_files` (Attributes List) (see [below for nested schema](#nestedatt--boot_system_flash_files))
 - `call_home_cisco_tac_1_destination_transport_method` (String) To specify transport method for this profile

docs/guides/changelog.md

@@ -10,6 +10,9 @@ description: |-
 ## 0.10.0 (unreleased)
 
 - Add `flooding_suppression_address_resolution_disable` attribute to `iosxe_evpn` resource and data source
+- Add `deadtime` attribute to aaa group server radius in `iosxe_aaa` resource and data source
+- Add `key_encryption`, `automate_tester_ignore_auth_port`, and `automate_tester_idle_time` attributes to `iosxe_radius` resource and data source
+- Add `authentication_mac_move_permit` and `authentication_mac_move_deny_uncontrolled` attributes to `iosxe_system` resource and data source
 - Add `iosxe_evpn_ethernet_segment` resource and data source for managing L2VPN EVPN Ethernet Segment configuration
 - Add `evpn_ethernet_segments` attribute to `iosxe_interface_ethernet` and `iosxe_interface_port_channel` resources and data sources
 

docs/resources/aaa.md

@@ -26,7 +26,8 @@ resource "iosxe_aaa" "example" {
   ]
   group_server_radius = [
     {
-      name = "T-Group"
+      name     = "T-Group"
+      deadtime = 5
       server_names = [
         {
           name = "TESTRADIUS"
@@ -81,6 +82,8 @@ Required:
 
 Optional:
 
+- `deadtime` (Number) Specify time in minutes to ignore an unresponsive server
+  - Range: `0`-`1440`
 - `ip_radius_source_interface_five_gigabit_ethernet` (String) Five GigabitEthernet
 - `ip_radius_source_interface_forty_gigabit_ethernet` (String) Forty GigabitEthernet
 - `ip_radius_source_interface_gigabit_ethernet` (String) GigabitEthernet IEEE 802.3z

docs/resources/radius.md

@@ -21,8 +21,10 @@ resource "iosxe_radius" "example" {
   timeout                          = 4
   retransmit                       = 3
   key                              = "123"
+  key_encryption                   = "0"
   automate_tester_username         = "dummy"
   automate_tester_ignore_acct_port = true
+  automate_tester_ignore_auth_port = true
   automate_tester_probe_on_config  = true
 }
 ```
@@ -40,12 +42,16 @@ resource "iosxe_radius" "example" {
   - Range: `0`-`65534`
 - `authentication_port` (Number) UDP port for RADIUS authentication server (default is 1812)
   - Range: `0`-`65534`
+- `automate_tester_idle_time` (Number) Minutes of idle-time after which server state should be verified.
+  - Range: `1`-`35791`
 - `automate_tester_ignore_acct_port` (Boolean) Do not test accounting ports of the servers.
+- `automate_tester_ignore_auth_port` (Boolean) Do not test authentication port of the servers.
 - `automate_tester_probe_on_config` (Boolean) Send a packet to verify the server status
 - `automate_tester_username` (String)
 - `device` (String) A device name from the provider configuration.
 - `ipv4_address` (String) IPv4 address or Hostname for radius server
 - `key` (String, Sensitive)
+- `key_encryption` (String) - Choices: `0`, `5`, `6`, `7`
 - `pac_key` (String, Sensitive) The UNENCRYPTED (cleartext) server key
 - `pac_key_encryption` (String) 0 - Specifies an UNENCRYPTED key will follow 6 - Specifies an ENCRYPTED key will follow 7 - Specifies HIDDEN key will follow
   - Choices: `0`, `6`, `7`

docs/resources/system.md

@@ -66,6 +66,8 @@ resource "iosxe_system" "example" {
 - `archive_time_period` (Number) Period of time in minutes to automatically archive the running-config
   - Range: `1`-`525600`
 - `archive_write_memory` (Boolean) Enable automatic backup generation during write memory
+- `authentication_mac_move_deny_uncontrolled` (Boolean) Deny MAC move to uncontrolled port
+- `authentication_mac_move_permit` (Boolean) PERMIT MAC moves (clears existing session)
 - `boot_system_bootfiles` (Attributes List) (see [below for nested schema](#nestedatt--boot_system_bootfiles))
 - `boot_system_flash_files` (Attributes List) (see [below for nested schema](#nestedatt--boot_system_flash_files))
 - `call_home_cisco_tac_1_destination_transport_method` (String) To specify transport method for this profile

examples/resources/iosxe_aaa/resource.tf

@@ -11,7 +11,8 @@ resource "iosxe_aaa" "example" {
   ]
   group_server_radius = [
     {
-      name = "T-Group"
+      name     = "T-Group"
+      deadtime = 5
       server_names = [
         {
           name = "TESTRADIUS"

examples/resources/iosxe_radius/resource.tf

@@ -6,7 +6,9 @@ resource "iosxe_radius" "example" {
   timeout                          = 4
   retransmit                       = 3
   key                              = "123"
+  key_encryption                   = "0"
   automate_tester_username         = "dummy"
   automate_tester_ignore_acct_port = true
+  automate_tester_ignore_auth_port = true
   automate_tester_probe_on_config  = true
 }

gen/definitions/aaa.yaml

@@ -34,6 +34,8 @@ attributes:
       - yang_name: name
         example: T-Group
         id: true
+      - yang_name: deadtime
+        example: 5
       - yang_name: server/name
         tf_name: server_names
         type: List

gen/definitions/radius.yaml

@@ -29,14 +29,25 @@ attributes:
     example: 123
     allow_import_changes: true
     delete_parent: true
+  - yang_name: key/encryption
+    tf_name: key_encryption
+    write_only: true
+    example: 0
   - yang_name: automate-tester/username
     example: dummy
   - yang_name: automate-tester/ignore-acct-port
     example: true
+  - yang_name: automate-tester/ignore-auth-port
+    example: true
   - yang_name: automate-tester/type-of-testing/probe-on-config/probe-on-config
     xpath: automate-tester/probe-on-config
     tf_name: automate_tester_probe_on_config
     example: true
+  - yang_name: automate-tester/type-of-testing/idle-time-config/idle-time-config
+    xpath: automate-tester/idle-time-config
+    tf_name: automate_tester_idle_time
+    example: 5
+    exclude_test: true
   - yang_name: pac/key/key
     tf_name: pac_key
     write_only: true

gen/definitions/system.yaml

@@ -586,6 +586,12 @@ attributes:
     tf_name: standby_redirects_enable_disable
     example: disable
     exclude_test: true
+  - yang_name: Cisco-IOS-XE-sanet:authentication/mac-move/permit
+    example: true
+    test_tags: [C8000V]
+  - yang_name: Cisco-IOS-XE-sanet:authentication/mac-move/deny-uncontrolled
+    example: true
+    test_tags: [C8000V]
 
 test_prerequisites:
   - path: Cisco-IOS-XE-native:native/vrf/definition=VRF1