Add resource and data source for MACsec Policy under Fabric Policy Template. (DCNE-393) #391
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gmicol
requested review from
akinross,
anvitha-jain,
lhercot,
sajagana,
samiib and
shrsr
as code owners
akinross
requested changes
Oct 31, 2025
| * `sak_expire_time` - (Optional) The expiry time for the Security Association Key (SAK) for the MACsec Policy. Allowed value is 0 or valid range: 60-2592000. Defaults to 0 when unset during creation. | ||
| * `confidentiality_offset` - (Optional) The confidentiality offset for the MACsec Policy. This paramater is only configurable for `access` type. Allowed values are `offset0`, `offset30` or `offset50`. Defaults to `offset0` when unset during creation. | ||
| * `key_server_priority` - (Optional) The key server priority for the MACsec Policy. This paramater is only configurable for `access` type. Valid range: 0-255. Defaults to 16 when unset during creation. | ||
| * `macsec_key` - (Optional) The list of MACsec Keys. |
Collaborator
There was a problem hiding this comment.
should this be macsec_keys considering it is a list?
Collaborator
Author
There was a problem hiding this comment.
you're right I think it should be
| psk = "AA111111111111111111111111111111111111111111111111111111111111aa" | ||
| start_time = "now" | ||
| end_time = "2027-09-23 00:00:00" | ||
| } |
Collaborator
Author
There was a problem hiding this comment.
I double checked, there is no indentation issue. when viewing the full file, the indentation is correct.
Collaborator
There was a problem hiding this comment.
see image the macsec_keys attributes before closing bracket are indented wrong, there seems to be a tab before the closing bracket of macsec_keys
Collaborator
Author
There was a problem hiding this comment.
Oh sorry, my bad I did not see the bracket, will fix it
| An existing MSO MACsec Policy can be [imported][docs-import] into this resource via its ID/path, via the following command: [docs-import]: <https://www.terraform.io/docs/import/index.html> | ||
|
|
||
| ```bash | ||
| terraform import mso_fabric_policies_macsec_policy.macsec_policy templateId/{template_id}/VlanPool/{name} |
Collaborator
There was a problem hiding this comment.
is this VlanPool/{name} correct?
Collaborator
Author
There was a problem hiding this comment.
Mistake, will correct that
akinross
requested changes
Nov 3, 2025
| psk = "AA111111111111111111111111111111111111111111111111111111111111aa" | ||
| start_time = "now" | ||
| end_time = "2027-09-23 00:00:00" | ||
| } |
Collaborator
There was a problem hiding this comment.
see image the macsec_keys attributes before closing bracket are indented wrong, there seems to be a tab before the closing bracket of macsec_keys
anvitha-jain
requested changes
Nov 3, 2025
| * `security_policy` - (Optional) The security policy to allow traffic on the link for the MACsec Policy. Allowed values are `shouldSecure` or `mustSecure`. Defaults to `shouldSecure` when unset during creation. | ||
| * `sak_expire_time` - (Optional) The expiry time for the Security Association Key (SAK) for the MACsec Policy. Allowed value is 0 or valid range: 60-2592000. Defaults to 0 when unset during creation. | ||
| * `confidentiality_offset` - (Optional) The confidentiality offset for the MACsec Policy. This paramater is only configurable for `access` type. Allowed values are `offset0`, `offset30` or `offset50`. Defaults to `offset0` when unset during creation. | ||
| * `key_server_priority` - (Optional) The key server priority for the MACsec Policy. This paramater is only configurable for `access` type. Valid range: 0-255. Defaults to 16 when unset during creation. |
Collaborator
There was a problem hiding this comment.
paramater -> parameter
| * `window_size` - (Optional) The window size of the MACsec Policy. It defines the maximum number of frames that can be received out of order before a replay attack is detected. Valid range: 0-4294967295. Defaults to 0 for `fabric` type or to 64 for `access` type when unset during creation. | ||
| * `security_policy` - (Optional) The security policy to allow traffic on the link for the MACsec Policy. Allowed values are `shouldSecure` or `mustSecure`. Defaults to `shouldSecure` when unset during creation. | ||
| * `sak_expire_time` - (Optional) The expiry time for the Security Association Key (SAK) for the MACsec Policy. Allowed value is 0 or valid range: 60-2592000. Defaults to 0 when unset during creation. | ||
| * `confidentiality_offset` - (Optional) The confidentiality offset for the MACsec Policy. This paramater is only configurable for `access` type. Allowed values are `offset0`, `offset30` or `offset50`. Defaults to `offset0` when unset during creation. |
Collaborator
There was a problem hiding this comment.
paramater -> parameter
samiib
requested changes
Nov 5, 2025
| * `description` - (Optional) The description of the MACsec Policy. | ||
| * `admin_state` - (Optional) The administrative state of the MACsec Policy. Allowed values are `enabled` or `disabled`. Defaults to `enabled` when unset during creation. | ||
| * `interface_type` - (Optional) The type of the interfaces the MACsec Policy will be applied to. Allowed values are `fabric` or `access`. | ||
| * `cipher_suite` - (Optional) The cipher suite of the MACsec Policy to be used for encryption. Allowed values are `128GcmAes`, `128GcmAesXpn`, `256GcmAes` or `256GcmAesXpn`. Defaults to `enabled` when unset during creation. |
Collaborator
There was a problem hiding this comment.
Is the default of enabled correct here? It wasn't listed in the allowed values.
Collaborator
Author
There was a problem hiding this comment.
that's a mistake, will change it.
| * `confidentiality_offset` - (Optional) The confidentiality offset for the MACsec Policy. This parameter is only configurable for `access` type. Allowed values are `offset0`, `offset30` or `offset50`. Defaults to `offset0` when unset during creation. | ||
| * `key_server_priority` - (Optional) The key server priority for the MACsec Policy. This parameter is only configurable for `access` type. Valid range: 0-255. Defaults to 16 when unset during creation. | ||
| * `macsec_keys` - (Optional) The list of MACsec Keys. | ||
| * `macsec_keys.key_name` - (Required) The name of the MACsec Key. Key Name has to be hexadecimal characters [0-9a-fA-F]. |
Collaborator
There was a problem hiding this comment.
Suggested change
| * `macsec_keys.key_name` - (Required) The name of the MACsec Key. Key Name has to be hexadecimal characters [0-9a-fA-F]. | |
| * `macsec_keys.key_name` - (Required) The name of the MACsec Key. Key Name should only contain hexadecimal characters [0-9a-fA-F]. |
| * `key_server_priority` - (Optional) The key server priority for the MACsec Policy. This parameter is only configurable for `access` type. Valid range: 0-255. Defaults to 16 when unset during creation. | ||
| * `macsec_keys` - (Optional) The list of MACsec Keys. | ||
| * `macsec_keys.key_name` - (Required) The name of the MACsec Key. Key Name has to be hexadecimal characters [0-9a-fA-F]. | ||
| * `macsec_keys.psk` - (Required) The Pre-Shared Key (PSK) for the MACsec Key. PSK has to be hexadecimal characters [0-9a-fA-F]. PSK has to be 64 characters long if cipher suite is `256GcmAes` or `256GcmAesXpn`. PSK has to be 32 characters long if cipher suite is `128GcmAes` or `128GcmAesXpn`. |
Collaborator
There was a problem hiding this comment.
Suggested change
| * `macsec_keys.psk` - (Required) The Pre-Shared Key (PSK) for the MACsec Key. PSK has to be hexadecimal characters [0-9a-fA-F]. PSK has to be 64 characters long if cipher suite is `256GcmAes` or `256GcmAesXpn`. PSK has to be 32 characters long if cipher suite is `128GcmAes` or `128GcmAesXpn`. | |
| * `macsec_keys.psk` - (Required) The Pre-Shared Key (PSK) for the MACsec Key. PSK should only contain hexadecimal characters [0-9a-fA-F]. PSK should be 64 characters long if cipher suite is `256GcmAes` or `256GcmAesXpn`. PSK should be 32 characters long if cipher suite is `128GcmAes` or `128GcmAesXpn`. |
| * `macsec_keys.key_name` - (Required) The name of the MACsec Key. Key Name has to be hexadecimal characters [0-9a-fA-F]. | ||
| * `macsec_keys.psk` - (Required) The Pre-Shared Key (PSK) for the MACsec Key. PSK has to be hexadecimal characters [0-9a-fA-F]. PSK has to be 64 characters long if cipher suite is `256GcmAes` or `256GcmAesXpn`. PSK has to be 32 characters long if cipher suite is `128GcmAes` or `128GcmAesXpn`. | ||
| * `macsec_keys.start_time` - (Optional) The start time for the MACsec Key. Allowed values are of the following format `YYYY-MM-DD HH:MM:SS` or `now`. The start time for each Key should be unique. | ||
| * `macsec_keys.end_time` - (Optional) TThe end time for the MACsec Key. Allowed values are of the following format `YYYY-MM-DD HH:MM:SS` or `infinite`. |
Collaborator
There was a problem hiding this comment.
Suggested change
| * `macsec_keys.end_time` - (Optional) TThe end time for the MACsec Key. Allowed values are of the following format `YYYY-MM-DD HH:MM:SS` or `infinite`. | |
| * `macsec_keys.end_time` - (Optional) The end time for the MACsec Key. Allowed values are of the following format `YYYY-MM-DD HH:MM:SS` or `infinite`. |
…abric Policy Template.
…n issue for resource and data source.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes #356