CiscoDevNet · danischm · Oct 18, 2023 · Oct 16, 2023 · Oct 16, 2023 · Oct 17, 2023
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@
 - Add `sdwan_tls_ssl_profile_policy_definition` resource and data source
 - BREAKING CHANGE: Rename `timers_spf_initial_holf` attribute of `sdwan_cisco_ospf_feature_template` resource and data source to `timers_spf_initial_hold`
 - Fix issue with setting an `omp_tag` match condition using a `sdwan_route_policy_definition` resource
+- Add `sdwan_tls_ssl_decryption_policy_definition` resource and data source
 
 ## 0.2.7
 

diff --git a/docs/data-sources/tls_ssl_decryption_policy_definition.md b/docs/data-sources/tls_ssl_decryption_policy_definition.md
@@ -0,0 +1,80 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "sdwan_tls_ssl_decryption_policy_definition Data Source - terraform-provider-sdwan"
+subcategory: "Security Policies"
+description: |-
+  This data source can read the TLS SSL Decryption Policy Definition .
+---
+
+# sdwan_tls_ssl_decryption_policy_definition (Data Source)
+
+This data source can read the TLS SSL Decryption Policy Definition .
+
+## Example Usage
+
+```terraform
+data "sdwan_tls_ssl_decryption_policy_definition" "example" {
+  id = "f6b2c44c-693c-4763-b010-895aa3d236bd"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) The id of the object
+
+### Read-Only
+
+- `certificate_lifetime_in_days` (Number) Certificate Lifetime(in Days)
+- `certificate_revocation_status` (String) Certificate revocation status
+- `default_action` (String) Default action (applies when 'mode' set to 'security')
+- `description` (String) The description of the policy definition.
+- `ec_key_type` (String) EC Key Type
+- `expired_certificate` (String) Expired certificate action
+- `failure_mode` (String) Failure mode
+- `minimal_tls_version` (String) Minimal TLS Version
+- `mode` (String) The policy mode
+- `name` (String) The name of the policy definition.
+- `network_rules` (Attributes List) List of network rules (applies when 'mode' set to 'security') (see [below for nested schema](#nestedatt--network_rules))
+- `rsa_key_pair_modulus` (String) RSA key pair modules
+- `ssl_decryption_enabled` (String) SSL decryption enabled
+- `unknown_revocation_status` (String) Unknown revocation status action
+- `unsupported_cipher_suites` (String) Unsupported cipher suites action
+- `unsupported_protocol_versions` (String) Unsupported protocol versions action
+- `untrusted_certificate` (String) Untrusted certificate action
+- `url_rules` (Attributes List) List of url rules (applies when 'mode' set to 'security') (see [below for nested schema](#nestedatt--url_rules))
+- `use_default_ca_cert_bundle` (Boolean) Use default CA certificate bundle
+- `version` (Number) The version of the object
+
+<a id="nestedatt--network_rules"></a>
+### Nested Schema for `network_rules`
+
+Read-Only:
+
+- `base_action` (String) Rule base action
+- `rule_id` (Number) Rule ID
+- `rule_name` (String) Rule name
+- `rule_type` (String) Rule type
+- `source_and_destination_configuration` (Attributes List) List of network source / destination configuration (see [below for nested schema](#nestedatt--network_rules--source_and_destination_configuration))
+
+<a id="nestedatt--network_rules--source_and_destination_configuration"></a>
+### Nested Schema for `network_rules.source_and_destination_configuration`
+
+Read-Only:
+
+- `option` (String) source / destination option
+- `value` (String) source / destination option target
+
+
+
+<a id="nestedatt--url_rules"></a>
+### Nested Schema for `url_rules`
+
+Read-Only:
+
+- `rule_name` (String) Country
+- `target_vpns` (List of String) List of VPN IDs
+- `tls_ssl_profile_policy_id` (String) TLS SSL Profile Policy ID
+- `tls_ssl_profile_version` (Number) TLS SSL Profile Policy version
diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md
@@ -14,6 +14,7 @@ description: |-
 - Add `sdwan_tls_ssl_profile_policy_definition` resource and data source
 - BREAKING CHANGE: Rename `timers_spf_initial_holf` attribute of `sdwan_cisco_ospf_feature_template` resource and data source to `timers_spf_initial_hold`
 - Fix issue with setting an `omp_tag` match condition using a `sdwan_route_policy_definition` resource
+- Add `sdwan_tls_ssl_decryption_policy_definition` resource and data source
 
 ## 0.2.7
 

diff --git a/docs/resources/tls_ssl_decryption_policy_definition.md b/docs/resources/tls_ssl_decryption_policy_definition.md
@@ -0,0 +1,135 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "sdwan_tls_ssl_decryption_policy_definition Resource - terraform-provider-sdwan"
+subcategory: "Security Policies"
+description: |-
+  This resource can manage a TLS SSL Decryption Policy Definition .
+---
+
+# sdwan_tls_ssl_decryption_policy_definition (Resource)
+
+This resource can manage a TLS SSL Decryption Policy Definition .
+
+## Example Usage
+
+```terraform
+resource "sdwan_tls_ssl_decryption_policy_definition" "example" {
+  name           = "Example"
+  description    = "My description"
+  mode           = "security"
+  default_action = "noIntent"
+  network_rules = [
+    {
+      base_action = "doNotDecrypt"
+      rule_id     = 4
+      rule_name   = "Example"
+      rule_type   = "sslDecryption"
+      source_and_destination_configuration = [
+        {
+          option = "destinationIp"
+          value  = "10.0.0.0/12"
+        }
+      ]
+    }
+  ]
+  ssl_decryption_enabled        = "true"
+  expired_certificate           = "drop"
+  untrusted_certificate         = "drop"
+  certificate_revocation_status = "none"
+  unknown_revocation_status     = "drop"
+  unsupported_protocol_versions = "drop"
+  unsupported_cipher_suites     = "drop"
+  failure_mode                  = "close"
+  rsa_key_pair_modulus          = "2048"
+  ec_key_type                   = "P384"
+  certificate_lifetime_in_days  = 1
+  minimal_tls_version           = "TLSv1.2"
+  use_default_ca_cert_bundle    = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `description` (String) The description of the policy definition.
+- `name` (String) The name of the policy definition.
+
+### Optional
+
+- `certificate_lifetime_in_days` (Number) Certificate Lifetime(in Days)
+- `certificate_revocation_status` (String) Certificate revocation status
+  - Choices: `ocsp`, `none`
+- `default_action` (String) Default action (applies when 'mode' set to 'security')
+  - Choices: `noIntent`, `doNotDecrypt`, `decrypt`
+- `ec_key_type` (String) EC Key Type
+  - Choices: `P256`, `P384`, `P521`
+- `expired_certificate` (String) Expired certificate action
+  - Choices: `drop`, `decrypt`
+- `failure_mode` (String) Failure mode
+  - Choices: `open`, `close`
+- `minimal_tls_version` (String) Minimal TLS Version
+  - Choices: `TLSv1.0`, `TLSv1.1`, `TLSv1.2`
+- `mode` (String) The policy mode
+  - Choices: `security`, `unified`
+- `network_rules` (Attributes List) List of network rules (applies when 'mode' set to 'security') (see [below for nested schema](#nestedatt--network_rules))
+- `rsa_key_pair_modulus` (String) RSA key pair modules
+  - Choices: `1024`, `2048`, `4096`
+- `ssl_decryption_enabled` (String) SSL decryption enabled
+- `unknown_revocation_status` (String) Unknown revocation status action
+  - Choices: `drop`, `decrypt`
+- `unsupported_cipher_suites` (String) Unsupported cipher suites action
+  - Choices: `drop`, `no-decrypt`
+- `unsupported_protocol_versions` (String) Unsupported protocol versions action
+  - Choices: `drop`, `no-decrypt`
+- `untrusted_certificate` (String) Untrusted certificate action
+  - Choices: `drop`, `decrypt`
+- `url_rules` (Attributes List) List of url rules (applies when 'mode' set to 'security') (see [below for nested schema](#nestedatt--url_rules))
+- `use_default_ca_cert_bundle` (Boolean) Use default CA certificate bundle
+
+### Read-Only
+
+- `id` (String) The id of the object
+- `version` (Number) The version of the object
+
+<a id="nestedatt--network_rules"></a>
+### Nested Schema for `network_rules`
+
+Optional:
+
+- `base_action` (String) Rule base action
+  - Choices: `noIntent`, `doNotDecrypt`, `decrypt`
+- `rule_id` (Number) Rule ID
+- `rule_name` (String) Rule name
+- `rule_type` (String) Rule type
+- `source_and_destination_configuration` (Attributes List) List of network source / destination configuration (see [below for nested schema](#nestedatt--network_rules--source_and_destination_configuration))
+
+<a id="nestedatt--network_rules--source_and_destination_configuration"></a>
+### Nested Schema for `network_rules.source_and_destination_configuration`
+
+Optional:
+
+- `option` (String) source / destination option
+  - Choices: `sourceIp`, `sourcePort`, `destinationVpn`, `destinationIp`, `destinationPort`
+- `value` (String) source / destination option target
+
+
+
+<a id="nestedatt--url_rules"></a>
+### Nested Schema for `url_rules`
+
+Optional:
+
+- `rule_name` (String) Country
+- `target_vpns` (List of String) List of VPN IDs
+- `tls_ssl_profile_policy_id` (String) TLS SSL Profile Policy ID
+- `tls_ssl_profile_version` (Number) TLS SSL Profile Policy version
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import sdwan_tls_ssl_decryption_policy_definition.example "f6b2c44c-693c-4763-b010-895aa3d236bd"
+```
diff --git a/examples/data-sources/sdwan_tls_ssl_decryption_policy_definition/data-source.tf b/examples/data-sources/sdwan_tls_ssl_decryption_policy_definition/data-source.tf
@@ -0,0 +1,3 @@
+data "sdwan_tls_ssl_decryption_policy_definition" "example" {
+  id = "f6b2c44c-693c-4763-b010-895aa3d236bd"
+}
diff --git a/examples/resources/sdwan_tls_ssl_decryption_policy_definition/import.sh b/examples/resources/sdwan_tls_ssl_decryption_policy_definition/import.sh
@@ -0,0 +1 @@
+terraform import sdwan_tls_ssl_decryption_policy_definition.example "f6b2c44c-693c-4763-b010-895aa3d236bd"
diff --git a/examples/resources/sdwan_tls_ssl_decryption_policy_definition/resource.tf b/examples/resources/sdwan_tls_ssl_decryption_policy_definition/resource.tf
@@ -0,0 +1,33 @@
+resource "sdwan_tls_ssl_decryption_policy_definition" "example" {
+  name           = "Example"
+  description    = "My description"
+  mode           = "security"
+  default_action = "noIntent"
+  network_rules = [
+    {
+      base_action = "doNotDecrypt"
+      rule_id     = 4
+      rule_name   = "Example"
+      rule_type   = "sslDecryption"
+      source_and_destination_configuration = [
+        {
+          option = "destinationIp"
+          value  = "10.0.0.0/12"
+        }
+      ]
+    }
+  ]
+  ssl_decryption_enabled        = "true"
+  expired_certificate           = "drop"
+  untrusted_certificate         = "drop"
+  certificate_revocation_status = "none"
+  unknown_revocation_status     = "drop"
+  unsupported_protocol_versions = "drop"
+  unsupported_cipher_suites     = "drop"
+  failure_mode                  = "close"
+  rsa_key_pair_modulus          = "2048"
+  ec_key_type                   = "P384"
+  certificate_lifetime_in_days  = 1
+  minimal_tls_version           = "TLSv1.2"
+  use_default_ca_cert_bundle    = true
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		terraform import sdwan_tls_ssl_decryption_policy_definition.example "f6b2c44c-693c-4763-b010-895aa3d236bd"