Hello all,

I am working on utilizing Terraform to manage our 9800 WLCs.

So far everything with the ios-xe provider has worked well, though for most of our wireless settings, we have to use the restconf module from the provider to accomplish the intended management of resources.

A wall we've hit is with WLANs that require a psk.

When we go to apply the configuration, the WLC automatically sets the plain text password to AES encrypted, which of course is the intended functionality with PSKs.

This causes a problem for terraform though, as when we go to apply a different change, now the WLC responds with the AES encrypted string, while Terraform is expecting the plain text password.

Has anyone run into this? What solutions do you have? I'm pasting the pseudo-code below and am open to suggestions.

resource "iosxe_restconf" "wlan-config" {
  path     = "Cisco-IOS-XE-wireless-wlan-cfg:wlan-cfg-data/wlan-cfg-entries"
  for_each = toset([for wlc in local.wlcs : wlc.name])
  device   = each.key
  lists = [{
    name = "wlan-cfg-entry"
    key  = "profile-name"
    items = [
      {
        "profile-name"                   = "test-wlan"
        "wlan-id"                        = 1
        "wep-key-index"                  = 1
        "auth-key-mgmt-psk"              = true
        "auth-key-mgmt-dot1x"            = false
        "security-wpa"                   = true
        "psk"                            = "mypasswordhere"
        "psk-type"                       = "clear"
        "psk-key-type"                   = "key-ascii"
        "wpa2-enabled"                   = true
        "wpa2-aes"                       = true
        "mac-filtering-list"             = "default"
        "authentication-list"            = "default"
        "apf-vap-id-data/broadcast-ssid" = false
        "apf-vap-id-data/ccx-aironet-ie" = true
        "apf-vap-id-data/ssid"           = "test-wlan"

      }
    ]
  }]
}