cisco-en-programmability
diff --git a/‎playbooks/fabric_devices_info_workflow_manager.yml‎
Lines changed: 1 addition & 1 deletion b/‎playbooks/fabric_devices_info_workflow_manager.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎playbooks/network_devices_info_workflow_manager.yml‎
Lines changed: 17 additions & 16 deletions b/‎playbooks/network_devices_info_workflow_manager.yml‎
Lines changed: 17 additions & 16 deletions
diff --git a/‎plugins/modules/application_policy_workflow_manager.py‎
Lines changed: 2 additions & 2 deletions b/‎plugins/modules/application_policy_workflow_manager.py‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎plugins/modules/fabric_devices_info_workflow_manager.py‎
Lines changed: 322 additions & 43 deletions b/‎plugins/modules/fabric_devices_info_workflow_manager.py‎
Lines changed: 322 additions & 43 deletions
diff --git a/‎plugins/modules/ise_radius_integration_workflow_manager.py‎
Lines changed: 88 additions & 26 deletions b/‎plugins/modules/ise_radius_integration_workflow_manager.py‎
Lines changed: 88 additions & 26 deletions
@@ -19,7 +19,7 @@
         config_verify: true
         dnac_api_task_timeout: 1000
         dnac_task_poll_interval: 1
-        state: merged
+        state: gathered
         config:
           - fabric_devices:
               - fabric_site_hierarchy: "Global/rishipat_area/Fabric-area-1"  # Mandatory parameter
 
@@ -19,22 +19,23 @@
         config_verify: false
         dnac_api_task_timeout: 1000
         dnac_task_poll_interval: 1
-        state: queried
+        state: gathered
         config:
           - network_devices:
-              - management_ip_address: ["91.1.1.6"]
-                mac_address: ["cc:70:ed:e1:c3:00"]
-                hostname: ["SJ-Border2-9500.cisco.com"]
-                serial_number: ["FCW2243F199"]
-                os_type: ["IOS-XE"]
-                software_version: ["17.15.2"]
-                role: ["BORDER ROUTER"]
-                device_type: ["Cisco Catalyst 9500 Switch"]
-                family: ["Switches and Hubs"]
-                site_hierarchy: ["Global/USA/SAN JOSE/BLD23"]
-                timeout: 10
-                retries: 1
-                interval: 1
+              - site_hierarchy: Global/USA/SAN JOSE
+                device_type: "Cisco Catalyst 9300 Switch"
+                device_role: "ACCESS"
+                device_family: "Switches and Hubs"
+                software_version: "17.12.1"
+                os_type: "IOS-XE"
+                device_identifier:
+                  - ip_address: ["204.1.2.1"]
+                  - serial_number: ["FCW2137L0SB"]
+                  - hostname: ["SJ-BN-9300.cisco.local"]
+                  - mac_address: ["90:88:55:90:26:00"]
+                timeout: 60
+                retries: 3
+                interval: 10
                 requested_info:
                   - device_info
                   - interface_info
@@ -51,7 +52,7 @@
                   - device_stack_info
                   - device_link_mismatch_info
                 output_file_info:
-                  file_path: /Users/karthick/Downloads/testing
+                  file_path: /Users/priyadharshini/Downloads/info
                   file_format: json
-                  file_mode: a
+                  file_mode: w
                   timestamp: true
@@ -889,7 +889,7 @@
 
 RETURN = r"""
 # Case 1: Successful creation of application queuing profile
-creation _of_application_queuing_profile_response_task_execution:
+creation_of_application_queuing_profile_response_task_execution:
   description: A dictionary with details for successful task execution.
   returned: always
   type: dict
@@ -1059,7 +1059,7 @@
       "status": "success"
     }
 # Case 19: update not required for application policy
-update_not_required_ for_application_policy_response_task_execution:
+update_not_required_for_application_policy_response_task_execution:
   description: With task id get details for successful task execution
   returned: always
   type: dict
 
@@ -6,7 +6,7 @@
 from __future__ import absolute_import, division, print_function
 
 __metaclass__ = type
-__author__ = ["Muthu Rakesh, Madhan Sankaranarayanan"]
+__author__ = ["Muthu Rakesh, Madhan Sankaranarayanan, Archit Soni"]
 DOCUMENTATION = r"""
 ---
 module: ise_radius_integration_workflow_manager
@@ -24,7 +24,7 @@
 extends_documentation_fragment:
   - cisco.dnac.workflow_manager_params
 author: Muthu Rakesh (@MUTHU-RAKESH-27) Madhan Sankaranarayanan
-  (@madhansansel)
+  (@madhansansel) Archit Soni (@koderchit)
 options:
   config_verify:
     description: Set to True to verify the Cisco Catalyst
@@ -1390,16 +1390,21 @@ def get_want(self, config):
         self.status = "success"
         return self
 
-    def check_ise_server_integration_status(self, ip_address):
+    def wait_for_ise_integration_status(self, ip_address):
         """
-        Check whether the Cisco ISE server is ready for the accepting the user authentication certificate.
+        Wait for the Cisco ISE server to complete its integration with Cisco Catalyst Center.
+
+        This method continuously polls the Cisco ISE server integration status until it reaches
+        a terminal state (`WAITING_USER_INPUT` or `COMPLETE`). If the process exceeds the
+        allowed timeout period (30 seconds) or an exception occurs during status retrieval,
+        the method logs the failure and terminates execution using `fail_and_exit()`.
 
         Parameters:
-            ip_address (str) - The IP address of the Cisco ISE server.
-            self - The current object with updated desired Authentication Policy Server information.
+            ip_address (str): The IP address of the Cisco ISE server being integrated.
 
         Returns:
-            self - The current object with updated desired Authentication Policy Server information.
+            str: The final integration status of the Cisco ISE server (WAITING_USER_INPUT or COMPLETE).
+                The function does not return if it fails — it calls `fail_and_exit()` to fail and exit the module.
         """
 
         start_time = time.time()
@@ -1410,32 +1415,34 @@ def check_ise_server_integration_status(self, ip_address):
                     function="cisco_ise_server_integration_status",
                     op_modifies=True,
                 )
+                overall_status = cisco_ise_status.get("overallStatus")
             except Exception as msg:
-                self.msg = "Exception occurred while checking the status of the Cisco ISE server with IP address '{ip}'.".format(
-                    ip=ip_address
+                self.msg = (
+                    f"Exception occurred while checking the status of the Cisco ISE server "
+                    f"with IP address '{ip_address}'. Error: {msg}"
                 )
+                self.fail_and_exit(self.msg)
+
+            self.log(f"Current ISE server status: '{overall_status}'", "WARNING")
 
-            overall_status = cisco_ise_status.get("overallStatus")
-            statuses = ["WAITING_USER_INPUT", "COMPLETE"]
-            if overall_status in statuses:
+            if overall_status in ["WAITING_USER_INPUT", "COMPLETE"]:
                 self.log(
-                    "The status of the Cisco ISE server is '{status}'".format(
-                        status=overall_status
-                    )
+                    f"The Cisco ISE server status is '{overall_status}'. Breaking the loop.",
+                    "INFO",
                 )
                 break
 
-            if (time.time() - start_time) >= 10:
+            if (time.time() - start_time) >= 30:
                 self.msg = (
-                    "The Cisco Catalyst Center took more than 10 seconds to accept "
-                    "the PxGrid certificate of the Cisco ISE server with ."
+                    f"The Cisco Catalyst Center took more than 10 seconds to accept "
+                    f"the PxGrid certificate of the Cisco ISE server with IP '{ip_address}'."
                 )
-                self.status = "failed"
-                break
+                self.fail_and_exit(self.msg)
 
             time.sleep(1)
 
-        return self
+        self.log(f"Final ISE server status: '{overall_status}'", "INFO")
+        return overall_status
 
     def accept_cisco_ise_server_certificate(self, ipAddress, trusted_server):
         """
@@ -1470,6 +1477,11 @@ def accept_cisco_ise_server_certificate(self, ipAddress, trusted_server):
                 self.status = "failed"
                 return self
 
+            self.log(
+                "Calling 'accept_cisco_ise_server_certificate_for_cisco_ise_server_integration' API with payload - "
+                f"id: {cisco_ise_id}, isCertAcceptedByUser: {trusted_server}",
+                "INFO",
+            )
             response = self.dnac._exec(
                 family="system_settings",
                 function="accept_cisco_ise_server_certificate_for_cisco_ise_server_integration",
@@ -1703,7 +1715,7 @@ def update_auth_policy_server(self, authentication_policy_server):
                 ]
                 self.log(
                     "Desired State for Authentication and Policy Server for the IP '{0}' (want): {1}".format(
-                        ip_address, auth_server_params
+                        ip_address, self.pprint(auth_server_params)
                     ),
                     "DEBUG",
                 )
@@ -1738,8 +1750,31 @@ def update_auth_policy_server(self, authentication_policy_server):
 
                 if is_ise_server:
                     trusted_server = self.want.get("trusted_server")
-                    self.check_ise_server_integration_status(ip_address)
-                    self.accept_cisco_ise_server_certificate(ip_address, trusted_server)
+                    ise_radius_integration_status = (
+                        self.wait_for_ise_integration_status(ip_address)
+                    )
+                    if ise_radius_integration_status == "WAITING_USER_INPUT":
+                        self.log(
+                            "Cisco ISE server is waiting for user input to accept the certificate.",
+                            "INFO",
+                        )
+                        self.log(
+                            f"Calling API to accept Cisco ISE server certificate for IP '{ip_address}' with trusted_server={trusted_server}",
+                            "INFO",
+                        )
+                        self.accept_cisco_ise_server_certificate(
+                            ip_address, trusted_server
+                        )
+
+                    elif ise_radius_integration_status == "COMPLETE":
+                        self.log(
+                            "Cisco ISE server integration is already complete. No user certificate acceptance required.",
+                            "INFO",
+                        )
+                    else:
+                        self.msg = f"Unexpected Cisco ISE server integration status '{ise_radius_integration_status}' for IP '{ip_address}'."
+                        self.fail_and_exit(self.msg)
+
                     ise_integration_wait_time = self.want.get(
                         "ise_integration_wait_time"
                     )
@@ -1920,11 +1955,38 @@ def update_auth_policy_server(self, authentication_policy_server):
 
             trusted_server_msg = ""
             if is_ise_server_enabled:
+                self.log(
+                    "Cisco ISE server is enabled. Checking if it certificate acceptance processing.",
+                    "DEBUG",
+                )
                 trusted_server = self.want.get("trusted_server")
                 state = have_auth_server_details.get("state")
                 if state != "ACTIVE":
-                    self.check_ise_server_integration_status(ip_address)
-                    self.accept_cisco_ise_server_certificate(ip_address, trusted_server)
+                    ise_radius_integration_status = (
+                        self.wait_for_ise_integration_status(ip_address)
+                    )
+                    if ise_radius_integration_status == "WAITING_USER_INPUT":
+                        self.log(
+                            "Cisco ISE server is waiting for user input to accept the certificate.",
+                            "INFO",
+                        )
+                        self.log(
+                            f"Calling API to accept Cisco ISE server certificate for IP '{ip_address}' with trusted_server={trusted_server}",
+                            "INFO",
+                        )
+                        self.accept_cisco_ise_server_certificate(
+                            ip_address, trusted_server
+                        )
+
+                    elif ise_radius_integration_status == "COMPLETE":
+                        self.log(
+                            "Cisco ISE server integration is already complete. No user certificate acceptance required.",
+                            "INFO",
+                        )
+                    else:
+                        self.msg = f"Unexpected Cisco ISE server integration status '{ise_radius_integration_status}' for IP '{ip_address}'."
+                        self.fail_and_exit(self.msg)
+
                     ise_integration_wait_time = self.want.get(
                         "ise_integration_wait_time"
                     )