diff --git a/docs/resources/directory_service_auth_provider.md b/docs/resources/directory_service_auth_provider.md index 67f05b1b..d347bb4e 100644 --- a/docs/resources/directory_service_auth_provider.md +++ b/docs/resources/directory_service_auth_provider.md @@ -224,13 +224,7 @@ resource "redfish_directory_service_auth_provider" "ds_auth" { # "ActiveDirectory.1.GlobalCatalog3" = "yulanadhost11.yulan.pie.lab.emc.com", # GCRootDomain can be configured when GCLookupEnable is Enabled - #"ActiveDirectory.1.GCRootDomain" = "test" - - # RSA Secure configuration required Datacenter license - #"LDAP.1.RSASecurID2FALDAP":"Enabled", - #"RSASecurID2FA.1.RSASecurIDAccessKey": "●●1", - #"RSASecurID2FA.1.RSASecurIDClientID": "●●1", - #"RSASecurID2FA.1.RSASecurIDAuthenticationServer": "", + #"ActiveDirectory.1.GCRootDomain" = "test" } @@ -266,10 +260,6 @@ resource "redfish_directory_service_auth_provider" "ds_auth" { # "LDAP.1.BindPassword" = "", # "LDAP.1.SearchFilter" = "(objectclass = *)", # - # #"LDAP.1.RSASecurID2FALDAP":"Enabled", - # #"RSASecurID2FA.1.RSASecurIDAccessKey": "●●1", - # #"RSASecurID2FA.1.RSASecurIDClientID": "●●1", - # #"RSASecurID2FA.1.RSASecurIDAuthenticationServer": "", # } } diff --git a/examples/resources/redfish_directory_service_auth_provider/resource.tf b/examples/resources/redfish_directory_service_auth_provider/resource.tf index 99a79046..1d081634 100644 --- a/examples/resources/redfish_directory_service_auth_provider/resource.tf +++ b/examples/resources/redfish_directory_service_auth_provider/resource.tf @@ -92,13 +92,7 @@ resource "redfish_directory_service_auth_provider" "ds_auth" { # "ActiveDirectory.1.GlobalCatalog3" = "yulanadhost11.yulan.pie.lab.emc.com", # GCRootDomain can be configured when GCLookupEnable is Enabled - #"ActiveDirectory.1.GCRootDomain" = "test" - - # RSA Secure configuration required Datacenter license - #"LDAP.1.RSASecurID2FALDAP":"Enabled", - #"RSASecurID2FA.1.RSASecurIDAccessKey": "●●1", - #"RSASecurID2FA.1.RSASecurIDClientID": "●●1", - #"RSASecurID2FA.1.RSASecurIDAuthenticationServer": "", + #"ActiveDirectory.1.GCRootDomain" = "test" } @@ -134,10 +128,6 @@ resource "redfish_directory_service_auth_provider" "ds_auth" { # "LDAP.1.BindPassword" = "", # "LDAP.1.SearchFilter" = "(objectclass = *)", # - # #"LDAP.1.RSASecurID2FALDAP":"Enabled", - # #"RSASecurID2FA.1.RSASecurIDAccessKey": "●●1", - # #"RSASecurID2FA.1.RSASecurIDClientID": "●●1", - # #"RSASecurID2FA.1.RSASecurIDAuthenticationServer": "", # } } \ No newline at end of file diff --git a/redfish/provider/data_source_redfish_directory_service_auth_provider.go b/redfish/provider/data_source_redfish_directory_service_auth_provider.go index 52dc3db4..17c706e3 100644 --- a/redfish/provider/data_source_redfish_directory_service_auth_provider.go +++ b/redfish/provider/data_source_redfish_directory_service_auth_provider.go @@ -169,7 +169,7 @@ func loadActiveDirectoryAttributesState(service *gofish.Service, d *models.Direc } // nolint: gocyclo, gocognit,revive - activeDirectoryAttributes := []string{".CertValidationEnable", ".SSOEnable", ".AuthTimeout", ".DCLookupEnable", ".DCLookupByUserDomain", ".DCLookupDomainName", ".Schema", ".GCLookupEnable", ".GCRootDomain", ".GlobalCatalog1", ".GlobalCatalog2", ".GlobalCatalog3", ".RacName", ".RacDomain", ".RSASecurID2FAAD"} + activeDirectoryAttributes := []string{".CertValidationEnable", ".SSOEnable", ".AuthTimeout", ".DCLookupEnable", ".DCLookupByUserDomain", ".DCLookupDomainName", ".Schema", ".GCLookupEnable", ".GCRootDomain", ".GlobalCatalog1", ".GlobalCatalog2", ".GlobalCatalog3", ".RacName", ".RacDomain" /* , ".RSASecurID2FAAD" */} attributesToReturn := make(map[string]attr.Value) for k, v := range idracAttributesState.Attributes.Elements() { if strings.HasPrefix(k, "ActiveDirectory.") { @@ -180,7 +180,7 @@ func loadActiveDirectoryAttributesState(service *gofish.Service, d *models.Direc } } // nolint: revive - if (strings.HasPrefix(k, "UserDomain.") && strings.HasSuffix(k, ".Name")) || (strings.HasPrefix(k, "ADGroup.") && strings.HasSuffix(k, ".Name")) || (strings.HasPrefix(k, "RSASecurID2FA.") && strings.HasSuffix(k, ".RSASecurIDAuthenticationServer")) { + if (strings.HasPrefix(k, "UserDomain.") && strings.HasSuffix(k, ".Name")) || (strings.HasPrefix(k, "ADGroup.") && strings.HasSuffix(k, ".Name")) /* || (strings.HasPrefix(k, "RSASecurID2FA.") && strings.HasSuffix(k, ".RSASecurIDAuthenticationServer")) */ { attributesToReturn[k] = v } } @@ -196,7 +196,7 @@ func loadLDAPAttributesState(service *gofish.Service, d *models.DirectoryService } // nolint: gocyclo, gocognit,revive - ldapAttributes := []string{".CertValidationEnable", ".GroupAttributeIsDN", ".Port", ".BindDN", ".BindPassword", ".SearchFilter", ".RSASecurID2FALDAP"} + ldapAttributes := []string{".CertValidationEnable", ".GroupAttributeIsDN", ".Port", ".BindDN", ".BindPassword", ".SearchFilter" /* , ".RSASecurID2FALDAP" */} attributesToReturn := make(map[string]attr.Value) for k, v := range idracAttributesState.Attributes.Elements() { if strings.HasPrefix(k, "LDAP.") { @@ -206,9 +206,9 @@ func loadLDAPAttributesState(service *gofish.Service, d *models.DirectoryService } } } - if strings.HasPrefix(k, "RSASecurID2FA.") && strings.HasSuffix(k, ".RSASecurIDAuthenticationServer") { + /* if strings.HasPrefix(k, "RSASecurID2FA.") && strings.HasSuffix(k, ".RSASecurIDAuthenticationServer") { attributesToReturn[k] = v - } + } */ } d.LDAPAttributes = types.MapValueMust(types.StringType, attributesToReturn) diff --git a/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes.go b/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes.go index 887dc950..7386bc9c 100644 --- a/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes.go +++ b/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes.go @@ -20,6 +20,7 @@ package provider import ( "context" "encoding/json" + "errors" "fmt" "io" "slices" @@ -305,6 +306,12 @@ func updateRedfishDellLCAttributes(ctx context.Context, service *gofish.Service, diags.AddError(idracError, err.Error()) return diags } + err = assertLCAttributes(attributesTf, managerAttributeRegistry) + if err != nil { + diags.AddError(fmt.Sprintf("%s: LCAttributes registry from iDRAC does not match input", idracError), err.Error()) + return diags + } + // Set right attributes to patch (values from map are all string. It needs int and string) attributesToPatch, err := setManagerAttributesRightType(attributesTf, managerAttributeRegistry) if err != nil { @@ -454,3 +461,27 @@ func getLCAttributes(attributes []*dell.Attributes) (*dell.Attributes, error) { } return nil, fmt.Errorf("couldn't find LCAttributes") } + +func assertLCAttributes(rawAttributes map[string]string, managerAttributeRegistry *dell.ManagerAttributeRegistry) error { + var err error + // make map of name to ID of attributes + attributes := make(map[string]string) + for _, dellAttr := range managerAttributeRegistry.Attributes { + attributes[dellAttr.AttributeName] = dellAttr.ID + } + + // check if all input attributes are present in registry + // if present, make sure that its ID starts with LifecycleController, ie. it is a LC attribute + for k := range rawAttributes { + attrID, ok := attributes[k] + if !ok { + err = errors.Join(err, fmt.Errorf("couldn't find manager attribute %s", k)) + continue + } + // check if attribute is a system attribute + if !strings.HasPrefix(attrID, "LifecycleController.Embedded.1") { + err = errors.Join(err, fmt.Errorf("attribute %s is not a LCAttributes, its ID is %s", k, attrID)) + } + } + return err +} diff --git a/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes_test.go b/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes_test.go index 78311b79..ef5c208b 100644 --- a/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes_test.go +++ b/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes_test.go @@ -22,6 +22,7 @@ import ( "regexp" "testing" + "github.com/bytedance/mockey" "github.com/hashicorp/terraform-plugin-testing/helper/resource" ) @@ -59,10 +60,58 @@ func TestAccRedfishLCAttributesInvalidAttribute(t *testing.T) { creds), ExpectError: regexp.MustCompile("there was an issue when creating/updating LC attributes"), }, + { + Config: testAccRedfishResourceLCConfigInvalidData( + creds), + ExpectError: regexp.MustCompile("there was an issue when creating/updating LC attributes"), + }, + { + Config: testAccRedfishResourceLCEmptyConfig( + creds), + ExpectError: regexp.MustCompile("there was an issue when creating/updating LC attributes"), + }, }, }) } +func TestAccRedfishLCAttributesInvalidAttribute_mocky(t *testing.T) { + var funcMocker1 *mockey.Mocker + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccRedfishResourceLCAttributesConfig( + creds), + }, + { + PreConfig: func() { + FunctionMocker = mockey.Mock(assertLCAttributes).Return(fmt.Errorf("mock error")).Build() + }, + Config: testAccRedfishResourceLCConfigInvalid(creds), + ExpectError: regexp.MustCompile(`.*mock error*.`), + }, + { + PreConfig: func() { + if FunctionMocker != nil { + FunctionMocker.Release() + funcMocker1 = mockey.Mock(assertLCAttributes).Return(nil).Build() + FunctionMocker = mockey.Mock(setManagerAttributesRightType).Return(nil, fmt.Errorf("mock error")).Build() + } + }, + Config: testAccRedfishResourceLCAttributesTypeInvalid(creds), + ExpectError: regexp.MustCompile(`.*mock error*.`), + }, + }, + }) + if funcMocker1 != nil { + funcMocker1.Release() + } + if FunctionMocker != nil { + FunctionMocker.Release() + } +} + func TestAccRedfishLCAttributesUpdate(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -86,6 +135,47 @@ func TestAccRedfishLCAttributesUpdate(t *testing.T) { }) } +func TestAccRedfishLCAttributesCreateConfigErr(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + PreConfig: func() { + FunctionMocker = mockey.Mock(NewConfig).Return(nil, fmt.Errorf("mock error")).Build() + }, + Config: testAccRedfishResourceLCAttributesConfig(creds), + ExpectError: regexp.MustCompile(`.*mock error*.`), + }, + }, + }) + if FunctionMocker != nil { + FunctionMocker.Release() + } +} + +func TestAccRedfishLCAttributesReadConfigErr(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccRedfishResourceLCAttributesConfig(creds), + }, + { + PreConfig: func() { + FunctionMocker = mockey.Mock(NewConfig).Return(nil, fmt.Errorf("mock error")).Build() + }, + Config: testAccRedfishResourceLCAttributesConfig(creds), + ExpectError: regexp.MustCompile(`.*mock error*.`), + }, + }, + }) + if FunctionMocker != nil { + FunctionMocker.Release() + } +} + func TestAccRedfishLCAttributeImport(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -103,6 +193,29 @@ func TestAccRedfishLCAttributeImport(t *testing.T) { }) } +func TestAccRedfishLCAttributeImportCheck(t *testing.T) { + var lcAttributeResourceName = "redfish_dell_lc_attributes.lc" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccRedfishResourceLCAttributesConfig(creds), + }, + { + Config: testAccRedfishResourceLCAttributesConfig(creds), + ResourceName: lcAttributeResourceName, + ImportState: true, + ExpectError: nil, + ImportStateId: "{\"username\":\"" + creds.Username + "\",\"password\":\"" + creds.Password + "\",\"endpoint\":\"" + creds.Endpoint + "\",\"attributes\":[\"LCAttributes.1.CollectSystemInventoryOnRestart\",\"LCAttributes.1.IgnoreCertWarning\"],\"ssl_insecure\":true}", + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("redfish_dell_lc_attributes.lc", "attributes.LCAttributes.1.IgnoreCertWarning", "On"), + resource.TestCheckResourceAttr("redfish_dell_lc_attributes.lc", "attributes.LCAttributes.1.CollectSystemInventoryOnRestart", "Disabled"), + ), + }, + }, + }) +} func testAccRedfishResourceLCAttributesConfig(testingInfo TestingServerCredentials) string { return fmt.Sprintf(` resource "redfish_dell_lc_attributes" "lc" { @@ -170,3 +283,66 @@ func testAccRedfishResourceLCConfigInvalid(testingInfo TestingServerCredentials) testingInfo.Endpoint, ) } + +func testAccRedfishResourceLCConfigInvalidData(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_dell_lc_attributes" "lc" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + attributes = { + "LCAttributes.1.CollectSystemInventoryOnRestart" = "Disabled", + "LCAttributes.1.IgnoreCertWarning" = 1, + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + +func testAccRedfishResourceLCEmptyConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_dell_lc_attributes" "lc" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + attributes = { + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + +func testAccRedfishResourceLCAttributesTypeInvalid(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_dell_lc_attributes" "lc" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + attributes = { + "invalid" = 9, + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} diff --git a/redfish/provider/resource_redfish_directory_service_auth_provider.go b/redfish/provider/resource_redfish_directory_service_auth_provider.go index 925393b6..f5b0e0a2 100644 --- a/redfish/provider/resource_redfish_directory_service_auth_provider.go +++ b/redfish/provider/resource_redfish_directory_service_auth_provider.go @@ -343,9 +343,9 @@ func updateActiveDirectory(ctx context.Context, serviceURI string, service *gofi return diags } - if authFactorCheck, diags := isValid2FactorAuth(plan.ActiveDirectoryAttributes); diags.HasError() || !authFactorCheck { + /* if authFactorCheck, diags := isValid2FactorAuth(plan.ActiveDirectoryAttributes); diags.HasError() || !authFactorCheck { return diags - } + } */ patchBody := make(map[string]interface{}) if patchBody[ActiveDirectory], diags = getActiveDirectoryPatchBody(ctx, plan); diags.HasError() { @@ -395,9 +395,9 @@ func updateActiveDirectory(ctx context.Context, serviceURI string, service *gofi // nolint: revive func updateLDAP(ctx context.Context, serviceURI string, service *gofish.Service, plan *models.DirectoryServiceAuthProviderResource) (diags diag.Diagnostics) { - if authFactorCheck, diags := isValid2FactorAuth(plan.LDAPAttributes); diags.HasError() || !authFactorCheck { + /* if authFactorCheck, diags := isValid2FactorAuth(plan.LDAPAttributes); diags.HasError() || !authFactorCheck { return diags - } + } */ patchBody := make(map[string]interface{}) if patchBody["LDAP"], diags = getLDAPPatchBody(ctx, plan); diags.HasError() { diff --git a/redfish/provider/resource_redfish_directory_service_auth_provider_helper.go b/redfish/provider/resource_redfish_directory_service_auth_provider_helper.go index 6d28e859..a064c3e0 100644 --- a/redfish/provider/resource_redfish_directory_service_auth_provider_helper.go +++ b/redfish/provider/resource_redfish_directory_service_auth_provider_helper.go @@ -238,7 +238,7 @@ func getkAttributeskeyValue(attributes types.Map, prefix string, suffix string) return "" } -func isValid2FactorAuth(attributes types.Map) (bool, diag.Diagnostics) { +/* func isValid2FactorAuth(attributes types.Map) (bool, diag.Diagnostics) { var diags diag.Diagnostics // attributes := attrsState.ActiveDirectoryAttributes checkey2FA := checkAttributeskeyPresent(attributes, RSASecurID2FA, "RSASecurIDAccessKey") @@ -257,7 +257,7 @@ func isValid2FactorAuth(attributes types.Map) (bool, diag.Diagnostics) { } return true, diags -} +} */ func isValidAuthTime(prefix string, suffix string, attrsState *models.DirectoryServiceAuthProviderResource) (bool, diag.Diagnostics) { var diags diag.Diagnostics diff --git a/redfish/provider/resource_redfish_directory_service_auth_provider_schema_helper.go b/redfish/provider/resource_redfish_directory_service_auth_provider_schema_helper.go index 8228a7f9..b9696f98 100644 --- a/redfish/provider/resource_redfish_directory_service_auth_provider_schema_helper.go +++ b/redfish/provider/resource_redfish_directory_service_auth_provider_schema_helper.go @@ -375,7 +375,7 @@ func parseActiveDirectoryIntoState(ctx context.Context, acctService *redfish.Acc if state.ActiveDirectoryAttributes.IsNull() || state.ActiveDirectoryAttributes.IsUnknown() { // nolint: gocyclo, gocognit,revive - activeDirectoryAttributes := []string{".CertValidationEnable", ".SSOEnable", ".AuthTimeout", ".DCLookupEnable", ".DCLookupByUserDomain", ".DCLookupDomainName", ".Schema", ".GCLookupEnable", ".GCRootDomain", ".GlobalCatalog1", ".GlobalCatalog2", ".GlobalCatalog3", ".RacName", ".RacDomain", ".RSASecurID2FAAD"} + activeDirectoryAttributes := []string{".CertValidationEnable", ".SSOEnable", ".AuthTimeout", ".DCLookupEnable", ".DCLookupByUserDomain", ".DCLookupDomainName", ".Schema", ".GCLookupEnable", ".GCRootDomain", ".GlobalCatalog1", ".GlobalCatalog2", ".GlobalCatalog3", ".RacName", ".RacDomain" /* , ".RSASecurID2FAAD" */} attributesToReturn := make(map[string]attr.Value) for k, v := range idracAttributesPlan.Attributes.Elements() { @@ -391,9 +391,9 @@ func parseActiveDirectoryIntoState(ctx context.Context, acctService *redfish.Acc attributesToReturn[k] = v } - if strings.HasPrefix(k, "RSASecurID2FA.") && (strings.HasSuffix(k, ".RSASecurIDAuthenticationServer") || strings.HasSuffix(k, ".RSASecurIDAccessKey") || strings.HasSuffix(k, ".RSASecurIDClientID")) { + /* if strings.HasPrefix(k, "RSASecurID2FA.") && (strings.HasSuffix(k, ".RSASecurIDAuthenticationServer") || strings.HasSuffix(k, ".RSASecurIDAccessKey") || strings.HasSuffix(k, ".RSASecurIDClientID")) { attributesToReturn[k] = v - } + }*/ } activeDirAttributes = types.MapValueMust(types.StringType, attributesToReturn) @@ -444,7 +444,7 @@ func parseLDAPIntoState(ctx context.Context, acctService *redfish.AccountService if state.LDAPAttributes.IsNull() || state.LDAPAttributes.IsUnknown() { // nolint: gocyclo, gocognit,revive - ldapAttributes := []string{".CertValidationEnable", ".GroupAttributeIsDN", ".Port", ".BindDN", ".BindPassword", ".SearchFilter", ".RSASecurID2FALDAP"} + ldapAttributes := []string{".CertValidationEnable", ".GroupAttributeIsDN", ".Port", ".BindDN", ".BindPassword", ".SearchFilter" /* , ".RSASecurID2FALDAP" */} attributesToReturn := make(map[string]attr.Value) for k, v := range idracAttributesPlan.Attributes.Elements() { if strings.HasPrefix(k, "LDAP.") { @@ -455,10 +455,10 @@ func parseLDAPIntoState(ctx context.Context, acctService *redfish.AccountService } } - if strings.HasPrefix(k, "RSASecurID2FA.") && (strings.HasSuffix(k, ".RSASecurIDAuthenticationServer") || + /* if strings.HasPrefix(k, "RSASecurID2FA.") && (strings.HasSuffix(k, ".RSASecurIDAuthenticationServer") || strings.HasSuffix(k, ".RSASecurIDAccessKey") || strings.HasSuffix(k, ".RSASecurIDClientID")) { attributesToReturn[k] = v - } + }*/ } ldapDirAttributes = types.MapValueMust(types.StringType, attributesToReturn) } @@ -517,7 +517,7 @@ func getActiveDirectoryPatchBody(ctx context.Context, attrsState *models.Directo if !value.IsUnknown() && !value.IsNull() { goValue, err := convertTerraformValueToGoBasicValue(ctx, value) if err != nil { - tflog.Trace(ctx, fmt.Sprintf("Failed to convert Ethernet value to go value: %s", err.Error())) + tflog.Trace(ctx, fmt.Sprintf("Failed to convert AD directory value to go value: %s", err.Error())) continue } if fieldName, ok := supportedActiveDirectory[key]; ok { @@ -568,7 +568,7 @@ func getActiveDirectoryPatchBody(ctx context.Context, attrsState *models.Directo if !value.IsUnknown() && !value.IsNull() { goValue, err := convertTerraformValueToGoBasicValue(ctx, value) if err != nil { - tflog.Trace(ctx, fmt.Sprintf("Failed to convert VLAN value to go value: %s", err.Error())) + tflog.Trace(ctx, fmt.Sprintf("Failed to convert AD authentication value to go value: %s", err.Error())) continue } if fieldName, ok := supportedAuthentication[key]; ok { @@ -640,7 +640,7 @@ func getLDAPPatchBody(ctx context.Context, attrsState *models.DirectoryServiceAu if !value.IsUnknown() && !value.IsNull() { goValue, err := convertTerraformValueToGoBasicValue(ctx, value) if err != nil { - tflog.Trace(ctx, fmt.Sprintf("Failed to convert Ethernet value to go value: %s", err.Error())) + tflog.Trace(ctx, fmt.Sprintf("Failed to convert LDAP Directory value to go value: %s", err.Error())) continue } if fieldName, ok := supportedLDAP[key]; ok { @@ -660,7 +660,7 @@ func getLDAPPatchBody(ctx context.Context, attrsState *models.DirectoryServiceAu if !value.IsUnknown() && !value.IsNull() { goValue, err := convertTerraformValueToGoBasicValue(ctx, value) if err != nil { - tflog.Trace(ctx, fmt.Sprintf("Failed to convert Ethernet value to go value: %s", err.Error())) + tflog.Trace(ctx, fmt.Sprintf("Failed to convert LDAP SearchSettings value to go value: %s", err.Error())) continue } if fieldName, ok := supportedSearchSetting[key]; ok { diff --git a/redfish/provider/resource_redfish_directory_service_auth_provider_test.go b/redfish/provider/resource_redfish_directory_service_auth_provider_test.go index 4afe5a10..b998ee61 100644 --- a/redfish/provider/resource_redfish_directory_service_auth_provider_test.go +++ b/redfish/provider/resource_redfish_directory_service_auth_provider_test.go @@ -52,6 +52,11 @@ func TestAccRedfishDirectoryServiceAuthProviderBasic(t *testing.T) { resource.TestCheckResourceAttr(terraformDSAuthProviderResourceName, "ldap.directory.service_enabled", "false"), ), }, + { + // error update with both `ActiveDirectory` and `LDAP` + Config: testAccRedfishDirectoryServiceAuthProviderErrorConfig(creds), + ExpectError: regexp.MustCompile("Error when updating both of `ActiveDirectory` and `LDAP`"), + }, { // update with `ActiveDirectory` Config: testAccRedfishDirectoryServiceAuthProviderAD_UpdateConfig(creds), @@ -60,6 +65,13 @@ func TestAccRedfishDirectoryServiceAuthProviderBasic(t *testing.T) { resource.TestCheckResourceAttr(terraformDSAuthProviderResourceName, "active_directory_attributes.ActiveDirectory.1.AuthTimeout", "130"), ), }, + { + // update with `ActiveDirectory` and standard Schema + Config: testAccRedfishDirectoryServiceAuthProviderADWithStandardSchema_UpdateConfig(creds), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr(terraformDSAuthProviderResourceName, "active_directory.directory.service_enabled", "true"), + ), + }, }, }) } @@ -69,14 +81,29 @@ func TestAccRedfishDirectoryServiceAuthProviderInvalidCase(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ + { + // error for Active Directory Service + Config: testAccRedfishDirectoryServiceAuthProviderADWithStandardSchema_ServiceErrorConfig(creds), + ExpectError: regexp.MustCompile("Error updating AccountService Details"), + }, + { + // error for LDAP Service + Config: testAccRedfishDirectoryServiceAuthProviderLDAP_ServiceErrorConfig(creds), + ExpectError: regexp.MustCompile("Error updating AccountService Details"), + }, { // error for empty AuthTimeout in ActiveDirectory Config: testAccRedfishDirectoryServiceAuthProviderEmptyAuth(creds), ExpectError: regexp.MustCompile("Invalid AuthTimeout, Please provide all the required configuration"), }, - { // error for Invalid AuthTimeout in ActiveDirectory + Config: testAccRedfishDirectoryServiceAuthProviderInvalidAuthTimeoutString(creds), + ExpectError: regexp.MustCompile("Invalid AuthTimeout"), + }, + + { + // error for Invalid AuthTimeout not in (15,300) in ActiveDirectory Config: testAccRedfishDirectoryServiceAuthProviderInvalidAuth(creds), ExpectError: regexp.MustCompile("Invalid AuthTimeout, AuthTimeout must be between 15 and 300"), }, @@ -122,6 +149,11 @@ func TestAccRedfishDirectoryServiceAuthProviderInvalidCase(t *testing.T) { ExpectError: regexp.MustCompile("DCLookupByUserDomain must be configured for Enabled DCLookUp"), }, + { + // error DCLookupEnable Enabled, DCLookupByUserDomain Disabled and without DCLookupDomainName + Config: testAccRedfishDirectoryServiceAuthProviderWithoutDCLookupDomainNameConfig(creds), + ExpectError: regexp.MustCompile("DCLookupDomainName must be configured for Disabled DCLookupByUserDomain"), + }, { // error DCLookupEnable Enabled, DCLookupByUserDomain Disabled and DCLookupDomainName Empty Config: testAccRedfishDirectoryServiceAuthProviderDCLookupDomainNameEmptyConfig(creds), @@ -133,6 +165,11 @@ func TestAccRedfishDirectoryServiceAuthProviderInvalidCase(t *testing.T) { Config: testAccRedfishDirectoryServiceAuthProviderDCLookupEnableDCLookupDomainNameConfig(creds), ExpectError: regexp.MustCompile("DCLookupDomainName can not be configured for Enabled DCLookupByUserDomain"), }, + { + // error DCLookupEnable Invalid + Config: testAccRedfishDirectoryServiceAuthProviderDCLookupEnableInvalidConfig(creds), + ExpectError: regexp.MustCompile("Invalid configuration for DCLookUp"), + }, }, }) } @@ -198,6 +235,11 @@ func TestAccRedfishDirectoryServiceAuthProviderInvalidSchema_Config(t *testing.T Config: testAccRedfishDirectoryServiceAuthProviderStandardSchemaGCRootConfig(creds), ExpectError: regexp.MustCompile("GCRootDomain can not be configured for Disabled GCLookupEnable"), }, + { + // error Standard Schema and Invalid GCLookup config + Config: testAccRedfishDirectoryServiceAuthProviderStandardSchemaInvalidGCLookUpConfig(creds), + ExpectError: regexp.MustCompile("Invalid configuration for Standard Schema"), + }, }, }) } @@ -231,28 +273,21 @@ func testAccRedfishDirectoryServiceAuthProviderErrorConfig(testingInfo TestingSe active_directory = { directory = { - remote_role_mapping = [ - { - local_role = "Administrator", - remote_group = "xxxx" - } - ], - service_addresses = [ - "yulanadhost11.yulan.pie.lab.emc.com" - ], - service_enabled = true + service_enabled = false + } } active_directory_attributes = { - "ActiveDirectory.1.AuthTimeout"= "120", + "ActiveDirectory.1.AuthTimeout"= "110", "ActiveDirectory.1.CertValidationEnable"= "Enabled", - "ActiveDirectory.1.DCLookupEnable"= "Disabled", + "ActiveDirectory.1.DCLookupEnable"= "Enabled", "ActiveDirectory.1.RacDomain"= "test", "ActiveDirectory.1.RacName"= "test", - "ActiveDirectory.1.SSOEnable"= "Enabled", + "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", - "UserDomain.1.Name"= "yulan.pie.lab.emc.com" + "UserDomain.1.Name"= "yulan1.pie.lab.emc.com", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } ldap = { @@ -266,12 +301,12 @@ func testAccRedfishDirectoryServiceAuthProviderErrorConfig(testingInfo TestingSe service_addresses = [ "yulanadhost12.yulan.pie.lab.emc.com" ], - service_enabled = false + service_enabled = true }, ldap_service = { search_settings = { base_distinguished_names = [ - "dc = yulan,dc = pie,dc = lab,dc = emc,dc = com" + "dc = yulan11,dc = pie,dc = lab,dc = emc,dc = com" ], group_name_attribute = "name", user_name_attribute = "member" @@ -319,7 +354,7 @@ func testAccRedfishDirectoryServiceAuthProviderADConfig(testingInfo TestingServe "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } } `, @@ -377,6 +412,55 @@ func testAccRedfishDirectoryServiceAuthProviderLDAPConfig(testingInfo TestingSer ) } +func testAccRedfishDirectoryServiceAuthProviderLDAP_ServiceErrorConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + ldap = { + directory = { + remote_role_mapping = [ + { + local_role = "Administrator", + remote_group = "cn = idracgroup,cn = users,dc = yulan,dc = pie,dc = lab,dc = emc,dc = com" + } + ], + service_addresses = [ + "yulanadhost12.yulan.pie.lab.emc.com", + "yulanadhost12.yulan.pie.lab.emc.com" + ], + service_enabled = false + }, + ldap_service = { + search_settings = { + base_distinguished_names = [ + "dc = yulan,dc = pie,dc = lab,dc = emc,dc = com" + ], + group_name_attribute = "name", + user_name_attribute = "member" + } + } + } + + ldap_attributes = { + "LDAP.1.GroupAttributeIsDN" = "Enabled" + "LDAP.1.Port" = "636", + "LDAP.1.BindDN" = "cn = adtester,cn = users,dc = yulan,dc = pie,dc = lab,dc = emc,dc = com", + "LDAP.1.BindPassword" = "", + "LDAP.1.SearchFilter" = "(objectclass = *)" + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + func testAccRedfishDirectoryServiceAuthProviderAD_UpdateConfig(testingInfo TestingServerCredentials) string { return fmt.Sprintf(` resource "redfish_directory_service_auth_provider" "ds_auth" { @@ -405,7 +489,111 @@ func testAccRedfishDirectoryServiceAuthProviderAD_UpdateConfig(testingInfo Testi "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + +func testAccRedfishDirectoryServiceAuthProviderADWithStandardSchema_UpdateConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + active_directory = { + directory = { + remote_role_mapping = [ + { + local_role = "Administrator", + remote_group = "xxxx" + }, + { + local_role = "Operator", + remote_group = "abcd" + } + ], + service_addresses = [ + "yulanadhost1.yulan.pie.lab.emc.com", + "yulanadhost.yulan.pie.lab.emc.com", + "yulanadhost2.yulan.pie.lab.emc.com" + ], + service_enabled = true + } + } + + active_directory_attributes = { + "ActiveDirectory.1.AuthTimeout"= "130", + "ActiveDirectory.1.CertValidationEnable"= "Enabled", + "ActiveDirectory.1.DCLookupEnable"= "Disabled", + "ActiveDirectory.1.SSOEnable"= "Disabled", + "ActiveDirectory.1.Schema"= "Standard Schema", + "UserDomain.1.Name"= "yulan.pie.lab.emc.com", + "UserDomain.2.Name"= "yulan2.pie.lab.emc.com", + "UserDomain.3.Name"= "yulan3.pie.lab.emc.com", + #"ActiveDirectory.1.DCLookupByUserDomain"="Enabled", + "ActiveDirectory.1.GCLookupEnable" = "Disabled", + "ActiveDirectory.1.GlobalCatalog1" = "yulanadhost21.yulan.pie.lab.emc.com", + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} +func testAccRedfishDirectoryServiceAuthProviderADWithStandardSchema_ServiceErrorConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + active_directory = { + directory = { + remote_role_mapping = [ + { + local_role = "Administrator", + remote_group = "xxxx" + }, + { + local_role = "Operator", + remote_group = "abcd" + } + ], + service_addresses = [ + "yulanadhost1.yulan.pie.lab.emc.com", + "yulanadhost.yulan.pie.lab.emc.com", + "yulanadhost2.yulan.pie.lab.emc.com", + "yulanadhost2.yulan.pie.lab.emc.com" + ], + service_enabled = true + } + } + + active_directory_attributes = { + "ActiveDirectory.1.AuthTimeout"= "130", + "ActiveDirectory.1.CertValidationEnable"= "Enabled", + "ActiveDirectory.1.DCLookupEnable"= "Disabled", + "ActiveDirectory.1.SSOEnable"= "Disabled", + "ActiveDirectory.1.Schema"= "Standard Schema", + "UserDomain.1.Name"= "yulan.pie.lab.emc.com", + "UserDomain.2.Name"= "yulan2.pie.lab.emc.com", + "UserDomain.3.Name"= "yulan3.pie.lab.emc.com", + #"ActiveDirectory.1.DCLookupByUserDomain"="Enabled", + "ActiveDirectory.1.GCLookupEnable" = "Disabled", + "ActiveDirectory.1.GlobalCatalog1" = "yulanadhost21.yulan.pie.lab.emc.com", } } `, @@ -452,6 +640,45 @@ func testAccRedfishDirectoryServiceAuthProviderEmptyAuth(testingInfo TestingServ ) } +func testAccRedfishDirectoryServiceAuthProviderInvalidAuthTimeoutString(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + active_directory = { + directory = { + + service_addresses = [ + "yulanadhost11.yulan.pie.lab.emc.com" + ], + service_enabled = true + } + } + + active_directory_attributes = { + "ActiveDirectory.1.AuthTimeout"= "Invalid", + "ActiveDirectory.1.CertValidationEnable"= "Enabled", + "ActiveDirectory.1.DCLookupEnable"= "Disabled", + "ActiveDirectory.1.RacDomain"= "test", + "ActiveDirectory.1.RacName"= "test", + "ActiveDirectory.1.SSOEnable"= "Disabled", + "ActiveDirectory.1.Schema"= "Extended Schema", + #"ADGroup.1.Domain" = "yulan.pie.lab.emc.com", + "UserDomain.1.Name"= "yulan.pie.lab.emc.com" + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + func testAccRedfishDirectoryServiceAuthProviderInvalidAuth(testingInfo TestingServerCredentials) string { return fmt.Sprintf(` resource "redfish_directory_service_auth_provider" "ds_auth" { @@ -633,7 +860,7 @@ func testAccRedfishDirectoryServiceAuthProviderDCLookupByUserDomainConfig(testin "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Disabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Disabled", } } `, @@ -674,7 +901,7 @@ func testAccRedfishDirectoryServiceAuthProviderDCLookupDomainNameConfig(testingI "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - #"ActiveDirectory.1.DCLookupByUserDomain":"Disabled", + #"ActiveDirectory.1.DCLookupByUserDomain"="Disabled", "ActiveDirectory.1.DCLookupDomainName"="test", } } @@ -716,7 +943,7 @@ func testAccRedfishDirectoryServiceAuthProviderDDCLookupEnableNoServiceAddConfig "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Disabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Disabled", "ActiveDirectory.1.DCLookupDomainName"="test", } } @@ -765,7 +992,7 @@ func testAccRedfishDirectoryServiceAuthProviderDCLookupByUserDomainEmptyConfig(t ) } -func testAccRedfishDirectoryServiceAuthProviderDCLookupDomainNameEmptyConfig(testingInfo TestingServerCredentials) string { +func testAccRedfishDirectoryServiceAuthProviderWithoutDCLookupDomainNameConfig(testingInfo TestingServerCredentials) string { return fmt.Sprintf(` resource "redfish_directory_service_auth_provider" "ds_auth" { redfish_server { @@ -793,7 +1020,7 @@ func testAccRedfishDirectoryServiceAuthProviderDCLookupDomainNameEmptyConfig(tes "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Disabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Disabled", } } @@ -804,6 +1031,45 @@ func testAccRedfishDirectoryServiceAuthProviderDCLookupDomainNameEmptyConfig(tes ) } +func testAccRedfishDirectoryServiceAuthProviderDCLookupDomainNameEmptyConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + active_directory = { + directory = { + service_enabled = true, + authentication = { + kerberos_key_tab_file = "" + } + } + } + + active_directory_attributes = { + "ActiveDirectory.1.AuthTimeout"= "120", + "ActiveDirectory.1.CertValidationEnable"= "Enabled", + "ActiveDirectory.1.DCLookupEnable"= "Enabled", + "ActiveDirectory.1.RacDomain"= "test", + "ActiveDirectory.1.RacName"= "test", + "ActiveDirectory.1.SSOEnable"= "Disabled", + "ActiveDirectory.1.Schema"= "Extended Schema", + "UserDomain.1.Name"= "yulan.pie.lab.emc.com", + "ActiveDirectory.1.DCLookupByUserDomain"="Disabled", + "ActiveDirectory.1.DCLookupDomainName"="", + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + func testAccRedfishDirectoryServiceAuthProviderDCLookupEnableDCLookupDomainNameConfig(testingInfo TestingServerCredentials) string { return fmt.Sprintf(` resource "redfish_directory_service_auth_provider" "ds_auth" { @@ -832,7 +1098,46 @@ func testAccRedfishDirectoryServiceAuthProviderDCLookupEnableDCLookupDomainNameC "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", + "ActiveDirectory.1.DCLookupDomainName"="test", + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + +func testAccRedfishDirectoryServiceAuthProviderDCLookupEnableInvalidConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + active_directory = { + directory = { + service_enabled = true, + authentication = { + kerberos_key_tab_file = "" + } + } + } + + active_directory_attributes = { + "ActiveDirectory.1.AuthTimeout"= "120", + "ActiveDirectory.1.CertValidationEnable"= "Enabled", + "ActiveDirectory.1.DCLookupEnable"= "Invalid", + "ActiveDirectory.1.RacDomain"= "test", + "ActiveDirectory.1.RacName"= "test", + "ActiveDirectory.1.SSOEnable"= "Disabled", + "ActiveDirectory.1.Schema"= "Extended Schema", + "UserDomain.1.Name"= "yulan.pie.lab.emc.com", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ActiveDirectory.1.DCLookupDomainName"="test", } } @@ -869,7 +1174,7 @@ func testAccRedfishDirectoryServiceAuthProviderExtendedNoRacConfig(testingInfo T "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } } `, @@ -907,7 +1212,7 @@ func testAccRedfishDirectoryServiceAuthProviderExtendedEmptyRacConfig(testingInf "ActiveDirectory.1.RacDomain"= "", "ActiveDirectory.1.RacName"= "", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } } `, @@ -945,7 +1250,7 @@ func testAccRedfishDirectoryServiceAuthProviderExtendedGCLookUpConfig(testingInf "ActiveDirectory.1.RacDomain"= "test", "ActiveDirectory.1.RacName"= "test", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ActiveDirectory.1.GCLookupEnable" = "Disabled", } } @@ -990,7 +1295,7 @@ func testAccRedfishDirectoryServiceAuthProviderExtendedRemoteRoleConfig(testingI "ActiveDirectory.1.RacDomain"= "test", "ActiveDirectory.1.RacName"= "test", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } } @@ -1029,7 +1334,7 @@ func testAccRedfishDirectoryServiceAuthProviderExtendedADGroupDomainConfig(testi "ActiveDirectory.1.RacDomain"= "test", "ActiveDirectory.1.RacName"= "test", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ADGroup.1.Domain" = "yulan.pie.lab.emc.com", } @@ -1069,7 +1374,7 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaAndRacConfig(testin "ActiveDirectory.1.RacDomain"= "test", "ActiveDirectory.1.RacName"= "test", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } } `, @@ -1105,7 +1410,7 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaNoGCLookUpConfig(te "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Standard Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } } `, @@ -1141,7 +1446,7 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaNoGCRootConfig(test "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Standard Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ActiveDirectory.1.GCLookupEnable" = "Enabled", } } @@ -1178,7 +1483,7 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaGlobalCatalogConfig "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Standard Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ActiveDirectory.1.GCLookupEnable" = "Enabled", "ActiveDirectory.1.GCRootDomain" = "test", "ActiveDirectory.1.GlobalCatalog1" = "yulanadhost11.yulan.pie.lab.emc.com", @@ -1217,7 +1522,7 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaNoGlobalCatalogConf "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Standard Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ActiveDirectory.1.GCLookupEnable" = "Disabled", "ActiveDirectory.1.GlobalCatalog1" = "", } @@ -1255,7 +1560,7 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaGCRootConfig(testin "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Standard Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ActiveDirectory.1.GCLookupEnable" = "Disabled", "ActiveDirectory.1.GCRootDomain" = "test", "ActiveDirectory.1.GlobalCatalog1" = "yulanadhost11.yulan.pie.lab.emc.com", @@ -1267,3 +1572,42 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaGCRootConfig(testin testingInfo.Endpoint, ) } + +func testAccRedfishDirectoryServiceAuthProviderStandardSchemaInvalidGCLookUpConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + active_directory = { + directory = { + service_enabled = true, + authentication = { + kerberos_key_tab_file = "" + } + } + } + + active_directory_attributes = { + "ActiveDirectory.1.AuthTimeout"= "120", + "ActiveDirectory.1.CertValidationEnable"= "Enabled", + "ActiveDirectory.1.DCLookupEnable"= "Enabled", + "ActiveDirectory.1.SSOEnable"= "Disabled", + "ActiveDirectory.1.Schema"= "Standard Schema", + "UserDomain.1.Name"= "yulan.pie.lab.emc.com", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", + "ActiveDirectory.1.GCLookupEnable" = "Invalid", + "ActiveDirectory.1.GCRootDomain" = "test", + "ActiveDirectory.1.GlobalCatalog1" = "yulanadhost11.yulan.pie.lab.emc.com", + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +}