From 9f12813619de7e66372ce6883ad9c4146eea2ab0 Mon Sep 17 00:00:00 2001 From: Gupta Date: Thu, 9 Jan 2025 02:07:07 +0530 Subject: [PATCH] AT coverage Improvement adding space after comment line adding space after comment line updating testcase for DSAP updating DSAP UT coverage updating testcase for LC attributes updating test for coverage revert bios config --- .../directory_service_auth_provider.md | 12 +- .../resource.tf | 12 +- ...redfish_directory_service_auth_provider.go | 10 +- ...sh_dell_lifecycle_controller_attributes.go | 31 ++ ...ll_lifecycle_controller_attributes_test.go | 176 ++++++++ ...redfish_directory_service_auth_provider.go | 8 +- ..._directory_service_auth_provider_helper.go | 4 +- ...ory_service_auth_provider_schema_helper.go | 20 +- ...sh_directory_service_auth_provider_test.go | 416 ++++++++++++++++-- 9 files changed, 610 insertions(+), 79 deletions(-) diff --git a/docs/resources/directory_service_auth_provider.md b/docs/resources/directory_service_auth_provider.md index 67f05b1b..d347bb4e 100644 --- a/docs/resources/directory_service_auth_provider.md +++ b/docs/resources/directory_service_auth_provider.md @@ -224,13 +224,7 @@ resource "redfish_directory_service_auth_provider" "ds_auth" { # "ActiveDirectory.1.GlobalCatalog3" = "yulanadhost11.yulan.pie.lab.emc.com", # GCRootDomain can be configured when GCLookupEnable is Enabled - #"ActiveDirectory.1.GCRootDomain" = "test" - - # RSA Secure configuration required Datacenter license - #"LDAP.1.RSASecurID2FALDAP":"Enabled", - #"RSASecurID2FA.1.RSASecurIDAccessKey": "●●1", - #"RSASecurID2FA.1.RSASecurIDClientID": "●●1", - #"RSASecurID2FA.1.RSASecurIDAuthenticationServer": "", + #"ActiveDirectory.1.GCRootDomain" = "test" } @@ -266,10 +260,6 @@ resource "redfish_directory_service_auth_provider" "ds_auth" { # "LDAP.1.BindPassword" = "", # "LDAP.1.SearchFilter" = "(objectclass = *)", # - # #"LDAP.1.RSASecurID2FALDAP":"Enabled", - # #"RSASecurID2FA.1.RSASecurIDAccessKey": "●●1", - # #"RSASecurID2FA.1.RSASecurIDClientID": "●●1", - # #"RSASecurID2FA.1.RSASecurIDAuthenticationServer": "", # } } diff --git a/examples/resources/redfish_directory_service_auth_provider/resource.tf b/examples/resources/redfish_directory_service_auth_provider/resource.tf index 99a79046..1d081634 100644 --- a/examples/resources/redfish_directory_service_auth_provider/resource.tf +++ b/examples/resources/redfish_directory_service_auth_provider/resource.tf @@ -92,13 +92,7 @@ resource "redfish_directory_service_auth_provider" "ds_auth" { # "ActiveDirectory.1.GlobalCatalog3" = "yulanadhost11.yulan.pie.lab.emc.com", # GCRootDomain can be configured when GCLookupEnable is Enabled - #"ActiveDirectory.1.GCRootDomain" = "test" - - # RSA Secure configuration required Datacenter license - #"LDAP.1.RSASecurID2FALDAP":"Enabled", - #"RSASecurID2FA.1.RSASecurIDAccessKey": "●●1", - #"RSASecurID2FA.1.RSASecurIDClientID": "●●1", - #"RSASecurID2FA.1.RSASecurIDAuthenticationServer": "", + #"ActiveDirectory.1.GCRootDomain" = "test" } @@ -134,10 +128,6 @@ resource "redfish_directory_service_auth_provider" "ds_auth" { # "LDAP.1.BindPassword" = "", # "LDAP.1.SearchFilter" = "(objectclass = *)", # - # #"LDAP.1.RSASecurID2FALDAP":"Enabled", - # #"RSASecurID2FA.1.RSASecurIDAccessKey": "●●1", - # #"RSASecurID2FA.1.RSASecurIDClientID": "●●1", - # #"RSASecurID2FA.1.RSASecurIDAuthenticationServer": "", # } } \ No newline at end of file diff --git a/redfish/provider/data_source_redfish_directory_service_auth_provider.go b/redfish/provider/data_source_redfish_directory_service_auth_provider.go index 52dc3db4..17c706e3 100644 --- a/redfish/provider/data_source_redfish_directory_service_auth_provider.go +++ b/redfish/provider/data_source_redfish_directory_service_auth_provider.go @@ -169,7 +169,7 @@ func loadActiveDirectoryAttributesState(service *gofish.Service, d *models.Direc } // nolint: gocyclo, gocognit,revive - activeDirectoryAttributes := []string{".CertValidationEnable", ".SSOEnable", ".AuthTimeout", ".DCLookupEnable", ".DCLookupByUserDomain", ".DCLookupDomainName", ".Schema", ".GCLookupEnable", ".GCRootDomain", ".GlobalCatalog1", ".GlobalCatalog2", ".GlobalCatalog3", ".RacName", ".RacDomain", ".RSASecurID2FAAD"} + activeDirectoryAttributes := []string{".CertValidationEnable", ".SSOEnable", ".AuthTimeout", ".DCLookupEnable", ".DCLookupByUserDomain", ".DCLookupDomainName", ".Schema", ".GCLookupEnable", ".GCRootDomain", ".GlobalCatalog1", ".GlobalCatalog2", ".GlobalCatalog3", ".RacName", ".RacDomain" /* , ".RSASecurID2FAAD" */} attributesToReturn := make(map[string]attr.Value) for k, v := range idracAttributesState.Attributes.Elements() { if strings.HasPrefix(k, "ActiveDirectory.") { @@ -180,7 +180,7 @@ func loadActiveDirectoryAttributesState(service *gofish.Service, d *models.Direc } } // nolint: revive - if (strings.HasPrefix(k, "UserDomain.") && strings.HasSuffix(k, ".Name")) || (strings.HasPrefix(k, "ADGroup.") && strings.HasSuffix(k, ".Name")) || (strings.HasPrefix(k, "RSASecurID2FA.") && strings.HasSuffix(k, ".RSASecurIDAuthenticationServer")) { + if (strings.HasPrefix(k, "UserDomain.") && strings.HasSuffix(k, ".Name")) || (strings.HasPrefix(k, "ADGroup.") && strings.HasSuffix(k, ".Name")) /* || (strings.HasPrefix(k, "RSASecurID2FA.") && strings.HasSuffix(k, ".RSASecurIDAuthenticationServer")) */ { attributesToReturn[k] = v } } @@ -196,7 +196,7 @@ func loadLDAPAttributesState(service *gofish.Service, d *models.DirectoryService } // nolint: gocyclo, gocognit,revive - ldapAttributes := []string{".CertValidationEnable", ".GroupAttributeIsDN", ".Port", ".BindDN", ".BindPassword", ".SearchFilter", ".RSASecurID2FALDAP"} + ldapAttributes := []string{".CertValidationEnable", ".GroupAttributeIsDN", ".Port", ".BindDN", ".BindPassword", ".SearchFilter" /* , ".RSASecurID2FALDAP" */} attributesToReturn := make(map[string]attr.Value) for k, v := range idracAttributesState.Attributes.Elements() { if strings.HasPrefix(k, "LDAP.") { @@ -206,9 +206,9 @@ func loadLDAPAttributesState(service *gofish.Service, d *models.DirectoryService } } } - if strings.HasPrefix(k, "RSASecurID2FA.") && strings.HasSuffix(k, ".RSASecurIDAuthenticationServer") { + /* if strings.HasPrefix(k, "RSASecurID2FA.") && strings.HasSuffix(k, ".RSASecurIDAuthenticationServer") { attributesToReturn[k] = v - } + } */ } d.LDAPAttributes = types.MapValueMust(types.StringType, attributesToReturn) diff --git a/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes.go b/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes.go index 887dc950..7386bc9c 100644 --- a/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes.go +++ b/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes.go @@ -20,6 +20,7 @@ package provider import ( "context" "encoding/json" + "errors" "fmt" "io" "slices" @@ -305,6 +306,12 @@ func updateRedfishDellLCAttributes(ctx context.Context, service *gofish.Service, diags.AddError(idracError, err.Error()) return diags } + err = assertLCAttributes(attributesTf, managerAttributeRegistry) + if err != nil { + diags.AddError(fmt.Sprintf("%s: LCAttributes registry from iDRAC does not match input", idracError), err.Error()) + return diags + } + // Set right attributes to patch (values from map are all string. It needs int and string) attributesToPatch, err := setManagerAttributesRightType(attributesTf, managerAttributeRegistry) if err != nil { @@ -454,3 +461,27 @@ func getLCAttributes(attributes []*dell.Attributes) (*dell.Attributes, error) { } return nil, fmt.Errorf("couldn't find LCAttributes") } + +func assertLCAttributes(rawAttributes map[string]string, managerAttributeRegistry *dell.ManagerAttributeRegistry) error { + var err error + // make map of name to ID of attributes + attributes := make(map[string]string) + for _, dellAttr := range managerAttributeRegistry.Attributes { + attributes[dellAttr.AttributeName] = dellAttr.ID + } + + // check if all input attributes are present in registry + // if present, make sure that its ID starts with LifecycleController, ie. it is a LC attribute + for k := range rawAttributes { + attrID, ok := attributes[k] + if !ok { + err = errors.Join(err, fmt.Errorf("couldn't find manager attribute %s", k)) + continue + } + // check if attribute is a system attribute + if !strings.HasPrefix(attrID, "LifecycleController.Embedded.1") { + err = errors.Join(err, fmt.Errorf("attribute %s is not a LCAttributes, its ID is %s", k, attrID)) + } + } + return err +} diff --git a/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes_test.go b/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes_test.go index 78311b79..ef5c208b 100644 --- a/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes_test.go +++ b/redfish/provider/resource_redfish_dell_lifecycle_controller_attributes_test.go @@ -22,6 +22,7 @@ import ( "regexp" "testing" + "github.com/bytedance/mockey" "github.com/hashicorp/terraform-plugin-testing/helper/resource" ) @@ -59,10 +60,58 @@ func TestAccRedfishLCAttributesInvalidAttribute(t *testing.T) { creds), ExpectError: regexp.MustCompile("there was an issue when creating/updating LC attributes"), }, + { + Config: testAccRedfishResourceLCConfigInvalidData( + creds), + ExpectError: regexp.MustCompile("there was an issue when creating/updating LC attributes"), + }, + { + Config: testAccRedfishResourceLCEmptyConfig( + creds), + ExpectError: regexp.MustCompile("there was an issue when creating/updating LC attributes"), + }, }, }) } +func TestAccRedfishLCAttributesInvalidAttribute_mocky(t *testing.T) { + var funcMocker1 *mockey.Mocker + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccRedfishResourceLCAttributesConfig( + creds), + }, + { + PreConfig: func() { + FunctionMocker = mockey.Mock(assertLCAttributes).Return(fmt.Errorf("mock error")).Build() + }, + Config: testAccRedfishResourceLCConfigInvalid(creds), + ExpectError: regexp.MustCompile(`.*mock error*.`), + }, + { + PreConfig: func() { + if FunctionMocker != nil { + FunctionMocker.Release() + funcMocker1 = mockey.Mock(assertLCAttributes).Return(nil).Build() + FunctionMocker = mockey.Mock(setManagerAttributesRightType).Return(nil, fmt.Errorf("mock error")).Build() + } + }, + Config: testAccRedfishResourceLCAttributesTypeInvalid(creds), + ExpectError: regexp.MustCompile(`.*mock error*.`), + }, + }, + }) + if funcMocker1 != nil { + funcMocker1.Release() + } + if FunctionMocker != nil { + FunctionMocker.Release() + } +} + func TestAccRedfishLCAttributesUpdate(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -86,6 +135,47 @@ func TestAccRedfishLCAttributesUpdate(t *testing.T) { }) } +func TestAccRedfishLCAttributesCreateConfigErr(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + PreConfig: func() { + FunctionMocker = mockey.Mock(NewConfig).Return(nil, fmt.Errorf("mock error")).Build() + }, + Config: testAccRedfishResourceLCAttributesConfig(creds), + ExpectError: regexp.MustCompile(`.*mock error*.`), + }, + }, + }) + if FunctionMocker != nil { + FunctionMocker.Release() + } +} + +func TestAccRedfishLCAttributesReadConfigErr(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccRedfishResourceLCAttributesConfig(creds), + }, + { + PreConfig: func() { + FunctionMocker = mockey.Mock(NewConfig).Return(nil, fmt.Errorf("mock error")).Build() + }, + Config: testAccRedfishResourceLCAttributesConfig(creds), + ExpectError: regexp.MustCompile(`.*mock error*.`), + }, + }, + }) + if FunctionMocker != nil { + FunctionMocker.Release() + } +} + func TestAccRedfishLCAttributeImport(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -103,6 +193,29 @@ func TestAccRedfishLCAttributeImport(t *testing.T) { }) } +func TestAccRedfishLCAttributeImportCheck(t *testing.T) { + var lcAttributeResourceName = "redfish_dell_lc_attributes.lc" + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccRedfishResourceLCAttributesConfig(creds), + }, + { + Config: testAccRedfishResourceLCAttributesConfig(creds), + ResourceName: lcAttributeResourceName, + ImportState: true, + ExpectError: nil, + ImportStateId: "{\"username\":\"" + creds.Username + "\",\"password\":\"" + creds.Password + "\",\"endpoint\":\"" + creds.Endpoint + "\",\"attributes\":[\"LCAttributes.1.CollectSystemInventoryOnRestart\",\"LCAttributes.1.IgnoreCertWarning\"],\"ssl_insecure\":true}", + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("redfish_dell_lc_attributes.lc", "attributes.LCAttributes.1.IgnoreCertWarning", "On"), + resource.TestCheckResourceAttr("redfish_dell_lc_attributes.lc", "attributes.LCAttributes.1.CollectSystemInventoryOnRestart", "Disabled"), + ), + }, + }, + }) +} func testAccRedfishResourceLCAttributesConfig(testingInfo TestingServerCredentials) string { return fmt.Sprintf(` resource "redfish_dell_lc_attributes" "lc" { @@ -170,3 +283,66 @@ func testAccRedfishResourceLCConfigInvalid(testingInfo TestingServerCredentials) testingInfo.Endpoint, ) } + +func testAccRedfishResourceLCConfigInvalidData(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_dell_lc_attributes" "lc" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + attributes = { + "LCAttributes.1.CollectSystemInventoryOnRestart" = "Disabled", + "LCAttributes.1.IgnoreCertWarning" = 1, + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + +func testAccRedfishResourceLCEmptyConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_dell_lc_attributes" "lc" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + attributes = { + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + +func testAccRedfishResourceLCAttributesTypeInvalid(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_dell_lc_attributes" "lc" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + attributes = { + "invalid" = 9, + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} diff --git a/redfish/provider/resource_redfish_directory_service_auth_provider.go b/redfish/provider/resource_redfish_directory_service_auth_provider.go index 925393b6..f5b0e0a2 100644 --- a/redfish/provider/resource_redfish_directory_service_auth_provider.go +++ b/redfish/provider/resource_redfish_directory_service_auth_provider.go @@ -343,9 +343,9 @@ func updateActiveDirectory(ctx context.Context, serviceURI string, service *gofi return diags } - if authFactorCheck, diags := isValid2FactorAuth(plan.ActiveDirectoryAttributes); diags.HasError() || !authFactorCheck { + /* if authFactorCheck, diags := isValid2FactorAuth(plan.ActiveDirectoryAttributes); diags.HasError() || !authFactorCheck { return diags - } + } */ patchBody := make(map[string]interface{}) if patchBody[ActiveDirectory], diags = getActiveDirectoryPatchBody(ctx, plan); diags.HasError() { @@ -395,9 +395,9 @@ func updateActiveDirectory(ctx context.Context, serviceURI string, service *gofi // nolint: revive func updateLDAP(ctx context.Context, serviceURI string, service *gofish.Service, plan *models.DirectoryServiceAuthProviderResource) (diags diag.Diagnostics) { - if authFactorCheck, diags := isValid2FactorAuth(plan.LDAPAttributes); diags.HasError() || !authFactorCheck { + /* if authFactorCheck, diags := isValid2FactorAuth(plan.LDAPAttributes); diags.HasError() || !authFactorCheck { return diags - } + } */ patchBody := make(map[string]interface{}) if patchBody["LDAP"], diags = getLDAPPatchBody(ctx, plan); diags.HasError() { diff --git a/redfish/provider/resource_redfish_directory_service_auth_provider_helper.go b/redfish/provider/resource_redfish_directory_service_auth_provider_helper.go index 6d28e859..a064c3e0 100644 --- a/redfish/provider/resource_redfish_directory_service_auth_provider_helper.go +++ b/redfish/provider/resource_redfish_directory_service_auth_provider_helper.go @@ -238,7 +238,7 @@ func getkAttributeskeyValue(attributes types.Map, prefix string, suffix string) return "" } -func isValid2FactorAuth(attributes types.Map) (bool, diag.Diagnostics) { +/* func isValid2FactorAuth(attributes types.Map) (bool, diag.Diagnostics) { var diags diag.Diagnostics // attributes := attrsState.ActiveDirectoryAttributes checkey2FA := checkAttributeskeyPresent(attributes, RSASecurID2FA, "RSASecurIDAccessKey") @@ -257,7 +257,7 @@ func isValid2FactorAuth(attributes types.Map) (bool, diag.Diagnostics) { } return true, diags -} +} */ func isValidAuthTime(prefix string, suffix string, attrsState *models.DirectoryServiceAuthProviderResource) (bool, diag.Diagnostics) { var diags diag.Diagnostics diff --git a/redfish/provider/resource_redfish_directory_service_auth_provider_schema_helper.go b/redfish/provider/resource_redfish_directory_service_auth_provider_schema_helper.go index 8228a7f9..b9696f98 100644 --- a/redfish/provider/resource_redfish_directory_service_auth_provider_schema_helper.go +++ b/redfish/provider/resource_redfish_directory_service_auth_provider_schema_helper.go @@ -375,7 +375,7 @@ func parseActiveDirectoryIntoState(ctx context.Context, acctService *redfish.Acc if state.ActiveDirectoryAttributes.IsNull() || state.ActiveDirectoryAttributes.IsUnknown() { // nolint: gocyclo, gocognit,revive - activeDirectoryAttributes := []string{".CertValidationEnable", ".SSOEnable", ".AuthTimeout", ".DCLookupEnable", ".DCLookupByUserDomain", ".DCLookupDomainName", ".Schema", ".GCLookupEnable", ".GCRootDomain", ".GlobalCatalog1", ".GlobalCatalog2", ".GlobalCatalog3", ".RacName", ".RacDomain", ".RSASecurID2FAAD"} + activeDirectoryAttributes := []string{".CertValidationEnable", ".SSOEnable", ".AuthTimeout", ".DCLookupEnable", ".DCLookupByUserDomain", ".DCLookupDomainName", ".Schema", ".GCLookupEnable", ".GCRootDomain", ".GlobalCatalog1", ".GlobalCatalog2", ".GlobalCatalog3", ".RacName", ".RacDomain" /* , ".RSASecurID2FAAD" */} attributesToReturn := make(map[string]attr.Value) for k, v := range idracAttributesPlan.Attributes.Elements() { @@ -391,9 +391,9 @@ func parseActiveDirectoryIntoState(ctx context.Context, acctService *redfish.Acc attributesToReturn[k] = v } - if strings.HasPrefix(k, "RSASecurID2FA.") && (strings.HasSuffix(k, ".RSASecurIDAuthenticationServer") || strings.HasSuffix(k, ".RSASecurIDAccessKey") || strings.HasSuffix(k, ".RSASecurIDClientID")) { + /* if strings.HasPrefix(k, "RSASecurID2FA.") && (strings.HasSuffix(k, ".RSASecurIDAuthenticationServer") || strings.HasSuffix(k, ".RSASecurIDAccessKey") || strings.HasSuffix(k, ".RSASecurIDClientID")) { attributesToReturn[k] = v - } + }*/ } activeDirAttributes = types.MapValueMust(types.StringType, attributesToReturn) @@ -444,7 +444,7 @@ func parseLDAPIntoState(ctx context.Context, acctService *redfish.AccountService if state.LDAPAttributes.IsNull() || state.LDAPAttributes.IsUnknown() { // nolint: gocyclo, gocognit,revive - ldapAttributes := []string{".CertValidationEnable", ".GroupAttributeIsDN", ".Port", ".BindDN", ".BindPassword", ".SearchFilter", ".RSASecurID2FALDAP"} + ldapAttributes := []string{".CertValidationEnable", ".GroupAttributeIsDN", ".Port", ".BindDN", ".BindPassword", ".SearchFilter" /* , ".RSASecurID2FALDAP" */} attributesToReturn := make(map[string]attr.Value) for k, v := range idracAttributesPlan.Attributes.Elements() { if strings.HasPrefix(k, "LDAP.") { @@ -455,10 +455,10 @@ func parseLDAPIntoState(ctx context.Context, acctService *redfish.AccountService } } - if strings.HasPrefix(k, "RSASecurID2FA.") && (strings.HasSuffix(k, ".RSASecurIDAuthenticationServer") || + /* if strings.HasPrefix(k, "RSASecurID2FA.") && (strings.HasSuffix(k, ".RSASecurIDAuthenticationServer") || strings.HasSuffix(k, ".RSASecurIDAccessKey") || strings.HasSuffix(k, ".RSASecurIDClientID")) { attributesToReturn[k] = v - } + }*/ } ldapDirAttributes = types.MapValueMust(types.StringType, attributesToReturn) } @@ -517,7 +517,7 @@ func getActiveDirectoryPatchBody(ctx context.Context, attrsState *models.Directo if !value.IsUnknown() && !value.IsNull() { goValue, err := convertTerraformValueToGoBasicValue(ctx, value) if err != nil { - tflog.Trace(ctx, fmt.Sprintf("Failed to convert Ethernet value to go value: %s", err.Error())) + tflog.Trace(ctx, fmt.Sprintf("Failed to convert AD directory value to go value: %s", err.Error())) continue } if fieldName, ok := supportedActiveDirectory[key]; ok { @@ -568,7 +568,7 @@ func getActiveDirectoryPatchBody(ctx context.Context, attrsState *models.Directo if !value.IsUnknown() && !value.IsNull() { goValue, err := convertTerraformValueToGoBasicValue(ctx, value) if err != nil { - tflog.Trace(ctx, fmt.Sprintf("Failed to convert VLAN value to go value: %s", err.Error())) + tflog.Trace(ctx, fmt.Sprintf("Failed to convert AD authentication value to go value: %s", err.Error())) continue } if fieldName, ok := supportedAuthentication[key]; ok { @@ -640,7 +640,7 @@ func getLDAPPatchBody(ctx context.Context, attrsState *models.DirectoryServiceAu if !value.IsUnknown() && !value.IsNull() { goValue, err := convertTerraformValueToGoBasicValue(ctx, value) if err != nil { - tflog.Trace(ctx, fmt.Sprintf("Failed to convert Ethernet value to go value: %s", err.Error())) + tflog.Trace(ctx, fmt.Sprintf("Failed to convert LDAP Directory value to go value: %s", err.Error())) continue } if fieldName, ok := supportedLDAP[key]; ok { @@ -660,7 +660,7 @@ func getLDAPPatchBody(ctx context.Context, attrsState *models.DirectoryServiceAu if !value.IsUnknown() && !value.IsNull() { goValue, err := convertTerraformValueToGoBasicValue(ctx, value) if err != nil { - tflog.Trace(ctx, fmt.Sprintf("Failed to convert Ethernet value to go value: %s", err.Error())) + tflog.Trace(ctx, fmt.Sprintf("Failed to convert LDAP SearchSettings value to go value: %s", err.Error())) continue } if fieldName, ok := supportedSearchSetting[key]; ok { diff --git a/redfish/provider/resource_redfish_directory_service_auth_provider_test.go b/redfish/provider/resource_redfish_directory_service_auth_provider_test.go index 4afe5a10..b998ee61 100644 --- a/redfish/provider/resource_redfish_directory_service_auth_provider_test.go +++ b/redfish/provider/resource_redfish_directory_service_auth_provider_test.go @@ -52,6 +52,11 @@ func TestAccRedfishDirectoryServiceAuthProviderBasic(t *testing.T) { resource.TestCheckResourceAttr(terraformDSAuthProviderResourceName, "ldap.directory.service_enabled", "false"), ), }, + { + // error update with both `ActiveDirectory` and `LDAP` + Config: testAccRedfishDirectoryServiceAuthProviderErrorConfig(creds), + ExpectError: regexp.MustCompile("Error when updating both of `ActiveDirectory` and `LDAP`"), + }, { // update with `ActiveDirectory` Config: testAccRedfishDirectoryServiceAuthProviderAD_UpdateConfig(creds), @@ -60,6 +65,13 @@ func TestAccRedfishDirectoryServiceAuthProviderBasic(t *testing.T) { resource.TestCheckResourceAttr(terraformDSAuthProviderResourceName, "active_directory_attributes.ActiveDirectory.1.AuthTimeout", "130"), ), }, + { + // update with `ActiveDirectory` and standard Schema + Config: testAccRedfishDirectoryServiceAuthProviderADWithStandardSchema_UpdateConfig(creds), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr(terraformDSAuthProviderResourceName, "active_directory.directory.service_enabled", "true"), + ), + }, }, }) } @@ -69,14 +81,29 @@ func TestAccRedfishDirectoryServiceAuthProviderInvalidCase(t *testing.T) { PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, Steps: []resource.TestStep{ + { + // error for Active Directory Service + Config: testAccRedfishDirectoryServiceAuthProviderADWithStandardSchema_ServiceErrorConfig(creds), + ExpectError: regexp.MustCompile("Error updating AccountService Details"), + }, + { + // error for LDAP Service + Config: testAccRedfishDirectoryServiceAuthProviderLDAP_ServiceErrorConfig(creds), + ExpectError: regexp.MustCompile("Error updating AccountService Details"), + }, { // error for empty AuthTimeout in ActiveDirectory Config: testAccRedfishDirectoryServiceAuthProviderEmptyAuth(creds), ExpectError: regexp.MustCompile("Invalid AuthTimeout, Please provide all the required configuration"), }, - { // error for Invalid AuthTimeout in ActiveDirectory + Config: testAccRedfishDirectoryServiceAuthProviderInvalidAuthTimeoutString(creds), + ExpectError: regexp.MustCompile("Invalid AuthTimeout"), + }, + + { + // error for Invalid AuthTimeout not in (15,300) in ActiveDirectory Config: testAccRedfishDirectoryServiceAuthProviderInvalidAuth(creds), ExpectError: regexp.MustCompile("Invalid AuthTimeout, AuthTimeout must be between 15 and 300"), }, @@ -122,6 +149,11 @@ func TestAccRedfishDirectoryServiceAuthProviderInvalidCase(t *testing.T) { ExpectError: regexp.MustCompile("DCLookupByUserDomain must be configured for Enabled DCLookUp"), }, + { + // error DCLookupEnable Enabled, DCLookupByUserDomain Disabled and without DCLookupDomainName + Config: testAccRedfishDirectoryServiceAuthProviderWithoutDCLookupDomainNameConfig(creds), + ExpectError: regexp.MustCompile("DCLookupDomainName must be configured for Disabled DCLookupByUserDomain"), + }, { // error DCLookupEnable Enabled, DCLookupByUserDomain Disabled and DCLookupDomainName Empty Config: testAccRedfishDirectoryServiceAuthProviderDCLookupDomainNameEmptyConfig(creds), @@ -133,6 +165,11 @@ func TestAccRedfishDirectoryServiceAuthProviderInvalidCase(t *testing.T) { Config: testAccRedfishDirectoryServiceAuthProviderDCLookupEnableDCLookupDomainNameConfig(creds), ExpectError: regexp.MustCompile("DCLookupDomainName can not be configured for Enabled DCLookupByUserDomain"), }, + { + // error DCLookupEnable Invalid + Config: testAccRedfishDirectoryServiceAuthProviderDCLookupEnableInvalidConfig(creds), + ExpectError: regexp.MustCompile("Invalid configuration for DCLookUp"), + }, }, }) } @@ -198,6 +235,11 @@ func TestAccRedfishDirectoryServiceAuthProviderInvalidSchema_Config(t *testing.T Config: testAccRedfishDirectoryServiceAuthProviderStandardSchemaGCRootConfig(creds), ExpectError: regexp.MustCompile("GCRootDomain can not be configured for Disabled GCLookupEnable"), }, + { + // error Standard Schema and Invalid GCLookup config + Config: testAccRedfishDirectoryServiceAuthProviderStandardSchemaInvalidGCLookUpConfig(creds), + ExpectError: regexp.MustCompile("Invalid configuration for Standard Schema"), + }, }, }) } @@ -231,28 +273,21 @@ func testAccRedfishDirectoryServiceAuthProviderErrorConfig(testingInfo TestingSe active_directory = { directory = { - remote_role_mapping = [ - { - local_role = "Administrator", - remote_group = "xxxx" - } - ], - service_addresses = [ - "yulanadhost11.yulan.pie.lab.emc.com" - ], - service_enabled = true + service_enabled = false + } } active_directory_attributes = { - "ActiveDirectory.1.AuthTimeout"= "120", + "ActiveDirectory.1.AuthTimeout"= "110", "ActiveDirectory.1.CertValidationEnable"= "Enabled", - "ActiveDirectory.1.DCLookupEnable"= "Disabled", + "ActiveDirectory.1.DCLookupEnable"= "Enabled", "ActiveDirectory.1.RacDomain"= "test", "ActiveDirectory.1.RacName"= "test", - "ActiveDirectory.1.SSOEnable"= "Enabled", + "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", - "UserDomain.1.Name"= "yulan.pie.lab.emc.com" + "UserDomain.1.Name"= "yulan1.pie.lab.emc.com", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } ldap = { @@ -266,12 +301,12 @@ func testAccRedfishDirectoryServiceAuthProviderErrorConfig(testingInfo TestingSe service_addresses = [ "yulanadhost12.yulan.pie.lab.emc.com" ], - service_enabled = false + service_enabled = true }, ldap_service = { search_settings = { base_distinguished_names = [ - "dc = yulan,dc = pie,dc = lab,dc = emc,dc = com" + "dc = yulan11,dc = pie,dc = lab,dc = emc,dc = com" ], group_name_attribute = "name", user_name_attribute = "member" @@ -319,7 +354,7 @@ func testAccRedfishDirectoryServiceAuthProviderADConfig(testingInfo TestingServe "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } } `, @@ -377,6 +412,55 @@ func testAccRedfishDirectoryServiceAuthProviderLDAPConfig(testingInfo TestingSer ) } +func testAccRedfishDirectoryServiceAuthProviderLDAP_ServiceErrorConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + ldap = { + directory = { + remote_role_mapping = [ + { + local_role = "Administrator", + remote_group = "cn = idracgroup,cn = users,dc = yulan,dc = pie,dc = lab,dc = emc,dc = com" + } + ], + service_addresses = [ + "yulanadhost12.yulan.pie.lab.emc.com", + "yulanadhost12.yulan.pie.lab.emc.com" + ], + service_enabled = false + }, + ldap_service = { + search_settings = { + base_distinguished_names = [ + "dc = yulan,dc = pie,dc = lab,dc = emc,dc = com" + ], + group_name_attribute = "name", + user_name_attribute = "member" + } + } + } + + ldap_attributes = { + "LDAP.1.GroupAttributeIsDN" = "Enabled" + "LDAP.1.Port" = "636", + "LDAP.1.BindDN" = "cn = adtester,cn = users,dc = yulan,dc = pie,dc = lab,dc = emc,dc = com", + "LDAP.1.BindPassword" = "", + "LDAP.1.SearchFilter" = "(objectclass = *)" + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + func testAccRedfishDirectoryServiceAuthProviderAD_UpdateConfig(testingInfo TestingServerCredentials) string { return fmt.Sprintf(` resource "redfish_directory_service_auth_provider" "ds_auth" { @@ -405,7 +489,111 @@ func testAccRedfishDirectoryServiceAuthProviderAD_UpdateConfig(testingInfo Testi "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + +func testAccRedfishDirectoryServiceAuthProviderADWithStandardSchema_UpdateConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + active_directory = { + directory = { + remote_role_mapping = [ + { + local_role = "Administrator", + remote_group = "xxxx" + }, + { + local_role = "Operator", + remote_group = "abcd" + } + ], + service_addresses = [ + "yulanadhost1.yulan.pie.lab.emc.com", + "yulanadhost.yulan.pie.lab.emc.com", + "yulanadhost2.yulan.pie.lab.emc.com" + ], + service_enabled = true + } + } + + active_directory_attributes = { + "ActiveDirectory.1.AuthTimeout"= "130", + "ActiveDirectory.1.CertValidationEnable"= "Enabled", + "ActiveDirectory.1.DCLookupEnable"= "Disabled", + "ActiveDirectory.1.SSOEnable"= "Disabled", + "ActiveDirectory.1.Schema"= "Standard Schema", + "UserDomain.1.Name"= "yulan.pie.lab.emc.com", + "UserDomain.2.Name"= "yulan2.pie.lab.emc.com", + "UserDomain.3.Name"= "yulan3.pie.lab.emc.com", + #"ActiveDirectory.1.DCLookupByUserDomain"="Enabled", + "ActiveDirectory.1.GCLookupEnable" = "Disabled", + "ActiveDirectory.1.GlobalCatalog1" = "yulanadhost21.yulan.pie.lab.emc.com", + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} +func testAccRedfishDirectoryServiceAuthProviderADWithStandardSchema_ServiceErrorConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + active_directory = { + directory = { + remote_role_mapping = [ + { + local_role = "Administrator", + remote_group = "xxxx" + }, + { + local_role = "Operator", + remote_group = "abcd" + } + ], + service_addresses = [ + "yulanadhost1.yulan.pie.lab.emc.com", + "yulanadhost.yulan.pie.lab.emc.com", + "yulanadhost2.yulan.pie.lab.emc.com", + "yulanadhost2.yulan.pie.lab.emc.com" + ], + service_enabled = true + } + } + + active_directory_attributes = { + "ActiveDirectory.1.AuthTimeout"= "130", + "ActiveDirectory.1.CertValidationEnable"= "Enabled", + "ActiveDirectory.1.DCLookupEnable"= "Disabled", + "ActiveDirectory.1.SSOEnable"= "Disabled", + "ActiveDirectory.1.Schema"= "Standard Schema", + "UserDomain.1.Name"= "yulan.pie.lab.emc.com", + "UserDomain.2.Name"= "yulan2.pie.lab.emc.com", + "UserDomain.3.Name"= "yulan3.pie.lab.emc.com", + #"ActiveDirectory.1.DCLookupByUserDomain"="Enabled", + "ActiveDirectory.1.GCLookupEnable" = "Disabled", + "ActiveDirectory.1.GlobalCatalog1" = "yulanadhost21.yulan.pie.lab.emc.com", } } `, @@ -452,6 +640,45 @@ func testAccRedfishDirectoryServiceAuthProviderEmptyAuth(testingInfo TestingServ ) } +func testAccRedfishDirectoryServiceAuthProviderInvalidAuthTimeoutString(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + active_directory = { + directory = { + + service_addresses = [ + "yulanadhost11.yulan.pie.lab.emc.com" + ], + service_enabled = true + } + } + + active_directory_attributes = { + "ActiveDirectory.1.AuthTimeout"= "Invalid", + "ActiveDirectory.1.CertValidationEnable"= "Enabled", + "ActiveDirectory.1.DCLookupEnable"= "Disabled", + "ActiveDirectory.1.RacDomain"= "test", + "ActiveDirectory.1.RacName"= "test", + "ActiveDirectory.1.SSOEnable"= "Disabled", + "ActiveDirectory.1.Schema"= "Extended Schema", + #"ADGroup.1.Domain" = "yulan.pie.lab.emc.com", + "UserDomain.1.Name"= "yulan.pie.lab.emc.com" + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + func testAccRedfishDirectoryServiceAuthProviderInvalidAuth(testingInfo TestingServerCredentials) string { return fmt.Sprintf(` resource "redfish_directory_service_auth_provider" "ds_auth" { @@ -633,7 +860,7 @@ func testAccRedfishDirectoryServiceAuthProviderDCLookupByUserDomainConfig(testin "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Disabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Disabled", } } `, @@ -674,7 +901,7 @@ func testAccRedfishDirectoryServiceAuthProviderDCLookupDomainNameConfig(testingI "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - #"ActiveDirectory.1.DCLookupByUserDomain":"Disabled", + #"ActiveDirectory.1.DCLookupByUserDomain"="Disabled", "ActiveDirectory.1.DCLookupDomainName"="test", } } @@ -716,7 +943,7 @@ func testAccRedfishDirectoryServiceAuthProviderDDCLookupEnableNoServiceAddConfig "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Disabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Disabled", "ActiveDirectory.1.DCLookupDomainName"="test", } } @@ -765,7 +992,7 @@ func testAccRedfishDirectoryServiceAuthProviderDCLookupByUserDomainEmptyConfig(t ) } -func testAccRedfishDirectoryServiceAuthProviderDCLookupDomainNameEmptyConfig(testingInfo TestingServerCredentials) string { +func testAccRedfishDirectoryServiceAuthProviderWithoutDCLookupDomainNameConfig(testingInfo TestingServerCredentials) string { return fmt.Sprintf(` resource "redfish_directory_service_auth_provider" "ds_auth" { redfish_server { @@ -793,7 +1020,7 @@ func testAccRedfishDirectoryServiceAuthProviderDCLookupDomainNameEmptyConfig(tes "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Disabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Disabled", } } @@ -804,6 +1031,45 @@ func testAccRedfishDirectoryServiceAuthProviderDCLookupDomainNameEmptyConfig(tes ) } +func testAccRedfishDirectoryServiceAuthProviderDCLookupDomainNameEmptyConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + active_directory = { + directory = { + service_enabled = true, + authentication = { + kerberos_key_tab_file = "" + } + } + } + + active_directory_attributes = { + "ActiveDirectory.1.AuthTimeout"= "120", + "ActiveDirectory.1.CertValidationEnable"= "Enabled", + "ActiveDirectory.1.DCLookupEnable"= "Enabled", + "ActiveDirectory.1.RacDomain"= "test", + "ActiveDirectory.1.RacName"= "test", + "ActiveDirectory.1.SSOEnable"= "Disabled", + "ActiveDirectory.1.Schema"= "Extended Schema", + "UserDomain.1.Name"= "yulan.pie.lab.emc.com", + "ActiveDirectory.1.DCLookupByUserDomain"="Disabled", + "ActiveDirectory.1.DCLookupDomainName"="", + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + func testAccRedfishDirectoryServiceAuthProviderDCLookupEnableDCLookupDomainNameConfig(testingInfo TestingServerCredentials) string { return fmt.Sprintf(` resource "redfish_directory_service_auth_provider" "ds_auth" { @@ -832,7 +1098,46 @@ func testAccRedfishDirectoryServiceAuthProviderDCLookupEnableDCLookupDomainNameC "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", + "ActiveDirectory.1.DCLookupDomainName"="test", + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +} + +func testAccRedfishDirectoryServiceAuthProviderDCLookupEnableInvalidConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + active_directory = { + directory = { + service_enabled = true, + authentication = { + kerberos_key_tab_file = "" + } + } + } + + active_directory_attributes = { + "ActiveDirectory.1.AuthTimeout"= "120", + "ActiveDirectory.1.CertValidationEnable"= "Enabled", + "ActiveDirectory.1.DCLookupEnable"= "Invalid", + "ActiveDirectory.1.RacDomain"= "test", + "ActiveDirectory.1.RacName"= "test", + "ActiveDirectory.1.SSOEnable"= "Disabled", + "ActiveDirectory.1.Schema"= "Extended Schema", + "UserDomain.1.Name"= "yulan.pie.lab.emc.com", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ActiveDirectory.1.DCLookupDomainName"="test", } } @@ -869,7 +1174,7 @@ func testAccRedfishDirectoryServiceAuthProviderExtendedNoRacConfig(testingInfo T "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Extended Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } } `, @@ -907,7 +1212,7 @@ func testAccRedfishDirectoryServiceAuthProviderExtendedEmptyRacConfig(testingInf "ActiveDirectory.1.RacDomain"= "", "ActiveDirectory.1.RacName"= "", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } } `, @@ -945,7 +1250,7 @@ func testAccRedfishDirectoryServiceAuthProviderExtendedGCLookUpConfig(testingInf "ActiveDirectory.1.RacDomain"= "test", "ActiveDirectory.1.RacName"= "test", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ActiveDirectory.1.GCLookupEnable" = "Disabled", } } @@ -990,7 +1295,7 @@ func testAccRedfishDirectoryServiceAuthProviderExtendedRemoteRoleConfig(testingI "ActiveDirectory.1.RacDomain"= "test", "ActiveDirectory.1.RacName"= "test", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } } @@ -1029,7 +1334,7 @@ func testAccRedfishDirectoryServiceAuthProviderExtendedADGroupDomainConfig(testi "ActiveDirectory.1.RacDomain"= "test", "ActiveDirectory.1.RacName"= "test", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ADGroup.1.Domain" = "yulan.pie.lab.emc.com", } @@ -1069,7 +1374,7 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaAndRacConfig(testin "ActiveDirectory.1.RacDomain"= "test", "ActiveDirectory.1.RacName"= "test", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } } `, @@ -1105,7 +1410,7 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaNoGCLookUpConfig(te "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Standard Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", } } `, @@ -1141,7 +1446,7 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaNoGCRootConfig(test "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Standard Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ActiveDirectory.1.GCLookupEnable" = "Enabled", } } @@ -1178,7 +1483,7 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaGlobalCatalogConfig "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Standard Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ActiveDirectory.1.GCLookupEnable" = "Enabled", "ActiveDirectory.1.GCRootDomain" = "test", "ActiveDirectory.1.GlobalCatalog1" = "yulanadhost11.yulan.pie.lab.emc.com", @@ -1217,7 +1522,7 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaNoGlobalCatalogConf "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Standard Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ActiveDirectory.1.GCLookupEnable" = "Disabled", "ActiveDirectory.1.GlobalCatalog1" = "", } @@ -1255,7 +1560,7 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaGCRootConfig(testin "ActiveDirectory.1.SSOEnable"= "Disabled", "ActiveDirectory.1.Schema"= "Standard Schema", "UserDomain.1.Name"= "yulan.pie.lab.emc.com", - "ActiveDirectory.1.DCLookupByUserDomain":"Enabled", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", "ActiveDirectory.1.GCLookupEnable" = "Disabled", "ActiveDirectory.1.GCRootDomain" = "test", "ActiveDirectory.1.GlobalCatalog1" = "yulanadhost11.yulan.pie.lab.emc.com", @@ -1267,3 +1572,42 @@ func testAccRedfishDirectoryServiceAuthProviderStandardSchemaGCRootConfig(testin testingInfo.Endpoint, ) } + +func testAccRedfishDirectoryServiceAuthProviderStandardSchemaInvalidGCLookUpConfig(testingInfo TestingServerCredentials) string { + return fmt.Sprintf(` + resource "redfish_directory_service_auth_provider" "ds_auth" { + redfish_server { + user = "%s" + password = "%s" + endpoint = "%s" + ssl_insecure = true + } + + active_directory = { + directory = { + service_enabled = true, + authentication = { + kerberos_key_tab_file = "" + } + } + } + + active_directory_attributes = { + "ActiveDirectory.1.AuthTimeout"= "120", + "ActiveDirectory.1.CertValidationEnable"= "Enabled", + "ActiveDirectory.1.DCLookupEnable"= "Enabled", + "ActiveDirectory.1.SSOEnable"= "Disabled", + "ActiveDirectory.1.Schema"= "Standard Schema", + "UserDomain.1.Name"= "yulan.pie.lab.emc.com", + "ActiveDirectory.1.DCLookupByUserDomain"="Enabled", + "ActiveDirectory.1.GCLookupEnable" = "Invalid", + "ActiveDirectory.1.GCRootDomain" = "test", + "ActiveDirectory.1.GlobalCatalog1" = "yulanadhost11.yulan.pie.lab.emc.com", + } + } + `, + testingInfo.Username, + testingInfo.Password, + testingInfo.Endpoint, + ) +}