Revise LDAP tests to pass with OpenLDAP server (#1959)

ksamoray · web-flow · commit 3f7588b22e6a · 2026-02-03T19:22:38.000+02:00
Signed-off-by: Kobi Samoray &lt;kobi.samoray@broadcom.com&gt;
diff --git a/nsxt/resource_nsxt_policy_ldap_identity_source_test.go b/nsxt/resource_nsxt_policy_ldap_identity_source_test.go
@@ -24,15 +24,14 @@ var accTestPolicyLdapIdentitySourceUpdateAttributes = map[string]string{
 
 func TestAccResourceNsxtPolicyLdapIdentitySource_basic(t *testing.T) {
 	testResourceName := "nsxt_policy_ldap_identity_source.test"
-	ldapType := activeDirectoryType
+	ldapType := openLdapType
 
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() {
 			testAccPreCheck(t)
-			testAccEnvDefined(t, "NSXT_TEST_LDAP_USER")
-			testAccEnvDefined(t, "NSXT_TEST_LDAP_PASSWORD")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_ADMIN_USER")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_ADMIN_PASSWORD")
 			testAccEnvDefined(t, "NSXT_TEST_LDAP_URL")
-			testAccEnvDefined(t, "NSXT_TEST_LDAP_CERT")
 			testAccEnvDefined(t, "NSXT_TEST_LDAP_DOMAIN")
 			testAccEnvDefined(t, "NSXT_TEST_LDAP_BASE_DN")
 			testAccOnlyLocalManager(t)
@@ -44,19 +43,18 @@ func TestAccResourceNsxtPolicyLdapIdentitySource_basic(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: testAccNsxtPolicyLdapIdentitySourceCreate(
-					ldapType, getTestLdapDomain(), getTestLdapBaseDN(), getTestLdapUser(), getTestLdapPassword(),
-					getTestLdapURL(), getTestLdapCert()),
+					ldapType, getTestLdapDomain(), getTestLdapBaseDN(), getTestLdapAdminUser(), getTestLdapAdminPassword(), getTestLdapURL()),
 				Check: resource.ComposeTestCheckFunc(
 					testAccNsxtPolicyLdapIdentitySourceExists(accTestPolicyLdapIdentitySourceCreateAttributes["nsx_id"], testResourceName),
 					resource.TestCheckResourceAttr(testResourceName, "description", accTestPolicyLdapIdentitySourceCreateAttributes["description"]),
 					resource.TestCheckResourceAttr(testResourceName, "type", ldapType),
 					resource.TestCheckResourceAttr(testResourceName, "domain_name", getTestLdapDomain()),
 					resource.TestCheckResourceAttr(testResourceName, "base_dn", getTestLdapBaseDN()),
 					resource.TestCheckResourceAttr(testResourceName, "ldap_server.#", "1"),
-					resource.TestCheckResourceAttr(testResourceName, "ldap_server.0.bind_identity", getTestLdapUser()),
-					resource.TestCheckResourceAttr(testResourceName, "ldap_server.0.password", getTestLdapPassword()),
+					resource.TestCheckResourceAttr(testResourceName, "ldap_server.0.bind_identity", getTestLdapAdminUser()),
+					resource.TestCheckResourceAttr(testResourceName, "ldap_server.0.password", getTestLdapAdminPassword()),
 					resource.TestCheckResourceAttr(testResourceName, "ldap_server.0.url", getTestLdapURL()),
-					resource.TestCheckResourceAttr(testResourceName, "ldap_server.0.certificates.#", "1"),
+					//resource.TestCheckResourceAttr(testResourceName, "ldap_server.0.certificates.#", "1"),
 					resource.TestCheckResourceAttr(testResourceName, "tag.#", "1"),
 
 					resource.TestCheckResourceAttr(testResourceName, "nsx_id", accTestPolicyLdapIdentitySourceCreateAttributes["nsx_id"]),
@@ -65,19 +63,17 @@ func TestAccResourceNsxtPolicyLdapIdentitySource_basic(t *testing.T) {
 			},
 			{
 				Config: testAccNsxtPolicyLdapIdentitySourceUpdate(
-					ldapType, getTestLdapDomain(), getTestLdapBaseDN(), getTestLdapUser(), getTestLdapPassword(),
-					getTestLdapURL(), getTestLdapCert()),
+					ldapType, getTestLdapDomain(), getTestLdapBaseDN(), getTestLdapAdminUser(), getTestLdapAdminPassword(), getTestLdapURL()),
 				Check: resource.ComposeTestCheckFunc(
 					testAccNsxtPolicyLdapIdentitySourceExists(accTestPolicyLdapIdentitySourceUpdateAttributes["nsx_id"], testResourceName),
 					resource.TestCheckResourceAttr(testResourceName, "description", accTestPolicyLdapIdentitySourceUpdateAttributes["description"]),
 					resource.TestCheckResourceAttr(testResourceName, "type", ldapType),
 					resource.TestCheckResourceAttr(testResourceName, "domain_name", getTestLdapDomain()),
 					resource.TestCheckResourceAttr(testResourceName, "base_dn", getTestLdapBaseDN()),
 					resource.TestCheckResourceAttr(testResourceName, "ldap_server.#", "1"),
-					resource.TestCheckResourceAttr(testResourceName, "ldap_server.0.bind_identity", getTestLdapUser()),
-					resource.TestCheckResourceAttr(testResourceName, "ldap_server.0.password", getTestLdapPassword()),
+					resource.TestCheckResourceAttr(testResourceName, "ldap_server.0.bind_identity", getTestLdapAdminUser()),
+					resource.TestCheckResourceAttr(testResourceName, "ldap_server.0.password", getTestLdapAdminPassword()),
 					resource.TestCheckResourceAttr(testResourceName, "ldap_server.0.url", getTestLdapURL()),
-					resource.TestCheckResourceAttr(testResourceName, "ldap_server.0.certificates.#", "1"),
 					resource.TestCheckResourceAttr(testResourceName, "tag.#", "0"),
 
 					resource.TestCheckResourceAttrSet(testResourceName, "revision"),
@@ -94,10 +90,9 @@ func TestAccResourceNsxtPolicyLdapIdentitySource_import_basic(t *testing.T) {
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() {
 			testAccPreCheck(t)
-			testAccEnvDefined(t, "NSXT_TEST_LDAP_USER")
-			testAccEnvDefined(t, "NSXT_TEST_LDAP_PASSWORD")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_ADMIN_USER")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_ADMIN_PASSWORD")
 			testAccEnvDefined(t, "NSXT_TEST_LDAP_URL")
-			testAccEnvDefined(t, "NSXT_TEST_LDAP_CERT")
 			testAccEnvDefined(t, "NSXT_TEST_LDAP_DOMAIN")
 			testAccEnvDefined(t, "NSXT_TEST_LDAP_BASE_DN")
 			testAccOnlyLocalManager(t)
@@ -109,8 +104,7 @@ func TestAccResourceNsxtPolicyLdapIdentitySource_import_basic(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: testAccNsxtPolicyLdapIdentitySourceCreate(
-					ldapType, getTestLdapDomain(), getTestLdapBaseDN(), getTestLdapUser(), getTestLdapPassword(),
-					getTestLdapURL(), getTestLdapCert()),
+					ldapType, getTestLdapDomain(), getTestLdapBaseDN(), getTestLdapAdminUser(), getTestLdapAdminPassword(), getTestLdapURL()),
 			},
 			{
 				ResourceName:            testResourceName,
@@ -169,7 +163,7 @@ func testAccNsxtPolicyLdapIdentitySourceCheckDestroy(state *terraform.State, dis
 	return nil
 }
 
-func testAccNsxtPolicyLdapIdentitySourceCreate(serverType, domainName, baseDn, bindUser, bindPwd, url, cert string) string {
+func testAccNsxtPolicyLdapIdentitySourceCreate(serverType, domainName, baseDn, bindUser, bindPwd, url string) string {
 	attrMap := accTestPolicyLdapIdentitySourceCreateAttributes
 	return fmt.Sprintf(`
 resource "nsxt_policy_ldap_identity_source" "test" {
@@ -183,22 +177,16 @@ resource "nsxt_policy_ldap_identity_source" "test" {
     bind_identity = "%s"
     password      = "%s"
     url           = "%s"
-    certificates = [
-      <<-EOT
-%s
-            EOT
-      ,
-    ]
   }
 
   tag {
     scope = "scope1"
     tag   = "tag1"
   }
-}`, attrMap["nsx_id"], attrMap["description"], serverType, domainName, baseDn, bindUser, bindPwd, url, cert)
+}`, attrMap["nsx_id"], attrMap["description"], serverType, domainName, baseDn, bindUser, bindPwd, url)
 }
 
-func testAccNsxtPolicyLdapIdentitySourceUpdate(serverType, domainName, baseDn, bindUser, bindPwd, url, cert string) string {
+func testAccNsxtPolicyLdapIdentitySourceUpdate(serverType, domainName, baseDn, bindUser, bindPwd, url string) string {
 	attrMap := accTestPolicyLdapIdentitySourceUpdateAttributes
 	return fmt.Sprintf(`
 resource "nsxt_policy_ldap_identity_source" "test" {
@@ -212,12 +200,6 @@ resource "nsxt_policy_ldap_identity_source" "test" {
     bind_identity = "%s"
     password      = "%s"
     url           = "%s"
-    certificates = [
-      <<-EOT
-%s
-            EOT
-      ,
-    ]
   }
-}`, attrMap["nsx_id"], attrMap["description"], serverType, domainName, baseDn, bindUser, bindPwd, url, cert)
+}`, attrMap["nsx_id"], attrMap["description"], serverType, domainName, baseDn, bindUser, bindPwd, url)
 }
diff --git a/nsxt/resource_nsxt_policy_role_binding.go b/nsxt/resource_nsxt_policy_role_binding.go
@@ -66,6 +66,7 @@ func resourceNsxtPolicyUserManagementRoleBinding() *schema.Resource {
 				Type:        schema.TypeString,
 				Description: "ID of the external identity source",
 				Optional:    true,
+				Computed:    true,
 			},
 			"identity_source_type": {
 				Type:         schema.TypeString,
diff --git a/nsxt/resource_nsxt_policy_role_binding_test.go b/nsxt/resource_nsxt_policy_role_binding_test.go
@@ -33,6 +33,11 @@ func TestAccResourceNsxtPolicyRoleBinding_basic(t *testing.T) {
 		PreCheck: func() {
 			testAccPreCheck(t)
 			testAccEnvDefined(t, "NSXT_TEST_LDAP_USER")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_ADMIN_USER")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_ADMIN_PASSWORD")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_URL")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_DOMAIN")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_BASE_DN")
 			testAccOnlyLocalManager(t)
 		},
 		Providers: testAccProviders,
@@ -41,7 +46,7 @@ func TestAccResourceNsxtPolicyRoleBinding_basic(t *testing.T) {
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: testAccNsxtPolicyRoleBindingCreate(getTestLdapUser(), userType, identType, "false", ""),
+				Config: testAccNsxtPolicyRoleBindingLdapCreate(getTestLdapUser(), userType, identType),
 				Check: resource.ComposeTestCheckFunc(
 					testAccNsxtPolicyRoleBindingExists(accTestPolicyRoleBindingCreateAttributes["display_name"], testResourceName),
 					resource.TestCheckResourceAttr(testResourceName, "display_name", accTestPolicyRoleBindingCreateAttributes["display_name"]),
@@ -61,7 +66,7 @@ func TestAccResourceNsxtPolicyRoleBinding_basic(t *testing.T) {
 				),
 			},
 			{
-				Config: testAccNsxtPolicyRoleBindingUpdate(getTestLdapUser(), userType, identType, "false", ""),
+				Config: testAccNsxtPolicyRoleBindingLdapUpdate(getTestLdapUser(), userType, identType),
 				Check: resource.ComposeTestCheckFunc(
 					testAccNsxtPolicyRoleBindingExists(accTestPolicyRoleBindingUpdateAttributes["display_name"], testResourceName),
 					resource.TestCheckResourceAttr(testResourceName, "display_name", accTestPolicyRoleBindingUpdateAttributes["display_name"]),
@@ -145,6 +150,11 @@ func TestAccResourceNsxtPolicyRoleBinding_import_basic(t *testing.T) {
 		PreCheck: func() {
 			testAccPreCheck(t)
 			testAccEnvDefined(t, "NSXT_TEST_LDAP_USER")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_ADMIN_USER")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_ADMIN_PASSWORD")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_URL")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_DOMAIN")
+			testAccEnvDefined(t, "NSXT_TEST_LDAP_BASE_DN")
 			testAccOnlyLocalManager(t)
 			testAccNSXVersion(t, "4.0.0")
 		},
@@ -154,12 +164,13 @@ func TestAccResourceNsxtPolicyRoleBinding_import_basic(t *testing.T) {
 		},
 		Steps: []resource.TestStep{
 			{
-				Config: testAccNsxtPolicyRoleBindingCreate(getTestLdapUser(), userType, identType, "false", ""),
+				Config: testAccNsxtPolicyRoleBindingLdapCreate(getTestLdapUser(), userType, identType),
 			},
 			{
-				ResourceName:      testResourceName,
-				ImportState:       true,
-				ImportStateVerify: true,
+				ResourceName:            testResourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"overwrite_local_user"},
 			},
 		},
 	})
@@ -216,6 +227,26 @@ func testAccNsxtPolicyRoleBindingCheckDestroy(state *terraform.State, displayNam
 	return nil
 }
 
+func testAccNsxtPolicyRoleBindingLdapCreate(user, userType, identType string) string {
+	return testAccNsxtPolicyLdapIdentitySourceCreate(
+		openLdapType,
+		getTestLdapDomain(),
+		getTestLdapBaseDN(),
+		getTestLdapAdminUser(),
+		getTestLdapAdminPassword(),
+		getTestLdapURL()) + testAccNsxtPolicyRoleBindingCreate(user, userType, identType, "false", "nsxt_policy_ldap_identity_source.test")
+}
+
+func testAccNsxtPolicyRoleBindingLdapUpdate(user, userType, identType string) string {
+	return testAccNsxtPolicyLdapIdentitySourceCreate(
+		openLdapType,
+		getTestLdapDomain(),
+		getTestLdapBaseDN(),
+		getTestLdapAdminUser(),
+		getTestLdapAdminPassword(),
+		getTestLdapURL()) + testAccNsxtPolicyRoleBindingUpdate(user, userType, identType, "false", "nsxt_policy_ldap_identity_source.test")
+}
+
 func testAccNsxtPolicyRoleBindingLocalOverwrite(user string) string {
 	return fmt.Sprintf("%s\n%s", testAccNodeUserCreate(user),
 		testAccNsxtPolicyRoleBindingCreate(
diff --git a/nsxt/utils_test.go b/nsxt/utils_test.go
@@ -208,16 +208,16 @@ func getTestLdapUser() string {
 	return os.Getenv("NSXT_TEST_LDAP_USER")
 }
 
-func getTestLdapPassword() string {
-	return os.Getenv("NSXT_TEST_LDAP_PASSWORD")
+func getTestLdapAdminUser() string {
+	return os.Getenv("NSXT_TEST_LDAP_ADMIN_USER")
 }
 
-func getTestLdapURL() string {
-	return os.Getenv("NSXT_TEST_LDAP_URL")
+func getTestLdapAdminPassword() string {
+	return os.Getenv("NSXT_TEST_LDAP_ADMIN_PASSWORD")
 }
 
-func getTestLdapCert() string {
-	return os.Getenv("NSXT_TEST_LDAP_CERT")
+func getTestLdapURL() string {
+	return os.Getenv("NSXT_TEST_LDAP_URL")
 }
 
 func getTestLdapDomain() string {

Original file line number	Diff line number	Diff line change
`@@ -208,16 +208,16 @@ func getTestLdapUser() string {`
`208`	`208`	`return os.Getenv("NSXT_TEST_LDAP_USER")`
`209`	`209`	`}`
`210`	`210`
`211`		`-func getTestLdapPassword() string {`
`212`		`- return os.Getenv("NSXT_TEST_LDAP_PASSWORD")`
	`211`	`+func getTestLdapAdminUser() string {`
	`212`	`+ return os.Getenv("NSXT_TEST_LDAP_ADMIN_USER")`
`213`	`213`	`}`
`214`	`214`
`215`		`-func getTestLdapURL() string {`
`216`		`- return os.Getenv("NSXT_TEST_LDAP_URL")`
	`215`	`+func getTestLdapAdminPassword() string {`
	`216`	`+ return os.Getenv("NSXT_TEST_LDAP_ADMIN_PASSWORD")`
`217`	`217`	`}`
`218`	`218`
`219`		`-func getTestLdapCert() string {`
`220`		`- return os.Getenv("NSXT_TEST_LDAP_CERT")`
	`219`	`+func getTestLdapURL() string {`
	`220`	`+ return os.Getenv("NSXT_TEST_LDAP_URL")`
`221`	`221`	`}`
`222`	`222`
`223`	`223`	`func getTestLdapDomain() string {`