HVT-6147: Fix and enable vault acceptance tests (#1218)

* enable vault acceptance tests

* .

* .

* .

* .

* .

* .

* .

* .

* .

* .

* .

* .

* .

* .

* .

* .

* .

* change audit log config

* change audit log config

* removed empty plan

* bug fix for check audit https resrource attr

* .

* adding changelog

Author: chirags101

.changelog/1218.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+Enabling failing HCP Vault Dedicates GHA pipeline tests with fix.
+```

internal/providersdkv2/resource_vault_cluster.go

@@ -1336,55 +1336,55 @@ func flattenObservabilityConfig(config *vaultmodels.HashicorpCloudVault20201125O
 				configMap["cloudwatch_secret_access_key"] = config["cloudwatch_secret_access_key"].(string)
 			}
 		}
+	}
+
+	if elasticsearch := config.Elasticsearch; elasticsearch != nil {
+		configMap["elasticsearch_endpoint"] = elasticsearch.Endpoint
+		configMap["elasticsearch_dataset"] = elasticsearch.Dataset
+		configMap["elasticsearch_user"] = elasticsearch.User
+
+		// Since the API return this sensitive fields as redacted, we don't update it on the config in this situations
+		if elasticsearch.Password != "redacted" {
+			configMap["elasticsearch_password"] = elasticsearch.Password
+		} else {
+			if configParam, ok := d.GetOk(propertyName); ok && len(configParam.([]interface{})) > 0 {
+				config := configParam.([]interface{})[0].(map[string]interface{})
+				configMap["elasticsearch_password"] = config["elasticsearch_password"].(string)
+			}
+		}
+	}
 
-		if elasticsearch := config.Elasticsearch; elasticsearch != nil {
-			configMap["elasticsearch_endpoint"] = elasticsearch.Endpoint
-			configMap["elasticsearch_dataset"] = elasticsearch.Dataset
-			configMap["elasticsearch_user"] = elasticsearch.User
+	if http := config.HTTP; http != nil {
+		configMap["http_headers"] = http.Headers
+		configMap["http_codec"] = http.Codec
+		configMap["http_compression"] = http.Compression
+		configMap["http_method"] = http.Method
+		configMap["http_payload_prefix"] = http.PayloadPrefix
+		configMap["http_payload_suffix"] = http.PayloadSuffix
+		configMap["http_uri"] = http.URI
+
+		if http.Basic != nil {
+			configMap["http_basic_user"] = http.Basic.User
 
 			// Since the API return this sensitive fields as redacted, we don't update it on the config in this situations
-			if elasticsearch.Password != "redacted" {
-				configMap["elasticsearch_password"] = elasticsearch.Password
+			if http.Basic.Password != "redacted" {
+				configMap["http_basic_password"] = http.Basic.Password
 			} else {
 				if configParam, ok := d.GetOk(propertyName); ok && len(configParam.([]interface{})) > 0 {
 					config := configParam.([]interface{})[0].(map[string]interface{})
-					configMap["elasticsearch_password"] = config["elasticsearch_password"].(string)
+					configMap["http_basic_password"] = config["http_basic_password"].(string)
 				}
 			}
 		}
 
-		if http := config.HTTP; http != nil {
-			configMap["http_headers"] = http.Headers
-			configMap["http_codec"] = http.Codec
-			configMap["http_compression"] = http.Compression
-			configMap["http_method"] = http.Method
-			configMap["http_payload_prefix"] = http.PayloadPrefix
-			configMap["http_payload_suffix"] = http.PayloadSuffix
-			configMap["http_uri"] = http.URI
-
-			if http.Basic != nil {
-				configMap["http_basic_user"] = http.Basic.User
-
-				// Since the API return this sensitive fields as redacted, we don't update it on the config in this situations
-				if http.Basic.Password != "redacted" {
-					configMap["http_basic_password"] = http.Basic.Password
-				} else {
-					if configParam, ok := d.GetOk(propertyName); ok && len(configParam.([]interface{})) > 0 {
-						config := configParam.([]interface{})[0].(map[string]interface{})
-						configMap["http_basic_password"] = config["http_basic_password"].(string)
-					}
-				}
-			}
-
-			if http.Bearer != nil {
-				// Since the API return this sensitive fields as redacted, we don't update it on the config in this situations
-				if http.Bearer.Token != "redacted" {
-					configMap["http_bearer_token"] = http.Bearer.Token
-				} else {
-					if configParam, ok := d.GetOk(propertyName); ok && len(configParam.([]interface{})) > 0 {
-						config := configParam.([]interface{})[0].(map[string]interface{})
-						configMap["http_bearer_token"] = config["http_bearer_token"].(string)
-					}
+		if http.Bearer != nil {
+			// Since the API return this sensitive fields as redacted, we don't update it on the config in this situations
+			if http.Bearer.Token != "redacted" {
+				configMap["http_bearer_token"] = http.Bearer.Token
+			} else {
+				if configParam, ok := d.GetOk(propertyName); ok && len(configParam.([]interface{})) > 0 {
+					config := configParam.([]interface{})[0].(map[string]interface{})
+					configMap["http_bearer_token"] = config["http_bearer_token"].(string)
 				}
 			}
 		}

internal/providersdkv2/resource_vault_cluster_perf_replication_test.go

@@ -50,7 +50,6 @@ func setTestAccPerformanceReplicationE2E(t *testing.T, tfCode string, in *inputT
 }
 
 func TestAcc_Vault_PerformanceReplication_ValidationsAws(t *testing.T) {
-	t.Skip("Error:http is not enabled as an observability provider")
 	t.Parallel()
 
 	awsPerfReplicationTestInput := &inputT{
@@ -62,7 +61,7 @@ func TestAcc_Vault_PerformanceReplication_ValidationsAws(t *testing.T) {
 		Region:                   awsRegion,
 		Tier:                     "PLUS_SMALL",
 		UpdateTier1:              "PLUS_MEDIUM",
-		UpdateTier2:              "DEV",
+		UpdateTier2:              "STANDARD_SMALL",
 		Secondary: &inputT{
 			HvnName:                  addTimestampSuffix("test-perf-hvn-2-"),
 			HvnCidr:                  "172.24.16.0/20",
@@ -186,6 +185,7 @@ func performanceReplicationSteps(t *testing.T, in *inputT) []resource.TestStep {
 		},
 		{
 			// add an http audit log provider
+			// enabled LD flag hcpv-observability-http for int env
 			Config: testConfig(setTestAccPerformanceReplicationE2E(t, `
 			resource "hcp_vault_cluster" "c1" {
 				cluster_id      = "{{ .VaultClusterName }}"

internal/providersdkv2/resource_vault_cluster_test.go

@@ -73,8 +73,6 @@ func TestAcc_Vault_ClusterAzure(t *testing.T) {
 // This includes tests against both the resource, the corresponding datasource, and the dependent admin token resource
 // to shorten testing time.
 func TestAcc_Vault_ClusterAWS(t *testing.T) {
-	t.Skip("resource_vault_cluster_test.go:94: Step 7/7 error: Check failed: Check 3/14 error: hcp_vault_cluster.test: Attribute 'public_endpoint' expected 'false', got 'true'")
-
 	awsTestInput := inputT{
 		VaultClusterName:           addTimestampSuffix("test-vault-aws-"),
 		HvnName:                    testAccUniqueNameWithPrefix("vault-hvn-aws"),
@@ -342,10 +340,10 @@ func updateTierNetworkAndRemoveObservability(t *testing.T, in *inputT) resource.
 	newIn.PublicEndpoint = "false"
 	newIn.ProxyEndpoint = "DISABLED"
 	return resource.TestStep{
-		Config: testConfig(setTestAccVaultClusterConfig(t, updatedVaultClusterTierPublicProxyAndMVU, newIn, newIn.UpdateTier2)),
+		Config: testConfig(setTestAccVaultClusterConfig(t, updatedVaultClusterTierPublicProxyAndMVU, newIn, newIn.UpdateTier1)),
 		Check: resource.ComposeTestCheckFunc(
 			testAccCheckVaultClusterExists(in.VaultClusterResourceName),
-			resource.TestCheckResourceAttr(in.VaultClusterResourceName, "tier", in.UpdateTier2),
+			resource.TestCheckResourceAttr(in.VaultClusterResourceName, "tier", in.UpdateTier1),
 			resource.TestCheckResourceAttr(in.VaultClusterResourceName, "public_endpoint", "false"),
 			resource.TestCheckResourceAttr(in.VaultClusterResourceName, "proxy_endpoint", "DISABLED"),
 			resource.TestCheckResourceAttrSet(in.VaultClusterResourceName, "vault_public_endpoint_url"),