From 2dc02f355a374ab5213d174c0dcc3e88044b1bf6 Mon Sep 17 00:00:00 2001
From: Steven Clark <steven.clark@hashicorp.com>
Date: Tue, 28 May 2024 15:18:40 -0400
Subject: [PATCH] Disable testing of EST authenticator cert_role parameter

 - Workaround not releasing 1.16.3 for the fix within https://github.com/hashicorp/vault-enterprise/pull/5785
   by not setting the cert_role parameter within the cert authenticator definition
---
 vault/resource_pki_secret_backend_config_est_test.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/vault/resource_pki_secret_backend_config_est_test.go b/vault/resource_pki_secret_backend_config_est_test.go
index 4152b9db7..df6bde405 100644
--- a/vault/resource_pki_secret_backend_config_est_test.go
+++ b/vault/resource_pki_secret_backend_config_est_test.go
@@ -96,7 +96,8 @@ func TestAccPKISecretBackendConfigEst_AllFields(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceBackend, consts.FieldAuthenticators+".0.%", "2"),
 					resource.TestCheckResourceAttr(resourceBackend, consts.FieldAuthenticators+".0.cert.%", "2"),
 					resource.TestCheckResourceAttr(resourceBackend, consts.FieldAuthenticators+".0.cert.accessor", "test"),
-					resource.TestCheckResourceAttr(resourceBackend, consts.FieldAuthenticators+".0.cert.cert_role", "a-role"),
+					// @TODO add these back in when Vault 1.16.3 is released (https://github.com/hashicorp/vault-enterprise/pull/5785)
+					// resource.TestCheckResourceAttr(resourceBackend, consts.FieldAuthenticators+".0.cert.cert_role", "a-role"),
 					resource.TestCheckResourceAttr(resourceBackend, consts.FieldAuthenticators+".0.userpass.%", "1"),
 					resource.TestCheckResourceAttr(resourceBackend, consts.FieldAuthenticators+".0.userpass.accessor", "test2"),
 					resource.TestCheckResourceAttr(resourceBackend, consts.FieldEnableSentinelParsing, "true"),
@@ -115,7 +116,8 @@ func TestAccPKISecretBackendConfigEst_AllFields(t *testing.T) {
 					resource.TestCheckResourceAttr(dataName, consts.FieldAuthenticators+".0.%", "2"),
 					resource.TestCheckResourceAttr(dataName, consts.FieldAuthenticators+".0.cert.%", "2"),
 					resource.TestCheckResourceAttr(dataName, consts.FieldAuthenticators+".0.cert.accessor", "test"),
-					resource.TestCheckResourceAttr(dataName, consts.FieldAuthenticators+".0.cert.cert_role", "a-role"),
+					// @TODO add these back in when Vault 1.16.3 is released (https://github.com/hashicorp/vault-enterprise/pull/5785)
+					// resource.TestCheckResourceAttr(dataName, consts.FieldAuthenticators+".0.cert.cert_role", "a-role"),
 					resource.TestCheckResourceAttr(dataName, consts.FieldAuthenticators+".0.userpass.%", "1"),
 					resource.TestCheckResourceAttr(dataName, consts.FieldAuthenticators+".0.userpass.accessor", "test2"),
 					resource.TestCheckResourceAttr(dataName, consts.FieldEnableSentinelParsing, "true"),
@@ -162,7 +164,9 @@ resource "vault_pki_secret_backend_config_est" "test" {
      "test-label-2": format("role:%%s", vault_pki_secret_backend_role.est_role_2.name)
   }
   authenticators { 
-	cert = { "accessor" = "test", "cert_role" = "a-role" } 
+	# @TODO add these back in when Vault 1.16.3 is released (https://github.com/hashicorp/vault-enterprise/pull/5785)
+	# cert = { "accessor" = "test", "cert_role" = "a-role" }
+	cert = { "accessor" = "test", "cert_role" = "" }
 	userpass = { "accessor" = "test2" } 
   }	
   enable_sentinel_parsing = true