Fix invalid credential error handling in authentication process

.changes/v3.9.0/962-bug-fixes.md

@@ -0,0 +1 @@
+* Fix a bug, that would not return an error while authenticating with invalid password [GH-962]

go.mod

@@ -59,3 +59,5 @@ require (
 	google.golang.org/grpc v1.50.1 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 )
+
+replace github.com/vmware/go-vcloud-director/v2 => github.com/Didainius/go-vcloud-director/v2 v2.17.0-alpha.2.0.20230116121629-0ada5c702d80

go.sum

@@ -1,6 +1,8 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/Didainius/go-vcloud-director/v2 v2.17.0-alpha.2.0.20230116121629-0ada5c702d80 h1:w1tS7/cW6iS7f3j0Vx4Ycnk9Ds6c5Jy1YX/6S3dCwTk=
+github.com/Didainius/go-vcloud-director/v2 v2.17.0-alpha.2.0.20230116121629-0ada5c702d80/go.mod h1:QPxGFgrUcSyzy9IlpwDE4UNT3tsOy2047tJOPEJ4nlw=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk=
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
@@ -178,8 +180,6 @@ github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvC
 github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
 github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY=
 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
-github.com/vmware/go-vcloud-director/v2 v2.19.0 h1:A9p95VLn50dm7JbXqg5q+VmQxu3RxoMH6OD5ZeLK9EQ=
-github.com/vmware/go-vcloud-director/v2 v2.19.0/go.mod h1:QPxGFgrUcSyzy9IlpwDE4UNT3tsOy2047tJOPEJ4nlw=
 github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI=
 github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
 github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=

vcd/auth_test.go

@@ -5,6 +5,7 @@ package vcd
 
 import (
 	"os"
+	"regexp"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
@@ -47,10 +48,11 @@ func TestAccAuth(t *testing.T) {
 	}()
 
 	type authTestCase struct {
-		name       string
-		configText string
-		skip       bool // To make subtests always show names
-		skipReason string
+		name        string
+		configText  string
+		skip        bool // To make subtests always show names
+		skipReason  string
+		expectError *regexp.Regexp
 	}
 	type authTests []authTestCase
 
@@ -73,6 +75,24 @@ func TestAccAuth(t *testing.T) {
 	  `,
 	})
 
+	testCases = append(testCases, authTestCase{
+		name:        "InvalidSystemUserAndPasswordWithDefaultOrgAndVdc",
+		skip:        testConfig.Provider.UseSamlAdfs,
+		skipReason:  "testConfig.Provider.UseSamlAdfs must be false",
+		expectError: regexp.MustCompile("401"),
+		configText: `
+			provider "vcd" {
+				user                 = "` + testConfig.Provider.User + `"
+				password             = "INVALID-PASSWORD"
+				sysorg               = "` + testConfig.Provider.SysOrg + `" 
+				org                  = "` + testConfig.VCD.Org + `"
+				vdc                  = "` + testConfig.VCD.Vdc + `"
+				url                  = "` + testConfig.Provider.Url + `"
+				allow_unverified_ssl = true
+			}
+	  `,
+	})
+
 	testCases = append(testCases, authTestCase{
 		name:       "SystemUserAndPasswordWithDefaultOrg",
 		skip:       testConfig.Provider.UseSamlAdfs,
@@ -105,6 +125,41 @@ func TestAccAuth(t *testing.T) {
 			}
 	  `,
 	})
+	testCases = append(testCases, authTestCase{
+		name:        "InvalidPassword,AuthType=integrated",
+		skip:        testConfig.Provider.UseSamlAdfs,
+		skipReason:  "testConfig.Provider.UseSamlAdfs must be false",
+		expectError: regexp.MustCompile("401"),
+		configText: `
+			provider "vcd" {
+				user                 = "` + testConfig.Provider.User + `"
+				password             = "INVALID-PASSWORD"
+				auth_type            = "integrated"
+				sysorg               = "` + testConfig.Provider.SysOrg + `" 
+				org                  = "` + testConfig.VCD.Org + `"
+				url                  = "` + testConfig.Provider.Url + `"
+				allow_unverified_ssl = true
+			}
+	  `,
+	})
+
+	testCases = append(testCases, authTestCase{
+		name:        "InvalidSystemUserAndPassword,AuthType=integrated",
+		skip:        testConfig.Provider.UseSamlAdfs,
+		skipReason:  "testConfig.Provider.UseSamlAdfs must be false",
+		expectError: regexp.MustCompile("401"),
+		configText: `
+			provider "vcd" {
+				user                 = "INVALID-USER"
+				password             = "INVALID-PASSWORD"
+				auth_type            = "integrated"
+				sysorg               = "` + testConfig.Provider.SysOrg + `" 
+				org                  = "` + testConfig.VCD.Org + `"
+				url                  = "` + testConfig.Provider.Url + `"
+				allow_unverified_ssl = true
+			}
+	  `,
+	})
 
 	testCases = append(testCases, authTestCase{
 		name:       "SamlSystemUserAndPassword,AuthType=saml_adfs",
@@ -257,7 +312,7 @@ func TestAccAuth(t *testing.T) {
 			if test.skip {
 				t.Skip("Skipping: " + test.skipReason)
 			}
-			runAuthTest(t, test.configText)
+			runAuthTest(t, test.configText, test.expectError)
 		})
 	}
 
@@ -266,7 +321,7 @@ func TestAccAuth(t *testing.T) {
 	postTestChecks(t)
 }
 
-func runAuthTest(t *testing.T, configText string) {
+func runAuthTest(t *testing.T, configText string, expectError *regexp.Regexp) {
 
 	dataSource := `
 	data "vcd_org" "auth" {
@@ -278,7 +333,8 @@ func runAuthTest(t *testing.T, configText string) {
 		ProviderFactories: testAccProviders,
 		Steps: []resource.TestStep{
 			{
-				Config: configText + dataSource,
+				ExpectError: expectError,
+				Config:      configText + dataSource,
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet("data.vcd_org.auth", "id"),
 				),