Allow LDAP and JWT/OIDC Auth Backends and Consul Secret Engine resources to be Local

[mbillow]

This upgrades the LDAP and JWT/OIDC auth backend resources from the deprecated Sys.EnableAuth API to Sys.EnableAuthWithOptions. This also allows both of these resources to be defined as local mounts when created. I also added an option for making the Consul Secret Engine local as well and just added it to it's MountInput struct.

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Release note for CHANGELOG:

- `resource/ldap_auth_backend`: Allow the creation of `local` mounts.
- `resource/jwt_auth_backend`: Allow the creation of `local` mounts.
- `resource/consul_secret_backend`: Allow the creation of `local` mounts.

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccJWTAuthBackend'
...
=== RUN   TestAccJWTAuthBackendRole_import
--- PASS: TestAccJWTAuthBackendRole_import (0.42s)
=== RUN   TestAccJWTAuthBackendRole_basic
--- PASS: TestAccJWTAuthBackendRole_basic (0.32s)
=== RUN   TestAccJWTAuthBackendRole_update
--- PASS: TestAccJWTAuthBackendRole_update (0.54s)
=== RUN   TestAccJWTAuthBackendRole_full
--- PASS: TestAccJWTAuthBackendRole_full (0.32s)
=== RUN   TestAccJWTAuthBackendRoleOIDC_full
--- PASS: TestAccJWTAuthBackendRoleOIDC_full (2.44s)
=== RUN   TestAccJWTAuthBackendRole_fullUpdate
--- PASS: TestAccJWTAuthBackendRole_fullUpdate (0.58s)
=== RUN   TestAccJWTAuthBackendRole_fullDeprecated
--- PASS: TestAccJWTAuthBackendRole_fullDeprecated (0.54s)
=== RUN   TestAccJWTAuthBackend
--- PASS: TestAccJWTAuthBackend (1.25s)
=== RUN   TestAccJWTAuthBackend_OIDC
--- PASS: TestAccJWTAuthBackend_OIDC (0.36s)
=== RUN   TestAccJWTAuthBackend_OIDC_Provider_ConfigAzure
--- PASS: TestAccJWTAuthBackend_OIDC_Provider_ConfigAzure (0.40s)
=== RUN   TestAccJWTAuthBackend_OIDC_Provider_ConfigGSuite
    resource_jwt_auth_backend_test.go:118: JWT_SERVICE_ACCOUNT_PATH not set
--- SKIP: TestAccJWTAuthBackend_OIDC_Provider_ConfigGSuite (0.00s)
=== RUN   TestAccJWTAuthBackend_negative
--- PASS: TestAccJWTAuthBackend_negative (0.04s)
=== RUN   TestAccJWTAuthBackend_missingMandatory
--- PASS: TestAccJWTAuthBackend_missingMandatory (0.88s)
PASS
ok      github.com/hashicorp/terraform-provider-vault/vault     9.209s

Note: It doesn't look like there are any acceptance tests for the LDAP Auth backend resource.

[tomhjp]

Thanks for the contribution, looking good! I know it's repetitive, but just a few comments requesting slightly more test coverage please!

[mbillow]

@tomhjp Added the tests you requested. Let me know if there is anything else you need before merging! 😃

[tomhjp]

Thanks for adding those tests, I missed a bug in the previous review, but otherwise this looks good!

[hashicorp-cla]

All committers have signed the CLA.

[tomhjp]

Thank! Looks great, I also just made a tiny whitespace fix to avoid an extra round trip :)

[tomhjp]

Test failures are unrelated to the changes, and instead caused by some tests that should have been skipped without the required secrets available. Fixed in #1161.