chore(e2e): Ensure ldap is ready (#6736) (#6742)

* fix(e2e): Modify ldap cleanup step

* chore(e2e): Parallelize dependency download

# Conflicts:
#	.github/workflows/enos-run.yml

* chore(e2e): Ensure ldap is ready

(cherry picked from commit c94e386f18)

# Conflicts:
#	.github/workflows/enos-run.yml
#	testing/internal/e2e/tests/base_with_vault/credential_library_vault_ldap_test.go

Co-authored-by: Michael Li <michael.li@hashicorp.com>

enos/enos-scenario-e2e-docker-base-plus.hcl

@@ -105,6 +105,7 @@ scenario "e2e_docker_base_plus" {
     module = module.test_e2e_docker
     depends_on = [
       step.create_boundary,
+      step.create_ldap_server,
     ]
     variables {
       test_package              = "github.com/hashicorp/boundary/testing/internal/e2e/tests/base_plus"

enos/enos-scenario-e2e-docker-base-with-vault.hcl

@@ -130,6 +130,7 @@ scenario "e2e_docker_base_with_vault" {
       step.create_boundary,
       step.create_vault,
       step.create_host,
+      step.create_ldap_server,
     ]
     variables {
       test_package             = "github.com/hashicorp/boundary/testing/internal/e2e/tests/base_with_vault"

enos/modules/docker_ldap/main.tf

@@ -98,6 +98,32 @@ resource "enos_local_exec" "create_ldap_group" {
   inline = ["docker exec ${var.container_name} ldapadd -x -H ldap://localhost -D \"${local.admin_dn}\" -w ${local.admin_password} -f /tmp/ldap/group.ldif"]
 }
 
+resource "enos_local_exec" "wait_for_user_entry" {
+  depends_on = [
+    enos_local_exec.create_ldap_user,
+  ]
+
+  inline = [
+    # First verify the user is discoverable the same way Boundary authenticates it.
+    "timeout 20s bash -c 'until docker exec ${var.container_name} ldapsearch -x -H ldap://localhost -D \"${local.admin_dn}\" -w ${local.admin_password} -b \"${local.domain_dn}\" \"(uid=${local.user_name})\" | grep \"numEntries: 1\"; do sleep 2; done'",
+    # Then verify the exact seeded DN exists for Vault static-role operations.
+    "timeout 20s bash -c 'until docker exec ${var.container_name} ldapsearch -x -H ldap://localhost -D \"${local.admin_dn}\" -w ${local.admin_password} -b \"cn=${local.user_name},${local.domain_dn}\" -s base \"(objectClass=*)\" | grep \"numEntries: 1\"; do sleep 2; done'",
+    # Finally verify we can bind as the user using the seeded DN shape.
+    "timeout 20s bash -c 'until docker exec ${var.container_name} ldapwhoami -x -H ldap://localhost -D \"cn=${local.user_name},${local.domain_dn}\" -w ${local.user_password}; do sleep 2; done'"
+  ]
+}
+
+resource "enos_local_exec" "wait_for_group_entry" {
+  depends_on = [
+    enos_local_exec.create_ldap_group,
+  ]
+
+  inline = [
+    # Verify that the group is discoverable
+    "timeout 20s bash -c 'until docker exec ${var.container_name} ldapsearch -x -H ldap://localhost -D \"${local.admin_dn}\" -w ${local.admin_password} -b \"${local.domain_dn}\" \"(cn=${local.group_name})\" | grep \"numEntries: 1\"; do sleep 2; done'"
+  ]
+}
+
 output "address" {
   value = "ldap://${var.container_name}"
 }

testing/internal/e2e/tests/base_with_vault/credential_library_vault_ldap_test.go

@@ -84,10 +84,12 @@ func TestApiVaultLdapCredentialLibrary(t *testing.T) {
 		)
 		require.NoError(t, output.Err, string(output.Stderr))
 
-		output = e2e.RunCommand(context.Background(), "vault",
-			e2e.WithArgs("policy", "delete", ldapPolicyName),
-		)
-		require.NoError(t, output.Err, string(output.Stderr))
+		if ldapPolicyName != "" {
+			output = e2e.RunCommand(context.Background(), "vault",
+				e2e.WithArgs("policy", "delete", ldapPolicyName),
+			)
+			require.NoError(t, output.Err, string(output.Stderr))
+		}
 	})
 	require.NoError(t, err)