Support X509 Federation

[EZIOJQ]

This PR adds support for X.509 federation support on workload identity pool. It fixes hashicorp/terraform-provider-google#18812.

For more details about how this feature works, check out the public doc here https://cloud.google.com/iam/docs/workload-identity-federation-with-x509-certificates

iambeta: added `x509` field to `google_iam_workload_identity_pool_provider ` resource

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

@melinath, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[melinath]

@EZIOJQ This looks good overall. Just wanted to double-check that this field is GA and doesn't require an allowlist? The linked docs say it's in preview and that you need to contact folks to get it enabled - if that's still the case, we shouldn't add it to the provider yet.

[EZIOJQ]

@EZIOJQ This looks good overall. Just wanted to double-check that this field is GA and doesn't require an allowlist? The linked docs say it's in preview and that you need to contact folks to get it enabled - if that's still the case, we shouldn't add it to the provider yet.

This feature will be GA soon, and we will remove the allowlist in next few weeks. We can merge the change after the allowlist is removed

[EZIOJQ]

@melinath, we have this allowlist for half a year now. Are we okay to merge the change given it's long-term allowlist?

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 473 insertions(+), 3 deletions(-))
google-beta provider: Diff ( 7 files changed, 565 insertions(+), 3 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 103 insertions(+))
Open in Cloud Shell: Diff ( 8 files changed, 244 insertions(+))

[modular-magician]

Tests analytics

Total tests: 18
Passed tests: 18
Skipped tests: 0
Affected tests: 0

Click here to see the affected service packages

• iambeta

$\textcolor{green}{\textsf{All tests passed!}}$

View the build log

[melinath]

Since the allowlist is about to come off anyway, I'd rather just wait until it's removed.

[melinath]

after discussion, we've decided to move forward with the allowlist in place. Marking for review

[melinath]

Seems straightforward and the tests are passing.