Add support for regional secret version resource google_secret_manager_regional_secret_version

[abheda-crest]

Add support for new regional secret version resource google_secret_manager_regional_secret_version.
More info about regional secrets: https://cloud.google.com/secret-manager/docs/regional-secrets-overview

A point to be noted is that while importing the google_secret_manager_regional_secret_version resources having the is_secret_data_base64 field set to true, the secret_data is decoded from the base64-encoded string received from API. It is potentially due to condition in the flattener for payload (which is in place for the sake of is_secret_data_base64 field to work). It seems the import is working fine when the is_secret_data_base64 is not provided or set to false. While doing a terraform import, there is no way to determine if the resource to be imported requires decoding of base64 response.
References: hashicorp/terraform-provider-google#10129 & #8873

Release Note Template for Downstream PRs (will be copied)

`google_secret_manager_regional_secret_version`

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

@shuyama1, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[gptSanyam]

Having a location parameter here doesn't make sense, we are already taking secret as a parameter.
Just like other params (secret_id, project) location should also be inferred from the secret param.

[abheda-crest]

The base_url as seen in the Product.yaml contains {{location}} parameter which is replaced using the ReplaceVars function before making any API call. For this, we require the location field to be set in the terraform state. Hence, we have kept the location parameter as computed. We infer the location field using the pre_create and pre_read custom code and override the url to include the information about the location parameter in the base_url.

[gptSanyam]

What happens if a customer puts a value of location while creating secret version which is different from the one defined in secret?
We will override in pre_create and pre_read and the request goes to a different endpoint.
Such request with difference in location should ideally be rejected at the least. Can we introduce such a check if not done already?

[abheda-crest]

Customer won't be able to provide the location field as it is output only field from terraform side (i.e. Computed field). We will infer the location based on the regional secret resource reference.

[gptSanyam]

Aah! missed the output = True bit.
Thanks for clarification.

[gptSanyam]

Why is the pre-create needed?
It was not there in the SecretVersion: https://github.com/gptSanyam/magic-modules/blob/main/mmv1/products/secretmanager/SecretVersion.yaml#L60

[abheda-crest]

We infer the location field from the secret field using the pre_create and pre_read custom code and override the url to include the information about the location parameter in the base_url.

[gptSanyam]

Understood.

[gptSanyam]

Where is this function defined?

[abheda-crest]

This function is defined in the custom_expand custom code for the enabled field as we need to explicitly make the enable/disable call based on the value of the enabled field.

[gptSanyam]

Why do we need the additional location check in most custom methods?

[abheda-crest]

As mentioned above, we need the location field for the base_url of the regional APIs hence we do it for pre_create, pre_read and custom_import functionalities.

[gptSanyam]

Understood. Thanks.

[gptSanyam]

LGTM

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 1273 insertions(+), 2 deletions(-))
google-beta provider: Diff ( 6 files changed, 1273 insertions(+), 2 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 136 insertions(+))
Open in Cloud Shell: Diff ( 20 files changed, 554 insertions(+))

[modular-magician]

Tests analytics

Total tests: 34
Passed tests: 24
Skipped tests: 2
Affected tests: 8

Click here to see the affected service packages

• secretmanagerregional

Action taken

Found 8 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccSecretManagerRegionalRegionalSecretVersion_cmekOutputOnly
• TestAccSecretManagerRegionalRegionalSecretVersion_import
• TestAccSecretManagerRegionalRegionalSecretVersion_regionalSecretVersionBasicExample
• TestAccSecretManagerRegionalRegionalSecretVersion_regionalSecretVersionDeletionPolicyAbandonExample
• TestAccSecretManagerRegionalRegionalSecretVersion_regionalSecretVersionDeletionPolicyDisableExample
• TestAccSecretManagerRegionalRegionalSecretVersion_regionalSecretVersionDisabledExample
• TestAccSecretManagerRegionalRegionalSecretVersion_regionalSecretVersionWithBase64DataExample
• TestAccSecretManagerRegionalRegionalSecretVersion_update

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccSecretManagerRegionalRegionalSecretVersion_cmekOutputOnly[Debug log]
TestAccSecretManagerRegionalRegionalSecretVersion_import[Debug log]
TestAccSecretManagerRegionalRegionalSecretVersion_regionalSecretVersionBasicExample[Debug log]
TestAccSecretManagerRegionalRegionalSecretVersion_regionalSecretVersionDeletionPolicyAbandonExample[Debug log]
TestAccSecretManagerRegionalRegionalSecretVersion_regionalSecretVersionDeletionPolicyDisableExample[Debug log]
TestAccSecretManagerRegionalRegionalSecretVersion_regionalSecretVersionDisabledExample[Debug log]
TestAccSecretManagerRegionalRegionalSecretVersion_regionalSecretVersionWithBase64DataExample[Debug log]
TestAccSecretManagerRegionalRegionalSecretVersion_update[Debug log]

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{green}{\textsf{All tests passed!}}$

View the build log or the debug log for each test

[shuyama1]

This is a regional version of google_secret_manager_secret_version. Overall looks good to me. I only have a small question regarding a test case. Thanks!

[shuyama1]

Out of curiosity, why do we need this test specifically, I don't see it's different from the first step of TestAccSecretManagerRegionalRegionalSecretVersion_update

[abheda-crest]

I included this test case to maintain consistency with the other resources and to test a basic import scenario. However, I understand your point about the redundancy, so I've decided to remove this test case.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 1249 insertions(+), 2 deletions(-))
google-beta provider: Diff ( 6 files changed, 1249 insertions(+), 2 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 136 insertions(+))
Open in Cloud Shell: Diff ( 20 files changed, 554 insertions(+))

[modular-magician]

Tests analytics

Total tests: 34
Passed tests: 32
Skipped tests: 2
Affected tests: 0

Click here to see the affected service packages

• secretmanagerregional

$\textcolor{green}{\textsf{All tests passed!}}$

View the build log

[shuyama1]

Thank you!