feature: ephemeral write-only support

[modular-magician]

This PR adds support for Write-Only attributes with the release of TF 1.11

It includes the following attributes:

• EphemeralWriteOnly: add password_wo field to google_sql_user magic-modules#13011
• EphemeralWriteOnly: add secretAccessKeyWo magic-modules#12967
• EphemeralWriteOnly: add secret_data_wo in google_secret_version magic-modules#12800

Some PRs that were necessary to support Write-Only attributes:

• add raw_resource_config_validation for validation.PreferWriteOnlyAttribute support magic-modules#13048
• mmv1: add hashicorp/gocty/cty in resource.go.tmpl magic-modules#12974
• EphemeralWriteOnly: Initial support for MMv1 Generation in schema & docs magic-modules#12550

Release Note Template for Downstream PRs (will be copied)

See Write release notes for guidance.

sql: added `password_wo` and `password_wo_version` fields to `google_sql_user` resource

bigquerydatatransfer: added `secret_access_key_wo` write-only field to `google_bigquery_data_transfer_config` resource

secretmanager: added `secret_version_wo` write-only field to `google_secret_version` resource

Derived from GoogleCloudPlatform/magic-modules#13135

[gemini-code-assist]

Hello @modular-magician, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

This pull request introduces support for Write-Only attributes, aligning with the release of TF 1.11. It incorporates changes from several related pull requests to fully enable this functionality. The primary changes involve updating dependencies in go.mod and go.sum, and modifying bigquerydatatransfer_config.go and secretmanager_secret_version.go to handle write-only parameters.

Highlights

• Write-Only Attribute Support: Adds support for Write-Only attributes, enhancing security by allowing sensitive data to be written without being read back.
• Dependency Updates: Updates go.mod and go.sum to use a newer version of terraform-provider-google-beta.
• Resource Configuration Changes: Modifies bigquerydatatransfer_config.go to include secret_access_key_wo in the list of sensitive write-only parameters.
• Secret Manager Update: Updates secretmanager_secret_version.go to handle secret data transformations.

Changelog

• go.mod
  • Updates the version of github.com/hashicorp/terraform-provider-google-beta from v1.20.1-0.20250225231703-bbeb677e071b to v1.20.1-0.20250226195310-fa1ce6257484.
• go.sum
  • Updates the checksum for github.com/hashicorp/terraform-provider-google-beta to match the new version v1.20.1-0.20250226195310-fa1ce6257484.
• tfplan2cai/converters/google/resources/services/bigquerydatatransfer/bigquerydatatransfer_config.go
  • Adds secret_access_key_wo to the sensitiveWoParams list, marking it as a sensitive write-only parameter.
• tfplan2cai/converters/google/resources/services/secretmanager/secretmanager_secret_version.go
  • Minor formatting change to remove an empty line.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

Did you know?

The concept of write-only attributes is similar to the 'fire and forget' principle in distributed systems, where a message is sent without expecting or needing a response.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The changes in this pull request are well-structured and address the intended functionality. The addition of write-only attribute support is a significant enhancement. The code is generally clear and easy to follow. I've provided a few suggestions for minor improvements.

Summary of Findings

• Variable naming consistency: In bigquerydatatransfer_config.go, there's a variable named sensitiveParams. It would be more consistent to name the new variable sensitiveWoParams to sensitiveWriteOnlyParams for clarity.

Assessment

The pull request introduces support for Write-Only attributes, which is a valuable addition. The changes are relatively small and focused. I've provided some minor feedback to improve code clarity and consistency. Please address these comments and ensure that the changes are thoroughly tested before merging. As always, ensure that others review and approve this code before merging.

[gemini-code-assist]

Consider renaming this variable to sensitiveWriteOnlyParams for better clarity and consistency with the concept of write-only attributes. This would improve readability and make the code's intent more explicit.

Suggested change

	var sensitiveWoParams = []string{"secret_access_key_wo"}
	var sensitiveWriteOnlyParams = []string{"secret_access_key_wo"}