make pemCertificate sensitive (#7114) (#13505)

* make pemCertificate sensitive

* make pemPrivateKey sensitive

* remove sensitive on selfManaged.pemCertificate and selfManaged

Co-authored-by: Edward Sun <[email protected]>
Signed-off-by: Modular Magician <[email protected]>

Signed-off-by: Modular Magician <[email protected]>
Co-authored-by: Edward Sun <[email protected]>

Author: modular-magician

.changelog/7114.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+certificatemanager: removed incorrect indication that the `self_managed` field in `google_certificate_manager_certificate` was treated as sensitive, and marked `self_managed.pem_private_key` as sensitive
+```

google/resource_certificate_manager_certificate.go

@@ -206,6 +206,7 @@ Leaf certificate comes first, followed by intermediate ones if any.`,
 							Type:         schema.TypeString,
 							Optional:     true,
 							Description:  `The private key of the leaf certificate in PEM-encoded form.`,
+							Sensitive:    true,
 							ExactlyOneOf: []string{"self_managed.0.private_key_pem", "self_managed.0.pem_private_key"},
 						},
 						"private_key_pem": {
@@ -218,7 +219,6 @@ Leaf certificate comes first, followed by intermediate ones if any.`,
 						},
 					},
 				},
-				Sensitive:    true,
 				ExactlyOneOf: []string{"self_managed", "managed"},
 			},
 			"project": {

website/docs/r/certificate_manager_certificate.html.markdown

@@ -24,7 +24,7 @@ Certificate represents a HTTP-reachable backend for a Certificate.
 
 
 
-~> **Warning:** All arguments including `self_managed`, `self_managed.certificate_pem`, and `self_managed.private_key_pem` will be stored in the raw
+~> **Warning:** All arguments including `self_managed.certificate_pem`, `self_managed.private_key_pem`, and `self_managed.pem_private_key` will be stored in the raw
 state as plain-text. [Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data).
 
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
@@ -84,7 +84,6 @@ The following arguments are supported:
   Certificate data for a SelfManaged Certificate.
   SelfManaged Certificates are uploaded by the user. Updating such
   certificates before they expire remains the user's responsibility.
-  **Note**: This property is sensitive and will not be displayed in the plan.
   Structure is [documented below](#nested_self_managed).
 
 * `managed` -
@@ -119,6 +118,7 @@ The following arguments are supported:
 * `pem_private_key` -
   (Optional)
   The private key of the leaf certificate in PEM-encoded form.
+  **Note**: This property is sensitive and will not be displayed in the plan.
 
 <a name="nested_managed"></a>The `managed` block supports: