Allow brand new setup for google_developer_connect_connection

[rainshen49]

Release Note Template for Downstream PRs (will be copied)

See Write release notes for guidance.

developerconnect: added support for setting up a brand new `google_developer_connect_connection`

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 1 file changed, 53 insertions(+), 6 deletions(-))
google-beta provider: Diff ( 3 files changed, 129 insertions(+), 11 deletions(-))

[modular-magician]

Tests analytics

Total tests: 4
Passed tests: 2
Skipped tests: 0
Affected tests: 2

Click here to see the affected service packages

• developerconnect

Action taken

Found 2 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccDeveloperConnectConnection_developerConnectConnectionExistingCredentialsExample
• TestAccDeveloperConnectConnection_developerConnectConnectionNewExample

Get to know how VCR tests work

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccDeveloperConnectConnection_developerConnectConnectionExistingCredentialsExample [Debug log]
TestAccDeveloperConnectConnection_developerConnectConnectionNewExample [Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

---

🟢 All tests passed!

View the build log or the debug log for each test

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

@BBBmau, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[rainshen49]

@jimmygns

[BBBmau]

My only concern is the inclusion of default_from_api: true on these two properties. What is the reason for this?

[rainshen49]

Sure, this requires some product knowledge, but let me try to explain. default_from_api: true means if the user leave it unspecified, Terraforms defers to the server provided value instead of sending an empty value that wipes out the server side value. This option is designed for fields whose value can be both server-provided and user-supplied. Consider a typical config to set up a connection

resource "google_developer_connect_connection" "default" {
  ...

  github_config {
    github_app = "FIREBASE"
    # Note the unspecified authorizer_credentials field
  }
}

output "next_steps" {
  description = "Follow the action_uri if present to continue setup"
  value = google_developer_connect_connection.default.installation_state
}

1. Run terraform apply, and the output will provide a URL for the user to visit for an OAuth flow
2. After the OAuth flow, authorizer_credentials is populated on the server side, but the Terraform configuration doesn't know about it
3. If the user runs terraform apply again on the same config, without default_from_api, terraform will detect a diff and accidentally wipe out the authorizer_credentials
4. The correct behavior is that terraform will refresh to capture the authorizer_credentials populated outside of Terraform, and doesn't complain about a diff.
5. If the user wants to use another authorizer_credentials, they can do so and Terraform will send the new value to the server

[BBBmau]

Thanks for the explanation, this is all I needed!