chore: do not show sensitive certificate details in Terraform cmd out…

[feng-zhe]

Mark some certificate-related information as sensitive so that they wouldn't be shown in the Terraform cmd output like terraform destroy.

Release Note Template for Downstream PRs (will be copied)

sql: update `replica_configuration`, `ca_cert`, and `server_ca_cert` fields to be flagged sensitive in `google_sql_instance` and `google_sql_ssl_cert` resources

[modular-magician]

Hello! I am a robot. It looks like you are a: Community Contributor Googler Core Contributor. Tests will run automatically.

@NickElliot, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 2 files changed, 8 insertions(+), 2 deletions(-))
Terraform Beta: Diff ( 2 files changed, 8 insertions(+), 2 deletions(-))

[modular-magician]

Tests analytics

Total tests: 3310
Passed tests 2973
Skipped tests: 336
Affected tests: 1

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccDataprocClusterIamPolicy

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccDataprocClusterIamPolicy[Debug log]

Rerun these tests in REPLAYING mode to catch issues

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 2 files changed, 7 insertions(+), 3 deletions(-))
Terraform Beta: Diff ( 3 files changed, 12 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 92
Passed tests 78
Skipped tests: 14
Affected tests: 0

Click here to see the affected service packages

• sql

$\textcolor{green}{\textsf{All tests passed in REPLAYING mode.}}$
View the build log

[feng-zhe]

Gentle ping. Thanks.

[NickElliot]

marked a couple needed changes for this implementation

[NickElliot]

The individual sub fields that specifically contain the encrypted data should be flagged sensitive for this update, not the entire list object

[feng-zhe]

Thanks, Nick. Unfortunately this is a limitation of TF for these nested messages. Please see hashicorp/terraform-plugin-sdk#201. So I have to mark the whole message as sensitive.

I've tested the version which only marks the sensitive fields in the nested message. TF failed to hide them

[NickElliot]

ditto here

[feng-zhe]

Thanks, Nick. Unfortunately this is a limitation of TF for these nested messages. Please see this issue. So I have to mark the whole message as sensitive.

I've tested the version which only marks the sensitive fields in the nested message. TF failed to hide them.

[feng-zhe]

Friendly ping. Thanks.

[NickElliot]

LGTM then!