add restrictedFields functionality

[ExecutiveOrder6102]

This adds a restricted_fields list to the following resources:

• google_logging_project_bucket_config
• google_logging_folder_bucket_config
• google_logging_organization_bucket_config

Resolves #10142

I've run though the contributing steps, however didn't have access to an organisation so the go tests were skipped when I ran them. However I have tested locally:

resource "google_logging_project_bucket_config" "basic" {
    project    = var.project
    location  = "global"
    retention_days = 30
    bucket_id = "test-logs-bucket"
    restricted_fields = ["jsonPayload.url","jsonPayload.data"]
}

Results in with terraform apply:

Terraform will perform the following actions:

  # google_logging_project_bucket_config.basic will be created
  + resource "google_logging_project_bucket_config" "basic" {
      + bucket_id         = "test-logs-bucket"
      + description       = (known after apply)
      + id                = (known after apply)
      + lifecycle_state   = (known after apply)
      + location          = "global"
      + name              = (known after apply)
      + project           = "sandbox-385820"
      + restricted_fields = [
          + "jsonPayload.url",
          + "jsonPayload.data",
        ]
      + retention_days    = 30
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

google_logging_project_bucket_config.basic: Creating...
google_logging_project_bucket_config.basic: Creation complete after 2s [id=projects/sandbox-385820/locations/global/buckets/test-logs-bucket]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

terraform show

# google_logging_project_bucket_config.basic:
resource "google_logging_project_bucket_config" "basic" {
    bucket_id         = "test-logs-bucket"
    enable_analytics  = false
    id                = "projects/sandbox-385820/locations/global/buckets/test-logs-bucket"
    lifecycle_state   = "ACTIVE"
    location          = "global"
    locked            = false
    name              = "projects/sandbox-385820/locations/global/buckets/test-logs-bucket"
    project           = "sandbox-385820"
    restricted_fields = [
        "jsonPayload.url",
        "jsonPayload.data",
    ]
    retention_days    = 30
}

Verifying that terraform isn't lying with:

LOCATION  BUCKET_ID         RETENTION_DAYS  CMEK  RESTRICTED_FIELDS                        INDEX_CONFIGS  LIFECYCLE_STATE   LOCKED  CREATE_TIME
global    test-logs-bucket  30                    ['jsonPayload.url', 'jsonPayload.data']                 ACTIVE                    2024-08-10T22:19:36.485466430Z  2024-08-10T23:02:08.506788736Z

Let me know if I've missed anything

Release Note Template for Downstream PRs (will be copied)

logging: Added `restricted_fields` to `google_logging_project_bucket_config`, `google_logging_folder_bucket_config`, `google_logging_organization_bucket_config` resources

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

@c2thorn, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[github-actions]

@c2thorn This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.

[github-actions]

@GoogleCloudPlatform/terraform-team @c2thorn This PR has been waiting for review for 1 week. Please take a look! Use the label disable-review-reminders to disable these notifications.

[github-actions]

@GoogleCloudPlatform/terraform-team @c2thorn This PR has been waiting for review for 2 weeks. Please take a look! Use the label disable-review-reminders to disable these notifications.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 113 insertions(+))
google-beta provider: Diff ( 6 files changed, 113 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_logging_billing_account_bucket_config (2 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_logging_billing_account_bucket_config" "primary" {
  restricted_fields = # value needed
}

Resource: google_logging_folder_bucket_config (2 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_logging_folder_bucket_config" "primary" {
  restricted_fields = # value needed
}

Resource: google_logging_organization_bucket_config (4 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_logging_organization_bucket_config" "primary" {
  restricted_fields = # value needed
}

[modular-magician]

Tests analytics

Total tests: 77
Passed tests: 51
Skipped tests: 2
Affected tests: 24

Click here to see the affected service packages

• logging

Action taken

Found 24 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccLoggingBucketConfigBillingAccount_basic
• TestAccLoggingBucketConfigFolder_basic
• TestAccLoggingBucketConfigOrganization_basic
• TestAccLoggingBucketConfigOrganization_indexConfigs
• TestAccLoggingBucketConfigProject_analyticsEnabled
• TestAccLoggingBucketConfigProject_basic
• TestAccLoggingBucketConfigProject_cmekSettings
• TestAccLoggingBucketConfigProject_indexConfigs
• TestAccLoggingBucketConfigProject_restrictedFields
• TestAccLoggingBucketConfig_CreateBuckets_withCustomId
• TestAccLoggingLinkedDataset_loggingLinkedDatasetAllParamsExample
• TestAccLoggingLinkedDataset_loggingLinkedDatasetBasicExample
• TestAccLoggingLogViewIamBindingGenerated
• TestAccLoggingLogViewIamBindingGenerated_withCondition
• TestAccLoggingLogViewIamMemberGenerated
• TestAccLoggingLogViewIamMemberGenerated_withCondition
• TestAccLoggingLogViewIamPolicyGenerated
• TestAccLoggingLogViewIamPolicyGenerated_withCondition
• TestAccLoggingLogView_loggingLogViewBasicExample
• TestAccLoggingLogView_loggingLogViewBasicExampleUpdate
• TestAccLoggingLogView_loggingLogViewLongNameExample
• TestAccLoggingMetric_loggingBucket
• TestAccLoggingMetric_loggingMetricLoggingBucketExample
• TestAccLoggingProjectSink_updatePreservesCustomWriter

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccLoggingBucketConfigBillingAccount_basic[Debug log]
TestAccLoggingBucketConfigOrganization_basic[Debug log]
TestAccLoggingBucketConfigProject_analyticsEnabled[Debug log]
TestAccLoggingBucketConfigProject_basic[Debug log]
TestAccLoggingBucketConfigProject_cmekSettings[Debug log]
TestAccLoggingBucketConfigProject_indexConfigs[Debug log]
TestAccLoggingBucketConfig_CreateBuckets_withCustomId[Debug log]
TestAccLoggingLinkedDataset_loggingLinkedDatasetAllParamsExample[Debug log]
TestAccLoggingLinkedDataset_loggingLinkedDatasetBasicExample[Debug log]
TestAccLoggingLogViewIamBindingGenerated[Debug log]
TestAccLoggingLogViewIamBindingGenerated_withCondition[Debug log]
TestAccLoggingLogViewIamMemberGenerated[Debug log]
TestAccLoggingLogViewIamMemberGenerated_withCondition[Debug log]
TestAccLoggingLogViewIamPolicyGenerated[Debug log]
TestAccLoggingLogViewIamPolicyGenerated_withCondition[Debug log]
TestAccLoggingLogView_loggingLogViewBasicExample[Debug log]
TestAccLoggingLogView_loggingLogViewBasicExampleUpdate[Debug log]
TestAccLoggingLogView_loggingLogViewLongNameExample[Debug log]
TestAccLoggingMetric_loggingBucket[Debug log]
TestAccLoggingMetric_loggingMetricLoggingBucketExample[Debug log]
TestAccLoggingProjectSink_updatePreservesCustomWriter[Debug log]

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{red}{\textsf{Tests failed during RECORDING mode:}}$
TestAccLoggingBucketConfigFolder_basic[Error message] [Debug log]
TestAccLoggingBucketConfigOrganization_indexConfigs[Error message] [Debug log]
TestAccLoggingBucketConfigProject_restrictedFields[Error message] [Debug log]

$\textcolor{red}{\textsf{Errors occurred during RECORDING mode. Please fix them to complete your PR.}}$

View the build log or the debug log for each test

[github-actions]

@ExecutiveOrder6102, this PR is waiting for action from you. Please address any comments or change requests, or re-request review from a core reviewer if no action is required.

If no action is taken, this PR will be closed in 28 days.

This notification can be disabled with the disable-automatic-closure label.

[github-actions]

@ExecutiveOrder6102, this PR is waiting for action from you. Please address any comments or change requests, or re-request review from a core reviewer if no action is required.

If no action is taken, this PR will be closed in 14 days.

This notification can be disabled with the disable-automatic-closure label.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 225 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 6 files changed, 225 insertions(+), 1 deletion(-))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_logging_billing_account_bucket_config (2 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_logging_billing_account_bucket_config" "primary" {
  restricted_fields = # value needed
}

Resource: google_logging_folder_bucket_config (2 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_logging_folder_bucket_config" "primary" {
  restricted_fields = # value needed
}

[modular-magician]

Tests analytics

Total tests: 0
Passed tests: 0
Skipped tests: 0
Affected tests: 0

Click here to see the affected service packages

• logging

#### Non-exercised tests

Tests were added that are skipped in VCR:

• TestAccLoggingBucketConfigOrganization_restrictedFields
• TestAccLoggingBucketConfigProject_restrictedFields
  🔴 Errors occurred during REPLAYING mode. Please fix them to complete your PR.

View the build log

[c2thorn]

Looks like several build errors:

# github.com/hashicorp/terraform-provider-google-beta/google-beta/services/logging_test [github.com/hashicorp/terraform-provider-google-beta/google-beta/services/logging.test]
google-beta/services/logging/resource_logging_bucket_config_test.go:236:13: testAccLoggingBucketConfigBillingAccount_restrictedFields(context, "jsonPayload") (no value) used as value
google-beta/services/logging/resource_logging_bucket_config_test.go:236:80: too many arguments in call to testAccLoggingBucketConfigBillingAccount_restrictedFields
	have (map[string]interface{}, string)
	want (*"testing".T)
google-beta/services/logging/resource_logging_bucket_config_test.go:245:13: testAccLoggingBucketConfigBillingAccount_restrictedFields(context, "jsonPayload.url") (no value) used as value
google-beta/services/logging/resource_logging_bucket_config_test.go:245:80: too many arguments in call to testAccLoggingBucketConfigBillingAccount_restrictedFields
	have (map[string]interface{}, string)
	want (*"testing".T)
google-beta/services/logging/resource_logging_bucket_config_test.go:271:78: cannot use "jsonPayload" (untyped string constant) as int value in argument to testAccLoggingBucketConfigOrganization_restrictedFields
google-beta/services/logging/resource_logging_bucket_config_test.go:280:78: cannot use "jsonPayload.url" (untyped string constant) as int value in argument to testAccLoggingBucketConfigOrganization_restrictedFields
google-beta/services/logging/resource_logging_bucket_config_test.go:561:6: testAccLoggingBucketConfigBillingAccount_restrictedFields redeclared in this block
	google-beta/services/logging/resource_logging_bucket_config_test.go:221:6: other declaration of testAccLoggingBucketConfigBillingAccount_restrictedFields

[c2thorn]

randomly reassigning for upcoming out of office

[zli82016]

Build errors need to be fixed.

[github-actions]

@ExecutiveOrder6102, this PR is waiting for action from you. If no action is taken, this PR will be closed in 28 days.

Please address any comments or change requests, or re-request review from a core reviewer if no action is required.

This notification can be disabled with the disable-automatic-closure label.

[github-actions]

@ExecutiveOrder6102, this PR is waiting for action from you. If no action is taken, this PR will be closed in 14 days.

Please address any comments or change requests, or re-request review from a core reviewer if no action is required.

This notification can be disabled with the disable-automatic-closure label.