Added support for in-place update for replication.userManaged.replicas.customerManagedEncryption to google_secret_manager_secret resource

[abheda-crest]

Added support for the in-place update of the replication.userManaged.replicas.customerManagedEncryption to the google_secret_manager_secret resource.
fixes hashicorp/terraform-provider-google#15011

If this PR is for Terraform, I acknowledge that I have:

• Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).
• Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).
• Generated Terraform providers, and ran make test and make lint in the generated providers to ensure it passes unit and linter tests.
• Ran relevant acceptance tests using my own Google Cloud project and credentials (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).
• Read Write release notes before writing my release note below.

Release Note Template for Downstream PRs (will be copied)

secretmanager: supported in-place update for `replication.user_managed.replicas.customer_managed_encryption` field in `google_secret_manager_secret` resource

[modular-magician]

Hello! I am a robot. It looks like you are a: Community Contributor Googler Core Contributor. Tests will require approval to run.

@shuyama1, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 2 files changed, 223 insertions(+), 2 deletions(-))
Terraform Beta: Diff ( 2 files changed, 223 insertions(+), 2 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2988
Passed tests 2688
Skipped tests: 296
Affected tests: 4

Action taken

Found 4 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccSecretManagerSecret_userManagedCmekUpdate|TestAccSecretManagerSecret_annotationsUpdate|TestAccSecretManagerSecret_versionAliasesUpdate|TestAccSpannerDatabaseIamPolicy

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccSecretManagerSecret_userManagedCmekUpdate[Debug log]
TestAccSecretManagerSecret_annotationsUpdate[Debug log]
TestAccSecretManagerSecret_versionAliasesUpdate[Debug log]
TestAccSpannerDatabaseIamPolicy[Debug log]

Rerun these tests in REPLAYING mode to catch issues

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log or the debug log for each test

[shuyama1]

@abheda-crest Thanks for making the change. Quick question: is replication.user_managed.replicas.customer_managed_encryption a mutable subfield of a chain of immutable fields?

[abheda-crest]

@abheda-crest Thanks for making the change. Quick question: is replication.user_managed.replicas.customer_managed_encryption a mutable subfield of a chain of immutable fields?

Yeah. replication.user_managed and replication.user_managed.replicas are immutable fields. Patching the replication.userManaged field to replication.automatic throws an API error 400 Existing secret has user-managed replication, but requested secret does not. Updating secret replication is not supported. Patching the replication.userManaged.replicas field to add an extra replica throws an API error 400 Adding or removing replicas from Secret user-managed replication is not supported. Number of replicas requested: [2], number of existing replicas: [1]. Hence, we can say that replication.user_managed.replicas.customer_managed_encryption is a mutable subfield of a chain of immutable fields.

[abheda-crest]

@shuyama1 Could you please merge this PR?

[shuyama1]

@abheda-crest Thank you for the ping. I'm taking a review now and will merge the PR if no changes needed.

[shuyama1]

LGTM, only some nit-picks. Thanks for adding thorough testing! I've checked the debug logs and confirmed that the resource was update in-place instead of recreated.

[shuyama1]

Suggested change

	replicas {
	replicas {

nit-picks

[abheda-crest]

Thanks for the review! I've added the extra whitespaces.

[shuyama1]

Suggested change

	replicas {
	replicas {

[shuyama1]

Suggested change

	replicas {
	replicas {

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 2 files changed, 223 insertions(+), 2 deletions(-))
Terraform Beta: Diff ( 2 files changed, 223 insertions(+), 2 deletions(-))

[modular-magician]

Tests analytics

Total tests: 3008
Passed tests 2711
Skipped tests: 296
Affected tests: 1

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccSpannerInstanceIamPolicy

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccSpannerInstanceIamPolicy[Debug log]

Rerun these tests in REPLAYING mode to catch issues

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log or the debug log for each test

[shuyama1]

Thank you!