Fix cloud_identity_group_membership to properly handle 403 responses

[roaks3]

Re-applying fix from #6999

The previous fix was deemed to be correct, but the tests caused our build to panic on subsequent PRs. As a mitigation, the original PR was reverted: #7032. It appears that this was happening because the test creates a service account out-of-band that is not recorded or replayed in VCR mode. This led to the service account getting created on each replay, but not deleted, and ultimately produced an error that the service account already existed.

The resolution here is simply to skip this test for VCR mode. I was unable to come up with a way to perform this test without the out-of-band service account, and trying to manage that service account during VCR runs became brittle.

If this PR is for Terraform, I acknowledge that I have:

• Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).
• Generated Terraform, and ran make test and make lint to ensure it passes unit and linter tests.
• Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).
• Ran relevant acceptance tests (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).
• Read the Release Notes Guide before writing my release note below.

Release Note Template for Downstream PRs (will be copied)

[modular-magician]

Oops! It looks like you're using an unknown release-note type in your changelog entries:

• REPLACEME

Please only use the types listed in https://github.com/GoogleCloudPlatform/magic-modules/blob/master/.ci/RELEASE_NOTES_GUIDE.md.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 110 insertions(+), 1 deletion(-))
Terraform Beta: Diff ( 3 files changed, 110 insertions(+), 1 deletion(-))
TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2393
Passed tests 2141
Skipped tests: 248
Failed tests: 4

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccDatastreamStream_update|TestAccDatastreamStream_datastreamStreamBasicExample|TestAccDatastreamStream_datastreamStreamFullExample|TestAccContainerCluster_withInvalidGatewayApiConfigChannel

[modular-magician]

Tests passed during RECORDING mode:
TestAccDatastreamStream_update[Debug log]
TestAccDatastreamStream_datastreamStreamBasicExample[Debug log]
TestAccDatastreamStream_datastreamStreamFullExample[Debug log]
TestAccContainerCluster_withInvalidGatewayApiConfigChannel[Debug log]

All tests passed
View the build log or the debug log for each test

[roaks3]

/gcbrun

[modular-magician]

Oops! It looks like you're using an unknown release-note type in your changelog entries:

• REPLACEME

Please only use the types listed in https://github.com/GoogleCloudPlatform/magic-modules/blob/master/.ci/RELEASE_NOTES_GUIDE.md.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 110 insertions(+), 1 deletion(-))
Terraform Beta: Diff ( 3 files changed, 110 insertions(+), 1 deletion(-))
TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))

[modular-magician]

The provider crashed while running the VCR tests in REPLAYING mode
Please fix it to complete your PR
View the build log

[roaks3]

Confirmed crash happened again on second run inside PR. Running again to see if it is consistently reproducible.

[roaks3]

/gcbrun

[modular-magician]

Oops! It looks like you're using an unknown release-note type in your changelog entries:

• REPLACEME

Please only use the types listed in https://github.com/GoogleCloudPlatform/magic-modules/blob/master/.ci/RELEASE_NOTES_GUIDE.md.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 110 insertions(+), 1 deletion(-))
Terraform Beta: Diff ( 3 files changed, 110 insertions(+), 1 deletion(-))
TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))

[modular-magician]

The provider crashed while running the VCR tests in REPLAYING mode
Please fix it to complete your PR
View the build log

[roaks3]

I think I have the issue figured out, but still need to work on a suitable fix. It appears that BootstrapConfig is available outside of test steps to make API calls, but those calls are not recorded or replayed by VCR. Conversely, googleProviderConfig calls are recorded/replayed. So during replay mode, my new test creates a new Service Account using BootstrapConfig, but does not delete it because the delete call uses googleProviderConfig and is replayed. This means that on the second replay, the Service Account already exists and cannot be created again. The use of randString in its name is partially responsible for this, because its value is consistent across subsequent replays.

[modular-magician]

Oops! It looks like you're using an unknown release-note type in your changelog entries:

• REPLACEME

Please only use the types listed in https://github.com/GoogleCloudPlatform/magic-modules/blob/master/.ci/RELEASE_NOTES_GUIDE.md.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 113 insertions(+), 1 deletion(-))
Terraform Beta: Diff ( 3 files changed, 113 insertions(+), 1 deletion(-))
TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2407
Passed tests 2153
Skipped tests: 252
Failed tests: 2

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccFirebaserulesRelease_BasicRelease|TestAccContainerCluster_withInvalidGatewayApiConfigChannel

[modular-magician]

Tests passed during RECORDING mode:
TestAccFirebaserulesRelease_BasicRelease[Debug log]
TestAccContainerCluster_withInvalidGatewayApiConfigChannel[Debug log]

All tests passed
View the build log or the debug log for each test

[roaks3]

@ScottSuarez whenever you get around to this, to you know if I need to re-add the changelog entry? The original change was reverted.

[ScottSuarez]

@ScottSuarez whenever you get around to this, to you know if I need to re-add the changelog entry? The original change was reverted.

We'll have to intervene with whoever is bug on duty to manually remove it from the changelog