Add an optional provider level label "goog-terraform-provisioned"

[SirGitsalot]

The intention of this change is to make it easy to identify GCP resources that are managed by Terraform when using other clients like Cloud Console. Overall, this builds on and behaves much the same as provider default labels from #8670, but instead of free form labels it adds a single specific structured label, goog-terraform-provisioned = "true" when enabled. That is:

provider "google" {
  skip_terraform_attribution_label = false
}

Is roughly equivalent to:

provider "google" {
  default_labels = {
    goog-terraform-provisioned = "true"
  }
}

The change is documented in provider_reference.html.markdown. In short, this is a no-op change for users that do not opt in to the feature. For users that do opt in (by setting skip_terraform_attribution_label = false in the provider configuration), there are two modes of operation configured with the optional terraform_attribution_label_addition_strategy field:

• CREATION_ONLY The goog-terraform-provisioned label will only be added to newly created resources. This is the default value.
• PROACTIVE The label will be added to all resources during subsequent terraform apply runs.

Tests are included for a handful of resources, including MMv1, DCL, and handwritten resources.

I'm creating this as a draft PR to gather early feedback (and because as I'm writing this description I thought of some tests changes to make 🤔)

Release Note Template for Downstream PRs (will be copied)

provider: added an optional provider level label `goog-terraform-provisioned` to identify resources that were created by Terraform when viewing/editing these resources in other tools.

[modular-magician]

Hello! I am a robot. It looks like you are a: Community Contributor Googler Core Contributor. Tests will run automatically.

@trodge, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 12 files changed, 1384 insertions(+), 30 deletions(-))
Terraform Beta: Diff ( 13 files changed, 1562 insertions(+), 30 deletions(-))

[modular-magician]

Tests analytics

Total tests: 3362
Passed tests 3006
Skipped tests: 349
Affected tests: 7

Click here to see the affected service packages

all service packages are affected

Action taken

Found 7 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccCloudRunV2Service_cloudrunv2ServiceAttributionLabel|TestAccComputeAddress_withAttributionRemoved|TestAccComputeAddress_withProactiveAttributionSetOnUpdate|TestAccComputeAddress_withProactiveAttribution|TestAccComputeAddress_withCreationOnlyAttribution|TestAccComputeAddress_withCreationOnlyAttributionSetOnUpdate|TestAccDataSourceGoogleServiceAccountAccessToken_basic

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccCloudRunV2Service_cloudrunv2ServiceAttributionLabel[Debug log]
TestAccComputeAddress_withProactiveAttribution[Debug log]
TestAccComputeAddress_withCreationOnlyAttribution[Debug log]
TestAccComputeAddress_withCreationOnlyAttributionSetOnUpdate[Debug log]
TestAccDataSourceGoogleServiceAccountAccessToken_basic[Debug log]

Rerun these tests in REPLAYING mode to catch issues

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{red}{\textsf{Tests failed during RECORDING mode:}}$
TestAccComputeAddress_withAttributionRemoved[Error message] [Debug log]
TestAccComputeAddress_withProactiveAttributionSetOnUpdate[Error message] [Debug log]

$\textcolor{red}{\textsf{Please fix these to complete your PR.}}$
View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 12 files changed, 1411 insertions(+), 30 deletions(-))
Terraform Beta: Diff ( 13 files changed, 1589 insertions(+), 30 deletions(-))

[modular-magician]

Tests analytics

Total tests: 3366
Passed tests 3014
Skipped tests: 348
Affected tests: 4

Click here to see the affected service packages

all service packages are affected

Action taken

Found 4 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccClouddeployTarget_withCreationOnlyAttribution|TestAccCloudRunService_withCreationOnlyAttribution|TestAccComputeInstance_creationOnlyAttributionLabel|TestAccComputeDisk_attributionLabelOnCreation

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccClouddeployTarget_withCreationOnlyAttribution[Debug log]
TestAccCloudRunService_withCreationOnlyAttribution[Debug log]
TestAccComputeInstance_creationOnlyAttributionLabel[Debug log]
TestAccComputeDisk_attributionLabelOnCreation[Debug log]

Rerun these tests in REPLAYING mode to catch issues

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log or the debug log for each test

[zli82016]

LGTM.

[zli82016]

Do we recommend the users to use CREATION_ONLY for immutable resources? If use PROACTIVE, the terraform plan is not empty when upgrading the provider and setting terraform_attribution_label_addition_strategy to PROACTIVE. This is a corner case.

[zli82016]

LGTM

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 12 files changed, 1411 insertions(+), 30 deletions(-))
Terraform Beta: Diff ( 13 files changed, 1589 insertions(+), 30 deletions(-))

[modular-magician]

Tests analytics

Total tests: 3384
Passed tests 3036
Skipped tests: 348
Affected tests: 0

Click here to see the affected service packages

all service packages are affected

$\textcolor{green}{\textsf{All tests passed in REPLAYING mode.}}$
View the build log

[zli82016]

LGTM

[SirGitsalot]

Thanks so much for the review!

Do we recommend the users to use CREATION_ONLY for immutable resources? If use PROACTIVE, the terraform plan is not empty when upgrading the provider and setting terraform_attribution_label_addition_strategy to PROACTIVE. This is a corner case.

Tagging @rileykarson for an answer...

[rileykarson]

LGTM from a usability perspective, comments/suggestions inline

re: the comment above, We could add a warning to the documentation that this will include immutable resources where the change will cause a diff for PROACTIVE.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 12 files changed, 1411 insertions(+), 30 deletions(-))
Terraform Beta: Diff ( 13 files changed, 1589 insertions(+), 30 deletions(-))

[modular-magician]

Tests analytics

Total tests: 3385
Passed tests 3037
Skipped tests: 348
Affected tests: 0

Click here to see the affected service packages

all service packages are affected

$\textcolor{green}{\textsf{All tests passed in REPLAYING mode.}}$
View the build log

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 12 files changed, 1408 insertions(+), 30 deletions(-))
Terraform Beta: Diff ( 13 files changed, 1586 insertions(+), 30 deletions(-))

[modular-magician]

Tests analytics

Total tests: 3387
Passed tests 3038
Skipped tests: 348
Affected tests: 1

Click here to see the affected service packages

all service packages are affected

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccComputeDisk_attributionLabelOnCreation

Get to know how VCR tests work

[modular-magician]

$\textcolor{red}{\textsf{Tests failed during RECORDING mode:}}$
TestAccComputeDisk_attributionLabelOnCreation[Error message] [Debug log]

$\textcolor{red}{\textsf{Please fix these to complete your PR.}}$
View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 12 files changed, 1408 insertions(+), 30 deletions(-))
Terraform Beta: Diff ( 13 files changed, 1586 insertions(+), 30 deletions(-))

[modular-magician]

Tests analytics

Total tests: 3387
Passed tests 3038
Skipped tests: 348
Affected tests: 1

Click here to see the affected service packages

all service packages are affected

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccDataprocClusterIamPolicy

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccDataprocClusterIamPolicy[Debug log]

Rerun these tests in REPLAYING mode to catch issues

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log or the debug log for each test

[zli82016]

LGTM