do not show sensitive certificate details in sql instance and cert (#…

…9684) (#16932)

* chore: do not show sensitive certificate details in Terraform cmd output.

* Mark the whole replica_configuration as sensitive due to the private keys.
[upstream:ec0b19494cd2de57aed7e2fcb93687917d814cc1]

Signed-off-by: Modular Magician <magic-modules@google.com>

.changelog/9684.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+sql: update `replica_configuration`, `ca_cert`, and `server_ca_cert` fields to be flagged sensitive in `google_sql_instance` and `google_sql_ssl_cert` resources
+```

google/services/sql/resource_sql_database_instance.go

@@ -779,7 +779,8 @@ is set to true. Defaults to ZONAL.`,
 				Optional: true,
 				MaxItems: 1,
 				// Returned from API on all replicas
-				Computed: true,
+				Computed:  true,
+				Sensitive: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"ca_certificate": {
@@ -865,8 +866,9 @@ is set to true. Defaults to ZONAL.`,
 				Description: `The configuration for replication.`,
 			},
 			"server_ca_cert": {
-				Type:     schema.TypeList,
-				Computed: true,
+				Type:      schema.TypeList,
+				Computed:  true,
+				Sensitive: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"cert": {

google/services/sql/resource_sql_ssl_cert.go

@@ -58,6 +58,7 @@ func ResourceSqlSslCert() *schema.Resource {
 			"cert": {
 				Type:        schema.TypeString,
 				Computed:    true,
+				Sensitive:   true,
 				Description: `The actual certificate data for this client certificate.`,
 			},
 
@@ -89,6 +90,7 @@ func ResourceSqlSslCert() *schema.Resource {
 			"server_ca_cert": {
 				Type:        schema.TypeString,
 				Computed:    true,
+				Sensitive:   true,
 				Description: `The CA cert of the server this client cert was generated from.`,
 			},