[Bug] Terrafrom Incorrectly Accepts Admin with Namespace_Access Blocks

[jlacefie]

What are you really trying to do?

The TF provider should fail if a user or service accounts are created as Admin and explicit Namespace_Access blocks as this is an invalid state for a Global Admin user or Service_Account.

Today, TF will create the user or service account with "implicit"/"inherited" permissions to all Namespaces AND fail the apply with the following error

╷
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to temporalcloud_service_account.global_admin, provider "provider["registry.terraform.io/temporalio/temporalcloud"]" produced an unexpected new value: .namespace_accesses: was
│ cty.ListVal([]cty.Value{cty.ObjectVal(map[string]cty.Value{"namespace_id":cty.StringVal("terraformsa.ksfop"), "permission":cty.StringVal("Write")})}), but now null.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

The desired behavior is to fail the TF create request without creating the user or service account.

Reproduction

To reproduce:

1. Create or Import an Existing Namespace into a TF
   terraform import temporalcloud_namespace.namespace <account_id>.<namespace name>

2. Using the following block, create a Service Account with Access = Admin and Namespace_Account = the created/imported, Write using the following code block

resource "temporalcloud_service_account" "global_admin" {
  name          = "tftestsagaoverride"
  account_access = "Admin"
  namespace_accesses = [
      {
      namespace_id = temporalcloud_namespace.namespace.id
      permission = "Write"
    }
 ]
}

3. run Terraform apply and click yes.

• The Service Account is created
• TF Apply returns an error

Environment/Versions

Reproduced on v0.0.15