Added changes for new Flexible CA mode support for Redis and Valkey Cluster

[omanges]

Adding support two new CA modes BYOCA and Shared CA for TLS enabled clusters/instance

redis: added `server_ca_mode` and `server_ca_pool` fields to `google_redis_cluster` resource

memorystore: added `server_ca_mode` and `server_ca_pool` fields to `google_memorystore_instance` resource

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

Googlers: For automatic test runs see go/terraform-auto-test-runs.

@SirGitsalot, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 183 insertions(+), 3 deletions(-))
google-beta provider: Diff ( 6 files changed, 183 insertions(+), 3 deletions(-))
terraform-google-conversion: Diff ( 5 files changed, 85 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_memorystore_instance (21 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_memorystore_instance" "primary" {
  server_ca_mode = # value needed
  server_ca_pool = # value needed
}

Resource: google_redis_cluster (21 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_redis_cluster" "primary" {
  server_ca_mode = # value needed
  server_ca_pool = # value needed
}

[modular-magician]

Tests analytics

Total tests: 61
Passed tests: 61
Skipped tests: 0
Affected tests: 0

Click here to see the affected service packages

• redis
• memorystore

🟢 All tests passed!

View the build log

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 8 files changed, 450 insertions(+), 3 deletions(-))
google-beta provider: Diff ( 8 files changed, 450 insertions(+), 3 deletions(-))
terraform-google-conversion: Diff ( 6 files changed, 88 insertions(+))

[modular-magician]

Tests analytics

Total tests: 63
Passed tests: 61
Skipped tests: 0
Affected tests: 2

Click here to see the affected service packages

• memorystore
• redis

Action taken

Found 2 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccMemorystoreInstance_customerManagedCas
• TestAccRedisCluster_customerManagedCas

Get to know how VCR tests work

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccMemorystoreInstance_customerManagedCas [Error message] [Debug log]
TestAccRedisCluster_customerManagedCas [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[SirGitsalot]

Are the new fields live on the public API? They don't show up in the docs, which might explain the test failures (since our test runners use the public API without access to any visibility-restricted fields).

[SirGitsalot]

Is it possible to explicitly set this field to SERVER_CA_MODE_UNSPECIFIED? That is:

resource "google_memorystore_instance" "my_instance" {
  name = "my_instance"
  server_ca_mode = "SERVER_CA_MODE_UNSPECIFIED"
}

From the description it sounds like the mode would get set to SERVER_CA_MODE_GOOGLE_MANAGED_PER_INSTANCE_CA since most APIs don't distinguish between "not set at all" and "set to the unspecified enum value". If that's the case you should be able to just remove the SERVER_CA_MODE_UNSPECIFIED option.

[omanges]

Yeah removed SERVER_CA_MODE_UNSPECIFIED

[SirGitsalot]

Please fix the lint nits.

[omanges]

Done fixed

[omanges]

Are the new fields live on the public API? They don't show up in the docs, which might explain the test failures (since our test runners use the public API without access to any visibility-restricted fields).

Yeah the fields are yet to be made public

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 8 files changed, 432 insertions(+), 3 deletions(-))
google-beta provider: Diff ( 8 files changed, 432 insertions(+), 3 deletions(-))
terraform-google-conversion: Diff ( 6 files changed, 88 insertions(+))

[modular-magician]

Tests analytics

Total tests: 63
Passed tests: 61
Skipped tests: 0
Affected tests: 2

Click here to see the affected service packages

• redis
• memorystore

Action taken

Found 2 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccMemorystoreInstance_customerManagedCas
• TestAccRedisCluster_customerManagedCas

Get to know how VCR tests work

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccMemorystoreInstance_customerManagedCas [Error message] [Debug log]
TestAccRedisCluster_customerManagedCas [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[SirGitsalot]

Are the new fields live on the public API? They don't show up in the docs, which might explain the test failures (since our test runners use the public API without access to any visibility-restricted fields).

Yeah the fields are yet to be made public

That definitely explains the test failures. In the test debug logs you can see the fields being set in the POST request but not being returned in the subsequent GET due to the visibility label.

This PR looks mostly done, but it will need to wait until the visibility label is removed and the API fully rolled out before to be merged.