Support healthcare fhir new notifications config

[joycezhou47]

Link: https://cloud.google.com/healthcare-api/docs/how-tos/pubsub#fhir_notifications_containing_fhir_resource_data Fix: https://github.com/hashicorp/terraform-provider-google/issues/12061

If this PR is for Terraform, I acknowledge that I have:

• [X] Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).
• [X] Generated Terraform, and ran make test and make lint to ensure it passes unit and linter tests.
• [X] Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).
• [X] Ran relevant acceptance tests (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).
• [X] Read the Release Notes Guide before writing my release note below.

Release Note Template for Downstream PRs (will be copied)

healthcare: added `notification_configs ` field to `google_healthcare_fhir_store` resource

[modular-magician]

Hello! I am a robot who works on Magic Modules PRs.

I've detected that you're a community contributor. @c2thorn, a repository maintainer, has been assigned to assist you and help review your changes.

:question: First time contributing? Click here for more details

---

Your assigned reviewer will help review your code by:

• Ensuring it's backwards compatible, covers common error cases, etc.
• Summarizing the change into a user-facing changelog note.
• Passes tests, either our "VCR" suite, a set of presubmit tests, or with manual test runs.

You can help make sure that review is quick by running local tests and ensuring they're passing in between each push you make to your PR's branch. Also, try to leave a comment with each push you make, as pushes generally don't generate emails.

If your reviewer doesn't get back to you within a week after your most recent change, please feel free to leave a comment on the issue asking them to take a look! In the absence of a dedicated review dashboard most maintainers manage their pending reviews through email, and those will sometimes get lost in their inbox.

---

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 2 files changed, 120 insertions(+)) Terraform Beta: Diff ( 3 files changed, 231 insertions(+)) TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-)) TF OiCS: Diff ( 4 files changed, 129 insertions(+))

[modular-magician]

Tests analytics

Total tests: 2150 Passed tests 1907 Skipped tests: 233 Failed tests: 10

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccSqlDatabaseInstance_SqlServerAuditConfig|TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordinateExample|TestAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRange|TestAccHealthcareFhirStore_healthcareFhirStoreNotificationConfigExample|TestAccComputeInstance_soleTenantNodeAffinities|TestAccComputeGlobalForwardingRule_internalLoadBalancing|TestAccCloudFunctions2Function_fullUpdate|TestAccCloudfunctions2function_cloudfunctions2BasicAuditlogsExample|TestAccCloudfunctions2function_cloudfunctions2BasicGcsExample|TestAccCloudRunService_cloudRunServiceStaticOutboundExample

[modular-magician]

Tests passed during RECORDING mode: TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordinateExample[view] TestAccCloudFunctions2Function_fullUpdate[view] TestAccCloudfunctions2function_cloudfunctions2BasicAuditlogsExample[view] TestAccCloudfunctions2function_cloudfunctions2BasicGcsExample[view]

Tests failed during RECORDING mode: TestAccSqlDatabaseInstance_SqlServerAuditConfig[view] TestAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRange[view] TestAccHealthcareFhirStore_healthcareFhirStoreNotificationConfigExample[view] TestAccComputeInstance_soleTenantNodeAffinities[view] TestAccComputeGlobalForwardingRule_internalLoadBalancing[view] TestAccCloudRunService_cloudRunServiceStaticOutboundExample[view]

Please fix these to complete your PR View the build log or the debug log for each test

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 2 files changed, 120 insertions(+)) Terraform Beta: Diff ( 3 files changed, 231 insertions(+)) TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-)) TF OiCS: Diff ( 4 files changed, 129 insertions(+))

[modular-magician]

Tests analytics

Total tests: 2150 Passed tests 1909 Skipped tests: 233 Failed tests: 8

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRange|TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordinateExample|TestAccHealthcareFhirStore_healthcareFhirStoreNotificationConfigExample|TestAccFirebaserulesRelease_BasicRelease|TestAccComputeInstance_soleTenantNodeAffinities|TestAccComputeGlobalForwardingRule_internalLoadBalancing|TestAccCloudRunService_cloudRunServiceStaticOutboundExample|TestAccSqlDatabaseInstance_SqlServerAuditConfig

[modular-magician]

Tests passed during RECORDING mode: TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordinateExample[view] TestAccFirebaserulesRelease_BasicRelease[view]

Tests failed during RECORDING mode: TestAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRange[view] TestAccHealthcareFhirStore_healthcareFhirStoreNotificationConfigExample[view] TestAccComputeInstance_soleTenantNodeAffinities[view] TestAccComputeGlobalForwardingRule_internalLoadBalancing[view] TestAccCloudRunService_cloudRunServiceStaticOutboundExample[view] TestAccSqlDatabaseInstance_SqlServerAuditConfig[view]

Please fix these to complete your PR View the build log or the debug log for each test

[joycezhou47]

The test is failing on our end due to the following error:

    provider_test.go:315: Step 1/2 error: Error running apply: exit status 1
        
        Error: Error creating FhirStore: googleapi: Error 403: Permission pubsub.topics.publish denied on resource gs://tf-test-fhir-notifications<redactedsuffix> (or it may be malformed or not exist)
        
          with google_healthcare_fhir_store.default,
          on terraform_plugin_test.tf line 2, in resource "google_healthcare_fhir_store" "default":
           2: resource "google_healthcare_fhir_store" "default" {

Looks like some permission is needed, do you know if this is something we can add to the example?

The permission needed is the "pubsub.topics.publish" permission to the pubsub topic here. In order for the creation to actually succeed, that topic needs to exist and also the permission of that topic needs to be granted to the test project which is creating fhir store. Not sure if we can configure for this.

(Also I noticed that I attached the "gs://" prefix which shouldn't be attached, now fixed.

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 2 files changed, 120 insertions(+)) Terraform Beta: Diff ( 3 files changed, 231 insertions(+)) TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-)) TF OiCS: Diff ( 4 files changed, 129 insertions(+))

[modular-magician]

Tests analytics

Total tests: 2164 Passed tests 1924 Skipped tests: 235 Failed tests: 5

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccComputeInstance_soleTenantNodeAffinities|TestAccHealthcareFhirStore_healthcareFhirStoreNotificationConfigExample|TestAccFirebaserulesRelease_BasicRelease|TestAccCGCSnippet_eventarcWorkflowsExample|TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordinateExample

[modular-magician]

Tests passed during RECORDING mode: TestAccFirebaserulesRelease_BasicRelease[Debug log] TestAccCGCSnippet_eventarcWorkflowsExample[Debug log] TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordinateExample[Debug log]

Tests failed during RECORDING mode: TestAccComputeInstance_soleTenantNodeAffinities[Error message] [Debug log] TestAccHealthcareFhirStore_healthcareFhirStoreNotificationConfigExample[Error message] [Debug log]

Please fix these to complete your PR View the build log or the debug log for each test

[c2thorn]

Hi @joycezhou47, this is something we'll need to resolve for the test to pass. Can we grant permissions within the example using the pubsub IAM controls ?

[joycezhou47]

pubsub permissions can be granted using IAM controls, but I need help to navigate the permission granting process for these tests since I don't really have an understanding of the test setup.

I see the "" part on the failure message, I assumed that this means that each time the test runs, a pubsub topic is dynamically generated - this implies that we would also need to dynamically create this topic during the test.

However, if the topics are not dynamically generated, and if it should be much easier to configure - I'll need to find the project which this test is running against, and grant the pubsub.publish IAM permission to the service account of that project.

[c2thorn]

pubsub permissions can be granted using IAM controls, but I need help to navigate the permission granting process for these tests since I don't really have an understanding of the test setup.

I see the "" part on the failure message, I assumed that this means that each time the test runs, a pubsub topic is dynamically generated - this implies that we would also need to dynamically create this topic during the test.

Yes these tests dynamically create and destroy resources each run, so the permissions will also need to be dynamic. I'm hoping something similar to https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/templates/terraform/examples/storage_pubsub_notifications.tf.erb is usable here

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 5 files changed, 240 insertions(+)) Terraform Beta: Diff ( 6 files changed, 351 insertions(+)) TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-)) TF OiCS: Diff ( 4 files changed, 142 insertions(+))

[modular-magician]

Tests analytics

Total tests: 2172 Passed tests 1932 Skipped tests: 236 Failed tests: 4

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccComputeInstance_soleTenantNodeAffinities|TestAccComputeForwardingRule_update|TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordinateExample|TestAccHealthcareFhirStore_healthcareFhirStoreNotificationConfigExample

[modular-magician]

Tests passed during RECORDING mode: TestAccComputeForwardingRule_update[Debug log] TestAccPrivatecaCertificateAuthority_privatecaCertificateAuthoritySubordinateExample[Debug log] TestAccHealthcareFhirStore_healthcareFhirStoreNotificationConfigExample[Debug log]

Tests failed during RECORDING mode: TestAccComputeInstance_soleTenantNodeAffinities[Error message] [Debug log]

Please fix these to complete your PR View the build log or the debug log for each test

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 5 files changed, 240 insertions(+)) Terraform Beta: Diff ( 6 files changed, 351 insertions(+)) TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-)) TF OiCS: Diff ( 4 files changed, 142 insertions(+))

[modular-magician]

Tests analytics

Total tests: 2180 Passed tests 1940 Skipped tests: 238 Failed tests: 2

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccFirebaserulesRelease_BasicRelease|TestAccComputeInstance_soleTenantNodeAffinities

[modular-magician]

Tests passed during RECORDING mode: TestAccFirebaserulesRelease_BasicRelease[Debug log]

Tests failed during RECORDING mode: TestAccComputeInstance_soleTenantNodeAffinities[Error message] [Debug log]

Please fix these to complete your PR View the build log or the debug log for each test

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 2 files changed, 120 insertions(+)) Terraform Beta: Diff ( 3 files changed, 231 insertions(+)) TF Validator: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-)) TF OiCS: Diff ( 4 files changed, 129 insertions(+))

[modular-magician]

Tests analytics

Total tests: 2180 Passed tests 1940 Skipped tests: 238 Failed tests: 2

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccFirebaserulesRelease_BasicRelease|TestAccComputeInstance_soleTenantNodeAffinities

[modular-magician]

Tests passed during RECORDING mode: TestAccFirebaserulesRelease_BasicRelease[Debug log]

Tests failed during RECORDING mode: TestAccComputeInstance_soleTenantNodeAffinities[Error message] [Debug log]

Please fix these to complete your PR View the build log or the debug log for each test

[joycezhou47]

Hi @c2thorn , I noticed that it's not the first time that cloud healthcare uses pubsub topic so I suspect that there's actually some setup that allows me to add the new field without doing the whole data source thing.

Currently I can see one test failing, which is the VCR-test, is this test related the things I've added?