publicca: add mac_key, fix and deprecate b64url_mac_key

[champtar]

https://docs.cloud.google.com/certificate-manager/docs/reference/public-ca/rest/v1/projects.locations.externalAccountKeys#ExternalAccountKey

b64MacKey is defined as

string (bytes format)
Output only. Base64-URL-encoded HS256 key. It is generated by the PublicCertificateAuthorityService when the ExternalAccountKey is created

A base64-encoded string.

So the content is a 'Base64-URL-encoded HS256 key', and it's base64url encoded a second time as it's a string in 'bytes format'

This can be confirmed by using the CLI:

gcloud publicca external-account-keys create --log-http

we see that the CLI base64 decode the content for us.

b64_mac_key is the raw output from the API: URLEncoding(RawURLEncoding(binary key))
b64url_mac_key is the same but unpadded: RawURLEncoding(RawURLEncoding(binary key))

We introduce mac_key to get the same format as the CLI: RawURLEncoding(binary key)

Fixes: hashicorp/terraform-provider-google#25799
Fixes: hashicorp/terraform-provider-google#25646

Release Note Template for Downstream PRs (will be copied)

publicca: added `mac_key` to `google_public_ca_external_account_key`

publicca: fixed `b64url_mac_key` sometimes being empty in `google_public_ca_external_account_key`

publicca: deprecated `b64url_mac_key` on `google_public_ca_external_account_key`, use `mac_key` instead

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

Googlers: For automatic test runs see go/terraform-auto-test-runs.

@slevenick, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 39 insertions(+), 9 deletions(-))
google-beta provider: Diff ( 3 files changed, 39 insertions(+), 9 deletions(-))

[modular-magician]

Tests analytics

Total tests: 1
Passed tests: 1
Skipped tests: 0
Affected tests: 0

Click here to see the affected service packages

• publicca

🟢 All tests passed!

View the build log

[github-actions]

@slevenick This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.

[slevenick]

Double?

[slevenick]

What is this supposed to mean?

[champtar]

It means base64(base64(binary key)), I'm totally open to better suggestions

[slevenick]

Strange. I guess I would say something like:

Double Base64-URL-encoded HS256 key. To read the contents of this key you must base64 decode the value twice. It is generated....

[champtar]

Actually you pass around the base64(binary key) to software like cert-manager, so you only need to base64 decode once here, what do you think of Doubly Base64-URL-encoded HS256 key ('base64(base64(binary key))'). It is generated by the ...

[champtar]

@slevenick I just pushed Doubly Base64-URL-encoded HS256 key ('base64(base64(binary key))')., if you prefer your version that's also fine with me, just tell me

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 39 insertions(+), 9 deletions(-))
google-beta provider: Diff ( 3 files changed, 39 insertions(+), 9 deletions(-))

[modular-magician]

Tests analytics

Total tests: 1
Passed tests: 1
Skipped tests: 0
Affected tests: 0

Click here to see the affected service packages

• publicca

🟢 All tests passed!

View the build log

[github-actions]

@slevenick This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.