fix(spanner): prevent forceNew when kmsKeyName and kmsKeyNames are same (#15726)

Author: rahul2393

mmv1/products/spanner/Database.yaml

@@ -60,6 +60,7 @@ custom_code:
   pre_delete: 'templates/terraform/pre_delete/resource_spanner_database.go.tmpl'
 custom_diff:
   - 'resourceSpannerDBDdlCustomDiff'
+  - 'resourceSpannerEncryptionConfigCustomDiff'
 # Sweeper skipped as this resource has customized deletion.
 exclude_sweeper: true
 examples:
@@ -167,6 +168,7 @@ properties:
           Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist
           in the same locations as the Spanner Database.
         immutable: true
+        default_from_api: true
         custom_flatten: templates/terraform/custom_flatten/spanner_database_kms_key_names.go.tmpl
         item_type:
           type: String

mmv1/templates/terraform/constants/spanner_database.go.tmpl

@@ -56,4 +56,31 @@ func resourceSpannerDBVirtualUpdate(d *schema.ResourceData, resourceSchema map[s
 		return true
 	}
 	return false
+}
+
+func resourceSpannerEncryptionConfigCustomDiffFunc(diff tpgresource.TerraformResourceDiff) error {
+	if diff.HasChange("encryption_config.0.kms_key_names") {
+		kmsKeyName := diff.Get("encryption_config.0.kms_key_name")
+		if kmsKeyName == "" {
+			return nil
+		}
+		old, new := diff.GetChange("encryption_config.0.kms_key_names")
+		if old == nil {
+			old = []interface{}{}
+		}
+		if new == nil {
+			new = []interface{}{}
+		}
+		oldKeys := old.([]interface{})
+		newKeys := new.([]interface{})
+		if len(newKeys) == 0 && len(oldKeys) == 1 && oldKeys[0] == kmsKeyName {
+			return diff.Clear("encryption_config.0.kms_key_names")
+		}
+		return diff.ForceNew("encryption_config.0.kms_key_names")
+	}
+	return nil
+}
+
+func resourceSpannerEncryptionConfigCustomDiff(_ context.Context, diff *schema.ResourceDiff, meta interface{}) error {
+	return resourceSpannerEncryptionConfigCustomDiffFunc(diff)
 }

mmv1/third_party/terraform/services/spanner/resource_spanner_database_internal_test.go

@@ -95,3 +95,48 @@ func TestDatabaseNameForApi(t *testing.T) {
 	expected := "projects/project123/instances/instance456/databases/db789"
 	expectEquals(t, expected, actual)
 }
+
+func TestSpannerDatabase_resourceSpannerEncryptionConfigCustomDiffFuncForceNew(t *testing.T) {
+	t.Parallel()
+
+	cases := map[string]struct {
+		before   map[string]interface{}
+		after    map[string]interface{}
+		forcenew bool
+	}{
+		"kms_key_name_and_kms_key_names_are_same": {
+			before: map[string]interface{}{
+				"encryption_config.0.kms_key_name":  "key1",
+				"encryption_config.0.kms_key_names": []interface{}{"key1"},
+			},
+			after: map[string]interface{}{
+				"encryption_config.0.kms_key_name": "key1",
+			},
+			forcenew: false,
+		},
+		"kms_key_name_and_kms_key_names_are_different": {
+			before: map[string]interface{}{
+				"encryption_config.0.kms_key_name": "key1",
+			},
+			after: map[string]interface{}{
+				"encryption_config.0.kms_key_name":  "key1",
+				"encryption_config.0.kms_key_names": []interface{}{"key2"},
+			},
+			forcenew: true,
+		},
+	}
+
+	for tn, tc := range cases {
+		d := &tpgresource.ResourceDiffMock{
+			Before: tc.before,
+			After:  tc.after,
+		}
+		err := resourceSpannerEncryptionConfigCustomDiffFunc(d)
+		if err != nil {
+			t.Errorf("failed, expected no error but received - %s for the condition %s", err, tn)
+		}
+		if d.IsForceNew != tc.forcenew {
+			t.Errorf("ForceNew not setup correctly for the condition-'%s', expected:%v;actual:%v", tn, tc.forcenew, d.IsForceNew)
+		}
+	}
+}