update check for diff suppress (#5984) (#4261)

* update check for diff suppress

* add tests

* fix test resource name

* import master instance too, just to verify

* update cmek region

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/5984.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+sql: fixed bug where `encryption_key_name` was not being propagated to the API.
+```

google-beta/resource_cgc_snippet_generated_test.go

@@ -709,7 +709,7 @@ resource "google_project_service_identity" "gcp_sa_cloud_sql" {
 
 resource "google_kms_key_ring" "keyring" {
   name     = "tf-test-keyring-name%{random_suffix}"
-  location = "europe-north1"
+  location = "us-central1"
 }
 
 resource "google_kms_crypto_key" "key" {

google-beta/resource_sql_database_instance.go

@@ -84,7 +84,7 @@ var (
 )
 
 func diffSuppressSqlReplicaKeyName(k, old, new string, d *schema.ResourceData) bool {
-	if d.Get("replica_configuration") != nil {
+	if d.Get("master_instance_name").(string) != "" {
 		// This is a replica and the config value must be null, but the API will
 		// return the key name of the master instance, so we'll suppress this diff
 		return true

google-beta/resource_sql_database_instance_test.go

@@ -1027,6 +1027,39 @@ func TestAccSqlDatabaseInstance_insights(t *testing.T) {
 	})
 }
 
+func TestAccSqlDatabaseInstance_encryptionKey(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"key_name":      "tf-test-key-" + randString(t, 10),
+		"instance_name": "tf-test-sql-" + randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProvidersOiCS,
+		CheckDestroy: testAccSqlDatabaseInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: Nprintf(
+					testGoogleSqlDatabaseInstance_encryptionKey, context),
+			},
+			{
+				ResourceName:            "google_sql_database_instance.replica",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+			},
+			{
+				ResourceName:            "google_sql_database_instance.master",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+			},
+		},
+	})
+}
+
 var testGoogleSqlDatabaseInstance_basic2 = `
 resource "google_sql_database_instance" "instance" {
   region              = "us-central1"
@@ -1662,6 +1695,70 @@ resource "google_sql_database_instance" "instance" {
   }
 }
 `
+var testGoogleSqlDatabaseInstance_encryptionKey = `
+resource "google_project_service_identity" "gcp_sa_cloud_sql" {
+  provider = google-beta
+  service  = "sqladmin.googleapis.com"
+}
+
+resource "google_kms_key_ring" "keyring" {
+  provider = google-beta
+
+  name     = "%{key_name}"
+  location = "us-central1"
+}
+
+resource "google_kms_crypto_key" "key" {
+  provider = google-beta
+
+  name     = "%{key_name}"
+  key_ring = google_kms_key_ring.keyring.id
+}
+
+resource "google_kms_crypto_key_iam_binding" "crypto_key" {
+  provider      = google-beta
+  crypto_key_id = google_kms_crypto_key.key.id
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+
+  members = [
+    "serviceAccount:${google_project_service_identity.gcp_sa_cloud_sql.email}",
+  ]
+}
+
+resource "google_sql_database_instance" "master" {
+  provider            = google-beta
+  name                = "%{instance_name}-master"
+  database_version    = "MYSQL_5_7"
+  region              = "us-central1"
+  deletion_protection = false
+  encryption_key_name = google_kms_crypto_key.key.id
+
+  settings {
+    tier = "db-n1-standard-1"
+
+    backup_configuration {
+      enabled            = true
+      start_time         = "00:00"
+      binary_log_enabled = true
+    }
+  }
+}
+
+resource "google_sql_database_instance" "replica" {
+  provider             = google-beta
+  name                 = "%{instance_name}-replica"
+  database_version     = "MYSQL_5_7"
+  region               = "us-central1"
+  master_instance_name = google_sql_database_instance.master.name
+  deletion_protection  = false
+
+  settings {
+    tier = "db-n1-standard-1"
+  }
+
+  depends_on = [google_sql_database_instance.master]
+}
+`
 
 func testGoogleSqlDatabaseInstance_PointInTimeRecoveryEnabled(masterID int, pointInTimeRecoveryEnabled bool) string {
 	return fmt.Sprintf(`