Add acceptance tests for how provider handles impersonate_service_account argument

[SarahFrench]

This PR adds acceptance tests for usage of impersonate_service_account that demonstrate:

• how the provider behaves when provider configuration arguments come from different sources ( config vs ENVs)
  • There is only a single ENV used for this argument, versus other arguments
• schema-level validation that's in place, e.g. handling of empty strings
• use cases: how does this argument impact the providers behaviour in plan/apply

Note: this PR does not include testing usage of impersonate_service_account when using PF-implemented resource/data source as doing this in the context of Firebase (the only service with PF-implemented stuff) is very complex.

Release Note Template for Downstream PRs (will be copied)

[SarahFrench]

Some comments to assist in review

[SarahFrench]

I think waiting for an 'easier' resource to use would be best - given that Firebase is the only PF-impemented resources/data source available to us and it's Beta-only.

[SarahFrench]

The error can only arise if Terraform is using the impersonated service account that has no permissions

[SarahFrench]

Some TeamCity builds running these tests:

• SDK : TestAccSdkProvider_impersonate_service_account
• PF : TestAccFwProvider_impersonate_service_account

[SarahFrench]

Marking this as ready for review - happy to save merging for after the rewrite is released (will reduce the diffs in this PR) but would be nice to get feedback on the tests in the meantime

I've self-reviewed a little here and have triggered the tests in TeamCity here.

[c2thorn]

LGTM overall. Can't think of more cases to cover with impersonate_service_account

[SarahFrench]

Thanks for the review!

Before merging I'm going to remove these outputs that are unused.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 348 insertions(+), 6 deletions(-))
google-beta provider: Diff ( 6 files changed, 348 insertions(+), 6 deletions(-))

[modular-magician]

Tests analytics

Total tests: 4098
Passed tests: 3686
Skipped tests: 412
Affected tests: 0

Click here to see the affected service packages

All service packages are affected

$\textcolor{green}{\textsf{All tests passed!}}$

View the build log

[ScottSuarez]

Hi Sarah, this test is failing in teamcity at 50% frequency

https://hashicorp.teamcity.com/test/-2975064263368697375?currentProjectId=TerraformProviders_GoogleCloud_GOOGLE_BETA_NIGHTLYTESTS&expandTestHistoryChartSection=true

I suspect because the actual SA's we are attempting to impersonate do not exist
hashicorp/terraform-provider-google#19741

[SarahFrench]

Thanks for letting me know! I'll split the test into two steps and that should ensure the service account is present. Ah the test is already split that way.

That failure is actually related to #11785