Add new Config entity to Identitytoolkit

[tylerg-dev]

Introduce a minimal Config entity to indentitytoolkit that will allow it to be problematically enabled for Billed projects. Addition of the various other Project Configuration fields will be left to a future PR.

If this PR is for Terraform, I acknowledge that I have:

• Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).
• Generated Terraform, and ran make test and make lint to ensure it passes unit and linter tests.
• Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).
• Ran relevant acceptance tests (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).
• Read the Release Notes Guide before writing my release note below.

Release Note Template for Downstream PRs (will be copied)

`google_identity_platform_config`

[modular-magician]

Hello! I am a robot who works on Magic Modules PRs.

I've detected that you're a community contributor. @ScottSuarez, a repository maintainer, has been assigned to assist you and help review your changes.

❓ First time contributing? Click here for more details

---

Your assigned reviewer will help review your code by:

• Ensuring it's backwards compatible, covers common error cases, etc.
• Summarizing the change into a user-facing changelog note.
• Passes tests, either our "VCR" suite, a set of presubmit tests, or with manual test runs.

You can help make sure that review is quick by running local tests and ensuring they're passing in between each push you make to your PR's branch. Also, try to leave a comment with each push you make, as pushes generally don't generate emails.

If your reviewer doesn't get back to you within a week after your most recent change, please feel free to leave a comment on the issue asking them to take a look! In the absence of a dedicated review dashboard most maintainers manage their pending reviews through email, and those will sometimes get lost in their inbox.

---

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 4 files changed, 422 insertions(+), 2 deletions(-))
Terraform Beta: Diff ( 4 files changed, 422 insertions(+), 2 deletions(-))
TF Validator: Diff ( 3 files changed, 66 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2177
Passed tests 1936
Skipped tests: 238
Failed tests: 3

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccFirebaserulesRelease_BasicRelease|TestAccComputeInstance_soleTenantNodeAffinities|TestAccIdentityPlatformConfig_identityPlatformConfigBasicExample

[modular-magician]

Tests passed during RECORDING mode:
TestAccFirebaserulesRelease_BasicRelease[Debug log]

Tests failed during RECORDING mode:
TestAccComputeInstance_soleTenantNodeAffinities[Error message] [Debug log]
TestAccIdentityPlatformConfig_identityPlatformConfigBasicExample[Error message] [Debug log]

Please fix these to complete your PR
View the build log or the debug log for each test

[tylerg-dev]

The test failure appears to be with how the test is being run by the Cloud Build:

: Service accounts cannot create projects without a parent., forbidden. If you received a 403 error, make sure you have the `roles/resourcemanager.projectCreator` permission

This test is patterned after the pre-existing Firebase Project Basic test, as it needs a new Cloud Project for each run.

Can you advise what you'd like me to do here?

[ScottSuarez]

Here is an example of a project being provisioned. I would look at this example and compare it to your own.

[tylerg-dev]

I've updated the CL with the minor deltas from the example you gave, but not clear they are really going to address the Service account's missing permission to create projects.

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 4 files changed, 436 insertions(+), 2 deletions(-))
Terraform Beta: Diff ( 4 files changed, 436 insertions(+), 2 deletions(-))
TF Validator: Diff ( 3 files changed, 66 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2180
Passed tests 1940
Skipped tests: 239
Failed tests: 1

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccComputeInstance_soleTenantNodeAffinities

[modular-magician]

Tests failed during RECORDING mode:
TestAccComputeInstance_soleTenantNodeAffinities[Error message] [Debug log]

Please fix these to complete your PR
View the build log or the debug log for each test

[tylerg-dev]

The remaining test failure doesn't appear to be from my changes, but instead a different entity that is running out of resources:

Error: Error waiting to create NodeGroup: Error waiting for Creating NodeGroup: The zone 'projects/ci-test-project-188019/zones/us-central1-a' does not have enough resources available to fulfill the request.  Try a different zone, or try again later.

Since I've made not changes to compute instances or their tenant nodes, it seems unlikely the failure originates from this request?

[ScottSuarez]

While everything functionally looks good here. Whats the deletion result? ie, what happens when you delete this resource?

Don't worry about the test. Its unrelated.

[tylerg-dev]

This resource is unfortunately a Latch / Project-singleton resource, it cannot be deleted one added to a project (though the Identity Providers which are tied to this resource can be zeroed out & disabled ex: Default Identity Provider.

The underlying API resource only has GET and Update (plus the :initializeIdentityPlatform custom verb that must be called before other operations will work)

[ScottSuarez]

I see so this a one-off initialize resource. Could we quantify that information in the description of the resource so consumers are aware? Perhaps with links to further documentation.

[tylerg-dev]

The resource is also a project-singleton configuration (there are many more field that can be added but we are trying to decouple allowing initialization from the work needed to enable the rest of the custom project-level configuration management since not all customers need the latter).

Additional documentation is already linked in the Guides & API fields.

I've adjusted the docs some, though the old documentation (such as it was) was directly from the underlying API.

[modular-magician]

Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are.

Diff report:

Terraform GA: Diff ( 4 files changed, 442 insertions(+), 2 deletions(-))
Terraform Beta: Diff ( 4 files changed, 442 insertions(+), 2 deletions(-))
TF Validator: Diff ( 3 files changed, 66 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2183
Passed tests 1937
Skipped tests: 239
Failed tests: 7

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccComputeInstance_soleTenantNodeAffinities|TestAccPrivatecaCaPoolIamPolicyGenerated_withCondition|TestAccStorageTransferJob_transferOptions|TestAccComputeInstanceIamPolicyGenerated_withCondition|TestAccComputeBackendServiceIamPolicyGenerated_withCondition|TestAccComputeRegionBackendServiceIamPolicyGenerated_withCondition|TestAccComputeMachineImageIamPolicyGenerated_withCondition

[modular-magician]

Tests passed during RECORDING mode:
TestAccPrivatecaCaPoolIamPolicyGenerated_withCondition[Debug log]
TestAccStorageTransferJob_transferOptions[Debug log]
TestAccComputeInstanceIamPolicyGenerated_withCondition[Debug log]
TestAccComputeBackendServiceIamPolicyGenerated_withCondition[Debug log]
TestAccComputeRegionBackendServiceIamPolicyGenerated_withCondition[Debug log]
TestAccComputeMachineImageIamPolicyGenerated_withCondition[Debug log]

Tests failed during RECORDING mode:
TestAccComputeInstance_soleTenantNodeAffinities[Error message] [Debug log]

Please fix these to complete your PR
View the build log or the debug log for each test

[ScottSuarez]

Thanks Tyler !