Remove redundant cloud_control_metadata block

[kayps0299]

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_security_compliance_framework_deployment has incorrect information (specifying the AUDIT enforcement mode) in the deployment request.

Also the framework resource created above does not have the cloud control builtin-assign-correct-bucket-label so it should not be added in the framework deployment resource creation

Fixes hashicorp/terraform-provider-google#25770

cloud_security_compliance: update the example in documentation for `google_cloud_security_compliance_framework_deployment`

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

Googlers: For automatic test runs see go/terraform-auto-test-runs.

@BBBmau, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 2 files changed, 60 deletions(-))
google-beta provider: Diff ( 2 files changed, 60 deletions(-))

[modular-magician]

Tests analytics

Total tests: 7
Passed tests: 6
Skipped tests: 0
Affected tests: 1

Click here to see the affected service packages

• cloudsecuritycompliance

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentBasicExample

Get to know how VCR tests work

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccCloudSecurityComplianceFrameworkDeployment_cloudsecuritycomplianceFrameworkDeploymentBasicExample [Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

---

🟢 All tests passed!

View the build log or the debug log for each test

[BBBmau]

can you provide more info on how this is a duplicate? The API reference of this resource has CloudControlMetadata as a List allowing multiple blocks of cloud_control_metadata to be set in configuration.

We've also had passing nightly tests for this test case, providing another reason for this to be left as is.

[kayps0299]

If you see the examle here: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_security_compliance_framework_deployment#example-usage---cloudsecuritycompliance-framework-deployment-basic

First we create the "google_cloud_security_compliance_framework" resource which has only one cloud control details organizations/%{org_id}/locations/global/cloudControls/builtin-detective-policy-for-vertex-ai-runtime-template-idle-shutdown

Then we use the above created framework to create the "google_cloud_security_compliance_framework_deployment" resource, now the cloudcontrol metadata field should have only the cloud controls that are defined in the framework i.e organizations/%{org_id}/locations/global/cloudControls/builtin-detective-policy-for-vertex-ai-runtime-template-idle-shutdown but the example has one more cloud control metadata in the deployment request which should not be there.

Thats why removing the cloud control metadata for this control organizations/123456789/locations/global/cloudControls/builtin-assign-correct-bucket-label