[datadog_synthetics_test] Fix multistep client certificate

[AntoineDona]

Description

This PR was created in response to this issue where applying a multistep test with a client certificate multiple times would result in the certificate being deleted in the backend.
The tricky thing here is that the certificate is never stored in the tf state for security reasons, and we pass an empty value to the backend if its value does not change. Because we don't have the step ids in terraform, the backend can't partially update the step and just overrides everything, thus the certificate is destroyed.

As a fix, we decided to pass the certificate on each tf update.

[Drarig29]

Great work! Do you have an idea of how to capture this in unit tests?

[Drarig29]

You don't do anything with the returned error - is it expected?

[etnbrd]

Overall LGTM, great work!
Left a few comments on structure to keep the provider implementation moving into the right direction.

[etnbrd]

Mutation is to be avoided as much as possible. Instead, let's have this function return the requestClientCertificates interface, and override it in the caller.

Suggested change

	func overrideStateCertificate(requestClientCertificates []interface{}, configCert, configKey string) error {
	if len(requestClientCertificates) == 0 {
	return fmt.Errorf("requestClientCertificates is empty")
	}
	requestClientCertificate, ok := requestClientCertificates[0].(map[string]interface{})
	if !ok {
	return fmt.Errorf("requestClientCertificates[0] is not a map")
	}
	certList, ok := requestClientCertificate["cert"].([]interface{})
	if !ok || len(certList) == 0 {
	return fmt.Errorf("cert is not a valid list or is empty")
	}
	cert, ok := certList[0].(map[string]interface{})
	if !ok {
	return fmt.Errorf("cert[0] is not a map")
	}
	cert["content"] = configCert
	keyList, ok := requestClientCertificate["key"].([]interface{})
	if !ok || len(keyList) == 0 {
	return fmt.Errorf("key is not a valid list or is empty")
	}
	key, ok := keyList[0].(map[string]interface{})
	if !ok {
	return fmt.Errorf("key[0] is not a map")
	}
	key["content"] = configKey
	return nil
	}
	func buildDatadogRequestClientCertificate(configCert, configKey string) {
	requestClientCertificates := datadogV1. ... TODO
	certList, ok := requestClientCertificate["cert"].([]interface{})
	cert, ok := certList[0].(map[string]interface{})
	if !ok {
	return fmt.Errorf("cert[0] is not a map")
	}
	cert["content"] = configCert
	keyList, ok := requestClientCertificate["key"].([]interface{})
	if !ok || len(keyList) == 0 {
	return fmt.Errorf("key is not a valid list or is empty")
	}
	key, ok := keyList[0].(map[string]interface{})
	if !ok {
	return fmt.Errorf("key[0] is not a map")
	}
	key["content"] = configKey
	return requestClientCertificates
	}

[AntoineDona]

Agreed that we should avoid the mutation. However, completeSyntheticsTestRequest is not expecting a nicely formatted requestClientCertificates, but rather a raw stepMap["request_client_certificate"] with a more complexe structure. So the buildDatadogRequestClientCertificate does not really make sense, even more that we already have the buildDatadogRequestCertificates function which kinda does the same thing, inside of completeSyntheticsTestRequest.

[etnbrd]

Let's keep this function pure, just returning the right structure, and overriding here.

[AntoineDona]

The overriding is quite complexe due to the nested structure of stepMap["request_client_certificate"] -> arrays of 1 object containing arrays of 1 object etc. completeSyntheticsTestRequest expects the weird structure as a param, and then calls buildDatadogRequestCertificates to create the right structure for the certificate, so we can't create it beforehand.
If we want to override without any mutation, it will be easier to create a deepCopy of stepMap["request_client_certificate"], then override it and return the finale clientCertificate.