Should we add validation on the provider-level scopes argument to disallow empty arrays?

[SarahFrench]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

Currently the scopes provider-level argument can be set as an empty array. In this case the provider-configuration logic detects that the array has length 0 and then uses default scopes instead.

This might mean that users purposefully set no scopes in the provider block and believe that no scopes are granted (?) but in fact the default scopes are used. If we added validation on the value of scopes so that [] was no longer valid it would avoid users being mislead about what's happening in the provider.

Adding this validation would be a breaking change, as there could be users with empty scopes arrays present in their config.

New or Affected Resource(s)

• google_XXXXX

Potential Terraform Configuration

This is currently valid

provider "google" {
    scopes = []
}

and effectively is the same as this

provider "google" {
    scopes = [
	"https://www.googleapis.com/auth/cloud-platform",
	"https://www.googleapis.com/auth/userinfo.email"
    ]
}

because those are the default scopes

References

GoogleCloudPlatform/magic-modules#11860 (comment)