Set attribute defaults conditionally

[wfdewith]

Rationale

(Based on discoveries in #257.)

When importing resources from backup files (or an ISO file in case of storage volumes) or copying them from existing resources, Incus and therefore the provider will determine ('compute' in Terraform terms) a number of attributes from the source file or resource, instead of the Terraform configuration. In the current state of the provider, this leads to two problems:

• Users can set these attributes (e.g. config) together with the source_file (or source_volume, etc.) in their configuration. When the provider then 'computes' these attributes based on the source, their values may not match the user's configuration. This leads to errors such as the following.

  ╷
  │ Error: Provider produced inconsistent result after apply
  │
  │ When applying changes to incus_storage_volume.some_backup, provider
  │ "provider[\"registry.terraform.io/lxc/incus\"]" produced an unexpected new value: .config: new element
  │ "security.shared" has appeared.
  │
  │ This is a bug in the provider, which should be reported in the provider's own issue tracker.
  ╵
  

• The attributes have default values in the provider. Unfortunately, Terraform applies these defaults unconditionally, meaning there is no determinable difference between a user omitting an attribute or setting the default value in their configuration. This loops back to the first problem: when the default value of an attribute does not match what is in the source file or resource, Terraform produces similar errors to the one mentioned above.

Solving the first problem is straightforward: we can just make the offending attributes mutually exclusive with source_file (or source_volume, etc.) with validators.ConflictsWith.

The second problem is unfortunately harder to solve. We have to remove the defaults from the attributes and only set them if source_file (or source_volume, etc.) are not specified. There are broadly two ways to achieve this, as far as I can see:

• Just set the defaults somewhere in the provider code, moments before they are used. In my opinion, this is not a good solution as it will scatter the default values throughout the provider code base for the specific resource.
• Use plan modifiers, which are executed after validation but before application of the configuration. We can use a plan modifier to determine which attributes are configured and only set the default value of an attribute if source_file (or source_volume, etc.) are not configured. This is the solution I went with in this PR. One small disadvantage is that plan modifiers need to be implemented per attribute type, so there is some duplication.

TODO

• Fix the problem in incus_storage_volume.
• Write tests for incus_storage_volume.
  • source_file
  • source_volume
• Determine which resources have the same problem and write tests and fixes for them as well.
  • incus_storage_bucket
  • incus_image
  • incus_instance

[wfdewith]

This should cover all occurrences of this bug in the provider. I made a few extra changes:

• All relevant tests Inow use the null_resource trick for creating backup files that was already used in the resource_instance_test.go file. This should ensure better resource cleanup when tests fail compared to just running incus commands.
• incus_instance already had some of the conflicts between attributes and source_file/source_instance configured, however, these validators were configured on the source_file and source_instance attributes. I moved them to the attributes they reference because that puts them next to the new plan modifiers, otherwise this code has to be kept in sync in two different places.

@maveonair Let me know what you think!

[maveonair]

* All relevant tests Inow use the `null_resource` trick for creating backup files that was already used in the `resource_instance_test.go` file. This should ensure better resource cleanup when tests fail compared to just running `incus` commands.

Nice!

* `incus_instance` already had some of the conflicts between attributes and `source_file`/`source_instance` configured, however, these validators were configured on the `source_file` and `source_instance` attributes. I moved them to the attributes they reference because that puts them next to the new plan modifiers, otherwise this code has to be kept in sync in two different places.

LGTM and I am looking forward to review the pull request when it is ready.

[wfdewith]

Tests are failing because of this bug: lxc/incus#2185

[wfdewith]

The CI failure appears unrelated to my changes; test failures are all in code I didn't touch in this PR.

[wfdewith]

I've reordered the commits so that the tests come after the changes to the code to prevent commits with failing tests on main. It's now ready for review.