Fix identity_type

[viliampucik]

Google provider supports empty string for identity_type. Even if IDENTITY_TYPE_UNSPECIFIED is used as the value, Terraform state stores empty string as the value instead. Hence it make sense to support empty string as a value in the module.

Also ANY_USER_ACCOUNT is the correct value for ingress identity_type.

---

Checklist

I applicable, I acknowledge that I have:

• Read the contributing guide
• Ran terraform fmt on all modified files
• Regenerated the relevant README.md files using tools/tfdoc.py
• Made sure all relevant tests pass

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[ludoo]

Can you provide a use case? We initially defaulted to empty and the effect was not what users intended, unless an actual value was passed. Unless behaviour changed, I don't think we should default to something that has no actual use.

[viliampucik]

@ludoo The issue is not with the default value. The issue is that when you use IDENTITY_TYPE_UNSPECIFIED value for identity_type in your Terraform code, then after terraform apply, Terraform state will store empty string for identity_type instead (that's the main issue). The new run of terraform plan/apply will show a difference between your Terraform code and state, so you will end up with infinite diff. It is better to allow and use empty string instead of IDENTITY_TYPE_UNSPECIFIED.

[ludoo]

You're removing values which are legitime according to the API docs

https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#IdentityType