direct: secret_scopes: set default for scope_backend_type to prevent recreate (#4834)

## Why
Without this setting configurations that don't set scope_backend_type
experience permanent drift with recreation of secret scopes.

## Tests
New invariant test config without this field. The invariant/no_drift
already catches this with the right config.

Author: denik

NEXT_CHANGELOG.md

@@ -10,6 +10,7 @@
 * engine/direct: Fix drift in grants resource due to privilege reordering ([#4794](https://github.com/databricks/cli/pull/4794))
 * engine/direct: Fix 400 error when deploying grants with ALL_PRIVILEGES ([#4801](https://github.com/databricks/cli/pull/4801))
 * Deduplicate grant entries with duplicate principals or privileges during initialization ([#4801](https://github.com/databricks/cli/pull/4801))
+* engine/direct: Fix unwanted recreation of secret scopes when scope_backend_type is not set ([#4834](https://github.com/databricks/cli/pull/4834))
 
 ### Dependency updates
 

acceptance/bundle/invariant/configs/secret_scope_default_backend_type.yml.tmpl

@@ -0,0 +1,7 @@
+bundle:
+  name: test-bundle-$UNIQUE_NAME
+
+resources:
+  secret_scopes:
+    foo:
+      name: test-scope-$UNIQUE_NAME

acceptance/bundle/invariant/continue_293/out.test.toml

@@ -4,6 +4,7 @@ EnvMatrixExclude.no_external_location = ["INPUT_CONFIG=external_location.yml.tmp
 
 # Unexpected action='create' for resources.secret_scopes.foo.permissions
 EnvMatrixExclude.no_secret_scope = ["INPUT_CONFIG=secret_scope.yml.tmpl"]
+EnvMatrixExclude.no_secret_scope2 = ["INPUT_CONFIG=secret_scope_default_backend_type.yml.tmpl"]
 
 # Cross-resource permission references (e.g. ${resources.jobs.job_b.permissions[0].level})
 # don't work in terraform mode: the terraform interpolator converts the path to

acceptance/bundle/invariant/migrate/out.test.toml

@@ -48,6 +48,7 @@ EnvMatrix.INPUT_CONFIG = [
     "schema_grant_ref.yml.tmpl",
     "schema_with_grants.yml.tmpl",
     "secret_scope.yml.tmpl",
+    "secret_scope_default_backend_type.yml.tmpl",
     "synced_database_table.yml.tmpl",
     "volume.yml.tmpl",
 ]

acceptance/bundle/invariant/migrate/test.toml

@@ -381,6 +381,10 @@ resources:
       - field: compute_size
 
   secret_scopes:
+    backend_defaults:
+      # The Secrets API defaults scope_backend_type to DATABRICKS when not specified.
+      - field: scope_backend_type
+        values: ["DATABRICKS"]
     recreate_on_changes:
       - field: scope
         reason: immutable