Recently, I had a hell of a time figuring out how to handle authentication for running Terraform against Google Cloud. Most of Google’s documentation is way more complicated and uses a lot more jargon than the corresponding AWS documentation. Additionally, most of the existing blog posts I could find by other users talked about creating a service account and then downloading its key, and Google recommends against that for security reasons. Instead, they recommend setting up Workload Identity Federation, but all of their documents link to more documents, without actually telling you where to start.
After a few hours of experimentation and searching, I finally have it: you don’t need any provider configuration in Terraform.
On your desktop, run gcloud auth application-default login and the Google Cloud provider for terraform will pick up whatever it needs from the config file that the gcloud CLI creates. After this, terraform apply will just work.
You’re welcome.