Add new aws_vpc_endpoint_route_table_association resource

[ewbankkit]

This PR follows on from #9244 and addresses #9138.
Here's the log from @kwilczynski's initial commit:

This commit adds a new resource which allows to a list of route tables to be
either added and/or removed from an existing VPC Endpoint. This resource would
also be complimentary to the existing `aws_vpc_endpoint` resource where the
route tables might not be specified (not a requirement for a VPC Endpoint to
be created successfully) during creation, especially where the workflow is
such where the route tables are not immediately known.

As it stands now the new aws_vpc_endpoint_route_table_association resource associates/dissociates as single route_table_id with a VPC endpoint.
Somehow I feel it's "better" Terraform to use a count attribute on the resource to associate multiple route tables with a VPC endpoint rather than accept a list of route tables in a single association, e.g.

resource "aws_vpc" "foo" {
    cidr_block = "10.0.0.0/16"
}

resource "aws_vpc_endpoint" "s3" {
    vpc_id = "${aws_vpc.foo.id}"
    service_name = "com.amazonaws.us-west-2.s3"
}

variable "c" {
    default = 2
}

resource "aws_route_table" "rt" {
    count = "${var.c}"

    vpc_id = "${aws_vpc.foo.id}"

    tags {
        Name = "test"
    }
}

resource "aws_vpc_endpoint_route_table_association" "a" {
    count = "${var.c}"

	vpc_endpoint_id = "${aws_vpc_endpoint.s3.id}"
	route_table_id  = "${element(aws_route_table.rt.*.id, count.index)}"
}

Since this is a "synthetic" resource (no underlying AWS resource maps exactly to this) this doesn't cause a cognitive disconnect, plus it greatly simplifies the implementation.
I welcome feedback on this, especially from @coen-hyde and @supergibbs who commented on the associated issue.

[ewbankkit]

Acceptance tests:

$ make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpcEndpointRouteTableAssociation_'

[jrnt30]

I believe generally you should be calling the d.SetId here to populate the state, the fact that you call Read immediately makes it a bit less necessary but is the pattern I've seen around the code base.

[ewbankkit]

OK, I'll fix that.

[ewbankkit]

Removing the [WIP] marker.
I am considering this as ready for consideration.

[kwilczynski]

@ewbankkit hi there! Thank you for completing this when I could not do it. You are a ⭐️ !

I do agree that relying on count seem much more natural with Terraform - my idea of having the ability to pass multiple IDs definitely is not as flexible as using the count 👍 .

[kwilczynski]

I would get rid of the comment here. If we are never going to use UpdateFunc then I would not bother with clarification.

[ewbankkit]

Will do.

[kwilczynski]

Here, I would use fallthrough for both NotFound and simply log a simple message. Even more, perhaps catch all in the fallthrough case, and then issue a single message noting that it is gone (we do that in few other places). I could also be re-factored to catch the !ok case once, I believe.

[ewbankkit]

OK

[kwilczynski]

I am struggling with this a bit - do we need a custom type (also same in the code below) for two error messages?

[ewbankkit]

I'll revisit. I based that on another resource and maybe it's overkill in this situation.

[ewbankkit]

Pushed changes after @kwilczynski's code review:

• Removed error types and simplified the error handling in resourceAwsVPCEndpointRouteTableAssociationRead
• Simplified logging in resourceAwsVPCEndpointRouteTableAssociationDelete

[stack72]

A quick follow up point for the future - we usually log a message here just to let the user know we have removed from state

[ewbankkit]

OK. I won't change this now. Thanks for the tip.

[stack72]

Can we guarantee that it's the first endpoint in the collection?

[ewbankkit]

Yes. The desired VPC endpoint ID is passed as an input parameter and the API call will return either that VPC endpoint or a client error such as InvalidVpcEndpointId.Malformed or InvalidVpcEndpointId.NotFound.
We should be good here.

[stack72]

Hi @ewbankkit

this LGTM! I left a few small questions inline - if you are happy with those then we can push forward

Thanks to @kwilczynski for the review as well

P.

[ewbankkit]

Sorry, at re:Invent all last week. I'll address these now...

[stack72]

Hi @ewbankkit

Thanks for the work here (and the responses to my nit questions)

This LGTM!

% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSVpcEndpointRouteTableAssociation_'                                                                                               ✹
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/12/05 12:53:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSVpcEndpointRouteTableAssociation_ -timeout 120m
=== RUN   TestAccAWSVpcEndpointRouteTableAssociation_basic
--- PASS: TestAccAWSVpcEndpointRouteTableAssociation_basic (50.68s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/aws	50.700s

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.