Add support for Client VPN Route resource

[RickyRajinder]

Adds support for the following resource:
https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-routes.html

Curently a workaround is implemented to access this API:
#7831 (comment)

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Closes #10437
Closes #7831

Release note for CHANGELOG:

New Resource: aws_ec2_client_vpn_route

Output from acceptance testing:

=== RUN   TestAccAwsEc2ClientVpnRoute_basic
=== PAUSE TestAccAwsEc2ClientVpnRoute_basic
=== CONT  TestAccAwsEc2ClientVpnRoute_basic
--- PASS: TestAccAwsEc2ClientVpnRoute_basic (587.52s)
PASS

=== RUN   TestAccAwsEc2ClientVpnRoute_disappears
=== PAUSE TestAccAwsEc2ClientVpnRoute_disappears
=== CONT  TestAccAwsEc2ClientVpnRoute_disappears
--- PASS: TestAccAwsEc2ClientVpnRoute_disappears (635.60s)
PASS


...

[RickyRajinder]

@bflad Can you please review?

[gazoakley]

Looks like this does the same as #10560

[gdavison]

Hi @RickyRajinder, thanks for the PR. It's a great start for this feature. I've indicated a number of changes that can be made.

We'd also like to see some documentation added for the resource.

[gdavison]

ForceNew does not work with Computed fields

[gdavison]

We should create a "synthetic id" which can be built out of the arguments that will uniquely identify this route. Something like < client_vpn_endpoint_id>_< target_vpc_subnet_id>_< destination_cidr_block>. This is especially important since the resource is importable. The separator can be anything, but it should exclude any symbols that could be in the values, so in this case, avoid -, ., and /.

The ID can then be unpacked to use in the Read function to specify all of the parameters.

We use these in a number of resources, such as aws_route53_record and aws_security_group_rule.

[gdavison]

You can add values for the Filters field, to completely specify the route.

[gdavison]

This should set all of the values, rather than checking for it being set. This way we ensure that the Terraform state contains the values as seen by AWS, and we can check for drift and update if needed.

[gdavison]

We're updating our error messages to use the Go 1.13 error wrapping verb %w

[gdavison]

Some other tests that would be useful for this resource:

1. Update the values on a route and ensure that the old one is deleted and the new one is created
2. Have more than one route associated with the Client VPN to ensure that the Read function is getting the correct route
   • Also update one of the routes to make sure that only the correct route is updated
3. Have a test for adding and then removing a route
   • 0 -> 1 -> 0
   • 1 -> 2 -> 1

[gdavison]

This should ensure that the route has been fully deleted, so ec2.ClientVpnRouteStatusCodeDeleting should not be accepted for this check

[gdavison]

This will need to use the three required arguments to fully specify the correct route

[gdavison]

Since rName is repeated here, you can use argument indexes, like %[1]s

[gdavison]

We've added a function composeConfig() that can be used to merge together configurations. E.g.

return composeConfig(
    testAccEc2ClientVpnRouteConfigAcmCertificateBase(),
    fmt.Sprint(`...`, rName))

As you add more tests, you can make a base configuration snippet that contains the common pieces, like the VPC and subnets

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!