Add egress_private_endpoint_domain_names resource

[mwstobo]

This commit implements custom domain names for an egress private endpoint as a Terraform resource. See below for official Cockroach Cloud documentation for the feature. This feature is currently in limited access and is not yet available to all customers.

This resource is separate from the existing egress private endpoint resource for sequencing reasons: in order for domain names to be successfully added to an egress private endpoint, the endpoint must be in the AVAILABLE state. However, it is possible that other resources might be needed to make the endpoint AVAILABLE. Therefore, we have two resources, to allow Terraform to create one separately from the other.

https://www.cockroachlabs.com/docs/cockroachcloud/egress-private-endpoints.html

This PR is waiting for two things:

• Newly renamed UpdateEgressPrivateEndpoint
• Domain names state field to be added to the response model

Commit checklist

• Changelog
• Doc gen (make generate)
• Integration test(s)
• Acceptance test(s)
• Example(s)

[jhlodin]

Minor docs suggestions, otherwise LGTM

[jhlodin]

Suggested change

	- `domain_names` (List of String) domain_names are the domain names to associate with the egress private endpoint.
	- `domain_names` (List of Strings) domain_names contains a list of domain names to associate with the egress private endpoint.

[mwstobo]

List of String is auto generated, so I can't change it. I've made the suggested wording change though!

[fantapop]

The code is all looking good to me here. I was wondering why we need a separate resource for this? It seems like we could just add the domain_names list to the cockroach_egress_private_endpoint resource. If there is a reason we should probably document it somewhere. Maybe just the commit message.

[mwstobo]

Good question! The expected use case for this feature includes a bit of sequencing:

• Create a cockroach_egress_private_endpoint in CC using a target_service_identifier from another, non-CC resource. The endpoint will be created in the PENDING state.
• Create a non-CC resource using outputs from the cockroach_egress_private_endpoint. This resource will allow the endpoint to move into the AVAILABLE state.
• Create a cockroach_egress_private_endpoint_domain_names resource. Domain names can only be set up once the endpoint is AVAILABLE.

If domain names were configured in cockroach_egress_private_endpoint, we would never be able to create the second resource needed to move the endpoint into the AVAILABLE state, and domain names would never be successfully created.

[mwstobo]

The example in the docs describes how this works with Confluent Cloud:

resource "confluent_private_link_attachment" "main" {
  cloud        = "AWS"
  region       = "us-east-1"
  display_name = "main-private-link-attachment"
  environment {
    id = confluent_environment.main.id
  }
}

resource "cockroach_egress_private_endpoint" "confluent_cloud" {
  cluster_id                = cockroach_cluster.my_cluster.id
  region                    = "us-east-1"
  target_service_type       = "PRIVATE_SERVICE"
  target_service_identifier = confluent_private_link_attachment.main.aws.vpc_endpoint_service_name
}

resource "confluent_private_link_attachment_connection" "cockroach_cloud" {
  display_name = "cockroach-cloud-access-point"
  environment {
    id = confluent_environment.main.id
  }
  aws {
    vpc_endpoint_id = cockroach_egress_private_endpoint.confluent_cloud.endpoint_connection_id
  }
  private_link_attachment {
    id = confluent_private_link_attachment.main.id
  }
}

resource "cockroach_egress_private_endpoint_domain_names" "confluent_cloud" {
  cluster_id  = cockroach_cluster.my_cluster.id
  endpoint_id = cockroach_egress_private_endpoint.confluent_cloud.id
  domain_names = [
    "*.us-east-1.aws.private.confluent.cloud"
  ]

  depends_on = [
    confluent_private_link_attachment_connection.cockroach_cloud
  ]
}

[fantapop]

Perf, thanks for the explanation.