api gateway endpoint configuration support

[kapilt]

Closes #956
Closes #897
Closes #976

Support configuring and updating the api gateway endpoint type (EDGE (default), REGIONAL, PRIVATE).

Support configure api gateway resource policy, with additional provisions for automatic policy construction in case of PRIVATE endpoints if VPC Endpoint is configured (else a manually specified policy is required).

Note for PRIVATE endpoints this does not create a vpc endpoint, which needs to be created out of band. A single vpc endpoint can be used for multiple apis though, so its one time per region config per account.

[codecov-io]

Codecov Report

Merging #1160 into master will increase coverage by <.01%.
The diff coverage is 96.49%.

@@            Coverage Diff             @@
##           master    #1160      +/-   ##
==========================================
+ Coverage   95.81%   95.81%   +<.01%     
==========================================
  Files          28       28              
  Lines        4973     5021      +48     
  Branches      626      636      +10     
==========================================
+ Hits         4765     4811      +46     
- Misses        135      136       +1     
- Partials       73       74       +1

Impacted Files	Coverage Δ
chalice/package.py	100% <ø> (ø)	⬆️
chalice/deploy/planner.py	96.99% <100%> (+0.05%)	⬆️
chalice/config.py	95.78% <100%> (+0.15%)	⬆️
chalice/constants.py	100% <100%> (ø)	⬆️
chalice/deploy/validate.py	100% <100%> (ø)	⬆️
chalice/cli/factory.py	92.4% <100%> (+0.04%)	⬆️
chalice/awsclient.py	94.55% <100%> (+0.01%)	⬆️
chalice/deploy/swagger.py	100% <100%> (ø)	⬆️
chalice/deploy/models.py	99.43% <100%> (ø)	⬆️
chalice/deploy/deployer.py	97.8% <77.77%> (-0.45%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 32fabb3...b86b569. Read the comment docs.

[stealthycoin]

Looks good to me, just one comment about docs.

[kapilt]

ci is failing because with the websocket addition, new additions to planner end up going above the module size limit. I don't see many options here beyond disable this check globally for pylint

chalice/deploy/planner.py:2:0: C0302: Too many lines in module (1009/1000) (too-many-lines)

[kyleknap]

I just wanted to post some feedback that can be addressed. Just capturing some of the offline discussion we had...

In short the new configuration option, looks good to me. However for private api gateway, it seems like there needs to be configuration on the api gateway policy to get this all to work (we still need to confirm this). This would means we probably would want to expose a vpc endpoint id as a configuration option to auto-inject a policy and also probably expose the ability to provide a policy in the .chalice/config.json file. If it ends up being that we do need a policy applied, it may make sense to scope this PR down to regional endpoint types. Then make two subsequent PR's to support api policy and then private api's in order to narrow the scope of the PR's and not completely block support for regional endpoints.

[kapilt]

i went ahead and disabled the PRIVATE endpoint type (with validation) for a followup branch that will expose api policy and configuring private endpoint types.

[update] per comments below, i went ahead and added in private endpoints back into the branch with auto or manual policy configuration and vpce config.

[kapilt]

fwiw, addressed review comments and did some manual verification, change from review are in the second commit.

[kapilt]

i went ahead and added in support for private endpoints and automated or manual policy config to this pr.

[kyleknap]

Looks good. Thanks for adding the vpce and APIG policies support. I mainly had ideas/feedback on these newly added configuration options.

[kyleknap]

Awesome! This looks great to me. Thanks for all of the work on this. Merging