feat: complex variable type for default cache behavior

Author: kevcube

README.md

@@ -145,7 +145,7 @@ No modules.
 | <a name="input_create_origin_access_identity"></a> [create\_origin\_access\_identity](#input\_create\_origin\_access\_identity) | Controls if CloudFront origin access identity should be created | `bool` | `false` | no |
 | <a name="input_create_vpc_origin"></a> [create\_vpc\_origin](#input\_create\_vpc\_origin) | If enabled, the resource for VPC origin will be created. | `bool` | `false` | no |
 | <a name="input_custom_error_response"></a> [custom\_error\_response](#input\_custom\_error\_response) | One or more custom error response elements | `any` | `{}` | no |
-| <a name="input_default_cache_behavior"></a> [default\_cache\_behavior](#input\_default\_cache\_behavior) | The default cache behavior for this distribution | `any` | `null` | no |
+| <a name="input_default_cache_behavior"></a> [default\_cache\_behavior](#input\_default\_cache\_behavior) | The default cache behavior for this distribution | <pre>object({<br/>    allowed_methods           = list(string)<br/>    cached_methods            = list(string)<br/>    cache_policy_id           = optional(string)<br/>    compress                  = optional(bool)<br/>    default_ttl               = optional(number)<br/>    field_level_encryption_id = optional(string)<br/>    forwarded_values = optional(object({<br/>      cookies = object({<br/>        forward           = string<br/>        whitelisted_names = optional(list(string))<br/>      })<br/>      headers                 = optional(list(string))<br/>      query_string            = bool<br/>      query_string_cache_keys = optional(list(string))<br/>    }))<br/>    lambda_function_association = optional(map(object({<br/>      # event_type = map key<br/>      lambda_arn   = string<br/>      include_body = optional(bool)<br/>    })), {})<br/>    function_association = optional(map(object({<br/>      # event_type = map key<br/>      function_arn = string<br/>    })), {})<br/>    max_ttl                    = optional(number)<br/>    min_ttl                    = optional(number)<br/>    origin_request_policy_id   = optional(string)<br/>    realtime_log_config_arn    = optional(string)<br/>    response_headers_policy_id = optional(string)<br/>    smooth_streaming           = optional(bool)<br/>    target_origin_id           = string<br/>    trusted_key_groups         = optional(list(string))<br/>    trusted_signers            = optional(list(string))<br/>    viewer_protocol_policy     = string<br/>    grpc_config = optional(object({<br/>      enabled = bool<br/>    }))<br/>  })</pre> | n/a | yes |
 | <a name="input_default_root_object"></a> [default\_root\_object](#input\_default\_root\_object) | The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. | `string` | `null` | no |
 | <a name="input_enabled"></a> [enabled](#input\_enabled) | Whether the distribution is enabled to accept end user requests for content. | `bool` | `true` | no |
 | <a name="input_geo_restriction"></a> [geo\_restriction](#input\_geo\_restriction) | The restriction configuration for this distribution (geo\_restrictions) | `any` | `{}` | no |

main.tf

@@ -162,77 +162,68 @@ resource "aws_cloudfront_distribution" "this" {
     }
   }
 
-  dynamic "default_cache_behavior" {
-    for_each = [var.default_cache_behavior]
-    iterator = i
-
-    content {
-      target_origin_id       = i.value["target_origin_id"]
-      viewer_protocol_policy = i.value["viewer_protocol_policy"]
-
-      allowed_methods           = lookup(i.value, "allowed_methods", ["GET", "HEAD", "OPTIONS"])
-      cached_methods            = lookup(i.value, "cached_methods", ["GET", "HEAD"])
-      compress                  = lookup(i.value, "compress", null)
-      field_level_encryption_id = lookup(i.value, "field_level_encryption_id", null)
-      smooth_streaming          = lookup(i.value, "smooth_streaming", null)
-      trusted_signers           = lookup(i.value, "trusted_signers", null)
-      trusted_key_groups        = lookup(i.value, "trusted_key_groups", null)
-
-      cache_policy_id            = try(i.value.cache_policy_id, data.aws_cloudfront_cache_policy.this[i.value.cache_policy_name].id, null)
-      origin_request_policy_id   = try(i.value.origin_request_policy_id, data.aws_cloudfront_origin_request_policy.this[i.value.origin_request_policy_name].id, null)
-      response_headers_policy_id = try(i.value.response_headers_policy_id, data.aws_cloudfront_response_headers_policy.this[i.value.response_headers_policy_name].id, null)
-
-      realtime_log_config_arn = lookup(i.value, "realtime_log_config_arn", null)
-
-      min_ttl     = lookup(i.value, "min_ttl", null)
-      default_ttl = lookup(i.value, "default_ttl", null)
-      max_ttl     = lookup(i.value, "max_ttl", null)
-
-      dynamic "forwarded_values" {
-        for_each = lookup(i.value, "use_forwarded_values", true) ? [true] : []
+  default_cache_behavior {
+    allowed_methods           = var.default_cache_behavior.allowed_methods
+    cached_methods            = var.default_cache_behavior.cached_methods
+    cache_policy_id           = var.default_cache_behavior.cache_policy_id
+    compress                  = var.default_cache_behavior.compress
+    default_ttl               = var.default_cache_behavior.default_ttl
+    field_level_encryption_id = var.default_cache_behavior.field_level_encryption_id
 
-        content {
-          query_string            = lookup(i.value, "query_string", false)
-          query_string_cache_keys = lookup(i.value, "query_string_cache_keys", [])
-          headers                 = lookup(i.value, "headers", [])
+    dynamic "forwarded_values" {
+      for_each = var.default_cache_behavior.forwarded_values != null ? [var.default_cache_behavior.forwarded_values] : []
 
-          cookies {
-            forward           = lookup(i.value, "cookies_forward", "none")
-            whitelisted_names = lookup(i.value, "cookies_whitelisted_names", null)
-          }
+      content {
+        cookies {
+          forward           = forwarded_values.value.cookies.forward
+          whitelisted_names = forwarded_values.value.cookies.whitelisted_names
         }
+        headers                 = forwarded_values.value.headers
+        query_string            = forwarded_values.value.query_string
+        query_string_cache_keys = forwarded_values.value.query_string_cache_keys
       }
+    }
 
-      dynamic "lambda_function_association" {
-        for_each = lookup(i.value, "lambda_function_association", [])
-        iterator = l
+    dynamic "lambda_function_association" {
+      for_each = var.default_cache_behavior.lambda_function_association
 
-        content {
-          event_type   = l.key
-          lambda_arn   = l.value.lambda_arn
-          include_body = lookup(l.value, "include_body", null)
-        }
+      content {
+        event_type   = lambda_function_association.key
+        lambda_arn   = lambda_function_association.value.lambda_arn
+        include_body = lambda_function_association.value.include_body
       }
+    }
 
-      dynamic "function_association" {
-        for_each = lookup(i.value, "function_association", [])
-        iterator = f
+    dynamic "function_association" {
+      for_each = var.default_cache_behavior.function_association
 
-        content {
-          event_type   = f.key
-          function_arn = f.value.function_arn
-        }
+      content {
+        event_type   = function_association.key
+        function_arn = function_association.value.function_arn
       }
+    }
 
-      dynamic "grpc_config" {
-        for_each = try([i.value.grpc_config], [])
-        content {
-          enabled = grpc_config.value.enabled
-        }
+    max_ttl                    = var.default_cache_behavior.max_ttl
+    min_ttl                    = var.default_cache_behavior.min_ttl
+    origin_request_policy_id   = var.default_cache_behavior.origin_request_policy_id
+    realtime_log_config_arn    = var.default_cache_behavior.realtime_log_config_arn
+    response_headers_policy_id = var.default_cache_behavior.response_headers_policy_id
+    smooth_streaming           = var.default_cache_behavior.smooth_streaming
+    target_origin_id           = var.default_cache_behavior.target_origin_id
+    trusted_key_groups         = var.default_cache_behavior.trusted_key_groups
+    trusted_signers            = var.default_cache_behavior.trusted_signers
+    viewer_protocol_policy     = var.default_cache_behavior.viewer_protocol_policy
+
+    dynamic "grpc_config" {
+      for_each = var.default_cache_behavior.grpc_config != null ? [var.default_cache_behavior.grpc_config] : []
+
+      content {
+        enabled = grpc_config.value.enabled
       }
     }
   }
 
+
   dynamic "ordered_cache_behavior" {
     for_each = var.ordered_cache_behavior
     iterator = i

variables.tf

@@ -193,8 +193,45 @@ variable "custom_error_response" {
 
 variable "default_cache_behavior" {
   description = "The default cache behavior for this distribution"
-  type        = any
-  default     = null
+  type = object({
+    allowed_methods           = list(string)
+    cached_methods            = list(string)
+    cache_policy_id           = optional(string)
+    compress                  = optional(bool)
+    default_ttl               = optional(number)
+    field_level_encryption_id = optional(string)
+    forwarded_values = optional(object({
+      cookies = object({
+        forward           = string
+        whitelisted_names = optional(list(string))
+      })
+      headers                 = optional(list(string))
+      query_string            = bool
+      query_string_cache_keys = optional(list(string))
+    }))
+    lambda_function_association = optional(map(object({
+      # event_type = map key
+      lambda_arn   = string
+      include_body = optional(bool)
+    })), {})
+    function_association = optional(map(object({
+      # event_type = map key
+      function_arn = string
+    })), {})
+    max_ttl                    = optional(number)
+    min_ttl                    = optional(number)
+    origin_request_policy_id   = optional(string)
+    realtime_log_config_arn    = optional(string)
+    response_headers_policy_id = optional(string)
+    smooth_streaming           = optional(bool)
+    target_origin_id           = string
+    trusted_key_groups         = optional(list(string))
+    trusted_signers            = optional(list(string))
+    viewer_protocol_policy     = string
+    grpc_config = optional(object({
+      enabled = bool
+    }))
+  })
 }
 
 variable "ordered_cache_behavior" {

wrappers/main.tf

@@ -12,7 +12,7 @@ module "wrapper" {
   create_origin_access_identity   = try(each.value.create_origin_access_identity, var.defaults.create_origin_access_identity, false)
   create_vpc_origin               = try(each.value.create_vpc_origin, var.defaults.create_vpc_origin, false)
   custom_error_response           = try(each.value.custom_error_response, var.defaults.custom_error_response, {})
-  default_cache_behavior          = try(each.value.default_cache_behavior, var.defaults.default_cache_behavior, null)
+  default_cache_behavior          = try(each.value.default_cache_behavior, var.defaults.default_cache_behavior)
   default_root_object             = try(each.value.default_root_object, var.defaults.default_root_object, null)
   enabled                         = try(each.value.enabled, var.defaults.enabled, true)
   geo_restriction                 = try(each.value.geo_restriction, var.defaults.geo_restriction, {})