diff --git a/main.tf b/main.tf index 2551e68..199ab29 100644 --- a/main.tf +++ b/main.tf @@ -4,32 +4,46 @@ resource "tls_private_key" "key_pair" { } locals { - config = jsonencode({ - AUTH_REQUEST = { - client_id = var.client_id - redirect_uri = var.redirect_uri - response_type = "code" - response_mode = "query" - scope = "openid email profile" - } - - TOKEN_REQUEST = { - client_id = var.client_id - grant_type = "authorization_code" - redirect_uri = var.redirect_uri - client_secret = var.client_secret - } - - DISTRIBUTION = "lambda-edge-azure-auth" - PRIVATE_KEY = tls_private_key.key_pair.private_key_pem - PUBLIC_KEY = tls_private_key.key_pair.public_key_pem - TENANT = var.tenant - DISCOVERY_DOCUMENT = "https://login.microsoftonline.com/${var.tenant}/v2.0/.well-known/openid-configuration" - SESSION_DURATION = var.session_duration * 60 * 60 - CALLBACK_PATH = regex("https?://.*(/.*$)", var.redirect_uri)[0] - TRAILING_SLASH_REDIRECTS_ENABLED = var.trailing_slash_redirects_enabled - SIMPLE_URLS_ENABLED = var.simple_urls_enabled - }) + config_file = { + path = "${path.module}/package/config.json" + + contents = jsonencode({ + AUTH_REQUEST = { + client_id = var.client_id + redirect_uri = var.redirect_uri + response_type = "code" + response_mode = "query" + scope = "openid email profile" + } + + TOKEN_REQUEST = { + client_id = var.client_id + grant_type = "authorization_code" + redirect_uri = var.redirect_uri + client_secret = var.client_secret + } + + DISTRIBUTION = "lambda-edge-azure-auth" + PRIVATE_KEY = tls_private_key.key_pair.private_key_pem + PUBLIC_KEY = tls_private_key.key_pair.public_key_pem + TENANT = var.tenant + DISCOVERY_DOCUMENT = "https://login.microsoftonline.com/${var.tenant}/v2.0/.well-known/openid-configuration" + SESSION_DURATION = var.session_duration * 60 * 60 + CALLBACK_PATH = regex("https?://.*(/.*$)", var.redirect_uri)[0] + TRAILING_SLASH_REDIRECTS_ENABLED = var.trailing_slash_redirects_enabled + SIMPLE_URLS_ENABLED = var.simple_urls_enabled + }) + } +} + +data "external" "create_config" { + program = ["sh", "-c", "printf '%s' '${local.config_file.contents}' > ${local.config_file.path} | sh >&2; echo {}"] +} + +resource "local_sensitive_file" "config" { + filename = local.config_file.path + content = local.config_file.contents + depends_on = [data.external.create_config] } module "lambda" { @@ -44,15 +58,12 @@ module "lambda" { lambda_at_edge = true cloudwatch_logs_retention_in_days = 30 - trigger_on_package_timestamp = false + recreate_missing_package = false source_path = { path = "${path.module}/package" patterns = ["!.gitignore"] - commands = [ - "printf '%s' '${local.config}' > config.json", - ":zip", - "rm -f config.json" - ] } + + depends_on = [local_sensitive_file.config] } diff --git a/readme.md b/readme.md index 65d369b..14fb2a0 100644 --- a/readme.md +++ b/readme.md @@ -13,12 +13,16 @@ Currently, the only supported provider is Microsoft AzureAD. |------|---------| | [terraform](#requirement\_terraform) | ~> 1.0 | | [aws](#requirement\_aws) | ~> 5.0 | +| [external](#requirement\_external) | ~> 2.0 | +| [local](#requirement\_local) | ~> 2.0 | | [tls](#requirement\_tls) | ~> 4.0 | ## Providers | Name | Version | |------|---------| +| [external](#provider\_external) | 2.3.4 | +| [local](#provider\_local) | 2.5.1 | | [tls](#provider\_tls) | 4.0.5 | ## Modules @@ -31,7 +35,9 @@ Currently, the only supported provider is Microsoft AzureAD. | Name | Type | |------|------| +| [local_sensitive_file.config](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource | | [tls_private_key.key_pair](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource | +| [external_external.create_config](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | ## Inputs diff --git a/versions.tf b/versions.tf index 2c431b0..da9534c 100644 --- a/versions.tf +++ b/versions.tf @@ -6,6 +6,14 @@ terraform { source = "hashicorp/aws" version = "~> 5.0" } + external = { + source = "hashicorp/external" + version = "~> 2.0" + } + local = { + source = "hashicorp/local" + version = "~> 2.0" + } tls = { source = "hashicorp/tls" version = "~> 4.0"