diff --git a/main.tf b/main.tf
index 2551e68..199ab29 100644
--- a/main.tf
+++ b/main.tf
@@ -4,32 +4,46 @@ resource "tls_private_key" "key_pair" {
}
locals {
- config = jsonencode({
- AUTH_REQUEST = {
- client_id = var.client_id
- redirect_uri = var.redirect_uri
- response_type = "code"
- response_mode = "query"
- scope = "openid email profile"
- }
-
- TOKEN_REQUEST = {
- client_id = var.client_id
- grant_type = "authorization_code"
- redirect_uri = var.redirect_uri
- client_secret = var.client_secret
- }
-
- DISTRIBUTION = "lambda-edge-azure-auth"
- PRIVATE_KEY = tls_private_key.key_pair.private_key_pem
- PUBLIC_KEY = tls_private_key.key_pair.public_key_pem
- TENANT = var.tenant
- DISCOVERY_DOCUMENT = "https://login.microsoftonline.com/${var.tenant}/v2.0/.well-known/openid-configuration"
- SESSION_DURATION = var.session_duration * 60 * 60
- CALLBACK_PATH = regex("https?://.*(/.*$)", var.redirect_uri)[0]
- TRAILING_SLASH_REDIRECTS_ENABLED = var.trailing_slash_redirects_enabled
- SIMPLE_URLS_ENABLED = var.simple_urls_enabled
- })
+ config_file = {
+ path = "${path.module}/package/config.json"
+
+ contents = jsonencode({
+ AUTH_REQUEST = {
+ client_id = var.client_id
+ redirect_uri = var.redirect_uri
+ response_type = "code"
+ response_mode = "query"
+ scope = "openid email profile"
+ }
+
+ TOKEN_REQUEST = {
+ client_id = var.client_id
+ grant_type = "authorization_code"
+ redirect_uri = var.redirect_uri
+ client_secret = var.client_secret
+ }
+
+ DISTRIBUTION = "lambda-edge-azure-auth"
+ PRIVATE_KEY = tls_private_key.key_pair.private_key_pem
+ PUBLIC_KEY = tls_private_key.key_pair.public_key_pem
+ TENANT = var.tenant
+ DISCOVERY_DOCUMENT = "https://login.microsoftonline.com/${var.tenant}/v2.0/.well-known/openid-configuration"
+ SESSION_DURATION = var.session_duration * 60 * 60
+ CALLBACK_PATH = regex("https?://.*(/.*$)", var.redirect_uri)[0]
+ TRAILING_SLASH_REDIRECTS_ENABLED = var.trailing_slash_redirects_enabled
+ SIMPLE_URLS_ENABLED = var.simple_urls_enabled
+ })
+ }
+}
+
+data "external" "create_config" {
+ program = ["sh", "-c", "printf '%s' '${local.config_file.contents}' > ${local.config_file.path} | sh >&2; echo {}"]
+}
+
+resource "local_sensitive_file" "config" {
+ filename = local.config_file.path
+ content = local.config_file.contents
+ depends_on = [data.external.create_config]
}
module "lambda" {
@@ -44,15 +58,12 @@ module "lambda" {
lambda_at_edge = true
cloudwatch_logs_retention_in_days = 30
- trigger_on_package_timestamp = false
+ recreate_missing_package = false
source_path = {
path = "${path.module}/package"
patterns = ["!.gitignore"]
- commands = [
- "printf '%s' '${local.config}' > config.json",
- ":zip",
- "rm -f config.json"
- ]
}
+
+ depends_on = [local_sensitive_file.config]
}
diff --git a/readme.md b/readme.md
index 65d369b..14fb2a0 100644
--- a/readme.md
+++ b/readme.md
@@ -13,12 +13,16 @@ Currently, the only supported provider is Microsoft AzureAD.
|------|---------|
| [terraform](#requirement\_terraform) | ~> 1.0 |
| [aws](#requirement\_aws) | ~> 5.0 |
+| [external](#requirement\_external) | ~> 2.0 |
+| [local](#requirement\_local) | ~> 2.0 |
| [tls](#requirement\_tls) | ~> 4.0 |
## Providers
| Name | Version |
|------|---------|
+| [external](#provider\_external) | 2.3.4 |
+| [local](#provider\_local) | 2.5.1 |
| [tls](#provider\_tls) | 4.0.5 |
## Modules
@@ -31,7 +35,9 @@ Currently, the only supported provider is Microsoft AzureAD.
| Name | Type |
|------|------|
+| [local_sensitive_file.config](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |
| [tls_private_key.key_pair](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
+| [external_external.create_config](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
## Inputs
diff --git a/versions.tf b/versions.tf
index 2c431b0..da9534c 100644
--- a/versions.tf
+++ b/versions.tf
@@ -6,6 +6,14 @@ terraform {
source = "hashicorp/aws"
version = "~> 5.0"
}
+ external = {
+ source = "hashicorp/external"
+ version = "~> 2.0"
+ }
+ local = {
+ source = "hashicorp/local"
+ version = "~> 2.0"
+ }
tls = {
source = "hashicorp/tls"
version = "~> 4.0"