Merge pull request #8 from rackspace-infrastructure-automation/mc_1112

Fix origin access identity

Author: stevengorrell

main.tf

@@ -16,9 +16,12 @@ locals {
   }
 
   bucket_logging_config = "${var.bucket_logging ? "enabled" : "disabled"}"
+
+  active_trusted_signers = "${coalescelist(aws_cloudfront_distribution.cf_distribution_no_s3_origin_config.*.active_trusted_signers, aws_cloudfront_distribution.cf_distribution.*.active_trusted_signers, list(""))}"
 }
 
 resource "aws_cloudfront_distribution" "cf_distribution" {
+  count   = "${var.origin_access_identity_provided ? 1 : 0}"
   aliases = ["${var.aliases}"]
 
   default_cache_behavior {
@@ -90,3 +93,73 @@ resource "aws_cloudfront_distribution" "cf_distribution" {
 
   web_acl_id = "${var.web_acl_id}"
 }
+
+resource "aws_cloudfront_distribution" "cf_distribution_no_s3_origin_config" {
+  count   = "${var.origin_access_identity_provided ? 0 : 1}"
+  aliases = ["${var.aliases}"]
+
+  default_cache_behavior {
+    allowed_methods = "${var.allowed_methods}"
+    cached_methods  = "${var.cached_methods}"
+    compress        = "${var.compress}"
+    default_ttl     = "${var.default_ttl}"
+
+    forwarded_values {
+      cookies {
+        forward           = "${var.forward}"
+        whitelisted_names = "${var.whitelisted_names}"
+      }
+
+      headers                 = "${var.headers}"
+      query_string            = "${var.query_string}"
+      query_string_cache_keys = "${var.query_string_cache_keys}"
+    }
+
+    lambda_function_association = "${var.lambdas}"
+
+    max_ttl                = "${var.max_ttl}"
+    min_ttl                = "${var.min_ttl}"
+    smooth_streaming       = "${var.smooth_streaming}"
+    target_origin_id       = "${var.target_origin_id}"
+    trusted_signers        = "${var.trusted_signers}"
+    viewer_protocol_policy = "${var.viewer_protocol_policy}"
+  }
+
+  comment             = "${var.comment}"
+  default_root_object = "${var.default_root_object}"
+  enabled             = "${var.enabled}"
+  http_version        = "${var.http_version}"
+  is_ipv6_enabled     = "${var.is_ipv6_enabled}"
+
+  logging_config = ["${local.bucket_logging[local.bucket_logging_config]}"]
+
+  custom_error_response = ["${var.custom_error_response}"]
+
+  origin {
+    domain_name   = "${var.domain_name}"
+    custom_header = "${var.custom_header}"
+    origin_id     = "${var.origin_id}"
+    origin_path   = "${var.origin_path}"
+  }
+
+  price_class = "${var.price_class}"
+
+  restrictions {
+    geo_restriction {
+      locations        = "${var.locations}"
+      restriction_type = "${var.restriction_type}"
+    }
+  }
+
+  tags = "${merge(var.tags, local.tags)}"
+
+  viewer_certificate {
+    acm_certificate_arn            = "${var.acm_certificate_arn}"
+    cloudfront_default_certificate = "${var.cloudfront_default_certificate}"
+    iam_certificate_id             = "${var.iam_certificate_id}"
+    minimum_protocol_version       = "${var.minimum_protocol_version}"
+    ssl_support_method             = "${var.ssl_support_method}"
+  }
+
+  web_acl_id = "${var.web_acl_id}"
+}

outputs.tf

@@ -1,49 +1,49 @@
 output "id" {
   description = "The identifier for the distribution."
-  value       = "${aws_cloudfront_distribution.cf_distribution.id}"
+  value       = "${element(coalescelist(aws_cloudfront_distribution.cf_distribution.*.id, aws_cloudfront_distribution.cf_distribution_no_s3_origin_config.*.id, list("")), 0)}"
 }
 
 output "arn" {
   description = "The ARN (Amazon Resource Name) for the distribution."
-  value       = "${aws_cloudfront_distribution.cf_distribution.arn}"
+  value       = "${element(coalescelist(aws_cloudfront_distribution.cf_distribution.*.arn, aws_cloudfront_distribution.cf_distribution_no_s3_origin_config.*.arn, list("")), 0)}"
 }
 
 output "caller_reference" {
   description = "Internal value used by CloudFront to allow future updates to the distribution configuration."
-  value       = "${aws_cloudfront_distribution.cf_distribution.caller_reference}"
+  value       = "${element(coalescelist(aws_cloudfront_distribution.cf_distribution.*.caller_reference, aws_cloudfront_distribution.cf_distribution_no_s3_origin_config.*.caller_reference, list("")), 0)}"
 }
 
 output "status" {
   description = "The current status of the distribution."
-  value       = "${aws_cloudfront_distribution.cf_distribution.status}"
+  value       = "${element(coalescelist(aws_cloudfront_distribution.cf_distribution.*.status, aws_cloudfront_distribution.cf_distribution_no_s3_origin_config.*.status, list("")), 0)}"
 }
 
 output "active_trusted_signers" {
   description = "The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs."
-  value       = "${aws_cloudfront_distribution.cf_distribution.active_trusted_signers}"
+  value       = "${local.active_trusted_signers[0]}"
 }
 
 output "domain_name" {
   description = "The domain name corresponding to the distribution."
-  value       = "${aws_cloudfront_distribution.cf_distribution.domain_name}"
+  value       = "${element(coalescelist(aws_cloudfront_distribution.cf_distribution.*.domain_name, aws_cloudfront_distribution.cf_distribution_no_s3_origin_config.*.domain_name, list("")), 0)}"
 }
 
 output "last_modified_time" {
   description = "The date and time the distribution was last modified."
-  value       = "${aws_cloudfront_distribution.cf_distribution.last_modified_time}"
+  value       = "${element(coalescelist(aws_cloudfront_distribution.cf_distribution.*.last_modified_time, aws_cloudfront_distribution.cf_distribution_no_s3_origin_config.*.last_modified_time), 0)}"
 }
 
 output "in_progress_validation_batches" {
   description = "The number of invalidation batches currently in progress."
-  value       = "${aws_cloudfront_distribution.cf_distribution.in_progress_validation_batches}"
+  value       = "${element(coalescelist(aws_cloudfront_distribution.cf_distribution.*.in_progress_validation_batches, aws_cloudfront_distribution.cf_distribution_no_s3_origin_config.*.in_progress_validation_batches, list("")), 0)}"
 }
 
 output "etag" {
   description = "The current version of the distribution's information."
-  value       = "${aws_cloudfront_distribution.cf_distribution.etag}"
+  value       = "${element(coalescelist(aws_cloudfront_distribution.cf_distribution.*.etag, aws_cloudfront_distribution.cf_distribution_no_s3_origin_config.*.etag, list("")), 0)}"
 }
 
 output "hosted_zone_id" {
   description = "The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to."
-  value       = "${aws_cloudfront_distribution.cf_distribution.hosted_zone_id}"
+  value       = "${element(coalescelist(aws_cloudfront_distribution.cf_distribution.*.hosted_zone_id, aws_cloudfront_distribution.cf_distribution_no_s3_origin_config.*.hosted_zone_id, list("")), 0)}"
 }

tests/test1/main.tf

@@ -57,7 +57,8 @@ module "cloudfront_s3_origin" {
   aliases = ["testdomain.${random_string.cloudfront_rstring.result}.example.com"]
 
   # Origin access id
-  origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
+  origin_access_identity          = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
+  origin_access_identity_provided = true
 
   # default cache behavior
   allowed_methods  = ["GET", "HEAD"]

variables.tf

@@ -226,6 +226,12 @@ variable "origin_access_identity" {
   default     = ""
 }
 
+variable "origin_access_identity_provided" {
+  description = "origin_access_identity has been provided"
+  type        = "string"
+  default     = false
+}
+
 # Restrictions
 variable "locations" {
   description = "The two-letter, uppercase country code for a country that you want to include in your blacklist or whitelist."