fix: Change default value for ordered_cache_behavior to empty list to avoid type checking acrobatics and type mis-matches

README.md

@@ -200,7 +200,7 @@ No modules.
 | <a name="input_http_version"></a> [http\_version](#input\_http\_version) | The maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3, and http3. The default is http2 | `string` | `"http2"` | no |
 | <a name="input_is_ipv6_enabled"></a> [is\_ipv6\_enabled](#input\_is\_ipv6\_enabled) | Whether the IPv6 is enabled for the distribution | `bool` | `true` | no |
 | <a name="input_logging_config"></a> [logging\_config](#input\_logging\_config) | The logging configuration that controls how logs are written to your distribution (maximum one) | <pre>object({<br/>    bucket          = optional(string)<br/>    include_cookies = optional(bool)<br/>    prefix          = optional(string)<br/>  })</pre> | `null` | no |
-| <a name="input_ordered_cache_behavior"></a> [ordered\_cache\_behavior](#input\_ordered\_cache\_behavior) | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0 | <pre>list(object({<br/>    allowed_methods           = optional(list(string), ["GET", "HEAD", "OPTIONS"])<br/>    cached_methods            = optional(list(string), ["GET", "HEAD"])<br/>    cache_policy_id           = optional(string)<br/>    cache_policy_name         = optional(string)<br/>    compress                  = optional(bool, true)<br/>    default_ttl               = optional(number)<br/>    field_level_encryption_id = optional(string)<br/>    forwarded_values = optional(object({<br/>      cookies = object({<br/>        forward           = optional(string, "none")<br/>        whitelisted_names = optional(list(string))<br/>      })<br/>      headers                 = optional(list(string))<br/>      query_string            = optional(bool, false)<br/>      query_string_cache_keys = optional(list(string))<br/>      }),<br/>      {<br/>        cookies = {<br/>          forward = "none"<br/>        }<br/>        query_string = false<br/>      }<br/>    )<br/>    function_association = optional(map(object({<br/>      event_type   = optional(string)<br/>      function_arn = optional(string)<br/>      function_key = optional(string)<br/>    })))<br/>    grpc_config = optional(object({<br/>      enabled = optional(bool)<br/>    }))<br/>    lambda_function_association = optional(map(object({<br/>      event_type   = optional(string)<br/>      include_body = optional(bool)<br/>      lambda_arn   = string<br/>    })))<br/>    max_ttl                      = optional(number)<br/>    min_ttl                      = optional(number)<br/>    origin_request_policy_id     = optional(string)<br/>    origin_request_policy_name   = optional(string)<br/>    path_pattern                 = string<br/>    realtime_log_config_arn      = optional(string)<br/>    response_headers_policy_id   = optional(string)<br/>    response_headers_policy_name = optional(string)<br/>    smooth_streaming             = optional(bool)<br/>    target_origin_id             = string<br/>    trusted_key_groups           = optional(list(string))<br/>    trusted_signers              = optional(list(string))<br/>    viewer_protocol_policy       = string<br/>  }))</pre> | `null` | no |
+| <a name="input_ordered_cache_behavior"></a> [ordered\_cache\_behavior](#input\_ordered\_cache\_behavior) | An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0 | <pre>list(object({<br/>    allowed_methods           = optional(list(string), ["GET", "HEAD", "OPTIONS"])<br/>    cached_methods            = optional(list(string), ["GET", "HEAD"])<br/>    cache_policy_id           = optional(string)<br/>    cache_policy_name         = optional(string)<br/>    compress                  = optional(bool, true)<br/>    default_ttl               = optional(number)<br/>    field_level_encryption_id = optional(string)<br/>    forwarded_values = optional(object({<br/>      cookies = object({<br/>        forward           = optional(string, "none")<br/>        whitelisted_names = optional(list(string))<br/>      })<br/>      headers                 = optional(list(string))<br/>      query_string            = optional(bool, false)<br/>      query_string_cache_keys = optional(list(string))<br/>      }),<br/>      {<br/>        cookies = {<br/>          forward = "none"<br/>        }<br/>        query_string = false<br/>      }<br/>    )<br/>    function_association = optional(map(object({<br/>      event_type   = optional(string)<br/>      function_arn = optional(string)<br/>      function_key = optional(string)<br/>    })))<br/>    grpc_config = optional(object({<br/>      enabled = optional(bool)<br/>    }))<br/>    lambda_function_association = optional(map(object({<br/>      event_type   = optional(string)<br/>      include_body = optional(bool)<br/>      lambda_arn   = string<br/>    })))<br/>    max_ttl                      = optional(number)<br/>    min_ttl                      = optional(number)<br/>    origin_request_policy_id     = optional(string)<br/>    origin_request_policy_name   = optional(string)<br/>    path_pattern                 = string<br/>    realtime_log_config_arn      = optional(string)<br/>    response_headers_policy_id   = optional(string)<br/>    response_headers_policy_name = optional(string)<br/>    smooth_streaming             = optional(bool)<br/>    target_origin_id             = string<br/>    trusted_key_groups           = optional(list(string))<br/>    trusted_signers              = optional(list(string))<br/>    viewer_protocol_policy       = string<br/>  }))</pre> | `[]` | no |
 | <a name="input_origin"></a> [origin](#input\_origin) | One or more origins for this distribution (multiples allowed) | <pre>map(object({<br/>    connection_attempts = optional(number)<br/>    connection_timeout  = optional(number)<br/>    custom_header       = optional(map(string))<br/>    custom_origin_config = optional(object({<br/>      http_port                = number<br/>      https_port               = number<br/>      ip_address_type          = optional(string)<br/>      origin_keepalive_timeout = optional(number)<br/>      origin_read_timeout      = optional(number)<br/>      origin_protocol_policy   = string<br/>      origin_ssl_protocols     = optional(list(string), ["TLSv1.2"])<br/>    }))<br/>    domain_name               = string<br/>    origin_access_control_key = optional(string)<br/>    origin_access_control_id  = optional(string)<br/>    origin_id                 = optional(string)<br/>    origin_path               = optional(string)<br/>    origin_shield = optional(object({<br/>      enabled              = bool<br/>      origin_shield_region = optional(string)<br/>    }))<br/>    response_completion_timeout = optional(number)<br/>    vpc_origin_config = optional(object({<br/>      origin_keepalive_timeout = optional(number)<br/>      origin_read_timeout      = optional(number)<br/>      vpc_origin_id            = optional(string)<br/>      vpc_origin_key           = optional(string)<br/>    }))<br/>  }))</pre> | `{}` | no |
 | <a name="input_origin_access_control"></a> [origin\_access\_control](#input\_origin\_access\_control) | Map of CloudFront origin access control | <pre>map(object({<br/>    description      = optional(string)<br/>    name             = optional(string)<br/>    origin_type      = string<br/>    signing_behavior = string<br/>    signing_protocol = string<br/>  }))</pre> | <pre>{<br/>  "s3": {<br/>    "origin_type": "s3",<br/>    "signing_behavior": "always",<br/>    "signing_protocol": "sigv4"<br/>  }<br/>}</pre> | no |
 | <a name="input_origin_group"></a> [origin\_group](#input\_origin\_group) | One or more origin\_group for this distribution (multiples allowed) | <pre>map(object({<br/>    failover_criteria = object({<br/>      status_codes = list(number)<br/>    })<br/>    member = list(object({<br/>      origin_id = string<br/>    }))<br/>    origin_id = optional(string)<br/>  }))</pre> | `null` | no |

examples/complete/README.md

@@ -57,7 +57,9 @@ Note that this example may create resources which cost money. Run `terraform des
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_domain"></a> [domain](#input\_domain) | The domain name to use when deploying the CloudFront distribution | `string` | `"terraform-aws-modules.modules.tf"` | no |
 
 ## Outputs
 

examples/complete/main.tf

@@ -11,9 +11,7 @@ data "aws_availability_zones" "available" {
 }
 
 locals {
-  # domain_name = "terraform-aws-modules.modules.tf"
-  domain_name = "sharedservices.clowd.haus"
-  subdomain   = "cdn"
+  subdomain = "cdn"
 
   name = "ex-${basename(path.cwd)}"
 
@@ -34,7 +32,7 @@ locals {
 module "cloudfront" {
   source = "../../"
 
-  aliases = ["${local.subdomain}.${local.domain_name}"]
+  aliases = ["${local.subdomain}.${var.domain}"]
 
   comment         = "My awesome CloudFront"
   enabled         = true
@@ -79,7 +77,7 @@ module "cloudfront" {
 
   origin = {
     appsync = {
-      domain_name = "appsync.${local.domain_name}"
+      domain_name = "appsync.${var.domain}"
       custom_origin_config = {
         http_port              = 80
         https_port             = 443
@@ -389,16 +387,16 @@ resource "aws_cloudfront_function" "example" {
 }
 
 data "aws_route53_zone" "this" {
-  name = local.domain_name
+  name = var.domain
 }
 
 module "acm" {
   source  = "terraform-aws-modules/acm/aws"
   version = "~> 4.0"
 
-  domain_name               = local.domain_name
+  domain_name               = var.domain
   zone_id                   = data.aws_route53_zone.this.id
-  subject_alternative_names = ["${local.subdomain}.${local.domain_name}"]
+  subject_alternative_names = ["${local.subdomain}.${var.domain}"]
 
   tags = local.tags
 }

examples/complete/variables.tf

@@ -0,0 +1,5 @@
+variable "domain" {
+  description = "The domain name to use when deploying the CloudFront distribution"
+  type        = string
+  default     = "terraform-aws-modules.modules.tf"
+}

main.tf

@@ -108,7 +108,7 @@ resource "aws_cloudfront_distribution" "this" {
   }
 
   dynamic "ordered_cache_behavior" {
-    for_each = var.ordered_cache_behavior != null ? var.ordered_cache_behavior : []
+    for_each = length(var.ordered_cache_behavior) > 0 ? var.ordered_cache_behavior : []
 
     content {
       allowed_methods           = ordered_cache_behavior.value.allowed_methods
@@ -535,7 +535,7 @@ resource "aws_cloudfront_monitoring_subscription" "this" {
 ################################################################################
 
 locals {
-  cache_behaviors = var.ordered_cache_behavior != null ? concat([var.default_cache_behavior], var.ordered_cache_behavior) : [var.default_cache_behavior]
+  cache_behaviors = concat([var.default_cache_behavior], var.ordered_cache_behavior)
 }
 
 data "aws_cloudfront_cache_policy" "this" {

variables.tf

@@ -191,7 +191,8 @@ variable "ordered_cache_behavior" {
     trusted_signers              = optional(list(string))
     viewer_protocol_policy       = string
   }))
-  default = null
+  default  = []
+  nullable = false
 }
 
 variable "origin_group" {

wrappers/main.tf

@@ -17,7 +17,7 @@ module "wrapper" {
   http_version                    = try(each.value.http_version, var.defaults.http_version, "http2")
   is_ipv6_enabled                 = try(each.value.is_ipv6_enabled, var.defaults.is_ipv6_enabled, true)
   logging_config                  = try(each.value.logging_config, var.defaults.logging_config, null)
-  ordered_cache_behavior          = try(each.value.ordered_cache_behavior, var.defaults.ordered_cache_behavior, null)
+  ordered_cache_behavior          = try(each.value.ordered_cache_behavior, var.defaults.ordered_cache_behavior, [])
   origin                          = try(each.value.origin, var.defaults.origin, {})
   origin_access_control = try(each.value.origin_access_control, var.defaults.origin_access_control, {
     s3 = {