From 2bdb376f41a72defe7220a24bb8dadb498db740b Mon Sep 17 00:00:00 2001
From: Clayton Burlison <git@clburlison.com>
Date: Thu, 28 Jul 2022 14:15:51 -0500
Subject: [PATCH] Add dynamic lambda (#6)

* feat: Adding dynamic lambda function for icon directory

* fix: use correct cloudfront distro point

Co-authored-by: Jon Crain <jon.crain@unity3d.com>
---
 cloudfront.tf | 9 ++++++---
 variables.tf  | 6 ++++++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/cloudfront.tf b/cloudfront.tf
index 100a474..1f99d92 100644
--- a/cloudfront.tf
+++ b/cloudfront.tf
@@ -254,9 +254,12 @@ resource "aws_cloudfront_distribution" "munki_basic_auth" {
   ordered_cache_behavior {
     path_pattern = "/icons/*"
 
-    lambda_function_association {
-      event_type = "viewer-request"
-      lambda_arn = "${aws_lambda_function.basic_auth_lambda[0].arn}:${aws_lambda_function.basic_auth_lambda[0].version}"
+    dynamic "lambda_function_association" {
+      for_each = var.enable_icons_basic_auth ? ["true"] : []
+      content {
+        event_type = "viewer-request"
+        lambda_arn = "${aws_lambda_function.basic_auth_lambda[0].arn}:${aws_lambda_function.basic_auth_lambda[0].version}"
+      }
     }
 
     trusted_signers        = var.cf_trusted_signers
diff --git a/variables.tf b/variables.tf
index 6604675..8bca8e3 100644
--- a/variables.tf
+++ b/variables.tf
@@ -140,3 +140,9 @@ variable "icons_ordered_cache_behavior_max_ttl" {
   default     = 60
   description = "The maximum amount of time (in seconds) that a icon object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated."
 }
+
+variable "enable_icons_basic_auth" {
+  type        = bool
+  default     = true
+  description = "When set to 'true' the resource will enable basic auth for icons/ subpath"
+}