Merge pull request #34 from Necromancerx/feature/support-conditional-…

…creation

Support conditional creation

README.md

@@ -27,6 +27,22 @@ module "aws_cognito_user_pool_simple" {
   }
 ```
 
+### Example (conditional creation)
+
+Sometimes you need to have a way to create Cognito User Pool resources conditionally but Terraform does not allow to use `count` inside `module` block, so the solution is to specify argument `enabled`.
+
+```
+# This Cognito User Pool will not be created
+module "aws_cognito_user_pool_conditional_creation" {
+
+  source  = "lgallard/cognito-user-pool/aws"
+
+  user_pool_name = "conditional_user_pool"
+  enabled = false
+
+}
+```
+
 ### Example (complete)
 
 This more complete example creates a AWS Cognito User Pool using a detailed configuration. Please check the example folder to get the example with all options:
@@ -159,6 +175,7 @@ module "aws_cognito_user_pool_complete" {
 | email\_configuration\_source\_arn | The ARN of the email source | `string` | `""` | no |
 | email\_verification\_message | A string representing the email verification message | `string` | `null` | no |
 | email\_verification\_subject | A string representing the email verification subject | `string` | `null` | no |
+| enabled | Controls if Cognito User Pool should be created | `bool` | `false` | no |
 | lambda\_config | A container for the AWS Lambda triggers associated with the user pool | `map` | `null` | no |
 | lambda\_config\_create\_auth\_challenge | The ARN of the lambda creating an authentication challenge. | `string` | `""` | no |
 | lambda\_config\_custom\_message | A custom Message AWS Lambda trigger. | `string` | `""` | no |

client.tf

@@ -1,5 +1,5 @@
 resource "aws_cognito_user_pool_client" "client" {
-  count                                = length(local.clients)
+  count                                = var.enabled ? length(local.clients) : 0
   allowed_oauth_flows                  = lookup(element(local.clients, count.index), "allowed_oauth_flows", null)
   allowed_oauth_flows_user_pool_client = lookup(element(local.clients, count.index), "allowed_oauth_flows_user_pool_client", null)
   allowed_oauth_scopes                 = lookup(element(local.clients, count.index), "allowed_oauth_scopes", null)
@@ -14,7 +14,7 @@ resource "aws_cognito_user_pool_client" "client" {
   supported_identity_providers         = lookup(element(local.clients, count.index), "supported_identity_providers", null)
   prevent_user_existence_errors        = lookup(element(local.clients, count.index), "prevent_user_existence_errors", null)
   write_attributes                     = lookup(element(local.clients, count.index), "write_attributes", null)
-  user_pool_id                         = aws_cognito_user_pool.pool.id
+  user_pool_id                         = aws_cognito_user_pool.pool[0].id
 }
 
 locals {

domain.tf

@@ -1,6 +1,6 @@
 resource "aws_cognito_user_pool_domain" "domain" {
-  count           = var.domain == null || var.domain == "" ? 0 : 1
+  count           = ! var.enabled || var.domain == null || var.domain == "" ? 0 : 1
   domain          = var.domain
   certificate_arn = var.domain_certificate_arn
-  user_pool_id    = aws_cognito_user_pool.pool.id
+  user_pool_id    = aws_cognito_user_pool.pool[0].id
 }

main.tf

@@ -1,4 +1,5 @@
 resource "aws_cognito_user_pool" "pool" {
+  count = var.enabled ? 1 : 0
 
   alias_attributes           = var.alias_attributes
   auto_verified_attributes   = var.auto_verified_attributes
@@ -196,7 +197,6 @@ resource "aws_cognito_user_pool" "pool" {
     ignore_changes = [
       schema,
     ]
-    prevent_destroy = true
   }
 }
 

outputs.tf

@@ -1,68 +1,68 @@
 output "id" {
   description = "The id of the user pool"
-  value       = aws_cognito_user_pool.pool.id
+  value       = var.enabled ? aws_cognito_user_pool.pool[0].id : null
 }
 
 output "arn" {
   description = "The ARN of the user pool"
-  value       = aws_cognito_user_pool.pool.arn
+  value       = var.enabled ? aws_cognito_user_pool.pool[0].arn : null
 }
 
 output "endpoint" {
   description = "The endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy"
-  value       = aws_cognito_user_pool.pool.endpoint
+  value       = var.enabled ? aws_cognito_user_pool.pool[0].endpoint : null
 }
 
 output "creation_date" {
   description = "The date the user pool was created"
-  value       = aws_cognito_user_pool.pool.creation_date
+  value       = var.enabled ? aws_cognito_user_pool.pool[0].creation_date : null
 }
 
 output "last_modified_date" {
   description = "The date the user pool was last modified"
-  value       = aws_cognito_user_pool.pool.last_modified_date
+  value       = var.enabled ? aws_cognito_user_pool.pool[0].last_modified_date : null
 }
 
 #
 # aws_cognito_user_pool_domain
 #
 output "domain_aws_account_id" {
   description = "The AWS account ID for the user pool owner"
-  value       = join("", aws_cognito_user_pool_domain.domain.*.aws_account_id)
+  value       = var.enabled ? join("", aws_cognito_user_pool_domain.domain.*.aws_account_id) : null
 }
 
 output "domain_cloudfront_distribution_arn" {
   description = "The ARN of the CloudFront distribution"
-  value       = join("", aws_cognito_user_pool_domain.domain.*.cloudfront_distribution_arn)
+  value       = var.enabled ? join("", aws_cognito_user_pool_domain.domain.*.cloudfront_distribution_arn) : null
 }
 
 output "domain_s3_bucket" {
   description = "The S3 bucket where the static files for this domain are stored"
-  value       = join("", aws_cognito_user_pool_domain.domain.*.s3_bucket)
+  value       = var.enabled ? join("", aws_cognito_user_pool_domain.domain.*.s3_bucket) : null
 }
 
 output "domain_app_version" {
   description = "The app version"
-  value       = join("", aws_cognito_user_pool_domain.domain.*.version)
+  value       = var.enabled ? join("", aws_cognito_user_pool_domain.domain.*.version) : null
 }
 
 #
 # aws_cognito_user_pool_client
 #
 output "client_ids" {
   description = "The ids of the user pool clients"
-  value       = aws_cognito_user_pool_client.client.*.id
+  value       = var.enabled ? aws_cognito_user_pool_client.client.*.id : null
 }
 
 output "client_secrets" {
   description = " The client secrets of the user pool clients"
-  value       = aws_cognito_user_pool_client.client.*.client_secret
+  value       = var.enabled ? aws_cognito_user_pool_client.client.*.client_secret : null
 }
 
 #
 # aws_cognito_resource_servers
 #
 output "resource_servers_scope_identifiers" {
   description = " A list of all scopes configured in the format identifier/scope_name"
-  value       = aws_cognito_resource_server.resource.*.scope_identifiers
+  value       = var.enabled ? aws_cognito_resource_server.resource.*.scope_identifiers : null
 }

resource-server.tf

@@ -1,5 +1,5 @@
 resource "aws_cognito_resource_server" "resource" {
-  count      = length(local.resource_servers)
+  count      = var.enabled ? length(local.resource_servers) : 0
   name       = lookup(element(local.resource_servers, count.index), "name")
   identifier = lookup(element(local.resource_servers, count.index), "identifier")
 
@@ -12,7 +12,7 @@ resource "aws_cognito_resource_server" "resource" {
     }
   }
 
-  user_pool_id = aws_cognito_user_pool.pool.id
+  user_pool_id = aws_cognito_user_pool.pool[0].id
 }
 
 locals {

user-group.tf

@@ -1,10 +1,10 @@
 resource "aws_cognito_user_group" "main" {
-  count        = length(local.groups)
+  count        = var.enabled ? length(local.groups) : 0
   name         = lookup(element(local.groups, count.index), "name")
   description  = lookup(element(local.groups, count.index), "description")
   precedence   = lookup(element(local.groups, count.index), "precedence")
   role_arn     = lookup(element(local.groups, count.index), "role_arn")
-  user_pool_id = aws_cognito_user_pool.pool.id
+  user_pool_id = aws_cognito_user_pool.pool[0].id
 }
 
 locals {

variables.tf

@@ -1,6 +1,12 @@
 #
 # aws_cognito_user_pool
 #
+variable "enabled" {
+  description = "Controls if Cognito User Pool should be created"
+  type        = bool
+  default     = false
+}
+
 variable "user_pool_name" {
   description = "The name of the user pool"
   type        = string