feat(variables): replace lookup with direct attribute access

nickreynke · nickreynke · commit e5bf55090309 · 2025-04-02T08:22:32.000+02:00
Simplify attribute access in `main.tf` by replacing `lookup` calls with direct references to `each.value` properties. Updated `variables.tf` to define explicit object types, improving type safety and clarity for HTTP/HTTPS port variable definitions.
diff --git a/README.md b/README.md
@@ -93,10 +93,10 @@ In order to run all checks at any point run the following command:
 | <a name="input_enable_s3_logs"></a> [enable\_s3\_logs](#input\_enable\_s3\_logs) | (Optional) If true, all LoadBalancer logs will be sent to S3.  If true, and log\_bucket\_id is *not* provided, this module will create the bucket with other provided s3 bucket configuration options | `bool` | `true` | no |
 | <a name="input_http_ingress_cidr_blocks"></a> [http\_ingress\_cidr\_blocks](#input\_http\_ingress\_cidr\_blocks) | List of CIDR blocks to allowed to access the Load Balancer through HTTP | `list(string)` | <pre>[<br/>  "0.0.0.0/0"<br/>]</pre> | no |
 | <a name="input_http_ingress_prefix_list_ids"></a> [http\_ingress\_prefix\_list\_ids](#input\_http\_ingress\_prefix\_list\_ids) | List of prefix list IDs blocks to allowed to access the Load Balancer through HTTP | `list(string)` | `[]` | no |
-| <a name="input_http_ports"></a> [http\_ports](#input\_http\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | `map(any)` | <pre>{<br/>  "default": {<br/>    "listener_port": 80,<br/>    "target_group_port": 80,<br/>    "target_group_protocol": "HTTP",<br/>    "target_group_protocol_version": "HTTP1",<br/>    "type": "forward"<br/>  }<br/>}</pre> | no |
+| <a name="input_http_ports"></a> [http\_ports](#input\_http\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | <pre>map(object({<br/>    type = optional(string)<br/><br/>    listener_port     = number<br/>    target_group_port = number<br/><br/>    target_group_protocol         = optional(string, "HTTP")<br/>    target_group_protocol_version = optional(string, "HTTP1") # HTTP1, HTTP2 or GRPC<br/><br/>    host         = optional(string, "#{host}")<br/>    path         = optional(string, "/#{path}")<br/>    port         = optional(string, "#{port}")<br/>    protocol     = optional(string, "#{protocol}")<br/>    query        = optional(string, "#{query}")<br/>    status_code  = optional(string) # Default for `type=redirect`: "HTTP_301". Default for `type=fixed-response`: "200".<br/>    content_type = optional(string, "text/plain")<br/>    message_body = optional(string, "Fixed response content")<br/>  }))</pre> | <pre>{<br/>  "default": {<br/>    "listener_port": 80,<br/>    "target_group_port": 80,<br/>    "type": "forward"<br/>  }<br/>}</pre> | no |
 | <a name="input_https_ingress_cidr_blocks"></a> [https\_ingress\_cidr\_blocks](#input\_https\_ingress\_cidr\_blocks) | List of CIDR blocks to allowed to access the Load Balancer through HTTPS | `list(string)` | <pre>[<br/>  "0.0.0.0/0"<br/>]</pre> | no |
 | <a name="input_https_ingress_prefix_list_ids"></a> [https\_ingress\_prefix\_list\_ids](#input\_https\_ingress\_prefix\_list\_ids) | List of prefix list IDs blocks to allowed to access the Load Balancer through HTTPS | `list(string)` | `[]` | no |
-| <a name="input_https_ports"></a> [https\_ports](#input\_https\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | `map(any)` | <pre>{<br/>  "default": {<br/>    "listener_port": 443,<br/>    "target_group_port": 443,<br/>    "target_group_protocol": "HTTP",<br/>    "target_group_protocol_version": "HTTP1",<br/>    "type": "forward"<br/>  }<br/>}</pre> | no |
+| <a name="input_https_ports"></a> [https\_ports](#input\_https\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | <pre>map(object({<br/>    type = optional(string)<br/><br/>    listener_port     = number<br/>    target_group_port = number<br/><br/>    target_group_protocol         = optional(string, "HTTP")<br/>    target_group_protocol_version = optional(string, "HTTP1") # HTTP1, HTTP2 or GRPC<br/><br/>    host         = optional(string, "#{host}")<br/>    path         = optional(string, "/#{path}")<br/>    port         = optional(string, "#{port}")<br/>    protocol     = optional(string, "#{protocol}")<br/>    query        = optional(string, "#{query}")<br/>    status_code  = optional(string) # Default for `type=redirect`: "HTTP_301". Default for `type=fixed-response`: "200".<br/>    content_type = optional(string, "text/plain")<br/>    message_body = optional(string, "Fixed response content")<br/>  }))</pre> | <pre>{<br/>  "default": {<br/>    "listener_port": 443,<br/>    "target_group_port": 443,<br/>    "type": "forward"<br/>  }<br/>}</pre> | no |
 | <a name="input_idle_timeout"></a> [idle\_timeout](#input\_idle\_timeout) | (Optional) The time in seconds that the connection is allowed to be idle. Default: 60. | `number` | `60` | no |
 | <a name="input_internal"></a> [internal](#input\_internal) | (Optional) If true, the LB will be internal. | `bool` | `false` | no |
 | <a name="input_ip_address_type"></a> [ip\_address\_type](#input\_ip\_address\_type) | (Optional) The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 and dualstack. Defaults to ipv4 | `string` | `"ipv4"` | no |
diff --git a/main.tf b/main.tf
@@ -282,11 +282,11 @@ resource "aws_lb_listener" "lb_http_listeners" {
       type = "redirect"
 
       redirect {
-        host        = lookup(each.value, "host", "#{host}")
-        path        = lookup(each.value, "path", "/#{path}")
-        port        = lookup(each.value, "port", "#{port}")
-        protocol    = lookup(each.value, "protocol", "#{protocol}")
-        query       = lookup(each.value, "query", "#{query}")
+        host        = each.value.host
+        path        = each.value.path
+        port        = each.value.port
+        protocol    = each.value.protocol
+        query       = each.value.query
         status_code = lookup(each.value, "status_code", "HTTP_301")
       }
     }
@@ -298,8 +298,8 @@ resource "aws_lb_listener" "lb_http_listeners" {
       type = "fixed-response"
 
       fixed_response {
-        content_type = lookup(each.value, "content_type", "text/plain")
-        message_body = lookup(each.value, "message_body", "Fixed response content")
+        content_type = each.value.content_type
+        message_body = each.value.message_body
         status_code  = lookup(each.value, "status_code", "200")
       }
     }
@@ -337,11 +337,11 @@ resource "aws_lb_listener" "lb_https_listeners" {
       type = "redirect"
 
       redirect {
-        host        = lookup(each.value, "host", "#{host}")
-        path        = lookup(each.value, "path", "/#{path}")
-        port        = lookup(each.value, "port", "#{port}")
-        protocol    = lookup(each.value, "protocol", "#{protocol}")
-        query       = lookup(each.value, "query", "#{query}")
+        host        = each.value.host
+        path        = each.value.path
+        port        = each.value.port
+        protocol    = each.value.protocol
+        query       = each.value.query
         status_code = lookup(each.value, "status_code", "HTTP_301")
       }
     }
@@ -353,8 +353,8 @@ resource "aws_lb_listener" "lb_https_listeners" {
       type = "fixed-response"
 
       fixed_response {
-        content_type = lookup(each.value, "content_type", "text/plain")
-        message_body = lookup(each.value, "message_body", "Fixed response content")
+        content_type = each.value.content_type
+        message_body = each.value.message_body
         status_code  = lookup(each.value, "status_code", "200")
       }
     }
diff --git a/variables.tf b/variables.tf
@@ -146,30 +146,58 @@ variable "waf_web_acl_arn" {
 #------------------------------------------------------------------------------
 variable "http_ports" {
   description = "Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener_port and the target_group_port. For `redirect` type, include listener port, host, path, port, protocol, query and status_code. For `fixed-response`, include listener_port, content_type, message_body and status_code"
-  type        = map(any)
+  type = map(object({
+    type = optional(string)
+
+    listener_port     = number
+    target_group_port = number
+
+    target_group_protocol         = optional(string, "HTTP")
+    target_group_protocol_version = optional(string, "HTTP1") # HTTP1, HTTP2 or GRPC
+
+    host         = optional(string, "#{host}")
+    path         = optional(string, "/#{path}")
+    port         = optional(string, "#{port}")
+    protocol     = optional(string, "#{protocol}")
+    query        = optional(string, "#{query}")
+    status_code  = optional(string) # Default for `type=redirect`: "HTTP_301". Default for `type=fixed-response`: "200".
+    content_type = optional(string, "text/plain")
+    message_body = optional(string, "Fixed response content")
+  }))
   default = {
     default = {
-      type                  = "forward"
-      listener_port         = 80
-      target_group_port     = 80
-      target_group_protocol = "HTTP"
-      # HTTP1, HTTP2 or GRPC
-      target_group_protocol_version = "HTTP1"
+      type              = "forward"
+      listener_port     = 80
+      target_group_port = 80
     }
   }
 }
 
 variable "https_ports" {
   description = "Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener_port and the target_group_port. For `redirect` type, include listener port, host, path, port, protocol, query and status_code. For `fixed-response`, include listener_port, content_type, message_body and status_code"
-  type        = map(any)
+  type = map(object({
+    type = optional(string)
+
+    listener_port     = number
+    target_group_port = number
+
+    target_group_protocol         = optional(string, "HTTP")
+    target_group_protocol_version = optional(string, "HTTP1") # HTTP1, HTTP2 or GRPC
+
+    host         = optional(string, "#{host}")
+    path         = optional(string, "/#{path}")
+    port         = optional(string, "#{port}")
+    protocol     = optional(string, "#{protocol}")
+    query        = optional(string, "#{query}")
+    status_code  = optional(string) # Default for `type=redirect`: "HTTP_301". Default for `type=fixed-response`: "200".
+    content_type = optional(string, "text/plain")
+    message_body = optional(string, "Fixed response content")
+  }))
   default = {
     default = {
-      type                  = "forward"
-      listener_port         = 443
-      target_group_port     = 443
-      target_group_protocol = "HTTP"
-      # HTTP1, HTTP2 or GRPC
-      target_group_protocol_version = "HTTP1"
+      type              = "forward"
+      listener_port     = 443
+      target_group_port = 443
     }
   }
 }
