Priorities should be optional (cloudposse#26)

Co-authored-by: Erik Osterman <erik@cloudposse.com>
Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com>

README.md

@@ -217,7 +217,7 @@ Available targets:
 | authenticated\_listener\_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no |
 | authenticated\_listener\_arns\_count | The number of authenticated ARNs in `authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no |
 | authenticated\_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no |
-| authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no |
+| authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `0` | no |
 | authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no |
 | authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no |
 | authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no |
@@ -257,7 +257,7 @@ Available targets:
 | unauthenticated\_listener\_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no |
 | unauthenticated\_listener\_arns\_count | The number of unauthenticated ARNs in `unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no |
 | unauthenticated\_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no |
-| unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `100` | no |
+| unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `0` | no |
 | vpc\_id | The VPC ID where generated ALB target group will be provisioned (if `target_group_arn` is not set) | `string` | n/a | yes |
 
 ## Outputs

docs/terraform.md

@@ -23,7 +23,7 @@
 | authenticated\_listener\_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no |
 | authenticated\_listener\_arns\_count | The number of authenticated ARNs in `authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no |
 | authenticated\_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no |
-| authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `300` | no |
+| authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `0` | no |
 | authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no |
 | authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no |
 | authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no |
@@ -63,7 +63,7 @@
 | unauthenticated\_listener\_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no |
 | unauthenticated\_listener\_arns\_count | The number of unauthenticated ARNs in `unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no |
 | unauthenticated\_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | `[]` | no |
-| unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `100` | no |
+| unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `0` | no |
 | vpc\_id | The VPC ID where generated ALB target group will be provisioned (if `target_group_arn` is not set) | `string` | n/a | yes |
 
 ## Outputs

main.tf

@@ -56,7 +56,7 @@ resource "aws_lb_listener_rule" "unauthenticated_paths" {
   count = var.enabled && length(var.unauthenticated_paths) > 0 && length(var.unauthenticated_hosts) == 0 ? var.unauthenticated_listener_arns_count : 0
 
   listener_arn = var.unauthenticated_listener_arns[count.index]
-  priority     = var.unauthenticated_priority + count.index
+  priority     = var.unauthenticated_priority > 0 ? var.unauthenticated_priority + count.index : null
 
   action {
     type             = "forward"
@@ -73,7 +73,7 @@ resource "aws_lb_listener_rule" "authenticated_paths_oidc" {
   count = var.enabled && var.authentication_type == "OIDC" && length(var.authenticated_paths) > 0 && length(var.authenticated_hosts) == 0 ? var.authenticated_listener_arns_count : 0
 
   listener_arn = var.authenticated_listener_arns[count.index]
-  priority     = var.authenticated_priority + count.index
+  priority     = var.authenticated_priority > 0 ? var.authenticated_priority + count.index : null
 
   action {
     type = "authenticate-oidc"
@@ -103,7 +103,7 @@ resource "aws_lb_listener_rule" "authenticated_paths_cognito" {
   count = var.enabled && var.authentication_type == "COGNITO" && length(var.authenticated_paths) > 0 && length(var.authenticated_hosts) == 0 ? var.authenticated_listener_arns_count : 0
 
   listener_arn = var.authenticated_listener_arns[count.index]
-  priority     = var.authenticated_priority + count.index
+  priority     = var.authenticated_priority > 0 ? var.authenticated_priority + count.index : null
 
   action {
     type = "authenticate-cognito"
@@ -130,7 +130,7 @@ resource "aws_lb_listener_rule" "unauthenticated_hosts" {
   count = var.enabled && length(var.unauthenticated_hosts) > 0 && length(var.unauthenticated_paths) == 0 ? var.unauthenticated_listener_arns_count : 0
 
   listener_arn = var.unauthenticated_listener_arns[count.index]
-  priority     = var.unauthenticated_priority + count.index
+  priority     = var.unauthenticated_priority > 0 ? var.unauthenticated_priority + count.index : null
 
   action {
     type             = "forward"
@@ -147,7 +147,7 @@ resource "aws_lb_listener_rule" "authenticated_hosts_oidc" {
   count = var.enabled && var.authentication_type == "OIDC" && length(var.authenticated_hosts) > 0 && length(var.authenticated_paths) == 0 ? var.authenticated_listener_arns_count : 0
 
   listener_arn = var.authenticated_listener_arns[count.index]
-  priority     = var.authenticated_priority + count.index
+  priority     = var.authenticated_priority > 0 ? var.authenticated_priority + count.index : null
 
   action {
     type = "authenticate-oidc"
@@ -177,7 +177,7 @@ resource "aws_lb_listener_rule" "authenticated_hosts_cognito" {
   count = var.enabled && var.authentication_type == "COGNITO" && length(var.authenticated_hosts) > 0 && length(var.authenticated_paths) == 0 ? var.authenticated_listener_arns_count : 0
 
   listener_arn = var.authenticated_listener_arns[count.index]
-  priority     = var.authenticated_priority + count.index
+  priority     = var.authenticated_priority > 0 ? var.authenticated_priority + count.index : null
 
   action {
     type = "authenticate-cognito"
@@ -204,7 +204,7 @@ resource "aws_lb_listener_rule" "unauthenticated_hosts_paths" {
   count = var.enabled && length(var.unauthenticated_paths) > 0 && length(var.unauthenticated_hosts) > 0 ? var.unauthenticated_listener_arns_count : 0
 
   listener_arn = var.unauthenticated_listener_arns[count.index]
-  priority     = var.unauthenticated_priority + count.index
+  priority     = var.unauthenticated_priority > 0 ? var.unauthenticated_priority + count.index : null
 
   action {
     type             = "forward"
@@ -226,7 +226,7 @@ resource "aws_lb_listener_rule" "authenticated_hosts_paths_oidc" {
   count = var.enabled && var.authentication_type == "OIDC" && length(var.authenticated_paths) > 0 && length(var.authenticated_hosts) > 0 ? var.authenticated_listener_arns_count : 0
 
   listener_arn = var.authenticated_listener_arns[count.index]
-  priority     = var.authenticated_priority + count.index
+  priority     = var.authenticated_priority > 0 ? var.authenticated_priority + count.index : null
 
   action {
     type = "authenticate-oidc"
@@ -261,7 +261,7 @@ resource "aws_lb_listener_rule" "authenticated_hosts_paths_cognito" {
   count = var.enabled && var.authentication_type == "COGNITO" && length(var.authenticated_paths) > 0 && length(var.authenticated_hosts) > 0 ? var.authenticated_listener_arns_count : 0
 
   listener_arn = var.authenticated_listener_arns[count.index]
-  priority     = var.authenticated_priority + count.index
+  priority     = var.authenticated_priority > 0 ? var.authenticated_priority + count.index : null
 
   action {
     type = "authenticate-cognito"

variables.tf

@@ -137,13 +137,13 @@ variable "health_check_matcher" {
 
 variable "unauthenticated_priority" {
   type        = number
-  default     = 100
+  default     = 0
   description = "The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `authenticated_priority` since a listener can't have multiple rules with the same priority"
 }
 
 variable "authenticated_priority" {
   type        = number
-  default     = 300
+  default     = 0
   description = "The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `unauthenticated_priority` since a listener can't have multiple rules with the same priority"
 }