fix: Correct try() lookup on manage_master_password variables (#90)

* Fix issue with Null condition error when `manage_master_password` is null

* fix: `manage_master_password` requires a default value of `false`

---------

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.80.0
+    rev: v1.86.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
@@ -23,7 +23,7 @@ repos:
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer

README.md

@@ -255,10 +255,10 @@ No modules.
 | <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN for the KMS encryption key. When specifying `kms_key_arn`, `encrypted` needs to be set to `true` | `string` | `null` | no |
 | <a name="input_logging"></a> [logging](#input\_logging) | Logging configuration for the cluster | `any` | `{}` | no |
 | <a name="input_maintenance_track_name"></a> [maintenance\_track\_name](#input\_maintenance\_track\_name) | The name of the maintenance track for the restored cluster. When you take a snapshot, the snapshot inherits the MaintenanceTrack value from the cluster. The snapshot might be on a different track than the cluster that was the source for the snapshot. Default value is `current` | `string` | `null` | no |
-| <a name="input_manage_master_password"></a> [manage\_master\_password](#input\_manage\_master\_password) | (Optional) Whether to use AWS SecretsManager to manage the cluster admin credentials. Conflicts with master\_password. One of master\_password or manage\_master\_password is required unless snapshot\_identifier is provided. | `bool` | `null` | no |
+| <a name="input_manage_master_password"></a> [manage\_master\_password](#input\_manage\_master\_password) | Whether to use AWS SecretsManager to manage the cluster admin credentials. Conflicts with `master_password`. One of `master_password` or `manage_master_password` is required unless `snapshot_identifier` is provided | `bool` | `false` | no |
 | <a name="input_manual_snapshot_retention_period"></a> [manual\_snapshot\_retention\_period](#input\_manual\_snapshot\_retention\_period) | The default number of days to retain a manual snapshot. If the value is -1, the snapshot is retained indefinitely. This setting doesn't change the retention period of existing snapshots. Valid values are between `-1` and `3653`. Default value is `-1` | `number` | `null` | no |
 | <a name="input_master_password"></a> [master\_password](#input\_master\_password) | Password for the master DB user. (Required unless a `snapshot_identifier` is provided). Must contain at least 8 chars, one uppercase letter, one lowercase letter, and one number | `string` | `null` | no |
-| <a name="input_master_password_secret_kms_key_id"></a> [master\_password\_secret\_kms\_key\_id](#input\_master\_password\_secret\_kms\_key\_id) | (Optional) ID of the KMS key used to encrypt the cluster admin credentials secret. | `string` | `null` | no |
+| <a name="input_master_password_secret_kms_key_id"></a> [master\_password\_secret\_kms\_key\_id](#input\_master\_password\_secret\_kms\_key\_id) | ID of the KMS key used to encrypt the cluster admin credentials secret | `string` | `null` | no |
 | <a name="input_master_username"></a> [master\_username](#input\_master\_username) | Username for the master DB user (Required unless a `snapshot_identifier` is provided). Defaults to `awsuser` | `string` | `"awsuser"` | no |
 | <a name="input_node_type"></a> [node\_type](#input\_node\_type) | The node type to be provisioned for the cluster | `string` | `""` | no |
 | <a name="input_number_of_nodes"></a> [number\_of\_nodes](#input\_number\_of\_nodes) | Number of nodes in the cluster. Defaults to 1. Note: values greater than 1 will trigger `cluster_type` to switch to `multi-node` | `number` | `1` | no |

main.tf

@@ -60,9 +60,9 @@ resource "aws_redshift_cluster" "this" {
 
   maintenance_track_name            = var.maintenance_track_name
   manual_snapshot_retention_period  = var.manual_snapshot_retention_period
-  manage_master_password            = try(var.manage_master_password, false) ? var.manage_master_password : null
-  master_password                   = var.snapshot_identifier == null && !try(var.manage_master_password, false) ? local.master_password : null
-  master_password_secret_kms_key_id = try(var.master_password_secret_kms_key_id, null)
+  manage_master_password            = var.manage_master_password ? var.manage_master_password : null
+  master_password                   = var.snapshot_identifier == null && !var.manage_master_password ? local.master_password : null
+  master_password_secret_kms_key_id = var.master_password_secret_kms_key_id
   master_username                   = var.master_username
   node_type                         = var.node_type
   number_of_nodes                   = var.number_of_nodes

variables.tf

@@ -125,13 +125,13 @@ variable "manual_snapshot_retention_period" {
 
 
 variable "manage_master_password" {
-  description = "(Optional) Whether to use AWS SecretsManager to manage the cluster admin credentials. Conflicts with master_password. One of master_password or manage_master_password is required unless snapshot_identifier is provided."
+  description = "Whether to use AWS SecretsManager to manage the cluster admin credentials. Conflicts with `master_password`. One of `master_password` or `manage_master_password` is required unless `snapshot_identifier` is provided"
   type        = bool
-  default     = null
+  default     = false
 }
 
 variable "master_password_secret_kms_key_id" {
-  description = "(Optional) ID of the KMS key used to encrypt the cluster admin credentials secret."
+  description = "ID of the KMS key used to encrypt the cluster admin credentials secret"
   type        = string
   default     = null
 }