Set auth_token_update_strategy to ROTATE by default if auth_token is not null, null otherwise

Author: WestonReed

main.tf

@@ -6,6 +6,8 @@ locals {
       "${module.label.id}-000${i + 1}-00${j + 1}"
     ]
   ]) : [module.label.id]
+
+  auth_token_update_strategy = var.auth_token_update_strategy != null ? var.auth_token_update_strategy : var.auth_token != null ? "ROTATE" : null
 }
 
 module "label" {
@@ -186,7 +188,7 @@ resource "aws_elasticache_replication_group" "default" {
   apply_immediately          = var.apply_immediately
   data_tiering_enabled       = var.data_tiering_enabled
   auto_minor_version_upgrade = var.auto_minor_version_upgrade
-  auth_token_update_strategy = var.auth_token_update_strategy
+  auth_token_update_strategy = local.auth_token_update_strategy
 
   dynamic "log_delivery_configuration" {
     for_each = var.log_delivery_configuration

variables.tf

@@ -282,10 +282,10 @@ variable "insufficient_data_actions" {
 variable "auth_token_update_strategy" {
   description = "Strategy to use when updating the auth_token. Valid values: SET, ROTATE, DELETE."
   type        = string
-  default     = "ROTATE"
+  default     = null
 
   validation {
-    condition     = contains(["SET", "ROTATE", "DELETE"], var.auth_token_update_strategy)
-    error_message = "auth_token_update_strategy must be one of SET, ROTATE, or DELETE if auth_token is set."
+    condition     = contains(["SET", "ROTATE", "DELETE", null], var.auth_token_update_strategy)
+    error_message = "auth_token_update_strategy must be one of SET, ROTATE, DELETE, or null"
   }
 }