Support source_zip as source for Lambda@Edge submodule

examples/complete/.gitignore

@@ -0,0 +1 @@
+origin-request

examples/complete/lambda-at-edge.tf

@@ -43,8 +43,15 @@ module "lambda_at_edge" {
       event_type   = "viewer-response"
       include_body = false
     },
-    # Add security headers to the request from CF to the origin
     origin_request = {
+      source_zip   = "origin-request.zip"
+      runtime      = "nodejs12.x"
+      handler      = "index.handler"
+      event_type   = "origin-request"
+      include_body = false
+    },
+    # Add security headers to the request from CF to the origin
+    origin_response = {
       source = [{
         # https://aws.amazon.com/blogs/networking-and-content-delivery/adding-http-security-headers-using-lambdaedge-and-amazon-cloudfront/
         content  = <<-EOT

modules/lambda@edge/main.tf

@@ -79,8 +79,8 @@ resource "aws_lambda_function" "default" {
   runtime          = each.value.runtime
   handler          = each.value.handler
   role             = module.role[each.key].arn
-  filename         = data.archive_file.lambda_zip[each.key].output_path
-  source_code_hash = data.archive_file.lambda_zip[each.key].output_base64sha256
+  filename         = each.value.source_zip != null ? data.local_file.lambda_zip[each.key].filename : data.archive_file.lambda_zip[each.key].output_path
+  source_code_hash = each.value.source_zip != null ? sha256(data.local_file.lambda_zip[each.key].content_base64) : data.archive_file.lambda_zip[each.key].output_base64sha256
   publish          = true
 }
 

modules/lambda@edge/package.tf

@@ -1,5 +1,5 @@
 data "archive_file" "lambda_zip" {
-  for_each = local.functions
+  for_each = { for k, v in local.functions : k => v if v.source != null || v.source_dir != null }
 
   dynamic "source" {
     for_each = coalesce(each.value.source, [])
@@ -15,3 +15,9 @@ data "archive_file" "lambda_zip" {
   output_file_mode = "0666"
   output_path      = "${path.module}/archives/${each.key}.zip"
 }
+
+data "local_file" "lambda_zip" {
+  for_each = { for k, v in local.functions : k => v if v.source_zip != null }
+
+  filename = each.value.source_zip
+}

modules/lambda@edge/variables.tf

@@ -4,13 +4,15 @@ variable "functions" {
 
   The key of this map is the name label of the Lambda@Edge function.
 
-  Either `source` or `source_dir` must be specified. These variables are mutually exclusive.
+  One of `source`, `source_dir` or `source_zip` should be specified. These variables are mutually exclusive.
 
   `source.filename` and `source.content` dictate the name and content of the files that will make up the Lambda function
   source, respectively.
 
   `source_dir` contains path to whole directory that has to be archived.
 
+  `source_zip` contains path to zip file with lambda source.
+
   `runtime` and `handler` correspond to the attributes of the same name in the [lambda_function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function)
   resource.
 
@@ -24,6 +26,7 @@ variable "functions" {
       content  = string
     })))
     source_dir   = optional(string)
+    source_zip   = optional(string)
     runtime      = string
     handler      = string
     event_type   = string
@@ -32,10 +35,12 @@ variable "functions" {
 
   validation {
     condition = alltrue([
-      for f in var.functions :
-      ((f.source != null && f.source_dir == null) || (f.source == null && f.source_dir != null))
-    ])
-    error_message = "Either 'source' or 'source_dir' field must be specified, but not both."
+      for function in values(var.functions) : length(compact([
+        function.source != null ? 1 : null,
+        function.source_dir != null ? 1 : null,
+        function.source_zip != null ? 1 : null
+    ])) == 1])
+    error_message = "Each function must have exactly one of 'source', 'source_dir', or 'source_zip' defined."
   }
 }