Skip to content

Commit

Permalink
fix(misconf): do not set default value for default_cache_behavior (aq…
Browse files Browse the repository at this point in the history
…uasecurity#7234)

Signed-off-by: nikpivkin <[email protected]>
  • Loading branch information
nikpivkin authored and fhielpos committed Dec 20, 2024
1 parent c099f59 commit be750f0
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
6 changes: 3 additions & 3 deletions pkg/iac/adapters/terraform/aws/cloudfront/adapt.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ func adaptDistribution(resource *terraform.Block) cloudfront.Distribution {
},
DefaultCacheBehaviour: cloudfront.CacheBehaviour{
Metadata: resource.GetMetadata(),
ViewerProtocolPolicy: types.String("allow-all", resource.GetMetadata()),
ViewerProtocolPolicy: types.StringDefault("", resource.GetMetadata()),
},
OrdererCacheBehaviours: nil,
ViewerCertificate: cloudfront.ViewerCertificate{
Expand All @@ -53,13 +53,13 @@ func adaptDistribution(resource *terraform.Block) cloudfront.Distribution {
if defaultCacheBlock := resource.GetBlock("default_cache_behavior"); defaultCacheBlock.IsNotNil() {
distribution.DefaultCacheBehaviour.Metadata = defaultCacheBlock.GetMetadata()
viewerProtocolPolicyAttr := defaultCacheBlock.GetAttribute("viewer_protocol_policy")
distribution.DefaultCacheBehaviour.ViewerProtocolPolicy = viewerProtocolPolicyAttr.AsStringValueOrDefault("allow-all", defaultCacheBlock)
distribution.DefaultCacheBehaviour.ViewerProtocolPolicy = viewerProtocolPolicyAttr.AsStringValueOrDefault("", defaultCacheBlock)
}

orderedCacheBlocks := resource.GetBlocks("ordered_cache_behavior")
for _, orderedCacheBlock := range orderedCacheBlocks {
viewerProtocolPolicyAttr := orderedCacheBlock.GetAttribute("viewer_protocol_policy")
viewerProtocolPolicyVal := viewerProtocolPolicyAttr.AsStringValueOrDefault("allow-all", orderedCacheBlock)
viewerProtocolPolicyVal := viewerProtocolPolicyAttr.AsStringValueOrDefault("", orderedCacheBlock)
distribution.OrdererCacheBehaviours = append(distribution.OrdererCacheBehaviours, cloudfront.CacheBehaviour{
Metadata: orderedCacheBlock.GetMetadata(),
ViewerProtocolPolicy: viewerProtocolPolicyVal,
Expand Down
2 changes: 1 addition & 1 deletion pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ func Test_adaptDistribution(t *testing.T) {
},
DefaultCacheBehaviour: cloudfront.CacheBehaviour{
Metadata: iacTypes.NewTestMetadata(),
ViewerProtocolPolicy: iacTypes.String("allow-all", iacTypes.NewTestMetadata()),
ViewerProtocolPolicy: iacTypes.String("", iacTypes.NewTestMetadata()),
},

ViewerCertificate: cloudfront.ViewerCertificate{
Expand Down

0 comments on commit be750f0

Please sign in to comment.