Skip to content

Commit

Permalink
fix(aws-s3-cloudfront): Recognize when client specifies enforceSSL: f…
Browse files Browse the repository at this point in the history 
…alse (#559)

* added condition to omit HTTPS only requests

* added tests for enforce when bucketProp is empty and when enforceSSL is not set

* updated integ tests enforceSSL bucket policy

* updated viperlight ignore
  • Loading branch information
@mickychetta
mickychetta committed Dec 28, 2021
1 parent 655c4af commit fc4fab8
Show file tree
Hide file tree
Showing 74 changed files with 1,116 additions and 1,012 deletions.
16 changes: 8 additions & 8 deletions .viperlightignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,11 +145,11 @@ source/patterns/@aws-solutions-constructs/aws-alb-lambda/README.md:35
source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/alb-lambda.test.ts:27
source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/alb-lambda.test.ts:680
# These are references to the us-east-1 ELBV2 account (publicly known)
source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApi.expected.json:193
source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApiExistingZone.expected.json:850
source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPublicApiNewAlb.expected.json:188
source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiNewResources.expected.json:196
source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiNewResources.expected.json:199
source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.twoTargets.expected.json:199
source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiExistingResources.expected.json:1064
source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiExistingResources.expected.json:1064
source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApi.expected.json:192
source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApiExistingZone.expected.json:849
source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPublicApiNewAlb.expected.json:187
source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiNewResources.expected.json:195
source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiNewResources.expected.json:198
source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.twoTargets.expected.json:198
source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiExistingResources.expected.json:1063
source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiExistingResources.expected.json:1063
17 changes: 8 additions & 9 deletions ...-solutions-constructs/aws-alb-lambda/test/integ.privateApiExistingResources.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1012,7 +1012,7 @@
"PolicyDocument": {
"Statement": [
{
"Action": "*",
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
Expand All @@ -1023,6 +1023,12 @@
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"existingalb0F60CC48",
"Arn"
]
},
{
"Fn::Join": [
"",
Expand All @@ -1036,15 +1042,8 @@
"/*"
]
]
},
{
"Fn::GetAtt": [
"existingalb0F60CC48",
"Arn"
]
}
],
"Sid": "HttpsOnly"
]
},
{
"Action": [
Expand Down
17 changes: 8 additions & 9 deletions .../@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiNewResources.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@
"PolicyDocument": {
"Statement": [
{
"Action": "*",
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
Expand All @@ -155,6 +155,12 @@
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"testoneE6ACFBB6",
"Arn"
]
},
{
"Fn::Join": [
"",
Expand All @@ -168,15 +174,8 @@
"/*"
]
]
},
{
"Fn::GetAtt": [
"testoneE6ACFBB6",
"Arn"
]
}
],
"Sid": "HttpsOnly"
]
},
{
"Action": [
Expand Down
17 changes: 8 additions & 9 deletions ...s-solutions-constructs/aws-alb-lambda/test/integ.publicApiExistingResources.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1012,7 +1012,7 @@
"PolicyDocument": {
"Statement": [
{
"Action": "*",
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
Expand All @@ -1023,6 +1023,12 @@
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"existingalb0F60CC48",
"Arn"
]
},
{
"Fn::Join": [
"",
Expand All @@ -1036,15 +1042,8 @@
"/*"
]
]
},
{
"Fn::GetAtt": [
"existingalb0F60CC48",
"Arn"
]
}
],
"Sid": "HttpsOnly"
]
},
{
"Action": [
Expand Down
17 changes: 8 additions & 9 deletions ...s/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiNewResources.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@
"PolicyDocument": {
"Statement": [
{
"Action": "*",
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
Expand All @@ -158,6 +158,12 @@
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"testoneE6ACFBB6",
"Arn"
]
},
{
"Fn::Join": [
"",
Expand All @@ -171,15 +177,8 @@
"/*"
]
]
},
{
"Fn::GetAtt": [
"testoneE6ACFBB6",
"Arn"
]
}
],
"Sid": "HttpsOnly"
]
},
{
"Action": [
Expand Down
17 changes: 8 additions & 9 deletions source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.twoTargets.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@
"PolicyDocument": {
"Statement": [
{
"Action": "*",
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
Expand All @@ -158,6 +158,12 @@
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"testoneE6ACFBB6",
"Arn"
]
},
{
"Fn::Join": [
"",
Expand All @@ -171,15 +177,8 @@
"/*"
]
]
},
{
"Fn::GetAtt": [
"testoneE6ACFBB6",
"Arn"
]
}
],
"Sid": "HttpsOnly"
]
},
{
"Action": [
Expand Down
17 changes: 8 additions & 9 deletions ...s/aws-cloudfront-apigateway-lambda/test/integ.customCloudfrontLoggingBucket.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -643,7 +643,7 @@
"PolicyDocument": {
"Statement": [
{
"Action": "*",
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
Expand All @@ -654,6 +654,12 @@
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"cfapigwlambdaCloudFrontToApiGatewayCloudfrontLoggingBucket2E8E3DC2",
"Arn"
]
},
{
"Fn::Join": [
"",
Expand All @@ -667,15 +673,8 @@
"/*"
]
]
},
{
"Fn::GetAtt": [
"cfapigwlambdaCloudFrontToApiGatewayCloudfrontLoggingBucket2E8E3DC2",
"Arn"
]
}
],
"Sid": "HttpsOnly"
]
}
],
"Version": "2012-10-17"
Expand Down
17 changes: 8 additions & 9 deletions ...lutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -643,7 +643,7 @@
"PolicyDocument": {
"Statement": [
{
"Action": "*",
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
Expand All @@ -654,6 +654,12 @@
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
"Arn"
]
},
{
"Fn::Join": [
"",
Expand All @@ -667,15 +673,8 @@
"/*"
]
]
},
{
"Fn::GetAtt": [
"testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421",
"Arn"
]
}
],
"Sid": "HttpsOnly"
]
}
],
"Version": "2012-10-17"
Expand Down
17 changes: 8 additions & 9 deletions ...ns-constructs/aws-cloudfront-apigateway-lambda/test/integ.override-behavior.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -604,7 +604,7 @@
"PolicyDocument": {
"Statement": [
{
"Action": "*",
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
Expand All @@ -615,6 +615,12 @@
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0",
"Arn"
]
},
{
"Fn::Join": [
"",
Expand All @@ -628,15 +634,8 @@
"/*"
]
]
},
{
"Fn::GetAtt": [
"cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0",
"Arn"
]
}
],
"Sid": "HttpsOnly"
]
}
],
"Version": "2012-10-17"
Expand Down
17 changes: 8 additions & 9 deletions ...nstructs/aws-cloudfront-apigateway/test/integ.customCloudfrontLoggingBucket.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -643,7 +643,7 @@
"PolicyDocument": {
"Statement": [
{
"Action": "*",
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
Expand All @@ -654,6 +654,12 @@
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"cfapigwCloudfrontLoggingBucket79FE4195",
"Arn"
]
},
{
"Fn::Join": [
"",
Expand All @@ -667,15 +673,8 @@
"/*"
]
]
},
{
"Fn::GetAtt": [
"cfapigwCloudfrontLoggingBucket79FE4195",
"Arn"
]
}
],
"Sid": "HttpsOnly"
]
}
],
"Version": "2012-10-17"
Expand Down
Loading

0 comments on commit fc4fab8

Please sign in to comment.