From f0ed5e4ced7e60af35c88d5d084aa4b7237f4973 Mon Sep 17 00:00:00 2001
From: Nikita Pivkin <nikita.pivkin@smartforce.io>
Date: Wed, 7 Aug 2024 07:11:59 +0700
Subject: [PATCH] fix(misconf): do not set default value for
 default_cache_behavior (#7234)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
---
 pkg/iac/adapters/terraform/aws/cloudfront/adapt.go      | 6 +++---
 pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkg/iac/adapters/terraform/aws/cloudfront/adapt.go b/pkg/iac/adapters/terraform/aws/cloudfront/adapt.go
index a981241a83a4..721ecf991d55 100644
--- a/pkg/iac/adapters/terraform/aws/cloudfront/adapt.go
+++ b/pkg/iac/adapters/terraform/aws/cloudfront/adapt.go
@@ -33,7 +33,7 @@ func adaptDistribution(resource *terraform.Block) cloudfront.Distribution {
 		},
 		DefaultCacheBehaviour: cloudfront.CacheBehaviour{
 			Metadata:             resource.GetMetadata(),
-			ViewerProtocolPolicy: types.String("allow-all", resource.GetMetadata()),
+			ViewerProtocolPolicy: types.StringDefault("", resource.GetMetadata()),
 		},
 		OrdererCacheBehaviours: nil,
 		ViewerCertificate: cloudfront.ViewerCertificate{
@@ -53,13 +53,13 @@ func adaptDistribution(resource *terraform.Block) cloudfront.Distribution {
 	if defaultCacheBlock := resource.GetBlock("default_cache_behavior"); defaultCacheBlock.IsNotNil() {
 		distribution.DefaultCacheBehaviour.Metadata = defaultCacheBlock.GetMetadata()
 		viewerProtocolPolicyAttr := defaultCacheBlock.GetAttribute("viewer_protocol_policy")
-		distribution.DefaultCacheBehaviour.ViewerProtocolPolicy = viewerProtocolPolicyAttr.AsStringValueOrDefault("allow-all", defaultCacheBlock)
+		distribution.DefaultCacheBehaviour.ViewerProtocolPolicy = viewerProtocolPolicyAttr.AsStringValueOrDefault("", defaultCacheBlock)
 	}
 
 	orderedCacheBlocks := resource.GetBlocks("ordered_cache_behavior")
 	for _, orderedCacheBlock := range orderedCacheBlocks {
 		viewerProtocolPolicyAttr := orderedCacheBlock.GetAttribute("viewer_protocol_policy")
-		viewerProtocolPolicyVal := viewerProtocolPolicyAttr.AsStringValueOrDefault("allow-all", orderedCacheBlock)
+		viewerProtocolPolicyVal := viewerProtocolPolicyAttr.AsStringValueOrDefault("", orderedCacheBlock)
 		distribution.OrdererCacheBehaviours = append(distribution.OrdererCacheBehaviours, cloudfront.CacheBehaviour{
 			Metadata:             orderedCacheBlock.GetMetadata(),
 			ViewerProtocolPolicy: viewerProtocolPolicyVal,
diff --git a/pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go b/pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go
index d20520cd4651..fd1bf65e9cc5 100644
--- a/pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go
+++ b/pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go
@@ -83,7 +83,7 @@ func Test_adaptDistribution(t *testing.T) {
 				},
 				DefaultCacheBehaviour: cloudfront.CacheBehaviour{
 					Metadata:             iacTypes.NewTestMetadata(),
-					ViewerProtocolPolicy: iacTypes.String("allow-all", iacTypes.NewTestMetadata()),
+					ViewerProtocolPolicy: iacTypes.String("", iacTypes.NewTestMetadata()),
 				},
 
 				ViewerCertificate: cloudfront.ViewerCertificate{