Fix bug in default igw route middleware

2021-04-13 10:43:05 +02:00 · 2021-04-13 10:43:05 +02:00 · 4bd0a81718
parent 88e159f8e2
commit 4bd0a81718
2 changed files with 32 additions and 5 deletions
--- a/pkg/middlewares/aws_default_igw_route.go
+++ b/pkg/middlewares/aws_default_igw_route.go
@ -7,7 +7,7 @@ import (
 )

 // Each region has a default vpc which has an internet gateway attached and thus the route table of this
-// same vpc has a specific default route that should not be seen as unmanaged if not managed by IaC
+// same vpc has a default route (0.0.0.0/0) that should not be seen as unmanaged if not managed by IaC
 // This middleware ignores the above route from unmanaged resources if not managed by IaC
 type AwsDefaultInternetGatewayRoute struct{}

@ -65,7 +65,9 @@ func isDefaultInternetGatewayRoute(route *aws.AwsRoute, remoteResources *[]resou
 	for _, remoteResource := range *remoteResources {
 		if remoteResource.TerraformType() == aws.AwsInternetGatewayResourceType &&
 			isDefaultInternetGateway(remoteResource.(*aws.AwsInternetGateway), remoteResources) {
-			return route.GatewayId != nil && *route.GatewayId == remoteResource.TerraformId()
+			return route.GatewayId != nil &&
+				*route.GatewayId == remoteResource.TerraformId() &&
+				route.DestinationCidrBlock != nil && *route.DestinationCidrBlock == "0.0.0.0/0"
 		}
 	}
 	return false
--- a/pkg/middlewares/aws_default_igw_route_test.go
+++ b/pkg/middlewares/aws_default_igw_route_test.go
@ -89,9 +89,22 @@ func TestAwsDefaultInternetGatewayRoute_Execute(t *testing.T) {
 					VpcId: awssdk.String("default-vpc"),
 				},
 				&aws.AwsRoute{
-					Id:           "default-igw-route",
-					RouteTableId: awssdk.String("default-route-table"),
-					GatewayId:    awssdk.String("default-igw"),
+					Id:                   "default-igw-route",
+					DestinationCidrBlock: awssdk.String("0.0.0.0/0"),
+					RouteTableId:         awssdk.String("default-route-table"),
+					GatewayId:            awssdk.String("default-igw"),
+				},
+				&aws.AwsRoute{
+					Id:                   "default-igw-non-default-route",
+					DestinationCidrBlock: awssdk.String("10.0.1.0/24"),
+					RouteTableId:         awssdk.String("default-route-table"),
+					GatewayId:            awssdk.String("default-igw"),
+				},
+				&aws.AwsRoute{
+					Id:                       "default-igw-default-ipv6-route",
+					DestinationIpv6CidrBlock: awssdk.String("::/0"),
+					RouteTableId:             awssdk.String("default-route-table"),
+					GatewayId:                awssdk.String("default-igw"),
 				},
 				&aws.AwsRoute{
 					Id:           "dummy-route",
@ -112,6 +125,18 @@ func TestAwsDefaultInternetGatewayRoute_Execute(t *testing.T) {
 					Id:    "default-route-table",
 					VpcId: awssdk.String("default-vpc"),
 				},
+				&aws.AwsRoute{
+					Id:                   "default-igw-non-default-route",
+					DestinationCidrBlock: awssdk.String("10.0.1.0/24"),
+					RouteTableId:         awssdk.String("default-route-table"),
+					GatewayId:            awssdk.String("default-igw"),
+				},
+				&aws.AwsRoute{
+					Id:                       "default-igw-default-ipv6-route",
+					DestinationIpv6CidrBlock: awssdk.String("::/0"),
+					RouteTableId:             awssdk.String("default-route-table"),
+					GatewayId:                awssdk.String("default-igw"),
+				},
 				&aws.AwsRoute{
 					Id:           "dummy-route",
 					RouteTableId: awssdk.String("default-route-table"),