From 4bd0a817183f9d4bce6a7c638091b9d69fc8c502 Mon Sep 17 00:00:00 2001 From: Elie Date: Tue, 13 Apr 2021 10:43:05 +0200 Subject: [PATCH] Fix bug in default igw route middleware --- pkg/middlewares/aws_default_igw_route.go | 6 ++-- pkg/middlewares/aws_default_igw_route_test.go | 31 +++++++++++++++++-- 2 files changed, 32 insertions(+), 5 deletions(-) diff --git a/pkg/middlewares/aws_default_igw_route.go b/pkg/middlewares/aws_default_igw_route.go index f061d0c2..569e8bb9 100644 --- a/pkg/middlewares/aws_default_igw_route.go +++ b/pkg/middlewares/aws_default_igw_route.go @@ -7,7 +7,7 @@ import ( ) // Each region has a default vpc which has an internet gateway attached and thus the route table of this -// same vpc has a specific default route that should not be seen as unmanaged if not managed by IaC +// same vpc has a default route (0.0.0.0/0) that should not be seen as unmanaged if not managed by IaC // This middleware ignores the above route from unmanaged resources if not managed by IaC type AwsDefaultInternetGatewayRoute struct{} @@ -65,7 +65,9 @@ func isDefaultInternetGatewayRoute(route *aws.AwsRoute, remoteResources *[]resou for _, remoteResource := range *remoteResources { if remoteResource.TerraformType() == aws.AwsInternetGatewayResourceType && isDefaultInternetGateway(remoteResource.(*aws.AwsInternetGateway), remoteResources) { - return route.GatewayId != nil && *route.GatewayId == remoteResource.TerraformId() + return route.GatewayId != nil && + *route.GatewayId == remoteResource.TerraformId() && + route.DestinationCidrBlock != nil && *route.DestinationCidrBlock == "0.0.0.0/0" } } return false diff --git a/pkg/middlewares/aws_default_igw_route_test.go b/pkg/middlewares/aws_default_igw_route_test.go index d6d37dc1..62fd1d54 100644 --- a/pkg/middlewares/aws_default_igw_route_test.go +++ b/pkg/middlewares/aws_default_igw_route_test.go @@ -89,9 +89,22 @@ func TestAwsDefaultInternetGatewayRoute_Execute(t *testing.T) { VpcId: awssdk.String("default-vpc"), }, &aws.AwsRoute{ - Id: "default-igw-route", - RouteTableId: awssdk.String("default-route-table"), - GatewayId: awssdk.String("default-igw"), + Id: "default-igw-route", + DestinationCidrBlock: awssdk.String("0.0.0.0/0"), + RouteTableId: awssdk.String("default-route-table"), + GatewayId: awssdk.String("default-igw"), + }, + &aws.AwsRoute{ + Id: "default-igw-non-default-route", + DestinationCidrBlock: awssdk.String("10.0.1.0/24"), + RouteTableId: awssdk.String("default-route-table"), + GatewayId: awssdk.String("default-igw"), + }, + &aws.AwsRoute{ + Id: "default-igw-default-ipv6-route", + DestinationIpv6CidrBlock: awssdk.String("::/0"), + RouteTableId: awssdk.String("default-route-table"), + GatewayId: awssdk.String("default-igw"), }, &aws.AwsRoute{ Id: "dummy-route", @@ -112,6 +125,18 @@ func TestAwsDefaultInternetGatewayRoute_Execute(t *testing.T) { Id: "default-route-table", VpcId: awssdk.String("default-vpc"), }, + &aws.AwsRoute{ + Id: "default-igw-non-default-route", + DestinationCidrBlock: awssdk.String("10.0.1.0/24"), + RouteTableId: awssdk.String("default-route-table"), + GatewayId: awssdk.String("default-igw"), + }, + &aws.AwsRoute{ + Id: "default-igw-default-ipv6-route", + DestinationIpv6CidrBlock: awssdk.String("::/0"), + RouteTableId: awssdk.String("default-route-table"), + GatewayId: awssdk.String("default-igw"), + }, &aws.AwsRoute{ Id: "dummy-route", RouteTableId: awssdk.String("default-route-table"),