feat: added AllViewerExceptHostHeader as new OriginRequest policy (aw…

…s#24562) Added the managed AllViewerExceptHostHeader policy as it was missing Closes aws#24552. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
orekav · Mar 22, 2023 · 8dbca12 · 8dbca12
1 parent 6e400a9
commit 8dbca12
Show file tree

Hide file tree

Showing 9 changed files with 117 additions and 9 deletions.
diff --git a/packages/@aws-cdk/aws-cloudfront/lib/origin-request-policy.ts b/packages/@aws-cdk/aws-cloudfront/lib/origin-request-policy.ts
@@ -68,6 +68,8 @@ export class OriginRequestPolicy extends Resource implements IOriginRequestPolic
   public static readonly ELEMENTAL_MEDIA_TAILOR = OriginRequestPolicy.fromManagedOriginRequestPolicy('775133bc-15f2-49f9-abea-afb2e0bf67d2');
   /** This policy includes all values (headers, cookies, and query strings) in the viewer request, and all CloudFront headers that were released through June 2022 (CloudFront headers released after June 2022 are not included). */
   public static readonly ALL_VIEWER_AND_CLOUDFRONT_2022 = OriginRequestPolicy.fromManagedOriginRequestPolicy('33f36d7e-f396-46d9-90e0-52428a34d9dc');
+  /** This policy includes all values (query strings, and cookies) except the header in the viewer request. */
+  public static readonly ALL_VIEWER_EXCEPT_HOST_HEADER = OriginRequestPolicy.fromManagedOriginRequestPolicy('b689b0a8-53d0-40ab-baf2-68738e2966ac');
 
   /** Imports a Origin Request Policy from its id. */
   public static fromOriginRequestPolicyId(scope: Construct, id: string, originRequestPolicyId: string): IOriginRequestPolicy {

diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/cdk.out b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/cdk.out
@@ -1 +1 @@
-{"version":"22.0.0"}
+{"version":"31.0.0"}
diff --git a/...ront/test/integ.distribution-policies.js.snapshot/integ-distribution-policies.assets.json b/...ront/test/integ.distribution-policies.js.snapshot/integ-distribution-policies.assets.json
@@ -1,15 +1,15 @@
 {
-  "version": "22.0.0",
+  "version": "31.0.0",
   "files": {
-    "85cdf1d3cb389bbffb86daea3e968294cc2b3ab0ca95c300db0a6b907bed5589": {
+    "b775626104dd72b1b3fc9a1fb6e652212a0a0aa05be2d07ce372eaf29589c146": {
       "source": {
         "path": "integ-distribution-policies.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "85cdf1d3cb389bbffb86daea3e968294cc2b3ab0ca95c300db0a6b907bed5589.json",
+          "objectKey": "b775626104dd72b1b3fc9a1fb6e652212a0a0aa05be2d07ce372eaf29589c146.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

diff --git a/...nt/test/integ.distribution-policies.js.snapshot/integ-distribution-policies.template.json b/...nt/test/integ.distribution-policies.js.snapshot/integ-distribution-policies.template.json
@@ -123,6 +123,37 @@
      ]
     }
    }
+  },
+  "Dist24014FEC1": {
+   "Type": "AWS::CloudFront::Distribution",
+   "Properties": {
+    "DistributionConfig": {
+     "DefaultCacheBehavior": {
+      "CachePolicyId": {
+       "Ref": "CachePolicy26D8A535"
+      },
+      "Compress": true,
+      "OriginRequestPolicyId": "b689b0a8-53d0-40ab-baf2-68738e2966ac",
+      "ResponseHeadersPolicyId": {
+       "Ref": "ResponseHeadersPolicy13DBF9E0"
+      },
+      "TargetOriginId": "integdistributionpoliciesDist2Origin16AFA66C6",
+      "ViewerProtocolPolicy": "allow-all"
+     },
+     "Enabled": true,
+     "HttpVersion": "http2",
+     "IPV6Enabled": true,
+     "Origins": [
+      {
+       "CustomOriginConfig": {
+        "OriginProtocolPolicy": "https-only"
+       },
+       "DomainName": "www.example-2.com",
+       "Id": "integdistributionpoliciesDist2Origin16AFA66C6"
+      }
+     ]
+    }
+   }
   }
  },
  "Parameters": {

diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/integ.json b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/integ.json
@@ -1,5 +1,5 @@
 {
-  "version": "22.0.0",
+  "version": "31.0.0",
   "testCases": {
     "integ.distribution-policies": {
       "stacks": [

diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/manifest.json b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/manifest.json
@@ -1,5 +1,5 @@
 {
-  "version": "22.0.0",
+  "version": "31.0.0",
   "artifacts": {
     "integ-distribution-policies.assets": {
       "type": "cdk:asset-manifest",
@@ -17,7 +17,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/85cdf1d3cb389bbffb86daea3e968294cc2b3ab0ca95c300db0a6b907bed5589.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b775626104dd72b1b3fc9a1fb6e652212a0a0aa05be2d07ce372eaf29589c146.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [
@@ -57,6 +57,12 @@
             "data": "DistB3B78991"
           }
         ],
+        "/integ-distribution-policies/Dist-2/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "Dist24014FEC1"
+          }
+        ],
         "/integ-distribution-policies/BootstrapVersion": [
           {
             "type": "aws:cdk:logicalId",

diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/tree.json b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/tree.json
@@ -162,7 +162,7 @@
                 "path": "integ-distribution-policies/Dist/Origin1",
                 "constructInfo": {
                   "fqn": "constructs.Construct",
-                  "version": "10.1.189"
+                  "version": "10.1.270"
                 }
               },
               "Resource": {
@@ -213,6 +213,64 @@
               "version": "0.0.0"
             }
           },
+          "Dist-2": {
+            "id": "Dist-2",
+            "path": "integ-distribution-policies/Dist-2",
+            "children": {
+              "Origin1": {
+                "id": "Origin1",
+                "path": "integ-distribution-policies/Dist-2/Origin1",
+                "constructInfo": {
+                  "fqn": "constructs.Construct",
+                  "version": "10.1.270"
+                }
+              },
+              "Resource": {
+                "id": "Resource",
+                "path": "integ-distribution-policies/Dist-2/Resource",
+                "attributes": {
+                  "aws:cdk:cloudformation:type": "AWS::CloudFront::Distribution",
+                  "aws:cdk:cloudformation:props": {
+                    "distributionConfig": {
+                      "enabled": true,
+                      "origins": [
+                        {
+                          "domainName": "www.example-2.com",
+                          "id": "integdistributionpoliciesDist2Origin16AFA66C6",
+                          "customOriginConfig": {
+                            "originProtocolPolicy": "https-only"
+                          }
+                        }
+                      ],
+                      "defaultCacheBehavior": {
+                        "pathPattern": "*",
+                        "targetOriginId": "integdistributionpoliciesDist2Origin16AFA66C6",
+                        "cachePolicyId": {
+                          "Ref": "CachePolicy26D8A535"
+                        },
+                        "compress": true,
+                        "originRequestPolicyId": "b689b0a8-53d0-40ab-baf2-68738e2966ac",
+                        "responseHeadersPolicyId": {
+                          "Ref": "ResponseHeadersPolicy13DBF9E0"
+                        },
+                        "viewerProtocolPolicy": "allow-all"
+                      },
+                      "httpVersion": "http2",
+                      "ipv6Enabled": true
+                    }
+                  }
+                },
+                "constructInfo": {
+                  "fqn": "@aws-cdk/aws-cloudfront.CfnDistribution",
+                  "version": "0.0.0"
+                }
+              }
+            },
+            "constructInfo": {
+              "fqn": "@aws-cdk/aws-cloudfront.Distribution",
+              "version": "0.0.0"
+            }
+          },
           "BootstrapVersion": {
             "id": "BootstrapVersion",
             "path": "integ-distribution-policies/BootstrapVersion",
@@ -240,7 +298,7 @@
         "path": "Tree",
         "constructInfo": {
           "fqn": "constructs.Construct",
-          "version": "10.1.189"
+          "version": "10.1.270"
         }
       }
     },

diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.ts b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.ts
@@ -1,6 +1,7 @@
 import * as cdk from '@aws-cdk/core';
 import { TestOrigin } from './test-origin';
 import * as cloudfront from '../lib';
+import { OriginRequestPolicy } from '../lib';
 
 const app = new cdk.App();
 const stack = new cdk.Stack(app, 'integ-distribution-policies');
@@ -38,4 +39,13 @@ new cloudfront.Distribution(stack, 'Dist', {
   },
 });
 
+new cloudfront.Distribution(stack, 'Dist-2', {
+  defaultBehavior: {
+    origin: new TestOrigin('www.example-2.com'),
+    cachePolicy,
+    originRequestPolicy: OriginRequestPolicy.ALL_VIEWER_EXCEPT_HOST_HEADER,
+    responseHeadersPolicy,
+  },
+});
+
 app.synth();
diff --git a/packages/@aws-cdk/aws-cloudfront/test/origin-request-policy.test.ts b/packages/@aws-cdk/aws-cloudfront/test/origin-request-policy.test.ts
@@ -109,6 +109,7 @@ test('managed policies are provided', () => {
   expect(OriginRequestPolicy.ALL_VIEWER.originRequestPolicyId).toEqual('216adef6-5c7f-47e4-b989-5492eafa07d3');
   expect(OriginRequestPolicy.ELEMENTAL_MEDIA_TAILOR.originRequestPolicyId).toEqual('775133bc-15f2-49f9-abea-afb2e0bf67d2');
   expect(OriginRequestPolicy.ALL_VIEWER_AND_CLOUDFRONT_2022.originRequestPolicyId).toEqual('33f36d7e-f396-46d9-90e0-52428a34d9dc');
+  expect(OriginRequestPolicy.ALL_VIEWER_EXCEPT_HOST_HEADER.originRequestPolicyId).toEqual('b689b0a8-53d0-40ab-baf2-68738e2966ac');
 });
 
 // OriginRequestCookieBehavior and OriginRequestQueryStringBehavior have identical behavior