fix(cloudfront): fix ViewerProtocolPolicy and GeoRestrictionType (#2701)

2026-02-10 23:05:05 +00:00 · 2023-08-10 12:02:49 +02:00
parent 1e1f445ade
commit f4308032c3
2 changed files with 13 additions and 12 deletions
--- a/prowler/providers/aws/services/cloudfront/cloudfront_service.py
+++ b/prowler/providers/aws/services/cloudfront/cloudfront_service.py
@@ -55,13 +55,11 @@ class CloudFront(AWSService):
                ]["Logging"]["Enabled"]
                distributions[
                    distribution_id
-                ].geo_restriction_type = distribution_config["DistributionConfig"][
-                    "Restrictions"
-                ][
-                    "GeoRestriction"
-                ][
-                    "RestrictionType"
-                ]
+                ].geo_restriction_type = GeoRestrictionType(
+                    distribution_config["DistributionConfig"]["Restrictions"][
+                        "GeoRestriction"
+                    ]["RestrictionType"]
+                )
                distributions[distribution_id].web_acl_id = distribution_config[
                    "DistributionConfig"
                ]["WebACLId"]
@@ -71,9 +69,11 @@ class CloudFront(AWSService):
                    realtime_log_config_arn=distribution_config["DistributionConfig"][
                        "DefaultCacheBehavior"
                    ].get("RealtimeLogConfigArn"),
-                    viewer_protocol_policy=distribution_config["DistributionConfig"][
-                        "DefaultCacheBehavior"
-                    ].get("ViewerProtocolPolicy"),
+                    viewer_protocol_policy=ViewerProtocolPolicy(
+                        distribution_config["DistributionConfig"][
+                            "DefaultCacheBehavior"
+                        ].get("ViewerProtocolPolicy")
+                    ),
                    field_level_encryption_id=distribution_config["DistributionConfig"][
                        "DefaultCacheBehavior"
                    ].get("FieldLevelEncryptionId"),
@@ -131,7 +131,7 @@ class DefaultCacheConfigBehaviour(BaseModel):


 class Distribution(BaseModel):
-    """Distribution holds a CloudFront Distribution with the required information to run the rela"""
+    """Distribution holds a CloudFront Distribution resource"""

    arn: str
    id: str
--- a/tests/providers/aws/services/cloudfront/cloudfront_service_test.py
+++ b/tests/providers/aws/services/cloudfront/cloudfront_service_test.py
@@ -8,6 +8,7 @@ from moto.core import DEFAULT_ACCOUNT_ID
 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
 from prowler.providers.aws.services.cloudfront.cloudfront_service import (
    CloudFront,
+    GeoRestrictionType,
    ViewerProtocolPolicy,
 )
 from prowler.providers.common.models import Audit_Metadata
@@ -243,7 +244,7 @@ class Test_CloudFront_Service:
        )
        assert (
            cloudfront.distributions[cloudfront_distribution_id].geo_restriction_type
-            == "blacklist"
+            == GeoRestrictionType.blacklist
        )
        assert (
            cloudfront.distributions[cloudfront_distribution_id].web_acl_id