Skip to content

Commit 1f05b45

Browse files
nikpivkinnikpivkin
authored
fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#8548)
Signed-off-by: nikpivkin <[email protected]>
1 parent 6973da6 commit 1f05b45

File tree

2 files changed

+8
-2
lines changed

2 files changed

+8
-2
lines changed

pkg/iac/adapters/cloudformation/aws/eks/cluster.go

+5-1
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ func getClusters(ctx parser.FileContext) (clusters []eks.Cluster) {
1515
Metadata: r.Metadata(),
1616
Logging: getLogging(r),
1717
Encryption: getEncryptionConfig(r),
18-
PublicAccessEnabled: r.GetBoolProperty("ResourcesVpcConfig.EndpointPublicAccess"),
18+
PublicAccessEnabled: r.GetBoolProperty("ResourcesVpcConfig.EndpointPublicAccess", true),
1919
PublicAccessCIDRs: getPublicCIDRs(r),
2020
}
2121

@@ -35,6 +35,10 @@ func getPublicCIDRs(r *parser.Resource) []iacTypes.StringValue {
3535
cidrs = append(cidrs, el.AsStringValue())
3636
}
3737

38+
if len(cidrs) == 0 {
39+
return []iacTypes.StringValue{iacTypes.StringDefault("0.0.0.0/0", r.Metadata())}
40+
}
41+
3842
return cidrs
3943
}
4044

pkg/iac/adapters/cloudformation/aws/eks/eks_test.go

+3-1
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,9 @@ Resources:
6868
Type: AWS::EKS::Cluster
6969
`,
7070
expected: eks.EKS{
71-
Clusters: []eks.Cluster{{}},
71+
Clusters: []eks.Cluster{{
72+
PublicAccessEnabled: types.BoolTest(true),
73+
}},
7274
},
7375
},
7476
}

0 commit comments

Comments
 (0)