feat: added AllViewerExceptHostHeader as new OriginRequest policy (#24562)

Added the managed AllViewerExceptHostHeader  policy as it was missing


Closes #24552.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: stefanfreitag

packages/@aws-cdk/aws-cloudfront/lib/origin-request-policy.ts

@@ -68,6 +68,8 @@ export class OriginRequestPolicy extends Resource implements IOriginRequestPolic
   public static readonly ELEMENTAL_MEDIA_TAILOR = OriginRequestPolicy.fromManagedOriginRequestPolicy('775133bc-15f2-49f9-abea-afb2e0bf67d2');
   /** This policy includes all values (headers, cookies, and query strings) in the viewer request, and all CloudFront headers that were released through June 2022 (CloudFront headers released after June 2022 are not included). */
   public static readonly ALL_VIEWER_AND_CLOUDFRONT_2022 = OriginRequestPolicy.fromManagedOriginRequestPolicy('33f36d7e-f396-46d9-90e0-52428a34d9dc');
+  /** This policy includes all values (query strings, and cookies) except the header in the viewer request. */
+  public static readonly ALL_VIEWER_EXCEPT_HOST_HEADER = OriginRequestPolicy.fromManagedOriginRequestPolicy('b689b0a8-53d0-40ab-baf2-68738e2966ac');
 
   /** Imports a Origin Request Policy from its id. */
   public static fromOriginRequestPolicyId(scope: Construct, id: string, originRequestPolicyId: string): IOriginRequestPolicy {

packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/cdk.out

@@ -1 +1 @@
-{"version":"22.0.0"}
+{"version":"31.0.0"}

packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/integ-distribution-policies.assets.json

@@ -1,15 +1,15 @@
 {
-  "version": "22.0.0",
+  "version": "31.0.0",
   "files": {
-    "85cdf1d3cb389bbffb86daea3e968294cc2b3ab0ca95c300db0a6b907bed5589": {
+    "b775626104dd72b1b3fc9a1fb6e652212a0a0aa05be2d07ce372eaf29589c146": {
       "source": {
         "path": "integ-distribution-policies.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "85cdf1d3cb389bbffb86daea3e968294cc2b3ab0ca95c300db0a6b907bed5589.json",
+          "objectKey": "b775626104dd72b1b3fc9a1fb6e652212a0a0aa05be2d07ce372eaf29589c146.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/integ-distribution-policies.template.json

@@ -123,6 +123,37 @@
      ]
     }
    }
+  },
+  "Dist24014FEC1": {
+   "Type": "AWS::CloudFront::Distribution",
+   "Properties": {
+    "DistributionConfig": {
+     "DefaultCacheBehavior": {
+      "CachePolicyId": {
+       "Ref": "CachePolicy26D8A535"
+      },
+      "Compress": true,
+      "OriginRequestPolicyId": "b689b0a8-53d0-40ab-baf2-68738e2966ac",
+      "ResponseHeadersPolicyId": {
+       "Ref": "ResponseHeadersPolicy13DBF9E0"
+      },
+      "TargetOriginId": "integdistributionpoliciesDist2Origin16AFA66C6",
+      "ViewerProtocolPolicy": "allow-all"
+     },
+     "Enabled": true,
+     "HttpVersion": "http2",
+     "IPV6Enabled": true,
+     "Origins": [
+      {
+       "CustomOriginConfig": {
+        "OriginProtocolPolicy": "https-only"
+       },
+       "DomainName": "www.example-2.com",
+       "Id": "integdistributionpoliciesDist2Origin16AFA66C6"
+      }
+     ]
+    }
+   }
   }
  },
  "Parameters": {

packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/integ.json

@@ -1,5 +1,5 @@
 {
-  "version": "22.0.0",
+  "version": "31.0.0",
   "testCases": {
     "integ.distribution-policies": {
       "stacks": [

packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "22.0.0",
+  "version": "31.0.0",
   "artifacts": {
     "integ-distribution-policies.assets": {
       "type": "cdk:asset-manifest",
@@ -17,7 +17,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/85cdf1d3cb389bbffb86daea3e968294cc2b3ab0ca95c300db0a6b907bed5589.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b775626104dd72b1b3fc9a1fb6e652212a0a0aa05be2d07ce372eaf29589c146.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [
@@ -57,6 +57,12 @@
             "data": "DistB3B78991"
           }
         ],
+        "/integ-distribution-policies/Dist-2/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "Dist24014FEC1"
+          }
+        ],
         "/integ-distribution-policies/BootstrapVersion": [
           {
             "type": "aws:cdk:logicalId",

packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.js.snapshot/tree.json

@@ -162,7 +162,7 @@
                 "path": "integ-distribution-policies/Dist/Origin1",
                 "constructInfo": {
                   "fqn": "constructs.Construct",
-                  "version": "10.1.189"
+                  "version": "10.1.270"
                 }
               },
               "Resource": {
@@ -213,6 +213,64 @@
               "version": "0.0.0"
             }
           },
+          "Dist-2": {
+            "id": "Dist-2",
+            "path": "integ-distribution-policies/Dist-2",
+            "children": {
+              "Origin1": {
+                "id": "Origin1",
+                "path": "integ-distribution-policies/Dist-2/Origin1",
+                "constructInfo": {
+                  "fqn": "constructs.Construct",
+                  "version": "10.1.270"
+                }
+              },
+              "Resource": {
+                "id": "Resource",
+                "path": "integ-distribution-policies/Dist-2/Resource",
+                "attributes": {
+                  "aws:cdk:cloudformation:type": "AWS::CloudFront::Distribution",
+                  "aws:cdk:cloudformation:props": {
+                    "distributionConfig": {
+                      "enabled": true,
+                      "origins": [
+                        {
+                          "domainName": "www.example-2.com",
+                          "id": "integdistributionpoliciesDist2Origin16AFA66C6",
+                          "customOriginConfig": {
+                            "originProtocolPolicy": "https-only"
+                          }
+                        }
+                      ],
+                      "defaultCacheBehavior": {
+                        "pathPattern": "*",
+                        "targetOriginId": "integdistributionpoliciesDist2Origin16AFA66C6",
+                        "cachePolicyId": {
+                          "Ref": "CachePolicy26D8A535"
+                        },
+                        "compress": true,
+                        "originRequestPolicyId": "b689b0a8-53d0-40ab-baf2-68738e2966ac",
+                        "responseHeadersPolicyId": {
+                          "Ref": "ResponseHeadersPolicy13DBF9E0"
+                        },
+                        "viewerProtocolPolicy": "allow-all"
+                      },
+                      "httpVersion": "http2",
+                      "ipv6Enabled": true
+                    }
+                  }
+                },
+                "constructInfo": {
+                  "fqn": "@aws-cdk/aws-cloudfront.CfnDistribution",
+                  "version": "0.0.0"
+                }
+              }
+            },
+            "constructInfo": {
+              "fqn": "@aws-cdk/aws-cloudfront.Distribution",
+              "version": "0.0.0"
+            }
+          },
           "BootstrapVersion": {
             "id": "BootstrapVersion",
             "path": "integ-distribution-policies/BootstrapVersion",
@@ -240,7 +298,7 @@
         "path": "Tree",
         "constructInfo": {
           "fqn": "constructs.Construct",
-          "version": "10.1.189"
+          "version": "10.1.270"
         }
       }
     },

packages/@aws-cdk/aws-cloudfront/test/integ.distribution-policies.ts

@@ -1,6 +1,7 @@
 import * as cdk from '@aws-cdk/core';
 import { TestOrigin } from './test-origin';
 import * as cloudfront from '../lib';
+import { OriginRequestPolicy } from '../lib';
 
 const app = new cdk.App();
 const stack = new cdk.Stack(app, 'integ-distribution-policies');
@@ -38,4 +39,13 @@ new cloudfront.Distribution(stack, 'Dist', {
   },
 });
 
+new cloudfront.Distribution(stack, 'Dist-2', {
+  defaultBehavior: {
+    origin: new TestOrigin('www.example-2.com'),
+    cachePolicy,
+    originRequestPolicy: OriginRequestPolicy.ALL_VIEWER_EXCEPT_HOST_HEADER,
+    responseHeadersPolicy,
+  },
+});
+
 app.synth();

packages/@aws-cdk/aws-cloudfront/test/origin-request-policy.test.ts

@@ -109,6 +109,7 @@ test('managed policies are provided', () => {
   expect(OriginRequestPolicy.ALL_VIEWER.originRequestPolicyId).toEqual('216adef6-5c7f-47e4-b989-5492eafa07d3');
   expect(OriginRequestPolicy.ELEMENTAL_MEDIA_TAILOR.originRequestPolicyId).toEqual('775133bc-15f2-49f9-abea-afb2e0bf67d2');
   expect(OriginRequestPolicy.ALL_VIEWER_AND_CLOUDFRONT_2022.originRequestPolicyId).toEqual('33f36d7e-f396-46d9-90e0-52428a34d9dc');
+  expect(OriginRequestPolicy.ALL_VIEWER_EXCEPT_HOST_HEADER.originRequestPolicyId).toEqual('b689b0a8-53d0-40ab-baf2-68738e2966ac');
 });
 
 // OriginRequestCookieBehavior and OriginRequestQueryStringBehavior have identical behavior