bug: apigateway/api_gw_cache_encrypted.sql opposite condition

[sabe6]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

https://github.com/cloudquery/cloudquery/blob/main/plugins/source/aws/policies/queries/apigateway/api_gw_cache_encrypted.sql

APIGateway.5 control says:

The control fails if any method in an API Gateway REST API stage is configured to cache and the cache is not encrypted.

But current sql would got be 'pass'. It is correct if 'fail' when caching enabled and encrypted disabled.

Expected Behavior

Patch it works:

diff --git a/plugins/source/aws/policies/queries/apigateway/api_gw_cache_encrypted.sql b/plugins/source/aws/policies/queries/apigateway/api_gw_cache_encrypted.sql
index 2bd54a0ce..a935298be 100644
--- a/plugins/source/aws/policies/queries/apigateway/api_gw_cache_encrypted.sql
+++ b/plugins/source/aws/policies/queries/apigateway/api_gw_cache_encrypted.sql
@@ -8,11 +8,11 @@ select
   arn as resource_id,
   case
     when stage_caching_enabled is true
-        or (
+        and (
             caching_enabled is true
             and cache_data_encrypted is not true
-        ) then 'pass'
-    else 'fail'
+        ) then 'fail'
+    else 'pass'
   end as status
 from
     view_aws_apigateway_method_settings

CloudQuery (redacted) config

N/A

Steps To Reproduce

No response

CloudQuery (redacted) logs

N/A

CloudQuery version

main

Additional Context

No response

Pull request (optional)

• I can submit a pull request

[erezrokah]

Hi @sabe6 thanks for the issue, would you like to open a PR with the patch to fix it?