cfn-nag 0.1.8 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb +1 -1
  3. data/lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb +1 -1
  4. data/lib/cfn-nag/custom_rules/IamManagedPolicyWildcardActionRule.rb +1 -1
  5. data/lib/cfn-nag/custom_rules/IamManagedPolicyWildcardResourceRule.rb +1 -1
  6. data/lib/cfn-nag/custom_rules/IamPolicyNotActionRule.rb +1 -1
  7. data/lib/cfn-nag/custom_rules/IamPolicyNotResourceRule.rb +1 -1
  8. data/lib/cfn-nag/custom_rules/IamPolicyWildcardActionRule.rb +1 -1
  9. data/lib/cfn-nag/custom_rules/IamPolicyWildcardResourceRule.rb +1 -1
  10. data/lib/cfn-nag/custom_rules/IamRoleNotActionOnPermissionsPolicyRule.rb +2 -2
  11. data/lib/cfn-nag/custom_rules/IamRoleNotActionOnTrustPolicyRule.rb +1 -1
  12. data/lib/cfn-nag/custom_rules/IamRoleNotPrincipalOnTrustPolicyRule.rb +1 -1
  13. data/lib/cfn-nag/custom_rules/IamRoleNotResourceOnPermissionsPolicyRule.rb +2 -2
  14. data/lib/cfn-nag/custom_rules/IamRoleWildcardActionOnPermissionsPolicyRule.rb +2 -2
  15. data/lib/cfn-nag/custom_rules/IamRoleWildcardActionOnTrustPolicyRule.rb +1 -1
  16. data/lib/cfn-nag/custom_rules/IamRoleWildcardResourceOnPermissionsPolicyRule.rb +2 -2
  17. data/lib/cfn-nag/custom_rules/S3BucketPolicyNotActionRule.rb +1 -1
  18. data/lib/cfn-nag/custom_rules/S3BucketPolicyNotPrincipalRule.rb +1 -1
  19. data/lib/cfn-nag/custom_rules/S3BucketPolicyWildcardActionRule.rb +1 -1
  20. data/lib/cfn-nag/custom_rules/S3BucketPolicyWildcardPrincipalRule.rb +1 -1
  21. data/lib/cfn-nag/custom_rules/SecurityGroupEgressOpenToWorldRule.rb +1 -1
  22. data/lib/cfn-nag/custom_rules/SecurityGroupEgressPortRangeRule.rb +1 -1
  23. data/lib/cfn-nag/custom_rules/SecurityGroupIngressCidrNon32Rule.rb +1 -1
  24. data/lib/cfn-nag/custom_rules/SecurityGroupIngressOpenToWorldRule.rb +1 -1
  25. data/lib/cfn-nag/custom_rules/SecurityGroupIngressPortRangeRule.rb +1 -1
  26. data/lib/cfn-nag/custom_rules/SecurityGroupMissingEgressRule.rb +1 -1
  27. data/lib/cfn-nag/custom_rules/SnsTopicPolicyNotActionRule.rb +1 -1
  28. data/lib/cfn-nag/custom_rules/SnsTopicPolicyNotPrincipalRule.rb +1 -1
  29. data/lib/cfn-nag/custom_rules/SnsTopicPolicyWildcardPrincipalRule.rb +1 -1
  30. data/lib/cfn-nag/custom_rules/SqsQueuePolicyNotActionRule.rb +1 -1
  31. data/lib/cfn-nag/custom_rules/SqsQueuePolicyNotPrincipalRule.rb +1 -1
  32. data/lib/cfn-nag/custom_rules/SqsQueuePolicyWildcardActionRule.rb +1 -1
  33. data/lib/cfn-nag/custom_rules/SqsQueuePolicyWildcardPrincipalRule.rb +1 -1
  34. data/lib/cfn-nag/custom_rules/UserHasInlinePolicyRule.rb +1 -1
  35. data/lib/cfn-nag/custom_rules/UserMissingGroupRule.rb +1 -1
  36. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: bd5906c9788032280ede5ed4140f22b9654044a2
4
- data.tar.gz: 1afc86b72e29a99ec4a91566b00ff2ee5b973078
3
+ metadata.gz: 9afa055a091cce26ce861f4788565f5e4be10fee
4
+ data.tar.gz: 0bd54fe8e8c9c4fc7d53e2aa755051c11becd143
5
5
  SHA512:
6
- metadata.gz: e4bbe81af76602d8c5bdb0705bf5fd92b898bf5a11d630a644d97f557ba5cf772272649483aaadbc58f9e4872bee768a6e919b38f2c0681f0f9e0dd4e7cd5eba
7
- data.tar.gz: c5b85b35db56051f6196ab02a60c665592768ae2e15f5ef3d49440c6a1bf0232789b603f58b048394d9d73ce3c01d659c01c2853b55de0b9329a8112bbcfd980
6
+ metadata.gz: ac0a50f49100462562dc74c792bd4c367018c931a8d01ad7e534d910b21116cc2b93abb4c2f64d164f9c432e81fc6a07bc4b9457f6238fb23257806998c6e2f4
7
+ data.tar.gz: cf262ff579adfc1072673cf8c9ef34cb7785035c2c460120a7b211f8e37574981d895c88920f4f4c7ead50eb5c0b5a7fc7fd7bae52ac75b40a2bb761ab7f5efd
data/lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamManagedPolicyNotActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::ManagedPolicy').select do |policy|
20
- !policy.policyDocument.allows_not_action.empty?
20
+ !policy.policy_document.allows_not_action.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamManagedPolicyNotResourceRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamManagedPolicyNotResourceRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::ManagedPolicy').select do |policy|
20
- !policy.policyDocument.allows_not_resource.empty?
20
+ !policy.policy_document.allows_not_resource.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamManagedPolicyWildcardActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamManagedPolicyWildcardActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::ManagedPolicy').select do |policy|
20
- !policy.policyDocument.wildcard_allowed_actions.empty?
20
+ !policy.policy_document.wildcard_allowed_actions.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamManagedPolicyWildcardResourceRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamManagedPolicyWildcardResourceRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::ManagedPolicy').select do |policy|
20
- !policy.policyDocument.wildcard_allowed_resources.empty?
20
+ !policy.policy_document.wildcard_allowed_resources.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamPolicyNotActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamPolicyNotActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').select do |policy|
20
- !policy.policyDocument.allows_not_action.empty?
20
+ !policy.policy_document.allows_not_action.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamPolicyNotResourceRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamPolicyNotResourceRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').select do |policy|
20
- !policy.policyDocument.allows_not_resource.empty?
20
+ !policy.policy_document.allows_not_resource.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamPolicyWildcardActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamPolicyWildcardActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').select do |policy|
20
- !policy.policyDocument.wildcard_allowed_actions.empty?
20
+ !policy.policy_document.wildcard_allowed_actions.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamPolicyWildcardResourceRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamPolicyWildcardResourceRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::IAM::Policy').select do |policy|
20
- !policy.policyDocument.wildcard_allowed_resources.empty?
20
+ !policy.policy_document.wildcard_allowed_resources.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamRoleNotActionOnPermissionsPolicyRule.rb CHANGED
@@ -17,8 +17,8 @@ class IamRoleNotActionOnPermissionsPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- violating_policies = role.policies.select do |policy|
21
- !policy.policyDocument.allows_not_action.empty?
20
+ violating_policies = role.policy_objects.select do |policy|
21
+ !policy.policy_document.allows_not_action.empty?
22
22
  end
23
23
  !violating_policies.empty?
24
24
  end
data/lib/cfn-nag/custom_rules/IamRoleNotActionOnTrustPolicyRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamRoleNotActionOnTrustPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- !role.assumeRolePolicyDocument.allows_not_action.empty?
20
+ !role.assume_role_policy_document.allows_not_action.empty?
21
21
  end
22
22
 
23
23
  violating_roles.map { |role| role.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamRoleNotPrincipalOnTrustPolicyRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamRoleNotPrincipalOnTrustPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- !role.assumeRolePolicyDocument.allows_not_principal.empty?
20
+ !role.assume_role_policy_document.allows_not_principal.empty?
21
21
  end
22
22
 
23
23
  violating_roles.map { |role| role.logical_resource_id }
data/lib/cfn-nag/custom_rules/IamRoleNotResourceOnPermissionsPolicyRule.rb CHANGED
@@ -17,8 +17,8 @@ class IamRoleNotResourceOnPermissionsPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- violating_policies = role.policies.select do |policy|
21
- !policy.policyDocument.allows_not_resource.empty?
20
+ violating_policies = role.policy_objects.select do |policy|
21
+ !policy.policy_document.allows_not_resource.empty?
22
22
  end
23
23
  !violating_policies.empty?
24
24
  end
data/lib/cfn-nag/custom_rules/IamRoleWildcardActionOnPermissionsPolicyRule.rb CHANGED
@@ -17,8 +17,8 @@ class IamRoleWildcardActionOnPermissionsPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- violating_policies = role.policies.select do |policy|
21
- !policy.policyDocument.wildcard_allowed_actions.empty?
20
+ violating_policies = role.policy_objects.select do |policy|
21
+ !policy.policy_document.wildcard_allowed_actions.empty?
22
22
  end
23
23
  !violating_policies.empty?
24
24
  end
data/lib/cfn-nag/custom_rules/IamRoleWildcardActionOnTrustPolicyRule.rb CHANGED
@@ -17,7 +17,7 @@ class IamRoleWildcardActionOnTrustPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- !role.assumeRolePolicyDocument.wildcard_allowed_actions.empty?
20
+ !role.assume_role_policy_document.wildcard_allowed_actions.empty?
21
21
  end
22
22
 
23
23
  violating_roles.map { |role| role.logical_resource_id}
data/lib/cfn-nag/custom_rules/IamRoleWildcardResourceOnPermissionsPolicyRule.rb CHANGED
@@ -17,8 +17,8 @@ class IamRoleWildcardResourceOnPermissionsPolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_roles = cfn_model.resources_by_type('AWS::IAM::Role').select do |role|
20
- violating_policies = role.policies.select do |policy|
21
- !policy.policyDocument.wildcard_allowed_resources.empty?
20
+ violating_policies = role.policy_objects.select do |policy|
21
+ !policy.policy_document.wildcard_allowed_resources.empty?
22
22
  end
23
23
  !violating_policies.empty?
24
24
  end
data/lib/cfn-nag/custom_rules/S3BucketPolicyNotActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class S3BucketPolicyNotActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::S3::BucketPolicy').select do |policy|
20
- !policy.policyDocument.allows_not_action.empty?
20
+ !policy.policy_document.allows_not_action.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/S3BucketPolicyNotPrincipalRule.rb CHANGED
@@ -17,7 +17,7 @@ class S3BucketPolicyNotPrincipalRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::S3::BucketPolicy').select do |policy|
20
- !policy.policyDocument.allows_not_principal.empty?
20
+ !policy.policy_document.allows_not_principal.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/S3BucketPolicyWildcardActionRule.rb CHANGED
@@ -20,7 +20,7 @@ class S3BucketPolicyWildcardActionRule < BaseRule
20
20
 
21
21
  cfn_model.resources_by_type('AWS::S3::BucketPolicy').each do |bucket_policy|
22
22
 
23
- if !bucket_policy.policyDocument.wildcard_allowed_actions.empty?
23
+ if !bucket_policy.policy_document.wildcard_allowed_actions.empty?
24
24
  logical_resource_ids << bucket_policy.logical_resource_id
25
25
  end
26
26
  end
data/lib/cfn-nag/custom_rules/S3BucketPolicyWildcardPrincipalRule.rb CHANGED
@@ -19,7 +19,7 @@ class S3BucketPolicyWildcardPrincipalRule < BaseRule
19
19
  logical_resource_ids = []
20
20
 
21
21
  cfn_model.resources_by_type('AWS::S3::BucketPolicy').each do |topic_policy|
22
- if !topic_policy.policyDocument.wildcard_allowed_principals.empty?
22
+ if !topic_policy.policy_document.wildcard_allowed_principals.empty?
23
23
  logical_resource_ids << topic_policy.logical_resource_id
24
24
  end
25
25
  end
data/lib/cfn-nag/custom_rules/SecurityGroupEgressOpenToWorldRule.rb CHANGED
@@ -22,7 +22,7 @@ class SecurityGroupEgressOpenToWorldRule < BaseRule
22
22
  def audit_impl(cfn_model)
23
23
  logical_resource_ids = []
24
24
  cfn_model.security_groups.each do |security_group|
25
- violating_egresses = security_group.securityGroupEgress.select do |egress|
25
+ violating_egresses = security_group.egresses.select do |egress|
26
26
  ip4_open?(egress) || ip6_open?(egress)
27
27
  end
28
28
 
data/lib/cfn-nag/custom_rules/SecurityGroupEgressPortRangeRule.rb CHANGED
@@ -20,7 +20,7 @@ class SecurityGroupEgressPortRangeRule < BaseRule
20
20
  def audit_impl(cfn_model)
21
21
  logical_resource_ids = []
22
22
  cfn_model.security_groups.each do |security_group|
23
- violating_egresses = security_group.securityGroupEgress.select do |egress|
23
+ violating_egresses = security_group.egresses.select do |egress|
24
24
  egress.fromPort != egress.toPort
25
25
  end
26
26
 
data/lib/cfn-nag/custom_rules/SecurityGroupIngressCidrNon32Rule.rb CHANGED
@@ -22,7 +22,7 @@ class SecurityGroupIngressCidrNon32Rule < BaseRule
22
22
  def audit_impl(cfn_model)
23
23
  logical_resource_ids = []
24
24
  cfn_model.security_groups.each do |security_group|
25
- violating_ingresses = security_group.securityGroupIngress.select do |ingress|
25
+ violating_ingresses = security_group.ingresses.select do |ingress|
26
26
  ip4_cidr_range?(ingress) || ip6_cidr_range?(ingress)
27
27
  end
28
28
 
data/lib/cfn-nag/custom_rules/SecurityGroupIngressOpenToWorldRule.rb CHANGED
@@ -22,7 +22,7 @@ class SecurityGroupIngressOpenToWorldRule < BaseRule
22
22
  def audit_impl(cfn_model)
23
23
  logical_resource_ids = []
24
24
  cfn_model.security_groups.each do |security_group|
25
- violating_ingresses = security_group.securityGroupIngress.select do |ingress|
25
+ violating_ingresses = security_group.ingresses.select do |ingress|
26
26
  ip4_open?(ingress) || ip6_open?(ingress)
27
27
  end
28
28
 
data/lib/cfn-nag/custom_rules/SecurityGroupIngressPortRangeRule.rb CHANGED
@@ -20,7 +20,7 @@ class SecurityGroupIngressPortRangeRule < BaseRule
20
20
  def audit_impl(cfn_model)
21
21
  logical_resource_ids = []
22
22
  cfn_model.security_groups.each do |security_group|
23
- violating_ingresses = security_group.securityGroupIngress.select do |ingress|
23
+ violating_ingresses = security_group.ingresses.select do |ingress|
24
24
  ingress.fromPort != ingress.toPort
25
25
  end
26
26
 
data/lib/cfn-nag/custom_rules/SecurityGroupMissingEgressRule.rb CHANGED
@@ -18,7 +18,7 @@ class SecurityGroupMissingEgressRule < BaseRule
18
18
  def audit_impl(cfn_model)
19
19
  logical_resource_ids = []
20
20
  cfn_model.security_groups.each do |security_group|
21
- if security_group.securityGroupEgress.empty?
21
+ if security_group.egresses.empty?
22
22
  logical_resource_ids << security_group.logical_resource_id
23
23
  end
24
24
  end
data/lib/cfn-nag/custom_rules/SnsTopicPolicyNotActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class SnsTopicPolicyNotActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::SNS::TopicPolicy').select do |policy|
20
- !policy.policyDocument.allows_not_action.empty?
20
+ !policy.policy_document.allows_not_action.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/SnsTopicPolicyNotPrincipalRule.rb CHANGED
@@ -17,7 +17,7 @@ class SnsTopicPolicyNotPrincipalRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::SNS::TopicPolicy').select do |policy|
20
- !policy.policyDocument.allows_not_principal.empty?
20
+ !policy.policy_document.allows_not_principal.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/SnsTopicPolicyWildcardPrincipalRule.rb CHANGED
@@ -19,7 +19,7 @@ class SnsTopicPolicyWildcardPrincipalRule < BaseRule
19
19
  logical_resource_ids = []
20
20
 
21
21
  cfn_model.resources_by_type('AWS::SNS::TopicPolicy').each do |topic_policy|
22
- if !topic_policy.policyDocument.wildcard_allowed_principals.empty?
22
+ if !topic_policy.policy_document.wildcard_allowed_principals.empty?
23
23
  logical_resource_ids << topic_policy.logical_resource_id
24
24
  end
25
25
  end
data/lib/cfn-nag/custom_rules/SqsQueuePolicyNotActionRule.rb CHANGED
@@ -17,7 +17,7 @@ class SqsQueuePolicyNotActionRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::SQS::QueuePolicy').select do |policy|
20
- !policy.policyDocument.allows_not_action.empty?
20
+ !policy.policy_document.allows_not_action.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/SqsQueuePolicyNotPrincipalRule.rb CHANGED
@@ -17,7 +17,7 @@ class SqsQueuePolicyNotPrincipalRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_policies = cfn_model.resources_by_type('AWS::SQS::QueuePolicy').select do |policy|
20
- !policy.policyDocument.allows_not_principal.empty?
20
+ !policy.policy_document.allows_not_principal.empty?
21
21
  end
22
22
 
23
23
  violating_policies.map { |policy| policy.logical_resource_id }
data/lib/cfn-nag/custom_rules/SqsQueuePolicyWildcardActionRule.rb CHANGED
@@ -20,7 +20,7 @@ class SqsQueuePolicyWildcardActionRule < BaseRule
20
20
 
21
21
  cfn_model.resources_by_type('AWS::SQS::QueuePolicy').each do |queue_policy|
22
22
 
23
- if !queue_policy.policyDocument.wildcard_allowed_actions.empty?
23
+ if !queue_policy.policy_document.wildcard_allowed_actions.empty?
24
24
  logical_resource_ids << queue_policy.logical_resource_id
25
25
  end
26
26
  end
data/lib/cfn-nag/custom_rules/SqsQueuePolicyWildcardPrincipalRule.rb CHANGED
@@ -19,7 +19,7 @@ class SqsQueuePolicyWildcardPrincipalRule < BaseRule
19
19
  logical_resource_ids = []
20
20
 
21
21
  cfn_model.resources_by_type('AWS::SQS::QueuePolicy').each do |topic_policy|
22
- if !topic_policy.policyDocument.wildcard_allowed_principals.empty?
22
+ if !topic_policy.policy_document.wildcard_allowed_principals.empty?
23
23
  logical_resource_ids << topic_policy.logical_resource_id
24
24
  end
25
25
  end
data/lib/cfn-nag/custom_rules/UserHasInlinePolicyRule.rb CHANGED
@@ -17,7 +17,7 @@ class UserHasInlinePolicyRule < BaseRule
17
17
 
18
18
  def audit_impl(cfn_model)
19
19
  violating_users = cfn_model.iam_users.select do |iam_user|
20
- iam_user.policies.size > 0
20
+ iam_user.policy_objects.size > 0
21
21
  end
22
22
 
23
23
  violating_users.map { |violating_user| violating_user.logical_resource_id }
data/lib/cfn-nag/custom_rules/UserMissingGroupRule.rb CHANGED
@@ -18,7 +18,7 @@ class UserMissingGroupRule < BaseRule
18
18
  def audit_impl(cfn_model)
19
19
  logical_resource_ids = []
20
20
  cfn_model.iam_users.each do |iam_user|
21
- if iam_user.groups.empty?
21
+ if iam_user.group_names.empty?
22
22
  logical_resource_ids << iam_user.logical_resource_id
23
23
  end
24
24
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.8
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-07-19 00:00:00.000000000 Z
11
+ date: 2017-08-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: logging
@@ -44,14 +44,14 @@ dependencies:
44
44
  requirements:
45
45
  - - '='
46
46
  - !ruby/object:Gem::Version
47
- version: 0.0.8
47
+ version: 0.1.2
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - '='
53
53
  - !ruby/object:Gem::Version
54
- version: 0.0.8
54
+ version: 0.1.2
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: jmespath
57
57
  requirement: !ruby/object:Gem::Requirement