cfn-nag 0.6.0 → 0.6.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (38) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/AmazonMQBrokerUsersPasswordRule.rb +2 -2
  3. data/lib/cfn-nag/custom_rules/AmplifyAppAccessTokenRule.rb +2 -1
  4. data/lib/cfn-nag/custom_rules/AmplifyAppBasicAuthConfigPasswordRule.rb +2 -1
  5. data/lib/cfn-nag/custom_rules/AmplifyAppOauthTokenRule.rb +2 -1
  6. data/lib/cfn-nag/custom_rules/AmplifyBranchBasicAuthConfigPasswordRule.rb +2 -1
  7. data/lib/cfn-nag/custom_rules/AppStreamDirectoryConfigServiceAccountCredentialsAccountPasswordRule.rb +3 -2
  8. data/lib/cfn-nag/custom_rules/CodePipelineWebhookAuthenticationConfigurationSecretTokenRule.rb +2 -1
  9. data/lib/cfn-nag/custom_rules/DMSEndpointMongoDbSettingsPasswordRule.rb +2 -1
  10. data/lib/cfn-nag/custom_rules/DMSEndpointPasswordRule.rb +2 -1
  11. data/lib/cfn-nag/custom_rules/DirectoryServiceMicrosoftADPasswordRule.rb +2 -1
  12. data/lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb +2 -1
  13. data/lib/cfn-nag/custom_rules/DocDBDBClusterMasterUserPasswordRule.rb +2 -1
  14. data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesADDomainJoinPasswordRule.rb +2 -1
  15. data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule.rb +3 -2
  16. data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesKdcAdminPasswordRule.rb +2 -1
  17. data/lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAuthTokenRule.rb +2 -1
  18. data/lib/cfn-nag/custom_rules/IAMUserLoginProfilePasswordRule.rb +2 -1
  19. data/lib/cfn-nag/custom_rules/KinesisFirehoseDeliveryStreamRedshiftDestinationConfigurationPasswordRule.rb +3 -2
  20. data/lib/cfn-nag/custom_rules/KinesisFirehoseDeliveryStreamSplunkDestinationConfigurationHECTokenRule.rb +3 -2
  21. data/lib/cfn-nag/custom_rules/LambdaPermissionEventSourceTokenRule.rb +2 -1
  22. data/lib/cfn-nag/custom_rules/OpsWorksAppAppSourcePasswordRule.rb +2 -1
  23. data/lib/cfn-nag/custom_rules/OpsWorksAppSslConfigurationPrivateKeyRule.rb +2 -1
  24. data/lib/cfn-nag/custom_rules/OpsWorksStackCustomCookbooksSourcePasswordRule.rb +2 -1
  25. data/lib/cfn-nag/custom_rules/OpsWorksStackRdsDbInstancesDbPasswordRule.rb +3 -2
  26. data/lib/cfn-nag/custom_rules/PinpointAPNSChannelPrivateKeyRule.rb +2 -1
  27. data/lib/cfn-nag/custom_rules/PinpointAPNSChannelTokenKeyRule.rb +2 -1
  28. data/lib/cfn-nag/custom_rules/PinpointAPNSSandboxChannelPrivateKeyRule.rb +2 -1
  29. data/lib/cfn-nag/custom_rules/PinpointAPNSSandboxChannelTokenKeyRule.rb +2 -1
  30. data/lib/cfn-nag/custom_rules/PinpointAPNSVoipChannelPrivateKeyRule.rb +2 -1
  31. data/lib/cfn-nag/custom_rules/PinpointAPNSVoipChannelTokenKeyRule.rb +2 -1
  32. data/lib/cfn-nag/custom_rules/PinpointAPNSVoipSandboxChannelPrivateKeyRule.rb +2 -1
  33. data/lib/cfn-nag/custom_rules/PinpointAPNSVoipSandboxChannelTokenKeyRule.rb +2 -1
  34. data/lib/cfn-nag/custom_rules/RDSDBClusterMasterUserPasswordRule.rb +2 -1
  35. data/lib/cfn-nag/custom_rules/RDSDBInstanceMasterUserPasswordRule.rb +2 -1
  36. data/lib/cfn-nag/custom_rules/RDSDBInstanceMasterUsernameRule.rb +2 -1
  37. data/lib/cfn-nag/custom_rules/RedshiftClusterMasterUserPasswordRule.rb +2 -1
  38. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ce61954c2ef415db38dfd9173ab93fb92145a7a2cf5778901bad880d3aabc762
4
- data.tar.gz: 8296a1bea671a836e464db5f9a4573d7b64ba87be90e841ce2ef5e823b61b49a
3
+ metadata.gz: a9ce6cd0d3c752291550da0672213d71d1fcd41e8198425c213230303ea8cfb6
4
+ data.tar.gz: aa57ef3c7b3c2817fc67d5fcf87984ba1d7f90faccc89087842710a5f7f07226
5
5
  SHA512:
6
- metadata.gz: 4d07a9749c20b7083b9f01b479e20ffdcc327be635d9285e3f7175f8be39c87d7d66fc5fd5d1a7d728d399d9d5fc96a92d7ea42ac90014b79528bcdf2a4786e7
7
- data.tar.gz: 227ef815606ef8eb763b1523de73ba0f4a0e8c6791afd809699057e41f37694ead17bd1714725838328516c45a369118852e5fadb76e334c75dde009ba459ed2
6
+ metadata.gz: cfa8286dc2e0ed4fbbfa37826557054839abc26080bb15b389c201e6309f2ab22343cc0b1e8380beaf03f6f1732d4eb6adf93a623e788e512ca15b184024bf2a
7
+ data.tar.gz: 4e756cec00c0e82a08d14f726e212bdcf6b45ae7e37bb3c3160165163367ca7cfcd601e1c95b554f69efe68a398c90848fec198a144dd073f7899e91f2495967
@@ -5,8 +5,8 @@ require_relative 'sub_property_with_list_password_base_rule'
5
5
 
6
6
  class AmazonMQBrokerUsersPasswordRule < SubPropertyWithListPasswordBaseRule
7
7
  def rule_text
8
- 'AmazonMQ Broker Users Password must not be a plaintext ' \
9
- 'string or a Ref to a NoEcho Parameter with a Default value.'
8
+ 'AmazonMQ Broker Users Password must not be a plaintext string or a Ref to a Parameter with a Default value. ' \
9
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
10
  end
11
11
 
12
12
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class AmplifyAppAccessTokenRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Amplify App AccessToken must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class AmplifyAppBasicAuthConfigPasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Amplify App BasicAuthConfig Password must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class AmplifyAppOauthTokenRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Amplify App OauthToken must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class AmplifyBranchBasicAuthConfigPasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Amplify Branch BasicAuthConfig Password must not be a plaintext ' \
9
- 'string or a Ref to a NoEcho Parameter with a Default value.' \
9
+ 'string or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,8 +6,9 @@ require_relative 'password_base_rule'
6
6
  class AppStreamDirectoryConfigServiceAccountCredentialsAccountPasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'AppStream DirectoryConfig ServiceAccountCredentials AccountPassword ' \
9
- 'must not be a plaintext string or a Ref to a NoEcho Parameter ' \
10
- 'with a Default value.'
9
+ 'must not be a plaintext string or a Ref to a Parameter ' \
10
+ 'with a Default value. ' \
11
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
11
12
  end
12
13
 
13
14
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class CodePipelineWebhookAuthenticationConfigurationSecretTokenRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'CodePipeline Webhook AuthenticationConfiguration SecretToken must not be ' \
9
- 'a plaintext string or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'a plaintext string or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class DMSEndpointMongoDbSettingsPasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'DMS Endpoint MongoDbSettings Password must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class DMSEndpointPasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'DMS Endpoint password must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -7,7 +7,8 @@ require_relative 'password_base_rule'
7
7
  class DirectoryServiceMicrosoftADPasswordRule < PasswordBaseRule
8
8
  def rule_text
9
9
  'Directory Service Microsoft AD password must not be a plaintext string ' \
10
- 'or a Ref to a NoEcho Parameter with a Default value.'
10
+ 'or a Ref to a Parameter with a Default value. ' \
11
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
11
12
  end
12
13
 
13
14
  def rule_type
@@ -7,7 +7,8 @@ require_relative 'password_base_rule'
7
7
  class DirectoryServiceSimpleADPasswordRule < PasswordBaseRule
8
8
  def rule_text
9
9
  'DirectoryService SimpleAD password must not be a plaintext string ' \
10
- 'or a Ref to a NoEcho Parameter with a Default value.'
10
+ 'or a Ref to a Parameter with a Default value. ' \
11
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
11
12
  end
12
13
 
13
14
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class DocDBDBClusterMasterUserPasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'DocDB DB Cluster master user password must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class EMRClusterKerberosAttributesADDomainJoinPasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'EMR Cluster KerberosAttributes AD Domain JoinPassword must not be a ' \
9
- 'plaintext string or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'plaintext string or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,8 +6,9 @@ require_relative 'password_base_rule'
6
6
  class EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'EMR Cluster KerberosAttributes CrossRealmTrustPrincipal Password must ' \
9
- 'not be a plaintext string or a Ref to a NoEcho Parameter with a ' \
10
- 'Default value.'
9
+ 'not be a plaintext string or a Ref to a Parameter with a ' \
10
+ 'Default value. ' \
11
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
11
12
  end
12
13
 
13
14
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class EMRClusterKerberosAttributesKdcAdminPasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'EMR Cluster KerberosAttributes KdcAdmin Password must not be a ' \
9
- 'plaintext string or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'plaintext string or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class ElastiCacheReplicationGroupAuthTokenRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'ElastiCache ReplicationGroup AuthToken must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class IAMUserLoginProfilePasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'IAM User LoginProfile Password must not be a plaintext string or ' \
9
- 'a Ref to a NoEcho Parameter with a Default value.'
9
+ 'a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,8 +6,9 @@ require_relative 'password_base_rule'
6
6
  class KinesisFirehoseDeliveryStreamRedshiftDestinationConfigurationPasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Kinesis Firehose DeliveryStream RedshiftDestinationConfiguration Password ' \
9
- 'must not be a plaintext string or a Ref to a NoEcho Parameter with a ' \
10
- 'Default value.'
9
+ 'must not be a plaintext string or a Ref to a Parameter with a ' \
10
+ 'Default value. ' \
11
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
11
12
  end
12
13
 
13
14
  def rule_type
@@ -6,8 +6,9 @@ require_relative 'password_base_rule'
6
6
  class KinesisFirehoseDeliveryStreamSplunkDestinationConfigurationHECTokenRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Kinesis Firehose DeliveryStream SplunkDestinationConfiguration HECToken ' \
9
- 'must not be a plaintext string or a Ref to a NoEcho Parameter with a ' \
10
- 'Default value.'
9
+ 'must not be a plaintext string or a Ref to a Parameter with a ' \
10
+ 'Default value. ' \
11
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
11
12
  end
12
13
 
13
14
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class LambdaPermissionEventSourceTokenRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Lambda Permission EventSourceToken must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class OpsWorksAppAppSourcePasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'OpsWorks App AppSource Password must not be a plaintext ' \
9
- 'string or a Ref to a NoEcho Parameter with a Default value.' \
9
+ 'string or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class OpsWorksAppSslConfigurationPrivateKeyRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'OpsWorks App SslConfiguration PrivateKey must not be a plaintext ' \
9
- 'string or a Ref to a NoEcho Parameter with a Default value.' \
9
+ 'string or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class OpsWorksStackCustomCookbooksSourcePasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'OpsWorks Stack CustomCookbooksSource Password must not be a plaintext ' \
9
- 'string or a Ref to a NoEcho Parameter with a Default value.' \
9
+ 'string or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -5,8 +5,9 @@ require_relative 'sub_property_with_list_password_base_rule'
5
5
 
6
6
  class OpsWorksStackRdsDbInstancesDbPasswordRule < SubPropertyWithListPasswordBaseRule
7
7
  def rule_text
8
- 'OpsWorks Stack RDS DbInstance DbPassword must not be a plaintext ' \
9
- 'string or a Ref to a NoEcho Parameter with a Default value.' \
8
+ 'OpsWorks Stack RDS DbInstance DbPassword must not be a plaintext string '\
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class PinpointAPNSChannelPrivateKeyRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Pinpoint APNSChannel PrivateKey must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class PinpointAPNSChannelTokenKeyRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Pinpoint APNSChannel TokenKey must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class PinpointAPNSSandboxChannelPrivateKeyRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Pinpoint APNSSandboxChannel PrivateKey must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class PinpointAPNSSandboxChannelTokenKeyRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Pinpoint APNSSandboxChannel TokenKey must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class PinpointAPNSVoipChannelPrivateKeyRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Pinpoint APNSVoipChannel PrivateKey must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class PinpointAPNSVoipChannelTokenKeyRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Pinpoint APNSChannel TokenKey must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class PinpointAPNSVoipSandboxChannelPrivateKeyRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Pinpoint APNSVoipSandboxChannel PrivateKey must not be a plaintext ' \
9
- 'string or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'string or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class PinpointAPNSVoipSandboxChannelTokenKeyRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Pinpoint APNSVoipSandboxChannel TokenKey must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class RDSDBClusterMasterUserPasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'RDS DB Cluster master user password must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class RDSDBInstanceMasterUserPasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'RDS instance master user password must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
10
11
  end
11
12
 
12
13
  def rule_type
@@ -7,7 +7,8 @@ require_relative 'password_base_rule'
7
7
  class RDSDBInstanceMasterUsernameRule < PasswordBaseRule
8
8
  def rule_text
9
9
  'RDS instance master username must not be a plaintext string ' \
10
- 'or a Ref to a NoEcho Parameter with a Default value.'
10
+ 'or a Ref to a Parameter with a Default value. ' \
11
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
11
12
  end
12
13
 
13
14
  def rule_type
@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
6
6
  class RedshiftClusterMasterUserPasswordRule < PasswordBaseRule
7
7
  def rule_text
8
8
  'Redshift Cluster master user password must not be a plaintext string ' \
9
- 'or a Ref to a NoEcho Parameter with a Default value.'
9
+ 'or a Ref to a Parameter with a Default value. ' \
10
+ 'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
10
11
  end
11
12
 
12
13
  def rule_type
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-07 00:00:00.000000000 Z
11
+ date: 2020-05-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake