RubyGems - cfn-nag - Versions diffs - 0.6.0 → 0.6.1 - Mend

cfn-nag 0.6.0 → 0.6.1

Files changed (38) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ce61954c2ef415db38dfd9173ab93fb92145a7a2cf5778901bad880d3aabc762
-  data.tar.gz: 8296a1bea671a836e464db5f9a4573d7b64ba87be90e841ce2ef5e823b61b49a
+  metadata.gz: a9ce6cd0d3c752291550da0672213d71d1fcd41e8198425c213230303ea8cfb6
+  data.tar.gz: aa57ef3c7b3c2817fc67d5fcf87984ba1d7f90faccc89087842710a5f7f07226
 SHA512:
-  metadata.gz: 4d07a9749c20b7083b9f01b479e20ffdcc327be635d9285e3f7175f8be39c87d7d66fc5fd5d1a7d728d399d9d5fc96a92d7ea42ac90014b79528bcdf2a4786e7
-  data.tar.gz: 227ef815606ef8eb763b1523de73ba0f4a0e8c6791afd809699057e41f37694ead17bd1714725838328516c45a369118852e5fadb76e334c75dde009ba459ed2
+  metadata.gz: cfa8286dc2e0ed4fbbfa37826557054839abc26080bb15b389c201e6309f2ab22343cc0b1e8380beaf03f6f1732d4eb6adf93a623e788e512ca15b184024bf2a
+  data.tar.gz: 4e756cec00c0e82a08d14f726e212bdcf6b45ae7e37bb3c3160165163367ca7cfcd601e1c95b554f69efe68a398c90848fec198a144dd073f7899e91f2495967

data/lib/cfn-nag/custom_rules/AmazonMQBrokerUsersPasswordRule.rb CHANGED

@@ -5,8 +5,8 @@ require_relative 'sub_property_with_list_password_base_rule'
 class AmazonMQBrokerUsersPasswordRule < SubPropertyWithListPasswordBaseRule
   def rule_text
-    'AmazonMQ Broker Users Password must not be a plaintext ' \
-    'string or a Ref to a NoEcho Parameter with a Default value.'
+    'AmazonMQ Broker Users Password must not be a plaintext string or a Ref to a Parameter with a Default value. ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/AmplifyAppAccessTokenRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class AmplifyAppAccessTokenRule < PasswordBaseRule
   def rule_text
     'Amplify App AccessToken must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/AmplifyAppBasicAuthConfigPasswordRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class AmplifyAppBasicAuthConfigPasswordRule < PasswordBaseRule
   def rule_text
     'Amplify App BasicAuthConfig Password must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/AmplifyAppOauthTokenRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class AmplifyAppOauthTokenRule < PasswordBaseRule
   def rule_text
     'Amplify App OauthToken must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/AmplifyBranchBasicAuthConfigPasswordRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class AmplifyBranchBasicAuthConfigPasswordRule < PasswordBaseRule
   def rule_text
     'Amplify Branch BasicAuthConfig Password must not be a plaintext ' \
-    'string or a Ref to a NoEcho Parameter with a Default value.' \
+    'string or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/AppStreamDirectoryConfigServiceAccountCredentialsAccountPasswordRule.rb CHANGED

@@ -6,8 +6,9 @@ require_relative 'password_base_rule'
 class AppStreamDirectoryConfigServiceAccountCredentialsAccountPasswordRule < PasswordBaseRule
   def rule_text
     'AppStream DirectoryConfig ServiceAccountCredentials AccountPassword ' \
-    'must not be a plaintext string or a Ref to a NoEcho Parameter ' \
-    'with a Default value.'
+    'must not be a plaintext string or a Ref to a Parameter ' \
+    'with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/CodePipelineWebhookAuthenticationConfigurationSecretTokenRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class CodePipelineWebhookAuthenticationConfigurationSecretTokenRule < PasswordBaseRule
   def rule_text
     'CodePipeline Webhook AuthenticationConfiguration SecretToken must not be ' \
-    'a plaintext string or a Ref to a NoEcho Parameter with a Default value.'
+    'a plaintext string or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/DMSEndpointMongoDbSettingsPasswordRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class DMSEndpointMongoDbSettingsPasswordRule < PasswordBaseRule
   def rule_text
     'DMS Endpoint MongoDbSettings Password must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/DMSEndpointPasswordRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class DMSEndpointPasswordRule < PasswordBaseRule
   def rule_text
     'DMS Endpoint password must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/DirectoryServiceMicrosoftADPasswordRule.rb CHANGED

@@ -7,7 +7,8 @@ require_relative 'password_base_rule'
 class DirectoryServiceMicrosoftADPasswordRule < PasswordBaseRule
   def rule_text
     'Directory Service Microsoft AD password must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb CHANGED

@@ -7,7 +7,8 @@ require_relative 'password_base_rule'
 class DirectoryServiceSimpleADPasswordRule < PasswordBaseRule
   def rule_text
     'DirectoryService SimpleAD password must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/DocDBDBClusterMasterUserPasswordRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class DocDBDBClusterMasterUserPasswordRule < PasswordBaseRule
   def rule_text
     'DocDB DB Cluster master user password must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesADDomainJoinPasswordRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class EMRClusterKerberosAttributesADDomainJoinPasswordRule < PasswordBaseRule
   def rule_text
     'EMR Cluster KerberosAttributes AD Domain JoinPassword must not be a ' \
-    'plaintext string or a Ref to a NoEcho Parameter with a Default value.'
+    'plaintext string or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule.rb CHANGED

@@ -6,8 +6,9 @@ require_relative 'password_base_rule'
 class EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule < PasswordBaseRule
   def rule_text
     'EMR Cluster KerberosAttributes CrossRealmTrustPrincipal Password must ' \
-    'not be a plaintext string or a Ref to a NoEcho Parameter with a ' \
-    'Default value.'
+    'not be a plaintext string or a Ref to a Parameter with a ' \
+    'Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesKdcAdminPasswordRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class EMRClusterKerberosAttributesKdcAdminPasswordRule < PasswordBaseRule
   def rule_text
     'EMR Cluster KerberosAttributes KdcAdmin Password must not be a ' \
-    'plaintext string or a Ref to a NoEcho Parameter with a Default value.'
+    'plaintext string or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAuthTokenRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class ElastiCacheReplicationGroupAuthTokenRule < PasswordBaseRule
   def rule_text
     'ElastiCache ReplicationGroup AuthToken must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/IAMUserLoginProfilePasswordRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class IAMUserLoginProfilePasswordRule < PasswordBaseRule
   def rule_text
     'IAM User LoginProfile Password must not be a plaintext string or ' \
-    'a Ref to a NoEcho Parameter with a Default value.'
+    'a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/KinesisFirehoseDeliveryStreamRedshiftDestinationConfigurationPasswordRule.rb CHANGED

@@ -6,8 +6,9 @@ require_relative 'password_base_rule'
 class KinesisFirehoseDeliveryStreamRedshiftDestinationConfigurationPasswordRule < PasswordBaseRule
   def rule_text
     'Kinesis Firehose DeliveryStream RedshiftDestinationConfiguration Password ' \
-    'must not be a plaintext string or a Ref to a NoEcho Parameter with a ' \
-    'Default value.'
+    'must not be a plaintext string or a Ref to a Parameter with a ' \
+    'Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/KinesisFirehoseDeliveryStreamSplunkDestinationConfigurationHECTokenRule.rb CHANGED

@@ -6,8 +6,9 @@ require_relative 'password_base_rule'
 class KinesisFirehoseDeliveryStreamSplunkDestinationConfigurationHECTokenRule < PasswordBaseRule
   def rule_text
     'Kinesis Firehose DeliveryStream SplunkDestinationConfiguration HECToken ' \
-    'must not be a plaintext string or a Ref to a NoEcho Parameter with a ' \
-    'Default value.'
+    'must not be a plaintext string or a Ref to a Parameter with a ' \
+    'Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/LambdaPermissionEventSourceTokenRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class LambdaPermissionEventSourceTokenRule < PasswordBaseRule
   def rule_text
     'Lambda Permission EventSourceToken must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/OpsWorksAppAppSourcePasswordRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class OpsWorksAppAppSourcePasswordRule < PasswordBaseRule
   def rule_text
     'OpsWorks App AppSource Password must not be a plaintext ' \
-    'string or a Ref to a NoEcho Parameter with a Default value.' \
+    'string or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/OpsWorksAppSslConfigurationPrivateKeyRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class OpsWorksAppSslConfigurationPrivateKeyRule < PasswordBaseRule
   def rule_text
     'OpsWorks App SslConfiguration PrivateKey must not be a plaintext ' \
-    'string or a Ref to a NoEcho Parameter with a Default value.' \
+    'string or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/OpsWorksStackCustomCookbooksSourcePasswordRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class OpsWorksStackCustomCookbooksSourcePasswordRule < PasswordBaseRule
   def rule_text
     'OpsWorks Stack CustomCookbooksSource Password must not be a plaintext ' \
-    'string or a Ref to a NoEcho Parameter with a Default value.' \
+    'string or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/OpsWorksStackRdsDbInstancesDbPasswordRule.rb CHANGED

@@ -5,8 +5,9 @@ require_relative 'sub_property_with_list_password_base_rule'
 class OpsWorksStackRdsDbInstancesDbPasswordRule < SubPropertyWithListPasswordBaseRule
   def rule_text
-    'OpsWorks Stack RDS DbInstance DbPassword must not be a plaintext ' \
-    'string or a Ref to a NoEcho Parameter with a Default value.' \
+    'OpsWorks Stack RDS DbInstance DbPassword must not be a plaintext string '\
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSChannelPrivateKeyRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSChannelPrivateKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSChannel PrivateKey must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSChannelTokenKeyRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSChannelTokenKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSChannel TokenKey must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSSandboxChannelPrivateKeyRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSSandboxChannelPrivateKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSSandboxChannel PrivateKey must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSSandboxChannelTokenKeyRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSSandboxChannelTokenKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSSandboxChannel TokenKey must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSVoipChannelPrivateKeyRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSVoipChannelPrivateKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSVoipChannel PrivateKey must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSVoipChannelTokenKeyRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSVoipChannelTokenKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSChannel TokenKey must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSVoipSandboxChannelPrivateKeyRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSVoipSandboxChannelPrivateKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSVoipSandboxChannel PrivateKey must not be a plaintext ' \
-    'string or a Ref to a NoEcho Parameter with a Default value.'
+    'string or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/PinpointAPNSVoipSandboxChannelTokenKeyRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class PinpointAPNSVoipSandboxChannelTokenKeyRule < PasswordBaseRule
   def rule_text
     'Pinpoint APNSVoipSandboxChannel TokenKey must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/RDSDBClusterMasterUserPasswordRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class RDSDBClusterMasterUserPasswordRule < PasswordBaseRule
   def rule_text
     'RDS DB Cluster master user password must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/RDSDBInstanceMasterUserPasswordRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class RDSDBInstanceMasterUserPasswordRule < PasswordBaseRule
   def rule_text
     'RDS instance master user password must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/RDSDBInstanceMasterUsernameRule.rb CHANGED

@@ -7,7 +7,8 @@ require_relative 'password_base_rule'
 class RDSDBInstanceMasterUsernameRule < PasswordBaseRule
   def rule_text
     'RDS instance master username must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager value.'
   end
   def rule_type

data/lib/cfn-nag/custom_rules/RedshiftClusterMasterUserPasswordRule.rb CHANGED

@@ -6,7 +6,8 @@ require_relative 'password_base_rule'
 class RedshiftClusterMasterUserPasswordRule < PasswordBaseRule
   def rule_text
     'Redshift Cluster master user password must not be a plaintext string ' \
-    'or a Ref to a NoEcho Parameter with a Default value.'
+    'or a Ref to a Parameter with a Default value.  ' \
+    'Can be Ref to a NoEcho Parameter without a Default, or a dynamic reference to a secretsmanager/ssm-secure value.'
   end
   def rule_type

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.6.1
 platform: ruby
 authors:
 - Eric Kascic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-05-07 00:00:00.000000000 Z
+date: 2020-05-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake