cfn-nag 0.3.58 → 0.3.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/WorkspacesWorkspaceEncryptionRule.rb +27 -0
  3. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9e54f3461ceed2d21f8640ad4266d9898fb5d07acea5c67ae2f4f5e3a60cfbab
4
- data.tar.gz: dfb1c5007382ce1959981fa75feb6c09a992e4e62f409e5e84daeebec2e7c3c1
3
+ metadata.gz: 5e3ab3f6d8d4ddb702efc139f20ae9eb6384173b700f325b85dc4737d97317b2
4
+ data.tar.gz: 3a24984e9d46ce1d96eabbbe642160c87acc78d05e0e13d08d6616757a086d9d
5
5
  SHA512:
6
- metadata.gz: c6e2a6c76aacd134e5fef1d80a72eed79d82deb9f6de9ad265092f029e017c8570f272f7610eccc75263dddff0281b336b5fddc9c8111b4e7969cfa2c50e4a64
7
- data.tar.gz: 87100bcf855b3e96e0b3925f9a814385825085441d40ebabc6630b631f858f5d719c26ea50b21071a6c9566d9d34bfaab5642f844760e889a9e7821259775baf
6
+ metadata.gz: 2d74fe99000484b05d0ada5a3aebf68857bc7d58a735e19b2f0eb871b3a307df101eec92304d8bd2143ffdde44d495acc79292df38f9bedeec3282839e249c8a
7
+ data.tar.gz: a905b3a2de76264e2d08113bfa453ed0d846bbee9325da74d3232244bc7bf5a48550203b4ee20971583336bcd63ea0d35c3a50339b4e8950fb406b9e84a7587c
data/lib/cfn-nag/custom_rules/WorkspacesWorkspaceEncryptionRule.rb ADDED
@@ -0,0 +1,27 @@
1
+ require 'cfn-nag/violation'
2
+ require_relative 'base'
3
+
4
+ class WorkspacesWorkspaceEncryptionRule < BaseRule
5
+ def rule_text
6
+ 'Workspace should have encryption enabled'
7
+ end
8
+
9
+ def rule_type
10
+ Violation::FAILING_VIOLATION
11
+ end
12
+
13
+ def rule_id
14
+ 'F29'
15
+ end
16
+
17
+ def audit_impl(cfn_model)
18
+ resources = cfn_model.resources_by_type('AWS::WorkSpaces::Workspace')
19
+
20
+ violating_workspaces = resources.select do |workspace|
21
+ workspace.userVolumeEncryptionEnabled.nil? ||
22
+ workspace.userVolumeEncryptionEnabled.to_s.casecmp('false').zero?
23
+ end
24
+
25
+ violating_workspaces.map(&:logical_resource_id)
26
+ end
27
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.58
4
+ version: 0.3.59
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -188,6 +188,7 @@ files:
188
188
  - lib/cfn-nag/custom_rules/UserHasInlinePolicyRule.rb
189
189
  - lib/cfn-nag/custom_rules/UserMissingGroupRule.rb
190
190
  - lib/cfn-nag/custom_rules/WafWebAclDefaultActionRule.rb
191
+ - lib/cfn-nag/custom_rules/WorkspacesWorkspaceEncryptionRule.rb
191
192
  - lib/cfn-nag/custom_rules/base.rb
192
193
  - lib/cfn-nag/custom_rules/ebs_volumes_jmespath.rb
193
194
  - lib/cfn-nag/custom_rules/unencrypted_s3_put_allowed.rb