RubyGems - cfn-nag - Versions diffs - 0.3.74 → 0.3.75 - Mend

cfn-nag 0.3.74 → 0.3.75

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/cfn-nag/custom_rules/NeptuneDBClusterStorageEncryptedRule.rb +29 -0
metadata +2 -1

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: df7c2cd400873808f2c86c468bf2b8fe254b4f818629ca85cae8d4249e61e91b
-  data.tar.gz: b07f2ab8db5b52656283fb72ed7660abb8d9461323230fca262434e0d9e1f8b6
+  metadata.gz: a997e0cc21319cddd3fabe1e7c24a628dd9bfc2337684045e9c965ff117415f1
+  data.tar.gz: 13affc144a0fe1d2540f53c16eb9c1faf255527a5f066eb868aa843bf2465184
 SHA512:
-  metadata.gz: ad73aa5062aee010cf3a3ebdee335ec54e7e13f1dd366f003d7c9b613c0c91868f65508c8e6e68d883fa2dba5954c08576c1365840612b99214dda3f81655940
-  data.tar.gz: 5c72467fe9904e35a3871186b1217890c8662010795d47d950e2980674ce53e7967f4d94b63b515067df7bba7e3f7b4c7b18f909a8ef9afa6ecc99f94423ddf0
+  metadata.gz: 24ddafc6dbbf7042b7f3c1e996c0f15e1c17d4ee9cd0a6de50d58e5fa59d6f1b5a313147740e2fb70a055690d40a133f4eb049d158222b3b0d36c114a5c5e8c6
+  data.tar.gz: b915a8b628a535107ee052b3c0bb13b95a7822c06631487874d8a71fa7ad69c04751d9df0e6fd98b06dae1b89db032f2a868337102a48464b65e5d47c9a9e147

data/lib/cfn-nag/custom_rules/NeptuneDBClusterStorageEncryptedRule.rb ADDED

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+require 'cfn-nag/violation'
+require_relative 'base'
+class NeptuneDBClusterStorageEncryptedRule < BaseRule
+  def rule_text
+    'Neptune database cluster storage should have encryption enabled'
+  end
+  def rule_type
+    Violation::FAILING_VIOLATION
+  end
+  def rule_id
+    'F30'
+  end
+  def audit_impl(cfn_model)
+    resources = cfn_model.resources_by_type('AWS::Neptune::DBCluster')
+    violating_storage = resources.select do |filesystem|
+      filesystem.storageEncrypted.nil? ||
+        filesystem.storageEncrypted.to_s.casecmp('false').zero?
+    end
+    violating_storage.map(&:logical_resource_id)
+  end
+end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.3.74
+  version: 0.3.75
 platform: ruby
 authors:
 - Eric Kascic
@@ -164,6 +164,7 @@ files:
 - lib/cfn-nag/custom_rules/LambdaPermissionInvokeFunctionActionRule.rb
 - lib/cfn-nag/custom_rules/LambdaPermissionWildcardPrincipalRule.rb
 - lib/cfn-nag/custom_rules/ManagedPolicyOnUserRule.rb
+- lib/cfn-nag/custom_rules/NeptuneDBClusterStorageEncryptedRule.rb
 - lib/cfn-nag/custom_rules/PolicyOnUserRule.rb
 - lib/cfn-nag/custom_rules/RDSDBClusterStorageEncryptedRule.rb
 - lib/cfn-nag/custom_rules/RDSDBInstanceStorageEncryptedRule.rb