cfn-nag 0.3.83 → 0.3.84

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d8d3b970a7aeeb42d037205cd1f44c7c327d15fbac6551c96f312cde588ddb00
4
- data.tar.gz: bf67abaf6433d2b69e658bd86b9a58d3bc973a6cc33ca2189d764ac1c75a608a
3
+ metadata.gz: c33a8491cb7b894b90e448cca20e52df0618e8ba032cfd9e9b292ae356bb9f05
4
+ data.tar.gz: b77cf4ffc9fe149b6db4eb1b61560d967c7d21b32060d9fdf5044880ba8dc149
5
5
  SHA512:
6
- metadata.gz: c9dd9cebb3ea1617b5f947b43729201fb76439fac31edf42ded0b8fd9c3796153d01d706c5560bebc50ca1166967e9678ca0b8f5e2d6cea8ff9a037f0d366bf9
7
- data.tar.gz: 1eec841711c4237ff3f456e7cc7491e3dc6304fa1f9a057222a30d8fb2efb6ce083b6d2a813c5121601638ccb22dfcca2c4710eb969fd465e25166d2675f8264
6
+ metadata.gz: 1a247df6f2e830516644ba5d288d65457ac60baf213ff0cab4e9affed7c3a795f4ba52a6c77b6bb323372f2578f95c55e47ec518cb16e5a88296a843e8422335
7
+ data.tar.gz: 350713a1fb6bada81699cba627e1ef9f22b5d050b88f9c77dbd2699c9b389eea54a3ceb37ea19e0bf6c398f1fe001677d25458779a301d4e46d2bf81f0c602c4
@@ -0,0 +1,60 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'base'
5
+
6
+ class ResourceWithExplicitNameRule < BaseRule
7
+ # The values of this hash are camel-cased, due to cfn-model returning
8
+ # camel cased values. E.g. GroupName in CloudFormation is returned by
9
+ # cfn-model as groupName, RoleName is returned as roleName, etc.
10
+ RESOURCE_NAME_MAPPING = {
11
+ 'AWS::ApiGateway::ApiKey' => 'name',
12
+ 'AWS::CloudWatch::Alarm' => 'alarmName',
13
+ 'AWS::CodeDeploy::DeploymentConfig' => 'deploymentConfigName',
14
+ 'AWS::CodeDeploy::DeploymentGroup' => 'deploymentGroupName',
15
+ 'AWS::DynamoDB::Table' => 'tableName',
16
+ 'AWS::EC2::SecurityGroup' => 'groupName',
17
+ 'AWS::ECR::Repository' => 'repositoryName',
18
+ 'AWS::ElasticLoadBalancingV2::LoadBalancer' => 'name',
19
+ 'AWS::Elasticsearch::Domain' => 'domainName',
20
+ 'AWS::IAM::Group' => 'groupName',
21
+ 'AWS::IAM::ManagedPolicy' => 'managedPolicyName',
22
+ 'AWS::IAM::Role' => 'roleName',
23
+ 'AWS::Kinesis::Stream' => 'name',
24
+ 'AWS::RDS::DBInstance' => 'dBInstanceIdentifier'
25
+ }.freeze
26
+
27
+ def rule_text
28
+ 'Resource found with an explicit name, this disallows updates that ' \
29
+ 'require replacement of this resource'
30
+ end
31
+
32
+ def rule_type
33
+ Violation::WARNING
34
+ end
35
+
36
+ def rule_id
37
+ 'W28'
38
+ end
39
+
40
+ def audit_impl(cfn_model)
41
+ violating_resources = []
42
+
43
+ RESOURCE_NAME_MAPPING.each do |cfn_resource, key_name|
44
+ resources = cfn_model.resources_by_type(cfn_resource)
45
+ .select do |resource|
46
+ explicitly_set_resource_name?(resource, key_name)
47
+ end
48
+
49
+ violating_resources << resources.map(&:logical_resource_id)
50
+ end
51
+
52
+ violating_resources.flatten
53
+ end
54
+
55
+ private
56
+
57
+ def explicitly_set_resource_name?(resource, key_name)
58
+ !resource.send(key_name).nil?
59
+ end
60
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.83
4
+ version: 0.3.84
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -174,6 +174,7 @@ files:
174
174
  - lib/cfn-nag/custom_rules/RDSInstanceMasterUsernameRule.rb
175
175
  - lib/cfn-nag/custom_rules/RDSInstancePubliclyAccessibleRule.rb
176
176
  - lib/cfn-nag/custom_rules/RedshiftClusterEncryptedRule.rb
177
+ - lib/cfn-nag/custom_rules/ResourceWithExplicitNameRule.rb
177
178
  - lib/cfn-nag/custom_rules/S3BucketPolicyNotActionRule.rb
178
179
  - lib/cfn-nag/custom_rules/S3BucketPolicyNotPrincipalRule.rb
179
180
  - lib/cfn-nag/custom_rules/S3BucketPolicyWildcardActionRule.rb