cfn-nag 0.3.83 → 0.3.84
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cfn-nag/custom_rules/ResourceWithExplicitNameRule.rb +60 -0
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c33a8491cb7b894b90e448cca20e52df0618e8ba032cfd9e9b292ae356bb9f05
|
4
|
+
data.tar.gz: b77cf4ffc9fe149b6db4eb1b61560d967c7d21b32060d9fdf5044880ba8dc149
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1a247df6f2e830516644ba5d288d65457ac60baf213ff0cab4e9affed7c3a795f4ba52a6c77b6bb323372f2578f95c55e47ec518cb16e5a88296a843e8422335
|
7
|
+
data.tar.gz: 350713a1fb6bada81699cba627e1ef9f22b5d050b88f9c77dbd2699c9b389eea54a3ceb37ea19e0bf6c398f1fe001677d25458779a301d4e46d2bf81f0c602c4
|
@@ -0,0 +1,60 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'cfn-nag/violation'
|
4
|
+
require_relative 'base'
|
5
|
+
|
6
|
+
class ResourceWithExplicitNameRule < BaseRule
|
7
|
+
# The values of this hash are camel-cased, due to cfn-model returning
|
8
|
+
# camel cased values. E.g. GroupName in CloudFormation is returned by
|
9
|
+
# cfn-model as groupName, RoleName is returned as roleName, etc.
|
10
|
+
RESOURCE_NAME_MAPPING = {
|
11
|
+
'AWS::ApiGateway::ApiKey' => 'name',
|
12
|
+
'AWS::CloudWatch::Alarm' => 'alarmName',
|
13
|
+
'AWS::CodeDeploy::DeploymentConfig' => 'deploymentConfigName',
|
14
|
+
'AWS::CodeDeploy::DeploymentGroup' => 'deploymentGroupName',
|
15
|
+
'AWS::DynamoDB::Table' => 'tableName',
|
16
|
+
'AWS::EC2::SecurityGroup' => 'groupName',
|
17
|
+
'AWS::ECR::Repository' => 'repositoryName',
|
18
|
+
'AWS::ElasticLoadBalancingV2::LoadBalancer' => 'name',
|
19
|
+
'AWS::Elasticsearch::Domain' => 'domainName',
|
20
|
+
'AWS::IAM::Group' => 'groupName',
|
21
|
+
'AWS::IAM::ManagedPolicy' => 'managedPolicyName',
|
22
|
+
'AWS::IAM::Role' => 'roleName',
|
23
|
+
'AWS::Kinesis::Stream' => 'name',
|
24
|
+
'AWS::RDS::DBInstance' => 'dBInstanceIdentifier'
|
25
|
+
}.freeze
|
26
|
+
|
27
|
+
def rule_text
|
28
|
+
'Resource found with an explicit name, this disallows updates that ' \
|
29
|
+
'require replacement of this resource'
|
30
|
+
end
|
31
|
+
|
32
|
+
def rule_type
|
33
|
+
Violation::WARNING
|
34
|
+
end
|
35
|
+
|
36
|
+
def rule_id
|
37
|
+
'W28'
|
38
|
+
end
|
39
|
+
|
40
|
+
def audit_impl(cfn_model)
|
41
|
+
violating_resources = []
|
42
|
+
|
43
|
+
RESOURCE_NAME_MAPPING.each do |cfn_resource, key_name|
|
44
|
+
resources = cfn_model.resources_by_type(cfn_resource)
|
45
|
+
.select do |resource|
|
46
|
+
explicitly_set_resource_name?(resource, key_name)
|
47
|
+
end
|
48
|
+
|
49
|
+
violating_resources << resources.map(&:logical_resource_id)
|
50
|
+
end
|
51
|
+
|
52
|
+
violating_resources.flatten
|
53
|
+
end
|
54
|
+
|
55
|
+
private
|
56
|
+
|
57
|
+
def explicitly_set_resource_name?(resource, key_name)
|
58
|
+
!resource.send(key_name).nil?
|
59
|
+
end
|
60
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.84
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
@@ -174,6 +174,7 @@ files:
|
|
174
174
|
- lib/cfn-nag/custom_rules/RDSInstanceMasterUsernameRule.rb
|
175
175
|
- lib/cfn-nag/custom_rules/RDSInstancePubliclyAccessibleRule.rb
|
176
176
|
- lib/cfn-nag/custom_rules/RedshiftClusterEncryptedRule.rb
|
177
|
+
- lib/cfn-nag/custom_rules/ResourceWithExplicitNameRule.rb
|
177
178
|
- lib/cfn-nag/custom_rules/S3BucketPolicyNotActionRule.rb
|
178
179
|
- lib/cfn-nag/custom_rules/S3BucketPolicyNotPrincipalRule.rb
|
179
180
|
- lib/cfn-nag/custom_rules/S3BucketPolicyWildcardActionRule.rb
|