cfn-nag 0.4.32 → 0.4.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/EbsVolumeEncryptionKeyRule.rb +27 -0
  3. data/lib/cfn-nag/custom_rules/EbsVolumeHasSseRule.rb +10 -11
  4. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e0a6819df2c336e0bb1ef07b208904b86f57a2196662d3d19400af8f1a3e6685
4
- data.tar.gz: 6aaf41ba6de74d2e23e4be417f1921e642bb541b86394906c1e6bc3704e0901f
3
+ metadata.gz: 1ec5b3cfc2ced9f607e73fbed7b089eea84557790e9437fd561f45f0e6c4b9ab
4
+ data.tar.gz: 36dc09072565257d707f06a1b90372a32cb50250a2e0eb1771696ac1e86b2a42
5
5
  SHA512:
6
- metadata.gz: f51b67dc85200d5d349ac0bbbd26585a1956dddb23dba4b1c210f8527b74050b4e3bc1f17a6a975b192945836165714c20ab4e5e8d605e75c6f3d74821fe293c
7
- data.tar.gz: f74dd428e534d1df734f7bb13e087a67c30af46d5b7e755ebc056e9dac3ec99bc551fc84aa791d6f31b0b203894deeeb4ede05a5a4bfca32b59e0ea38f5f7457
6
+ metadata.gz: a55bce3659d9275f43acfa7be9972da439d8f3a334d3154ab72a841694a91663143f04a28a154fc5709a0c66159ad60c5f1c59443d927b0819d21d0ab451f216
7
+ data.tar.gz: 56589b4434346cb1ba5428c0e3bad1f1a15a41bf96d4024f990f8d67ab1a7ec04708e00f6dc958ea606b11b048677fcc3b8992944bfeff96534ab0737513f729
data/lib/cfn-nag/custom_rules/EbsVolumeEncryptionKeyRule.rb ADDED
@@ -0,0 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'base'
5
+
6
+ class EbsVolumeEncryptionKeyRule < BaseRule
7
+ def rule_text
8
+ 'EBS Volume should specify a KmsKeyId value'
9
+ end
10
+
11
+ def rule_type
12
+ Violation::WARNING
13
+ end
14
+
15
+ def rule_id
16
+ 'W37'
17
+ end
18
+
19
+ def audit_impl(cfn_model)
20
+ violating_volumes = cfn_model.resources_by_type('AWS::EC2::Volume')
21
+ .select do |volume|
22
+ volume.kmsKeyId.nil? || volume.kmsKeyId == { 'Ref' => 'AWS::NoValue' }
23
+ end
24
+
25
+ violating_volumes.map(&:logical_resource_id)
26
+ end
27
+ end
data/lib/cfn-nag/custom_rules/EbsVolumeHasSseRule.rb CHANGED
@@ -1,13 +1,21 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'cfn-nag/violation'
4
- require_relative 'base'
4
+ require_relative 'boolean_base_rule'
5
5
 
6
- class EbsVolumeHasSseRule < BaseRule
6
+ class EbsVolumeHasSseRule < BooleanBaseRule
7
7
  def rule_text
8
8
  'EBS volume should have server-side encryption enabled'
9
9
  end
10
10
 
11
+ def resource_type
12
+ 'AWS::EC2::Volume'
13
+ end
14
+
15
+ def boolean_property
16
+ :encrypted
17
+ end
18
+
11
19
  def rule_type
12
20
  Violation::FAILING_VIOLATION
13
21
  end
@@ -15,13 +23,4 @@ class EbsVolumeHasSseRule < BaseRule
15
23
  def rule_id
16
24
  'F1'
17
25
  end
18
-
19
- def audit_impl(cfn_model)
20
- violating_volumes = cfn_model.resources_by_type('AWS::EC2::Volume')
21
- .select do |volume|
22
- volume.encrypted.nil? || volume.encrypted.to_s.casecmp('false').zero?
23
- end
24
-
25
- violating_volumes.map(&:logical_resource_id)
26
- end
27
26
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.32
4
+ version: 0.4.33
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -180,6 +180,7 @@ files:
180
180
  - lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb
181
181
  - lib/cfn-nag/custom_rules/EC2SubnetMapPublicIpOnLaunchRule.rb
182
182
  - lib/cfn-nag/custom_rules/EFSFileSystemEncryptedRule.rb
183
+ - lib/cfn-nag/custom_rules/EbsVolumeEncryptionKeyRule.rb
183
184
  - lib/cfn-nag/custom_rules/EbsVolumeHasSseRule.rb
184
185
  - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb
185
186
  - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupTransitEncryptionRule.rb