cfn-nag 0.4.5 → 0.4.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/KMSKeyRotationRule.rb +33 -0
  3. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7105f8495c911cbe7befd2ba0f20cb96793e4b6c94d774cd40cf995e37805246
4
- data.tar.gz: 00146764463a90336ecec4f85f32661e9fc2feb79bed0cde2f364b82db533bf3
3
+ metadata.gz: 53595848737f90f16dea26451b7ebbec8741a792cbdbe5285439fb58c9905b69
4
+ data.tar.gz: 16e266aed6651995618a7ddef95a7eec95c308b77f5023efdac3c2da2b78df9f
5
5
  SHA512:
6
- metadata.gz: 4b90967685ccbf606375450d20ceda73964077f1289477aa8067bb0a981fd78bb2d73751445ce96401110a6958a06cc033db051d7542e4881472bd7f2fbfe751
7
- data.tar.gz: 7d7aa38c54ac807d188a3b201ab2638173a8085c10183d631dfd9c1bfc7771ccbead8225c25392d71a18284946fbf1e0fd6f0414bc65cca48bbb1f62c0aca677
6
+ metadata.gz: 4987c8ee82f565765e6c6847f9561e424958e6dc6ce633178cbfa677c1b7e54479f18c4369753c11f41fa87ccd451cb4d522198df855451f179a09dd59623498
7
+ data.tar.gz: '079273f3a93fc47b86b796fafed1d7b9052abeada2acaeee2804d17ac1cbb45b98c360fa02e57e6297f68d36bec5ab25092ecefeda9b724ee1598e6a6aabfe25'
data/lib/cfn-nag/custom_rules/KMSKeyRotationRule.rb ADDED
@@ -0,0 +1,33 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'base'
5
+
6
+ class KMSKeyRotationRule < BaseRule
7
+ def rule_text
8
+ 'EnableKeyRotation should not be false or absent on KMS::Key resource'
9
+ end
10
+
11
+ def rule_type
12
+ Violation::FAILING_VIOLATION
13
+ end
14
+
15
+ def rule_id
16
+ 'F19'
17
+ end
18
+
19
+ def audit_impl(cfn_model)
20
+ violating_keys = cfn_model.resources_by_type('AWS::KMS::Key')
21
+ .select do |key|
22
+ key_rotation_false_or_absent?(key)
23
+ end
24
+
25
+ violating_keys.map(&:logical_resource_id)
26
+ end
27
+
28
+ private
29
+
30
+ def key_rotation_false_or_absent?(resource)
31
+ resource.enableKeyRotation.! || resource.enableKeyRotation.nil?
32
+ end
33
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.5
4
+ version: 0.4.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-05-30 00:00:00.000000000 Z
11
+ date: 2019-05-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec
@@ -179,6 +179,7 @@ files:
179
179
  - lib/cfn-nag/custom_rules/IamRoleWildcardActionOnPermissionsPolicyRule.rb
180
180
  - lib/cfn-nag/custom_rules/IamRoleWildcardActionOnTrustPolicyRule.rb
181
181
  - lib/cfn-nag/custom_rules/IamRoleWildcardResourceOnPermissionsPolicyRule.rb
182
+ - lib/cfn-nag/custom_rules/KMSKeyRotationRule.rb
182
183
  - lib/cfn-nag/custom_rules/LambdaPermissionInvokeFunctionActionRule.rb
183
184
  - lib/cfn-nag/custom_rules/LambdaPermissionWildcardPrincipalRule.rb
184
185
  - lib/cfn-nag/custom_rules/ManagedPolicyOnUserRule.rb