cfn-nag 0.4.5 → 0.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/cfn-nag/custom_rules/KMSKeyRotationRule.rb +33 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 53595848737f90f16dea26451b7ebbec8741a792cbdbe5285439fb58c9905b69
|
|
4
|
+
data.tar.gz: 16e266aed6651995618a7ddef95a7eec95c308b77f5023efdac3c2da2b78df9f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4987c8ee82f565765e6c6847f9561e424958e6dc6ce633178cbfa677c1b7e54479f18c4369753c11f41fa87ccd451cb4d522198df855451f179a09dd59623498
|
|
7
|
+
data.tar.gz: '079273f3a93fc47b86b796fafed1d7b9052abeada2acaeee2804d17ac1cbb45b98c360fa02e57e6297f68d36bec5ab25092ecefeda9b724ee1598e6a6aabfe25'
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'cfn-nag/violation'
|
|
4
|
+
require_relative 'base'
|
|
5
|
+
|
|
6
|
+
class KMSKeyRotationRule < BaseRule
|
|
7
|
+
def rule_text
|
|
8
|
+
'EnableKeyRotation should not be false or absent on KMS::Key resource'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def rule_type
|
|
12
|
+
Violation::FAILING_VIOLATION
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def rule_id
|
|
16
|
+
'F19'
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def audit_impl(cfn_model)
|
|
20
|
+
violating_keys = cfn_model.resources_by_type('AWS::KMS::Key')
|
|
21
|
+
.select do |key|
|
|
22
|
+
key_rotation_false_or_absent?(key)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
violating_keys.map(&:logical_resource_id)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
private
|
|
29
|
+
|
|
30
|
+
def key_rotation_false_or_absent?(resource)
|
|
31
|
+
resource.enableKeyRotation.! || resource.enableKeyRotation.nil?
|
|
32
|
+
end
|
|
33
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-nag
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Kascic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-05-
|
|
11
|
+
date: 2019-05-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -179,6 +179,7 @@ files:
|
|
|
179
179
|
- lib/cfn-nag/custom_rules/IamRoleWildcardActionOnPermissionsPolicyRule.rb
|
|
180
180
|
- lib/cfn-nag/custom_rules/IamRoleWildcardActionOnTrustPolicyRule.rb
|
|
181
181
|
- lib/cfn-nag/custom_rules/IamRoleWildcardResourceOnPermissionsPolicyRule.rb
|
|
182
|
+
- lib/cfn-nag/custom_rules/KMSKeyRotationRule.rb
|
|
182
183
|
- lib/cfn-nag/custom_rules/LambdaPermissionInvokeFunctionActionRule.rb
|
|
183
184
|
- lib/cfn-nag/custom_rules/LambdaPermissionWildcardPrincipalRule.rb
|
|
184
185
|
- lib/cfn-nag/custom_rules/ManagedPolicyOnUserRule.rb
|