cfn-nag 0.4.69 → 0.4.70

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b82485e14e76a4a11526a38def11fa31ab9aefa0a2af63bca6e2b856783d6820
-  data.tar.gz: e4340288aea5019332ade98880939f8e797fdd9f04e13f6618d5f2a53d7bfac7
+  metadata.gz: b5f716aaaa7aa9cf67851bc4e5b617779a57f2efa7f36cc0a2a7afafa9614917
+  data.tar.gz: 332173d8f2a259b4e3192b429789abff67d96b22e3dea0e4677452b47146b49a
 SHA512:
-  metadata.gz: f690578bce184b9b10bfca8f259ad2a8222408c8d618426af73c6be6f75d3c28ae04561a9dac36c7f8151617f8624a8c2f4c7b200a69982aa69df49ae3a0cc52
-  data.tar.gz: 47d66afbe48347ddaf3d6a770f0e3ae7f96841960741d72f193f12d7c4532060fbedf2569d19e3814641c0dce67fecd37f2f717997f8c9bc4d6bf7a58f24203b
+  metadata.gz: 6cf097e08a2bf950ad1bc8be489de3bb36fbe8013b474096b040ca33dfd8d5dad151a1fa64546f5d42e992fed163b41189b0a0099689322120cb9f091fe5d7d0
+  data.tar.gz: 1e71cf559c01a9b9e1bdb5d86a629a38da31b6a39c5fe1c2b7323bc45c874a355fdaa2e33e41477b60ff96823dce246b15aedd38cd6298357e55d68de2ceddbd

data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesADDomainJoinPasswordRule.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'cfn-nag/violation'
+require_relative 'password_base_rule'
+
+class EMRClusterKerberosAttributesADDomainJoinPasswordRule < PasswordBaseRule
+  def rule_text
+    'EMR Cluster KerberosAttributes AD Domain JoinPassword must not be a ' \
+    'plaintext string or a Ref to a NoEcho Parameter with a Default value.'
+  end
+
+  def rule_type
+    Violation::FAILING_VIOLATION
+  end
+
+  def rule_id
+    'F63'
+  end
+
+  def resource_type
+    'AWS::EMR::Cluster'
+  end
+
+  def password_property
+    :kerberosAttributes
+  end
+
+  def sub_property_name
+    'ADDomainJoinPassword'
+  end
+end

data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'cfn-nag/violation'
+require_relative 'password_base_rule'
+
+class EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule < PasswordBaseRule
+  def rule_text
+    'EMR Cluster KerberosAttributes CrossRealmTrustPrincipal Password must ' \
+    'not be a plaintext string or a Ref to a NoEcho Parameter with a ' \
+    'Default value.'
+  end
+
+  def rule_type
+    Violation::FAILING_VIOLATION
+  end
+
+  def rule_id
+    'F64'
+  end
+
+  def resource_type
+    'AWS::EMR::Cluster'
+  end
+
+  def password_property
+    :kerberosAttributes
+  end
+
+  def sub_property_name
+    'CrossRealmTrustPrincipalPassword'
+  end
+end

data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesKdcAdminPasswordRule.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'cfn-nag/violation'
+require_relative 'password_base_rule'
+
+class EMRClusterKerberosAttributesKdcAdminPasswordRule < PasswordBaseRule
+  def rule_text
+    'EMR Cluster KerberosAttributes KdcAdmin Password must not be a ' \
+    'plaintext string or a Ref to a NoEcho Parameter with a Default value.'
+  end
+
+  def rule_type
+    Violation::FAILING_VIOLATION
+  end
+
+  def rule_id
+    'F65'
+  end
+
+  def resource_type
+    'AWS::EMR::Cluster'
+  end
+
+  def password_property
+    :kerberosAttributes
+  end
+
+  def sub_property_name
+    'KdcAdminPassword'
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.4.69
+  version: 0.4.70
 platform: ruby
 authors:
 - Eric Kascic
@@ -177,6 +177,9 @@ files:
 - lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb
 - lib/cfn-nag/custom_rules/EC2SubnetMapPublicIpOnLaunchRule.rb
 - lib/cfn-nag/custom_rules/EFSFileSystemEncryptedRule.rb
+- lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesADDomainJoinPasswordRule.rb
+- lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule.rb
+- lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesKdcAdminPasswordRule.rb
 - lib/cfn-nag/custom_rules/EbsVolumeEncryptionKeyRule.rb
 - lib/cfn-nag/custom_rules/EbsVolumeHasSseRule.rb
 - lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb