cfn-nag 0.4.69 → 0.4.70
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesADDomainJoinPasswordRule.rb +31 -0
- data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule.rb +32 -0
- data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesKdcAdminPasswordRule.rb +31 -0
- metadata +4 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b5f716aaaa7aa9cf67851bc4e5b617779a57f2efa7f36cc0a2a7afafa9614917
|
4
|
+
data.tar.gz: 332173d8f2a259b4e3192b429789abff67d96b22e3dea0e4677452b47146b49a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6cf097e08a2bf950ad1bc8be489de3bb36fbe8013b474096b040ca33dfd8d5dad151a1fa64546f5d42e992fed163b41189b0a0099689322120cb9f091fe5d7d0
|
7
|
+
data.tar.gz: 1e71cf559c01a9b9e1bdb5d86a629a38da31b6a39c5fe1c2b7323bc45c874a355fdaa2e33e41477b60ff96823dce246b15aedd38cd6298357e55d68de2ceddbd
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'cfn-nag/violation'
|
4
|
+
require_relative 'password_base_rule'
|
5
|
+
|
6
|
+
class EMRClusterKerberosAttributesADDomainJoinPasswordRule < PasswordBaseRule
|
7
|
+
def rule_text
|
8
|
+
'EMR Cluster KerberosAttributes AD Domain JoinPassword must not be a ' \
|
9
|
+
'plaintext string or a Ref to a NoEcho Parameter with a Default value.'
|
10
|
+
end
|
11
|
+
|
12
|
+
def rule_type
|
13
|
+
Violation::FAILING_VIOLATION
|
14
|
+
end
|
15
|
+
|
16
|
+
def rule_id
|
17
|
+
'F63'
|
18
|
+
end
|
19
|
+
|
20
|
+
def resource_type
|
21
|
+
'AWS::EMR::Cluster'
|
22
|
+
end
|
23
|
+
|
24
|
+
def password_property
|
25
|
+
:kerberosAttributes
|
26
|
+
end
|
27
|
+
|
28
|
+
def sub_property_name
|
29
|
+
'ADDomainJoinPassword'
|
30
|
+
end
|
31
|
+
end
|
data/lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule.rb
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'cfn-nag/violation'
|
4
|
+
require_relative 'password_base_rule'
|
5
|
+
|
6
|
+
class EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule < PasswordBaseRule
|
7
|
+
def rule_text
|
8
|
+
'EMR Cluster KerberosAttributes CrossRealmTrustPrincipal Password must ' \
|
9
|
+
'not be a plaintext string or a Ref to a NoEcho Parameter with a ' \
|
10
|
+
'Default value.'
|
11
|
+
end
|
12
|
+
|
13
|
+
def rule_type
|
14
|
+
Violation::FAILING_VIOLATION
|
15
|
+
end
|
16
|
+
|
17
|
+
def rule_id
|
18
|
+
'F64'
|
19
|
+
end
|
20
|
+
|
21
|
+
def resource_type
|
22
|
+
'AWS::EMR::Cluster'
|
23
|
+
end
|
24
|
+
|
25
|
+
def password_property
|
26
|
+
:kerberosAttributes
|
27
|
+
end
|
28
|
+
|
29
|
+
def sub_property_name
|
30
|
+
'CrossRealmTrustPrincipalPassword'
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'cfn-nag/violation'
|
4
|
+
require_relative 'password_base_rule'
|
5
|
+
|
6
|
+
class EMRClusterKerberosAttributesKdcAdminPasswordRule < PasswordBaseRule
|
7
|
+
def rule_text
|
8
|
+
'EMR Cluster KerberosAttributes KdcAdmin Password must not be a ' \
|
9
|
+
'plaintext string or a Ref to a NoEcho Parameter with a Default value.'
|
10
|
+
end
|
11
|
+
|
12
|
+
def rule_type
|
13
|
+
Violation::FAILING_VIOLATION
|
14
|
+
end
|
15
|
+
|
16
|
+
def rule_id
|
17
|
+
'F65'
|
18
|
+
end
|
19
|
+
|
20
|
+
def resource_type
|
21
|
+
'AWS::EMR::Cluster'
|
22
|
+
end
|
23
|
+
|
24
|
+
def password_property
|
25
|
+
:kerberosAttributes
|
26
|
+
end
|
27
|
+
|
28
|
+
def sub_property_name
|
29
|
+
'KdcAdminPassword'
|
30
|
+
end
|
31
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-nag
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.70
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Kascic
|
@@ -177,6 +177,9 @@ files:
|
|
177
177
|
- lib/cfn-nag/custom_rules/DirectoryServiceSimpleADPasswordRule.rb
|
178
178
|
- lib/cfn-nag/custom_rules/EC2SubnetMapPublicIpOnLaunchRule.rb
|
179
179
|
- lib/cfn-nag/custom_rules/EFSFileSystemEncryptedRule.rb
|
180
|
+
- lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesADDomainJoinPasswordRule.rb
|
181
|
+
- lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule.rb
|
182
|
+
- lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesKdcAdminPasswordRule.rb
|
180
183
|
- lib/cfn-nag/custom_rules/EbsVolumeEncryptionKeyRule.rb
|
181
184
|
- lib/cfn-nag/custom_rules/EbsVolumeHasSseRule.rb
|
182
185
|
- lib/cfn-nag/custom_rules/ElastiCacheReplicationGroupAtRestEncryptionRule.rb
|