RubyGems - cfn-nag - Versions diffs - 0.5.53 → 0.5.54 - Mend

cfn-nag 0.5.53 → 0.5.54

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb +28 -10
metadata +1 -1

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ac1bdca59f3a327ab7ae81c32a49c552f39dc73b35336482e59a402de8028fd7
-  data.tar.gz: d6ca34d13ad4f7fb051ef361696c243a7276fca82101c8e8fdeffee0d161085b
+  metadata.gz: 8232b564687290f3dd3b3e1c269ab6c1dbcd69ed7c63239dcf85f91afc4c687b
+  data.tar.gz: 705772c9cabfb4f41332ea8cb0b4d21b46b5a8ef3bcb6789f7f9f77decb1bdf9
 SHA512:
-  metadata.gz: 0073ae1c50938347a514300cf3bff5dd989437ae735832e23a9c0d6aff7b38c5aa9426a5bad88875d97eb83a37667b267e3d7e0a2e4e053d53313e933c480ff2
-  data.tar.gz: ca82e692882a48e14e50e9d17bc789f362e30608c7226304619486c4d35ec22e67ccd7eaa00d014bacf884a42a1edb566453a048425398521447770f5fa77044
+  metadata.gz: e56d4d946f611a683a9b4f87954eaf8f65ad7dc904cf1c151f7d5f318ca9951a21daf4bcf6c933b010cd10291028e2657f782d75db5b54df519f89f92f9d008f
+  data.tar.gz: e18d8150848d43a2e7fb2ac5c0c5f79dde276b6c528b0218fe19cf07d596dbc3ae0f0e18561f4f4c517e3c069c1858926c922d661d9c31250acc503451e32c5e

data/lib/cfn-nag/custom_rules/RDSInstanceDeletionProtectionRule.rb CHANGED

@@ -1,21 +1,14 @@
 # frozen_string_literal: true
+require_relative 'base'
+require 'cfn-nag/util/truthy.rb'
 require 'cfn-nag/violation'
-require_relative 'boolean_base_rule'
-class RDSInstanceDeletionProtectionRule < BooleanBaseRule
+class RDSInstanceDeletionProtectionRule < BaseRule
   def rule_text
     'RDS instance should have deletion protection enabled'
   end
-  def resource_type
-    'AWS::RDS::DBInstance'
-  end
-  def boolean_property
-    :deletionProtection
-  end
   def rule_type
     Violation::FAILING_VIOLATION
   end
@@ -23,4 +16,29 @@ class RDSInstanceDeletionProtectionRule < BooleanBaseRule
   def rule_id
     'F80'
   end
+  def audit_impl(cfn_model)
+    rds_dbinstances = cfn_model.resources_by_type('AWS::RDS::DBInstance')
+    violating_rdsinstances = rds_dbinstances.select do |instance|
+      not_protected?(instance) && !aurora?(instance)
+    end
+    violating_rdsinstances.map(&:logical_resource_id)
+  end
+  private
+  def not_protected?(instance)
+    not_truthy?(instance.deletionProtection) || instance.deletionProtection == { 'Ref' => 'AWS::NoValue' }
+  end
+  def aurora?(db_instance)
+    aurora_engines = %w[
+      aurora
+      aurora-mysql
+      aurora-postgresql
+    ]
+    aurora_engines.include? db_instance.engine
+  end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cfn-nag
 version: !ruby/object:Gem::Version
-  version: 0.5.53
+  version: 0.5.54
 platform: ruby
 authors:
 - Eric Kascic