cfn-nag 0.6.15 → 0.6.16

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/cfn-nag/custom_rules/ElasticsearchDomainNodeToNodeEncryptionOptionsRule.rb +27 -0
  3. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 16861651aa50f0df55c1f09ab3ee2b6805a5bbe5df2553509f1728922809d878
4
- data.tar.gz: ecf3c006adc7f35cd5f01246b2cb9315c029c7b86055d5ee5438fa2eeb44b68c
3
+ metadata.gz: 215b03a8fda38b89cf524f415b3f1be170d3d5685e53cd60a0ed3f3344aaaf1f
4
+ data.tar.gz: a8e8f3f21fd037e78cc52ed127a3b93fb67fd3a57427a3ff7139ab339e37cc60
5
5
  SHA512:
6
- metadata.gz: 640dcd9fe284f48ddcc714fc8573115062547e4e81c7b73500f7369e37392b7c4e06666ec1ac0d294d6f737d31f62be0062eaf745a1e5b640401b79ccafbf4cd
7
- data.tar.gz: df569ee1ad3089fd480dd9957cc7dbca4a0d4ec469aadc81048d143f9584369987ce3de53798e3ebd2b986a1ae44f6844c32b3e9e30b242ed7938f8edf2b1799
6
+ metadata.gz: 93ab380b1c708698da719adee2a7f66140034802712b1e83ccb09c7f34b249f6c38264869ffa228caf233ba90ae360d855c0ef79929b758827c284356a3d5dd1
7
+ data.tar.gz: 78dac29ca0b9da7c2cd5352bc49094ccb39900d66ebab74b42d1a97b0f36535a378930db87bb0c8b847c79305c63aab1a6c1eaa5a0387b81a0adc2730a7b8797
data/lib/cfn-nag/custom_rules/ElasticsearchDomainNodeToNodeEncryptionOptionsRule.rb ADDED
@@ -0,0 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/util/truthy'
4
+ require 'cfn-nag/violation'
5
+ require_relative 'base'
6
+
7
+ class ElasticsearchDomainNodeToNodeEncryptionOptionsRule < BaseRule
8
+ def rule_text
9
+ 'ElasticsearchcDomain should have NodeToNodeEncryptionOptions enabled'
10
+ end
11
+
12
+ def rule_type
13
+ Violation::WARNING
14
+ end
15
+
16
+ def rule_id
17
+ 'W85'
18
+ end
19
+
20
+ def audit_impl(cfn_model)
21
+ violating_domains = cfn_model.resources_by_type('AWS::Elasticsearch::Domain').select do |domain|
22
+ domain.nodeToNodeEncryptionOptions.nil? || not_truthy?(domain.nodeToNodeEncryptionOptions['Enabled'])
23
+ end
24
+
25
+ violating_domains.map(&:logical_resource_id)
26
+ end
27
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.15
4
+ version: 0.6.16
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -229,6 +229,7 @@ files:
229
229
  - lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerProtocolRule.rb
230
230
  - lib/cfn-nag/custom_rules/ElasticLoadBalancerV2ListenerSslPolicyRule.rb
231
231
  - lib/cfn-nag/custom_rules/ElasticsearchDomainEncryptionAtRestOptionsRule.rb
232
+ - lib/cfn-nag/custom_rules/ElasticsearchDomainNodeToNodeEncryptionOptionsRule.rb
232
233
  - lib/cfn-nag/custom_rules/GameLiftFleetInboundPortRangeRule.rb
233
234
  - lib/cfn-nag/custom_rules/IAMUserLoginProfilePasswordRule.rb
234
235
  - lib/cfn-nag/custom_rules/IamManagedPolicyNotActionRule.rb