cfn-nag 0.6.18 → 0.6.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8a3fc1115d0e9a1739ac2a1fdddbd6ee693450fbf292f512e2554570293cbb01
4
- data.tar.gz: 21fcfbd6d9deba76d3764b5170d382a1642d79a0322d49eb71805c7b15c41ae5
3
+ metadata.gz: 28cde1a5e7484f6b0f2d63097071e68ef162a97de6d5e957cd5638d08aa420ce
4
+ data.tar.gz: a325b62b2f79bbb4b4ae2beec6a5beec6c0e40ba53cd1bb10b11a9c26f78e72a
5
5
  SHA512:
6
- metadata.gz: 6c18afb97fcb0df30296eb6660e6c07bdb4e7e241148529edb68e11bd0ef8bd3dbb5bbf065be4d6ff554eb025059a7da5f53185481bcca75d0540447703838da
7
- data.tar.gz: c42ed45e2cc5177e8e26acd0f503682b6deb6f0f172c31214753654ac31425e609f17b0cbf60050002fa40a628fd53f7048ab7831b5f211b2cf4908e5a17f8b0
6
+ metadata.gz: 50d18a321a5a0f9050523c657d0f8eee055555fce4e62547738760c5dae59e603ed7ef49e85a4618e51d64fbe30eafd7439e112516c2f7adc021db34b40cacbe
7
+ data.tar.gz: b44e85f191a4c3710491cfd2ed9e81e6107b641c28414656f19163ee3cf66b547a19296d28836e6fbface9a1087ccb03bfb037dc72e21a242899d0ee70e07b12
@@ -0,0 +1,48 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'cfn-nag/violation'
4
+ require_relative 'base'
5
+
6
+ class EKSClusterEncryptionRule < BaseRule
7
+ def rule_text
8
+ 'EKS Cluster EncryptionConfig Provider should specify KeyArn to enable Encryption.'
9
+ end
10
+
11
+ def rule_type
12
+ Violation::WARNING
13
+ end
14
+
15
+ def rule_id
16
+ 'W82'
17
+ end
18
+
19
+ def audit_impl(cfn_model)
20
+ violating_clusters = cfn_model.resources_by_type('AWS::EKS::Cluster').select do |cluster|
21
+ if cluster.encryptionConfig.nil?
22
+ true
23
+ elsif violating_configs?(cluster)
24
+ true
25
+ else
26
+ violating_providers?(cluster)
27
+ end
28
+ end
29
+
30
+ violating_clusters.map(&:logical_resource_id)
31
+ end
32
+
33
+ private
34
+
35
+ def violating_configs?(cluster)
36
+ violating_config = cluster.encryptionConfig.select do |config|
37
+ config['Provider'].nil?
38
+ end
39
+ !violating_config.empty?
40
+ end
41
+
42
+ def violating_providers?(cluster)
43
+ violating_provider = cluster.encryptionConfig.select do |config|
44
+ config['Provider']['KeyArn'].empty?
45
+ end
46
+ !violating_provider.empty?
47
+ end
48
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-nag
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.18
4
+ version: 0.6.19
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Kascic
@@ -215,6 +215,7 @@ files:
215
215
  - lib/cfn-nag/custom_rules/EC2SubnetMapPublicIpOnLaunchRule.rb
216
216
  - lib/cfn-nag/custom_rules/ECRRepositoryScanOnPushRule.rb
217
217
  - lib/cfn-nag/custom_rules/EFSFileSystemEncryptedRule.rb
218
+ - lib/cfn-nag/custom_rules/EKSClusterEncryptionRule.rb
218
219
  - lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesADDomainJoinPasswordRule.rb
219
220
  - lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesCrossRealmTrustPrincipalPasswordRule.rb
220
221
  - lib/cfn-nag/custom_rules/EMRClusterKerberosAttributesKdcAdminPasswordRule.rb