cfn-nag 0.6.19 → 0.6.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: acfa4c8d862bf691a56f99ded65fcfab7f5ca114f91a11aa3d453776093fd862
|
|
4
|
+
data.tar.gz: b125a02a79b010e02eee085d7421b359aeefb43de345f5ff8a2ab009c3528c44
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6d52ca5b92b8f8dce9034c493adb4a7c81cebc40211ba524dd8060ce9efdabea09d129d80db2eca2e4560239972d0192302f9027c53bd660139178697e4eb7ed
|
|
7
|
+
data.tar.gz: 5198f37c1c20d290d3c2073928f1509bca083dee22b03b099b456406f2bcbcc9f146a00d59d4fd57ef3bf5f44fb2a3753eddf0a0615544ef1374754c75f509d2
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'cfn-nag/violation'
|
|
4
|
+
require 'cfn-nag/util/truthy'
|
|
5
|
+
require_relative 'base'
|
|
6
|
+
|
|
7
|
+
class DLMLifecyclePolicyCrossRegionCopyEncryptionRule < BaseRule
|
|
8
|
+
def rule_text
|
|
9
|
+
'DLM LifecyclePolicy PolicyDetails Actions CrossRegionCopy EncryptionConfiguration should enable Encryption'
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def rule_type
|
|
13
|
+
Violation::WARNING
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def rule_id
|
|
17
|
+
'W81'
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def audit_impl(cfn_model)
|
|
21
|
+
violating_policies = cfn_model.resources_by_type('AWS::DLM::LifecyclePolicy').select do |policy|
|
|
22
|
+
if policy.policyDetails['Actions'].nil?
|
|
23
|
+
false
|
|
24
|
+
else
|
|
25
|
+
violating_actions = policy.policyDetails['Actions'].select do |action|
|
|
26
|
+
violating_copies = action['CrossRegionCopy'].select do |copy|
|
|
27
|
+
!truthy?(copy['EncryptionConfiguration']['Encrypted'].to_s)
|
|
28
|
+
end
|
|
29
|
+
!violating_copies.empty?
|
|
30
|
+
end
|
|
31
|
+
!violating_actions.empty?
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
violating_policies.map(&:logical_resource_id)
|
|
36
|
+
end
|
|
37
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-nag
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.20
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Kascic
|
|
@@ -199,6 +199,7 @@ files:
|
|
|
199
199
|
- lib/cfn-nag/custom_rules/CognitoIdentityPoolAllowUnauthenticatedIdentitiesRule.rb
|
|
200
200
|
- lib/cfn-nag/custom_rules/CognitoUserPoolMfaConfigurationOnorOptionalRule.rb
|
|
201
201
|
- lib/cfn-nag/custom_rules/DAXClusterEncryptionRule.rb
|
|
202
|
+
- lib/cfn-nag/custom_rules/DLMLifecyclePolicyCrossRegionCopyEncryptionRule.rb
|
|
202
203
|
- lib/cfn-nag/custom_rules/DMSEndpointMongoDbSettingsPasswordRule.rb
|
|
203
204
|
- lib/cfn-nag/custom_rules/DMSEndpointPasswordRule.rb
|
|
204
205
|
- lib/cfn-nag/custom_rules/DirectoryServiceMicrosoftADPasswordRule.rb
|