Class: ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule

Inherits:
BaseRule
  • Object
show all
Defined in:
lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb

Instance Method Summary collapse

Methods inherited from BaseRule

#audit

Instance Method Details

#audit_impl(cfn_model) ⇒ Object


22
23
24
25
26
27
28
29
30
31
32
33
34
35
# File 'lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb', line 22

def audit_impl(cfn_model)
  managed_blockchain_members = cfn_model.resources_by_type('AWS::ManagedBlockchain::Member')
  violating_managed_blockchains = managed_blockchain_members.select do |member|
    if password_property_does_not_exist(member)
      false
    else
      pw = member.memberConfiguration['MemberFrameworkConfiguration']['MemberFabricConfiguration']['AdminPassword']
      insecure_parameter?(cfn_model, pw) ||
        insecure_string_or_dynamic_reference?(cfn_model, pw)
    end
  end

  violating_managed_blockchains.map(&:logical_resource_id)
end

#rule_idObject


18
19
20
# File 'lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb', line 18

def rule_id
  'F71'
end

#rule_textObject


9
10
11
12
# File 'lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb', line 9

def rule_text
  'ManagedBlockchain Member MemberFabricConfiguration AdminPasswordRule must ' \
  'not be a plaintext string or a Ref to a NoEcho Parameter with a Default value.'
end

#rule_typeObject


14
15
16
# File 'lib/cfn-nag/custom_rules/ManagedBlockchainMemberMemberFabricConfigurationAdminPasswordRule.rb', line 14

def rule_type
  Violation::FAILING_VIOLATION
end