Class: SPCM

Inherits:

Object

• Object
• SPCM

Defined in:

lib/cfn-nag/iam_complexity_metric/spcm.rb

Constant Summary

DEFAULT_TEMPLATE_PATTERN =

'..*\.json$|..*\.yaml$|..*\.yml$|..*\.template$'

Instance Method Summary

• #aggregate_metrics(input_path:, parameter_values_path: nil, condition_values_path: nil, template_pattern: DEFAULT_TEMPLATE_PATTERN) ⇒ Object
• #metric(cloudformation_string:, parameter_values_string: nil, condition_values_string: nil) ⇒ Object
• #metric_impl(cfn_model) ⇒ Object

Instance Method Details

#aggregate_metrics(input_path:, parameter_values_path: nil, condition_values_path: nil, template_pattern: DEFAULT_TEMPLATE_PATTERN) ⇒ Object

# File 'lib/cfn-nag/iam_complexity_metric/spcm.rb', line 10

def aggregate_metrics(input_path:,
                      parameter_values_path: nil,
                      condition_values_path: nil,
                      template_pattern: DEFAULT_TEMPLATE_PATTERN)
  parameter_values_string = parameter_values_path.nil? ? nil : IO.read(parameter_values_path)
  condition_values_string = condition_values_path.nil? ? nil : IO.read(condition_values_path)

  templates = TemplateDiscovery.new.discover_templates(input_json_path: input_path,
                                                       template_pattern: template_pattern)
  aggregate_results = []
  templates.each do |template|
    aggregate_results << {
      filename: template,
      file_results: metric(
        cloudformation_string: IO.read(template),
        parameter_values_string: parameter_values_string,
        condition_values_string: condition_values_string
      )
    }
  end
  aggregate_results
end

#metric(cloudformation_string:, parameter_values_string: nil, condition_values_string: nil) ⇒ Object

# File 'lib/cfn-nag/iam_complexity_metric/spcm.rb', line 33

def metric(cloudformation_string:, parameter_values_string: nil, condition_values_string: nil)
  cfn_model = CfnParser.new.parse cloudformation_string,
                                  parameter_values_string,
                                  false,
                                  condition_values_string

  metric_impl(cfn_model)
end

#metric_impl(cfn_model) ⇒ Object

# File 'lib/cfn-nag/iam_complexity_metric/spcm.rb', line 42

def metric_impl(cfn_model)
  policy_documents = {
    'AWS::IAM::Policy' => {},
    'AWS::IAM::Role' => {}
  }

  cfn_model.resources_by_type('AWS::IAM::Policy').each do |policy|
    update_policy_metric(policy_documents, policy)
  end

  cfn_model.resources_by_type('AWS::IAM::Role').each do |role|
    role.policy_objects.each do |policy|
      update_role_policy_metric(policy_documents, role, policy)
    end
  end

  policy_documents
end