Class: SPCMRule

Inherits:
BaseRule show all
Defined in:
lib/cfn-nag/custom_rules/SPCMRule.rb

Constant Summary collapse

DEFAULT_THRESHOLD = 
25

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from BaseRule

#audit

Instance Attribute Details

#spcm_thresholdObject

Returns the value of attribute spcm_threshold.



8
9
10
 
# File 'lib/cfn-nag/custom_rules/SPCMRule.rb', line 8

def spcm_threshold
  @spcm_threshold
end

Instance Method Details

#audit_impl(cfn_model) ⇒ Object 



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/cfn-nag/custom_rules/SPCMRule.rb', line 23

def audit_impl(cfn_model)
  logical_resource_ids = []
  begin
    policy_documents = SPCM.new.metric_impl(cfn_model)
  rescue StandardError => catch_all_exception
    puts "Experimental SPCM rule is failing. Please report #{catch_all_exception} with the violating template"
    policy_documents = {
      'AWS::IAM::Policy' => {},
      'AWS::IAM::Role' => {}
    }
  end

  threshold = spcm_threshold.nil? ? DEFAULT_THRESHOLD : spcm_threshold.to_i
  logical_resource_ids += violating_policy_resources(policy_documents, threshold)
  logical_resource_ids += violating_role_resources(policy_documents, threshold)

  logical_resource_ids
end

#rule_idObject 



19
20
21
 
# File 'lib/cfn-nag/custom_rules/SPCMRule.rb', line 19

def rule_id
  'W76'
end

#rule_textObject 



11
12
13
 
# File 'lib/cfn-nag/custom_rules/SPCMRule.rb', line 11

def rule_text
  "SPCM for IAM policy document is higher than #{spcm_threshold || DEFAULT_THRESHOLD}"
end

#rule_typeObject 



15
16
17
 
# File 'lib/cfn-nag/custom_rules/SPCMRule.rb', line 15

def rule_type
  Violation::WARNING
end