Class: BooleanBaseRule

Inherits:
BaseRule show all
Defined in:
lib/cfn-nag/custom_rules/boolean_base_rule.rb

Overview

Derive from this rule to ensure that a resource always has a given property declared, and if it does, it’s not set to false this does double duty for existence and being boolean/not false… strictly speaking it could be broken out but it does work this way

Instance Method Summary collapse

Methods inherited from BaseRule

#audit, #violation

Instance Method Details

#audit_impl(cfn_model) ⇒ Object



21
22
23
24
25
26
27
28
29
30
# File 'lib/cfn-nag/custom_rules/boolean_base_rule.rb', line 21

def audit_impl(cfn_model)
  resources = cfn_model.resources_by_type(resource_type)

  violating_resources = resources.select do |resource|
    boolean_property_value = resource.send(boolean_property)
    not_truthy?(boolean_property_value) || boolean_property_value == { 'Ref' => 'AWS::NoValue' }
  end

  violating_resources.map(&:logical_resource_id)
end

#boolean_propertyObject



17
18
19
# File 'lib/cfn-nag/custom_rules/boolean_base_rule.rb', line 17

def boolean_property
  raise 'must implement in subclass'
end

#resource_typeObject



13
14
15
# File 'lib/cfn-nag/custom_rules/boolean_base_rule.rb', line 13

def resource_type
  raise 'must implement in subclass'
end