Class: BooleanBaseRule
- Inherits:
-
BaseRule
show all
- Defined in:
- lib/cfn-nag/custom_rules/boolean_base_rule.rb
Overview
Derive from this rule to ensure that a resource always has a given property declared, and if it does, it’s not set to false this does double duty for existence and being boolean/not false… strictly speaking it could be broken out but it does work this way
Direct Known Subclasses
EFSFileSystemEncryptedRule, EbsVolumeEncryptionKeyRule, EbsVolumeHasSseRule, ElastiCacheReplicationGroupAtRestEncryptionRule, ElastiCacheReplicationGroupTransitEncryptionRule, NeptuneDBClusterStorageEncryptedRule, RDSDBClusterStorageEncryptedRule, RedshiftClusterEncryptedRule, SageMakerEndpointConfigKmsKeyIdRule, SageMakerNotebookInstanceKmsKeyIdRule, SecretsManagerSecretKmsKeyIdRule, SnsTopicKmsMasterKeyIdRule, SqsQueueKmsMasterKeyIdRule
Instance Method Summary
collapse
Methods inherited from BaseRule
#audit, #violation
Instance Method Details
#audit_impl(cfn_model) ⇒ Object
21
22
23
24
25
26
27
28
29
30
|
# File 'lib/cfn-nag/custom_rules/boolean_base_rule.rb', line 21
def audit_impl(cfn_model)
resources = cfn_model.resources_by_type(resource_type)
violating_resources = resources.select do |resource|
boolean_property_value = resource.send(boolean_property)
not_truthy?(boolean_property_value) || boolean_property_value == { 'Ref' => 'AWS::NoValue' }
end
violating_resources.map(&:logical_resource_id)
end
|
#boolean_property ⇒ Object
17
18
19
|
# File 'lib/cfn-nag/custom_rules/boolean_base_rule.rb', line 17
def boolean_property
raise 'must implement in subclass'
end
|
#resource_type ⇒ Object
13
14
15
|
# File 'lib/cfn-nag/custom_rules/boolean_base_rule.rb', line 13
def resource_type
raise 'must implement in subclass'
end
|