Module: Rule
- Included in:
- CfnNag
- Defined in:
- lib/rule.rb
Instance Attribute Summary collapse
-
#input_json_path ⇒ Object
Returns the value of attribute input_json_path.
Class Method Summary collapse
Instance Method Summary collapse
- #add_violation(type:, message:, logical_resource_ids: nil, violating_code: nil) ⇒ Object
- #assertion(jq:, message:) ⇒ Object
- #fatal_assertion(jq:, message:) ⇒ Object
- #fatal_violation(jq:, message:) ⇒ Object
- #raw_fatal_assertion(jq:, message:) ⇒ Object
- #raw_fatal_violation(jq:, message:) ⇒ Object
-
#resources ⇒ Object
jq preamble to spit out Resources but as an array of key-value pairs can be used in jq rule definition but…
-
#resources_by_type(resource) ⇒ Object
jq to filter Cloudformation resources by Type can be used in jq rule definition but…
- #violation(jq:, message:) ⇒ Object
- #warning(jq:, message:) ⇒ Object
Instance Attribute Details
#input_json_path ⇒ Object
Returns the value of attribute input_json_path.
5 6 7 |
# File 'lib/rule.rb', line 5 def input_json_path @input_json_path end |
Class Method Details
.count_failures(violations) ⇒ Object
100 101 102 103 104 105 106 107 108 109 110 111 |
# File 'lib/rule.rb', line 100 def self.count_failures(violations) violations.inject(0) do |count, violation| if violation.type == Violation::FAILING_VIOLATION if empty?(violation.logical_resource_ids) count += 1 else count += violation.logical_resource_ids.size end end count end end |
.count_warnings(violations) ⇒ Object
87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'lib/rule.rb', line 87 def self.count_warnings(violations) violations.inject(0) do |count, violation| if violation.type == Violation::WARNING if empty?(violation.logical_resource_ids) count += 1 else count += violation.logical_resource_ids.size end end count end end |
.empty?(array) ⇒ Boolean
83 84 85 |
# File 'lib/rule.rb', line 83 def self.empty?(array) array.nil? or array.size ==0 end |
Instance Method Details
#add_violation(type:, message:, logical_resource_ids: nil, violating_code: nil) ⇒ Object
113 114 115 116 117 118 119 120 121 122 |
# File 'lib/rule.rb', line 113 def add_violation(type:, message:, logical_resource_ids: nil, violating_code: nil) violation = Violation.new(type: type, message: , logical_resource_ids: logical_resource_ids, violating_code: violating_code) @violations << violation end |
#assertion(jq:, message:) ⇒ Object
76 77 78 79 80 81 |
# File 'lib/rule.rb', line 76 def assertion(jq:, message:) failing_rule(jq_expression: jq, fail_if_found: false, message: , message_type: Violation::FAILING_VIOLATION) end |
#fatal_assertion(jq:, message:) ⇒ Object
44 45 46 47 48 49 50 |
# File 'lib/rule.rb', line 44 def fatal_assertion(jq:, message:) failing_rule(jq_expression: jq, fail_if_found: false, fatal: true, message: , message_type: Violation::FATAL_VIOLATION) end |
#fatal_violation(jq:, message:) ⇒ Object
61 62 63 64 65 66 67 |
# File 'lib/rule.rb', line 61 def fatal_violation(jq:, message:) failing_rule(jq_expression: jq, fail_if_found: true, fatal: true, message: , message_type: Violation::FATAL_VIOLATION) end |
#raw_fatal_assertion(jq:, message:) ⇒ Object
35 36 37 38 39 40 41 42 |
# File 'lib/rule.rb', line 35 def raw_fatal_assertion(jq:, message:) failing_rule(jq_expression: jq, fail_if_found: false, fatal: true, message: , message_type: Violation::FATAL_VIOLATION, raw: true) end |
#raw_fatal_violation(jq:, message:) ⇒ Object
52 53 54 55 56 57 58 59 |
# File 'lib/rule.rb', line 52 def raw_fatal_violation(jq:, message:) failing_rule(jq_expression: jq, fail_if_found: true, fatal: true, message: , message_type: Violation::FATAL_VIOLATION, raw: true) end |
#resources ⇒ Object
jq preamble to spit out Resources but as an array of key-value pairs can be used in jq rule definition but… this is probably reducing replication at the cost of opaqueness
9 10 11 |
# File 'lib/rule.rb', line 9 def resources '.Resources|with_entries(.value.LogicalResourceId = .key)[]' end |
#resources_by_type(resource) ⇒ Object
jq to filter Cloudformation resources by Type can be used in jq rule definition but… this is probably reducing replication at the cost of opaqueness
15 16 17 |
# File 'lib/rule.rb', line 15 def resources_by_type(resource) "#{resources}| select(.Type == \"#{resource}\")" end |
#violation(jq:, message:) ⇒ Object
69 70 71 72 73 74 |
# File 'lib/rule.rb', line 69 def violation(jq:, message:) failing_rule(jq_expression: jq, fail_if_found: true, message: , message_type: Violation::FAILING_VIOLATION) end |
#warning(jq:, message:) ⇒ Object
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/rule.rb', line 19 def warning(jq:, message:) Logging.logger['log'].debug jq stdout = jq_command(@input_json_path, jq) result = $?.exitstatus scrape_jq_output_for_error(stdout) resource_ids = parse_logical_resource_ids(stdout) new_warnings = resource_ids.size if result == 0 and new_warnings > 0 add_violation(type: Violation::WARNING, message: , logical_resource_ids: resource_ids) end end |