Class: PassRoleBaseRule
- Inherits:
-
BaseRule
show all
- Defined in:
- lib/cfn-nag/custom_rules/passrole_base_rule.rb
Constant Summary
collapse
- IAM_ACTION_PATTERNS =
wildcard_patterns('PassRole').map { |pattern| 'iam:' + pattern } + ['*']
Instance Method Summary
collapse
Methods inherited from BaseRule
#audit
Instance Method Details
#audit_impl(cfn_model) ⇒ Object
14
15
16
17
18
19
20
21
22
23
24
|
# File 'lib/cfn-nag/custom_rules/passrole_base_rule.rb', line 14
def audit_impl(cfn_model)
policies = cfn_model.resources_by_type(policy_type)
violating_policies = policies.select do |policy|
violating_statements = policy.policy_document.statements.select do |statement|
passrole_action?(statement) && wildcard_resource?(statement)
end
!violating_statements.empty?
end
violating_policies.map(&:logical_resource_id)
end
|
#policy_type ⇒ Object
10
11
12
|
# File 'lib/cfn-nag/custom_rules/passrole_base_rule.rb', line 10
def policy_type
raise 'must implement in subclass'
end
|